Efficient sharing of dynamic WSNs

The Ambient middleware supports real-time monitoring and remote maintenance across the Internet via wired and mobile wireless network access technologies. Additionally, the middleware offers easy integration with third-party applications. Ambient Studio utilizes the middleware for remote WSN configuration and monitoring. The ConnectBox utilizes it to monitor and maintain WSNs remotely. This paper describes the Ambient middleware and compares its efficiency with the existing messaging protocols used for instant messaging and web services

Compiling symbolic attacks to protocol implementation tests

Recently efficient model-checking tools have been developed to find flaws in security protocols specifications. These flaws can be interpreted as potential attacks scenarios but the feasability of these scenarios need to be confirmed at the implementation level. However, bridging the gap between an abstract attack scenario derived from a specification and a penetration test on real implementations of a protocol is still an open issue. This work investigates an architecture for automatically generating abstract attacks and converting them to concrete tests on protocol implementations. In particular we aim to improve previously proposed blackbox testing methods in order to discover automatically new attacks and vulnerabilities. As a proof of concept we have experimented our proposed architecture to detect a renegotiation vulnerability on some implementations of SSL/TLS, a protocol widely used for securing electronic transactions.Comment: In Proceedings SCSS 2012, arXiv:1307.802

Distributed Mail Transfer Agent

Technological advances have provided society with the means to easily communicate through several channels, starting off in radio and television stations, moving on through E-mail and SMS, and nowadays targeting Internet surfing through channels such as Google Ads and Webpush notifications. Digital marketing has flooded these channels for product promotion and customer engaging purposes in order to provide the customers with the best the organizations have to offer. E-goi is a web platform whose main objective is to facilitate digital marketing to all its customers, ranging from SMB to Corporate/Enterprise, and aid them to strengthen their relationships with its customers through digital communication. The platform’s most widely used channel is E-mail which is responsible for about fifteen million deliveries per day. The email delivery system currently employed by E-goi is functional and fault-tolerant to a certain degree, however, it has several flaws, such as its monolithic architecture, which is responsible for high hardware usage and lack of layer centralization, and the lack of deliverability related functionalities. This thesis aims to analyze and improve the E-goi’s e-mail delivery system architecture, which represents a critical system and of most importance and value for the product and the company. Business analysis tools will be used in this analysis to prove the value created for the company and its product, aiming at maintenance and infrastructure cost reduction as well as the increment in functionalities, both of which comprise valid points for creating business value. The project main objectives comprise an extensive analysis of the currently employed solution and the context to which it belongs to, followed up by a comparative discussion of currently existent competitors and technologies which may be of aid in the development of a new solution. Moving on, the solution’s functional and non-functional requirements gathering will take place. These requirements will dictate how the solution shall be developed. A thorough analysis of the project’s value will follow, discussing which solution will bring the most value to E-goi as a product and organization. Upon deciding on the best solution, its design will be developed based on the previously gathered requirements and the best software design patterns, and will support the implementation phase which follows. Once implemented, the solution will need to surpass several defined tests and hypothesis which will ensure its performance and robustness. Finally, the conclusion will summarize all the project results and define future work for the newly created solution.O avanço tecnológico forneceu à sociedade a facilidade de comunicação através dos demais canais, começando em rádios e televisões, passando pelo E-mail e SMS, atingindo, hoje em dia, a própria navegação na Internet através dos mais diversos canais como o Google Ads e notificações Webpush. Todos estes canais de comunicação são hoje em dia usados como base da promoção, o marketing digital invadiu estes canais de maneira a conseguir alcançar os mais diversos tipos de clientes e lhes proporcionar o melhor que as organizações têm para oferecer. A E-goi é uma plataforma web que pretende facilitar o marketing digital a todos os seus clientes, desde a PME à Enterprise, e ajudá-los a fortalecer as relações com os seus clientes através de comunicação digital. O canal mais usado da plataforma é o E-mail, totalizando, hoje em dia, cerca de quinze milhões de entregas por dia. O sistema de envio de e-mails usado hoje em dia pelo produto E-goi é funcional e tolerante a falhas até um certo nível, no entanto, apresenta diversas lacunas tanto na arquitetura monolítica do mesmo, responsável por um uso de hardware elevado e falta de centralização de camadas, como em funcionalidades ligadas à entregabilidade. O presente projeto visa a análise e melhoria da arquitetura do sistema de envio de e-mails da plataforma E-goi, um sistema crítico e de alta importância e valor para a empresa. Ao longo desta análise, serão usadas ferramentas de análise de negócio para provar o valor criado para a organização e para o produto com vista à redução de custos de manutenção e infraestrutura bem como o aumento de funcionalidades, ambos pontos válidos na adição de valor organizacional. Os objetivos do projeto passarão por uma análise extensiva da solução presente e do contexto em que a mesma se insere, passando a uma comparação com soluções concorrentes e tecnologias, existentes no mercado de hoje em dia, que possam ajudar no desenvolvimento de uma nova solução. Seguir-se-á um levantamento dos requisitos, tanto funcionais como não-funcionais do sistema que ditarão os moldes sobre os quais o novo sistema deverá ser desenvolvido. Após isto, dar-se-á uma extensa análise do valor do projecto e da solução que mais valor adicionará à E-goi, quer como produto e como organização. De seguida efectuar-se-á o Design da solução com base nos requisitos definidos e nas melhores práticas de engenharia informática, design este que servirá de base à implementação que se dará de seguida e será provada através da elaboração de diversos testes que garantirão a performance, robustez e validade do sistema criado. Finalmente seguir-se-á a conclusão que visa resumir os resultados do projecto e definir trabalho futuro para a solução criada

Comparison of different ways to avoid internet traffic interception

Projecte fet en col.laboració amb la Norwegian University of Science and Technology. Department of Telematic EngineeringEnglish: The main objective of this thesis is to analyze and compare different ways to avoid the Internet traffic eavesdropping (carried out both by governments or malicious particulars). The analysis consists on a description of the different protocols and technologies involved in each option as well as the difficulties to implement them and the technical knowledge of the users in order to take profit of them

Secure Communication in Disaster Scenarios

Während Naturkatastrophen oder terroristischer Anschläge ist die bestehende Kommunikationsinfrastruktur häufig überlastet oder fällt komplett aus. In diesen Situationen können mobile Geräte mithilfe von drahtloser ad-hoc- und unterbrechungstoleranter Vernetzung miteinander verbunden werden, um ein Notfall-Kommunikationssystem für Zivilisten und Rettungsdienste einzurichten. Falls verfügbar, kann eine Verbindung zu Cloud-Diensten im Internet eine wertvolle Hilfe im Krisen- und Katastrophenmanagement sein. Solche Kommunikationssysteme bergen jedoch ernsthafte Sicherheitsrisiken, da Angreifer versuchen könnten, vertrauliche Daten zu stehlen, gefälschte Benachrichtigungen von Notfalldiensten einzuspeisen oder Denial-of-Service (DoS) Angriffe durchzuführen. Diese Dissertation schlägt neue Ansätze zur Kommunikation in Notfallnetzen von mobilen Geräten vor, die von der Kommunikation zwischen Mobilfunkgeräten bis zu Cloud-Diensten auf Servern im Internet reichen. Durch die Nutzung dieser Ansätze werden die Sicherheit der Geräte-zu-Geräte-Kommunikation, die Sicherheit von Notfall-Apps auf mobilen Geräten und die Sicherheit von Server-Systemen für Cloud-Dienste verbessert

Patterns in network security: an analysis of architectural complexity in securing recursive inter-network architecture networks

Recursive Inter-Network Architecture (RINA) networks have a shorter protocol stack than the current architecture (the Internet) and rely instead upon separation of mech- anism from policy and recursive deployment to achieve large scale networks. Due to this smaller protocol stack, fewer networking mechanisms, security or otherwise, should be needed to secure RINA networks. This thesis examines the security proto- cols included in the Internet Protocol Suite that are commonly deployed on existing networks and shows that because of the design principles of the current architecture, these protocols are forced to include many redundant non-security mechanisms and that as a consequence, RINA networks can deliver the same security services with substantially less complexity

Network-based HTTPS Client Identification Using SSL/TLS Fingerprinting

The growing share of encrypted network traffic complicates network traffic analysis and network forensics. In this paper, we present real-time lightweight identification of HTTPS clients based on network monitoring and SSL/TLS fingerprinting. Our experiment shows that it is possible to estimate the User-Agent of a client in HTTPS communication via the analysis of the SSL/TLS handshake. The fingerprints of SSL/TLS handshakes, including a list of supported cipher suites, differ among clients and correlate to User-Agent values from a HTTP header. We built up a dictionary of SSL/TLS cipher suite lists and HTTP User-Agents and assigned the User-Agents to the observed SSL/TLS connections to identify communicating clients. We discuss host-based and network-based methods of dictionary retrieval and estimate the quality of the data. The usability of the proposed method is demonstrated on two case studies of network forensics

Sigurnosni protokoli

The Internet, as a computer network, connects millions of people all around the world and gives them a possibility to access a big quantity of data. Throughout the Internet users exchange data using certain protocols and a part of this communication is private or secret. TCP (Transmission Control Protocol) and IP (Internet Protocol) protocols are the kernel of Internet protocol. Everything that is transmitted through the Internet uses these protocols, but they cannot provide security of data transfer. For example, IP packages can be easily changed and their content can be seen by everybody in every moment, even by an unauthorized person. Today the world is already globally connected and the individuals and institutions need privacy and also the protection from identity theft that is today a very frequent aspect of misuse of the Internet. So, we need transparent and flexible tools to fulfill demands of different users and at the same time capable to achieve the assigned degree of security. Security protocols, as the most prominent SSL (Secure Sockets Layers) and TLS (Transport Layer Security), solve a good part of given problems.Internet, kao računarska mreža, povezuje milione ljudi širom sveta i obezbeđuje im pristup velikoj količini informacija. Korisnici preko Interneta razmenjuju podatke na osnovu određenih protokola, a deo te komunikacije je privatnog ili službeno tajnog karaktera. Pri ovoj razmeni, korisnici resursa računarskih sistema, računara u mrežama i samostalnih računara, pre svega žele da budu sigurni da će pristup njihovim podacima i resursima uopšte imati samo oni kojima se pristup dozvoli. Dakle, analogno sigurnosti fizičke imovine korisnici računarskih sistema žele takozvanu računarsku sigurnost. Jezgro Internet protokola predstavljaju TCP (Transmission Control Protocol) i IP (Internet Protocoll) protokoli. Sve što putuje Internetom koristi ove protokole, ali oni ne obezbeđuje sigurnost prenosa podataka. IP paketi se, na primer, mogu lako izmeniti a njihov sadržaj može u bilo kom trenutku da pregleda ma ko, pa i neovlašćena osoba. U svetu koji je danas već globalno povezan, pojedinci i razne institucije imaju potrebe za privatnošću, kao i za zaštitom od krađe identiteta, koja postaje sve češći vid zloupotrebe globalne mreže. Dakle, potrebna su sredstva koja su transparentna i dovoljno fleksibilna da zadovolje zahteve raznih korisnika, a istovremeno ostvare zadati stepen sigurnosti. U ovom radu, pažnja je usmerena na komunikacijske zaštitne mehanizme definisane sigurnosnim protokolima, pri čemu se smatra da su ispunjene ostale kategorije računarske sigurnosti. Protokoli TLS (Transport Layer Security) i SSL (Secure Sockets Layers) su kriptografski protokoli koji omogućavaju sigurnu komunikaciju na Internetu za poslove elektronskog bankarstva i trgovine, e-mail, fax, pristup udaljenim računarima, a korisnicima rešavaju dobar deo navedenih problema