Cost-effective HPC clustering for computer vision applications

We will present a cost-effective and flexible realization of high performance computing (HPC) clustering and its potential in solving computationally intensive problems in computer vision. The featured software foundation to support the parallel programming is the GNU parallel Knoppix package with message passing interface (MPI) based Octave, Python and C interface capabilities. The implementation is especially of interest in applications where the main objective is to reuse the existing hardware infrastructure and to maintain the overall budget cost. We will present the benchmark results and compare and contrast the performances of Octave and MATLAB

Mitigating Threats in IoT Network using Device Isolation

In recent years, the proliferation of the Internet of Things (IoT) is seen across various sectors. There is a sharp inclination towards using IoT devices in both home and office premises. Many traditional manufacturers are enhancing their traditional appliances into IoT devices. With the myriad of devices in the market, there also exist vulnerable devices which can be exploited by adversaries. Several security solutions are trying to address different areas of security such as network security, privacy, threat detection, etc. IoT Sentinel is one such novel system that can identify device types based on their pattern of communication. IoT Sentinel proposes several isolation levels that can be used to control the traffic of devices identified as vulnerable. IoT Sentinel uses a Software-defined Networking (SDN) component for controlling the traffic flow for devices and isolating them. In this thesis, we develop a solution to extend IoT Sentinel for device isolation, which is not dependent on SDN. The goal is to build a generic and deployable solution for network segmentation and device isolation that is suitable for home networks. The system divides the network into isolated subnets and places new devices into appropriate subnets. Communication between the subnets is controlled using a firewall thereby isolating them. We dynamically configure a DHCP server to place (lease IP address) new IoT devices identified by IoT Sentinel into appropriate subnets based on their level of vulnerability. Using our solution, we can confine vulnerable devices. Thus, the solution minimizes the damage that could be caused by vulnerable devices present in a network. Finally, we evaluate the developed solution for its security requirement of device isolation. We also present the performance evaluation of our solution based on time-delay and throughput analysis. We observe that our solution adds an acceptable delay to the existing IoT Sentinel processes. We also observe that the system throughput is not significantly affected by firewall rules in a home network scenario

Honeynet design and implementation

Over the past decade, webcriminality has become a real issue. Because they allow the botmasters to control hundreds to millions of machines, botnets became the first-choice attack platform for the network attackers, to launch distributed denial of service attacks, steal sensitive information and spend spam emails. This work aims at designing and implementing a honeynet, specific to IRC bots. Our system works in 3 phasis: (1) binaries collection, (2) simulation, and (3) activity capturing and monitoring. Our phase 2 simulation uses an IRC redirection to extract the connection information thanks to a IRC redirection (using a DNS redirection and a "fakeserver"). In phase 3, we use the information previously extracted to launch our honeyclient, which will capture and monitor the traffic on the C&C channel. Thanks to our honeynet, we create a database of the activity of IRC botnets (their connection characteristics, commands on the C&C ), and hope to learn more about their behavior and the underground market they create.M.S.Committee Chair: Wenke Lee; Committee Member: Jonathon Giffin; Committee Member: Mustaque Ahama

Configuration of OpenWRT System Using NETCONF Protocol

Cílem práce je konfigurace platformy OpenWrt s využitím protokolu NETCONF. Na komunikaci pomocí protokolu NETCONF byly použity stávající nástroje ve formě knihovny libnetconf a sady nástrojů Netopeer. Implementační část se zabývá vývojem modulů na konfiguraci systému a síťových rozhraní.The aim of this thesis is OpenWrt platform configuration using the NETCONF protocol. Existing tools such as libnetconf library and Netopeer toolset were used for the communication using the NETCONF protocol. Implementation part deals with the development of modules for system and network interfaces configuration.

Descoberta de serviços independentes do acesso para redes heterogéneas

Mestrado em Engenharia de Computadores e TelemáticaA recente proliferação de nós móveis com múltiplas interfaces sem fios e a constituição de ambientes heterogéneos possibilitaram a criação de cenários complexos onde os operadores de rede necessitam de disponibilizar conectividade para diferentes tipos de redes de acesso. Assim, a norma IEEE 802.21 foi especificada de forma a facilitar e optimizar os procedimentos de handover entre diferentes tecnologias de acesso sem perda de conectividade. Para cumprir o seu propósito, a norma disponibiliza serviços chamados Media Independent Handover e que permitem o controlo e a obtenção de informação de diferentes ligações. A configuração estática destes serviços por parte do nó móvel torna-se ineficiente devido aos múltiplos cenários possíveis. Desta forma, o nó móvel deve descobrir nós da rede que providenciem serviços de mobilidade e as suas capacidade de uma forma dinâmica. Nesta dissertação, um conjunto de mecanismos para descoberta de serviços de handover independentes do acesso são analisados, implementados e avaliados em termos de duração e quantidade de informação trocada. Um novo mecanismo de descoberta de entidades locais é também proposto e avaliado, demonstrando que a sua utilização aumenta o desempenho e requer a troca de menos quantidade de informação.The recent proliferation of mobile nodes with multiple wireless interfaces, in addition to the creation of heterogeneous environments, created complex scenarios where network operators need to provide connectivity for di erent kinds of access networks. Therefore, the IEEE 802.21 standard has been speci ed to facilitate and optimize handover procedures between di erent access technologies in a seamless way. To ful l its purpose, it provides Media Independent Handover services which allow the control and gathering of information from di erent links. The static con guration of these services by the MN becomes ine cient due to the amount of possible scenarios. Thus, the MN must discover the network-supporting nodes and their capabilities in a dynamic way. In this work, a series of proposed Media Independent Handover discovery procedures are analyzed, implemented and evaluated in terms of duration and amount of exchanged information. In addition, a novel discovery procedure for local entities is proposed and evaluated, showing that its deployment increases the performance and requires less information exchanged

Raspberry Pi VPN Travel Router

Consumers are increasingly relying on public wireless hotspots to access the internet from a growing number of devices. Usage of these hotspots has expanded from just laptops to everything from iPhones to tablets, which are expected to be internet-connected for full functionality. It has become common for one to check if there’s an open wireless hotspot connection available at places like coffee shops, hotels, restaurants, or even a doctor’s waiting room. The issue that arises is that these public connections present an inherent security risk, as anyone can connect and gain access to the network. For increased security, the use of a Virtual Private Network (VPN) is often recommended while connected to a public network, especially for sensitive data. Individuals can choose from a variety of VPN providers today, but are usually required to download a software client for each of their devices they want to connect to the VPN. My project involves the use of a Raspberry Pi serving as a VPN router to provide secure internet access for connected devices. The Pi is connected to the internet via either a wireless or wired ethernet interface, and in turn provides a VPN connection through a wireless access point. When a computer or mobile device connects to the Pi, all traffic is routed through the VPN tunnel before reaching the internet. No software client is required for devices to connect as the Pi handles connecting to the VPN service and all required routing. Any number of devices with different operating systems can utilize the Pi’s secure network, as the process is no different than accessing a standard wireless access point

Multi-purpose embedded communication gateway : system design and testbed implementation

Masteroppgave i Informasjons- og kommunikasjonsteknologi IKT590 Universitetet i Agder 2014This dissertation revolves around developing a multi-purpose embedded communication gateway. The gateway is equipped with multiple communication interfaces including Ethernet, Bluetooth, WiFi, Zigbee, LTE, and it can be configured and utilized for many purposes, such as a failover of an Ethernet cable via 4G in order to maintain the network connectivity. Raspberry Pi circuit board and the operating system Raspbian are selected as the hardware and the software platforms respectively. Different communication interfaces are coordinated by the Raspberry Pi and are configured via Linux scripts according to various use cases. Furthermore, a hardware watchdog is adopted to enhance the availability of system. In addition, the system is encapsulated into a box to increase its portability. The system is validated and evaluated through rigorous test-bed experiments. Experiment results indicate that the developed router works smoothly and reliably in environments with little electrical disturbances

STATEFUL METHOD FOR ACCESS POINT DISCOVERY OF WIRELESS LOCAL AREA NETWORK CONTROLLER

Access points (APs) for a wireless local area network (WLAN) can discover a wireless LAN controller (WLC) address (in order to establish a management session with the WLC) through a variety of mechanisms, such as Dynamic Host Configuration Protocol (DHCP) option 43 mechanisms, Domain Name System (DNS) server mechanisms, and Layer 2 (L2) broadcast discovery mechanisms. The DHCP discovery mechanism is the most commonly used mechanism for WLC discovery but is a laborious and manual task that may be prone to errors. Techniques proposed herein provide an easy to use, stateful, and reliable mechanism through which an AP can discover a WLC by leveraging a DHCP relay agent that can forward DHCP packets between clients and servers. The techniques involve various functionalities including, but not limited to, a stateful process that can be used to measure reachability and latency to each configured WLC Internet Protocol (IP) address, the creation of an updated priority list of WLC IP addresses based on network latency, and the inline insertion of the list of WLC IP addresses in the DHCP exchange between a server and AP