Marine data collection based on embedded system with wired and wireless transmission

A great interest of boat manufacturers is to improve their products by knowing how the boats are used after sale. In order to gather information about the condition of usages, a system needs to be developed in order to collect data from different marine electronics mounted on the boat. Through this thesis work, we developed such data collecting system for leisure boats which support CAN Bus the message-based protocol. The data collection system has been developed and installed on a Linux-based embedded system connected to the CAN Bus network through a gateway in our laboratory. Through the data collection system, all data generated from different marine electronics in the network can be captured, filtered, transmitted, displayed and then stored in the system. For data transmission and access, we have implemented three methods through wired or wireless networks, i.e., the fixed Internet, 3G/LTE cellular networks and Wi-Fi networks. Furthermore, the prototype implementation has been extensively tested in both lab and real-life environment

Security protocols for networks and Internet: a global vision

This work was supported by the MINECO grant TIN2013-46469-R (SPINY: Security and Privacy in the Internet of You), by the CAM grant S2013/ICE-3095 (CIBERDINE: Cybersecurity, Data, and Risks), which is co-funded by European Funds (FEDER), and by the MINECO grant TIN2016-79095-C2-2-R (SMOG-DEV—Security mechanisms for fog computing: advanced security for devices)

KVM Based Virtualization and Remote Management

In the recent past, cloud computing is the most significant shifts and Kernel Virtual Machine (KVM) is the most commonly deployed hypervisor which are used in the IaaS layer of the cloud computing systems. The Hypervisor is the one which provides the complete virtualization environment which will intend to virtualize as much as hardware and systems which will include the CPUs, Memory, network interfaces and so on. Because of the virtualization technologies such as the KVM and others such as ESXi, there has been a significant decrease in the usage if the resources and decrease in the costs involved. Firstly, in this Paper I will be discussing about the different hypervisors that are used for the virtualization of the systems, then I discuss about how the virtualization using the Kernel Virtual Machine (KVM) is made easy, and then discuss about the Host security, the access and the security of the KVM virtual machines by the remote management using the Secure Sell (SSH) tunnels, Simple Authentication and Secure Layer (SASL) authentication and Transport Layer Security (TLS)

Comparison of different ways to avoid internet traffic interception

Projecte fet en col.laboració amb la Norwegian University of Science and Technology. Department of Telematic EngineeringEnglish: The main objective of this thesis is to analyze and compare different ways to avoid the Internet traffic eavesdropping (carried out both by governments or malicious particulars). The analysis consists on a description of the different protocols and technologies involved in each option as well as the difficulties to implement them and the technical knowledge of the users in order to take profit of them

SDN Architecture and Southbound APIs for IPv6 Segment Routing Enabled Wide Area Networks

The SRv6 architecture (Segment Routing based on IPv6 data plane) is a promising solution to support services like Traffic Engineering, Service Function Chaining and Virtual Private Networks in IPv6 backbones and datacenters. The SRv6 architecture has interesting scalability properties as it reduces the amount of state information that needs to be configured in the nodes to support the network services. In this paper, we describe the advantages of complementing the SRv6 technology with an SDN based approach in backbone networks. We discuss the architecture of a SRv6 enabled network based on Linux nodes. In addition, we present the design and implementation of the Southbound API between the SDN controller and the SRv6 device. We have defined a data-model and four different implementations of the API, respectively based on gRPC, REST, NETCONF and remote Command Line Interface (CLI). Since it is important to support both the development and testing aspects we have realized an Intent based emulation system to build realistic and reproducible experiments. This collection of tools automate most of the configuration aspects relieving the experimenter from a significant effort. Finally, we have realized an evaluation of some performance aspects of our architecture and of the different variants of the Southbound APIs and we have analyzed the effects of the configuration updates in the SRv6 enabled nodes

Mosh: An Interactive Remote Shell for Mobile Clients

Mosh (mobile shell) is a remote terminal application that supports intermittent connectivity, allows roaming, and speculatively and safely echoes user keystrokes for better interactive response over high-latency paths. Mosh is built on the State Synchronization Protocol (SSP), a new UDP-based protocol that securely synchronizes client and server state, even across changes of the client’s IP address. Mosh uses SSP to synchronize a character-cell terminal emulator, maintaining terminal state at both client and server to predictively echo keystrokes. Our evaluation analyzed keystroke traces from six different users covering a period of 40 hours of real-world usage. Mosh was able to immediately display the effects of 70% of the user keystrokes. Over a commercial EV-DO (3G) network, median keystroke response latency with Mosh was less than 5 ms, compared with 503 ms for SSH. Mosh is free software, available from http://mosh.mit.edu. It was downloaded more than 15,000 times in the first week of its release.National Science Foundation (U.S.) (NSF grant 1040072)National Science Foundation (U.S.) (NSF grant 0721702

The Impact of TLS on SIP Server Performance

This report studies the performance impact of using TLS as a transport protocol for SIP servers. We evaluate the cost of TLS experimentally using a testbed with OpenSIPS, OpenSSL, and Linux running on an Intel-based server. We analyze TLS costs using application, library, and kernel profiling, and use the profiles to illustrate when and how different costs are incurred, such as bulk data encryption, public key encryption, private key decryption, and MAC-based verification. We show that using TLS can reduce performance by up to a factor of 20 compared to the typical case of SIP over UDP. The primary factor in determining performance is whether and how TLS connection establishment is performed, due to the heavy costs of RSA operations used for session negotiation. This depends both on how the SIP proxy is deployed (e.g., as an inbound or outbound proxy) and what TLS options are used (e.g., mutual authentication, session reuse). The cost of symmetric key operations such as AES or 3DES, in contrast, tends to be small. Network operators deploying SIP over TLS should attempt to maximize the persistence of secure connections, and will need to assess the server resources required. To aid them, we provide a measurement-driven cost model for use in provisioning SIP servers using TLS. Our cost model predicts performance within 15 percent on average