Network Virtualization and Emulation using Docker, OpenvSwitch and Mininet-based Link Emulation

With the advent of virtualization and artificial intelligence, research on networked systems has progressed substantially. As the technology progresses, we expect a boom in not only the systems research but also in the network of systems domain. It is paramount that we understand and develop methodologies to connect and communicate among the plethora of devices and systems that exist today. One such area is mobile ad-hoc and space communication, which further complicates the task of networking due to myriad of environmental and physical conditions. Developing and testing such systems is an important step considering the large investment required to build such gigantic communication arrangements. We address two important aspects of network emulation in this work. We propose a network emulation framework, which emulates the functioning of a hierarchical software defined network. One such use-case is described using a mobile ad-hoc network (MANET) topology within a single system by leveraging contemporary network virtualization technologies. We present various aspects of the network, such as the dynamic communication in the software domain and provide a novel approach to build upon existing emulation techniques. The second part of the thesis presents a dynamic network link emulator. This emulator enables suitable link property re-configurations such as bandwidth, delay and packet loss for networked systems using simulation software. We characterize the results of tests for the link emulation using a hardware and software testbed. Through this thesis, we aim to make a small yet crucial contribution to the niche area of software defined networks

Secure Communication in Disaster Scenarios

Während Naturkatastrophen oder terroristischer Anschläge ist die bestehende Kommunikationsinfrastruktur häufig überlastet oder fällt komplett aus. In diesen Situationen können mobile Geräte mithilfe von drahtloser ad-hoc- und unterbrechungstoleranter Vernetzung miteinander verbunden werden, um ein Notfall-Kommunikationssystem für Zivilisten und Rettungsdienste einzurichten. Falls verfügbar, kann eine Verbindung zu Cloud-Diensten im Internet eine wertvolle Hilfe im Krisen- und Katastrophenmanagement sein. Solche Kommunikationssysteme bergen jedoch ernsthafte Sicherheitsrisiken, da Angreifer versuchen könnten, vertrauliche Daten zu stehlen, gefälschte Benachrichtigungen von Notfalldiensten einzuspeisen oder Denial-of-Service (DoS) Angriffe durchzuführen. Diese Dissertation schlägt neue Ansätze zur Kommunikation in Notfallnetzen von mobilen Geräten vor, die von der Kommunikation zwischen Mobilfunkgeräten bis zu Cloud-Diensten auf Servern im Internet reichen. Durch die Nutzung dieser Ansätze werden die Sicherheit der Geräte-zu-Geräte-Kommunikation, die Sicherheit von Notfall-Apps auf mobilen Geräten und die Sicherheit von Server-Systemen für Cloud-Dienste verbessert

Spanning data across heterogeneous MANETs through proactive strip interoperability

International audienceThe topic of spanning data across different wireless ad hoc networks using distinct routing protocols is still an ongoing effort. Numerous applications can be derived if this is a possibility. From wireless mesh networks, wireless sensor networks and mobile ad hoc networks (MANETs), can benefit greatly from adjacent or passing through mobile networks. Due to the previous, we propose the use of a proactive approach for the Strip Interoperability mechanism, which has proven to bridge heterogeneous networks using only layer 3 protocols. Moreover, new scenarios, scale and stress the mechanism to a considerable number of nodes through the use of Dockemu, a novel tool for network emulation. Dockemu is partially composed of Linux Containers and NS-3, allowing the flexibility of utilizing real world OSs at a greater scal

A novel online CEP learning engine for MANET IDS

International audienceIn recent years the use of wireless ad hoc networks has seen an increase of applications. A big part of the research has focused on Mobile Ad Hoc Networks (MANETs), due to its implementations in vehicular networks, battlefield communications, among others. These peer-to-peer networks usually test novel communications protocols, but leave out the network security part. A wide range of attacks can happen as in wired networks, some of them being more damaging in MANETs. Because of the characteristics of these networks, conventional methods for detection of attack traffic are ineffective. Intrusion Detection Systems (IDSs) are constructed on various detection techniques, but one of the most important is anomaly detection. IDSs based only in past attacks signatures are less effective, even more if these IDSs are centralized. Our work focuses on adding a novel Machine Learning technique to the detection engine, which recognizes attack traffic in an online way (not to store and analyze after), re-writing IDS rules on the fly. Experiments were done using the Dockemu emulation tool with Linux Containers, IPv6 and OLSR as routing protocol, leading to promising result