Performance Test Suite for MIT Kerberos

Tato práce se zaměřuje na vyvinutí nástrojů pro výkonnostní testování, které umožní otestovat infrastrukturu systému MIT Kerberos, zjistit její výkonnostní charakteristiky a detekovat potenciální problémy. Práce shrnuje teoretické základy protokolu Kerberos a analyzuje potenciální výkonnostní problémy v různých konfiguracích MIT Kerberosu. Dále práce obsahuje popis návrhu a implementace sady nástrojů pro distribuované testování. Pomocí implementovaných nástrojů bylo odhaleno několik výkonnostních problémů, které jsou v práci popsány spolu s návrhem jejich řešení.The aim of this thesis is to develop performance test suite, which will enable to test MIT Kerberos system infrastructure, assess gained performance characteristics and detect potential bottlenecks. This thesis summarizes necessary theoretical background of Kerberos protocol. Potential performance problems are analyzed on different MIT Kerberos configurations. This thesis describes distributed test suite design and implementation. Several performance problems were discovered using this test suite. These problems are described and some solutions are proposed.

Guidelines for Specifying the Use of IPsec Version 2

The Security Considerations sections of many Internet Drafts say, in effect, "just use IPsec". While this is sometimes correct, more often it will leave users without real, interoperable security mechanisms. This memo offers some guidance on when IPsec Version 2 should and should not be specified

Encaminhamento e segurança em redes veiculares

Mestrado em Engenharia Electrónica e TelecomunicaçõesThe growing research in vehicular network solutions provided the rise of interaction in these highly dynamic environments in the market. The developed architectures do not usually focus, however, in security aspects. Common security strategies designed for the Internet require IP. Since nodes' addresses in a vehicular network are too dynamic, such solutions would require cumbersome negotiations, which would make them unsuitable to these environments. The objective of this dissertation is to develop, and test a scalable, lightweight, layer 3 security protocol for vehicular networks, in which nodes of the network are able to set up long-term security associations with a Home Network, avoiding session renegotiations due to lack of connectivity and reduce the protocol stacking. This protocol allows to provide security independent of the nodes (vehicles) position, of its addressing and of the established path to access the Internet, allowing the mobility of vehicles and of its active sessions seamlessly without communication failures.O crescimento da investigação em redes veiculares provocou o aumento da interação nestes ambientes muito dinâmicos no mercado. As arquiteturas desenvolvidas não se focam, no entanto, na segurança. Estratégias comuns de segurança para a Internet, requerem sessões baseadas no IP. Como os endereços dos nós numa rede veicular, e a sua localização e caminhos até à Internet, são muito dinâmicos, as soluções já desenvolvidas para outro tipo de redes iriam requerer renegociações que teriam um grande impacto no desempenho destes ambientes. O objetivo desta dissertação será, portanto, desenvolver e testar um protocolo de segurança implementado na camada 3 para redes veiculares, que seja escalável e leve, em que os nós da rede conseguirão estabelecer associações de segurança de longa duração com a Home Network, evitando renegociações devidas à falta de conectividade, e reduzir o overhead devido ao empilhamento protocolar. Este protocolo permite ter segurança independentemente da posição dos nós (os veículos), do seu endereçamento e do caminho estabelecido para o acesso à Internet, permitindo assim mobilidade dos veículos e das sessões ativas de forma transparente sem falhas na comunicação

Building mobile L2TP/IPsec tunnels

Wireless networks introduce a whole range of challenges to the traditional TCP/IP network, especially Virtual Private Network (VPN). Changing IP address is a difficult issue for VPNs in wireless networks because IP addresses are used as one of the identifiers of a VPN connection and the change of IP addresses will break the original connection. The current solution to this problem is to run VPN tunnels over Mobile IP (MIP). However, Mobile IP itself has significant problems in performance and security and that solution is inefficient due to double tunneling. This thesis proposes and implements a new and novel solution on simulators and real devices to solve the mobility problem in a VPN. The new solution adds mobility support to existing L2TP/IPsec (Layer 2 Tunneling Protocol/IP Security) tunnels. The new solution tunnels Layer 2 packets between VPN clients and a VPN server without using Mobile IP, without incurring tunnel-re-establishment at handoff, without losing packets during handoff, achieves better security than current mobility solutions for VPN, and supports fast handoff in IPv4 networks. Experimental results on a VMware simulation showed the handoff time for the VPN tunnel to be 0.08 seconds, much better than the current method which requires a new tunnel establishment at a cost of 1.56 seconds. Experimental results with a real network of computers showed the handoff time for the VPN tunnel to be 4.8 seconds. This delay was mainly caused by getting an IP address from DHCP servers via wireless access points (4.6 seconds). The time for VPN negotiation was only 0.2 seconds. The experimental result proves that the proposed mobility solution greatly reduces the VPN negotiation time but getting an IP address from DHCP servers is a large delay which obstructs the real world application. This problem can be solved by introducing fast DHCP or supplying an IP address from a new wireless access point with a strong signal while the current Internet connection is weak. Currently, there is little work on fast DHCP and this may open a range of new research opportunities

Authentication in Protected Core Networking

Protected Core Networking (PCN) is a concept that aims to increase information sharing between nations in coalition military operations. PCN specifies the interconnection of national transport networks, called Protected Core Segments (PCSs), to a federated transport network called Protected Core (PCore). PCore is intended to deliver high availability differentiated transport services to its user networks, called Colored Clouds (CCs). To achieve this goal, entity authentication of all connecting entities is specified as a protective measure. In resource constrained environments, the distribution of service policy can be challenging. That is, which transport services are associated with a given entity. The thesis proposes two new and original protocols where CCs push service policy to the network by performing authentication based on attributes. Using identity-based signatures, attributes constituting a service policy are used directly for an entity's identity, and no external mechanism linking identity and policy is needed. For interoperability, the idea has been incorporated into PKINIT Kerberos and symmetric key Kerberos by carrying the authorized attributes within tickets. The proposed protocols are formally verified in the symbolic model using scyther-proof. The experiment shows that both CCs, and PCSs achieve greater assurance on agreed attributes, and hence on expected service delivery. A CC and a visiting PCS are able to negotiate, and agree on the expected service depending on the situation. The proposed solution provides benefits to CCs on expected service when connecting to a visiting PCS, with poor connectivity to the home PCS. In that respect, interconnection of entities with little pre-established relationship is simplified, and hence fulfillment of the PCN concept is facilitated

{SoK}: {An} Analysis of Protocol Design: Avoiding Traps for Implementation and Deployment

Today's Internet utilizes a multitude of different protocols. While some of these protocols were first implemented and used and later documented, other were first specified and then implemented. Regardless of how protocols came to be, their definitions can contain traps that lead to insecure implementations or deployments. A classical example is insufficiently strict authentication requirements in a protocol specification. The resulting Misconfigurations, i.e., not enabling strong authentication, are common root causes for Internet security incidents. Indeed, Internet protocols have been commonly designed without security in mind which leads to a multitude of misconfiguration traps. While this is slowly changing, to strict security considerations can have a similarly bad effect. Due to complex implementations and insufficient documentation, security features may remain unused, leaving deployments vulnerable. In this paper we provide a systematization of the security traps found in common Internet protocols. By separating protocols in four classes we identify major factors that lead to common security traps. These insights together with observations about end-user centric usability and security by default are then used to derive recommendations for improving existing and designing new protocols---without such security sensitive traps for operators, implementors and users

{SoK}: {An} Analysis of Protocol Design: Avoiding Traps for Implementation and Deployment

Today's Internet utilizes a multitude of different protocols. While some of these protocols were first implemented and used and later documented, other were first specified and then implemented. Regardless of how protocols came to be, their definitions can contain traps that lead to insecure implementations or deployments. A classical example is insufficiently strict authentication requirements in a protocol specification. The resulting Misconfigurations, i.e., not enabling strong authentication, are common root causes for Internet security incidents. Indeed, Internet protocols have been commonly designed without security in mind which leads to a multitude of misconfiguration traps. While this is slowly changing, to strict security considerations can have a similarly bad effect. Due to complex implementations and insufficient documentation, security features may remain unused, leaving deployments vulnerable. In this paper we provide a systematization of the security traps found in common Internet protocols. By separating protocols in four classes we identify major factors that lead to common security traps. These insights together with observations about end-user centric usability and security by default are then used to derive recommendations for improving existing and designing new protocols---without such security sensitive traps for operators, implementors and users

Towards a model for ensuring optimal interoperability between the security systems of trading partners in a business-to-business e-commerce context

A vast range of controls/countermeasures exists for implementing security on information systems connected to the Internet. For the practitioner attempting to implement an integrated solution between trading partners operating across the Internet, this has serious implications in respect of interoperability between the security systems of the trading partners. The problem is exacerbated by the range of specification options within each control. This research is an attempt to find a set of relevant controls and specifications towards a framework for ensuring optimal interoperability between trading partners in this context. Since a policy-based, layered approach is advocated, which allows each trading partner to address localized risks independently, no exhaustive risk analysis is attempted. The focus is on infrastructure that is simultaneously optimally secure and provides optimal interoperability. It should also be scalable, allowing for additional security controls to be added whenever deemed necessary.ComputingM. Sc. (Information Systems

Improving and distributing key management on mobile networks

We address the problem of mobile network key management and authentication that negatively affects the handoff performance, adds overhead to the system in terms of key exchange signaling, authentication, and key distribution. We aim to improve the efficiency of the key management subsystem and to reduce investment pressure on core network elements. We address all these problems successfully. Our novel SKC key management mechanism is the best key management mechanism among the ones we found in reducing signaling load from the KD and making the mobility system independent of the AP-KD link delay. It is a significant contribution to the mobile network key management with fast handoffs when separate keys for APs are required and has many useful applications. Our novel receiver and sender ID binding protocol with symmetric keys is new and shows analogy with Identity Based Cryptography. It is a generalization of the identity binding that SKC is using. Furthermore, our distributed AAA architecture with SKC, certificates, and hardware-based security is a disruptive proposal and show how the mobile network KD can be distributed to the edge nodes. Our quantitative analysis and comparison of SKC and LTE key management is new and not seen before. Our research affected the LTE Security standardization and contributes to the research and development of home base stations, community and municipal Wi-Fi access points