1,332 research outputs found
Security issues in PIM-SM link-local messages
Protocol Independent Multicast-Sparse Mode (PIM-SM) routing protocol attracts most of the attention of the Internet community due to its scalability and flexibility. From the very beginning, multicast communication faced various difficulties in its security areas. PIM-SM is also not free from this problem. Security features of a routing protocol consist of two orthogonal planes: data plane and control message plane. The first one ensures distribution of data packets securely while the other deals with security of control messages. Most of the PIM-SM control messages fall into the link-local category, and are sent to adjacent routers only, using TTL = 1 and ALL_PIM_ROUTERS as destination address. To protect these link-local messages, in the present Internet Draft of PIM-SM a security mechanism has been proposed that uses IPsec Authentication Header (AH) protocol. While using IPsec AH protocol, the anti-replay mechanism has been disabled. This compromise makes PIM-SM vulnerable to denial of service attack. Moreover, the Security Association lookup and number of Security Associations are also erroneous and incomplete in the document. A new proposal has been presented in this thesis to protect PIM link-local messages while activating the anti-replay mechanism as well. Security Association lookup method has been modified also to cope with this proposal. Finally, this new proposal has been validated using a validation tool, SPIN, that uses PROMELA to design the validation model
Efficient Micro-Mobility using Intra-domain Multicast-based Mechanisms (M&M)
One of the most important metrics in the design of IP mobility protocols is
the handover performance. The current Mobile IP (MIP) standard has been shown
to exhibit poor handover performance. Most other work attempts to modify MIP to
slightly improve its efficiency, while others propose complex techniques to
replace MIP. Rather than taking these approaches, we instead propose a new
architecture for providing efficient and smooth handover, while being able to
co-exist and inter-operate with other technologies. Specifically, we propose an
intra-domain multicast-based mobility architecture, where a visiting mobile is
assigned a multicast address to use while moving within a domain. Efficient
handover is achieved using standard multicast join/prune mechanisms. Two
approaches are proposed and contrasted. The first introduces the concept
proxy-based mobility, while the other uses algorithmic mapping to obtain the
multicast address of visiting mobiles. We show that the algorithmic mapping
approach has several advantages over the proxy approach, and provide mechanisms
to support it. Network simulation (using NS-2) is used to evaluate our scheme
and compare it to other routing-based micro-mobility schemes - CIP and HAWAII.
The proactive handover results show that both M&M and CIP shows low handoff
delay and packet reordering depth as compared to HAWAII. The reason for M&M's
comparable performance with CIP is that both use bi-cast in proactive handover.
The M&M, however, handles multiple border routers in a domain, where CIP fails.
We also provide a handover algorithm leveraging the proactive path setup
capability of M&M, which is expected to outperform CIP in case of reactive
handover.Comment: 12 pages, 11 figure
HoPP: Robust and Resilient Publish-Subscribe for an Information-Centric Internet of Things
This paper revisits NDN deployment in the IoT with a special focus on the
interaction of sensors and actuators. Such scenarios require high
responsiveness and limited control state at the constrained nodes. We argue
that the NDN request-response pattern which prevents data push is vital for IoT
networks. We contribute HoP-and-Pull (HoPP), a robust publish-subscribe scheme
for typical IoT scenarios that targets IoT networks consisting of hundreds of
resource constrained devices at intermittent connectivity. Our approach limits
the FIB tables to a minimum and naturally supports mobility, temporary network
partitioning, data aggregation and near real-time reactivity. We experimentally
evaluate the protocol in a real-world deployment using the IoT-Lab testbed with
varying numbers of constrained devices, each wirelessly interconnected via IEEE
802.15.4 LowPANs. Implementations are built on CCN-lite with RIOT and support
experiments using various single- and multi-hop scenarios
Backscatter from the Data Plane --- Threats to Stability and Security in Information-Centric Networking
Information-centric networking proposals attract much attention in the
ongoing search for a future communication paradigm of the Internet. Replacing
the host-to-host connectivity by a data-oriented publish/subscribe service
eases content distribution and authentication by concept, while eliminating
threats from unwanted traffic at an end host as are common in today's Internet.
However, current approaches to content routing heavily rely on data-driven
protocol events and thereby introduce a strong coupling of the control to the
data plane in the underlying routing infrastructure. In this paper, threats to
the stability and security of the content distribution system are analyzed in
theory and practical experiments. We derive relations between state resources
and the performance of routers and demonstrate how this coupling can be misused
in practice. We discuss new attack vectors present in its current state of
development, as well as possibilities and limitations to mitigate them.Comment: 15 page
Design and implementation of multicast listener discovery protocol on constrained devices
Para la aplicación y apoyo del uso de IPv6 en 6LoWPANs (Low-power Wireless Personal Area Networks), ha habido numerosas investigaciones y se han desarrollado protocolos y mecanismos estandarizados. Sin embargo para la comunicación multicast en estas redes, el tema esta aún bastante abierto a la investigación. La comunicación multicast permite conectar routers con hosts preseleccionados por grupos. La comunicación multicast es muy beneficiosa para aplicaciones con dispositivos con recursos limitados ya que ahorra energía y ancho de banda. A continuación mostramos posibles ejemplos de estas aplicaciones, la iluminación de un edificio organizada por plantas, una red de sensores de temperatura organizados por áreas y un largo número de aplicaciones basadas en la comunicación de un punto a varios puntos preseleccionados. El grupo de investigación de la universidad de Aalto (Finlandia) llamado MAMMoTH (Massive Scale Machine-to-Machine Service) tiene como uno de sus objetivos construir un protocolo multicast para dispositivos con recursos limitados. Para el desarrollo de este protocolo, es necesario un protocolo de encaminamiento multicast y un protocolo de gestión de grupos multicast. Este último, es el protocolo que he desarrollado como “research assistant” para mi proyecto final de carrera. En este proyecto final de carrera, se ha diseñado, implementado y evaluado el protocolo MLD para dispositivos con recursos limitados. MLD permite a un router IPv6 gestionar grupos multicast. No obstante, el uso de MLD en LoWPANs tiene varios problemas como la definición del area local, el tamaño de los paquete y la complejidad del comportamiento del router. El protocolo ha sido implementado en Contiki, un sistema operativo para desarrollar para el “Internet of Things”. Contiki permite conectar sistemas pequeños de poco coste con poca potencia a Internet. Hemos ampliado la pila TCP/IP de Contiki para respaldar MLD. El protocolo ha sido evaluado y analizado sobre un simulador en diferentes topologías para validar el funcionamiento. Del mismo modo, también se ha verificado que el tamaño del objeto creado no ocupaba más memoria de la disponible en los dispositivos Z1 Zolertia
Key distribution technique for IPTV services with support for admission control and user defined groups
Tese de doutoramento. Engenharia Electrotécnica e de Computadores. Faculdade de Engenharia. Universidade do Porto. 200
- …