On Robustness and Countermeasures of Reliable Server Pooling Systems against Denial of Service Attacks

Abstract. The Reliable Server Pooling (RSerPool) architecture is the IETF's novel approach to standardize a light-weight protocol framework for server redundancy and session failover. It combines ideas from different research areas into a single, resource-efficient and unified architecture. While there have already been a number of contributions on the performance of RSerPool for its main tasks -pool management, load distribution and failover handling -the robustness of the protocol framework has not yet been evaluated against intentional attacks. The first goal of this paper is to provide a robustness analysis. In particular, we would like to outline the attack bandwidth necessary for a significant impact on the service. Furthermore, we present and evaluate our countermeasure approach to significantly reduce the impact of attacks

Six families of flexicurity indicators developed at the Hans Boeckler Foundation

"The paper is an overview of over 30 publications on six models with flexicurity indicators developed at the Hans-Böckler-Foundation for monitoring and analysis of flexicurity. The latter is a new European labour market policy which should compensate the ongoing flexibilization of employment relations (resulting in easy dismissals, adjustable working time, and variable wages) by advances in employment security and social security. Flexibility is promoted by employers, whereas trade unions are concerned with security. The models are aimed at analyzing flexicurity from the following viewpoints: (1) neo-liberal, (2) trade-unionist, (3) of the European welfare state, (4) regarding precarious work, (5) regarding professional training and lifelong learning, and (6) regarding trends in collective agreements. All the six models provide empirical evidence of increasing flexibility together with decline of social security and rise of precarious employment. This is a serious warning against improper implementation of flexicurity and one-sided use of this policy in favor of employers. Finally six policy proposals are made: (1) to introduce flexinsurance, (2) to impose workplace tax, (3) to provide basic income, (4) to constrain financial markets, (5) to politicize and restructuralize trade unions, and (6) separate politics from economy." [author's abstract

Six families of flexicurity indicators developed at the Hans Boeckler Foundation

The paper is an overview of over 30 publications on six models with flexicurity indicators developed at the Hans-Böckler-Foundation for monitoring and analysis of flexicurity. The latter is a new European labour market policy which should compensate the ongoing flexibilization of employment relations (resulting in easy dismissals, adjustable working time, and variable wages) by advances in employment security and social security. Flexibility is promoted by employers, whereas trade unions are concerned with security. The models are aimed at analyzing flexicurity from the following viewpoints: (1) neo-liberal, (2) trade-unionist, (3) of the European welfare state, (4) regarding precarious work, (5) regarding professional training and lifelong learning, and (6) regarding trends in collective agreements. All the six models provide empirical evidence of increasing flexibility together with decline of social security and rise of precarious employment. This is a serious warning against improper implementation of flexicurity and one-sided use of this policy in favor of employers. Finally six policy proposals are made: (1) to introduce flexinsurance, (2) to impose workplace tax, (3) to provide basic income, (4) to constrain financial markets, (5) to politicize and restructuralize trade unions, and (6) separate politics from economy. --labour market policy,flexicurity,composite indicators,trade unions

Detection and analysis of misuse in SIP-based networks

Die Sprachkommunikation über „Voice over IP“-Netzwerke, basierend auf dem Session Initiation Protokoll (SIP), verbreitet sich auf Grund von Funktionalitäts- und Kostenvorteilen zunehmend und wird die klassischen Telefonnetze in den nächsten Jahren vollständig ablösen. Zusätzlich zu den Netzen der Telefonanbieter wird die Sprachkommunikation über das SIP-Protokoll auch im Unternehmens- und Privatanwenderumfeld unverzichtbar. So bietet VoIP die Möglichkeit, sich unabhängig von dem aktuellen Aufenthaltsort über das Internet bei dem jeweiligen Heimatnetzbetreiber oder der eigenen Firma anzumelden und über das dortige Nutzerkonto Gespräche zu führen. Da die Telefonie somit von einer geschlossenen und vergleichsweise sicheren Plattform auf eine viel offenere Plattform in das Internet migriert wird, ergeben sich neue Risiken und Missbrauchsmöglichkeiten im Bereich der Telefonie. In dieser Dissertation werden Angriffe untersucht, die mit der Einführung von SIP-basierten Sprachdiensten im Internet entstehen und nicht aus Bedrohungen der Netzwerkschicht oder aus rechtlichen Vertragsbestimmungen resultieren. Das Ziel dieser Angriffe ist das Erlangen eines finanziellen Vorteils, indem ein Angreifer kompromittierte Zugänge für Auslandstelefonate oder für Anrufe zu Premiumnummern auf Kosten der Anschlussinhaber nutzt („Toll Fraud“). Für die Realisierung der Bedrohungsanalyse und der Angriffserkennung wurden Konzepte, ein Versuchsnetzwerk sowie die notwendigen Softwarekomponenten ergebnisorientiert entwickelt. Im Vergleich zu anderen Forschungsarbeiten wurden Untersuchungen mit Ködersystemen (Honeypots) weiterentwickelt und es wurde ein System für eine verteilte, automatische Angriffserkennung entwickelt. Dafür wurden SIP-Verkehrsdaten über einen Zeitraum von sechs Jahren in zwei Class-C-Netzwerken aufgezeichnet und mit einem neuen Analyseansatz unabhängig von einzelnen SIP-Nachrichten automatisch ausgewertet. Die Ergebnisse des Feldversuches in dieser Dissertation zeigen, dass die Bedrohungen für die SIP-Infrastruktur ansteigen und dass bereits eine Weiterentwicklung und Optimierung der Angriffswerkzeuge nachzuweisen ist. Die zunehmende Anzahl der Toll Fraud-Versuche mit internationalen Anrufzielen (und auch zu Premium-Rufnummern) verdeutlicht, dass bei einem unzureichenden Schutz der SIP-Server für die Nutzer und Betreiber sehr schnell ein erheblicher finanzieller Schaden entstehen kann. Es ist daher unerlässlich, die vorgeschalteten, systematischen Angriffsstufen frühzeitig zu erkennen und Abwehrkomponenten zu benachrichtigen. Für die automatisierte, verteilte Angriffserkennung in Echtzeit und für die Maximierung des Beobachtungsgebietes wurde für diese Dissertation das „Security Sensor System“ entwickelt. Mit Hilfe von leichtgewichtigen Sensoren wurde eine weltweite signaturbasierte Angriffserkennung realisiert. Zusätzlich zu der standortbezogenen Angriffserkennung werden Angriffe durch einen zentralen Dienst korreliert. Dadurch können Angreifer netzwerkübergreifend bzw. länderübergreifend identifiziert und somit Gegenwehrkomponenten in Echtzeit benachrichtigt werden. Der Vergleich der verschiedenen Messstellen im Internet belegt, dass die analysierten Angriffsmuster nicht nur im Netzwerk der Universität Duisburg-Essen, sondern zeitlich zusammenhängend auch an anderen Standorten auftreten. Dadurch wird deutlich, dass die ermittelten Ergebnisse auch für andere Netzwerke gültig sind und dass die Toll Fraud-Problematik bereits für alle Betreiber von SIP-Servern relevant ist.Voice over IP networks based on the Session Initiation Protocol (SIP) are becoming more and more widespread in the Internet due to functionality and cost advantages and will soon replace the classic telephony networks. Therefore, support of open SIP-based interfaces is an increasingly important requirement for IP-based Public Branch eXchanges (PBXs) and provider systems. The VoIP service allows using the personal or company VoIP account from any location worldwide. The migration of the telephony service from a closed and comparatively secure environment to a network with open interfaces creates security issues and opens up new opportunities for misuse and fraud. In this thesis, attacks are analyzed which result from introducing SIP-based voice services and do not belong to the area of contract regulations or attacks on the network layer. The attacker’s goal is to gain immediate financial benefit by making toll calls (international, cellular, premium services) via cracked third party accounts (“Toll Fraud”). To realize the threat analysis and the attack detection concepts, a SIP-based testbed and required software components were developed. In comparison to the related work, analyses with Honeypots were enhanced and a mechanism for automatic, distributed attack detection was realized. Therefore, for gathering the required data, a Honeynet with two class-C networks captured the SIP traffic for a period of six years. The automatic analysis is based on attacks and operates independently of single SIP messages. The field test results of this thesis demonstrate that SIP-based threats increase over time and attack tools are optimized and enhanced. The increasing number of Toll Fraud attempts to international or premium numbers reveals that Toll Fraud attacks can cause the account owner substantial financial damage in a very short amount of time if there is insufficient attack detection and mitigation. Hence, it is necessary to implement an attack detection which is able to identify the different attack stages and sends a notification to mitigation components before a Toll Fraud call is established. In this thesis, the Security Sensor System was developed to maximize the monitoring scope and to realize the distributed, automatic attack detection in real-time. The light-weight sensor component provides worldwide signature-based attack detection. Additional to the location-based attack detection, all attack notifications are sent to a central service which correlates the incoming alarm messages and provides a comprehensive attacker identification to inform mitigation components in real-time. The comparison of different sensor nodes in the Internet shows that the analyzed attack patterns do not only occur in the University testbed, but also temporally coherent in other networks. Thus, the results are valid for different network environments and it is crucial to know that Toll Fraud attacks are already performed in reality

[¹⁸F]fluorination of biorelevant arylboronic acid pinacol ester scaffolds synthesized by convergence techniques

Aim: The development of small molecules through convergent multicomponent reactions (MCR) has been boosted during the last decade due to the ability to synthesize, virtually without any side-products, numerous small drug-like molecules with several degrees of structural diversity.(1) The association of positron emission tomography (PET) labeling techniques in line with the “one-pot” development of biologically active compounds has the potential to become relevant not only for the evaluation and characterization of those MCR products through molecular imaging, but also to increase the library of radiotracers available. Therefore, since the [18F]fluorination of arylboronic acid pinacol ester derivatives tolerates electron-poor and electro-rich arenes and various functional groups,(2) the main goal of this research work was to achieve the 18F-radiolabeling of several different molecules synthesized through MCR. Materials and Methods: [18F]Fluorination of boronic acid pinacol esters was first extensively optimized using a benzaldehyde derivative in relation to the ideal amount of Cu(II) catalyst and precursor to be used, as well as the reaction solvent. Radiochemical conversion (RCC) yields were assessed by TLC-SG. The optimized radiolabeling conditions were subsequently applied to several structurally different MCR scaffolds comprising biologically relevant pharmacophores (e.g. β-lactam, morpholine, tetrazole, oxazole) that were synthesized to specifically contain a boronic acid pinacol ester group. Results: Radiolabeling with fluorine-18 was achieved with volumes (800 μl) and activities (≤ 2 GBq) compatible with most radiochemistry techniques and modules. In summary, an increase in the quantities of precursor or Cu(II) catalyst lead to higher conversion yields. An optimal amount of precursor (0.06 mmol) and Cu(OTf)2(py)4 (0.04 mmol) was defined for further reactions, with DMA being a preferential solvent over DMF. RCC yields from 15% to 76%, depending on the scaffold, were reproducibly achieved. Interestingly, it was noticed that the structure of the scaffolds, beyond the arylboronic acid, exerts some influence in the final RCC, with electron-withdrawing groups in the para position apparently enhancing the radiolabeling yield. Conclusion: The developed method with high RCC and reproducibility has the potential to be applied in line with MCR and also has a possibility to be incorporated in a later stage of this convergent “one-pot” synthesis strategy. Further studies are currently ongoing to apply this radiolabeling concept to fluorine-containing approved drugs whose boronic acid pinacol ester precursors can be synthesized through MCR (e.g. atorvastatin)