Asiakasreunakytkennän testausalustan kehitys

Customer Edge Switching (CES) and Realm Gateway (RGW) are technologies designed to solve core challenges of the modern Internet. Challenges include the ever increasing amount of devices connected to the Internet and risks created by malicious parties. CES and RGW leverage existing technologies like Domain Name System (DNS). Software testing is critical for ensuring correctness of software. It aims to ensure that products and protocols operate correctly. Testing also aims to find any critical vulnerabilities in the products. Fuzz testing is a field of software testing allowing automatic iteration of unexpected inputs. In this thesis work we evaluate two CES versions in performance, in susceptibility of Denial of Service (DoS) and in weaknesses related to use of DNS. Performance is an important metric for switches. Denial of Service is a very common attack vector and use of DNS in new ways requires critical evaluation. The performance of the old version was sufficient. Some clear issues were found. The version was vulnerable against DoS. Oversights in DNS operation were found. The new version shows improvement over the old one. We also evaluated suitability of expanding Robot Framework for fuzz testing Customer Edge Traversal Protocol (CETP). We conclude that the use of the Framework was not the best approach. We also developed a new testing framework using Robot Framework for the new version of CES.Customer Edge Switching (CES) asiakasreunakytkentä ja Realm Gateway (RGW) alueen yhdyskäytävä tarjoavat ratkaisuja modernin Internetin ydinongelmiin. Ydinongelmiin kuuluvat kytkettyjen laitteiden määrän jatkuva kasvu ja pahantahtoisten tahojen luomat riskit. CES ja RGW hyödyntävät olemassa olevia tekniikoita kuten nimipalvelua (DNS). Ohjelmistojen oikeellisuuden varmistuksessa testaus on välttämätöntä. Sen tavoitteena on varmistaa tuotteiden ja protokollien oikea toiminnallisuus. Testaus myös yrittää löytää kriittiset haavoittuvuudet ohjelmistoissa. Sumea testaus on ohjelmistotestauksen alue, joka mahdollistaa odottamattomien syötteiden automaattisen läpikäynnin. Tässä työssä arvioimme kahden CES version suorituskykyä, palvelunestohyökkäyksien sietoa ja nimipalvelun käyttöön liittyviä heikkouksia. Suorituskyky on tärkeä mittari kytkimille. Palvelunesto on erittäin yleinen hyökkäystapa ja nimipalvelun uudenlainen käyttö vaatii kriittistä arviointia. Vanhan version suorituskyky oli riittävä. Joitain selviä ongelmia löydettiin. Versio oli haavoittuvainen palvelunestohyökkäyksille. Löysimme epätarkkuuksia nimipalveluiden toiminnassa. Uusi versio vaikuttaa paremmalta kuin vanha versio. Arvioimme työssä myös Robot Framework testausalustan laajentamisen soveltuvuutta Customer Edge Traversal Protocol (CETP) asiakasreunalävistysprotokollan sumeaan testaukseen. Toteamme, ettei alustan käyttö ollut paras lähestymistapa. Esitämme myös työmme Robot Framework alustaa hyödyntävän testausalustan kehityksessä nykyiselle CES versiolle. Kehitimme myös uuden testausalustan uudelle CES versiolle hyödyntäen Robot Frameworkia

The Design and Implementation of the Defender Cloud on TWAREN Backbone

Defender Cloud is a cloud based backbone network defending system having full scope over the whole backbone network. Rather than detecting suspicious network activities on a local area network, it collects and integrates the flow data from all connecting members and all entrances of a backbone network. After analyzing by a proposed cloud based distributed processing model, the corresponding defensive reaction can be carried out in a global basis. Thus its protection can cover the whole network, even including member institutions without their own firewall. This paper illustrates the design, verification and future perspective of the Defender Cloud, with an emphasis on the distributed processing of the flow data

Embedded Security Improvements to IPv6

Not Include

Is Explicit Congestion Notification usable with UDP?

We present initial measurements to determine if ECN is usable with UDP traffic in the public Internet. This is interesting because ECN is part of current IETF proposals for congestion control of UDPbased interactive multimedia, and due to the increasing use of UDP as a substrate on which new transport protocols can be deployed. Using measurements from the author’s homes, their workplace, and cloud servers in each of the nine EC2 regions worldwide, we test reachability of 2500 servers from the public NTP server pool, using ECT(0) and not-ECT marked UDP packets. We show that an average of 98.97% of the NTP servers that are reachable using not-ECT marked packets are also reachable using ECT(0) marked UDP packets, and that ~98% of network hops pass ECT(0) marked packets without clearing the ECT bits. We compare reachability of the same hosts using ECN with TCP, finding that 82.0% of those reachable with TCP can successfully negotiate and use ECN. Our findings suggest that ECN is broadly usable with UDP traffic, and that support for use of ECN with TCP has increased

Stepping Stone Detection for Tracing Attack Sources in Software-Defined Networks

Stepping stones are compromised hosts in a network which can be used by hackers and other malicious attackers to hide the origin of connections. Attackers hop from one compromised host to another to form a chain of stepping stones before launching attack on the actual victim host. Various timing and content based detection techniques have been proposed in the literature to trace back through a chain of stepping stones in order to identify the attacker. This has naturally led to evasive strategies such as shaping the traffic differently at each hop. The evasive techniques can also be detected. Our study aims to adapt some of the existing stepping stone detection and anti-evasion techniques to software-defined networks which use network function virtualization. We have implemented the stepping-stone detection techniques in a simulated environment and uses Flow for the traffic monitoring at the switches. We evaluate the detection algorithms on different network topologies and analyze the results to gain insight on the effectiveness of the detection mechanisms. The selected detection techniques work well on relatively high packet sampling rates. However, new solutions will be needed for large SDN networks where the packet sampling rate needs to be lower