Scalable schemes against Distributed Denial of Service attacks

Defense against Distributed Denial of Service (DDoS) attacks is one of the primary concerns on the Internet today. DDoS attacks are difficult to prevent because of the open, interconnected nature of the Internet and its underlying protocols, which can be used in several ways to deny service. Attackers hide their identity by using third parties such as private chat channels on IRC (Internet Relay Chat). They also insert false return IP address, spoofing, in a packet which makes it difficult for the victim to determine the packet\u27s origin. We propose three novel and realistic traceback mechanisms which offer many advantages over the existing schemes. All the three schemes take advantage of the Autonomous System topology and consider the fact that the attacker\u27s packets may traverse through a number of domains under different administrative control. Most of the traceback mechanisms make wrong assumptions that the network details of a company under an administrative control are disclosed to the public. For security reasons, this is not the case most of the times. The proposed schemes overcome this drawback by considering reconstruction at the inter and intra AS levels. Hierarchical Internet Traceback (HIT) and Simple Traceback Mechanism (STM) trace back to an attacker in two phases. In the first phase the attack originating Autonomous System is identified while in the second phase the attacker within an AS is identified. Both the schemes, HIT and STM, allow the victim to trace back to the attackers in a few seconds. Their computational overhead is very low and they scale to large distributed attacks with thousands of attackers. Fast Autonomous System Traceback allows complete attack path reconstruction with few packets. We use traceroute maps of real Internet topologies CAIDA\u27s skitter to simulate DDoS attacks and validate our design

Traffic Monitoring and analysis for source identification

Ph.DDOCTOR OF PHILOSOPH

Wide spectrum attribution: Using deception for attribution intelligence in cyber attacks

Modern cyber attacks have evolved considerably. The skill level required to conduct a cyber attack is low. Computing power is cheap, targets are diverse and plentiful. Point-and-click crimeware kits are widely circulated in the underground economy, while source code for sophisticated malware such as Stuxnet is available for all to download and repurpose. Despite decades of research into defensive techniques, such as firewalls, intrusion detection systems, anti-virus, code auditing, etc, the quantity of successful cyber attacks continues to increase, as does the number of vulnerabilities identified. Measures to identify perpetrators, known as attribution, have existed for as long as there have been cyber attacks. The most actively researched technical attribution techniques involve the marking and logging of network packets. These techniques are performed by network devices along the packet journey, which most often requires modification of existing router hardware and/or software, or the inclusion of additional devices. These modifications require wide-scale infrastructure changes that are not only complex and costly, but invoke legal, ethical and governance issues. The usefulness of these techniques is also often questioned, as attack actors use multiple stepping stones, often innocent systems that have been compromised, to mask the true source. As such, this thesis identifies that no publicly known previous work has been deployed on a wide-scale basis in the Internet infrastructure. This research investigates the use of an often overlooked tool for attribution: cyber de- ception. The main contribution of this work is a significant advancement in the field of deception and honeypots as technical attribution techniques. Specifically, the design and implementation of two novel honeypot approaches; i) Deception Inside Credential Engine (DICE), that uses policy and honeytokens to identify adversaries returning from different origins and ii) Adaptive Honeynet Framework (AHFW), an introspection and adaptive honeynet framework that uses actor-dependent triggers to modify the honeynet envi- ronment, to engage the adversary, increasing the quantity and diversity of interactions. The two approaches are based on a systematic review of the technical attribution litera- ture that was used to derive a set of requirements for honeypots as technical attribution techniques. Both approaches lead the way for further research in this field

Proceedings of the Second International Mobile Satellite Conference (IMSC 1990)

Presented here are the proceedings of the Second International Mobile Satellite Conference (IMSC), held June 17-20, 1990 in Ottawa, Canada. Topics covered include future mobile satellite communications concepts, aeronautical applications, modulation and coding, propagation and experimental systems, mobile terminal equipment, network architecture and control, regulatory and policy considerations, vehicle antennas, and speech compression

Assessment and Real Time Implementation of Wireless Communications Systems and Applications in Transportation Systems

Programa Oficial de Doutoramento en Tecnoloxías da Información e das Comunicacións en Redes Móbiles. 5029V01[Resumo] Os sistemas de comunicación sen fíos de cuarta e quinta xeración (4G e 5G) utilizan unha capa física (PHY) baseada en modulacións multiportadora para a transmisión de datos cun gran ancho de banda. Este tipo de modulacións proporcionan unha alta eficiencia espectral á vez que permiten corrixir de forma sinxela os efectos da canle radio. Estes sistemas utilizan OFDMA como mecanismo para a repartición dos recursos radio dispoñibles entre os diferentes usuarios. Este repartimento realízase asignando un subconxunto de subportadoras a cada usuario nun instante de tempo determinado. Isto aporta unha gran flexibilidade ó sistema que lle permite adaptarse tanto ós requisitos de calidade de servizo dos usuarios como ó estado da canle radio. A capa de acceso ó medio (MAC) destes sistemas encárgase de configurar os diversos parámetros proporcionados pola capa física OFDMA, ademais de xestionar os diversos fluxos de información de cada usuario, transformando os paquetes de capas superiores en paquetes da capa física. Neste traballo estúdase o deseño e implementación das capas MAC e PHY de sistemas de comunicación 4G ademais da súa aplicabilidade en sistemas de transporte ferroviarios. Por unha parte, abórdase o deseño e implementación en tempo real do estándar WiMAX. Estúdanse os mecanismos necesarios para establecer comunicacións bidireccionais entre unha estación base e múltiples dispositivos móbiles. Ademais, estúdase como realizar esta implementación nunha arquitectura hardware baseada en DSPs e FPGAs, na que se implementan as capas MAC e PHY. Dado que esta arquitectura ten uns recursos computacionais limitados, tamén se estudan as necesidades de cada módulo do sistema para poder garantir o funcionamento en tempo real do sistema completo. Por outra parte, tamén se estuda a aplicabilidade dos sistemas 4G a sistemas de transporte públicos. Os sistemas de comunicacións e sinalización son unha parte vital para os sistemas de transporte ferroviario e metro. As comunicacións sen fíos utilizadas por estes sistemas deben ser robustas e proporcionar unha alta fiabilidade para permitir a supervisión, control e seguridade do tráfico ferroviario. Para levar a cabo esta avaliación de viabilidade realízanse simulacións de redes de comunicacións LTE en contornos de transporte ferroviarios, comprobando o cumprimento dos requisitos de fiabilidade e seguridade. Realízanse diferentes simulacións do sistema de comunicacións para poder ser avaliadas e seleccionar a configuración e arquitectura do sistema máis axeitada en función do escenario considerado. Tamén se efectúan simulacións de redes baseadas en Wi-Fi, dado que é a solución máis utilizada nos metros, para confrontar os resultados cos obtidos para LTE. Para que os resultados das simulacións sexan realistas débense empregar modelos de propagación radio axeitados. Nas simulacións utilízanse tanto modelos deterministas como modelos baseados nos resultados de campañas de medida realizadas nestes escenarios. Nas simulacións empréganse os diferentes fluxos de información destes escenarios para comprobar que se cumpren os requisitos de calidade de servicio (QoS). Por exemplo, os fluxos críticos para o control ferroviario, como European Train Control System (ETCS) ou Communication-Based Train Control (CBTC), necesitan unha alta fiabilidade e un retardo mínimo nas comunicacións para garantir o correcto funcionamento do sistema.[Resumen] Los sistemas de comunicación inalámbricos de cuarta y quinta generación (4G y 5G) utilizan una capa física (PHY) basada en modulaciones multiportadora para la transmisión de datos con un gran ancho de banda. Este tipo de modulaciones han demostrado tener una alta eficiencia espectral a la vez que permiten corregir de forma sencilla los efectos del canal radio. Estos sistemas utilizan OFDMA como mecanismo para el reparto de los recursos radio disponibles entre los diferentes usuarios. Este reparto se realiza asignando un subconjunto de subportadoras a cada usuario en un instante de tiempo determinado. Esto aporta una gran flexibilidad al sistema que le permite adaptarse tanto a los requisitos de calidad de servicio de los usuarios como al estado del canal radio. La capa de acceso al medio (MAC) de estos sistemas se encarga de configurar los diversos parámetros proporcionados por la capa física OFDMA, además de gestionar los diversos flujos de información de cada usuario, transformando los paquetes de capas superiores en paquetes de la capa física. En este trabajo se estudia el diseño e implementación de las capas MAC y PHY de sistemas de comunicación 4G además de su aplicabilidad en sistemas de transporte ferroviarios. Por una parte, se aborda el diseño e implementación en tiempo real del estándar WiMAX. Se estudian los mecanismos necesarios para establecer comunicaciones bidireccionales entre una estación base y múltiples dispositivos móviles. Además, se estudia cómo realizar esta implementación en una arquitectura hardware basada en DSPs y FPGAs, en la que se implementan las capas MAC y PHY. Dado que esta arquitectura tiene unos recursos computacionales limitados, también se estudian las necesidades de cada módulo del sistema para poder garantizar el funcionamiento en tiempo real del sistema completo. Por otra parte, también se estudia la aplicabilidad de los sistemas 4G a sistemas de transporte públicos. Los sistemas de comunicaciones y señalización son una parte vital para los sistemas de transporte ferroviario y metro. Las comunicaciones inalámbricas utilizadas por estos sistemas deben ser robustas y proporcionar una alta fiabilidad para permitir la supervisión, control y seguridad del tráfico ferroviario. Para llevar a cabo esta evaluación de viabilidad se realizan simulaciones de redes de comunicaciones LTE en entornos de transporte ferroviarios, comprobando si se cumplen los requisitos de fiabilidad y seguridad. Se realizan diferentes simulaciones del sistema de comunicaciones para poder ser evaluados y seleccionar la configuración y arquitectura del sistema más adecuada en función del escenario planteado. También se efectúan simulaciones de redes basadas en Wi-Fi, dado que es la solución más utilizada en los metros, para comparar los resultados con los obtenidos para LTE. Para que los resultados de las simulaciones sean realistas se deben utilizar modelos de propagación radio apropiados. En las simulaciones se utilizan tanto modelos deterministas como modelos basados en los resultados de campañas de medida realizadas en estos escenarios. En las simulaciones se utilizan los diferentes flujos de información de estos escenarios para comprobar que se cumplen sus requisitos de calidad de servicio. Por ejemplo, los flujos críticos para el control ferroviario, como European Train Control System (ETCS) o Communication-Based Train Control (CBTC), necesitan una alta fiabilidad y un retardo bajo en las comunicaciones para garantizar el correcto funcionamiento del sistema.[Abstract] The fourth and fifth generation wireless communication systems (4G and 5G) use a physical layer (PHY) based on multicarrier modulations for data transmission using high bandwidth. This type of modulations has shown to provide high spectral efficiency while allowing low complexity radio channel equalization. These systems use OFDMA as a mechanism for distributing the available radio resources among different users. This allocation is done by assigning a subset of subcarriers to each user in a given instant of time. This provides great flexibility to the system that allows it to adapt to both the quality of service requirements of users and the radio channel state. The media access layer (MAC) of these systems is in charge of configuring the multiple OFDMA PHY layer parameters, in addition to managing the data flows of each user, transforming the higher layer packets into PHY layer packets. This work studies the design and implementation of MAC and PHY layers of 4G communication systems as well as their applicability in rail transport systems. On the one hand, the design and implementation in real time of the WiMAX standard is addressed. The required mechanisms to establish bidirectional communications between a base station and several mobile devices are also evaluated. Moreover, a MAC layer and PHY layer implementation is presented, using a hardware architecture based in DSPs and FPGAs. Since this architecture has limited computational resources, the requirements of each processing block of the system are also studied in order to guarantee the real time operation of the complete system. On the other hand, the applicability of 4G systems to public transportation systems is also studied. Communications and signaling systems are a vital part of rail and metro transport systems. The wireless communications used by these systems must be robust and provide high reliability to enable the supervision, control and safety of rail traffic. To carry out this feasibility assessment, LTE communications network simulations are performed in rail transport environments to verify that reliability and safety requirements are met. Several simulations are carried out in order to evaluate the system performance and select the most appropriate system configuration in each case. Simulations of Wi-Fi based networks are also carried out, since it is the most used solution in subways, to compare the results with those obtained for LTE. To perform the simulations correctly, appropriate radio propagation models must be used. Both deterministic models and models based on the results of measurement campaigns in these scenarios are used in the simulations. The simulations use the different information flows present in the railway transportation systems to verify that its quality of service requirements are met. For example, critical flows for railway control, such as the European Train Control System (ETCS) or Communication-Based Train Control (CBTC), require high reliability and low delay communications to ensure the proper functioning of the system

Recent Advances in Indoor Localization Systems and Technologies

Despite the enormous technical progress seen in the past few years, the maturity of indoor localization technologies has not yet reached the level of GNSS solutions. The 23 selected papers in this book present the recent advances and new developments in indoor localization systems and technologies, propose novel or improved methods with increased performance, provide insight into various aspects of quality control, and also introduce some unorthodox positioning methods

Dissipative State Engineering in Quantum Many-Body Systems

Quantum systems that are in weak contact with a thermal heat bath will ultimately relax to an equilibrium state which is characterized by the temperature of the environment only. This state is independent of the specific properties of the bath and of how it is coupled to the system. This changes completely, when the system is additionally driven. Such a driven-dissipative situation can emerge, for example, due to an additional time-periodic modulation of the system, or when it is brought into contact with a second bath of different temperature. Then, the system will run into a well-defined nonequilibrium steady state. This state, however, will depend on the very details of the environment and its coupling to the system. We study whether this freedom can be used to engineer interesting properties of quantum systems, which are not found in their equilibrium states, i.e. in the absence of a drive. We focus on bosonic quantum many-body systems. We investigate when far-from-equilibrium ideal gases feature Bose condensation in a group of single-particle states, as opposed to situations where Bose condensation is completely absent in the nonequilibrium steady state. We show that Bose condensation can be induced in a finite one-dimensional ideal gas by the competition of two heat baths whose temperatures both lie well above the equilibrium condensation temperature. This setup also allows to engineer condensation in excited single-particle states. We discuss first ideas to study similar setups in weakly interacting Bose gases. Describing the microscopic dynamics of interacting many-body systems coupled to thermal baths is extremely challenging, due to the fact that generally the full many-body spectrum is inaccessible. Using ideas from semiclassics, we develop an approximation to the dynamics that yields good results at high and intermediate bath temperatures. We also investigate the transient dynamics of driven-dissipative quantum systems. Our studies are motivated by a result that is well known for isolated quantum systems: for a system whose dynamics is generated by a time-periodic Hamiltonian, the stroboscopic dynamics (observed at integer multiples of the driving period) can always be understood as if it would stem from a time-independent Hamiltonian, the Floquet Hamiltonian. For open quantum systems in contact with an environment, we ask if a similar mapping to an effective generator, the Floquet Lindbladian, is always possible. For a simple qubit model we show that there are two extended parameter regions, one in which the Floquet Lindbladian exists, and one in which it does not. We discuss problems of analytical expansions that can give rise to this Floquet Lindbladian and discuss how we can interpret the region where it does not exist. These results are important for dissipative Floquet engineering and open up new perspectives for the control of open quantum systems via time-periodic driving.:1. Introduction 2. Master equation for open quantum systems 3. Existence of the Floquet Lindbladian 4. Number of Bose-selected modes in driven-dissipative ideal Bose gases 5. High-temperature nonequilibrium Bose condensation induced by a hot needle 6. Weakly interacting Bose gases far from thermal equilibrium 7. Summary and outlookQuantensysteme, die in schwacher Wechselwirkung mit einem thermischen Wärmebad stehen, relaxieren stets in einen Gleichgewichtszustand, welcher allein durch die Temperatur der Umgebung beschrieben ist. Dieser Zustand ist unabhängig von den spezifischen Eigenschaften des Bades, und davon wie dieses an das System gekoppelt ist. Dies ändert sich, wenn das System zusätzlich angetrieben wird. Ein solches getrieben-dissipatives Szenario kann beispielsweise durch einen zusätzlichen zeitperiodischen Antrieb entstehen, oder wenn das System mit einem zweiten Bad unterschiedlicher Temperatur in Kontakt gebracht wird. In diesem Fall läuft das System in einen wohldefinierten stationären Nichtgleichgewichtszustand. Dieser Zustand hängt jedoch von den Details der Umgebung, und davon wie diese an das System gekoppelt ist, ab. Es wird untersucht ob diese Freiheit genutzt werden kann um interessante Eigenschaften von Quantensystemen zu konstruieren, die in deren Gleichgewichtszuständen, d.h. in Abwesenheit des Antriebs, nicht zu finden sind. Der Fokus der Arbeit liegt auf bosonischen Quantenvielteilchensystemen. Es wird ergründet unter welchen Bedingungen ideale Gase fernab des thermischen Gleichgewichts Bose Kondensation in einer Gruppe von Einteilchenzuständen aufweisen, im Gegensatz zu Szenarien in denen überhaupt keine Bose Kondensation im stationären Nichtgleichgewichtszustand auftritt. Weiterhin wird gezeigt, dass Bose Kondensation in einem eindimensionalen idealen Gas durch das Wechselspiel zweier Wärmebäder induziert werden kann. Die Temperatur beider Bäder liegt dabei weit über der Kondensationstemperatur des Gleichgewichts. Diese Anordnung erlaubt außerdem kontrollierte Kondensation in angeregten Einteilchenzuständen. Erste Ideen für das theoretische Studium ähnlicher Anordnungen für schwach wechselwirkende Bosegase werden diskutiert. Eine Beschreibung der mikroskopischen Dynamik wechselwirkender Vielteilchensysteme ist extrem anspruchsvoll, da typischerweise das volle Vielteilchenspektrum unzugänglich ist. Unter Zurhilfenahme semiklassischer Ideen wird eine Näherung der Dynamik entwickelt, welche eine gute Beschreibung für hohe und intermediäre Temperaturen liefert. Weiterhin wird die transiente Dynamik getrieben-dissipativer Quantensysteme untersucht. Die Motivation bietet ein bekanntes Resultat für abgeschlossene Quantensysteme: Für ein System, dessen Dynamik durch einen zeitperiodischen Hamiltonoperator bestimmt ist, kann die stroboskopische Dynamik (unter Beobachtung zu Zeiten, die Vielfache der Antriebsperiode sind) immer so verstanden werden als würde sie von einem zeitunabhängigen Hamiltonoperator, dem Floquet Hamiltonian, induziert. Für offene Quantensysteme im Kontakt mit einer Umgebung wird untersucht ob eine ähnliche Abbildung auf einen effektiven Generator, den Floquet Lindbladian, existiert. Für ein einfaches Qubit Modell wird gezeigt, dass es zwei ausgedehnte Parameterregionen gibt, eine in welcher der Floquet Lindbladian existiert und eine weitere in der dieser nicht existiert. Es werden Probleme von analytischen Entwicklungen des Floquet Lindbladian diskutiert. Auch wird eine Interpretation der Region gegeben, in der dieser nicht existiert. Diese Resultate sind maßgeblich für dissipatives Floquetengineering und eröffnen neue Blickwinkel auf die zeitperiodische Kontrolle offener Quantensysteme.:1. Introduction 2. Master equation for open quantum systems 3. Existence of the Floquet Lindbladian 4. Number of Bose-selected modes in driven-dissipative ideal Bose gases 5. High-temperature nonequilibrium Bose condensation induced by a hot needle 6. Weakly interacting Bose gases far from thermal equilibrium 7. Summary and outloo

Cumulative index to NASA Tech Briefs, 1986-1990, volumes 10-14

Tech Briefs are short announcements of new technology derived from the R&D activities of the National Aeronautics and Space Administration. These briefs emphasize information considered likely to be transferrable across industrial, regional, or disciplinary lines and are issued to encourage commercial application. This cumulative index of Tech Briefs contains abstracts and four indexes (subject, personal author, originating center, and Tech Brief number) and covers the period 1986 to 1990. The abstract section is organized by the following subject categories: electronic components and circuits, electronic systems, physical sciences, materials, computer programs, life sciences, mechanics, machinery, fabrication technology, and mathematics and information sciences

7th International Meshing Roundtable '98

The goal of the 7th International Meshing Roundtable is to bring together researchers and developers from industry, academia, and government labs in a stimulating, open environment for the exchange of technical information related to the meshing process. In the past, the Roundtable has enjoyed significant participation from each of these groups from a wide variety of countries