A Layer 2 Protocol to Protect the IP Communication in a Wired Ethernet Network

The IP protocol is the preferred data communication mechanism used nowadays. Data encapsulated using IP can be compromised if it is sent in clear text or without integrity protection, and even using known protocols to protect the confidentiality, integrity and authenticity of this data, the EtherType field of the Ethernet frames and the header of the IP packets in a wired Ethernet network still remain exposed opening possibilities for an attacker to gain knowledge of the network, cause a denial of service attack or steal information. In this thesis, we propose a new protocol that protects the confidentiality, integrity and authenticity of the IP communication in a wired Ethernet network. This new protocol operates in the layer 2 of the OSI model, and for each Ethernet frame, it encapsulates the EtherType field and the entire IP packet into a new PDU structure that is partially encrypted. Integrity and authenticity are assured by an HMAC value or a digital signature calculated over the entire frame. We ran several tests to analyze the security characteristics and performance impact of our proposed solution; the results of these tests demonstrate that all traffic is effectively protected and that an attacker or eavesdropper wouldn\u27t know the type of protocols, IP addresses or any other data travelling across the network. It is also demonstrated that under certain conditions, performance is not highly impacted and is feasible to protect the network communication with our new protocol

View on 5G Architecture: Version 1.0

The current white paper focuses on the produced results after one year research mainly from 16 projects working on the abovementioned domains. During several months, representatives from these projects have worked together to identify the key findings of their projects and capture the commonalities and also the different approaches and trends. Also they have worked to determine the challenges that remain to be overcome so as to meet the 5G requirements. The goal of 5G Architecture Working Group is to use the results captured in this white paper to assist the participating projects achieve a common reference framework. The work of this working group will continue during the following year so as to capture the latest results to be produced by the projects and further elaborate this reference framework. The 5G networks will be built around people and things and will natively meet the requirements of three groups of use cases: • Massive broadband (xMBB) that delivers gigabytes of bandwidth on demand • Massive machine-type communication (mMTC) that connects billions of sensors and machines • Critical machine-type communication (uMTC) that allows immediate feedback with high reliability and enables for example remote control over robots and autonomous driving. The demand for mobile broadband will continue to increase in the next years, largely driven by the need to deliver ultra-high definition video. However, 5G networks will also be the platform enabling growth in many industries, ranging from the IT industry to the automotive, manufacturing industries entertainment, etc. 5G will enable new applications like for example autonomous driving, remote control of robots and tactile applications, but these also bring a lot of challenges to the network. Some of these are related to provide low latency in the order of few milliseconds and high reliability compared to fixed lines. But the biggest challenge for 5G networks will be that the services to cater for a diverse set of services and their requirements. To achieve this, the goal for 5G networks will be to improve the flexibility in the architecture. The white paper is organized as follows. In section 2 we discuss the key business and technical requirements that drive the evolution of 4G networks into the 5G. In section 3 we provide the key points of the overall 5G architecture where as in section 4 we elaborate on the functional architecture. Different issues related to the physical deployment in the access, metro and core networks of the 5G network are discussed in section 5 while in section 6 we present software network enablers that are expected to play a significant role in the future networks. Section 7 presents potential impacts on standardization and section 8 concludes the white paper

Performance analysis of next generation web access via satellite

Acknowledgements This work was partially funded by the European Union's Horizon 2020 research and innovation programme under grant agreement No. 644334 (NEAT). The views expressed are solely those of the author(s).Peer reviewedPostprin

End-to-end security in active networks

Active network solutions have been proposed to many of the problems caused by the increasing heterogeneity of the Internet. These ystems allow nodes within the network to process data passing through in several ways. Allowing code from various sources to run on routers introduces numerous security concerns that have been addressed by research into safe languages, restricted execution environments, and other related areas. But little attention has been paid to an even more critical question: the effect on end-to-end security of active flow manipulation. This thesis first examines the threat model implicit in active networks. It develops a framework of security protocols in use at various layers of the networking stack, and their utility to multimedia transport and flow processing, and asks if it is reasonable to give active routers access to the plaintext of these flows. After considering the various security problem introduced, such as vulnerability to attacks on intermediaries or coercion, it concludes not. We then ask if active network systems can be built that maintain end-to-end security without seriously degrading the functionality they provide. We describe the design and analysis of three such protocols: a distributed packet filtering system that can be used to adjust multimedia bandwidth requirements and defend against denial-of-service attacks; an efficient composition of link and transport-layer reliability mechanisms that increases the performance of TCP over lossy wireless links; and a distributed watermarking servicethat can efficiently deliver media flows marked with the identity of their recipients. In all three cases, similar functionality is provided to designs that do not maintain end-to-end security. Finally, we reconsider traditional end-to-end arguments in both networking and security, and show that they have continuing importance for Internet design. Our watermarking work adds the concept of splitting trust throughout a network to that model; we suggest further applications of this idea

Performance Modeling of the PeopleSoft Multi-Tier Remote Computing Architecture

Complex client-server configurations being designed today require a new and closely coordinated approach to analytic modeling and measurement. A closed queuing network model for a two-tiered PeopleSoft 6 client-server system with an Oracle database server is demonstrated using a new performance modeling tool that applies mean value analysis. The focus of this work is on the measurement and modeling of the PeopleSoft architecture to provide useful capacity planning insights for an actual large-scale university-wide deployment. A testbed and database exerciser are then developed to measure model parameters and perform the initial validation tests. The testbed also provides preliminary test data on a proposed three-tiered deployment architecture that includes the Citrix WinFrame environment as an intermediate level between the client and the Oracle server.http://deepblue.lib.umich.edu/bitstream/2027.42/107929/1/citi-tr-97-5.pd

A security architecture for IPv6 enabled wireless medical sensor networks.

We present the design of an IPv6 enabled wireless sensor network based on the IEEE 802.15.4 standard for medical monitoring. We design a routing mechanism for efficient flooding, a hop-by-hop error recovery and congestion control mechanism for reliable packet delivery and a lightweight security architecture for the medical monitoring system. We extend the widely used Extensible Authentication Protocol (EAP) to employ the Generalized Pre-shared Key (GPSK) authentication method with some optimizations for securing the system. We use the 3-party EAP model with the Personal Area Network Coordinator (PAN coordinator) of IEEE 802.15.4 standard as the EAP authenticator for authenticating sensor nodes within the radio range of the PAN coordinator. In order to use EAP authentication for a sensor node several hops away from the PAN coordinator, we define a new role (relay authenticator) for its coordinator which tunnels EAP messages to the PAN coordinator securely. We define EAP message encapsulation for IEEE 802.15.4 networks and a key hierarchy for the security architecture. We have simulated the system and shown that EAP based authentication is feasible in wireless sensor networks.The original print copy of this thesis may be available here: http://wizard.unbc.ca/record=b136235

Formal-Guided Fuzz Testing: Targeting Security Assurance from Specification to Implementation for 5G and Beyond

Softwarization and virtualization in 5G and beyond necessitate thorough testing to ensure the security of critical infrastructure and networks, requiring the identification of vulnerabilities and unintended emergent behaviors from protocol designs to their software stack implementation. To provide an efficient and comprehensive solution, we propose a novel and first-of-its-kind approach that connects the strengths and coverage of formal and fuzzing methods to efficiently detect vulnerabilities across protocol logic and implementation stacks in a hierarchical manner. We design and implement formal verification to detect attack traces in critical protocols, which are used to guide subsequent fuzz testing and incorporate feedback from fuzz testing to broaden the scope of formal verification. This innovative approach significantly improves efficiency and enables the auto-discovery of vulnerabilities and unintended emergent behaviors from the 3GPP protocols to software stacks. Following this approach, we discover one identifier leakage model, one DoS attack model, and two eavesdrop attack models due to the absence of rudimentary MITM protection within the protocol, despite the existence of a Transport Layer Security (TLS) solution to this issue for over a decade. More remarkably, guided by the identified formal analysis and attack models, we exploit 61 vulnerabilities using fuzz testing demonstrated on srsRAN platforms. These identified vulnerabilities contribute to fortifying protocol-level assumptions and refining the search space. Compared to state-of-the-art fuzz testing, our united formal and fuzzing methodology enables auto-assurance by systematically discovering vulnerabilities. It significantly reduces computational complexity, transforming the non-practical exponential growth in computational cost into linear growth

Automated Teller Machine Ethernet Traffic Identification to Target Forensics Detection of IP Packets

Over the last few decades, consumers have become accustom to the convenience of Automatic Teller Machines (ATMs) to transfer funds between accounts, provide account balance information and to withdraw cash from savings, checking, and other account types. Along with the convenience and ease of locating an ATM through mobile bank apps, there has been a significant increase in ATM fraud across the globe. Consumer confidence in the ATM, bank and credit card issuer is greatly impacted by the perceived level of security in ATM transactions and the technology behind them. Confronting the risk associated with ATM fraud and limiting its impact is an important issue that face financial institutions as the sophistication of fraud techniques have advanced. Largely the process behind the verification of these transactions has moved from Plain Old Telephone System (POTS) to Ethernet connections to the processors, banks and card issuers. The attack surface has grown, both in size and complexity. These security risks should be prompting the industry to research all attack surfaces, and this research looks specifically the Ethernet packets that make up these types of transactions. In this research, I investigate the packet structure and predictability within ATM Ethernet traffic. Even with the proliferation of retail ATMs in the most common of retail spaces, this attack vector has received little attention

Telecommunication of stabilizing signals in power systems

Deregulation of the power industry has occurred at a rapid pace, opening some promising competition between suppliers. The result of this competition should be to the benefit of customers.;Telecommunication plays a crucial role in integrating systems and ensuring smooth operation by way of exchanging data and information between various systems that are responsible for monitoring and control of the grid. For example, a Power System Stabilizer (PSS) controller could be placed at one of the generators and requires remote measurements. All the communication schemes within the network generate delays that are characterized in this project using OPNET Modeler. OPNET Modeler is also used to characterize the number of dropped packets.;As a case study, we consider a two-area four-generator (2A4G) and explore the role of communication delay on system stability. Those delays play an important role in the design of a controller that can help the damping of electro-mechanical oscillations between interconnected synchronous generators and therefore maintain the system stability. The network statistics are then imported into Simulink in order to visualize the speed of the shaft w2 as a function of time. Additional communication options to the inter-area oscillation problem are offered at the end of the thesis (use of Virtual Private Network (VPN), use of fiber optic dedicated network, or the use of IPv6 protocol)