Peer-to-Peer Secure Updates for Heterogeneous Edge Devices

We consider the problem of securely distributing software updates to large scale clusters of heterogeneous edge compute nodes. Such nodes are needed to support the Internet of Things and low-latency edge compute scenarios, but are difficult to manage and update because they exist at the edge of the network behind NATs and firewalls that limit connectivity, or because they are mobile and have intermittent network access. We present a prototype secure update architecture for these devices that uses the combination of peer-to-peer protocols and automated NAT traversal techniques. This demonstrates that edge devices can be managed in an environment subject to partial or intermittent network connectivity, where there is not necessarily direct access from a management node to the devices being updated

Demonstrating Android P2P capabilities through a prototype application

Tänapäeval suheldakse aina rohkem elektroonilisi seadmeid kasutades. See tähendab, et seadmed vahetavad palju andmeid. Tihti on need andmed isiklikud, kuid saatmine toimub väga avalikul viisil. Kasutades levinud klient-server lähenemisviisi, võib server andmeid näha või isegi muuta, mis tähendab, et andmete autentsus ja privaatsus on rikutud, juhul kui kasutatakse ebausaldusväärset serverit. Lisaks eelistavad paljud inimesed suhtlemiseks ja andmevahetuseks mobiilseid seadmeid (tahvelarvutit või telefoni) tavalisele arvutile, kuid ikka veel ei eksisteeri lihtsat ning turvalist viisi selle tegemiseks. See töö analüüsib erinevaid andmevahetusmeetodeid P2P (peer-to-peer) viisil, mis erineb traditsioonilisest klient-server andmevahetusmudelist. Lisaks luuakse näiterakendus Androidile, mis demonstreerib, kuidas lihtsal moel luua P2P ühendus mitmete seadmete vahel. Rakendus toetab sõnumite saatmist klientide vahel ning sisaldab Hangmani mängu, mis demonstreerib mängude programmeerimist P2P suhtluse abil.Nowadays more and more people are communicating using electronic devices. This means that all kinds of data are transferred between devices. These are often private data but sent in a very public manner. When using traditional client-server approach, data may be seen or even altered by the server which means that the authenticity and privacy of data is always under question when using untrusted servers. Furthermore many people prefer to use mobile devices (tablet or mobile phone) instead of a PC for communicating and changing data yet there still does not exist a simple way to do it with certain privacy. This thesis analyzes different methods for sending and receiving data between clients in a P2P (peer-to-peer) way instead of using traditional client-server model. Also a proof-of-concept application is written for Android which demonstrates how to easily enable P2P communication between multiple devices. Application will support sending messages between peers and also includes an example Hangman game for demonstrating game programming with P2P communication

Detecting and Mitigating Denial-of-Service Attacks on Voice over IP Networks

Voice over IP (VoIP) is more susceptible to Denial of Service attacks than traditional data traffic, due to the former's low tolerance to delay and jitter. We describe the design of our VoIP Vulnerability Assessment Tool (VVAT) with which we demonstrate vulnerabilities to DoS attacks inherent in many of the popular VoIP applications available today. In our threat model we assume an adversary who is not a network administrator, nor has direct control of the channel and key VoIP elements. His aim is to degrade his victim's QoS without giving away his presence by making his attack look like a normal network degradation. Even black-boxed, applications like Skype that use proprietary protocols show poor performance under specially crafted DoS attacks to its media stream. Finally we show how securing Skype relays not only preserves many of its useful features such as seamless traversal of firewalls but also protects its users from DoS attacks such as recording of conversations and disruption of voice quality. We also present our experiences using virtualization to protect VoIP applications from 'insider attacks'. Our contribution is two fold we: 1) Outline a threat model for VoIP, incorporating our attack models in an open-source network simulator/emulator allowing VoIP vendors to check their software for vulnerabilities in a controlled environment before releasing it. 2) We present two promising approaches for protecting the confidentiality, availability and authentication of VoIP Services