Global ETD Search

391	A multi-modular dynamical cryptosystem based on continuous-interval cellular automata Terrazas Gonzalez, Jesus David 04 January 2013 (has links) This thesis presents a computationally efficient cryptosystem based on chaotic continuous-interval cellular automata (CCA). This cryptosystem increases data protection as demonstrated by its flexibility to encrypt/decrypt information from distinct sources (e.g., text, sound, and images). This cryptosystem has the following enhancements over the previous chaos-based cryptosystems: (i) a mathematical model based on a new chaotic CCA strange attractor, (ii) integration of modules containing dynamical systems to generate complex sequences, (iii) generation of an unlimited number of keys due to the features of chaotic phenomena obtained through CCA, which is an improvement over previous symmetric cryptosystems, and (iv) a high-quality concealment of the cryptosystem strange attractor. Instead of using differential equations, a process of mixing chaotic sequences obtained from CCA is also introduced. As compared to other recent approaches, this mixing process provides a basis to achieve higher security by using a higher degree of complexity for the encryption/decryption processes. This cryptosystem is tested through the following three methods: (i) a stationarity test based on the invariance of the first ten statistical moments, (ii) a polyscale test based on the variance fractal dimension trajectory (VFDT) and the spectral fractal dimension (SFD), and (iii) a surrogate data test. This cryptosystem secures data from distinct sources, while leaving no patterns in the ciphertexts. This cryptosystem is robust in terms of resisting attacks that: (i) identify a chaotic system in the time domain, (ii) reconstruct the chaotic attractor by monitoring the system state variables, (iii) search the system synchronization parameters, (iv) statistical cryptanalysis, and (v) polyscale cryptanalysis. cryptography cryptosystems cryptology cryptanalysis encryption continuous cellular automata cellular automata chaos dynamical systems data protection image encryption network security safety sound encryption text encryption e-Applications e-Services networked computer systems
392	A multi-modular dynamical cryptosystem based on continuous-interval cellular automata Terrazas Gonzalez, Jesus David 04 January 2013 (has links) This thesis presents a computationally efficient cryptosystem based on chaotic continuous-interval cellular automata (CCA). This cryptosystem increases data protection as demonstrated by its flexibility to encrypt/decrypt information from distinct sources (e.g., text, sound, and images). This cryptosystem has the following enhancements over the previous chaos-based cryptosystems: (i) a mathematical model based on a new chaotic CCA strange attractor, (ii) integration of modules containing dynamical systems to generate complex sequences, (iii) generation of an unlimited number of keys due to the features of chaotic phenomena obtained through CCA, which is an improvement over previous symmetric cryptosystems, and (iv) a high-quality concealment of the cryptosystem strange attractor. Instead of using differential equations, a process of mixing chaotic sequences obtained from CCA is also introduced. As compared to other recent approaches, this mixing process provides a basis to achieve higher security by using a higher degree of complexity for the encryption/decryption processes. This cryptosystem is tested through the following three methods: (i) a stationarity test based on the invariance of the first ten statistical moments, (ii) a polyscale test based on the variance fractal dimension trajectory (VFDT) and the spectral fractal dimension (SFD), and (iii) a surrogate data test. This cryptosystem secures data from distinct sources, while leaving no patterns in the ciphertexts. This cryptosystem is robust in terms of resisting attacks that: (i) identify a chaotic system in the time domain, (ii) reconstruct the chaotic attractor by monitoring the system state variables, (iii) search the system synchronization parameters, (iv) statistical cryptanalysis, and (v) polyscale cryptanalysis. cryptography cryptosystems cryptology cryptanalysis encryption continuous cellular automata cellular automata chaos dynamical systems data protection image encryption network security safety sound encryption text encryption e-Applications e-Services networked computer systems
393	Identifica??o remota de sistemas operacionais utilizando an?lise de processos aleat?rios e redes neurais artificiais Medeiros, Jo?o Paulo de Souza 19 June 2009 (has links) Made available in DSpace on 2014-12-17T14:55:36Z (GMT). No. of bitstreams: 1 JoaoPSM.pdf: 2736653 bytes, checksum: 0b1bd7853a47877b24c5f2042e0a5d8e (MD5) Previous issue date: 2009-06-19 / Petr?leo Brasileiro SA - PETROBRAS / A new method to perform TCP/IP fingerprinting is proposed. TCP/IP fingerprinting is the process of identify a remote machine through a TCP/IP based computer network. This method has many applications related to network security. Both intrusion and defence procedures may use this process to achieve their objectives. There are many known methods that perform this process in favorable conditions. However, nowadays there are many adversities that reduce the identification performance. This work aims the creation of a new OS fingerprinting tool that bypass these actual problems. The proposed method is based on the use of attractors reconstruction and neural networks to characterize and classify pseudo-random numbers generators / ? proposto um novo m?todo para identifica??o remota de sistemas operacionais que operam em redes TCP/IP. Este m?todo possui diversas aplica??es relacionadas ? seguran?a em redes de computadores e ? normalmente adotado tanto em atividades de ataque quanto de defesa de sistemas. O m?todo proposto ? capaz de obter sucesso em situa??es onde diversas solu??es atuais falham, inclusive no tratamento com dispositivos possivelmente vulner?veis ao processo de identifica??o. O novo m?todo realiza a an?lise dos geradores de n?meros aleat?rios usados nas pilhas TCP/IP e, atrav?s do uso de redes neurais artificiais, cria mapas que representam o comportamento destes geradores. Tais mapas s?o usados para compara??o com mapas rotulados que representam sistemas j? conhecidos, concretizando o processo de identifica??o Identifica??o de pilha TCP/IP Seguran?a em redes de computadores Identifica??o de honeypots OS fingerprinting TCP/IP fingerprinting Network security Honeypots indentification CNPQ::ENGENHARIAS::ENGENHARIA ELETRICA
394	Uma ferramenta de manipula??o de pacotes para an?lise de protocolos de redes industriais baseados em TCP/IP Kobayashi, Tiago Hiroshi 07 June 2009 (has links) Made available in DSpace on 2014-12-17T14:55:38Z (GMT). No. of bitstreams: 1 TiagoHK.pdf: 2636025 bytes, checksum: ce24354f7859d7a6bcea2ea448265402 (MD5) Previous issue date: 2009-06-07 / This work presents a packet manipulation tool developed to realize tests in industrial devices that implements TCP/IP-based communication protocols. The tool was developed in Python programming language, as a Scapy extension. This tool, named IndPM- Industrial Packet Manipulator, can realize vulnerability tests in devices of industrial networks, industrial protocol compliance tests, receive server replies and utilize the Python interpreter to build tests. The Modbus/TCP protocol was implemented as proof-of-concept. The DNP3 over TCP protocol was also implemented but tests could not be realized because of the lack of resources. The IndPM results with Modbus/TCP protocol show some implementation faults in a Programmable Logic Controller communication module frequently utilized in automation companies / Neste trabalho ? apresentada uma ferramenta de manipula??o de pacotes destinada ? realiza??o de testes em dispositivos que implementam protocolos de comunica??o baseados em TCP/IP utilizados em redes industriais. A ferramenta foi desenvolvida em linguagem de programa??o Python, como uma extens?o ao Scapy. Esta ferramenta, denominada IndPM - Industrial Packet Manipulator, permite testar os dispositivos presentes em redes industriais em rela??o a poss?veis vulnerabilidades, realizar testes de conformidade de protocolos, coletar respostas de servidores existentes nas redes e utilizar os recursos do interpretador Python para compor testes. Como prova de conceito, foi implementado o protocolo Modbus/TCP. O protocolo DNP3 sobre TCP tamb?m foi implementado, mas n?o foi testado por indisponibilidade de recursos. Os resultados dos testes obtidos com a manipula??o de pacotes Modbus/TCP mostram falhas de implementa??o em um m?dulo de comunica??o para um Controlador L?gico Program?vel bastante utilizado na ind?stria Seguran?a em redes industriais Modbus/TCP DNP3 sobre TCP Industrial network security Critical infrastructure security Industrial protocols compliance tests Modbus/TCP DNP3 over TCP CNPQ::ENGENHARIAS::ENGENHARIA ELETRICA
395	Verificação formal de protocolos de trocas justas utilizando o metodo de espaços de fitas / Formal verification of fair exchange protocols using the strand spaces method Piva, Fabio Rogério, 1982- 13 August 2018 (has links) Orientador: Ricardo Dahab / Dissertação (mestrado) - Universidade Estadual de Campinas, Instituto de Computação / Made available in DSpace on 2018-08-13T10:57:18Z (GMT). No. of bitstreams: 1 Piva_FabioRogerio_M.pdf: 1281624 bytes, checksum: 2d4f949b868d1059e108b1cd79314629 (MD5) Previous issue date: 2009 / Resumo: Os protocolos de trocas justas foram propostos como solução para o problema da troca de itens virtuais, entre duas ou mais entidades, sem que haja a necessidade de confiança entre elas. A popularização da internet criou uma crescente classe de usuários leigos que diariamente participam de transações de troca, como comercio eletrônico (e-commerce), internet banking, redes ponto-a-ponto (P2P), etc. Com tal demanda por justiça, e preciso garantir que os protocolos de trocas justas recebam a mesma atenção acadêmica dedicada aos protocolos clássicos. Neste contexto, fazem-se necessárias diretrizes de projeto, ferramentas de verificação, taxonomias de ataques e quaisquer outros artefatos que possam auxiliar na composição de protocolos sem falhas. Neste trabalho, apresentamos um estudo sobre o problema de trocas justas e o atual estado da arte das soluções propostas, bem como a possibilidade de criar, a partir de técnicas para a verificação formal e detecção de falhas em protocolos clássicos, metodologias para projeto e correção de protocolos de trocas justas. / Abstract: Fair exchange protocols were first proposed as a solution to the problem of exchanging digital items, between two or more entities, without forcing them to trust each other. The popularization of the internet resulted in an increasing amount of lay users, which constantly participate in exchange transactions, such as electronic commerce (ecommerce), internet banking, peer-to-peer networks (P2P), etc. With such demand for fairness, we need to ensure that fair exchange protocols receive the same amount of attention, from academia, as classic protocols do. Within this context, project guideliness are needed, and so are verification tools, taxonomies of attack, and whatever other artifacts that may help correct protocol design. In this work we present a study on the fair exchange problem and the current state-of-the-art of proposed solutions, as well as a discussion on the possibility of building, from currently available formal verification and attack detection techniques for classic protocols, methods for fair exchange protocols design and correction. / Mestrado / Ciência da Computação / Mestre em Ciência da Computação Criptografia Métodos formais (Computação) Redes de computadores - Protocolos Cryptography Strand spaces (Computer Science) Formal methods (Computer Science) Computer network protocols Computer network security
396	UM MODELO DE ATUALIZAÇÃO AUTOMÁTICA DO MECANISMO DE DETECÇÃO DE ATAQUES DE REDE PARA SISTEMAS DE DETECÇÃO DE INTRUSÃO / A MODEL OF AUTOMATIC UPDATE OF THE MECHANISM OF DETENTION OF ATTACKS OF NET FOR SYSTEMS OF INTRUSION DETENTION Dias, Rômulo Alves 21 November 2003 (has links) Made available in DSpace on 2016-08-17T14:52:54Z (GMT). No. of bitstreams: 1 Romulo Alves Dias.PDF: 2725851 bytes, checksum: eaa8311ad62c875b230e288dfc66efa3 (MD5) Previous issue date: 2003-11-21 / The obsolescence of the IDS's attack identification mechanisms critically compromises the security level of the networks. This research work presents a proposal of a automatic updating model of the network attack detection mechanism for intrusion detection systems based on a society of intelligent agents. The Security Central Agency, a component of the model, distributes a mini-society of attack detection agents, called SAARA, that uses a neural network trained with data captured from several network traffic sources. A computational implementation of the SAARA model, focusing data driven attack detection, is presented for the multiagent IDS NIDIA. / A obsolescência dos mecanismos de identificação de ataques dos SDI´s tem comprometido de forma crítica o nível de segurança das redes de computadores. Esta dissertação apresenta uma proposta de um modelo de atualização automática do mecanismo de detecção de ataques de rede para sistemas de detecção de intrusão baseados na noção de sociedade de agentes inteligentes. A Agência Central de Segurança integrante deste modelo distribui uma mini-sociedade de agentes de detecção de ataque, denominada de SAARA, que utiliza uma rede neural treinada a partir de dados coletados de diversas fontes de tráfego. Uma implementação computacional da SAARA, abordando detecção de ataques orientados a dados, é apresentada dentro do contexto do SDI multiagentes NIDIA. detecção de intrusos segurança de redes de computadores ataques baseados em conteúdo redes neurais intrusion detection network security data driven attacks neural networks
397	SISTEMA DE DETECÇÃO DE INTRUSOS EM ATAQUES ORIUNDOS DE BOTNETS UTILIZANDO MÉTODO DE DETECÇÃO HÍBRIDO / Intrusion Detection System in Attacks Coming from Botnets Using Method Hybrid Detection CUNHA NETO, Raimundo Pereira da 28 July 2011 (has links) Made available in DSpace on 2016-08-17T14:53:19Z (GMT). No. of bitstreams: 1 dissertacao Raimundo.pdf: 3146531 bytes, checksum: 40d7a999c6dda565c6701f7cc4a171aa (MD5) Previous issue date: 2011-07-28 / The defense mechanisms expansion for cyber-attacks combat led to the malware evolution, which have become more structured to break these new safety barriers. Among the numerous malware, Botnet has become the biggest cyber threat due to its ability of controlling, the potentiality of making distributed attacks and because of the existing structure of control. The intrusion detection and prevention has had an increasingly important role in network computer security. In an intrusion detection system, information about the current situation and knowledge about the attacks contribute to the effectiveness of security process against this new cyber threat. The proposed solution presents an Intrusion Detection System (IDS) model which aims to expand Botnet detectors through active objects system by proposing a technology with collect by sensors, preprocessing filter and detection based on signature and anomaly, supported by the artificial intelligence method Particle Swarm Optimization (PSO) and Artificial Neural Networks. / A ampliação dos mecanismos de defesas no uso do combate de ataques ocasionou a evolução dos malwares, que se tornaram cada vez mais estruturados para o rompimento destas novas barreiras de segurança. Dentre os inúmeros malwares, a Botnet tornou-se uma grande ameaça cibernética, pela capacidade de controle e da potencialidade de ataques distribuídos e da estrutura de controle existente. A detecção e a prevenção de intrusão desempenham um papel cada vez mais importante na segurança de redes de computadores. Em um sistema de detecção de intrusão, as informações sobre a situação atual e os conhecimentos sobre os ataques tornam mais eficazes o processo de segurança diante desta nova ameaça cibernética. A solução proposta apresenta um modelo de Sistema de Detecção de Intrusos (IDS) que visa na ampliação de detectores de Botnet através da utilização de sistemas objetos ativos, propondo uma tecnologia de coleta por sensores, filtro de pré-processamento e detecção baseada em assinatura e anomalia, auxiliado pelo método de inteligência artificial Otimização de Enxame da Partícula (PSO) e Redes Neurais Artificiais. Segurança de Redes Botnets Sistema de Detecção de Intrusos - IDS Redes Neurais Artificiais Network Security Botnet Intrusion Detection System - IDS Particle Swarm Optimization - PSO Artificial Neural Networks
398	Provendo segurança em redes definidas por software através da integração com sistemas de detecção e prevenção de intrusão Fernandes, Henrique Santos 03 July 2017 (has links) Submitted by Patrícia Cerveira (pcerveira1@gmail.com) on 2017-06-07T20:29:49Z No. of bitstreams: 1 Henrique_Fernandes Dissertação.pdf: 2826928 bytes, checksum: f7388a5396e90a8444a4aac05feada53 (MD5) / Approved for entry into archive by Biblioteca da Escola de Engenharia (bee@ndc.uff.br) on 2017-07-03T14:05:51Z (GMT) No. of bitstreams: 1 Henrique_Fernandes Dissertação.pdf: 2826928 bytes, checksum: f7388a5396e90a8444a4aac05feada53 (MD5) / Made available in DSpace on 2017-07-03T14:05:51Z (GMT). No. of bitstreams: 1 Henrique_Fernandes Dissertação.pdf: 2826928 bytes, checksum: f7388a5396e90a8444a4aac05feada53 (MD5) / Os Sistemas de Detecção e Prevenção de Intrusão são fundamentais para a segurança da rede de computadores, inspecionar o tráfego da rede em tempo real em busca de intrusos para garantir uma rede confiável é um dos seus papéis. Porém a falta de integração com os ativos da rede é um dos principais fatores que limitam sua atuação. O conceito de Redes Definidas por Software visa diminuir a falta de integração entre os ativos de rede devido a separação do plano de dados do plano de controle. Diante da limitação da integração entre os ativos de redes e os Sistemas de Detecção e Prevenção de Intrusão, o presente estudo propõe, desenvolve e demonstra o IDSFlow, um modelo de integração de sistemas de detecção de intrusão em redes definidas por software. Para validar o IDSFlow, foram realizados testes utilizando o Openflow, o Mininet, CPqD e o Snort. Os resultados obtidos pelos algorítimos desenvolvidos e apresentados mostram a capacidade de integração proposta, é possível verificar a viabilidade de utilizar as regras já existentes e funcionais para o Snort assim como utilizar o histórico de utilização da rede para aumentar a efetividade da detecção e dos bloqueios de intrusos. / Intrusion Detection and Prevention Systems are fundamental to the network security, to inspect the traffic in real time seeking intruders to ensure a reliable network is one of it’s roles. However the lack of integration between the network equipments, is one of the biggest factors to limit its operations. The concept of Software Defined Networks aims to reduce the lack of integration among network assets due to the separation of the data plan from the control plan. Given the limitation of integration between networks assets and Intrusion Detection and Prevention Systems, the present study proposes, develops and demonstrates IDSFlow, an integration model of intrusion detection systems in softwaredefined networks. To validate IDSFlow, tests were run using Openflow, Mininet, CPqD and Snort. The results obtained by the algorithms developed and presented show the proposed integration capacity, it is possible to verify the feasibility of using the existing and functional rules for Snort as well as to use the network usage history to increase the effectiveness of intrusion detection and block. SDN Openflow Snort IDS Rede de Computadores IPS NIDS Segurança Análise de tráfego Redes definidas por software Rede de computadores Segurança de dados on-line Fluxo contínuo Sistema de telecomunicação Software defined networks Networks Network Security Security
399	Enhancing security and scalability of Virtual Private LAN Services Liyanage, M. (Madhusanka) 21 November 2016 (has links) Abstract Ethernet based VPLS (Virtual Private LAN Service) is a transparent, protocol independent, multipoint L2VPN (Layer 2 Virtual Private Network) mechanism to interconnect remote customer sites over IP (Internet Protocol) or MPLS (Multiprotocol Label Switching) based provider networks. VPLS networks are now becoming attractive in many Enterprise applications, such as DCI (data center interconnect), voice over IP (VoIP) and videoconferencing services due to their simple, protocol-independent and cost efficient operation. However, these new VPLS applications demand additional requirements, such as elevated security, enhanced scalability, optimum utilization of network resources and further reduction in operational costs. Hence, the motivation of this thesis is to develop secure and scalable VPLS architectures for future communication networks. First, a scalable secure flat-VPLS architecture is proposed based on a Host Identity Protocol (HIP). It contains a session key-based security mechanism and an efficient broadcast mechanism that increase the forwarding and security plane scalability of VPLS networks. Second, a secure hierarchical-VPLS architecture is proposed to achieve control plane scalability. A novel encrypted label-based secure frame forwarding mechanism is designed to transport L2 frames over a hierarchical VPLS network. Third, a novel Distributed Spanning Tree Protocol (DSTP) is designed to maintain a loop free Ethernet network over a VPLS network. With DSTP it is proposed to run a modified STP (Spanning Tree Protocol) instance in each remote segment of the VPLS network. In addition, two Redundancy Identification Mechanisms (RIMs) termed Customer Associated RIMs (CARIM) and Provider Associated RIMs (PARIM) are used to mitigate the impact of invisible loops in the provider network. Lastly, a novel SDN (Software Defined Networking) based VPLS (Soft-VPLS) architecture is designed to overcome tunnel management limitations in legacy secure VPLS architectures. Moreover, three new mechanisms are proposed to improve the performance of legacy tunnel management functions: 1) A dynamic tunnel establishment mechanism, 2) a tunnel resumption mechanism and 3) a fast transmission mechanism. The proposed architecture utilizes a centralized controller to command VPLS tunnel establishment based on real-time network behavior. Hence, the results of the thesis will help for more secure, scalable and efficient system design and development of VPLS networks. It will also help to optimize the utilization of network resources and further reduction in operational costs of future VPLS networks. / Tiivistelmä Ethernet-pohjainen VPLS (Virtual Private LAN Service) on läpinäkyvä, protokollasta riippumaton monipisteverkkomekanismi (Layer 2 Virtual Private Network, L2VPN), jolla yhdistetään asiakkaan etäkohteet IP (Internet Protocol)- tai MPLS (Multiprotocol Label Switching) -yhteyskäytäntöön pohjautuvien palveluntarjoajan verkkojen kautta. VPLS-verkoista on yksinkertaisen protokollasta riippumattoman ja kustannustehokkaan toimintatapansa ansiosta tullut kiinnostavia monien yrityssovellusten kannalta. Tällaisia sovelluksia ovat esimerkiksi DCI (Data Center Interconnect), VoIP (Voice over IP) ja videoneuvottelupalvelut. Uusilta VPLS-sovelluksilta vaaditaan kuitenkin uusia asioita, kuten parempaa tietoturvaa ja skaalautuvuutta, optimaalista verkkoresurssien hyödyntämistä ja käyttökustannusten pienentämistä entisestään. Tämän väitöskirjan tarkoituksena onkin kehittää turvallisia ja skaalautuvia VPLS-arkkitehtuureja tulevaisuuden tietoliikenneverkoille. Ensin väitöskirjassa esitellään skaalautuva ja turvallinen flat-VPLS-arkkitehtuuri, joka perustuu Host Identity Protocol (HIP) -protokollaan. Seuraavaksi käsitellään istuntoavaimiin perustuvaa tietoturvamekanismia ja tehokasta lähetysmekanismia, joka parantaa VPLS-verkkojen edelleenlähetyksen ja tietoturvatason skaalautuvuutta. Tämän jälkeen esitellään turvallinen, hierarkkinen VPLS-arkkitehtuuri, jolla saadaan aikaan ohjaustason skaalautuvuus. Väitöskirjassa kuvataan myös uusi salattu verkkotunnuksiin perustuva tietokehysten edelleenlähetysmekanismi, jolla L2-kehykset siirretään hierarkkisessa VPLS-verkossa. Lisäksi väitöskirjassa ehdotetaan uuden Distributed Spanning Tree Protocol (DSTP) -protokollan käyttämistä vapaan Ethernet-verkkosilmukan ylläpitämiseen VPLS-verkossa. DSTP:n avulla on mahdollista ajaa muokattu STP (Spanning Tree Protocol) -esiintymä jokaisessa VPLS-verkon etäsegmentissä. Väitöskirjassa esitetään myös kaksi Redundancy Identification Mechanism (RIM) -mekanismia, Customer Associated RIM (CARIM) ja Provider Associated RIM (PARIM), joilla pienennetään näkymättömien silmukoiden vaikutusta palveluntarjoajan verkossa. Viimeiseksi ehdotetaan uutta SDN (Software Defined Networking) -pohjaista VPLS-arkkitehtuuria (Soft-VPLS) vanhojen turvallisten VPLS-arkkitehtuurien tunnelinhallintaongelmien poistoon. Näiden lisäksi väitöskirjassa ehdotetaan kolmea uutta mekanismia, joilla voidaan parantaa vanhojen arkkitehtuurien tunnelinhallintatoimintoja: 1) dynaaminen tunnelinluontimekanismi, 2) tunnelin jatkomekanismi ja 3) nopea tiedonsiirtomekanismi. Ehdotetussa arkkitehtuurissa käytetään VPLS-tunnelin luomisen hallintaan keskitettyä ohjainta, joka perustuu reaaliaikaiseen verkon käyttäytymiseen. Tutkimuksen tulokset auttavat suunnittelemaan ja kehittämään turvallisempia, skaalautuvampia ja tehokkaampia VLPS järjestelmiä, sekä auttavat hyödyntämään tehokkaammin verkon resursseja ja madaltamaan verkon operatiivisia kustannuksia. Host Identity Protocol Software Defined Networking Spanning Tree Protocol Virtual Private LAN Services Virtual Private Networks network security scalability Host Identity Protocol Software-defined Networking (SDN) Spanning Tree Protocol VPLS VPN-verkot skaalautuvuus verkon tietoturva
400	Vers une solution de contrôle d’admission sécurisée dans les réseaux mesh sans fil / Towards a secure admission control in a wireless mesh networks Dromard, Juliette 06 December 2013 (has links) Les réseaux mesh sans fil (Wireless Mesh Networks-WMNs) sont des réseaux facilement déployables et à faible coût qui peuvent étendre l’Internet dans des zones où les autres réseaux peuvent difficilement accéder. Cependant, plusieurs problèmes de qualité de service (QoS) et de sécurité freinent le déploiement à grande échelle des WMNs. Dans cette thèse, nous proposons un modèle de contrôle d’admission (CA) et un système de réputation afin d’améliorer les performances du réseau mesh et de le protéger des nœuds malveillants. Notre système de CA vise à assurer la QoS des flux admis dans le réseau en termes de bande passante et de délai tout en maximisant l’utilisation de la capacité du canal. L’idée de notre solution est d’associer au contrôle d’admission une planification de liens afin d’augmenter la bande passante disponible. Nous proposons également un système de réputation ayant pour but de détecter les nœuds malveillants et de limiter les fausses alertes induites par la perte de paquets sur les liens du réseau. L’idée de notre solution est d’utiliser des tests statistiques comparant la perte de paquets sur les liens avec un modèle de perte préétabli. De plus, il comprend un système de surveillance composé de plusieurs modules lui permettant détecter un grand nombre d’attaques. Notre CA et notre système de réputation ont été validés, les résultats montrent qu’ils atteignent tous deux leurs objectifs / Wireless mesh networks (WMNs) are a very attractive new ﬁeld of research. They are low cost, easily deployed and high performance solution to last mile broadband Internet access. However, they have to deal with security and quality of service issues which prevent them from being largely deployed. In order to overcome these problems, we propose in this thesis two solutions: an admission control with links scheduling and a reputation system which detects bad nodes. These solutions have been devised in order to further merge into a secure admission control. Our admission control schedules dynamically the network’s links each time a new flow is accepted in the network. Its goal is to accept only flows which constraints in terms of delay and bandwidth can be respected, increase the network capacity and decrease the packet loss. Our reputation system aims at assigning each node of the network a reputation which value reflects the real behavior of the node. To reach this goal this reputation system is made of a monitoring tool which can watch many types of attacks and consider the packet loss of the network. The evaluations of our solutions show that they both meet their objectives in terms of quality of service and security Contrôle d'admission des connexions Systèmes de communication sans fil Network performance (telecommunication) Wireless communication system Time division multiple access Computer network -- security measures 621 004

Search results