Secure Real-time Data Transmission for Drone Delivery Services using Forward Prediction Scheduling SCTP

Drone technology is considered the most effective solution for the improvement of various industrial fields. As a delivery service, drones need a secure communication system that is also able to manage all of the information data in real-time.  However, because the data transmission process occurs in a wireless network, data will be sent over a channel that is more unstable and vulnerable to attack. Thus, this research, purposes a  Forward Prediction Scheduling-based Stream Control Transmission Protocol (FPS-SCTP) scheme that is implemented on drone data transmission system. This scheme supports piggybacking, multi-streaming, and Late Messages Filter (LMF) which will improve the real-time transmission process in IEEE 802.11 wireless network. Meanwhile, on the cybersecurity aspect, this scheme provides the embedded option feature to enable the encryption mechanism using AES and the digital signatures mechanism using ECDSA. The results show that the FPS-SCTP scheme has better network performance than the default SCTP, and provides full security services with low computation time. This research contributes to providing a communication protocol scheme that is suitable for use on the internet of drones’ environment, both in real-time and reliable security levels

On Robustness and Countermeasures of Reliable Server Pooling Systems against Denial of Service Attacks

Abstract. The Reliable Server Pooling (RSerPool) architecture is the IETF's novel approach to standardize a light-weight protocol framework for server redundancy and session failover. It combines ideas from different research areas into a single, resource-efficient and unified architecture. While there have already been a number of contributions on the performance of RSerPool for its main tasks -pool management, load distribution and failover handling -the robustness of the protocol framework has not yet been evaluated against intentional attacks. The first goal of this paper is to provide a robustness analysis. In particular, we would like to outline the attack bandwidth necessary for a significant impact on the service. Furthermore, we present and evaluate our countermeasure approach to significantly reduce the impact of attacks

Um estudo experimental dos protocolos TCP, SCTP e XTP

Dissertação (mestrado) - Universidade Federal de Santa Catarina, Centro Tecnológico. Programa de Pós-Graduação em Ciência da ComputaçãoNas redes de dados das operadoras de telefonia celular é fundamental que o protocolo utilizado na comunicação entre terminais seja confiável e seguro e que possa prover o máximo de garantias a integridade dos dados. Os protocolos usualmente utilizados na comunidade científica fazem parte da pilha TCP/IP. O protocolo UDP não acrescenta confiabilidade à rede e apenas implementa a multiplexação. Por outro lado, o protocolo TCP tem a vantagem de ser um protocolo confiável possuindo conexões ponto-a-ponto. Na rede de telefonia celular, considera-se nas maioria das vezes o protocolo TCP e deseja-se que as vantagens de UDP existam no TCP. Desta forma, nessa dissertação optou-se pelo estudo dos protocolos SCTP e XTP por possuírem tais características em comum e acrescentar alguns diferenciais. Entre os recursos que mais de destacam no SCTP estão a transmissão de mensagens indivisíveis, múltiplos fluxos de mensagens por conexão, variação da confiabilidade das mensagens, entre outras. Por outro lado o XTP tem como características trabalhar em aplicações de alto desempenho, e por possuir similaridades com o TCP. A proposta deste trabalho de pesquisa é de prover um estudo empírico utilizando-se dos protocolos TCP, SCTP e XTP. O estudo caracteriza-se por considerar os recursos do SCTP e XTP, a fim de demonstrar em uma rede real interna de uma operadora de telefonia móvel o diferencial dos mesmos suportando protocolos de aplicação e simulando diversas condições de rede

A new security extension for SCTP

In 2000, the Signaling Transport (SIGTRAN) working group of the IETF defined the Stream Control Transmission Protocol (SCTP) as a new transport protocol. SCTP is a new multi-purpose reliable transport protocol. Due to its various features and easy extensibility it is a valid option not only for already standardised applications but also in many new application scenarios. SCTP has several advantages over TCP and UDP. The analysis of already standardised as well as potential SCTP application scenarios clearly indicates that secure end-to-end transport is one of the crucial requirements for SCTP in the future. Up to now there exist two standardised SCTP security solutions which are called TLS over SCTP [37] and SCTP over IPSec [12]. The goal of this thesis was to evaluate existing SCTP security solutions and find an optimised and efficient security solution. Several drawbacks of the standardised SCTP security solutions identified during the analysis are mainly related to features distinguishing SCTP from TCP and UDP. To avoid these drawbacks a new security solution for SCTP, called Secure SCTP (S-SCTP), is proposed which integrates the cryptographic functions into SCTP. One main requirement was that S-SCTP should be fully compatible with standard SCTP while additionally providing strong security i.e. data confidentiality, integrity and authentication. This also means that all features, options and extensions available for standard SCTP have to be supported. Furthermore, S-SCTP should have advantages with respect to performance over all parameter ranges of SCTP and be user-friendly. To specify the S-SCTP protocol extension several new control messages and new message parameters have been defined. Furthermore, procedures for initialisation, rekeying, and termination of secure sessions have been specified and modelled in SDL. Based on an SCTP implementation available in our group and an open source implementation of TLS, TLS over SCTP and S-SCTP have been implemented. These implementations as well as an SCTP over IPSec configuration were used to do comparative performance studies in a lab testbed. These experiments show that the S-SCTP concept achieves its design goals. It supports all features and current extensions of SCTP. Furthermore, it avoids the inefficiencies of the other solutions over a wide range of application scenarios and protocol parameter settings

SCTP - Evaluating, Improving and Extending the Protocol for Broader Deployment

Zugriff auf den Volltext ist gesperrt, neue Version unter DuEPublico-ID 35000 The Stream Control Transmission Protocol (SCTP), originally designed for the transport of signaling messages over IP based telephony signaling networks, is a general transport protocol with features suitable for a variety of applications that can benefit from multihoming, multiple streams, or one of SCTP’s numerous extensions. To date, SCTP has found its way into all kernel implementations of UNIX derivatives and a Windows prototype, but there are still flaws, which have to be identified and corrected. In this thesis, first, a suite of tools consisting of an SCTP simulation and testing environment is provided to lay the groundwork for further studies. Starting from comparing and analyzing kernel implementations, several aspects of the protocol that lead to undesirable behavior are examined. Congestion and flow control that are adopted from the Transmission Control Protocol (TCP), although using the same mechanisms, need a special treatment because of SCTP’s message orientation. The analysis of the SCTP specific characteristics with the help of the simulation will finally result in solutions that lead to a better performance. The deployment of SCTP will be another concern that can be improved by introducing a specific Network Address Translation (NAT) for SCTP.Zugriff auf den Volltext ist gesperrt, neue Version unter DuEPublico-ID 35000 Das Stream Control Transmission Protocol (SCTP) wurde ursprünglich für den Transport von Signalisierungsnachrichten über IP basierte Netze konzipiert. Inzwischen hat es sich jedoch zu einem allgemeinen Transportprotokoll entwickelt, das einzigartige Eigenschaften besitzt. Daher ist es besonders für Anwendungen interessant, die von mehreren Netzwerkadressen pro Verbindung (Multihoming), mehreren unabhängigen Nachrichtenströmen oder einer der zahlreichen Protokollerweiterungen profitieren können. Mittlerweile hat SCTP in die Betriebssystemkerne aller UNIX-Derivate und eines Windows Prototyps Einzug gehalten, aber es gibt noch Mängel, deren Ursachen es zu entdecken und zu korrigieren gilt. In dieser Dissertation wird zunächst eine Reihe von Werkzeugen bereitgestellt, um die Grundlage für weitere Untersuchungen zu schaffen. Ausgehend von der Analyse und dem Vergleich von Implementierungen im Systemkern verschiedener Betriebssysteme werden einige Aspekte des Protokolls untersucht, die zu unerwünschtem Verhalten führen. Die Prinzipien der Überlast- und Flusskontrolle wurden vom stream-orientierten Transmission Control Protocol (TCP) übernommen und benutzen daher dieselben Mechanismen. SCTP als nachrichtenorientiertes Protokoll benötigt jedoch eine diesem Unterschied Rechnung tragende Implementierung der Algorithmen. Die Analyse von SCTP-spezifischen Charakteristika mithilfe der Simulation wird schließlich zu Lösungen führen und zu einer Verbesserung des Durchsatzes. Ein weiteres Anliegen dieser Arbeit ist die Verbreitung von SCTP. Sie kann durch die Einführung einer SCTP-spezifischen Methode zur Umsetzung von Netzwerkadressen (Network Address Translation (NAT)) verbessert werden

Reliable Server Pooling - Evaluierung, Optimierung und Erweiterung einer neuen IETF-Architektur

The Reliable Server Pooling (RSerPool) architecture currently under standardization by the IETF RSerPool Working Group is an overlay network framework to provide server replication and session failover capabilities to applications using it. These functionalities as such are not new, but their combination into one generic, application-independent framework is. Initial goal of this thesis is to gain insight into the complex RSerPool mechanisms by performing experimental and simulative proof-of-concept tests. The further goals are to systematically validate the RSerPool architecture and its protocols, provide improvements and optimizations where necessary and propose extensions if useful. Based on these evaluations, recommendations to implementers and users of RSerPool should be provided, giving guidelines for the tuning of system parameters and the appropriate configuration of application scenarios. In particular, it is also a goal to transfer insights, optimizations and extensions of the RSerPool protocols from simulation to reality and also to bring the achievements from research into application by supporting and contributing relevant results to the IETF's ongoing RSerPool standardization process. To achieve the described goals, a prototype implementation as well as a simulation model are designed and realized at first. Using a generic application model and appropriate performance metrics, the performance of RSerPool systems in failure-free and server failure scenarios is systematically evaluated in order to identify critical parameter ranges and problematic protocol behaviour. Improvements developed as result of these performance analyses are evaluated and finally contributed into the standardization process of RSerPool

Arquitectura de red de acceso móvil de cuarta generación : mobile-IP RAN

Esta tesis aborda el problema de las arquitecturas de acceso radio, en el ámbito de las redes móviles de cuarta generación definidas en entornos de movilidad IP. Uno de los principales beneficios del uso estas propuestas es la simplificación de la red móvil, haciéndola menos dependiente de la tecnología de acceso radio, y por ende permitiendo el uso de una red troncal común a las diferentes tecnologías radio existentes. En estas redes, la movilidad del terminal, la infraestructura de red y la seguridad son los aspectos más importantes que se han tomado en consideración en su diseño. A pesar de los avances en la investigación y estandarización de los mecanismos de movilidad basados en IP, existen aún limitaciones en la funcionalidad ofrecida por las redes de acceso radio propuestas. Estas limitaciones se refieren a servicios de la red de acceso radio, que no son específicos al nivel de red (IP), pero que deben ofrecerse por la red para el correcto funcionamiento de los servicios generales de la red móvil, e incluyen los servicios de gestión de los recursos radio, movilidad (handover), sincronización de usuario y red, descubrimiento de servicios y cálculo de la posición del móvil. El objetivo principal de esta tesis es la definición de una red de acceso radio basada en IP móvil que integre las principales funciones de las redes de acceso móvil de tercera generación y aquellas consideradas de cuarta generación. Esta nueva arquitectura permite compartir la infraestructura de acceso radio entre las distintas tecnologías radio existentes, simplificando la red y los costos asociados. Asimismo, los proveedores de servicios móviles podrán incorporar de forma integrada nuevas tecnologías radio, sin necesidad de añadir más infraestructura que la equivalente a las estaciones base. Las aportaciones principales de esta tesis, dentro del objetivo general, se pueden resumir de la siguiente manera. En primer lugar, se definen los requisitos que debe cumplir la red de acceso móvil de cuarta generación, en cuanto a los servicios de red y usuario proporcionados. La segunda aportación, y considerada la aportación principal, es la definición de una arquitectura de red de acceso basada en IPv6 móvil, denominada Mobile-IP RAN, que incluye la definición de los elementos de red que la componen, así como sus interfaces y protocolos, que permite ofrecer los servicios de acceso a la red, movilidad de usuario, transferencia de datos, sincronización y localización de usuarios. Como parte de la arquitectura, se define, a través de diagramas de secuencia de mensajes, el comportamiento dinámico de las principales funciones proporcionadas por la red de acceso propuesta. Por último, se lleva a cabo la evaluación de los modelos de movilidad, de determinación de la posición (como parte del servicio de localización de usuario) y de sincronización propuestos, analizando sus parámetros fundamentales que permitan optimizar el desempeño de estos modelos, así como su aplicabilidad en las distintas redes de acceso radio. ______________________________________________This thesis approaches the architecture of radio access networks in the context of fourth generation mobile networks, these being defined in IP mobility environments. One of the main benefits of these proposals is the simplification of the mobile network, now less dependent of the radio access technologies, and allowing the use of a common core network for all existing radio technologies. On these proposals, user mobility, network infrastructure and security are main aspects considered on the design. In spite of the advances on research and standardization of the IP-based mobility mechanisms, there are still limitations in the features offered by the proposed radio access networks. These limitations refers to radio access network service features, not specific to the (IP) network layer, but necessary for the correct operation of the general network and user services, that includes radio resource management, mobility (e.g. handover), network and user synchronization, service discovery and user position calculation. The main objective of this thesis is the definition of a radio access network architecture based on Mobile IPv6 that integrates the main features of the third-generation mobile access networks and those of the fourth generation. This architecture allows the use of the radio access infrastructure among the different existing radio access technologies, simplifying the network and its associated costs. Moreover, with this architecture, mobile service providers may incorporate new radio technologies in a seamless way, without adding more infrastructure than the base stations. The main contributions of this work can be summarized as follows. First, we define the requirements of the fourth-generation radio access networks related to the network and user services provided. Second, and considered the main contribution of this thesis, is the definition of a Mobile-IPv6 based radio access network architecture, named Mobile-IP RAN, that includes the definition of its network elements, as well as its network interfaces and protocols, that allow services including network access, user mobility, user data transfer, synchronization and location services. As part of the architecture, and through the use of Message Sequence Charts, we define the dynamic behavior of the main features offered by the proposed access network. Last, we perform the evaluation of the proposed mobility, position determination and synchronization models, analyzing their main parameters as well as their applicability in different radio access networks