Contextually and identity aware 5G services

This thesis was submitted for the degree of Doctor of Philosophy and awarded by Brunel University LondonThe fifth generation (5G) mobile networks aim to be ten times faster than the existing 4G connection, whilst providing low latency, and flexibility. Hence, various alterations are planned to the existing network infrastructure to be able to reach the 5G expected performance levels. The main technologies that were used, to ensure high performance, flexible network, and efficient resource allocation, are Software Defined Network and Network Function Virtualization. As these technologies are replacing the device-based architecture with, a service-based architecture. This thesis provides a design of location database interactive web interface and interactive mobile application. The implementation of real time video streaming location server, the streaming system's performance parameters demonstrated a high level of QoS (0.07ms jitter and 9.53ms delay). In regard to experimental examination, it measured the localisation coverage, accuracy measurements and a highly scalable security solution. The localisation coverage and accuracy measurements were achieved through the mmWave and VLC link transmitters. The proposed simulated annealing algorithm aimed at data optimisation for location measurements accuracy showed results of the average location error of x and y which showed significant improvement from x= 22.5 and y=21.6 to x=11.09 and y= 11.63. The proposed indoor location security solution showed significant results, as it provides a high scalability solution using the VNF. The solution showed that it was not 100% effective, as some of the fake discover packets still reached the DHCP server. This was due to the high load of traffic passing through the network. Nonetheless, 90% of the fake DHCP discover packets never reached the DHCP server because the scripts began blocking all fake discover packets after realising it was an attack. This conveys that the proposed system was able to run successfully without crashing or overloading the controller. Overall, the main challenges facing 5G have been addressed with their proposed solutions, which showed promising results. Conclusively showing that there is a lot more space for technological advancements to support the future of mobile networks.European Union’s Horizon 2020 research program - the Internet of Radio-Light (IoRL) project H2020-ICT 761992

Segurança de TI na Prefeitura Municipal de Lajeado: a camada de enlace de dados da rede local

O desenvolvimento e abrangência das redes de computadores atualmente refletem na imprescindibilidade da segurança destas para evitar as mais variadas formas de ameaças e ataques que podem causar grandes prejuízos nas organizações. A presente proposta consiste na avaliação das ameaças associadas às redes de acesso local, considerando a camada de enlace de dados do modelo de referência RM-OSI/ISO. Com base nesta avaliação inicial, são produzidos ataques na infraestrutura de rede da Prefeitura Municipal de Lajeado, visando a identificação das principais vulnerabilidades de cada ameaça e também as possíveis alternativas de mitigação. Para esse propósito são considerados ataques de falsificação de endereço MAC (MAC spoofing), MAC address table overflow, ataques ao serviço DHCP (dentre eles o DHCP starvation e o rogue DHCP server), ataque ao protocolo ARP (ARP spoofing), ataque ao spanning tree, tempestade de broadcast e ataque de VLAN hopping utilizando switch spoofing e double tagging. São propostas e aplicadas soluções eficazes de contramedida para cada ataque realizado com sucesso. Por fim, é realizada uma análise de eficiência das contramedidas, apresentando os resultados dessa implementação e comprovando que ocorreu um aumento na segurança da rede.The development and coverage of the currently computer networks reflects the indispensability of these security to prevent the several forms of threats and attacks which can cause huge losses in organizations. The present proposal consists of the evaluation of the threats associated to local access networks, considering the data link layer of the RM-OSI/ISO reference model. Based on this initial evaluation, attacks are generated on the Lajeado City Hall network infrastructure, aiming to identify the main vulnerabilities of each threat and also possible mitigation alternatives. For this purpose are considered MAC spoofing attacks, MAC address table overflow, DHCP service attacks (including DHCP starvation and rogue DHCP server), attack on the ARP protocol (ARP spoofing), spanning tree attack, broadcast storm and VLAN hopping attack using switch spoofing and double tagging. Effective countermeasure solutions are proposed and applied for each successful attack. Finally, an analysis of the efficiency of the countermeasures is carried out, presenting the results of this implementation and proving that there has been an increase in the security of the network

Packet Filtering Based On Differentiated Services Code Point For DHCP Starvation Attacks Prevention

The use of the internet today has become a necessity, the most commonly used media to connect to the internet is a Wireless LAN network. For easy access to the network, DHCP service become a standard feature that must exist, because ordinary users no longer need to think about procedures for configuring IP addresses, all of which have been done automatically by the DHCP service. But it turns out that there is a security threat to DHCP service, namely DHCP Starvation attacks that can be exhausting the availability of IP addresses in DHCP service so that the configuration of IP address automatically can no longer be done on the client. Various methods such as authentication, cryptography, and machine learning are used by researchers in preventing DHCP Starvation attacks, but the issue of effectiveness and efficiency still opens up further research opportunities. In this research, packet filtering methods based on DSCP code applied to the Netfilter system are used to do prevention of DHCP Starvation attacks, this method has proven to be very effective in making prevention and more efficient when applied on small scale wireless networks such as at office networks and internet cafe.The use of the internet today has become a necessity, the most commonly used media to connect to the internet is a Wireless LAN network. For easy access to the network, DHCP service become a standard feature that must exist, because ordinary users no longer need to think about procedures for configuring IP addresses, all of which have been done automatically by the DHCP service. But it turns out that there is a security threat to DHCP service, namely DHCP Starvation attacks that can be exhausting the availability of IP addresses in DHCP service so that the configuration of IP address automatically can no longer be done on the client. Various methods such as authentication, cryptography, and machine learning are used by researchers in preventing DHCP Starvation attacks, but the issue of effectiveness and efficiency still opens up further research opportunities. In this research, packet filtering methods based on DSCP code applied to the Netfilter system are used to do prevention of DHCP Starvation attacks, this method has proven to be very effective in making prevention and more efficient when applied mainly on small and medium scale networks

Towards a Critical Review of Cybersecurity Risks in Anti-Poaching Systems in South Africa

Information Scienc

Mitigación de vulnerabilidades en la red central de un ISP: Un caso de estudio

Cybersecurity incidents in ISP (Internet Service Provider) infrastructure have grown significantly and it is necessary to identify vulnerabilities that need immediate protection. In this environment, the firewall can filter data packets, analyzing the headers and deciding about the routing of the packet based on the established rules. This device is very essential in an ISP network because it mitigates the vulnerabilities coming from the network, maintaining a higher degree of computer security for your internal network, thus guaranteeing the availability, integrity, and confidentiality of the information. In the case study, a Mikrotik brand infrastructure was selected with a proprietary operating system called RouterOS, which will function as a core router, where the security rules will be applied to your firewall for each type of attack that will be generated against the router. , whether they are internal or external attacks on the network, avoiding causing serious security failures such as being the victim of a DoS (Denial of Service) attack, brute force attacks, etc. As a result, a 50% decrease in CPU consumption was obtained in each attack generated, thus achieving the proper functioning of the network infrastructure and guaranteeing stability and availability of the communications network.Los incidentes de ciberseguridad en infraestructura de ISP (Internet Service Provider) han crecido de manera significativa y es necesario identificar las vulnerabilidades que necesitan una protección inmediata. En este entorno, el firewall tiene la capacidad de filtrar paquetes de datos, analizando las cabeceras y tomando una decisión del encaminamiento del paquete en base a las reglas establecidas. Este dispositivo es muy indispensable en una red ISP, debido a que mitiga las vulnerabilidades provenientes de la red, manteniendo un mayor grado de seguridad informática para su red interna. En el estudio de caso se seleccionó infraestructura de marca Mikrotik con sistema operativo RouterOS para aplicar reglas de seguridad en cada tipo de ataque que ingresa hacia el router de core, evitando causar graves fallas como la denegación del servicio. Como resultado se obtuvo una disminución del 50% del consumo del CPU en cada ataque generado, garantizando la estabilidad y la disponibilidad de la red de comunicaciones

Descriptive Analysis and ANOVA Test with File Sending on Computer Networks Attacked with Rogue's Dynamic Host Configuration Protocol (DHCP)

The requirement for a computer that is physically connected to a computer network is to be able to access existing resources on a computer network in the form of an IP address obtained statically or dynamically. On a static IP address, there are not many problems that arise because it is loaded directly into the computer, while for a dynamic IP address, security problems arise in the form of a dynamic IP address sharing server in the form of DHCP Rogue. The contribution of this research is to detect attacks on a computer network and specifically to find out which computer networks are affected by DHCP rouge-type attacks. The configuration that is added to the first router when the network is hit by a DHCP rogue attack is to configure the main router, in this case, the first router, and the switch used as a connecting device between computers. configuration on both switches is done by snooping trust which is useful for securing IP addresses to avoid IP attackers. This research was conducted to find out if a computer network with a dynamic IP address was attacked by sending files between computers. Files with the longest sending time indicate an attack on the computer network. The method used in this study is the ANOVA test with descriptive-based analysis. Based on the results of the analysis, it is known that the average file transfer time on networks affected by DHCP Rogue is higher than the average file transfer time on normal and mitigated networks, and the significant value of the ANOVA test results has a value of 0.004. In general, it can be concluded that there are differences in data transfer when the network is normal, the network is subject to DHCP Rogue, and the network has been mitigated with DHCP Rogue

Mitigasi Keamanan Dynamic Host Control Protocl (DHCP) Untuk Mengurangi Serangan Pada Local Area Network (LAN)

Keamanan jaringan telah menjadi perhatian lebih karena pesatnya pertumbuhan dan perluasan Internet. Sementara ada beberapa cara untuk memberikan keamanan pada layer application, transport, atau network layers, data link layer (Layer 2) keamanan belum bisa diterapkan secara maksimal. protokol data link layer yang digunakan dalam Local Area Network (LAN) tidak dirancang dengan keamanan yang secara signature. Dynamic Host Control Protocol (DHCP) adalah salah satu jaringan yang paling banyak digunakan untuk konfigurasi host yang bekerja dalam data menghubungkan lapisan. DHCP rentan terhadap sejumlah serangan, seperti serangan DHCP rogue Server, serangan DHCP Starvation, dan serangan DHCP Snooping. Pembahasan prototype terhadap keamanan jaringan yang disebut Mitigasi Keamanan Dynamic Host Control Protocol (DHCP) Untuk Mengurangi Serangan pada Local Area Network (LAN)

Implementing network security at Layer 2 and Layer 3 OSI model

This thesis investigated the features of security devices that would be suitable for implementations in medium to large enterprise networks at the global scale. In the thesis are covered open standard and proprietary security features. The open standard security features that are discussed in the report are the one that are developed by Internet Engineering Task Force – IETF and described in their Request For Comments – RFC. The proprietary features discussed in this report are from Cisco Systems and these features are always implemented in the Cisco Systems equipment. The author at the beginning describes common vulnerabilities, threats and attacks and then used comparative and quantities methodology to analyze the security features and its mitigation. Then in details were analyzed features of Cisco security devices, which operate at layer two and three of the OSI model, as the most commonly used equipment worldwide for securing entire computer networks. Based on their features and technical specifications it is shown that Cisco IOS Firewall feature set and Cisco Adaptive Security Appliance features are suitable for medium to big networks and with a staff that has advanced knowledge of risk security at computer networks. Network security is the process by which digital information assets are protected. The goals of security are to protect confidentiality, maintain integrity, and assure availability. With this in mind, it is imperative that all networks be protected from threats and vulnerabilities in order for a business to achieve its fullest potential. Typically, these threats are persistent due to vulnerabilities, which can arise from misconfigured hardware or software, poor network design, inherent technology weaknesses, or end-user carelessness. With the help of the Packet Tracer simulation software, different features and implementations of security features are tested. Using Packet Tracer software the author has created configuration script for every case used in a designed topology. At the end of the thesis under the Appendixes section is introduced operation of the Packet Tracer and configuration topology that is used throughout this report for the testing purposes

Mitigating Denial-of-Service Attacks on VoIP Environment

IP telephony refers to the use of Internet protocols to provide voice, video, and data in one integrated service over LANs, BNs, MANs, not WANs. VoIP provides three key benefits compared to traditional voice telephone services. First, it minimizes the need fro extra wiring in new buildings. Second, it provides easy movement of telephones and the ability of phone numbers to move with the individual. Finally, VoIP is generally cheaper to operate because it requires less network capacity to transmit the same voice telephone call over an increasingly digital telephone network (FitzGerald & Dennis, 2007 p. 519). Unfortunately, benefits of new electronic communications come with proportionate risks. Companies experience losses resulting from attacks on data networks. There are direct losses like economic theft, theft of trade secrets and digital data, as well as indirect losses that include loss of sales, loss of competitive advantage etc. The companies need to develop their security policies to protect their businesses. But the practice of information security has become more complex than ever. The research paper will be about the major DoS threats the company’s VoIP environment can experience as well as best countermeasures that can be used to prevent them and make the VoIP environment and, therefore, company’s networking environment more secure

IPv6: a new security challenge

Tese de mestrado em Segurança Informática, apresentada à Universidade de Lisboa, através da Faculdade de Ciências, 2011O Protocolo de Internet versão 6 (IPv6) foi desenvolvido com o intuito de resolver alguns dos problemas não endereçados pelo seu antecessor, o Protocolo de Internet versão 4 (IPv4), nomeadamente questões relacionadas com segurança e com o espaço de endereçamento disponível. São muitos os que na última década têm desenvolvido estudos sobre os investimentos necessários à sua adoção e sobre qual o momento certo para que o mesmo seja adotado por todos os players no mercado. Recentemente, o problema da extinção de endereçamentos públicos a ser disponibilizado pelas diversas Region Internet registry – RIRs - despertou o conjunto de entidades envolvidas para que se agilizasse o processo de migração do IPv4 para o IPv6. Ao contrário do IPv4, esta nova versão considera a segurança como um objetivo fundamental na sua implementação, nesse sentido é recomendado o uso do protocolo IPsec ao nível da camada de rede. No entanto, e devido à imaturidade do protocolo e à complexidade que este período de transição comporta, existem inúmeras implicações de segurança que devem ser consideradas neste período de migração. O objetivo principal deste trabalho é definir um conjunto de boas práticas no âmbito da segurança na implementação do IPv6 que possa ser utilizado pelos administradores de redes de dados e pelas equipas de segurança dos diversos players no mercado. Nesta fase de transição, é de todo útil e conveniente contribuir de forma eficiente na interpretação dos pontos fortes deste novo protocolo assim como nas vulnerabilidades a ele associadas.IPv6 was developed to address the exhaustion of IPv4 addresses, but has not yet seen global deployment. Recent trends are now finally changing this picture and IPv6 is expected to take off soon. Contrary to the original, this new version of the Internet Protocol has security as a design goal, for example with its mandatory support for network layer security. However, due to the immaturity of the protocol and the complexity of the transition period, there are several security implications that have to be considered when deploying IPv6. In this project, our goal is to define a set of best practices for IPv6 Security that could be used by IT staff and network administrators within an Internet Service Provider. To this end, an assessment of some of the available security techniques for IPv6 will be made by means of a set of laboratory experiments using real equipment from an Internet Service Provider in Portugal. As the transition for IPv6 seems inevitable this work can help ISPs in understanding the threats that exist in IPv6 networks and some of the prophylactic measures available, by offering recommendations to protect internal as well as customers’ networks