Abstract: A method includes identifying an impersonating message, transmitted over a Controller Area Network (CAN) bus by an attacking node connected to the bus, that appears to originate from a source other than the attacking node. The method further includes, in response to identifying the impersonating message, driving the attacking node into an error-passive state in which an ability of the attacking node to communicate over the bus is limited, relative to before entering the error-passive state. The method further includes, subsequently to driving the attacking node into the error-passive state, driving the attacking node into a bus-off state in which the attacking node cannot communicate over the bus, by transmitting, over the bus, a plurality of passive-error-flag-trumping messages that collide with, and trump, respective instances of a passive-error flag that the attacking node transmits over the bus. Other embodiments are also described.

Abstract: A method includes identifying an impersonating message, transmitted over a Controller Area Network (CAN) bus by an attacking node connected to the bus, that appears to originate from a source other than the attacking node. The method further includes, in response to identifying the impersonating message, driving the attacking node into an error-passive state in which an ability of the attacking node to communicate over the bus is limited, relative to before entering the error-passive state. The method further includes, subsequently to driving the attacking node into the error-passive state, driving the attacking node into a bus-off state in which the attacking node cannot communicate over the bus, by transmitting, over the bus, a plurality of passive-error-flag-trumping messages that collide with, and trump, respective instances of a passive-error flag that the attacking node transmits over the bus. Other embodiments are also described.

Abstract: A processor is configured to identify a first impersonating message, transmitted over a Controller Area Network (CAN) bus by an attacking node connected to the bus, that appears to originate from a source other than the attacking node, to transmit via a transceiver, in response to identifying the first impersonating message, a stream of messages over the bus, until a defense message belonging to the stream collides with, and trumps, a second impersonating message from the attacking node, and to drive the attacking node, subsequently, into an error-passive state in which an ability of the attacking node to communicate over the bus is limited relative to before entering the error-passive state, by repeatedly retransmitting the defense message over the bus in sync with retransmissions of the second impersonating message by the attacking node, such that the defense message collides with, and trumps, multiple subsequent instances of the second impersonating message.

Abstract: A processor is configured to identify a first impersonating message, transmitted over a Controller Area Network (CAN) bus by an attacking node connected to the bus, that appears to originate from a source other than the attacking node, to transmit via a transceiver, in response to identifying the first impersonating message, a stream of messages over the bus, until a defense message belonging to the stream collides with, and trumps, a second impersonating message from the attacking node, and to drive the attacking node, subsequently, into an error-passive state in which an ability of the attacking node to communicate over the bus is limited relative to before entering the error-passive state, by repeatedly retransmitting the defense message over the bus in sync with retransmissions of the second impersonating message by the attacking node, such that the defense message collides with, and trumps, multiple subsequent instances of the second impersonating message.

Abstract: A method for estimating a location of an Orthogonal Frequency Division Multiplexing (OFDM) transmitter, the method may include receiving from an OFDM receiver or calculating channel state information (CSI) associated with OFDM packets received via multiple reception antennas; and processing the CSI associated with the OFDM packets to determine the location of the OFDM transmitter; wherein the determining of the location of the OFDM transmitter is further responsive to spatial relationships between the multiple reception antennas.

Abstract: A method and apparatus for Automatic Risk Assessment of a Firewall Configuration facilitates the automatic generation of a risk assessment of a given firewall configuration. The method scans the firewall analyzer report, before the human user does, and flag the Configuration errors. Each found mis-configuration is called a risk item. The report is analyzed according a Knowledge Base of known risk items. The method further filters duplicate risk item which are trigger by different rules.

Abstract: A computer implemented method of reducing central processing unit (CPU) usage of a firewall by safe reordering a current firewall's rule-base exhibiting N rules. The method comprising: receiving rule usage statistics exhibiting usage frequency of each rule on the current firewall's rule-base; calculating a rules matched per packet (RMPP) parameter, being a summation of products of each rule identifier and the corresponding usage frequency for all the N rules; determining an alternative order of the rule base by repositioning rules, wherein the repositioned rules perform the same action on the firewall, or wherein the repositioned rules act on disjoint sets of network connections, and wherein the repositioning results in a reduction of the RMPP of the reordered rule base, thereby reducing the CPU usage of the firewall in implementing the alternative order of rules.

Abstract: A method and apparatus for Automatic Risk Assessment of a Firewall Configuration facilitates the automatic generation of a risk assessment of a given firewall configuration. The method scans the firewall analyzer report, before the human user does, and flag the Configuration errors. Each found mis-configuration is called a risk item. The report is analyzed according a Knowledge Base of known risk items.

Abstract: The present invention discloses a method for analyzing an IP Gateway's Routing Table for identifying sets of IP addresses (“Disjoint Zones”) communicating through the same Gateway, said method comprising the steps of: identify subnets of IP addresses which are directly connected to the Gateway (“directly-connected subnets”) via a network interface card (“NIC”); associate every route in the Routing Table with a NIC; identify and sort the Routing Table's Critical Points, at which the routing decision may change between successive IP addresses, and identifying Disjoint Zones of IP addresses by locating all the Critical Points at which the routing decision in fact changes between successive IP addresses. According to a further option of the present invention, an External Disjoint Zone is identified in accordance with the NIC which is associated with the default route.

Abstract: A computer implemented method of reducing central processing unit (CPU) usage of a firewall by safe reordering a current firewall's rule-base exhibiting N rules. The method comprising: receiving rule usage statistics exhibiting usage frequency of each rule on the current firewall's rule-base; calculating a rules matched per packet (RMPP) parameter, being a summation of products of each rule identifier and the corresponding usage frequency for all the N rules; determining an alternative order of the rule base by repositioning rules, wherein the repositioned rules perform the same action on the firewall, or wherein the repositioned rules act on disjoint sets of network connections, and wherein the repositioning results in a reduction of the RMPP of the reordered rule base, thereby reducing the CPU usage of the firewall in implementing the alternative order of rules.

Abstract: A method and apparatus are disclosed for managing a firewall. The disclosed firewall manager facilitates the generation of a security policy for a particular network environment, and automatically generates the firewall-specific configuration files from the security policy simultaneously for multiple gateways. The security policy is separated from the vendor-specific rule syntax and semantics and from the actual network topology. Thus, the security administrator can focus on designing an appropriate policy without worrying about firewall rule complexity, rule ordering, and other low-level configuration issues. In addition, the administrator can maintain a consistent policy in the presence of intranet topology changes. The disclosed firewall manager utilizes a model definition language (MDL) and an associated parser to produce an entity relationship model. A model compiler translates the entity-relationship model into the appropriate firewall configuration files.

Abstract: A method and apparatus are disclosed for managing a firewall. The disclosed firewall manager facilitates the generation of a security policy for a particular network environment, and automatically generates the firewall-specific configuration files from the security policy simultaneously for multiple gateways. The security policy is separated from the vendor-specific rule syntax and semantics and from the actual network topology. Thus, the security administrator can focus on designing an appropriate policy without worrying about firewall rule complexity, rule ordering, and other low-level configuration issues. In addition, the administrator can maintain a consistent policy in the presence of intranet topology changes. The disclosed firewall manager utilizes a model definition language (MDL) and an associated parser to produce an entity relationship model. A model compiler translates the entity-relationship model into the appropriate firewall configuration files.

Abstract: The present invention discloses a method for analyzing an IP Gateway's Routing Table for identifying sets of IP addresses (“Disjoint Zones”) communicating through the same Gateway, said method comprising the steps of: identify subnets of IP addresses which are directly connected to the Gateway(“directly-connected subnets”) via a network interface card (“NIC”); associate every route in the Routing Table with a NIC; identify and sort the Routing Table's Critical Points, at which the routing decision may change between successive IP addresses, and identifying Disjoint Zones of IP addresses by locating all the Critical Points at which the routing decision in fact changes between successive IP addresses. According to a further option of the present invention, an External Disjoint Zone is identified in accordance with the NIC which is associated with the default route.

Abstract: A method for mapping a network, in accordance with the present invention, includes providing distance measurements between tracers in the network, determining routes along which the distance measurements are made, and creating a system of equations which links the distance measurements between the nodes with a sum of the delays between the nodes which comprise the routes. Additional information is extracted about distances of subpaths of the routes to provide additional details to a map of the network. The additional information provides a capability of estimation of distances between nodes without tracers.

Abstract: A method and apparatus are disclosed for analyzing the operation of one or more network gateways, such as firewalls or routers, that perform a packet filtering function in a network environment. Given a user query, the disclosed firewall analysis tool simulates the behavior of the various firewalls, taking into account the topology of the network environment, and determines which portions of the services or machines specified in the original query would manage to reach from the source to the destination. The relevant packet-filtering configuration files are collected and an internal representation of the implied security policy is derived. A graph data structure is used to represent the network topology. A gateway-zone graph permits the firewall analysis tool to determine where given packets will travel in the network, and which gateways will be encountered along those paths.

Abstract: Generally, a method and apparatus are disclosed for Automatic Risk Assessment of a Firewall Configuration. The disclosed invention facilitates the automatic generation of a risk assessment of a given firewall configuration. The prior work of [Mayer et al; 2000, Mayer et al; 2005] and [Wool; 2001] teaches how to analyze Firewall Configurations and produce HTML-based Firewall Analyzer Reports. However, the said Reports produced by the methods of [Mayer et al; 2000, Mayer et al; 2005] are voluminous, and do not identify or rate the risks present within the Firewall Configuration. In the current state of the art, a Firewall administrator or auditor needs to navigate through the Firewall Analyzer Report, and use his or her expertise to identify any Configuration mistakes or badly written rules. The current invention automates this manual process. The method is to let a software module, (the “ADVISOR” module) go over the report, before the human user does, and flag the Configuration errors.

Abstract: A long-lived broadcast encryption method that adapts to the presence of compromised keys and continues to broadcast securely to privileged sets of users over time. In one aspect, a method for providing long-lived broadcast encryption comprises the steps of: allocating, to each of a plurality of subscribers, a corresponding set of subscriber keys; broadcasting encrypted content to the plurality of subscribers using a set of broadcast keys, wherein the encrypted content is decoded by a given subscriber using the subscriber's corresponding set of subscriber keys; modifying the set of broadcast keys, which are used for broadcasting encrypted content, by excluding compromised subscriber keys; and updating a set of subscriber keys corresponding to at least one subscriber when the at least one subscriber's set of subscriber keys comprises an amount of active keys that falls below a first predetermined threshold.

Abstract: A system for restricting access to transmitted programming content is disclosed, which transmits a program identifier with the encrypted programming content. A set-top terminal or similar mechanism restricts access to the transmitted multimedia information using stored decryption keys. The set-top terminal receives entitlement information periodically from the head-end, corresponding to one or more packages of programs that the customer is entitled to for a given period. Each program is encrypted by the head-end server prior to transmission, using a program key, Kp, which may be unique to the program. The set-top terminal uses the received program identifier, p, together with the stored entitlement information, to derive the decryption key necessary to decrypt the program. Each of the k-bit program keys, Kp, used to encrypt transmitted programs is obtained by applying one or more pseudo-random hash functions, H, such as a length-doubling hash function, H, to a master key, m.

Abstract: A method for encrypting programming in which a controlled number of unintended recipients of a broadcast are allowed to view a program so that a set of encryption keys can be found which enables a broadcaster to more quickly broadcast the program to its intended paying recipients than conventional encryption methods which only allow programs to be viewed by its intended recipients. To find the set of keys, a broadcaster first determines an acceptable f-ratio of a total number of viewers of the broadcast program to a number of intended viewers in an identified target set who paid to receive the program. The target set of viewers is included in the total number of viewers. The broadcaster then constructs an f-redundant establishment key allocation set from which the establishment keys for encrypting the program are selected.

Abstract: A method and apparatus are disclosed for managing a firewall. The disclosed firewall manager facilitates the generation of a security policy for a particular network environment, and automatically generates the firewall-specific configuration files from the security policy simultaneously for multiple gateways. The security policy is separated from the vendor-specific rule syntax and semantics and from the actual network topology. Thus, the security administrator can focus on designing an appropriate policy without worrying about firewall rule complexity, rule ordering, and other low-level configuration issues. In addition, the administrator can maintain a consistent policy in the presence of intranet topology changes. The disclosed firewall manager utilizes a model definition language (MDL) and an associated parser to produce an entity relationship model. A model compiler translates the entity-relationship model into the appropriate firewall configuration files.