9 research outputs found
Secure Real-time Data Transmission for Drone Delivery Services using Forward Prediction Scheduling SCTP
Drone technology is considered the most effective solution for the improvement of various industrial fields. As a delivery service, drones need a secure communication system that is also able to manage all of the information data in real-time. However, because the data transmission process occurs in a wireless network, data will be sent over a channel that is more unstable and vulnerable to attack. Thus, this research, purposes a Forward Prediction Scheduling-based Stream Control Transmission Protocol (FPS-SCTP) scheme that is implemented on drone data transmission system. This scheme supports piggybacking, multi-streaming, and Late Messages Filter (LMF) which will improve the real-time transmission process in IEEE 802.11 wireless network. Meanwhile, on the cybersecurity aspect, this scheme provides the embedded option feature to enable the encryption mechanism using AES and the digital signatures mechanism using ECDSA. The results show that the FPS-SCTP scheme has better network performance than the default SCTP, and provides full security services with low computation time. This research contributes to providing a communication protocol scheme that is suitable for use on the internet of drones’ environment, both in real-time and reliable security levels
On Robustness and Countermeasures of Reliable Server Pooling Systems against Denial of Service Attacks
Abstract. The Reliable Server Pooling (RSerPool) architecture is the IETF's novel approach to standardize a light-weight protocol framework for server redundancy and session failover. It combines ideas from different research areas into a single, resource-efficient and unified architecture. While there have already been a number of contributions on the performance of RSerPool for its main tasks -pool management, load distribution and failover handling -the robustness of the protocol framework has not yet been evaluated against intentional attacks. The first goal of this paper is to provide a robustness analysis. In particular, we would like to outline the attack bandwidth necessary for a significant impact on the service. Furthermore, we present and evaluate our countermeasure approach to significantly reduce the impact of attacks
Um estudo experimental dos protocolos TCP, SCTP e XTP
Dissertação (mestrado) - Universidade Federal de Santa Catarina, Centro Tecnológico. Programa de Pós-Graduação em Ciência da ComputaçãoNas redes de dados das operadoras de telefonia celular é fundamental que o protocolo utilizado na comunicação entre terminais seja confiável e seguro e que possa prover o máximo de garantias a integridade dos dados. Os protocolos usualmente utilizados na comunidade cientÃfica fazem parte da pilha TCP/IP. O protocolo UDP não acrescenta confiabilidade à rede e apenas implementa a multiplexação. Por outro lado, o protocolo TCP tem a vantagem de ser um protocolo confiável possuindo conexões ponto-a-ponto. Na rede de telefonia celular, considera-se nas maioria das vezes o protocolo TCP e deseja-se que as vantagens de UDP existam no TCP. Desta forma, nessa dissertação optou-se pelo estudo dos protocolos SCTP e XTP por possuÃrem tais caracterÃsticas em comum e acrescentar alguns diferenciais. Entre os recursos que mais de destacam no SCTP estão a transmissão de mensagens indivisÃveis, múltiplos fluxos de mensagens por conexão, variação da confiabilidade das mensagens, entre outras. Por outro lado o XTP tem como caracterÃsticas trabalhar em aplicações de alto desempenho, e por possuir similaridades com o TCP. A proposta deste trabalho de pesquisa é de prover um estudo empÃrico utilizando-se dos protocolos TCP, SCTP e XTP. O estudo caracteriza-se por considerar os recursos do SCTP e XTP, a fim de demonstrar em uma rede real interna de uma operadora de telefonia móvel o diferencial dos mesmos suportando protocolos de aplicação e simulando diversas condições de rede
A new security extension for SCTP
In 2000, the Signaling Transport (SIGTRAN) working group of the IETF defined the Stream Control Transmission Protocol (SCTP) as a new transport protocol. SCTP is a new multi-purpose reliable transport protocol. Due to its various features and easy extensibility it is a valid option not only for already standardised applications but also in many new application scenarios. SCTP has several advantages over TCP and UDP. The analysis of already standardised as well as potential SCTP application scenarios clearly indicates that secure end-to-end transport is one of the crucial requirements for SCTP in the future. Up to now there exist two standardised SCTP security solutions which are called TLS over SCTP [37] and SCTP over IPSec [12]. The goal of this thesis was to evaluate existing SCTP security solutions and find an optimised and efficient security solution. Several drawbacks of the standardised SCTP security solutions identified during the analysis are mainly related to features distinguishing SCTP from TCP and UDP. To avoid these drawbacks a new security solution for SCTP, called Secure SCTP (S-SCTP), is proposed which integrates the cryptographic functions into SCTP. One main requirement was that S-SCTP should be fully compatible with standard SCTP while additionally providing strong security i.e. data confidentiality, integrity and authentication. This also means that all features, options and extensions available for standard SCTP have to be supported. Furthermore, S-SCTP should have advantages with respect to performance over all parameter ranges of SCTP and be user-friendly. To specify the S-SCTP protocol extension several new control messages and new message parameters have been defined. Furthermore, procedures for initialisation, rekeying, and termination of secure sessions have been specified and modelled in SDL. Based on an SCTP implementation available in our group and an open source implementation of TLS, TLS over SCTP and S-SCTP have been implemented. These implementations as well as an SCTP over IPSec configuration were used to do comparative performance studies in a lab testbed. These experiments show that the S-SCTP concept achieves its design goals. It supports all features and current extensions of SCTP. Furthermore, it avoids the inefficiencies of the other solutions over a wide range of application scenarios and protocol parameter settings
SCTP - Evaluating, Improving and Extending the Protocol for Broader Deployment
Zugriff auf den Volltext ist gesperrt, neue Version unter DuEPublico-ID 35000
The Stream Control Transmission Protocol (SCTP), originally designed for
the transport of signaling messages over IP based telephony signaling networks,
is a general transport protocol with features suitable for a variety
of applications that can benefit from multihoming, multiple streams, or one
of SCTP’s numerous extensions. To date, SCTP has found its way into all
kernel implementations of UNIX derivatives and a Windows prototype, but
there are still flaws, which have to be identified and corrected.
In this thesis, first, a suite of tools consisting of an SCTP simulation and
testing environment is provided to lay the groundwork for further studies.
Starting from comparing and analyzing kernel implementations, several aspects
of the protocol that lead to undesirable behavior are examined. Congestion
and flow control that are adopted from the Transmission Control
Protocol (TCP), although using the same mechanisms, need a special treatment
because of SCTP’s message orientation. The analysis of the SCTP
specific characteristics with the help of the simulation will finally result in
solutions that lead to a better performance.
The deployment of SCTP will be another concern that can be improved
by introducing a specific Network Address Translation (NAT) for SCTP.Zugriff auf den Volltext ist gesperrt, neue Version unter DuEPublico-ID 35000
Das Stream Control Transmission Protocol (SCTP) wurde ursprünglich für
den Transport von Signalisierungsnachrichten über IP basierte Netze konzipiert.
Inzwischen hat es sich jedoch zu einem allgemeinen Transportprotokoll
entwickelt, das einzigartige Eigenschaften besitzt. Daher ist es
besonders für Anwendungen interessant, die von mehreren Netzwerkadressen
pro Verbindung (Multihoming), mehreren unabhängigen Nachrichtenströmen
oder einer der zahlreichen Protokollerweiterungen profitieren können. Mittlerweile
hat SCTP in die Betriebssystemkerne aller UNIX-Derivate und eines
Windows Prototyps Einzug gehalten, aber es gibt noch Mängel, deren Ursachen
es zu entdecken und zu korrigieren gilt.
In dieser Dissertation wird zunächst eine Reihe von Werkzeugen bereitgestellt,
um die Grundlage für weitere Untersuchungen zu schaffen. Ausgehend
von der Analyse und dem Vergleich von Implementierungen im Systemkern
verschiedener Betriebssysteme werden einige Aspekte des Protokolls
untersucht, die zu unerwünschtem Verhalten führen. Die Prinzipien der
Ãœberlast- und Flusskontrolle wurden vom stream-orientierten Transmission
Control Protocol (TCP) übernommen und benutzen daher dieselben Mechanismen.
SCTP als nachrichtenorientiertes Protokoll benötigt jedoch eine
diesem Unterschied Rechnung tragende Implementierung der Algorithmen.
Die Analyse von SCTP-spezifischen Charakteristika mithilfe der Simulation
wird schließlich zu Lösungen führen und zu einer Verbesserung des Durchsatzes.
Ein weiteres Anliegen dieser Arbeit ist die Verbreitung von SCTP. Sie
kann durch die Einführung einer SCTP-spezifischen Methode zur Umsetzung
von Netzwerkadressen (Network Address Translation (NAT)) verbessert werden
Reliable Server Pooling - Evaluierung, Optimierung und Erweiterung einer neuen IETF-Architektur
The Reliable Server Pooling (RSerPool) architecture currently under
standardization by the IETF RSerPool Working Group is an overlay network framework to provide server replication and session failover capabilities to applications using it. These functionalities as such are not new, but their combination into one generic, application-independent framework is. Initial goal of this thesis is to gain insight into the complex RSerPool mechanisms by performing experimental and simulative proof-of-concept tests. The further goals are to systematically validate the RSerPool architecture and its protocols, provide improvements and optimizations where necessary and propose extensions if useful. Based on these evaluations, recommendations to implementers and users of RSerPool should be provided, giving guidelines for the tuning of system parameters and the appropriate configuration of application scenarios. In particular, it is also a goal to transfer insights, optimizations and extensions of the RSerPool protocols from simulation to reality and also to bring the achievements from research into application by supporting and contributing relevant results to the IETF's ongoing RSerPool standardization process. To achieve the described goals, a prototype implementation as well as a simulation model are designed and realized at first. Using a generic application model and appropriate performance metrics, the performance of RSerPool systems in failure-free and server failure scenarios is systematically evaluated in order to identify critical parameter ranges and problematic protocol behaviour. Improvements developed as result of these performance analyses are evaluated and finally contributed into the standardization process of RSerPool
Arquitectura de red de acceso móvil de cuarta generación : mobile-IP RAN
Esta tesis aborda el problema de las arquitecturas de acceso radio, en el ámbito de las redes móviles de cuarta generación definidas en entornos de movilidad IP. Uno de los principales beneficios del uso estas propuestas es la simplificación de la red móvil, haciéndola menos dependiente de la tecnologÃa de acceso radio, y por ende permitiendo el uso de una red troncal común a las diferentes tecnologÃas radio existentes. En estas redes, la movilidad del terminal, la infraestructura de red y la seguridad son los aspectos más importantes que se han tomado en consideración en su diseño. A pesar de los avances en la investigación y estandarización de los mecanismos de movilidad basados en IP, existen aún limitaciones en la funcionalidad ofrecida por las redes de acceso radio propuestas. Estas limitaciones se refieren a servicios de la red de acceso radio, que no son especÃficos al nivel de red (IP), pero que deben ofrecerse por la red para el correcto funcionamiento de los servicios generales de la red móvil, e incluyen los servicios de gestión de los recursos radio, movilidad (handover), sincronización de usuario y red, descubrimiento de servicios y cálculo de la posición del móvil. El objetivo principal de esta tesis es la definición de una red de acceso radio basada en IP móvil que integre las principales funciones de las redes de acceso móvil de tercera generación y aquellas consideradas de cuarta generación. Esta nueva arquitectura permite compartir la infraestructura de acceso radio entre las distintas tecnologÃas radio existentes, simplificando la red y los costos asociados. Asimismo, los proveedores de servicios móviles podrán incorporar de forma integrada nuevas tecnologÃas radio, sin necesidad de añadir más infraestructura que la equivalente a las estaciones base. Las aportaciones principales de esta tesis, dentro del objetivo general, se pueden resumir de la siguiente manera. En primer lugar, se definen los requisitos que debe cumplir la red de acceso móvil de cuarta generación, en cuanto a los servicios de red y usuario proporcionados. La segunda aportación, y considerada la aportación principal, es la definición de una arquitectura de red de acceso basada en IPv6 móvil, denominada Mobile-IP RAN, que incluye la definición de los elementos de red que la componen, asà como sus interfaces y protocolos, que permite ofrecer los servicios de acceso a la red, movilidad de usuario, transferencia de datos, sincronización y localización de usuarios. Como parte de la arquitectura, se define, a través de diagramas de secuencia de mensajes, el comportamiento dinámico de las principales funciones proporcionadas por la red de acceso propuesta. Por último, se lleva a cabo la evaluación de los modelos de movilidad, de determinación de la posición (como parte del servicio de localización de usuario) y de sincronización propuestos, analizando sus parámetros fundamentales que permitan optimizar el desempeño de estos modelos, asà como su aplicabilidad en las distintas redes de acceso radio. ______________________________________________This thesis approaches the architecture of radio access networks in the context of fourth
generation mobile networks, these being defined in IP mobility environments. One of the main
benefits of these proposals is the simplification of the mobile network, now less dependent of the
radio access technologies, and allowing the use of a common core network for all existing radio
technologies. On these proposals, user mobility, network infrastructure and security are main
aspects considered on the design.
In spite of the advances on research and standardization of the IP-based mobility mechanisms,
there are still limitations in the features offered by the proposed radio access networks. These
limitations refers to radio access network service features, not specific to the (IP) network layer,
but necessary for the correct operation of the general network and user services, that includes
radio resource management, mobility (e.g. handover), network and user synchronization, service
discovery and user position calculation.
The main objective of this thesis is the definition of a radio access network architecture based on
Mobile IPv6 that integrates the main features of the third-generation mobile access networks and
those of the fourth generation. This architecture allows the use of the radio access infrastructure
among the different existing radio access technologies, simplifying the network and its associated
costs. Moreover, with this architecture, mobile service providers may incorporate new radio
technologies in a seamless way, without adding more infrastructure than the base stations.
The main contributions of this work can be summarized as follows. First, we define the
requirements of the fourth-generation radio access networks related to the network and user
services provided.
Second, and considered the main contribution of this thesis, is the definition of a Mobile-IPv6
based radio access network architecture, named Mobile-IP RAN, that includes the definition of its
network elements, as well as its network interfaces and protocols, that allow services including
network access, user mobility, user data transfer, synchronization and location services. As part
of the architecture, and through the use of Message Sequence Charts, we define the dynamic
behavior of the main features offered by the proposed access network.
Last, we perform the evaluation of the proposed mobility, position determination and
synchronization models, analyzing their main parameters as well as their applicability in different
radio access networks