Ein analytisches Framework zur Bewertung der Zuverlässigkeit und Security von fortschrittlichen Netzwerk Systemen

Today, anonymous networks such as The Onion Routing (Tor) have been designed to ensure anonymity, privacy and censorship prevention, which have become major concerns in modern society. Although the Tor network provides layered encryption and traffic tunneling against eavesdropping attacks, the jamming attacks and their impact on the network and network services can not be efficiently handled today. Moreover, to defy modern censorship, it is not enough just to use the Tor network to hide the client's identity and the message content as the censorship has become a type of jamming attack, which prevents users from connecting to the censored network nodes by blocking or jamming (Tor) traffic. In network security, the main tools to protect privacy and anonymity as well as integrity and service reliability against eavesdropping and jamming, respectively, are diversity, randomness, coding or encryption and over-provisioning, all less exploit in traditional networks. This thesis provides radical new network concepts to address the needs of traditional networks for privacy, anonymity, integrity, and reliability; and designs \emph{advanced network systems} based on parallel transmission, random routing, erasure coding and redundant configurations as tools to offer diversity, randomness, coding and over-provisioning. Since the network systems designed in this thesis can not be evaluated with existing analytical models due to their rather complex configurations, the main focus of this work is a development of novel analytical approaches for evaluation of network performance, reliability and security of these systems and to show their practicality. The provided analysis is based on combinatorics, probability and information theory. In contrast to current reliability models, the analysis in this thesis takes into account the sharing of network components, heterogeneity of software and hardware, and interdependence between failed components. The significant property of the new security analysis proposed is the ability to assess the level of privacy, anonymity, integrity and censorship success when multiple jamming and eavesdropping adversaries reside in the network.Derzeit werden anonyme Internet Kommunikationssysteme, wie The Onion Routing (Tor), verwendet, um die Anonymität, die Privatsphäre und die Zensurfreiheit der Internetnutzer zu schützen. Obwohl das Tor-Netzwerk einen Schutz vor Lauschangriffe (Eavesdropping) bietet, kann ein beabsichtigtes Stören (Jamming) der Übertragung und den daraus resultierenden Auswirkungen auf die Netzwerkfunktionen derzeit nicht effektiv abgewehrt werden. Auch das moderne Zensurverfahren im Internet stellt eine Art des Jammings dar. Deswegen kann das Tor Netzwerk zwar die Identität der Tor-Nutzer und die Inhalte ihrer Nachrichten geheim halten, die Internetzensur kann dadurch nicht verhindert werden. Um die Netzwerksicherheit und insbesondere Anonymität, Privatsphäre und Integrität zusammen mit der Verfügbar.- und Zuverlässigkeit von Netzwerkservices zu gewährleisten, sind Diversität, Zufallsprinzip, Codierung (auch Verschlüsselung) und eine Überversorgung, die in den konventionellen Netzwerksystemen eher sparsam angewendet werden, die wichtigsten Mittel gegen Security-Angriffe. Diese Arbeit befasst sich mit grundlegend neuen Konzepten für Kommunikationsnetze, die einen Schutz der Anonymität und der Privatsphäre im Internet bei gleichzeitiger Sicherstellung von Integrität, Verfügbarkeit und Zuverlässigkeit ermöglichen. Die dabei verwendeten Konzepte sind die parallele Datenübertragung, das Random Routing, das Erasure Coding und redundante Systemkonfigurationen. Damit sollen Diversität, Zufallsprinzip, Codierung und eine Überversorgung gewährleistet werden. Da die entwickelten Übertragungssysteme komplexe Strukturen und Konfigurationen aufweisen, können existierende analytische Modelle nicht für eine fundierte Bewertung angewendet werden. Daher ist der Schwerpunkt dieser Arbeit neue analytische Verfahren für eine Bewertung von unterschiedlichen Netzwerkleistungsparametern, Zuverlässigkeit und Security zu entwickeln und die Praxistauglichkeit der in der Arbeit aufgeführten neuen Übertragungskonzepte zu beurteilen. Im Gegensatz zu existierenden Zuverlässigkeitsmodellen berücksichtigt der analytische Ansatz dieser Arbeit die Vielfalt von beteiligten Netzwerkkomponenten, deren komplexe Zusammenhänge und Abhängigkeiten im Fall eines Ausfalls

NIDS in Airgapped LANs--Does it Matter?

This paper presents an assessment of the methods and benefits of adding network intrusion detection systems (NIDS) to certain high-security airgapped isolated local area networks. The proposed network architecture was empirically tested via a series of simulated network attacks on a virtualized network. The results show an improvement of double the chances of an analyst receiving a specific, appropriately-severe alert when NIDS is implemented alongside host-based measures when compared to host-based measures alone. Further, the inclusion of NIDS increased the likelihood of the analyst receiving a high-severity alert in response to the simulated attack attempt by four times when compared to host-based measures alone. Despite a tendency to think that networks without cross-boundary traffic do not require boundary defense measures, such measures can significantly improve the efficiency of incident response operations on such networks

Network Infrastructures in the Dark Web

With the appearance of the Internet, open to everyone in 1991, criminals saw a big opportunity in moving their organisations to the World Wide Web, taking advantage of these infrastructures as it allowed higher mobility and scalability. Later on, in the year 2000, the first system appeared, creating what is known today as the Dark Web. This layer of the World Wide Web became quickly the option to go when criminals wanted to sell and deliver content such as match-fixing, children pornography, drugs market, guns market, etc. This obscure side of the Dark Web, makes it a relevant topic to study in order to tackle this huge network and help to identify these malicious activities and actors. In this master thesis, it is shown through the study of two datasets from the Dark Web, that we are surrounded by capable technologies that can be applied to these types of problems in order to increase our knowledge about the data and reveal interesting characteristics in an interactive and useful way. One dataset has 10 000 relations from domains living in the Dark Web, and the other dataset has thousands of data from just 11 specific domains from the Dark Web. We reveal detailed information about each dataset by applying di↵erent analysis and data mining algorithms. For the first dataset we studied domains availability patterns with temporal analysis, we categorised domains with machine learning neural networks and we reveal the network topology and nodes relevance with social networks analysis and core-periphery model. Regarding the second dataset, we created a cross matching information web graph and applied a name entity recognition algorithm which ended in a tool for identifying entities within dark web’s domains. All of these approaches culminated in an interactive web application where we publicly not only display the entire research but also the tools developed along with the project (https://darkor.org).Com o surgimento da Internet, aberta a todos em 1991, os criminosos viram uma grande oportunidade em passar as suas organizações para a World Wide Web, aproveitando-se assim dessas infraestruturas que permitiam uma maior mobilidade e escalabilidade. Mais tarde, no ano 2000, surgiu o primeiro sistema, criando o que hoje é conhecido como a Dark Web. Essa camada da World Wide Web tornou-se rapidamente a opção a seguir quando os criminosos queriam vender e entregar conteúdo como combinação de resultados, pornografia infantil, mercado de drogas, mercado de armas, etc. Este lado obscuro da Dark Web, torna-a num tema relevante de estudo a fim de ajudar a identificar atividades e atores maliciosos. Nesta dissertação de mestrado é mostrado, através do estudo de dois conjuntos de dados da Dark Web, que estamos rodeados de tecnologias que podem ser aplicadas neste tipo de problemas de forma a aumentar o nosso conhecimento sobre os dados e revelar características interessantes de forma interativa e útil. Um conjunto de dados tem 10 000 relações de domínios que vivem na Dark Web enquanto que o outro conjunto de dados tem milhares de dados de apenas 11 domínios específicos da Dark Web. Neste estudo revelamos informações detalhadas sobre cada conjunto de dados aplicando diferentes análises e algoritmos de data mining. Para o primeiro conjunto de dados, estudamos padrões de disponibilidade de domínios com análise temporal, categorizamos domínios com o auxílio de redes neuronais e revelamos a topologia da rede e a relevância dos nós com análise de redes sociais e a aplicação de um modelo núcleo-periferia. Em relação ao segundo conjunto de dados, criamos um grafo da rede com cruzamento de dados e aplicamos um algoritmo de reconhecimento de entidades que resultou em uma ferramenta para identificar entidades dentro dos domínios da Dark Web estudados. Todas estas abordagens culminaram em uma aplicação web interativa onde exibimos publicamente não apenas todo o estudo, mas também as ferramentas desenvolvidas ao longo do projeto (https://darkor.org)

Architectural optimization results for a network of earth-observing satellite nodes

Earth observation satellite programs are currently facing, for some applications, the need to deliver hourly revisit times, sub-kilometric spatial resolutions and near-real-time data access times. These stringent requirements, combined with the consolidation of small-satellite platforms and novel distributed architecture approaches, are stressing the need to study the design of new, heterogeneous and heavily networked satellite systems that can potentially replace or complement traditional space assets. In this context, this paper presents partial results from ONION, a research project devoted to study distributed satellite systems and their architecting characteristics. A design-oriented framework that allows selecting optimal architectures for a given user needs is presented in this paper. The framework has been used in the study of a strategic use-case and its results are hereby presented. From an initial design space of 5586 unique architectures, the framework has been able to pre-select 28 candidate designs by an exhaustive analysis of their performance and by quantifying their quality attributes. This very exploration of architectures and the characteristics of the solution space, are presented in this paper along with the selected solution and the results of a detailed performance analysis.Postprint (published version

Gaps analysis and requirements specification for the evolution of Copernicus system for polar regions monitoring: addressing the challenges in the horizon 2020-2030

This work was developed as part of the European H2020 ONION (Operational Network of Individual Observation Nodes) project, aiming at identifying the technological opportunity areas to complement the Copernicus space infrastructure in the horizon 2020–2030 for polar region monitoring. The European Earth Observation (EO) infrastructure is assessed through of comprehensive end-user need and data gap analysis. This review was based on the top 10 use cases, identifying 20 measurements with gaps and 13 potential EO technologies to cover the identified gaps. It was found that the top priority is the observation of polar regions to support sustainable and safe commercial activities and the preservation of the environment. Additionally, an analysis of the technological limitations based on measurement requirements was performed. Finally, this analysis was used for the basis of the architecture design of a potential polar mission.Peer ReviewedPostprint (published version