An Improvement of IP Address Lookup based on Rule Filter Analysis

Multi-bit trie is a popular approach performing the longest prefix matching for packet classification. However, it requires a long lookup time and inefficiently consumes memory space. This paper presents an in-depth study of different variations of multi-bit trie for IP address lookup. Our main aim is to study a method of data structure which reduces memory space. The proposed approach has been implemented using the label method in two approaches. Both methods present better results regarding lookup speed, update time and memory bit consumptions.

Decentralizing IP mobility management in future networks

The massive adoption of sophisticated mobile devices and applications led to the increase of mobile data in the last decade, which it is expected to continue. This increase of mobile data negatively impacts the network planning and dimension, since core networks are heavy centralized. Mobile operators are investigating atten network architectures that distribute the responsibility of providing connectivity and mobility, in order to improve the network scalability and performance. Moreover, service providers are moving the content servers closer to the user, in order to ensure high availability and performance of content delivery. Besides the e orts to overcome the explosion of mobile data, current mobility management models are heavy centralized to ensure reachability and session continuity to the users connected to the network. Nowadays, deployed architectures have a small number of centralized mobility anchors managing the mobile data and the mobility context of millions of users, which introduces issues related to performance and scalability that require costly network mechanisms. The mobility management needs to be rethought out-of-the box to cope with atten network architectures and distributed content servers closer to the user, which is the purpose of the work developed in this Thesis. The Thesis starts with a characterization of mobility management into well-de ned functional blocks, their interaction and potential grouping. The decentralized mobility management is studied through analytical models and simulations, in which di erent mobility approaches distinctly distribute the mobility management functionalities through the network. The outcome of this study showed that decentralized mobility management brings advantages. Hence, it was proposed a novel distributed and dynamic mobility management approach, which is exhaustively evaluated through analytical models, simulations and testbed experiments. The proposed approach is also integrated with seamless horizontal handover mechanisms, as well as evaluated in vehicular environments. The mobility mechanisms are also speci ed for multihomed scenarios, in order to provide data o oading with IP mobility from cellular to other access networks. In the pursuing of the optimized mobile routing path, a novel network-based strategy for localized mobility is addressed, in which a replication binding system is deployed in the mobility anchors distributed through the access routers and gateways. Finally, we go further in the mobility anchoring subject, presenting a context-aware adaptive IP mobility anchoring model that dynamically assigns the mobility anchors that provide the optimized routing path to a session, based on the user and network context. The integration of dynamic and distributed concepts in the mobility management, such as context-aware adaptive mobility anchoring and dynamic mobility support, allow the optimization of network resources and the improvement of user experience. The overall outcome demonstrates that decentralized mobility management is a promising direction, hence, its ideas should be taken into account by mobile operators in the deployment of future networks.

Types of Addresses and Levels of use in the TCP/IP Protocol Stack

The publication comments on certain moments of the method of teaching the types of addresses and their use in the TCP/IP protocol stack.

Modelling Denial of Service Attacks on JFK with Meadow's Cost-Based Framework

We present the first detailed application of Meadows’s cost-based modelling framework to the analysis of JFK, an Internet key agreement protocol. The analysis identifies two denial of service attacks against the protocol that are possible when an attacker is willing to reveal the source IP address. The first attack was identified through direct application of a cost-based modelling framework, while the second was only identified after considering coordinated attackers. Finally, we demonstrate how the inclusion of client puzzles in the protocol can improve denial of service resistance against both identified attacks.

Using honeypots to analyse anomalous Internet activities

Monitoring Internet traffic is critical in order to acquire a good understanding of threats to computer and network security and in designing efficient computer security systems. Researchers and network administrators have applied several approaches to monitoring traffic for malicious content. These techniques include monitoring network components, aggregating IDS alerts, and monitoring unused IP address spaces. Another method for monitoring and analyzing malicious traffic, which has been widely tried and accepted, is the use of honeypots. Honeypots are very valuable security resources for gathering artefacts associated with a variety of Internet attack activities. As honeypots run no production services, any contact with them is considered potentially malicious or suspicious by definition. This unique characteristic of the honeypot reduces the amount of collected traffic and makes it a more valuable source of information than other existing techniques. Currently, there is insufficient research in the honeypot data analysis field. To date, most of the work on honeypots has been devoted to the design of new honeypots or optimizing the current ones. Approaches for analyzing data collected from honeypots, especially low-interaction honeypots, are presently immature, while analysis techniques are manual and focus mainly on identifying existing attacks. This research addresses the need for developing more advanced techniques for analyzing Internet traffic data collected from low-interaction honeypots. We believe that characterizing honeypot traffic will improve the security of networks and, if the honeypot data is handled in time, give early signs of new vulnerabilities or breakouts of new automated malicious codes, such as worms. The outcomes of this research include: • Identification of repeated use of attack tools and attack processes through grouping activities that exhibit similar packet inter-arrival time distributions using the cliquing algorithm; • Application of principal component analysis to detect the structure of attackers’ activities present in low-interaction honeypots and to visualize attackers’ behaviors; • Detection of new attacks in low-interaction honeypot traffic through the use of the principal component’s residual space and the square prediction error statistic; • Real-time detection of new attacks using recursive principal component analysis; • A proof of concept implementation for honeypot traffic analysis and real time monitoring.

The impact of users' characteristics on their ability to detect phishing emails

We investigate how email users' characteristics influence their response to phishing emails. A user generally goes through three stages of behaviour upon receiving a phishing email: suspicion of the legitimacy of the email, confirmation of its legitimacy and response by either performing the action requested in the phishing email or not. Using a mixed method approach combining experiments, surveys and semi-structured interviews, we found that a user's behaviour at each stage varies with their personal characteristics such as personality traits and ability to perceive information in an email beyond its content. We found, for example, that users who are submissive, extraverted or open tend to be less suspicious of phishing emails while users who can identify cues such as inconsistent IP address, can avoid falling victim to phishing emails. Our findings enable us to draw practical implications for educating and potentially reducing the incidence of phishing emails victimisation.

A framework for generating realistic traffic for distributed denial-of-service attacks and flash events

An intrinsic challenge associated with evaluating proposed techniques for detecting Distributed Denial-of-Service (DDoS) attacks and distinguishing them from Flash Events (FEs) is the extreme scarcity of publicly available real-word traffic traces. Those available are either heavily anonymised or too old to accurately reflect the current trends in DDoS attacks and FEs. This paper proposes a traffic generation and testbed framework for synthetically generating different types of realistic DDoS attacks, FEs and other benign traffic traces, and monitoring their effects on the target. Using only modest hardware resources, the proposed framework, consisting of a customised software traffic generator, ‘Botloader’, is capable of generating a configurable mix of two-way traffic, for emulating either large-scale DDoS attacks, FEs or benign traffic traces that are experimentally reproducible. Botloader uses IP-aliasing, a well-known technique available on most computing platforms, to create thousands of interactive UDP/TCP endpoints on a single computer, each bound to a unique IP-address, to emulate large numbers of simultaneous attackers or benign clients.

Análise de desempenho de um protocolo BitTorrent ciente de localização em redes corporativas.

Hoje em dia, distribuições de grandes volumes de dados por redes TCP/IP corporativas trazem problemas como a alta utilização da rede e de servidores, longos períodos para conclusão e maior sensibilidade a falhas na infraestrutura de rede. Estes problemas podem ser reduzidos com utilização de redes par-a-par (P2P). O objetivo desta dissertação é analisar o desempenho do protocolo BitTorrent padrão em redes corporativas e também realizar a análise após uma modificação no comportamento padrão do protocolo BitTorrent. Nesta modificação, o rastreador identifica o endereço IP do par que está solicitando a lista de endereços IP do enxame e envia somente aqueles pertencentes à mesma rede local e ao semeador original, com o objetivo de reduzir o tráfego em redes de longa distância. Em cenários corporativos típicos, as simulações mostraram que a alteração é capaz de reduzir o consumo médio de banda e o tempo médio dos downloads, quando comparados ao BitTorrent padrão, além de conferir maior robustez à distribuição em casos de falhas em enlaces de longa distância. As simulações mostraram também que em ambientes mais complexos, com muitos clientes, e onde a restrição de banda em enlaces de longa distância provoca congestionamento e descartes, o desempenho do protocolo BitTorrent padrão pode ser semelhante a uma distribuição em arquitetura cliente-servidor. Neste último caso, a modificação proposta mostrou resultados consistentes de melhoria do desempenho da distribuição.

Mining social individuals movements and friends based on mobile devices

Trabalho de Projeto realizado para obtenção do grau de Mestre em Engenharia Informática e de Computadores

Protecting Your Search Privacy: A Lesson Plan

Each year search engines like Google, Bing and Yahoo, complete trillions of search queries online. Students are especially dependent on these search tools because of their popularity, convenience and accessibility. However, what students are unaware of, by choice or naiveté is the amount of personal information that is collected during each search session, how that data is used and who is interested in their online behavior profile. Privacy policies are frequently updated in favor of the search companies but are lengthy and often are perused briefly or ignored entirely with little thought about how personal web habits are being exploited for analytics and marketing. As an Information Literacy instructor, and a member of the Electronic Frontier Foundation, I believe in the importance of educating college students and web users in general that they have a right to privacy online. Class discussions on the topic of web privacy have yielded an interesting perspective on internet search usage. Students are unaware of how their online behavior is recorded and have consistently expressed their hesitancy to use tools that disguise or delete their IP address because of the stigma that it may imply they have something to hide or are engaging in illegal activity. Additionally, students fear they will have to surrender the convenience of uber connectivity in their applications to maintain their privacy. The purpose of this lightning presentation is to provide educators with a lesson plan highlighting and simplifying the privacy terms for the three major search engines, Google, Bing and Yahoo. This presentation focuses on what data these search engines collect about users, how that data is used and alternative search solutions, like DuckDuckGo, for increased privacy. Students will directly benefit from this lesson because informed internet users can protect their data, feel safer online and become more effective web searchers.

Personal Data and Encryption in the European General Data Protection Regulation

Encryption of personal data is widely regarded as a privacy preserving technology which could potentially play a key role for the compliance of innovative IT technology within the European data protection law framework. Therefore, in this paper, we examine the new EU General Data Protection Regulation’s relevant provisions regarding encryption – such as those for anonymisation and pseudonymisation – and assess whether encryption can serve as an anonymisation technique, which can lead to the non-applicability of the GDPR. However, the provisions of the GDPR regarding the material scope of the Regulation still leave space for legal uncertainty when determining whether a data subject is identifiable or not. Therefore, we inter alia assess the Opinion of the Advocate General of the European Court of Justice (ECJ) regarding a preliminary ruling on the interpretation of the dispute concerning whether a dynamic IP address can be considered as personal data, which may put an end to the dispute whether an absolute or a relative approach has to be used for the assessment of the identifiability of data subjects. Furthermore, we outline the issue of whether the anonymisation process itself constitutes a further processing of personal data which needs to have a legal basis in the GDPR. Finally, we give an overview of relevant encryption techniques and examine their impact upon the GDPR’s material scope.