10 research outputs found
Passive classification of Wi-Fi enabled devices
We propose a method for classifying Wi-Fi enabled mobile handheld devices (smartphones) and non-handheld devices (laptops) in a completely passive way, that is resorting neither to traffic probes on network edge devices nor to deep packet inspection techniques to read application layer information. Instead, classification is performed starting from probe requests Wi-Fi frames, which can be sniffed with inexpensive commercial hardware. We extract distinctive features from probe request frames (how many probe requests are transmitted by each device, how frequently, etc.) and take a machine learning approach, training four different classifiers to recognize the two types of devices. We compare the performance of the different classifiers and identify a solution based on a Random Decision Forest that correctly classify devices 95% of the times. The classification method is then used as a pre-processing stage to analyze network traffic traces from the wireless network of a university building, with interesting considerations on the way different types of devices uses the network (amount of data exchanged, duration of connections, etc.). The proposed methodology finds application in many scenarios related to Wi-Fi network management/optimization and Wi-Fi based services
{SoK}: {An} Analysis of Protocol Design: Avoiding Traps for Implementation and Deployment
Today's Internet utilizes a multitude of different protocols. While some of these protocols were first implemented and used and later documented, other were first specified and then implemented. Regardless of how protocols came to be, their definitions can contain traps that lead to insecure implementations or deployments. A classical example is insufficiently strict authentication requirements in a protocol specification. The resulting Misconfigurations, i.e., not enabling strong authentication, are common root causes for Internet security incidents. Indeed, Internet protocols have been commonly designed without security in mind which leads to a multitude of misconfiguration traps. While this is slowly changing, to strict security considerations can have a similarly bad effect. Due to complex implementations and insufficient documentation, security features may remain unused, leaving deployments vulnerable. In this paper we provide a systematization of the security traps found in common Internet protocols. By separating protocols in four classes we identify major factors that lead to common security traps. These insights together with observations about end-user centric usability and security by default are then used to derive recommendations for improving existing and designing new protocols---without such security sensitive traps for operators, implementors and users
{SoK}: {An} Analysis of Protocol Design: Avoiding Traps for Implementation and Deployment
Today's Internet utilizes a multitude of different protocols. While some of these protocols were first implemented and used and later documented, other were first specified and then implemented. Regardless of how protocols came to be, their definitions can contain traps that lead to insecure implementations or deployments. A classical example is insufficiently strict authentication requirements in a protocol specification. The resulting Misconfigurations, i.e., not enabling strong authentication, are common root causes for Internet security incidents. Indeed, Internet protocols have been commonly designed without security in mind which leads to a multitude of misconfiguration traps. While this is slowly changing, to strict security considerations can have a similarly bad effect. Due to complex implementations and insufficient documentation, security features may remain unused, leaving deployments vulnerable. In this paper we provide a systematization of the security traps found in common Internet protocols. By separating protocols in four classes we identify major factors that lead to common security traps. These insights together with observations about end-user centric usability and security by default are then used to derive recommendations for improving existing and designing new protocols---without such security sensitive traps for operators, implementors and users
Recommended from our members
Contextually and identity aware 5G services
This thesis was submitted for the degree of Doctor of Philosophy and awarded by Brunel University LondonThe fifth generation (5G) mobile networks aim to be ten times faster than the existing 4G connection, whilst providing low latency, and flexibility. Hence, various alterations are planned to the existing network infrastructure to be able to reach the 5G expected performance levels. The main technologies that were used, to ensure high performance, flexible network, and efficient resource allocation, are Software Defined Network and Network Function Virtualization. As these technologies are replacing the device-based architecture with, a service-based architecture.
This thesis provides a design of location database interactive web interface and interactive mobile application. The implementation of real time video streaming location server, the streaming system's performance parameters demonstrated a high level of QoS (0.07ms jitter and 9.53ms delay). In regard to experimental examination, it measured the localisation coverage, accuracy measurements and a highly scalable security solution. The localisation coverage and accuracy measurements were achieved through the mmWave and VLC link transmitters. The proposed simulated annealing algorithm aimed at data optimisation for location measurements accuracy showed results of the average location error of x and y which showed significant improvement from x= 22.5 and y=21.6 to x=11.09 and y= 11.63.
The proposed indoor location security solution showed significant results, as it provides a high scalability solution using the VNF. The solution showed that it was not 100% effective, as some of the fake discover packets still reached the DHCP server. This was due to the high load of traffic passing through the network. Nonetheless, 90% of the fake DHCP discover packets never reached the DHCP server because the scripts began blocking all fake discover packets after realising it was an attack. This conveys that the proposed system was able to run successfully without crashing or overloading the controller.
Overall, the main challenges facing 5G have been addressed with their proposed solutions, which showed promising results. Conclusively showing that there is a lot more space for technological advancements to support the future of mobile networks.European Union’s Horizon 2020 research program - the Internet of Radio-Light (IoRL) project H2020-ICT 761992
Gestão e engenharia de CAP na nuvem híbrida
Doutoramento em InformáticaThe evolution and maturation of Cloud Computing created an opportunity for the emergence of new Cloud applications. High-performance Computing, a complex problem solving class, arises as a new business consumer by taking advantage of the Cloud premises and leaving the expensive datacenter management and difficult grid development.
Standing on an advanced maturing phase, today’s Cloud discarded many of its drawbacks, becoming more and more efficient and widespread. Performance enhancements, prices drops due to massification and customizable services on demand triggered an emphasized attention from other markets.
HPC, regardless of being a very well established field, traditionally has a narrow frontier concerning its deployment and runs on dedicated datacenters or large grid computing. The problem with common placement is mainly the initial cost and the inability to fully use resources which not all research labs can afford.
The main objective of this work was to investigate new technical solutions to allow the deployment of HPC applications on the Cloud, with particular emphasis on the private on-premise resources – the lower end of the chain which reduces costs. The work includes many experiments and analysis to identify obstacles and technology limitations. The feasibility of the objective was tested with new modeling, architecture and several applications migration.
The final application integrates a simplified incorporation of both public and private Cloud resources, as well as HPC applications scheduling, deployment and management. It uses a well-defined user role strategy, based on federated authentication and a seamless procedure to daily usage with balanced low cost and performance.O desenvolvimento e maturação da Computação em Nuvem abriu a janela de oportunidade para o surgimento de novas aplicações na Nuvem. A Computação de Alta Performance, uma classe dedicada à resolução de problemas complexos, surge como um novo consumidor no Mercado ao aproveitar as vantagens inerentes à Nuvem e deixando o dispendioso centro de computação tradicional e o difícil desenvolvimento em grelha.
Situando-se num avançado estado de maturação, a Nuvem de hoje deixou para trás muitas das suas limitações, tornando-se cada vez mais eficiente e disseminada. Melhoramentos de performance, baixa de preços devido à massificação e serviços personalizados a pedido despoletaram uma atenção inusitada de outros mercados.
A CAP, independentemente de ser uma área extremamente bem estabelecida, tradicionalmente tem uma fronteira estreita em relação à sua implementação. É executada em centros de computação dedicados ou computação em grelha de larga escala. O maior problema com o tipo de instalação habitual é o custo inicial e o não aproveitamento dos recursos a tempo inteiro, fator que nem todos os laboratórios de investigação conseguem suportar.
O objetivo principal deste trabalho foi investigar novas soluções técnicas para permitir o lançamento de aplicações CAP na Nuvem, com particular ênfase nos recursos privados existentes, a parte peculiar e final da cadeia onde se pode reduzir custos. O trabalho inclui várias experiências e análises para identificar obstáculos e limitações tecnológicas. A viabilidade e praticabilidade do objetivo foi testada com inovação em modelos, arquitetura e migração de várias aplicações.
A aplicação final integra uma agregação de recursos de Nuvens, públicas e privadas, assim como escalonamento, lançamento e gestão de aplicações CAP. É usada uma estratégia de perfil de utilizador baseada em autenticação federada, assim como procedimentos transparentes para a utilização diária com um equilibrado custo e performance
An examination of the Asus WL-HDD 2.5 as a nepenthes malware collector
The Linksys WRT54g has been used as a host for network forensics tools for instance Snort for a long period of time. Whilst large corporations are already utilising network forensic tools, this paper demonstrates that it is quite feasible for a non-security specialist to track and capture malicious network traffic. This paper introduces the Asus Wireless Hard disk as a replacement for the popular Linksys WRT54g. Firstly, the Linksys router will be introduced detailing some of the research that was undertaken on the device over the years amongst the security community. It then briefly discusses malicious software and the impact this may have for a home user. The paper then outlines the trivial steps in setting up Nepenthes 0.1.7 (a malware collector) for the Asus WL-HDD 2.5 according to the Nepenthes and tests the feasibility of running the malware collector on the selected device. The paper then concludes on discussing the limitations of the device when attempting to execute Nepenthes
Internet of Things From Hype to Reality
The Internet of Things (IoT) has gained significant mindshare, let alone attention, in academia and the industry especially over the past few years. The reasons behind this interest are the potential capabilities that IoT promises to offer. On the personal level, it paints a picture of a future world where all the things in our ambient environment are connected to the Internet and seamlessly communicate with each other to operate intelligently. The ultimate goal is to enable objects around us to efficiently sense our surroundings, inexpensively communicate, and ultimately create a better environment for us: one where everyday objects act based on what we need and like without explicit instructions
The 5G era of mobile networks: a comprehensive study of the related technologies accompanied by an experimentation framework
Οι συνεχώς αυξανόμενες απαιτήσεις από τα δίκτυα κινητών επικοινωνιών για τη
παροχή καλύτερων υπηρεσιών και τη διασύνδεση όλων και περισσότερων συσκευών,
ωθούν τη κοινότητα του κλάδου στην ανάπτυξη νέων μεθόδων και τεχνολογιών
οργάνωσης των δικτύων προκειμένου να αντιμετωπιστεί αποτελεσματικά αυτή η
πρόκληση. Δεδομένου ότι η παρούσα τεχνολογία έχει φτάσει στα όρια της από άποψη
ικανότητας διαχείρισης της κίνησης, απαιτείται η ανάπτυξη ενός νέου πλαισίου
λειτουργίας το οποίο θα μπορεί να ανταποκριθεί αποτελεσματικά στις νέες συνθήκες
που διαμορφώνονται από τη τηλεπικοινωνιακή αγορά.
Η 5 η γενιά των δικτύων κινητών επικοινωνιών (5G) αποσκοπεί στην επίλυση ακριβώς
αυτού του ζητήματος, μέσα από την ανάπτυξη ενός νέου μοντέλου λειτουργίας. Το
μοντέλο αυτό αναδιαρθρώνοντας εκ βάθρων τον τρόπο λειτουργίας του δικτύου σε όλα
τα επίπεδα, σχηματίζει ένα νέο οικοσύστημα δικτυακών υποδομών και λειτουργιών το
οποίο επιτρέπει τη παροχή στους χρήστες υπηρεσιών υψηλού επιπέδου,
προσαρμοσμένες στις εκάστοτε ανάγκες τους.
Στα πλαίσια της παρούσας εργασίας μελετήθηκαν εκτενώς οι θεμελιώδεις αρχές και οι
κυριότερες τεχνολογίες που διέπουν τη λειτουργία ενός δικτύου νέας γενιάς καθ’ όλο το
μήκος του. Ξεκινώντας από τις καινοτομίες που αφορούν τη δομή των 5G δικτύων σε
επίπεδο αρχιτεκτονικής, η ανάλυση επεκτείνεται με μία προσέγγιση από κάτω προς τα
πάνω· στα επίπεδα εκπομπής και πρόσβασης στο δίκτυο (C-RAN & MAC), στους
μηχανισμούς που είναι υπεύθυνοι για παροχή των λειτουργιών και υπηρεσιών του
δικτύου (NFV), ενώ εν συνεχεία γίνεται αναφορά στο νέο μοντέλο δρομολόγησης και
διαχείρισης της κίνησης συνολικά στο δίκτυο (SDN) και σε επόμενο στάδιο
παρουσιάζεται η τεχνολογία που αφορά την ικανότητα παροχής διακριτών υπηρεσιών
στους χρήστες (E2E Slicing). Ακόμα, παρουσιάζονται ορισμένοι χαρακτηριστικοί δείκτες
και μετρικές που σχετίζονται με τη προτυποποίηση των τεχνολογιών του δικτύου καθώς
και όλες οι τρέχουσες εξελίξεις που αφορούν την ανάπτυξη του 5G στην Ευρώπη.
Στη συνέχεια παρουσιάζονται τα δεδομένα του πειράματος που διεξήχθη για τους
σκοπούς της εργασίας και αφορά αφενός τη μοντελοποίηση ενός υφιστάμενου δικτύου
με βάση τα νέα πρότυπα του 5G και αφετέρου την αξιολόγηση της απόδοσης του με
βάση ορισμένα σενάρια σχετικά με τη τοπολογία και το πλήθος των δεδομένων που
ανταλλάσσονται κάθε στιγμή στο δίκτυο. Η εξέταση των παραμέτρων αποδοτικότητας
εστιάζει στην ικανότητα του ONOS SDN Controller να διαχειρίζεται τη κίνηση των
δεδομένων όταν προκύπτουν ορισμένα συμβάντα που επηρεάζουν την αρχική δομή του
δικτύου.
Ως προς τα αποτελέσματα των μετρήσεων που διεξάγονται, παρόλο που φαίνεται το
θετικό αντίκτυπο που θα έχει η ενσωμάτωση των νέων τεχνολογιών στην απόδοση των
δικτύων κινητών επικοινωνιών, υπάρχουν ακόμα ορισμένα επιμέρους ανοικτά ζητήματα
τα οποία χρήζουν περαιτέρω έρευνας από τη πλευρά των μελών της τηλεπικοινωνιακής
κοινότητας ώστε να μην υποσκαφθεί τελικά το αρχικό όραμα της καθολικής λειτουργίας
όλων των κινητών συσκευών υπό μία ενιαία ομπρέλα.The ever-increasing demand from mobile communications networks for the provision of
better services and interconnection of more devices is pushing the industry's community
to develop new network organization methods and technologies in order to effectively
address this challenge. As the current technology has reached its limits in terms of
traffic management capability, it is necessary to develop a new operating framework
that can effectively respond to the new conditions created by the telecommunications
market.
The 5th generation of mobile communication networks (5G) aims to solve this exact
issue by developing a new operating model. This model, by thoroughly restructuring the
way the network operates at all levels, forms a new ecosystem of network
infrastructures and functions that enables the provision of high-level services to users,
tailored to their particular needs.
The fundamental principles and key technologies that govern the operation of a new
generation network throughout its entire length were extensively studied in the context
of this paper. Starting with the innovations regarding the structure of 5G networks at the
architectural level, the analysis extends to a bottom-up approach: from the broadcast
and access levels to the network (C-RAN & MAC) to the mechanisms responsible for
delivering the network's functions and services (NFV). Then, the new network-based
routing and traffic management (SDN) model is introduced, and the technology for
providing distinctive services to users (E2E Slicing) is presented. Furthermore, some
characteristic indicators and metrics related to the standardization of the network's
technologies are presented, as well as all the current developments related to the
development of 5G in Europe.
Then, the data of the experiment carried out for the purposes of the paper is presented.
On the one hand, this data concerns the modeling of an existing network based on the
new 5G standards and, on the other hand, the evaluation of its performance based on
some scenarios regarding the topology and the amount of data exchanged at any time
on the network. The examination of the efficiency parameters focuses on the ability of
the ONOS SDN controller to manage the traffic of the data when certain events
affecting the original network structure occur.
In terms of the results of the measurements being carried out, although the positive
impact of the incorporation of new technologies on the performance of mobile
communications networks appears to be positive, there are still some individual open
issues that need further research by members of the telecommunications community in
order for the original vision of the universal operation of all mobile devices under one
single umbrella not to be ultimately undermined
Contributing to the pathway towards 5G experimentation with an SDN-controlled network box
Καθώς η απαίτηση σε ευρυζωνικές υπηρεσίες κινητών επικοινωνιών αυξάνεται ραγδαία, τα υπάρχοντα δίκτυα κινητών επικοινωνιών πλησιάζουν τα όριά τους κάνοντας επιτακτική την ανάγκη εξέλιξής τους η οποία θα επέλθει με την τεχνολογική άφιξη της επόμενης γενιάς κινητών επικοινωνιών, ευρέως γνωστής ως 5G. Το 5G μεταφέρει όλες εκείνες τις δυνατότητες οι οποίες είναι απαραίτητες για να καλυφθούν οι συνεχώς αυξανόμενες ανάγκες σε ευρυζωνικές υπηρεσίες, να υποστηρίξουν το Internet of Things καθώς και να ενοποιήσουν ετερογενείς υπηρεσίες σε διαφορετικές βιομηχανίες.
Η παρούσα διπλωματική εργασία στοχεύει να παρουσιάσει το “Network in a box”, ένα καινοτόμο εργαλείο που αναπτύξαμε στο εργαστήριο, το οποίο βασίζεται επάνω στους θεμέλιους λίθους του 5G, το SDN και το NFV. Με το SDN να είναι η νέα προσέγγιση στα δίκτυα κινητών επικοινωνιών, ο έλεγχος διαχωρίζεται από τα δεδομένα παρέχοντας τη δυνατότητα οποιεσδήποτε αποφάσεις ελέγχου, να λαμβάνονται κεντρικά, μετατρέποντας έτσι τις κλασικές δικτυακές συσκευές σε απλά προωθητικά στοιχεία του δικτύου. Η συγκεκριμένη διάταξη μιμείται ένα πραγματικό δίκτυο, το οποίο διαθέτει δυνατότητες αυτο-οργάνωσης και αυτο-βελτίωσης, προσομοιώνοντας τη λειτουργία του 5G δικτύου. Το συγκεκριμένο εργαλείο είναι επίσης ικανό να παράσχει KPI μετρικές του 5G δικτύου κάτω από πραγματικές συνθήκες ενόσω αληθινές δικτυακές συσκευές είναι συνδεδεμένες σε αυτό.
Η δομή της παρούσας διπλωματικής εργασίας αναλύεται σε πέντε κεφάλαια. Το πρώτο κεφάλαιο παρουσιάζει τις προκλήσεις που σύντομα θα κληθούν να αντιμετωπίσουν τα δίκτυα κινητών επικοινωνιών και πώς αυτές μπορούν να καλυφθούν με την τεχνολογία του 5G. Το δεύτερο κεφάλαιο εισάγει την τάση στην αγορά των κινητών επικοινωνιών που διαφένεται πίσω από την επερχόμενη άφιξη του 5G, αποκαλύπτοντας το επιχειρηματικό πλαίσιο για επιχειρήσεις, καταναλωτές και συνεργασίες όπως επίσης και κάποιες περιπτώσεις χρήσης που αντικατοπτρίζουν την διαρκή εξέλιξη στις ευρυζωνικές υπηρεσίες κινητών επικοινωνιών. Το τρίτο κεφάλαιο εμπεριέχει μια μικρή επισκόπηση των τρέχοντων έργων πάνω στο 5G, τα οποία ξεκίνησαν υπό την αιγίδα της Ευρωπαϊκής Επιτροπής με τη συνεργασία προμηθευτών τεχνολογίας επικοινωνιών, παρόχων υπηρεσιών, μικρομεσαίων επιχειρήσεων και πανεπιστημίων. Γίνεται επίσης αναφορά στις βασικές τεχνολογίες του 5G και στις δραστηριότητες προτυποποίησής του. Προχωρώντας στο τέταρτο κεφάλαιο, περιγράφουμε σε βάθος την αρχιτεκτονική του 5G δικτύου, αναλύοντας τα SDN, NFV, MANO και εξετάζουμε πώς αυτά συνεισφέρουν στη βιωσιμότητα του δικτύου. Τέλος, στο πέμπτο κεφάλαιο εισάγουμε μια καινοτόμο ιδέα που αναπτύξαμε στο εργαστήριο δικτύων του πανεπιστημίου μας, ένα πλήρως αυτόνομο δικτυακό εργαλείο, το “Network in a box”. Παρουσιάζουμε σε βάθος πώς αυτός ο server μπορεί να εγκατασταθεί και να λειτουργήσει καθώς και τις δυνατότητές του κάτω από πραγματικές συνθήκες λειτουργίας του δικτύου, ενώ λαμβάνουν χώρα υποβάθμιση ποιότητας ή μη-διαθεσιμότητα στις δικτυακές ζεύξεις, παρέχοντας επίσης μετρικές από τη λειτουργία του δικτύου σε πραγματικό χρόνο.As the demand in mobile broadband is tremendously increased and the heterogeneity of the services to be covered is growing rapidly, current mobile networks are close to their limits imposing the need of an evolution which is going to be introduced by the next generation technology, the ITU IMT-2020, well known as 5G. 5G brings all those capabilities required to cover the increased mobile broadband needs, support the Internet of Things and bind heterogeneous services in different industries.
This diploma thesis aims at presenting the “Network in a box”, an innovative tool we developed which is based on the key 5G principles, SDN and NFV. With Software Defined Networking (SDN) being the new approach in mobile networks, control and data plane are decoupled providing the ability to make any control related decisions centrally and transform legacy network devices to simple forwarding elements. This testbed is a portable emulated network device which is self-managed and self-optimised and can be connected between any real network devices, emulating how the 5G network will perform. This plug & play black-box testbed is also capable of providing KPI metrics of the 5G network under real circumstances when real network devices are connected to it.
The structure of this diploma thesis is decomposed in five chapters. Chapter 1 presents the challenges mobile networks will shortly face due to the growing heterogeneous demands in communications towards the year 2020 and beyond and how these can be met with the upcoming 5G technology. Chapter 2 introduces the market trend behind the new era of 5G, revealing the business context for enterprises, consumers, verticals and partnerships as well as some use cases which reflect the continuous mobile broadband evolution. Chapter 3 includes a short overview of the ongoing 5G projects, initiated under the umbrella of the European Commission, with the collaboration of communications technology vendors, telecommunications operators, service providers, small and medium-sized enterprises (SMEs) and universities. There is also a reference in 5G key enabling technologies and standardisation activities as we move towards the next generation mobile networks technology. Moving forward, chapter 4 describes in detail the technological components of 5G network architecture such as SDN, NFV, MANO and examines how these 5G key enabling technologies contribute to the overall networks’ sustainability. Finally, in chapter 5 we introduce an innovative idea developed in our university’s communications network research laboratory, an autonomous emulated portable network testbed, the “Network in a box”. We present in-depth how this portable server is deployed, operates and demonstrate the way it can be connected to real network elements emulating a real 5G end-to-end customer network. Moreover, in this last chapter we present “Network in a box” capabilities under real network circumstances when link degradations or failures take place, providing also real-time network metrics