IWS - The Information Warfare Site
News Watch Make a  donation to IWS - The Information Warfare Site Use it for navigation in case java scripts are disabled



File:
A Treatise on Informational Warfare [1.7
MB pdf]

A Treatise on Informational Warfare

Written by Eric Knight, C.I.S.S.P.

Publication First Release Date: August 20th, 2003


This research paper involves making connections between informational warfare and enterprise security design. The research focuses on a proposed " Informational Warfare Model" that is based on strategic, operational, and tactical design. It builds on my previous publication "Computer Vulnerabilities" that was released to BugTraq about three years ago, and greatly expands on the conceptualizations that were originally presented.

The research should be used to provide assistance on the construction of enterprise security models currently being developed as well as give security professionals a way to predict and understand computer security advancements in technology and their meaning in a networked environment.

The publication also provides a moderately detailed explanation and comparison of IW warfare that the proposed framework is capable of which may be interesting reading for non-designers. It covers a capability analysis for human against computerized agent, agent against agent, agent against combined enterprise security, and combined security against combined security.

I have made a considerable effort to make this document a detailed and well thought out example and to keep as much speculation as I could out of the text. I certainly welcome all comments and discussion on the model I've presented.

Thank you,

Eric Knight

---------------

"A TREATISE ON INFORMATIONAL WARFARE"

TABLE OF CONTENTS

Forward. 1
Introduction. 2
Informational Warfare Model 7
Command Layer 9
Communications Layer 9
Agent Layer 10
Functional Layer 10
Facilitators Layer 10
Vulnerabilities Layer 10
Inherent Layer Characteristics. 11
Layer Design Idealisms. 12
Effectiveness Measurements. 12
Command Layer 14
Command Console. 15
Log Repository. 15
Analysis Components. 16
History Analysis. 16
Game Theory. 16
Expert Engine. 17
Heuristic and Statistic Reporting. 17
Scheduling. 17
Account Management 18
Network Component Awareness. 18
Security Policy Management 18
Security Tool Repository. 18
Early Warning System.. 19
Communications Layer 20
Channel Communications. 20
Open Channel 21
Secure Channels. 21
Isolated Channels. 21
Covert Channels. 22
Polymorphic Channels. 22
Alternative Channels. 23
Switching Channels. 23
Public Key Infrastructure. 24
Conventional Encryption. 24
Trust Relationships. 25
Protocol 25
Uniform Standard Protocol 25
Covert Protocol 26
Alternative Protocol 26
Polymorphic Protocol 26
Agent Layer 27
Command Interface. 28
Host Console. 28
Response Reporting. 29
Mission Intelligence. 29
Process Control 29
Sensors and Sensor Analysis. 30
Agent Sensors. 30
Sensor Analysis. 32
Artificial Intelligence. 32
Agent Overload. 32
Functional Layer 34
Layer Considerations. 36
Facilitators. 38
Fastest Order of Discovery. 39
Vulnerabilities Layer 42
Command Layer Construction. 45
Agent Status and Control 46
Command Control 46
Artificial Intelligence. 46
Higher Authority. 47
Agent Layer Construction. 49
Security Network. 50
Artificial Intelligence. 50
Data Processing. 50
Function Control 51
Log File Sensors. 51
Streaming Sensors. 51
Boolean Sensors. 51
Result Sensors. 52
Functional Layer Standardization. 52
Common Network Attack Strategies. 54
Hacker Attack. 54
Viral Infestation. 55
Bee Swarm.. 55
Conscription. 56
Invasion. 57
Crawler 58
Amoeba. 59
Infiltration. 60
Attack Method Comparison. 60
Agent vs Agent Warfare. 62
Agent Attacks. 62
Shutting down processes. 63
Promoting access level 63
Seizure of Security Tools. 63
Creating New Services. 64
Downgrading. 64
Removing the opposition. 64
Disrupting communication. 65
Backdoor 65
Highest Level Access. 65
Binary Scan. 66
Compromising the opposition. 66
Call for help. 66
Ghosts. 67
Analysis Disruption. 67
Sandbox Modification. 67
Resource Starvation. 68
Overload. 68
Rebooting. 68
Agent Defenses. 69
Deep Embedding. 69
Polymorphism.. 69
Advance Awareness. 70
Agent Required for Use. 70
Encrypted Binary Executable. 71
Quarantine. 71
Scuttle. 71
Hide valuables. 72
Honeypot 72
Replication. 72
Mutually assured destruction. 73
Forfeiture of Duties. 73
Aftermath. 74
Scavenging. 74
Searching for valuables. 74
Cleaning the Logs. 75
Customizing the environment 75
Selecting a new target 75
Reporting. 76
Promotion/demotion. 76
Fulfilling the Mission. 76
Event of Capture. 77
Tools in Random Access Memory. 77
Deletion After Execution. 77
Emulation Engines and Polymorphic Machine Code. 77
Polymorphic Machine Code. 77
Emulation Engines. 78
Encryption. 78
Human vs Agent 79
Physical Access. 80
Stolen Password/Identity. 80
Insider Cooperation. 80
Internal Access Point 81
Wiring Control 81
Human Effectiveness. 81
Mission Goals. 83
Espionage. 85
Sabotage. 85
Camouflage. 86
Subterfuge. 86
Programming Evolutions Required for Missions. 87
Agent Communication Structures. 89
Communications Room.. 90
Designated Computer 90
Broadcast Protocol 91
Peer-To-Peer 91
Relay. 92
Private Communication. 93
Three Channel Method. 94
Security Network Warfare. 95
Combined Capabilities. 96
Speed of Communication. 96
Combined Calculation. 96
Robustness of Tools. 96
Artificial Intelligence. 97
Combined Calculation Danger Rating. 97
Complexities of the Mission. 98
Natural Warfare Advantages. 98
Attacking. 98
Ambush Advantage. 98
Mission Advantage. 99
Deterioration Advantage. 99
Anonymity. 99
Siege Advantage. 99
Defending. 99
Preparation Advantage. 99
Network Speed Advantage. 100
Awareness Advantage. 100
Design Advantage. 100
Cyber-Pandemonium.. 101
Conclusion. 103