Blockchain to improve security, knowledge and collaboration inter-agent communication over restrict domains of the internet infrastructure, with human interaction / Blockchain para melhorar a segurança, o conhecimento e a colaboração entre os agentes de comunicação sobre domínios restritos da infraestrutura da Internet, com interação humana

This paper describes the development and implementation of a  blockchain to improve security,  knowledge and intel ligence during the communication and col laboration processes between agents under restricted Internet Infrastructure domains. It is a work that proposes the application of a blockchain, independent of platform, in a particular model of agents, but that can be used  in similar proposals, since the results in the specific model were satisfactory. Additional ly, the model al lows interaction and, also, col laboration between humans and agents

Sistema de monitorización y control de conexiones entre Sistemas Autónomos

En las últimas décadas ha aumentado el uso de Internet drásticamente y en paralelo también las relaciones entre Sistemas Autónomos, que son las entidades que constituyen Internet. Sin embargo, a día de hoy los Sistemas Autónomos tienen tantos enlaces, que el tráfico que se envía por ellos es casi imposible de controlar. En este proyecto se estudia la situación actual del entorno tecnológico y se propone un diseño, implementación y despliegue software como solución. En este Trabajo Fin de Grado se desarrolla un sistema que monitoriza y supervisa el tráfico que se intercambia entre Sistemas Autónomos que tienen una relación de tipo peering. Para ello, el sistema deberá controlar dicho tráfico en tiempo real y de forma automática y continua, sin la intervención de ningún ser humano. Además, también será capaz de detectar errores de configuración tanto en el sistema interno de la organización como en organizaciones externas, proponiendo una respuesta rápida como corrección.Azken hamarkadetan, Interneten erabilera nabarmen handitu da, eta era berean, Sistema Autonomoen, Internet osatzen duten entitateen, artekoharremanak. Hori dela eta, gaur egungo enpresek elkar trukatutako trafikoa kontrolatzea ia ezinezkoa da, lotura kantitate handiaren ondorioz. Proiektu honetangaur egungo teknologiaren egoera aztertzen da eta irtenbide gisa software baten diseinua, inplementazioa eta hedapena proposatzen dira. Gradu Amaierako Lan honetan peering motatako harremana duten Sistema Autonomoek trukatzen duten trafikoa monitorizatu eta gainbegiratzen duen sistema garatzen da.Horretarako sistemak trafiko hau denbora errealean eta modu automatiko eta etengabean kontrolatu beharko du, gizakiaren parte hartzerik gabe. Gainera, konfigurazio akatsak antzemateko gai izango da, bai erakundearenbarne-sisteman, zein kanpo erakundeetan, zuzenketa moduan erantzun azkar bat proposatuz.In recent decadesthe use of the Internet has increased significantly and in parallel also the relationshipsbetween Autonomous Systems, which are the entities that constitute Internet. However, nowadays companies have so many links that the traffic sent by them is almost impossible to control. In this project the current situation of the technological world is studied and a design, implementation and software deployment is proposed as a solution. In this Endof Degree Project, a system that monitors and supervises the traffic that is exchanged between Autonomous Sytems that have peering type relationships is developed. For that, the system must control such traffic in real time, automatically and continously, withoutthe intervention of any human being.In addition, it will also be able to detect configuration errors,both in the internal system of the organizationand in external organizations, proposing a quick response as a correction

Évaluation de la sécurité des réseaux privés virtuels sur MPLS

Les besoins actuels en termes de transmission sécurisée de l'information sont colossaux. Si les lignes louées représentaient dans le passé la méthode la plus communément employée pour relier deux sites distants, les réseaux privés virtuels prennent de plus en plus le pas sur ces lignes louées, essentiellement grâce à leur coût beaucoup plus faible. Néanmoins, les VPN de niveau 2 sont complexes à mettre en oeuvre et difficiles à mettre à l'échelle. Récemment sont appams les VPN sur MPLS, offrant de meilleures performances et ne nécessitant pas de chiffrement des données. Le concept des VPN sur MPLS repose sur l'utilisation de tables de routage et de contextes séparés dans les routeurs de bordure pour chaque VPN. Les paquets sont acheminés dans le réseau MPLS en ajoutant une étiquette supplémentaire permettant de définir leur appartenance à un VPN. Le réseau MPLS est transparent pour les clients des VPN, toutefois ceux-ci doivent faire confiance au foumisseur de service. Étant de plus en plus déployés, il est nécessaire de vérifier que les VPN sur MPLS sont effectivement sécuritaires et ne permettent pas à des attaquants de s'introduire dans le réseau MPLS ou dans les VPN. Ces demiers doivent être étanches, ne permettant pas de divulguer ou modifier l'information. La recherche préliminaire des différents modes d'attaques sur un réseau nous permet de confronter la technologie MPLS VPN à des menaces variées, puis de tester des architectures particulières utilisant cette technologie. Des expérimentations ont été menées sur un réseau MPLS de Bell Canada pour montrer que certaines conditions peuvent compromettre la sécurité des VPN sur MPLS. Le protocole BGP, utilisé sous sa variante MP-BGP pour effectuer la signalisation des VPN dans le réseau MPLS fait l'objet d'une étude approfondie. Nos résuUats montrent que l'architecture MPLS/VPN est sécuritaire à la condition qu'aucune erreur de configuration ne soit présente. Finalement, des conseils et recommandations sont présentés afin d'esquiver toute tentative d'attaque

Detecting IP prefix hijack events using BGP activity and AS connectivity analysis

The Border Gateway Protocol (BGP), the main component of core Internet connectivity, suffers vulnerability issues related to the impersonation of the ownership of IP prefixes for Autonomous Systems (ASes). In this context, a number of studies have focused on securing the BGP through several techniques, such as monitoring-based, historical-based and statistical-based behavioural models. In spite of the significant research undertaken, the proposed solutions cannot detect the IP prefix hijack accurately or even differentiate it from other types of attacks that could threaten the performance of the BGP. This research proposes three novel detection methods aimed at tracking the behaviour of BGP edge routers and detecting IP prefix hijacks based on statistical analysis of variance, the attack signature approach and a classification-based technique. The first detection method uses statistical analysis of variance to identify hijacking behaviour through the normal operation of routing information being exchanged among routers and their behaviour during the occurrence of IP prefix hijacking. However, this method failed to find any indication of IP prefix hijacking because of the difficulty of having raw BGP data hijacking-free. The research also proposes another detection method that parses BGP advertisements (announcements) and checks whether IP prefixes are announced or advertised by more than one AS. If so, events are selected for further validation using Regional Internet Registry (RIR) databases to determine whether the ASes announcing the prefixes are owned by the same organisation or different organisations. Advertisements for the same IP prefix made by ASes owned by different organisations are subsequently identified as hijacking events. The proposed algorithm of the detection method was validated using the 2008 YouTube Pakistan hijack event; the analysis demonstrates that the algorithm qualitatively increases the accuracy of detecting IP prefix hijacks. The algorithm is very accurate as long as the RIRs (Regional Internet Registries) are updated concurrently with hijacking detection. The detection method and can be integrated and work with BGP routers separately. Another detection method is proposed to detect IP prefix hijacking using a combination of signature-based (parsing-based) and classification-based techniques. The parsing technique is used as a pre-processing phase before the classification-based method. Some features are extracted based on the connectivity behaviour of the suspicious ASes given by the parsing technique. In other words, this detection method tracks the behaviour of the suspicious ASes and follows up with an analysis of their interaction with directly and indirectly connected neighbours based on a set of features extracted from the ASPATH information about the suspicious ASes. Before sending the extracted feature values to the best five classifiers that can work with the specifications of an implemented classification dataset, the detection method computes the similarity between benign and malicious behaviours to determine to what extent the classifiers can distinguish suspicious behaviour from benign behaviour and then detect the hijacking. Evaluation tests of the proposed algorithm demonstrated that the detection method was able to detect the hijacks with 96% accuracy and can be integrated and work with BGP routers separately.Saudi Cultural Burea