A Covert Channel in Packet Switching Data Networks

This paper presents a covert communication channel that exists in virtually all forms of packet switching data networks. On the one hand, this covert channel, if used properly, can potentially enhance the overall security of data communications over networks. On the other hand, the covert channel can also potentially become a back door to access a destination computer, and hence becomes a security hazard to the computer. A simple protocol is specified for communications on the covert channel. A modified TFTP application is also presented to demonstrate how to use the covert channel to convey secret messages or to enhance the integrity of data communications. The application also illustrates a back door that leaks client’s data files without user notification. A sliding entropy method is also introduced to detect some cases of covert channels

{SoK}: {An} Analysis of Protocol Design: Avoiding Traps for Implementation and Deployment

Today's Internet utilizes a multitude of different protocols. While some of these protocols were first implemented and used and later documented, other were first specified and then implemented. Regardless of how protocols came to be, their definitions can contain traps that lead to insecure implementations or deployments. A classical example is insufficiently strict authentication requirements in a protocol specification. The resulting Misconfigurations, i.e., not enabling strong authentication, are common root causes for Internet security incidents. Indeed, Internet protocols have been commonly designed without security in mind which leads to a multitude of misconfiguration traps. While this is slowly changing, to strict security considerations can have a similarly bad effect. Due to complex implementations and insufficient documentation, security features may remain unused, leaving deployments vulnerable. In this paper we provide a systematization of the security traps found in common Internet protocols. By separating protocols in four classes we identify major factors that lead to common security traps. These insights together with observations about end-user centric usability and security by default are then used to derive recommendations for improving existing and designing new protocols---without such security sensitive traps for operators, implementors and users

Cost-effective Ethernet Communication for Low Cost Microcontroller Architecture

With the advancement of microelectronic technology and the overall rising trend in the use of low cost microcontrollers the need to share information over the existing infrastructure is more and more emphasized. The problem that persists is how to implement Ethernet communication in low cost microcontrollers while retaining low cost of the device. This paper proposes the use of Microchip’s Stand-Alone Ethernet Controller ENC28J60 in order to establish Ethernet communication towards the application located on a Host PC. In order to reduce the induced overhead on the existing microcontroller firmware size, the paper proposes the use of User Datagram Protocol (UDP) alongside with added authentication in the form of Basic Access Authentication using the Base64 algorithm to establish communication. The communication is tested using the Atmel AVR microcontroller architecture (Atmel AVR XMEGA) and the Stand-Alone Ethernet Controller whereas the sent data is displayed on a National Instruments LabVIEW application running on a Host PC. The measurement is carried out by using network protocol analysis and the comparison is made against the existing communication protocol (TFTP). The proposed communication is compared to one of the existing protocols, Trivial File Transfer Protocol (TFTP). The results are visible in a higher data rate and a lower flash size for implementation, representing an advantage over the existing protocols

{SoK}: {An} Analysis of Protocol Design: Avoiding Traps for Implementation and Deployment

Today's Internet utilizes a multitude of different protocols. While some of these protocols were first implemented and used and later documented, other were first specified and then implemented. Regardless of how protocols came to be, their definitions can contain traps that lead to insecure implementations or deployments. A classical example is insufficiently strict authentication requirements in a protocol specification. The resulting Misconfigurations, i.e., not enabling strong authentication, are common root causes for Internet security incidents. Indeed, Internet protocols have been commonly designed without security in mind which leads to a multitude of misconfiguration traps. While this is slowly changing, to strict security considerations can have a similarly bad effect. Due to complex implementations and insufficient documentation, security features may remain unused, leaving deployments vulnerable. In this paper we provide a systematization of the security traps found in common Internet protocols. By separating protocols in four classes we identify major factors that lead to common security traps. These insights together with observations about end-user centric usability and security by default are then used to derive recommendations for improving existing and designing new protocols---without such security sensitive traps for operators, implementors and users

Research into alternative network approaches for space operations

The main goal is to resolve the interoperability problem of applications employing DOD TCP/IP (Department of Defence Transmission Control Protocol/Internet Protocol) family of protocols on a CCITT/ISO based network. The objective is to allow them to communicate over the CCITT/ISO protocol GPLAN (General Purpose Local Area Network) network without modification to the user's application programs. There were two primary assumptions associated with the solution that was actually realized. The first is that the solution had to allow for future movement to the exclusive use of the CCITT/ISO standards. The second is that the solution had to be software transparent to the currently installed TCP/IP and CCITT/ISO user application programs

Generating the DHCP config file using confDB

The present note describes a method to generate the dhcp config file using the information contained in the configuration database. It also presents how it can be used according to the network topology

A graphical representation for the formal description technique Estelle

Includes bibliographical references.This dissertation concerns the specification and description of complex communicating systems using Formal Description Techniques. Specifically, we propose a standard graphical representation for the Formal Description Technique Estelle and present a prototype editor based on this representation. Together they integrate the new graphical representation with existing Estelle textual tools to create a powerful graphical design technique for Estelle. The perennial popularity of graphical techniques, combined with recent advances in computer graphics hardware and software which enable their effective application in a computing environment, provide a double impetus for the development of a graphical representation for Estelle. Most importantly, a graphical technique is more easily read and understood by humans, and can better describe the complex structure and inter-relationships of components of concurrent communicating systems. Modern graphical technology also presents a number of opportunities, separate from the specification method, such as hyperlinking, multiple windows and hiding of detail, which enrich the graphical technique. The prototype editor makes use of these opportunities to provide the protocol engineer with an advanced interface which actively supports the protocol design process to improve the quality of design. The editor also implements translations between the graphical representation and the standard Estelle textual representation, on the one hand allowing the graphical interpretation to be applied to existing textual specifications, and on the other, the application of existing text-based processing tools to a graphical specification description

Instal·lar Debian GNU/Linux a SGI Indy

L'objectiu del projecte és instal·lar Debian GNU/Linux a una estació de treball SGI Indy, un ordinador que no té lector de CD ni (el model objecte d'estudi) disposa de disquetera. La novetat d'aquest projecte és que no s'havia instal·lat Debian GNU/Linux en màquines diferents d'un PC. El mètode era utilitzar la connexió de xarxa i comptar amb un altre ordinador. S'havien d'estudiar les possibilitats: bé si es disposava d'un compte d'usuari o bé de majors necessitats. S'ha instal·lat Debian GNU/Linux disposant d'un compte root i utilitzant un servidor DHCP (Dynamic Host Configuration Protocol) i un servidor TFTP (Trivial File Transfer Protocol). Com a resultat es disposa d'un ordinador amb un Sistema Operatiu no propietari i molt més conegut que l'anterior, fet que en facilita les tasques de manteniment i el seu ús com a material educatiu