267 research outputs found

    The design and implementation of a smart-parking system for Helsinki Area

    Get PDF
    The strain on the parking infrastructure for the general public has significantly grown as a result of the ever rising number of vehicles geared by the rapid population growth in urban areas. Consequently, finding a vacant parking space has become quite a challenging task, especially at peak hours. Drivers have to cycle back and forth a number of times before they finally find where to park. This leads to increased fuel consumption, air pollution, and increased likelihood of causing accidents, to mention but a few. Paying for the parking is not straight forward either, as the ticket machines, on top of being located at a distance, in many times, they have several payment methods drivers must prepare for. A system therefore, that would allow drivers to check for the vacant parking places before driving to a busy city, takes care of the parking fee for exact time they have used, manages electronic parking permit, is the right direction towards toppling these difficulties. The main objective of this project was to design and implement a system that would provide parking occupancy estimation, parking fee payment method, parking permit management and parking analytics for the city authorities. The project had three phases. The first and the second phases used qualitative approaches to validate our hypotheses about parking shortcoming in Helsinki area and the recruitment of participants to the pilot of the project, respectively. The third phase involved the design, implementation and installation of the system. The other objective was to study the challenges a smart parking system would face at different stages of its life cycle. The objectives of the project were achieved and the considered assumption about the challenges associated with parking in a busy city were validated. A smart parking system will allow drivers to check for available parking spaces beforehand, they are able to pay for the parking fee, they can get electronic parking permits, and the city authority can get parking analytics for the city plannin

    A remotely accessible USB hub:software design and testing

    Get PDF
    Abstract. Remote use of USB peripherals has been identified as useful for Aava Mobile customers. Therefore, the commercial feasibility of an accessory that allows accessing USB devices remotely was studied at Aava, and a prototype device was built. The software in this accessory was required to transfer data securely, be automatically detectable on a local network, and operate autonomously. It is explored in this thesis how remote USB sharing and the requirements could be implemented using open-source software components. New USB remote use programs that support the required capabilities were created as part of this thesis. These applications run on Linux-based operating systems and make use of the existing open-source USB/IP tool protocol. The new client program uses the existing Linux USB/IP virtual host controller driver, and the server is implemented in user space. After the software work was concluded, measurements were performed for evaluation purposes. Optimal encryption ciphers for the prototype hardware were also selected. It was verified by testing that network delay causes major performance degradation. Other significant performance concerns were network adapter speed, the use of encryption, USB port speed, and the user space server implementation. However, while these aspects reduced the performance of the prototype, they were not determined to be critical. The accessory was not intended for high-performance use cases, and therefore the use of cost-effective components can be justified

    Evaluation of the IEC 61850 Communication Solutions

    Get PDF
    Initially, when the IEC 61850 standard was prepared, it was intended to be used within the limits of a substation for information exchange between devices. In the course of time and due to the standard’s advantages, its concepts are nowadays used as well in other application areas of the power utility system. The IEC 61850 is based to the maximum extent on other existing communication standards (IEC/IEEE/ISO/OSI), offering among others: visualization of the real applications through the ASCI interface, standardized messages to be exchanged (GOOSE, SV), one configuration language regardless of the device (IED) type/brand, and mapping to already implemented computing protocols (MMS, TCP/IP, Ethernet). The features mentioned above lead to cost reduction, reliability, and interoperability, making the IEC61850 the dominant standard for intra- and inter-substation communication. The parts 90-1 and 90-5 of the IEC 61850 standard concern the application of the tunneling and routing method in order to extend the communication beyond the substation’s limits. Although they establish the theoretical background, it can be mentioned a lack of information regarding real applications. So, the objective of this thesis was at first to establish the communication link which will allow the communication of devices belonging to different LANs and second, the acquiring of the round trip times from the exchanged messages. The experiments were conducted by a combination of software (Hamachi) and embedded platform (BeagleBone) pinging to each other first via tunneling and next via 4G mobile network. The acquired round-trip times were used to evaluate and compare the tunneling and the 4G routing method, estimating in parallel what are the perspectives of these methods to be used for inter-substation communication.fi=Opinnäytetyö kokotekstinä PDF-muodossa.|en=Thesis fulltext in PDF format.|sv=Lärdomsprov tillgängligt som fulltext i PDF-format

    Strategies to Secure End-To-End Communication

    Get PDF
    The Stream Control Transmission Protocol (SCTP) is a fairly recent generic transport protocol with novel features, like multi-streaming, multi-homing, and an extendable architecture. This, however, prevents existing approaches to secure end-to-end connections from being used without limiting the supported SCTP features. New solutions also exist, but require extensive modifications that are difficult to realize and deploy. Hence, there is no widely deployed solution to secure SCTP-based connections. In this thesis, possible strategies to secure end-to-end SCTP connections are analyzed. For each strategy, a viable solution that does not limit the features of SCTP is presented, with a focus on deployability in terms of standardization as well as implementation. Implementations based on common open source tools are developed and used to conduct functionality and performance measurements, with simulated and real systems, to prove the usefulness of the suggested approaches

    A Demonstration Scenario for the NorNet Core Multi-Homed Network Testbed

    Get PDF
    There is extensive on-going research taking place with the goal of implementing transport layer protocols that are able to utilize multi-homing on machines (connection to multiple ISPs). Multi-homing has potential to improve resilience and increase total goodput compared to using a single connection. This would e.g. benefit the trend of more and more services being moved online and into the cloud. The NorNet Core multi-homed network testbed aims to facilitate this research by offering programmable virtual machines located at multiple different sites across the world, accessible for researchers. The aim of this project is the design and implementation of a demonstration platform for NorNet Core that enables the testbed to be illustratively demonstrated to potential new users. This is done by offering users interactive experiments, and geographical visualization of various communication scenarios between nodes in the NorNet Core network in real time. The demonstration platform puts emphasis on demonstrating the unique aspects of NorNet Core compared to other networking testbeds; namely the multi-homed nature and IPv6 support for all of the nodes. This thesis discusses the technical aspects of designing and implementing the platform, as well as demonstrating the finished result with various demonstration scenarios. The Qt programming framework was chosen as the primary development framework for this application

    Overview of modern teaching equipment that supports distant learning

    Get PDF
    Laboratory is a key element of engineering and applied sciences educational systems. With the development of Internet and connecting IT technologies, the appearance of remote laboratories was inevitable. Virtual laboratories are also available; they place the experiment in a simulated environment. However, this writing focuses on remote experiments not virtual ones. From the students’ point of view, it is a great help not only for those enrolling in distant or online courses but also for those studying in a more traditional way. With the spread of smart, portable devices capable of connection to the internet, students can expand or restructure time spent on studying. This is a huge help to them and also allows them to individually divide their time up, to learn how to self-study. This independent approach can prepare them for working environments. It offers flexibility and convenience to the students. From the universities’ point of view, it helps reduce maintenance costs and universities can share experiments which also helps the not so well-resourced educational facilities

    Analyzing challenging aspects of IPv6 over IPv4

    Get PDF
    The exponential expansion of the Internet has exhausted the IPv4 addresses provided by IANA. The new IP edition, i.e. IPv6 introduced by IETF with new features such as a simplified packet header, a greater address space, a different address sort, improved encryption, powerful section routing, and stronger QoS. ISPs are slowly seeking to migrate from current IPv4 physical networks to new generation IPv6 networks. ‎The move from actual IPv4 to software-based IPv6 is very sluggish, since billions of computers across the globe use IPv4 addresses. The configuration and actions of IP4 and IPv6 protocols are distinct. Direct correspondence between IPv4 and IPv6 is also not feasible. In terms of the incompatibility problems, all protocols can co-exist throughout the transformation for a few years. Compatibility, interoperability, and stability are key concerns between IP4 and IPv6 protocols. After the conversion of the network through an IPv6, the move causes several issues for ISPs. The key challenges faced by ISPs are packet traversing, routing scalability, performance reliability, and protection. Within this study, we meticulously analyzed a detailed overview of all aforementioned issues during switching into ipv6 network

    Practical Analysis of Encrypted Network Traffic

    Get PDF
    The growing use of encryption in network communications is an undoubted boon for user privacy. However, the limitations of real-world encryption schemes are still not well understood, and new side-channel attacks against encrypted communications are disclosed every year. Furthermore, encrypted network communications, by preventing inspection of packet contents, represent a significant challenge from a network security perspective: our existing infrastructure relies on such inspection for threat detection. Both problems are exacerbated by the increasing prevalence of encrypted traffic: recent estimates suggest that 65% or more of downstream Internet traffic will be encrypted by the end of 2016. This work addresses these problems by expanding our understanding of the properties and characteristics of encrypted network traffic and exploring new, specialized techniques for the handling of encrypted traffic by network monitoring systems. We first demonstrate that opaque traffic, of which encrypted traffic is a subset, can be identified in real-time and how this ability can be leveraged to improve the capabilities of existing IDS systems. To do so, we evaluate and compare multiple methods for rapid identification of opaque packets, ultimately pinpointing a simple hypothesis test (which can be implemented on an FPGA) as an efficient and effective detector of such traffic. In our experiments, using this technique to “winnow”, or filter, opaque packets from the traffic load presented to an IDS system significantly increased the throughput of the system, allowing the identification of many more potential threats than the same system without winnowing. Second, we show that side channels in encrypted VoIP traffic enable the reconstruction of approximate transcripts of conversations. Our approach leverages techniques from linguistics, machine learning, natural language processing, and machine translation to accomplish this task despite the limited information leaked by such side channels. Our ability to do so underscores both the potential threat to user privacy which such side channels represent and the degree to which this threat has been underestimated. Finally, we propose and demonstrate the effectiveness of a new paradigm for identifying HTTP resources retrieved over encrypted connections. Our experiments demonstrate how the predominant paradigm from prior work fails to accurately represent real-world situations and how our proposed approach offers significant advantages, including the ability to infer partial information, in comparison. We believe these results represent both an enhanced threat to user privacy and an opportunity for network monitors and analysts to improve their own capabilities with respect to encrypted traffic.Doctor of Philosoph

    Sistema open-source de alta-disponibilidade de segurança de redes

    Get PDF
    Due to the growing number of cyber-attacks and the overall digital world knowledge, there is an urgent need to improve cyber security systems. Some of the measures implemented in these systems use network monitoring systems. This document regards a security system with a similar approach focused on prevention and reaction to a shortage of service. It is an Open-Source solution aiming to prevent DDoS attacks and adapt a network to realtime failures through smart configurations of security devices like Firewalls and Load-Balancers. The system is capable of periodically monitoring the state of the devices, as well as reconfiguring routing policies and packet filtering rules in scenarios of cyber attacks. Moreover, it provides an interface of interaction with the network admin to deliver data regarding the state of the security equipment and the connection between them, enhancing traffic flow analysis and preventive implementation of traffic filtering rules in Firewalls. As for technologies, these changes in the machines were designed to be implemented in IPTables and NFTables to be compatible with most Linux distributions. The monitoring and reconfiguration process was automated with Python scripts and SSH connections. The whole testing scenario was developed while being simulated with GNS3 and Virtualbox, interacting with a physical computer hosting the system. All functionalities defined along the document were tested and showed positive results.Atualmente, devido ao crescente número de ataques informáticos e conhecimento geral do mundo digital, existe uma necessidade urgente de aprimorar medidas de segurança informática. Algumas destas medidas passam por implementar mecanismos de monitorização da rede. Esta dissertação aborda um sistema de segurança que implementa um mecanismo semelhante, com capacidade de prevenção e reação a possíveis falhas. Foca-se na implementação de uma solução Open-Source com vista a prevenir ataques DDoS e adaptar uma rede a dificuldades vividas em realtime, através de configurações inteligentes de equipamento de segurança como Load-Balancers e Firewalls. O sistema é capaz de monitorizar periodicamente o estado destas máquinas, bem como reconfigurar poltíticas de encaminhamento e regras de filtro de tráfego em cenários de falha de funcionamento de equipamento devido a ciber ataques. Mais ainda, providencia uma interface de interação com o administrador de rede para fornecer dados acerca de cada máquina e das ligações que constituem a infrastrutura de segurança, potenciando uma análise dos fluxos de tráfego e aplicação de regras de filtragem em Firewalls. No que toca a tecnologias, foram preparadas configurações tanto em IPTables como NFTables, com vista a ser compatível com o maio número de distribuições de Linux possível. O processo de monitorização e a implementação novas regras é automatizado através da linguagem Python e ligações SSH. O cenário de testes foi simulado em máquinas virtuais através dos softwares VirtualBox e GNS3, interagindo com o sistema implementado num computador real, e todas as funcionalidades definidas ao longo do documento poderam ser testadas com resultados positivos.Mestrado em Engenharia de Computadores e Telemátic

    Performance Evaluation of a Field Programmable Gate Array-Based System for Detecting and Tracking Peer-to-Peer Protocols on a Gigabit Ethernet Network

    Get PDF
    Recent years have seen a massive increase in illegal, suspicious, and malicious traffic traversing government and military computer networks. Some examples include illegal file distribution and disclosure of sensitive information using the BitTorrent file sharing protocol, criminals and terrorists using Voice over Internet Protocol (VoIP) technologies to communicate, and foreign entities exfiltrating sensitive data from government, military, and Department of Defense contractor networks. As a result of these growing threats, the TRacking and Analysis for Peer-to-Peer (TRAPP) system was developed in 2008 to detect BitTorrent and VoIP traffic of interest. The TRAPP system, designed on a Xilinx Virtex-II Pro Field Programmable Gate Array (FPGA) proved valuable and effective in detecting traffic of interest on a 100 Mbps network. Using concepts and technology developed for the TRAPP system, the TRAPP-2 system is developed on a Xilinx ML510 FPGA. The goals of this research are to evaluate the performance of the TRAPP-2 system as a solution to detect and track malicious packets traversing a gigabit Ethernet network. The TRAPP-2 system detects a BitTorrent, Session Initiation Protocol (SIP), or Domain Name System (DNS) packet, extracts the payload, compares the data against a hash list, and if the packet is suspicious, logs the entire packet for future analysis. Results show that the TRAPP-2 system captures 95.56% of BitTorrent, 20.78% of SIP INVITE, 37.11% of SIP BYE, and 91.89% of DNS packets of interest while under a 93.7% network utilization (937 Mbps). For another experiment, the contraband hash list size is increased from 1,000 to 131,072,000 unique items. The experiment reveals that each doubling of the hash list size results in a mean increase of approximately 16 central processing unit cycles. These results demonstrate the TRAPP-2 system’s ability to detect traffic of interest under a saturated network utilization while maintaining large contraband hash lists
    • …
    corecore