Implementation and Analysis of the IP Measurement Protocol (IPMP)

The increased size and complexity of the Internet necessitates a more substantial measurement protocol than is currently available. This work explores the IP Measurement Protocol, providing background information, covering the development of a reference implementation, and finally comparing its accuracy, overhead, and ease of implementation to the current generation of protocols used in network measurement. Vmware, a hardware simulation application, was used to simulate a network on which to test IPMP, as well as compare it to current generation tools. Ipmp_ping, a tool written to test IPMP, was pitted against ping and traceroute in order to attain round trip time, one-way delay, and path discovery measurements. The accuracy and overhead of these tools were compared to each other. Although ipmp_ping had more overhead than ping when measuring round trip time, it was just as accurate and more capable. Ipmp_ping proved to be much more efficient than traceroute with similar accuracy. Overall, ipmp_ping was as accurate and had negligibly more or significantly less overhead than the tools it was compared to while providing more functionality and being easy to implement

Sårbarhetsvurdering av tidstjenesten NTP med fokus på tjenestenekt og integritetsangrep

Samtidig med at datasystemer øker i kompleksitet og utbredelse, stilles det stadig større krav til et samspill mellom de ulike enhetene i systemet. I de fleste moderne nettverk er tidssynkronisering en viktig del av dette samspillet. Likevel er tid i informasjonssystemer et fagfelt som på visse områder er preget av usikkerhet. Lite er kjent om datasystemers avhengighet av tid, og enda mindre om hvilke konsekvenser villede angrep mot en tidsleverende tjeneste vil kunne medføre. Denne oppgaven gjennomfører en sårbarhetsvurdering av den tidsleverende tjenesten som i dag har størst utbredelse for bruk over Internett, nemlig Network Time Protocol (NTP). Fokus for sårbarhetsvurderingen er i hvilken grad denne tjenesten kan være utsatt for tjenestenekt og integritetsangrep. Oppgaven omfatter også en teoretisk del som starter med å belyse generelle begreper rundt tid og tid i nettverk. Den går så videre med en spesifikk beskrivelse av NTP og dens oppbygning og arkitektur, før den fordyper seg i de grunnleggende mekanismer og algoritmer som utgjør kjernen i NTPs funksjonalitet. Videre går oppgaven inn i en eksperimentell del, hvor fokus er å teste og gjennomføre angrep knyttet til tjenestenekt og integritet mot potensielle svakheter i protokollen. Denne delen innbefatter egenutvikling av systemer som falsk NTP-demon og ”mellomliggende ruter”. Disse verktøyene spiller en sentral rolle i de angrep som vi tilslutt gjennomfører mot protokollen. Samtlige resultater blir dokumentert underveis med praktiske tester og forsøk

Synchronization of streamed audio between multiple playback devices over an unmanaged IP network

When designing and implementing a prototype supporting inter-destination media synchronization – synchronized playback between multiple devices receiving the same stream – there are a lot of aspects that need to be considered, especially when working with unmanaged networks. Not only is a proper streaming protocol essential, but also a way to obtain and maintain the synchronization of the clocks of the devices. The thesis had a few constraints, namely that the server producing the stream should be written for the .NET-platform and that the clients receiving it should be using the media framework GStreamer. This framework provides methods for both achieving synchronization as well as resynchronization. As the provided resynchro- nization methods introduced distortions in the audio, an alternative method was implemented. This method focused on minimizing the distortions, thus maintain- ing a smooth playback. After the prototype had been implemented, it was tested to see how well it performed under the influence of packet loss and delay. The accuracy of the synchronization was also tested under optimal conditions using two different time synchronization protocols. What could be concluded from this was that a good synchronization could be maintained on unloaded networks using the proposed method, but when introducing delay the prototype struggled more. This was mainly due to the usage of the Network Time Protocol (NTP), which is known to perform badly on networks with asymmetric paths.When working with synchronized playback it is not enough just obtain- ing it – it also needs to be maintained. Implementing a prototype thus involves many parts ranging from choosing a proper streaming protocol, to handling glitch free resynchronization of audio. Synchronization between multiple speakers has a wide area of application, ranging from home entertainment solutions to big malls where announcements should appear synchronized over the entire perimeter. In order to achieve this, two main parts are involved: the streaming of the audio, and the actual synchronization. The streaming itself poses problems mostly since the prototype should not only work on dedicated networks, but rather on all kinds, such as the Internet. As the information over these networks are transmitted in packets, and the path from source to destination crosses many sub networks, the packets may be delayed or even lost. This may create an audible distortion in the playback. The next part is the synchronization. This is most easily achieved by putting a time on each packet stating when in the future it should be played out. If then all receivers play it back at the specified time, synchronization is achieved. This however requires that all the receivers share the idea of when a specific time is – the clocks at all the receivers must be synchronized. By using existing software and hardware solutions, such as the Network Time Protocol (NTP) or the Precision Time Protocol (PTP), this can be accomplished. The accuracy of the synchronization is therefore partly dependent on how well these solutions work. Another valid aspect is how accurate the synchronization must be for the sound to be perceived as synchronized by humans. This is usually in the range of a few tens of milliseconds to five milliseconds depending on the sound. When a global time has been distributed to all receivers, matters get more complicated as there is more than one clock to consider at each receiver. Apart from the previously mentioned clock, now called the ’system clock’, there is also an audio clock, which is a hardware clock positioned on the sound card. This audio clock decides the rate at which media is played out. Altering the system clock to synchronize it to a common time is one thing, but altering the audio clock while media is being played will inevitably mean a jump in the playback, and thus a distortion. Although an initial synchronization can be achieved, the two clocks will over time tick in slightly different pace, thus drifting away from each other. This creates a need for the audio clock to continuously correct itself to follow the system clock. In the media framework GStreamer, used for handling the media at the re- ceivers, two alternatives to solve the correction problem were available. Quick evaluations of these two methods however showed that either audible glitches or ’oscillations’ occurred in the sound, when the clocks were corrected. A new method, which basically combines the two existing, was therefore implemented. With this method the audio clock is continuously corrected, but in a smaller and less aggressive way. Listening tests revealed much smaller, often not audible, distortions, while the synchronization performance was at par with the existing methods. More thorough testing showed that the synchronization over networks with light traffic was in the microsecond-range, thus far below the threshold of what will appear as synchronized. During worse conditions – simulated hostile environments – the synchronization quickly reached unacceptable levels though. This was due to the previously mentioned NTP, and not the implemented method on the other hand

Analysis of Transport Layer Protocol Functions within TCP/IP Protocol Stack

Transmission Control Protocol/ Internet Protocol složaj (TCP/IP) je skup Internet protokola koji je razvijen kao nadopuna Open System Interconnection referentnom modelu (OSI RM) i prikazuje kako dva različita sustava mogu komunicirati jedan sa drugim. U radu su prikazane funkcije i razlike između slojeva ranije navedenih modela. Ipak, u završnom radu naglasak je na protokolima transportnog sloja TCP/IP složaja. Transportni sloj zadužen je za siguran i pouzdan prijenos podataka od početne do krajnje točke u mreži, te se za taj prijenos najčešće koriste Transmission Control Protocol (TCP), User Datagram Protocol (UDP) i Stream Control Protocol (SCTP). Na samom kraju rada prikazana je komparacija funkcionalnosti protokola transportnog sloja TCP/IP složaja.TCP/IP model is a set of Internet protocols which is developed as a complement to the Open System Interconnection - Reference Model and it shows communication between two different systems. Functions and differences between the layers of the previously mentioned models are presented in the thesis. However, in the bachelor thesis, the emphasis is on TCP/IP transport layer protocols. The transport layer is responsible for secure and reliable data transmission from point-to-point network. Transmission Control Protocol, User Datagram Protocol i Stream Control Protocol are most commonly used for this transfer. At the end of the thesis is a comparison of the TCP/IP model transport layer protocol functionality

Analysis of Transport Layer Protocol Functions within TCP/IP Protocol Stack

Transmission Control Protocol/ Internet Protocol složaj (TCP/IP) je skup Internet protokola koji je razvijen kao nadopuna Open System Interconnection referentnom modelu (OSI RM) i prikazuje kako dva različita sustava mogu komunicirati jedan sa drugim. U radu su prikazane funkcije i razlike između slojeva ranije navedenih modela. Ipak, u završnom radu naglasak je na protokolima transportnog sloja TCP/IP složaja. Transportni sloj zadužen je za siguran i pouzdan prijenos podataka od početne do krajnje točke u mreži, te se za taj prijenos najčešće koriste Transmission Control Protocol (TCP), User Datagram Protocol (UDP) i Stream Control Protocol (SCTP). Na samom kraju rada prikazana je komparacija funkcionalnosti protokola transportnog sloja TCP/IP složaja.TCP/IP model is a set of Internet protocols which is developed as a complement to the Open System Interconnection - Reference Model and it shows communication between two different systems. Functions and differences between the layers of the previously mentioned models are presented in the thesis. However, in the bachelor thesis, the emphasis is on TCP/IP transport layer protocols. The transport layer is responsible for secure and reliable data transmission from point-to-point network. Transmission Control Protocol, User Datagram Protocol i Stream Control Protocol are most commonly used for this transfer. At the end of the thesis is a comparison of the TCP/IP model transport layer protocol functionality

Analysis of Transport Layer Protocol Functions within TCP/IP Protocol Stack

Transmission Control Protocol/ Internet Protocol složaj (TCP/IP) je skup Internet protokola koji je razvijen kao nadopuna Open System Interconnection referentnom modelu (OSI RM) i prikazuje kako dva različita sustava mogu komunicirati jedan sa drugim. U radu su prikazane funkcije i razlike između slojeva ranije navedenih modela. Ipak, u završnom radu naglasak je na protokolima transportnog sloja TCP/IP složaja. Transportni sloj zadužen je za siguran i pouzdan prijenos podataka od početne do krajnje točke u mreži, te se za taj prijenos najčešće koriste Transmission Control Protocol (TCP), User Datagram Protocol (UDP) i Stream Control Protocol (SCTP). Na samom kraju rada prikazana je komparacija funkcionalnosti protokola transportnog sloja TCP/IP složaja.TCP/IP model is a set of Internet protocols which is developed as a complement to the Open System Interconnection - Reference Model and it shows communication between two different systems. Functions and differences between the layers of the previously mentioned models are presented in the thesis. However, in the bachelor thesis, the emphasis is on TCP/IP transport layer protocols. The transport layer is responsible for secure and reliable data transmission from point-to-point network. Transmission Control Protocol, User Datagram Protocol i Stream Control Protocol are most commonly used for this transfer. At the end of the thesis is a comparison of the TCP/IP model transport layer protocol functionality

Per-hop Internet Measurement Protocols

Accurately measuring per-hop packet dynamics on an Internet path is difficult. Currently available techniques have many well-known limitations that can make it difficult to accurately measure per-hop packet dynamics. Much of the difficulty of per-hop measurement is due to the lack of protocol support available to measure an Internet path on a per-hop basis. This thesis classifies common weaknesses and describes a protocol for per-hop measurement of Internet packet dynamics, known as the IP Measurement Protocol, or IPMP. With IPMP, a specially formed probe packet collects information from intermediate routers on the packet's dynamics as the packet is forwarded. This information includes an IP address from the interface that received the packet, a timestamp that records when the packet was received, and a counter that records the arrival order of echo packets belonging to the same flow. Probing a path with IPMP allows the topology of the path to be directly determined, and for direct measurement of per-hop behaviours such as queueing delay, jitter, reordering, and loss. This is useful in many operational situations, as well as for researchers in characterising Internet behaviour. IPMP's design goals of being tightly constrained and easy to implement are tested by building implementations in hardware and software. Implementations of IPMP presented in this thesis show that an IPMP measurement probe can be processed in hardware without delaying the packet, and processed in software with little overhead. This thesis presents IPMP-based measurement techniques for measuring per-hop packet delay, jitter, loss, reordering, and capacity that are more robust, require less probes to be sent, and are potentially more accurate and convenient than corresponding measurement techniques that do not use IPMP

Security Implications of Insecure DNS Usage in the Internet

The Domain Name System (DNS) provides domain-to-address lookup-services used by almost all internet applications. Because of this ubiquitous use of the DNS, attacks against the DNS have become more and more critical. However, in the past, studies of DNS security have been mostly conducted against individual protocols and applications. In this thesis, we perform the first comprehensive evaluation of DNS-based attacks against a wide range of internet applications, ranging from time-synchronisation via NTP over internet resource management to security mechanisms. We show how to attack those applications by exploiting various weaknesses in the DNS. These attacks are based on both, already known weaknesses which are adapted to new attacks, as well as previously unknown attack vectors which have been found during the course of this thesis. We evaluate our attacks and provide the first taxonomy of DNS applications, to show how adversaries can systematically develop attacks exploiting the DNS. We analyze the attack surface created by our attacks in the internet and find that a significant number of applications and systems can be attacked. We work together with the developers of the vulnerable applications to develop patches and general countermeasures which can be applied by various parties to block our attacks. We also provide conceptual insights into the root causes allowing our attacks to help with the development of new applications and standards. The findings of this thesis are published in in 4 full-paper publications and 2 posters at international academic conferences. Additionally, we disclose our finding to developers which has lead to the registration of 8 Common Vulnerabilities and Exposures identifiers (CVE IDs) and patches in 10 software implementations. To raise awareness, we also presented our findings at several community meetings and via invited articles