The Dynamic Host Configuration Protocol Version 6 Security And Privacy Mechanism

Internet Protocol version 6 (IPv6) is the most recent IP version that aims to accommodate hundreds of thousands of unique IP addresses for devices in the network. In IPv6 network, Dynamic Host Configuration Protocol version IPv6 (DHCPv6) is used to allocate and distribute IPv6 addresses and network configuration parameters to DHCPv6 clients. However, the DHCPv6 protocol was developed without a proper security mechanism making it vulnerable to various threats, such as rogue DHCPv6 server attack and passive attack. Two well-known issues of DHCPv6 are lack of verification mechanism that allows attackers to inject fake network configuration parameters into the network undetected; and privacy concerns due to lack of protection of client information in transit. In order to address these issues, several mechanisms were proposed by researchers to provide authentication and privacy protection for DHCPv6. However, most mechanisms lack the method to distribute the server authentication credentials; and ignore the client's privacy issue. This thesis intends to address the above mentioned issues by proposing DHCPv6Sec mechanism. DHCPv6Sec was evaluated and compared to Secure-DHCPv6 mechanism in terms of rogue DHCPv6 server prevention capability, privacy protection, processing time, traffic overhead, communication time, and message size limitation. The experiment results showed that DHCPv6Sec is superior in all aspects measured. DHCPv6Sec reduced processing time by 57%, and 136% during obtain IPv6 address and processing of Reconfigure message, respectively, compared to Secure-DHCPv6 mechanism. More, DHCPv6Sec reduced configuration time by 27% compared to Secure-DHCPv6 mechanism

ARE SUITABLE FOR ANY PURPOSE, EVEN IF THAT PURPOSE IS KNOWN TO

The Broadband Forum is a non-profit corporation organized to create guidelines for broadband network system development and deployment. This Broadband Forum Technical Report has been approved by members of the Forum. This Broadband Forum Technical Report is not binding on the Broadband Forum, any of its members, or any developer or service provider. Thi

Graceful Degradation in IoT Security

As the consumer grade IoT devices industry advances, personal privacy is constantly eroded for the sake of convenience. Current security solutions, although available, ignore convenience by requiring the purchase of additional hardware, implementing confusing, out of scope updates for a non-technical user, or quarantining a device, rendering it useless. This paper proposes a solution that simultaneously maintains convenience and privacy, tailored for the Internet of Things. We propose a novel graceful degradation technique which targets individual device functionalities for acceptance or denial at the network level. When combined with current anomaly detection and fingerprinting methods, graceful degradation provides a personalized IoT security solution for the modern user

PROOF-OF-CONCEPT SOLUTION FOR RE-CENT SERVICE METHOD DESIGN

Με την αύξηση των κινητών συσκευών και παράλληλα του όγκου δεδομένων που λαμβάνονται και μεταδίδονται από αυτές, η τωρινή αρχιτεκτονική του κινητού δικτύου αντιμετωπίζει προκλήσεις στην προσαρμογή τους. Τα τελευταία χρόνια, εμφανίζονται καινοτόμες αρχιτεκτονικές δικτύου που παρέχουν λύσεις στα προβλήματα που υπάρχουν στην τωρινή αρχιτεκτονική δικτύου. Μία τέτοια μέθοδος είναι η προσέγγιση σχεδίασης υπηρεσιών RE-CENT. Σε αυτήν τη διατριβή, παρουσιάζουμε μία λύση προσέγγισης απόδειξης βασισμένη στη μέθοδο υπηρεσίας RE-CENT, χρησιμοποιώντας ευρέως διαθέσιμο υλικό και λογισμικό. Αναλύουμε i) την αρχιτεκτονική αυτής της λύσης, διαχωρίζοντας τα κύρια της συστατικά καθώς και τις τεχνολογίες που χρησιμοποιούνται τόσο στο επίπεδο του δικτύου όσο και της εφαρμογής, ii) τα βήματα του πρωτοκόλλου που σχεδιάστηκε για την επικοινωνία τους και iii) τις περιπτώσεις δοκιμών που μετρούν την αποτελεσματικότητα της λύσης. Μέσω των αποτελεσμάτων μας, αποδείξαμε την εφικτότητα της λύσης, χωρίς καμία ποινή στην απόδοση, ανεξαρτήτως αριθμού ταυτόχρονων κινητών χρηστών και ποσότητας δεδομένων που αιτούνται και μεταδίδονται μέσω του δικτύου.With the increase in mobile devices and simultaneously the volume of data received and transmitted by them, the current mobile network architecture faces challenges in accommodating them. In recent years, innovative network architectures have emerged, providing solutions to the issues present in the current network architecture. One such method is the RE-CENT service design approach. In this thesis, we present a proof-of-concept solution based on the RE-CENT service method, by utilizing widely available hardware and software. We analyze i) the architecture of this solution by breaking it down to its main components as well as the technologies used for both the network and application layer, ii) the steps of the protocol designed for their communications and iii) the test cases that measure the effectiveness of the solution. Through our results we showed the viability of the proof-of-concept solution, having no penalty in performance no matter the number of concurrent mobile users and amount of data requested and transmitted through the network

Estudio de la movilidad en redes de siguiente generación

El continuo avance de las redes de telecomunicaciones nos proporciona cada vez más facilidades en todos los ámbitos de nuestra vida. En este caso, nos hemos centrado en el estudio de la movilidad en Redes de Siguiente Generación. Una parte del presente proyecto se ha realizado en colaboración con Deutsche Telekom AG, durante una estancia de seis meses trabajando como colaboradora en sus laboratorios con emplazamiento en Berlín. El principal objetivo de este proyecto ha sido realizar un estudio sobre los diferentes estándares y tecnologías que facilitan la movilidad en Redes de Siguiente Generación. Por ello, en la primera parte se han estudiado los diferentes grupos de trabajo centrados en este aspecto, así como se ha recabado información sobre productos y soluciones disponibles en el mercado, para obtener una visión global de la situación actual. Como se puede comprobar más adelante, esta primera parte es la más extensa de todo el documento. Esto se debe a que es, probablemente, la parte más importante del trabajo, ya que contiene el estudio de los mecanismos que más tarde nos servirán para dar una solución teórica a los distintos escenarios que se plantean. En la segunda parte del proyecto, nos hemos centrado en desarrollar varios escenarios de interés en sistemas de Redes de Siguiente Generación y aportar, de forma posterior, posibles soluciones teóricas. Para finalizar, se han expuesto las conclusiones extraídas como resultado del trabajo y los aspectos que se podrán tratar sobre el mismo en un futuro próximo.Ingeniería de Telecomunicació

IP Mobility in Wireless Operator Networks

Wireless network access is gaining increased heterogeneity in terms of the types of IP capable access technologies. The access network heterogeneity is an outcome of incremental and evolutionary approach of building new infrastructure. The recent success of multi-radio terminals drives both building a new infrastructure and implicit deployment of heterogeneous access networks. Typically there is no economical reason to replace the existing infrastructure when building a new one. The gradual migration phase usually takes several years. IP-based mobility across different access networks may involve both horizontal and vertical handovers. Depending on the networking environment, the mobile terminal may be attached to the network through multiple access technologies. Consequently, the terminal may send and receive packets through multiple networks simultaneously. This dissertation addresses the introduction of IP Mobility paradigm into the existing mobile operator network infrastructure that have not originally been designed for multi-access and IP Mobility. We propose a model for the future wireless networking and roaming architecture that does not require revolutionary technology changes and can be deployed without unnecessary complexity. The model proposes a clear separation of operator roles: (i) access operator, (ii) service operator, and (iii) inter-connection and roaming provider. The separation allows each type of an operator to have their own development path and business models without artificial bindings with each other. We also propose minimum requirements for the new model. We present the state of the art of IP Mobility. We also present results of standardization efforts in IP-based wireless architectures. Finally, we present experimentation results of IP-level mobility in various wireless operator deployments.Erilaiset langattomat verkkoyhteydet lisääntyvät Internet-kykyisten teknologioiden muodossa. Lukuisten eri teknologioiden päällekkäinen käyttö johtuu vähitellen ja tarpeen mukaan rakennetusta verkkoinfrastruktuurista. Useita radioteknologioita (kuten WLAN, GSM ja UMTS) sisältävien päätelaitteiden (kuten älypuhelimet ja kannettavat tietokoneet) viimeaikainen kaupallinen menestys edesauttaa uuden verkkoinfrastruktuurin rakentamista, sekä mahdollisesti johtaa verkkoteknologioiden kirjon lisääntymiseen. Olemassa olevaa verkkoinfrastruktuuria ei kaupallisista syistä kannata korvata uudella teknologialla yhdellä kertaa, vaan vaiheittainen siirtymävaihe kestää tyypillisesti useita vuosia. Internet-kykyiset päätelaitteet voivat liikkua joko saman verkkoteknologian sisällä tai eri verkkoteknologioiden välillä. Verkkoympäristöstä riippuen liikkuvat päätelaitteet voivat liittyä verkkoon useiden verkkoyhteyksien kautta. Näin ollen päätelaite voi lähettää ja vastaanottaa tietoliikennepaketteja yhtäaikaisesti lukuisia verkkoja pitkin. Tämä väitöskirja käsittelee Internet-teknologioiden liikkuvuutta ja näiden teknologioiden tuomista olemassa oleviin langattomien verkko-operaattorien verkkoinfrastruktuureihin. Käsiteltäviä verkkoinfrastruktuureita ei alun perin ole suunniteltu Internet-teknologian liikkuvuuden ja monien yhtäaikaisten yhteyksien ehdoilla. Tässä työssä ehdotetaan tulevaisuuden langattomien verkkojen arkkitehtuurimallia ja ratkaisuja verkkovierailujen toteuttamiseksi. Ehdotettu arkkitehtuuri voidaan toteuttaa ilman mittavia teknologisia mullistuksia. Mallin mukaisessa ehdotuksessa verkko-operaattorin roolit jaetaan selkeästi (i) verkko-operaattoriin, (ii) palveluoperaattoriin ja (iii) yhteys- sekä verkkovierailuoperaattoriin. Roolijako mahdollistaa sen, että kukin operaattorityyppi voi kehittyä itsenäisesti, ja että teennäiset verkkoteknologiasidonnaisuudet poistuvat palveluiden tuottamisessa. Työssä esitetään myös alustava vaatimuslista ehdotetulle mallille, esimerkiksi yhteysoperaattorien laatuvaatimukset. Väitöskirja esittelee myös liikkuvien Internet-teknologioiden viimeisimmän kehityksen. Työssä näytetään lisäksi standardointituloksia Internet-kykyisissä langattomissa arkkitehtuureissa

Implementation of IPv6

On 14 September 2012 last block of IPv4 has been allocated from the Regional Internet Register (RIR) across the Europe, Middle East and Asia. In addition, the demand of further addresses, security and efficient routing across Internet has been increasing every day. Hence, to provide the abundant IP addresses and also to overcome the shortcoming of IPv4, IETF developed a new protocol IPv6. IPv6 overcome the limitations of IPv4 and integrate advance feature. These advanced improvements include larger address space, more efficient addressing and routing, auto-configuration, security, and QOS. The main objective of this project was to implement IPv6 network in Cisco laboratory of Rovaniemi University of Applied Sciences (RAMK). Cisco 2800 and 1700 Series routers, 3500 series Cisco Catalyst Switches, Microsoft Server 2012, Windows 7, Windows 8 and finally Mac OS X were used during implementation process. This project covers the implementation of IPv6, DHCPv6, DNS, Routing Protocols EIGRP, and Security. The goal of the project was to implement IPv6 to existing IPv4 network without affecting the running services. Furthermore, this project was implementation in Local Area Network (LAN) only

IEEE 802.21 in heterogeneous handover environments

Mestrado em Engenharia de Computadores e TelemáticaO desenvolvimento das capacidades tecnológicas dos terminais móveis, e das infra-estruturas que os suportam, potenciam novos cenários onde estes dispositivos munidos com interfaces de diferentes tecnologias vagueiam entre diferentes ambientes de conectividade. É assim necessário providenciar meios que facilitem a gestão de mobilidade, permitindo ao terminal ligar-se da melhor forma (i.e., optando pela melhor tecnologia) em qualquer altura. A norma IEEE 802.21 está a ser desenvolvida pelo Institute of Electrical and Electronics Engineers (IEEE) com o intuito de providenciar mecanismos e serviços que facilitem e optimizem handovers de forma independente da tecnologia. A norma 802.21 especifica assim um conjunto de mecanismos que potenciarão cenários como o descrito acima, tendo em conta a motivação e requerimentos apresentados por arquitecturas de redes futuras, como as redes de quarta geração (4G). Esta dissertação apresenta uma análise extensiva da norma IEEE 802.21, introduzindo um conjunto de simulações desenvolvidas para estudar o impacto da utilização de mecanismos 802.21 em handovers controlados por rede, numa rede de acesso mista composta por tecnologias 802.11 e 3G. Os resultados obtidos permitiram verificar a aplicabilidade destes conceitos a ambientes de próxima geração, motivando também uma descrição do desenho de integração de mecanismos 802.21 a arquitecturas de redes de quarta geração. ABSTRACT: The development of the technological capabilities of mobile terminals, and the infra-structures that support them, enable new scenarios where these devices using different technology interfaces roam in different connectivity environments. This creates a need for providing the means that facilitate mobility management, allowing the terminal to connect in the best way possible (i.e., by choosing the best technology) at any time. The IEEE 802.21 standard is being developed by the Institute of Electrical and Electronics Engineers (IEEE) to provide mechanisms and services supporting Media Independent Handovers. The 802.21 standard specifies a set of mechanisms that enable scenarios like the one described above, considering the motivation and requirements presented by future network architectures, such as the ones from fourth generation networks (4G). This thesis presents an extensive analysis of the IEEE 802.21 standard, introducing a set of simulations developed for studying the impact of using 802.21 mechanisms in network controlled handovers, in a mixed access network composed of 802.11 and 3G technologies. The obtained results allow the verification of the applicability of these concepts into next generation environments, also motivating the description of the design for integration of 802.21 mechanisms to fourth generation networks