984 resultados para network protocols
Resumo:
A trend in design and implementation of modern industrial automation systems is to integrate computing, communication and control into a unified framework at different levels of machine/factory operations and information processing. These distributed control systems are referred to as networked control systems (NCSs). They are composed of sensors, actuators, and controllers interconnected over communication networks. As most of communication networks are not designed for NCS applications, the communication requirements of NCSs may be not satisfied. For example, traditional control systems require the data to be accurate, timely and lossless. However, because of random transmission delays and packet losses, the control performance of a control system may be badly deteriorated, and the control system rendered unstable. The main challenge of NCS design is to both maintain and improve stable control performance of an NCS. To achieve this, communication and control methodologies have to be designed. In recent decades, Ethernet and 802.11 networks have been introduced in control networks and have even replaced traditional fieldbus productions in some real-time control applications, because of their high bandwidth and good interoperability. As Ethernet and 802.11 networks are not designed for distributed control applications, two aspects of NCS research need to be addressed to make these communication networks suitable for control systems in industrial environments. From the perspective of networking, communication protocols need to be designed to satisfy communication requirements for NCSs such as real-time communication and high-precision clock consistency requirements. From the perspective of control, methods to compensate for network-induced delays and packet losses are important for NCS design. To make Ethernet-based and 802.11 networks suitable for distributed control applications, this thesis develops a high-precision relative clock synchronisation protocol and an analytical model for analysing the real-time performance of 802.11 networks, and designs a new predictive compensation method. Firstly, a hybrid NCS simulation environment based on the NS-2 simulator is designed and implemented. Secondly, a high-precision relative clock synchronization protocol is designed and implemented. Thirdly, transmission delays in 802.11 networks for soft-real-time control applications are modeled by use of a Markov chain model in which real-time Quality-of- Service parameters are analysed under a periodic traffic pattern. By using a Markov chain model, we can accurately model the tradeoff between real-time performance and throughput performance. Furthermore, a cross-layer optimisation scheme, featuring application-layer flow rate adaptation, is designed to achieve the tradeoff between certain real-time and throughput performance characteristics in a typical NCS scenario with wireless local area network. Fourthly, as a co-design approach for both a network and a controller, a new predictive compensation method for variable delay and packet loss in NCSs is designed, where simultaneous end-to-end delays and packet losses during packet transmissions from sensors to actuators is tackled. The effectiveness of the proposed predictive compensation approach is demonstrated using our hybrid NCS simulation environment.
Resumo:
The identification and classification of network traffic and protocols is a vital step in many quality of service and security systems. Traffic classification strategies must evolve, alongside the protocols utilising the Internet, to overcome the use of ephemeral or masquerading port numbers and transport layer encryption. This research expands the concept of using machine learning on the initial statistics of flow of packets to determine its underlying protocol. Recognising the need for efficient training/retraining of a classifier and the requirement for fast classification, the authors investigate a new application of k-means clustering referred to as 'two-way' classification. The 'two-way' classification uniquely analyses a bidirectional flow as two unidirectional flows and is shown, through experiments on real network traffic, to improve classification accuracy by as much as 18% when measured against similar proposals. It achieves this accuracy while generating fewer clusters, that is, fewer comparisons are needed to classify a flow. A 'two-way' classification offers a new way to improve accuracy and efficiency of machine learning statistical classifiers while still maintaining the fast training times associated with the k-means.
Resumo:
Distributed and/or composite web applications are driven by intercommunication via web services, which employ application-level protocols, such as SOAP. However, these protocols usually rely on the classic HTTP for transportation. HTTP is quite efficient for what it does — delivering web page content, but has never been intended to carry complex web service oriented communication. Today there exist modern protocols that are much better fit for the job. Such a candidate is XMPP. It is an XML-based, asynchronous, open protocol that has built-in security and authentication mechanisms and utilizes a network of federated servers. Sophisticated asynchronous multi-party communication patterns can be established, effectively aiding web service developers. This paper’s purpose is to prove by facts, comparisons, and practical examples that XMPP is not only better suited than HTTP to serve as middleware for web service protocols, but can also contribute to the overall development state of web services.
Resumo:
This special issue of Networking Science focuses on Next Generation Network (NGN) that enables the deployment of access independent services over converged fixed and mobile networks. NGN is a packet-based network and uses the Internet protocol (IP) to transport the various types of traffic (voice, video, data and signalling). NGN facilitates easy adoption of distributed computing applications by providing high speed connectivity in a converged networked environment. It also makes end user devices and applications highly intelligent and efficient by empowering them with programmability and remote configuration options. However, there are a number of important challenges in provisioning next generation network technologies in a converged communication environment. Some preliminary challenges include those that relate to QoS, switching and routing, management and control, and security which must be addressed on an urgent or emergency basis. The consideration of architectural issues in the design and pro- vision of secure services for NGN deserves special attention and hence is the main theme of this special issue.
Resumo:
Literally, the word compliance suggests conformity in fulfilling official requirements. The thesis presents the results of the analysis and design of a class of protocols called compliant cryptologic protocols (CCP). The thesis presents a notion for compliance in cryptosystems that is conducive as a cryptologic goal. CCP are employed in security systems used by at least two mutually mistrusting sets of entities. The individuals in the sets of entities only trust the design of the security system and any trusted third party the security system may include. Such a security system can be thought of as a broker between the mistrusting sets of entities. In order to provide confidence in operation for the mistrusting sets of entities, CCP must provide compliance verification mechanisms. These mechanisms are employed either by all the entities or a set of authorised entities in the system to verify the compliance of the behaviour of various participating entities with the rules of the system. It is often stated that confidentiality, integrity and authentication are the primary interests of cryptology. It is evident from the literature that authentication mechanisms employ confidentiality and integrity services to achieve their goal. Therefore, the fundamental services that any cryptographic algorithm may provide are confidentiality and integrity only. Since controlling the behaviour of the entities is not a feasible cryptologic goal,the verification of the confidentiality of any data is a futile cryptologic exercise. For example, there exists no cryptologic mechanism that would prevent an entity from willingly or unwillingly exposing its private key corresponding to a certified public key. The confidentiality of the data can only be assumed. Therefore, any verification in cryptologic protocols must take the form of integrity verification mechanisms. Thus, compliance verification must take the form of integrity verification in cryptologic protocols. A definition of compliance that is conducive as a cryptologic goal is presented as a guarantee on the confidentiality and integrity services. The definitions are employed to provide a classification mechanism for various message formats in a cryptologic protocol. The classification assists in the characterisation of protocols, which assists in providing a focus for the goals of the research. The resulting concrete goal of the research is the study of those protocols that employ message formats to provide restricted confidentiality and universal integrity services to selected data. The thesis proposes an informal technique to understand, analyse and synthesise the integrity goals of a protocol system. The thesis contains a study of key recovery,electronic cash, peer-review, electronic auction, and electronic voting protocols. All these protocols contain message format that provide restricted confidentiality and universal integrity services to selected data. The study of key recovery systems aims to achieve robust key recovery relying only on the certification procedure and without the need for tamper-resistant system modules. The result of this study is a new technique for the design of key recovery systems called hybrid key escrow. The thesis identifies a class of compliant cryptologic protocols called secure selection protocols (SSP). The uniqueness of this class of protocols is the similarity in the goals of the member protocols, namely peer-review, electronic auction and electronic voting. The problem statement describing the goals of these protocols contain a tuple,(I, D), where I usually refers to an identity of a participant and D usually refers to the data selected by the participant. SSP are interested in providing confidentiality service to the tuple for hiding the relationship between I and D, and integrity service to the tuple after its formation to prevent the modification of the tuple. The thesis provides a schema to solve the instances of SSP by employing the electronic cash technology. The thesis makes a distinction between electronic cash technology and electronic payment technology. It will treat electronic cash technology to be a certification mechanism that allows the participants to obtain a certificate on their public key, without revealing the certificate or the public key to the certifier. The thesis abstracts the certificate and the public key as the data structure called anonymous token. It proposes design schemes for the peer-review, e-auction and e-voting protocols by employing the schema with the anonymous token abstraction. The thesis concludes by providing a variety of problem statements for future research that would further enrich the literature.
Resumo:
Key establishment is a crucial cryptographic primitive for building secure communication channels between two parties in a network. It has been studied extensively in theory and widely deployed in practice. In the research literature a typical protocol in the public-key setting aims for key secrecy and mutual authentication. However, there are many important practical scenarios where mutual authentication is undesirable, such as in anonymity networks like Tor, or is difficult to achieve due to insufficient public-key infrastructure at the user level, as is the case on the Internet today. In this work we are concerned with the scenario where two parties establish a private shared session key, but only one party authenticates to the other; in fact, the unauthenticated party may wish to have strong anonymity guarantees. We present a desirable set of security, authentication, and anonymity goals for this setting and develop a model which captures these properties. Our approach allows for clients to choose among different levels of authentication. We also describe an attack on a previous protocol of Øverlier and Syverson, and present a new, efficient key exchange protocol that provides one-way authentication and anonymity.
Resumo:
Denial-of-service (DoS) attacks are a growing concern to networked services like the Internet. In recent years, major Internet e-commerce and government sites have been disabled due to various DoS attacks. A common form of DoS attack is a resource depletion attack, in which an attacker tries to overload the server's resources, such as memory or computational power, rendering the server unable to service honest clients. A promising way to deal with this problem is for a defending server to identify and segregate malicious traffic as earlier as possible. Client puzzles, also known as proofs of work, have been shown to be a promising tool to thwart DoS attacks in network protocols, particularly in authentication protocols. In this thesis, we design efficient client puzzles and propose a stronger security model to analyse client puzzles. We revisit a few key establishment protocols to analyse their DoS resilient properties and strengthen them using existing and novel techniques. Our contributions in the thesis are manifold. We propose an efficient client puzzle that enjoys its security in the standard model under new computational assumptions. Assuming the presence of powerful DoS attackers, we find a weakness in the most recent security model proposed to analyse client puzzles and this study leads us to introduce a better security model for analysing client puzzles. We demonstrate the utility of our new security definitions by including two hash based stronger client puzzles. We also show that using stronger client puzzles any protocol can be converted into a provably secure DoS resilient key exchange protocol. In other contributions, we analyse DoS resilient properties of network protocols such as Just Fast Keying (JFK) and Transport Layer Security (TLS). In the JFK protocol, we identify a new DoS attack by applying Meadows' cost based framework to analyse DoS resilient properties. We also prove that the original security claim of JFK does not hold. Then we combine an existing technique to reduce the server cost and prove that the new variant of JFK achieves perfect forward secrecy (the property not achieved by original JFK protocol) and secure under the original security assumptions of JFK. Finally, we introduce a novel cost shifting technique which reduces the computation cost of the server significantly and employ the technique in the most important network protocol, TLS, to analyse the security of the resultant protocol. We also observe that the cost shifting technique can be incorporated in any Diffine{Hellman based key exchange protocol to reduce the Diffie{Hellman exponential cost of a party by one multiplication and one addition.
Resumo:
Formal correctness of complex multi-party network protocols can be difficult to verify. While models of specific fixed compositions of agents can be checked against design constraints, protocols which lend themselves to arbitrarily many compositions of agents-such as the chaining of proxies or the peering of routers-are more difficult to verify because they represent potentially infinite state spaces and may exhibit emergent behaviors which may not materialize under particular fixed compositions. We address this challenge by developing an algebraic approach that enables us to reduce arbitrary compositions of network agents into a behaviorally-equivalent (with respect to some correctness property) compact, canonical representation, which is amenable to mechanical verification. Our approach consists of an algebra and a set of property-preserving rewrite rules for the Canonical Homomorphic Abstraction of Infinite Network protocol compositions (CHAIN). Using CHAIN, an expression over our algebra (i.e., a set of configurations of network protocol agents) can be reduced to another behaviorally-equivalent expression (i.e., a smaller set of configurations). Repeated applications of such rewrite rules produces a canonical expression which can be checked mechanically. We demonstrate our approach by characterizing deadlock-prone configurations of HTTP agents, as well as establishing useful properties of an overlay protocol for scheduling MPEG frames, and of a protocol for Web intra-cache consistency.
Resumo:
El següent projecte consisteix en analitzar com funciona un sistema SAN, per tal de veure com es pot obtenir un millor rendiment. L’objectiu principal es saber com es comportarà la nostra SAN muntada amb iSCSI a través de la xarxa, volem veure quines són les operacions, les dades i els resultats que comporta crear una RAID a través de discos no locals d’un ordinador i a través d’una xarxa LAN
Resumo:
IP based networks still do not have the required degree of reliability required by new multimedia services, achieving such reliability will be crucial in the success or failure of the new Internet generation. Most of existing schemes for QoS routing do not take into consideration parameters concerning the quality of the protection, such as packet loss or restoration time. In this paper, we define a new paradigm to develop new protection strategies for building reliable MPLS networks, based on what we have called the network protection degree (NPD). This NPD consists of an a priori evaluation, the failure sensibility degree (FSD), which provides the failure probability and an a posteriori evaluation, the failure impact degree (FID), to determine the impact on the network in case of failure. Having mathematical formulated these components, we point out the most relevant components. Experimental results demonstrate the benefits of the utilization of the NPD, when used to enhance some current QoS routing algorithms to offer a certain degree of protection
Resumo:
This paper presents a study of connection availability in GMPLS over optical transport networks (OTN) taking into account different network topologies. Two basic path protection schemes are considered and compared with the no protection case. The selected topologies are heterogeneous in geographic coverage, network diameter, link lengths, and average node degree. Connection availability is also computed considering the reliability data of physical components and a well-known network availability model. Results show several correspondences between suitable path protection algorithms and several network topology characteristics
Resumo:
Wireless video sensor networks have been a hot topic in recent years; the monitoring capability is the central feature of the services offered by a wireless video sensor network can be classified into three major categories: monitoring, alerting, and information on-demand. These features have been applied to a large number of applications related to the environment (agriculture, water, forest and fire detection), military, buildings, health (elderly people and home monitoring), disaster relief, area and industrial monitoring. Security applications oriented toward critical infrastructures and disaster relief are very important applications that many countries have identified as critical in the near future. This paper aims to design a cross layer based protocol to provide the required quality of services for security related applications using wireless video sensor networks. Energy saving, delay and reliability for the delivered data are crucial in the proposed application. Simulation results show that the proposed cross layer based protocol offers a good performance in term of providing the required quality of services for the proposed application.
Resumo:
Until a few years ago, most of the network communications were based in the wire as the physical media, but due to the advances and the maturity of the wireless communications, this is changing. Nowadays wireless communications offers fast, secure, efficient and reliable connections. Mobile communications are in expansion, clearly driven by the use of smart phones and other mobile devices, the use of laptops, etc… Besides that point, the inversion in the installation and maintenance of the physical medium is much lower than in wired communications, not only because the air has no cost, but because the installation and maintenance of the wire require a high economic cost. Besides the economic cost we find that wire is a more vulnerable medium to external threats such as noise, sabotages, etc… There are two different types of wireless networks: those which the structure is part of the network itself and those which have a lack of structure or any centralization, in a way that the devices that form part of the network can connect themselves in a dynamic and random way, handling also the routing of every control and information messages, this kind of networks is known as Ad-hoc. In the present work we will proceed to study one of the multiple wireless protocols that allows mobile communications, it is Optimized Link State Routing, from now on, OLSR, it is an pro-active routing, standard mechanism that works in a distributed in order to stablish the connections among the different nodes that belong to a wireless network. Thanks to this protocol it is possible to get all the routing tables in all the devices correctly updated every moment through the periodical transmission of control messages and on this way allow a complete connectivity among the devices that are part of the network and also, allow access to other external networks such as virtual private networks o Internet. This protocol could be perfectly used in environments such as airports, malls, etc… The update of the routing tables in all the devices is got thanks to the periodical transmission of control messages and finally it will offer connectivity among all the devices and the corresponding external networks. For the study of OLSR protocol we will have the help of the network simulator “Network Simulator 2”, a freeware network simulator programmed in C++ based in discrete events. This simulator is used mainly in educational and research environments and allows a very extensive range of protocols, both, wired networks protocols and wireless network protocols, what is going to be really useful to proceed to the simulation of different configurations of networks and protocols. In the present work we will also study different simulations with Network Simulator 2, in different scenarios with different configurations, wired networks, and Ad-hoc networks, where we will study OLSR Protocol. RESUMEN. Hasta hace pocos años, la mayoría de las comunicaciones de red estaban basadas en el cable como medio físico pero debido al avance y madurez alcanzados en el campo de las comunicaciones inalámbricas esto está cambiando. Hoy día las comunicaciones inalámbricas nos ofrecen conexiones veloces, seguras, eficientes y fiables. Las comunicaciones móviles se encuentran en su momento de máxima expansión, claramente impulsadas por el uso de teléfonos y demás dispositivos móviles, el uso de portátiles, etc… Además la inversión a realizar en la instalación y el mantenimiento del medio físico en las comunicaciones móviles es muchísimo menor que en comunicaciones por cable, ya no sólo porque el aire no tenga coste alguno, sino porque la instalación y mantenimiento del cable precisan de un elevado coste económico por norma. Además del coste económico nos encontramos con que es un medio más vulnerable a amenazas externas tales como el ruido, escuchas no autorizadas, sabotajes, etc… Existen dos tipos de redes inalámbricas: las constituidas por una infraestructura que forma parte más o menos de la misma y las que carecen de estructura o centralización alguna, de modo que los dispositivos que forman parte de ella pueden conectarse de manera dinámica y arbitraria entre ellos, encargándose además del encaminamiento de todos los mensajes de control e información, a este tipo de redes se las conoce como redes Ad-hoc. En el presente Proyecto de Fin de Carrera se procederá al estudio de uno de los múltiples protocolos inalámbricos que permiten comunicaciones móviles, se trata del protocolo inalámbrico Optimized Link State Routing, de ahora en adelante OLSR, un mecanismo estándar de enrutamiento pro-activo, que trabaja de manera distribuida para establecer las conexiones entre los nodos que formen parte de las redes inalámbricas Ad-hoc, las cuales carecen de un nodo central y de una infraestructura pre-existente. Gracias a este protocolo es posible conseguir que todos los equipos mantengan en todo momento las tablas de ruta actualizadas correctamente mediante la transmisión periódica de mensajes de control y así permitir una completa conectividad entre todos los equipos que formen parte de la red y, a su vez, también permitir el acceso a otras redes externas tales como redes privadas virtuales o Internet. Este protocolo sería usado en entornos tales como aeropuertos La actualización de las tablas de enrutamiento de todos los equipos se conseguirá mediante la transmisión periódica de mensajes de control y así finalmente se podrá permitir conectividad entre todos los equipos y con las correspondientes redes externas. Para el estudio del protocolo OLSR contaremos con el simulador de redes Network Simulator 2, un simulador de redes freeware programado en C++ basado en eventos discretos. Este simulador es usado principalmente en ambientes educativos y de investigación y permite la simulación tanto de protocolos unicast como multicast. El campo donde más se utiliza es precisamente en el de la investigación de redes móviles Ad-hoc. El simulador Network Simulator 2 no sólo implementa el protocolo OLSR, sino que éste implementa una amplia gama de protocolos, tanto de redes cableadas como de redes inalámbricas, lo cual va a sernos de gran utilidad para proceder a la simulación de distintas configuraciones de redes y protocolos. En el presente Proyecto de Fin de Carrera se estudiarán también diversas simulaciones con el simulador NS2 en diferentes escenarios con diversas configuraciones; redes cableadas, redes inalámbricas Ad-hoc, donde se estudiará el protocolo antes mencionado: OLSR. Este Proyecto de Fin de Carrera consta de cuatro apartados distintos: Primeramente se realizará el estudio completo del protocolo OLSR, se verán los beneficios y contrapartidas que ofrece este protocolo inalámbrico. También se verán los distintos tipos de mensajes existentes en este protocolo y unos pequeños ejemplos del funcionamiento del protocolo OLSR. Seguidamente se hará una pequeña introducción al simulador de redes Network Simulator 2, veremos la historia de este simulador, y también se hará referencia a la herramienta extra NAM, la cual nos permitirá visualizar el intercambio de paquetes que se produce entre los diferentes dispositivos de nuestras simulaciones de forma intuitiva y amigable. Se hará mención a la plataforma MASIMUM, encargada de facilitar en un entorno académico software y documentación a sus alumnos con el fin de facilitarles la investigación y la simulación de redes y sensores Ad-hoc. Finalmente se verán dos ejemplos, uno en el que se realizará una simulación entre dos PCs en un entorno Ethernet y otro ejemplo en el que se realizará una simulación inalámbrica entre cinco dispositivos móviles mediante el protocolo a estudiar, OLSR.
