Impact of prefix hijacking on payments of providers

Abstract—Whereas prefix hijacking is usually examined from security perspectives, this paper looks at it from a novel economic angle. Our study stems from an observation that a transit AS (Autonomous System) has a financial interest in attracting extra traffic to the links with its customers. Based on real data about the actual hijacking incident in the Internet, we conduct simulations in the real AS-level Internet topology with synthetic demands for the hijacked traffic. Then, we measure traffic on all inter-AS links and compute the payments of all providers. The analysis of our results from technical, business, and legal viewpoints suggests that hijacking-based traffic attraction is a viable strategy that can create a fertile ground for tussles between providers. In particular, giant top-tier providers appear to have the strongest financial incentives to hijack popular prefixes and then deliver the intercepted traffic to the proper destinations. We also discuss directions for future research in the area of hijacking-based traffic attraction

Investigation of Afghanistan network infrastructure for cyber security

06.03.2018 tarihli ve 30352 sayılı Resmi Gazetede yayımlanan “Yükseköğretim Kanunu İle Bazı Kanun Ve Kanun Hükmünde Kararnamelerde Değişiklik Yapılması Hakkında Kanun” ile 18.06.2018 tarihli “Lisansüstü Tezlerin Elektronik Ortamda Toplanması, Düzenlenmesi ve Erişime Açılmasına İlişkin Yönerge” gereğince tam metin erişime açılmıştır.Anahtar Kelimeler: Siber güvenlik, siber saldırılar, siber savaşlar, güvenlik açığı, gizlilik, bütünlük, ağ altyapısı, iletişim ve bilgi sistemleri. Global endüstriler büyük ölçüde bilgi ve veri güvenliğine yatırım yapıyor. Sanal iletişim zamanında, herhangi bir topolojisinde, öncelikle geçerlik ve güvenliği garanti altına almalı. Aksi takdirde bu tür iletişim karmaşık sorunlara ve kaynakların ağlar üzerinde zarar görmesine neden olur. Halbuki iletişim sistemleri savunmasızdır, Ülkenin bilgi bütünlüğüne, gizliliğine ve kullanılabilirliğine güvenmesi, siber güvenliğinin yetersizliğinden tam tersidir. Aslında, iletişim sistemleri veya internet öncelikle odaklı veya insan zihnindeki güvenlikle tasarlanmamıştır. Diğer bir deyişle, çok sayıda ağ bileşeninin koordinasyonu, öncelikle hava-arayüzü üzerinden kurulan veya ağ üzerinden önceden tanımlanmış protokoller altında fiziksel olarak entegre edilmiş güvenli bir bağlantıya ihtiyaç duyar. Ayrıca, bir hükümetin gerçekleştirme sorumluluğundan biri, siber ortamda ya da gerçekçi saldırı ve tehditlerle mücadele etmek için bir caydırma ekibi ya da teşkilatı oluşturmaktır. Modern iletişim sistemlerinde, siber saldırılar casusluk açısından gittikçe artmaktadır ve bilgi sistemlerine ciddi zarar vermek suretiyle siber alanın geleceğinde büyük bir sorun çıkarmaktadır. Öte yandan, Afganistan hükümeti, herhangi bir dışa bağımlı siber saldırılara karşı iyi tanımlanmış bir stratejiye sahip değilken, casusluktan sorumlu olan ve Afganistan'daki siber alanda katastrofik sorunlar çıkaran ülkelerden aktarılan değiştirilebilir verilerin büyük bir çoğunluğu bulunmaktadır. Bu sorunlar dikkate alındığında, bu çalışma Afganistan'da siber saldırılar ve siber istismar, bilgi güvenliği ile ilgili zorluklar, siber saldırıların mevcut Afganistan ağ altyapıları üzerindeki etkileri ve analizleri de dahil olmak üzere siber tehditlerle ilgilidir. Siberayla ilgili belirgin ve belirgin olmayan siber saldırılar için bir şekilde çözümün yanı sıra, mevcut ve gelecekteki siber krizin, modellerin ve simülasyon özelliklerinin bu raporun kısmen bir bölümünde analizi tanımlanmıştır. Bununla birlikte, güvenlik açısından Afganistan'ın mevcut siber durumuna, yaygın gelecekteki siber güvenlik ve siber güvenlik zorluklarına ilişkin sorunlar da bu raporda gösterilmektedir.Global industries are investing heavily in information and data security. At the time of virtual communication under any types of topologies, firstly, the validity and security must be guaranteed. Otherwise, such communication cause complex problems and resources damage over the networks. However, communication systems are vulnerable, the nation's reliance on the integrities, confidentialities, and availabilities of information stand in stark contrast to the inadequacy of their cybersecurity. In fact, communication systems or internet was not primarily designed with security in oriented or human minds. On the other word, coordinating of huge numbers of network components, first of all, need to a secure connection, either such connection established via air-interface or integrated physically under predefined protocols over the network. Additionally, one of the accomplishment responsibility of a government is creating a deterrence team or military to combat any types of attack and threat either on cyberspace or on realistic. In modern communication systems cyber-attacks becoming increasingly in terms of espionage, and it would make a big challenge in the future of cyberspace by causing serious damage to information systems. From the other hand, the government of Afghanistan does not have a well-defined strategy against any types of outsider cyberattacks while the huge amount of the exchangeable data transferring from the countries who are in charge of espionage and attempt to make catastrophic problems on Afghanistan's cyberspace. In consideration to these issues, this study concerned in Afghanistan's cyber-threats including cyber-attacks and cyber-exploit, information security challenges, analysis and effects of cyber-attacks on current Afghanistan network infrastructures. Definition of somewhat solution for distinctive and non-distinctive cyber-attacks over cyberspace, as well as the analysis of current and future cyberspace crisis, models and simulations aspect in some partial part of this report, has been also covered. However, current cyberspace status of Afghanistan in term of security, challenges of prevalent future cyber security and cyber security difficulties have also illustrated in this report

Abstracting network policies

Almost every human activity in recent years relies either directly or indirectly on the smooth and efficient operation of the Internet. The Internet is an interconnection of multiple autonomous networks that work based on agreed upon policies between various institutions across the world. The network policies guiding an institution’s computer infrastructure both internally (such as firewall relationships) and externally (such as routing relationships) are developed by a diverse group of lawyers, accountants, network administrators, managers amongst others. Network policies developed by this group of individuals are usually done on a white-board in a graph-like format. It is however the responsibility of network administrators to translate and configure the various network policies that have been agreed upon. The configuration of these network policies are generally done on physical devices such as routers, domain name servers, firewalls and other middle boxes. The manual configuration process of such network policies is known to be tedious, time consuming and prone to human error which can lead to various network anomalies in the configuration commands. In recent years, many research projects and corporate organisations have to some level abstracted the network management process with emphasis on network devices (such as Cisco VIRL) or individual network policies (such as Propane). [Continues.]</div

Toward Customizable Multi-tenant SaaS Applications

abstract: Nowadays, Computing is so pervasive that it has become indeed the 5th utility (after water, electricity, gas, telephony) as Leonard Kleinrock once envisioned. Evolved from utility computing, cloud computing has emerged as a computing infrastructure that enables rapid delivery of computing resources as a utility in a dynamically scalable, virtualized manner. However, the current industrial cloud computing implementations promote segregation among different cloud providers, which leads to user lockdown because of prohibitive migration cost. On the other hand, Service-Orented Computing (SOC) including service-oriented architecture (SOA) and Web Services (WS) promote standardization and openness with its enabling standards and communication protocols. This thesis proposes a Service-Oriented Cloud Computing Architecture by combining the best attributes of the two paradigms to promote an open, interoperable environment for cloud computing development. Mutil-tenancy SaaS applicantions built on top of SOCCA have more flexibility and are not locked down by a certain platform. Tenants residing on a multi-tenant application appear to be the sole owner of the application and not aware of the existence of others. A multi-tenant SaaS application accommodates each tenant’s unique requirements by allowing tenant-level customization. A complex SaaS application that supports hundreds, even thousands of tenants could have hundreds of customization points with each of them providing multiple options, and this could result in a huge number of ways to customize the application. This dissertation also proposes innovative customization approaches, which studies similar tenants’ customization choices and each individual users behaviors, then provides guided semi-automated customization process for the future tenants. A semi-automated customization process could enable tenants to quickly implement the customization that best suits their business needs.Dissertation/ThesisDoctoral Dissertation Computer Science 201

Distribution system congestion management through market mechanism

Nowadays, the electricity industry has experienced essential changes compared to the past. The idea of distributed generations (DGs) in distribution networks replacing the bulk power plants traditionally connected to the high voltage levels is one of those changes. Irrespective of the positive aspects of the mentioned change, congestion is the problem that is increasingly occurring in distribution systems due to an upward trend in DGs’ penetration in distribution net-works. Methods to solve the congestion in distribution networks has received the attention of researchers and those who are working in the distribution network domain recently. The idea of the thesis is to solve the congestion in distribution networks through market mechanisms. To do so, a simulation environment is designed and implemented in order to ena-ble us to analyze and understand the features of various scenarios associated with congestion management with or without using market mechanisms. By using the simulation environment, five different scenarios are investigated, and the results show the congestion relief of the distri-bution network by linking the flexibility buyers (distribution system operators (DSOs)) to flexibil-ity providers (aggregators) through the local flexibility market (LFM) platform. Timing and fre-quency of operation are proposed for LFM in the thesis. Besides, the benefits of LFM for DSOs are investigated, and the impact of inaccuracy in predictive optimal power flow (OPF) on the real-time operation of the distribution system is studied as well

Alternative revenue sources for Internet service providers

The Internet has evolved from a small research network towards a large globally interconnected network. The deregulation of the Internet attracted commercial entities to provide various network and application services for profit. While Internet Service Providers (ISPs) offer network connectivity services, Content Service Providers (CSPs) offer online contents and application services. Further, the ISPs that provide transit services to other ISPs and CSPs are known as transit ISPs. The ISPs that provide Internet connections to end users are known as access ISPs. Though without a central regulatory body for governing, the Internet is growing through complex economic cooperation between service providers that also compete with each other for revenues. Currently, CSPs derive high revenues from online advertising that increase with content popularity. On other hand, ISPs face low transit revenues, caused by persistent declines in per-unit traffic prices, and rising network costs fueled by increasing traffic volumes. In this thesis, we analyze various approaches by ISPs for sustaining their network infrastructures by earning extra revenues. First, we study the economics of traffic attraction by ISPs to boost transit revenues. This study demonstrates that traffic attraction and reaction to it redistribute traffic on links between Autonomous Systems (ASes) and create camps of winning, losing and neutral ASes with respect to changes in transit payments. Despite various countermeasures by losing ASes, the traffic attraction remains effective unless ASes from the winning camp cooperate with the losing ASes. While our study shows that traffic attraction has a solid potential to increase revenues for transit ISPs, this source of revenues might have negative reputation and legal consequences for the ISPs. Next, we look at hosting as an alternative source of revenues and examine hosting of online contents by transit ISPs. Using real Internet-scale measurements, this work reports a pervasive trend of content hosting throughout the transit hierarchy, validating the hosting as a prominent source of revenues for transit ISPs. In our final work, we consider a model where access ISPs derive extra revenues from online advertisements (ads). Our analysis demonstrates that the ad-based revenue model opens a significant revenue potential for access ISPs, suggesting its economic viability.This work has been supported by IMDEA Networks Institute.Programa Oficial de Doctorado en Ingeniería TelemáticaPresidente: Jordi Domingo-Pascual.- Vocal: Víctor López Álvarez.-Secretario: Alberto García Martíne