A Survey of Automatic Protocol Reverse Engineering Approaches, Methods, and Tools on the Inputs and Outputs View

A network protocol defines rules that control communications between two or more machines on the Internet, whereas Automatic Protocol Reverse Engineering (APRE) defines the way of extracting the structure of a network protocol without accessing its specifications. Enough knowledge on undocumented protocols is essential for security purposes, network policy implementation, and management of network resources. This paper reviews and analyzes a total of 39 approaches, methods, and tools towards Protocol Reverse Engineering (PRE) and classifies them into four divisions, approaches that reverse engineer protocol finite state machines, protocol formats, and both protocol finite state machines and protocol formats to approaches that focus directly on neither reverse engineering protocol formats nor protocol finite state machines. The efficiency of all approaches’ outputs based on their selected inputs is analyzed in general along with appropriate reverse engineering inputs format. Additionally, we present discussion and extended classification in terms of automated to manual approaches, known and novel categories of reverse engineered protocols, and a literature of reverse engineered protocols in relation to the seven layers’ OSI (Open Systems Interconnection) model

Telecommunication Systems

This book is based on both industrial and academic research efforts in which a number of recent advancements and rare insights into telecommunication systems are well presented. The volume is organized into four parts: "Telecommunication Protocol, Optimization, and Security Frameworks", "Next-Generation Optical Access Technologies", "Convergence of Wireless-Optical Networks" and "Advanced Relay and Antenna Systems for Smart Networks." Chapters within these parts are self-contained and cross-referenced to facilitate further study

MedLAN: Compact mobile computing system for wireless information access in emergency hospital wards

This thesis was submitted for the degree of Doctor of Philosophy and awarded by Brunel University.As the need for faster, safer and more efficient healthcare delivery increases, medical consultants seek new ways of implementing a high quality telemedical system, using innovative technology. Until today, teleconsultation (the most common application of Telemedicine) was performed by transferring the patient from the Accidents and Emergency ward, to a specially equipped room, or by moving large and heavy machinery to the place where the patient resided. Both these solutions were unpractical, uneconomical and potentially dangerous. At the same time wireless networks became increasingly useful in point-of-care areas such as hospitals, because of their ease of use, low cost of installation and increased flexibility. This thesis presents an integrated system called MedLAN dedicated for use inside the A&E hospital wards. Its purpose is to wirelessly support high-quality live video, audio, high-resolution still images and networks support from anywhere there is WLAN coverage. It is capable of transmitting all of the above to a consultant residing either inside or outside the hospital, or even to an external place, thorough the use of the Internet. To implement that, it makes use of the existing IEEE 802.11b wireless technology. Initially, this thesis demonstrates that for specific scenarios (such as when using WLANs), DICOM specifications should be adjusted to accommodate for the reduced WLAN bandwidth. Near lossless compression has been used to send still images through the WLANs and the results have been evaluated by a number of consultants to decide whether they retain their diagnostic value. The thesis further suggests improvements on the existing 802.11b protocol. In particular, as the typical hospital environment suffers from heavy RF reflections, it suggests that an alternative method of modulation (OFDM) can be embedded in the 802.11b hardware to reduce the multipath effect, increase the throughput and thus the video quality sent by the MedLAN system. Finally, realising that the trust between a patient and a doctor is fundamental this thesis proposes a series of simple actions aiming at securing the MedLAN system. Additionally, a concrete security system is suggested, that encapsulates the existing WEP security protocol, over IPSec

Analyzing Network Protocols of Application Layer Using Hidden Semi-Markov Model

With the rapid development of Internet, especially the mobile Internet, the new applications or network attacks emerge in a high rate in recent years. More and more traffic becomes unknown due to the lack of protocol specifications about the newly emerging applications. Automatic protocol reverse engineering is a promising solution for understanding this unknown traffic and recovering its protocol specification. One challenge of protocol reverse engineering is to determine the length of protocol keywords and message fields. Existing algorithms are designed to select the longest substrings as protocol keywords, which is an empirical way to decide the length of protocol keywords. In this paper, we propose a novel approach to determine the optimal length of protocol keywords and recover message formats of Internet protocols by maximizing the likelihood probability of message segmentation and keyword selection. A hidden semi-Markov model is presented to model the protocol message format. An affinity propagation mechanism based clustering technique is introduced to determine the message type. The proposed method is applied to identify network traffic and compare the results with existing algorithm

Marine data collection based on embedded system with wired and wireless transmission

A great interest of boat manufacturers is to improve their products by knowing how the boats are used after sale. In order to gather information about the condition of usages, a system needs to be developed in order to collect data from different marine electronics mounted on the boat. Through this thesis work, we developed such data collecting system for leisure boats which support CAN Bus the message-based protocol. The data collection system has been developed and installed on a Linux-based embedded system connected to the CAN Bus network through a gateway in our laboratory. Through the data collection system, all data generated from different marine electronics in the network can be captured, filtered, transmitted, displayed and then stored in the system. For data transmission and access, we have implemented three methods through wired or wireless networks, i.e., the fixed Internet, 3G/LTE cellular networks and Wi-Fi networks. Furthermore, the prototype implementation has been extensively tested in both lab and real-life environment

FILE SHARING IN AD HOC NETWORKS

mobile ad-hoc network (MANET) is a self-configuring network of mobile routers and associated hosts connected by wireless links, the union of which form an arbitrary topology. The routers are free to move randomly and organise themselves arbitrarily; thus, the network's wireless topology may change rapidly and unpredictably. The network is currently applied in many areas suchas for military purposes, in hospitals, campuses and offices. First of all, the scope of study of this projectwas to understand current wireless standards, the nature of mobile ad hoc networks, the advantages and disadvantages to it. The next step was to understand the requirements of file sharing application in such networks. One of the challenges in MANET is the routing protocol. The Ad Hoc On Demand Distance Vector (AODV) routing protocol was chosen and simulated in a hospital scenario whereby patients' records are constantly uploaded and downloaded by doctors and nurses using mobile devices. The scenario was simulated usingOMNeT++ which is an open source software

Wireless triple play system

Dissertação para obtenção do Grau de Mestre em Engenharia Electrotécnica e ComputadoresTriple play is a service that combines three types of services: voice, data and multimedia over a single communication channel for a price that is less than the total price of the individual services. However there is no standard for provisioning the Triple play services, rather they are provisioned individually, since the requirements are quite different for each service. The digital revolution helped to create and deliver a high quality media solutions. One of the most demanding services is the Video on Demand (VoD). This implicates a dedicated streaming channel for each user in order to provide normal media player commands (as pause, fast forward). Most of the multimedia companies that develops personalized products does not always fulfil the users needs and are far from being cheap solutions. The goal of the project was to create a reliable and scalable triple play solution that works via Wireless Local Area Network (WLAN), fully capable of dealing with the existing state of the art multimedia technologies only resorting to open-source tools. This project was design to be a transparent web environment using only web technologies to maximize the potential of the services. HyperText Markup Language (HTML),Cascading Style Sheets (CSS) and JavaScript were the used technologies for the development of the applications. Both a administration and user interfaces were developed to fully manage all video contents and properly view it in a rich and appealing application, providing the proof of concept. The developed prototype was tested in a WLAN with up to four clients and the Quality of Service (QoS) and Quality of Experience (QoE) was measured for several combinations of active services. In the end it is possible to acknowledge that the developed prototype was capable of dealing with all the problems of WLAN technologies and successfully delivery all the proposed services with high QoE

Best Practices in Wireless Emergency Alerts

This material is based on work funded and supported by Department of Homeland Security and is also available at FirstResponder.gov in the Technology Documents Library. This report presents four best practices for the Wireless Emergency Alerts (WEA) program. These best practices were identified through interviews with emergency management agencies across the United States. The WEA "Go Live" Checklist identifies key steps that an emergency management agency should perform when implementing WEA in a local jurisdiction and provides guidance for completing each action. The WEA Training and Drilling Guide identifies the steps for preparing staff to use WEA and includes suggestions shared by alerting authorities that have implemented WEA. The WEA Governance Guide identifies steps for using or preparing to use WEA to ensure coordination between participating alerting agencies. The WEA Cybersecurity Risk Management (CSRM) Strategy describes a strategy that alert originators can use throughout WEA adoption, operations, and sustainment, as well as a set of governance activities for developing a plan to execute the CSRM. Because best practices will evolve as WEA matures and becomes more widely used, an appendix provides information on how a best practice–driven organization can search for best practices, adapt them to the local context, and adopt them for everyday use

Rethinking Anticircumvention\u27s Interoperability Policy

Interoperability is widely touted for its ability to spur incremental innovation, increase competition and consumer choice, and decrease barriers to accessibility. In light of these attributes, intellectual property law generally permits follow-on innovators to create products that interoperate with existing systems, even without permission. The anticircumvention provisions of the Digital Millennium Copyright Act ( DMCA ) represent a troubling departure from this policy, resulting in patent-like rights to exclude technologies that interoperate with protected platforms. Although the DMCA contains internal safeguards to preserve interoperability, judicial misinterpretation and narrow statutory text render those safeguards largely ineffective. One approach to counteracting the DMCA\u27s restrictions on interoperability is to rely on antitrust scrutiny and the resulting mandatory disclosure of technical information. But both doctrinal and policy considerations suggest that antitrust offers a less than ideal means of lessening the DMCA\u27s impact on interoperability. Rather than relying on antitrust, this Article proposes a solution that addresses the restriction of interoperability at its source. This approach broadens the DMCA\u27s existing interoperability exemption to create an environment more hospitable to interoperable technologies. To preserve the protections the DMCA offers copyright holders, this expanded exemption would disaggregate control over interoperable software and devices from the control over access and copying that Congress intended the DMCA to enable