171 |
Správa sítí s Mobile IP pomocí SNMP / Managing Mobile IP enabled networks with SNMP protocolZávodný, Ondřej January 2011 (has links)
The content of this thesis is to research possibilities of using SNMP for management of Mobile IP activated entities. The first two chapters deal with theoretical analysis of Mobile IP protocol, and Simple Network Management Protocol. The Mobile IP protocol analysis focuses especially on the elements Home agent and Foreign agent. In the SNMP chapter the analysis focuses mainly on ways to exchange messages. Another part of the document is devoted to a description of laboratory networks com- posed of routers Cisco 1841 and the configuration of them. Finally is described the programmed application to manager these devices in JAVA, which is included in Annex. The program periodically sends SNMP queries and finds relationships between the Home agent and the mobile nodes, and between the foreign agent and the mobile nodes. The application has a user-friendly interface that is shown on the attached flash animation. Finally, the thesis summarizes the concepts described in previous chapters and the goals to achieve.
|
172 |
Vyhledávání nejdelšího shodného prefixu ve vysokorychlostních sítích / Longest Prefix Match in High-Speed NetworksSkačan, Martin January 2013 (has links)
This thesis deals with the Longest Prefix Matching (LPM), which is a time-critical operation in packet forwarding. To achieve 100Gbps throughput, this operation has to be implemented in hardware and a forwarding table has to fit into the on-chip memory, which is limited by its small size. Current LPM algorithms need large memory to store IPv6 forwarding tables or cannot be simply implemented in HW. Therefore we performed an analysis of available IPv6 forwarding tables and several LPM algorithms. Based on this analysis, we propose a new algorithm which is able to provide very low memory demands for IPv4/IPv6 lookups. To the best of our knowledge, the proposed algorithm has the lowest memory requirements in comparison to existing LPM algorithms. Moreover, the proposed algorithm is suitable for IP lookup in 100Gbps networks, which is shown on new pipelined hardware architecture with 140Gbps throughput.
|
173 |
Interaktivní webové rozhraní pro zobrazení ip flow dat / Interactive Web Interface for IP Flow DataSalač, Radek January 2012 (has links)
This thesis describes development of application for analyzing IP flow data. The author conducts relative comparison of already existing protocols and tools and studies theirs pro's and con's. Based on this comparison and features requested by users, author develops his own application primarly focused on interactive and user-friendly interface for working with IP flow data.
|
174 |
The Design and Application of a Simplified Guaranteed Service for the InternetOssipov, Evgueni January 2003 (has links)
Much effort today in the Internet research community isaimed at providing network services for applications that werenot under consideration when the Internet was originallydesigned. Nowadays the network has to support real-timecommunication services that allow clients to transportinformation with expectations on network performance in termsof loss rate, maximum end-to-end delay, and maximum delayjitter. Today there exist two quality of service (QoS)architecture for the Internet: The integrated services, whichis usually referred to as intserv, and the differentiatedservices referred to as diffserv. Although the intserv clearlydefines the quality levels for each of its three serviceclasses, the limited scalability of this QoS architecture is acontinuous topic for discussion among the researchers. Theanalysis of the tradeoffs of the two QoS architecturesmotivated us to design a new QoS architecture which will takethe strength of the existing approaches and will combine themin a simpler, efficient and more scalable manner. In this LicentiateThesis we introduce a guaranteed servicefor the Internet, which definition is similar to the one inintserv: The guaranteed service (GS) is a network servicerecommended for applications with firm requirements on qualityof end-to-end communication. The service should provide zeropacket loss in routers and tightly bound the end-to-end delay.The capacity for a GS connection should be explicitly reservedin every router along a path of a connection. However, incontrary to intserv the necessary quality level will beprovided without per-flow scheduling in the core routers, whichis the major drawback of the intserv architecture. We use thediffserv principle of dealing with aggregates in the corenetwork since this approach is proven to be scalable andefficient. The thesis considers two major building blocks of the newarchitecture: The packet scheduling and the signaling protocol.We have developed a special scheduling algorithm. Our formaland experimental analysis of its delay properties shows thatthe maximum end-to-end delay is acceptable for real-timecommunication. Moreover, our scheme provides a fair service tothe traffic of other service classes. In order to achieve thedesired QoS level, a sufficient amount of capacity should bereserved for the GS connections in all intermediate routersend-to-end. We have developed a both simple and robustsignaling protocol. The realization of our protocol shows thatrouters are able to process up to 700,000 signaling messagesper second without overloading the processor. / NR 20140805
|
175 |
Towards Trojan Detection from a Raw BitstreamSimpson, Corey Ryan 23 March 2022 (has links)
Many avenues exist to insert malicious circuitry into an FPGA designs, including compromised CAD tools, overwriting bitstream files, and post-deployment attacks. The proprietary nature of the Xilinx bitstreams precludes the ability to validate an implemented design. This thesis introduces the BitRec and IPRec projects in an effort to support trojan detection tools. BitRec provides a novel approach to mapping of the Xilinx bitstream format into FPGA features in order to recreate the original design's netlist. BitRec supports the 7 Series, UltraScale and UltraScale+ architectures. IPRec then provides a novel approach to recognizing parameterizable IP within a flattened netlist in an effort to eliminate large sections of trusted circuitry from needing to be analyzed by a trojan detection tool.
|
176 |
TCP Reaction to Rapid Changes of the Link Characteristics due to Handover in a Mobile EnvironmentRonquist, Mattias January 1999 (has links)
The Transmission Control Protocol (TCP), used in the Internet, was not developed for a mobile, wireless environment. One reason why TCP might encounter problems in such an environment is rapid changes of the link characteristics. These rapid changes can occur due to handover between two subnetworks (macro handover), e.g., when a mobile node switches between different access networks. A possible and realistic handover scenario could be when a mobile node is roaming between a high bandwidth local area network (LAN) with limited coverage and a low bandwidth radio link with wide area coverage. The goals of this thesis were to set up a realistic environment for measurements of the handover performance of TCP, and to observe TCP behavior when the link characteristics suddenly change. Further objectives were to analyze the results and propose solutions for improving the performance. The mobility management in the measurement setup is handled by Mobile IP. Handovers are performed between a wireless LAN (WaveLAN) and a PPP link over a GSM circuit switched data connection. Our investigation shows that several spurious TCP timeouts occur after handover from the fast link to the slow link, triggering unnecessary retransmissions and hence resulting in TCP performance degradation. To avoid unnecessary retransmissions, we suggest a resetting of the retransmission timeout value (RTO) at the moment of handover. In the case of handover from the low bandwidth link (PPP) to the high bandwidth link (WaveLAN), our measurements show that queued packets in the link layer buffer continue to flow over the PPP link even after the handover. The high bandwidth available after the switch is thus poorly utilized before the buffer of the low bandwidth link has been emptied. The IP sending process should delay putting packets in the queue of a slow link, thus avoiding large link layer queues and enabling utilization of the high bandwidth link faster. This could be achieved by flow control between the IP layer and the link layer. After the packets have started flowing over the WaveLAN, the RTO value is unnecessarily high, which could result in extensive delays in the case of packet losses. To alleviate the problems we recommend resetting the RTO value or modifying the algorithm for calculating the RTO value to faster adapt to sudden and significant decrease of the round-trip time (RTT) in the case of handover. In both handover scenarios mentioned above we have found that a small window size is favorable to mitigate the negative effects due to the rapid changes of the link characteristics. The use of Active Queue Management to avoid large window sizes would be an interesting approach for future investigations. Another interesting approach could be to have flow control between the IP layer and the link layer to avoid a large link layer queue when the handover from [one link to another occurs.]
|
177 |
3rd Party IP Encryption from Netlist to Bitstream for Xilinx 7-Series FPGAsHutchings, Daniel 14 August 2023 (has links) (PDF)
IP vendors need to keep the internal designs of their IP secret from the IP user for security or commercial reasons. The CAD tools provided by FPGA vendors have some built-in functionality to encrypt the IP. However, the IP is consequently decrypted by the CAD tools in order to run the IP through the design flow. An IP user can use APIs provided by the CAD tools to recreate the IP in an unencrypted state. An IP user could also easily learn the internals of a protected IP with the advent of new open-source bitstream to netlist tools. The user can simply generate a bitstream that includes the protected IP and then use the tools to create a netlist of the third party IP, exposing the internals of IP. Any solution to keep IP protected must keep the IP encrypted through the CAD tools and bitstream generation all the way to FPGA configuration. This thesis presents a design methodology, along with a proof-of-concept tool, that demonstrates how IP can remain partially encrypted through the CAD flow and into the bitstream. It shows how this approach can support multiple encryption keys from different vendors, and can be deployed using existing CAD tools and FPGA families. Results are presented that document the benefits and costs of using such an approach to provide much greater protection for 3rd party IP.
|
178 |
Postabsorptive Glucose Decreases the Excitatory Effects of Taste on IngestionBedard, Michel 12 1900 (has links)
To test the hypothesis that postprandial rises of plasma
glucose attenuate the motivation derived from positive
tastes, I analyzed the effects of intraperitoneal (ip)
injections of glucose on sham feeding, a preparation in
which food intake is motivated primarily by taste
sensations. IP glucose suppressed sham feeding, with
maximal suppressions approximating 42%, but only when
glucose was administered contiguous with oropharyngeal
stimulation. The food intake inhibition produced by ip
glucose interacted with palatability; smaller doses of
glucose were required to suppress less concentrated sucrose
solutions. Closing the gastric cannula increased the
potency with which ip glucose inhibited eating suggesting
synergy of postabsorptive glucose with other postgastric
satiety signals. The inhibition of eating produced by ip
glucose did not result from malaise. Thus, postabsorptive
rises of plasma glucose decrease the ability of taste cues
to drive ingestion and suggest that this phenomenon may
contribute to spontaneous meal termination. / Thesis / Master of Science (MSc)
|
179 |
A Framework for Providing Redundancy and Robustness in Key Management for IPsec Security Associations in a Mobile Ad-Hoc EnvironmentHadjichristofi, George Costa 23 September 2005 (has links)
This research investigated key management in a Mobile Ad Hoc Network (MANET) environment. At the time this research began key management schemes provided limited functionality and low service availability in a highly partitioned ad hoc environment. The purpose of this research was to develop a framework that provides redundancy and robustness for Security Association (SA) establishment between pairs of nodes.
The key contribution of this research is the Key Management System (KMS) framework and, more specifically, the unique way the various components are integrated to provide the various functionalities. The KMS overcomes the limitations of previous systems by (1) minimizing pre-configuration, (2) increasing service availability, (3) and increasing flexibility for new nodes joining the network. A behavior grading scheme provides the network with a system-wide view of the trustworthiness of nodes and enables the KMS to dynamically adjust its configuration according to its environment. The introduction of behavior grading allows nodes to be less dependent on strict identity verification. This KMS was simulated with Monte Carlo and NS2 simulations and was shown to interoperate with IP Security (IPsec) to enable the establishment of IPsec SAs. The simulations have proven the effectiveness of the system in providing service to the nodes in a highly partitioned environment. / Ph. D.
|
180 |
IPSec Overhead in Wireline and Wireless Networks for Web and Email ApplicationsHadjichristofi, George Costa 11 January 2002 (has links)
This research focuses on developing a set of secure communication network testbeds and using them to measure the overhead of IP Security (IPSec) for email and web applications. The network testbeds are implemented using both wireline and wireless technologies. The testing involves a combination of authentication algorithms such as Hashed Message Authentication Code-Message Digest 5 (HMAC-MD5) and Hashed Message Authentication Code-Secure Hash Algorithm 1 (HMAC-SHA1), implemented through different authentication protocols such as ESP and AH, and used in conjunction with the Triple Digital Encryption Standard (3DES). The research examines the overhead using no encryption and no authentication, authentication and no encryption, and authentication and encryption. A variety of different sizes of compressed and uncompressed files, are considered when measuring the overhead.
The testbed realizes security using IPSec to secure the connection between different nodes. The email protocol that is used is the Simple Mail Transfer Protocol (SMTP) and the web protocol considered is the Hyper Text Transfer Protocol (HTTP). The key metrics considered are the network load in bytes, the number of packets, and the transfer time.
This research emphasizes the importance of using HTTP to access files than using SMTP. Use of HTTP requires fewer packets, lower network loads, and lower transfer times than SMTP. It is demonstrated that this difference, which occurs regardless of security, is magnified by the use of authentication and encryption. The results also indicate the value of using compressed files for file transfers. Compressed and uncompressed files require the same transfer time, network load and number of packets since FreeS/WAN IPSec does not carry any form of compression on the data before passing it to the data link layer. Both authentication algorithms, HMAC-MD5 and HMAC- SHA1, result in about the same network load and number of packets. However, HMAC-SHA1 results in a higher transfer time than HMAC-MD5 because of SHA1's higher computational requirements. ESP authentication and ESP encryption reduce the network load for small files only, compared to ESP encryption and AH authentication. ESP authentication could not be compared with AH authentication, since the FreeS/WAN IPSec implementation used in the study does not support ESP authentication without using encryption. In a wireless environment, using IPSec does not increase the network load and the number of transactions, when compared to a wireline environment. Also, the effect of security on transfer time is higher compared to a wireline environment, even though that increase is overshadowed by the high transfer time percentage increase due to the wireless medium. / Master of Science
|
Page generated in 0.0665 seconds