Key distribution technique for IPTV services with support for admission control and user defined groups

Tese de doutoramento. Engenharia Electrotécnica e de Computadores. Faculdade de Engenharia. Universidade do Porto. 200

Design and Validation of Receiver Access Control in the Automatic Multicast Tunneling Environment

Standard IP multicast offers scalable point-to-multipoint delivery, but no control over who may send and who may receive the data stream. Participant Access Control has been developed by Islam and Atwood, but only for multicast-enabled network regions. Automatic Multicast Tunneling has been developed by the Internet Engineering Task Force. It extends the range of multicast data distribution to unicast-only network regions, but provides no Participant Access Control. We have designed the additional features that AMT must have, so that AMT has the necessary Participant Access Control at the receiver's end in the AMT environment. In addition, we have validated our design model using the AVISPA formal modeling tool, which confirms that the proposed design is secure

Validation of the Security of Participant Control Exchanges in Secure Multicast Content Delivery

In Content Delivery Networks (CDN), as the customer base increases, a point is reached where the capacity of the network and the content server become inadequate. In extreme cases (e.g., world class sporting events), it is impossible to adequately serve the clientele, resulting in extreme customer frustration. In these circumstances, multicast content delivery is an attractive alternative. However, the issue of maintaining control over the customers is difficult. In addition to controlling the access to the network itself, in order to control the access of users to the multicast session, an Authentication, Authorization and Accounting Framework was added to the multicast architecture. A successful authentication of the end user is a prerequisite for authorization and accounting. The Extensible Authentication Protocol (EAP) provides an authentication framework to implement authentication properly, for which more than thirty different available EAP methods exist. While distinguishing the multicast content delivery requirements in terms of functionality and security, we will be able to choose a smaller set of relevant EAP methods accordingly. Given the importance of the role of the ultimate chosen EAP method, we will precisely compare the most likely to be useful methods and eventually pick the Extensible Authentication Protocol - Flexible Authentication via Secure Tunneling (EAP-FAST) framework as the most suitable one. Based on the work on receiver participant controls, we present a validation of the security of the exchanges that are required to ensure adequate control and revenue recovery

Performance Evaluation for Secure Internet Group Management Protocol and Group Security Association Management Protocol

Multicast distribution employs the model of many-to-many so that it is a more efficient way of data delivery compared to traditional one-to-one unicast distribution, which can benefit many applications such as media streaming. However, the lack of security features in its nature makes multicast technology much less popular in an open environment such as the Internet. Internet Service Providers (ISPs) take advantage of IP multicast technology’s high efficiency of data delivery to provide Internet Protocol Television (IPTV) to their users. But without the full control on their networks, ISPs can not collect revenue for the services they provide. Secure Internet Group Management Protocol (SIGMP), an extension of Internet Group Management Protocol (IGMP), and Group Security Association Management Protocol (GSAM) have been proposed to enforce receiver access control at the network level of IP multicast. In this thesis, we analyze operational detail and issues of both SIGMP and GSAM. An examination of performance of both protocols is also conducted

Identificación y evaluación de vulnerabilidades de la Red Lan Capa 1 y 2, para el ejército Nacional de Colombia dependencia fortaleza ubicado en la ciudad de Bogotá

En este documento se evalúa y se analiza la topología de una red LAN compuesta por un número de dispositivos finales, switch, router y su cableado estructurado. Se busca verificar las condiciones actuales de esta red respecto a su estado, configuración, diseño y arquitectura. A partir del resultado, se expondrán las posibles transformaciones y mejoras que se pueden implementar en la red seleccionada para la investigación, ubicada en la unidad militar GRUPO FORTALEZA DEL EJERCITO NACIONAL.This document evaluates and analyzes the topology of a LAN network consisting of a number of end devices, switch, router and structured cabling. It seeks to verify the current conditions of this network regarding its status, configuration, design and architecture. From the result, the possible transformations and improvements that can be implemented in the network selected for the investigation, located in the military unit GRUPO FORTALEZA DEL NACIONAL ARMY, will be presented.Glosario. -- Resumen. -- Introducción. -- 1. Esquematización del tema. -- 1.1. Descripción y formulación del problema. -- 1.2. Justificación. -- 1.3. Objetivos. -- 1.3.1. Objetivo General. -- 1.3.2. Objetivos Específicos. -- 1.4. Alcances y limitaciones del proyecto. -- 1.4.1. Alcances. -- 1.4.2. Limitaciones. -- 2. Marco de referencia. -- 2.1. RED. -- 2.1.1. Red LAN. -- 2.1.2. Red WAN. -- 2.2. Switch. -- 2.3. Router. -- 2.4. Port Security. -- 3. Metodología. -- 3.1. Verificar. -- 3.2. Actuar. -- 3.3. Planear. -- 3.4. Hacer. -- 4. Condiciones actuales de la red ejército nacional dependencia fortaleza. -- 4.1. Extracción y obtención de la información de la red actual. -- 4.1.1. Ubicación de Equipos. -- 4.1.2. Condiciones Eléctricas. -- 4.2. Características del Router. -- 4.3. Características de los Switch. -- 4.4. Condiciones del cableado estructurado. -- 5. Análisis e identificación de vulnerabilidades. -- 5.1. Cableado estructurado. -- 5.2. Equipos intermedios. -- Conclusiones. -- Recomendaciones. -- Anexos. -- Webgrafia

Progressive introduction of network softwarization in operational telecom networks: advances at architectural, service and transport levels

Technological paradigms such as Software Defined Networking, Network Function Virtualization and Network Slicing are altogether offering new ways of providing services. This process is widely known as Network Softwarization, where traditional operational networks adopt capabilities and mechanisms inherit form the computing world, such as programmability, virtualization and multi-tenancy. This adoption brings a number of challenges, both from the technological and operational perspectives. On the other hand, they provide an unprecedented flexibility opening opportunities to developing new services and new ways of exploiting and consuming telecom networks. This Thesis first overviews the implications of the progressive introduction of network softwarization in operational networks for later on detail some advances at different levels, namely architectural, service and transport levels. It is done through specific exemplary use cases and evolution scenarios, with the goal of illustrating both new possibilities and existing gaps for the ongoing transition towards an advanced future mode of operation. This is performed from the perspective of a telecom operator, paying special attention on how to integrate all these paradigms into operational networks for assisting on their evolution targeting new, more sophisticated service demands.Programa de Doctorado en Ingeniería Telemática por la Universidad Carlos III de MadridPresidente: Eduardo Juan Jacob Taquet.- Secretario: Francisco Valera Pintor.- Vocal: Jorge López Vizcaín

Formal Validation of Security Properties of AMT's Three-Way Handshake

Multicasting is a technique for transmitting the same information to multiple receivers over IP networks. It is often deployed on streaming media applications over the Internet and private networks. The biggest problem multicast introduces today is that it is an all or nothing solution. Every element on the path between the source and the receivers (links, routers, firewalls) requires multicast protocols to be enabled. Furthermore, multicast has a conceptual business model, and therefore is not an easy case to make. These factors, embedded deep in technology, but ultimately shaped by economics, led to a lack of multicast deployment. To address this problem, the AMT (Automatic IP Multicast without explicit Tunnels) specification has been developed by the Network Working Group at the IETF. This specification is designed to provide a mechanism for a migration path to a fully multicast-enabled backbone. It allows multicast to reach unicast-only receivers without the need for any explicit tunnels between the receiver and the source. We have formally validated the three-way handshake in the AMT specification using AVISPA against two main security goals: secrecy and authentication. We have demonstrated that the authentication goal is not met: an attacker can masquerade as an AMT relay, and the AMT gateway (at the end user) cannot distinguish a valid relay from an invalid one. Another attack was also found where an intruder can disconnect or shutdown a valid session for a valid end-user using a replay attack

OmniSwitch 7700/7800 OmniSwitch 8800 Network Configuration Guide

This configuration guide includes information about configuring the following features: • VLANs, VLAN router ports, mobile ports, and VLAN rules. • Basic Layer 2 functions, such as Ethernet port parameters, source learning, Spanning Tree, and Alcatel interswitch protocols (AMAP and GMAP). • Advanced Layer 2 functions, such as 802.1Q tagging, Link Aggregation, IP Multicast Switching, andServer Load Balancing. • Basic routing protocols and functions, such as static IP routes, RIP, DHCP Relay, Virtual Router Redundancy Protocol (VRRP), and IPX. • Security features, such as switch access control, Authenticated VLANs (AVLANs), authentication servers, and policy management. • Quality of Service (QoS) and Access Control Lists (ACLs) features, such as policy rules for prioritizingand filtering traffic, remapping packet headers, and network address translation. • Diagnostic tools, such as RMON, port mirroring, and switch logging.This OmniSwitch 7700/7800/8800 Network Configuration Guide describes how to set up and monitor software features that will allow your switch to operate in a live network environment. The software features described in this manual are shipped standard with your OmniSwitch 7700, 7800, or 8800. These features are used when setting up your OmniSwitch in a network of switches and routers