Global ETD Search

511	Rede ZigBee gerenciada por sistema de monitoramento remoto utilizando TCP/IP e GPRS / ZigBee network managed by remote monitoring system using TCP/IP e GPRS Zucato, Fábio Labegalini 18 December 2009 (has links) Este trabalho propõe a integração de técnicas de sensoriamento dinâmico, redes de dados sem fio e internet. A implementação dos nós da rede visa permitir o monitoramento de objetos que se movem tanto numa rede interna, limitada a uma edificação, quanto numa rede externa, através de coordenadas GPSs (Global Position Systems). A rede sem fio, que utiliza o protocolo ZigBee, é composta por sensores, atuadores e lâmpadas e é dotada de mobilidade através de controles remotos1. A rede ZigBee é integrada, através de um gateway, a uma rede TCP/IP para permitir o monitoramento e a atuação remota sobre ela, via um servidor HTTP e/ou uma rede de dados celular (GPRS), que, quando fora do alcance dos nós da rede ZigBee interna, torna-se responsável pelo envio de coordenadas GPS na rede externa, garantindo a onipresença do monitoramento. Além das adaptações na pilha TCP/IP e o desenvolvimento de um software que utiliza a rede GPRS para envio de coordenadas GPS, destacam-se, como contribuições originais desta tese: (i) a solução de problemas da pilha ZigBee original no tocante a endereçamento, que impossibilitava a mobilidade na rede - desta forma, uma nova técnica de endereçamento seqüencial foi implementada com sucesso; (ii) novo código que simulou o AES (Advanced Encryption Standard), tanto para encriptação quanto para desencriptação dos dados. Testes para validação dos protótipos desenvolvidos são apresentados / This MSc Thesis proposes the integration of dynamic sensing techniques, wireless data network and Internet. The implementation of network nodes aims to allow monitoring of moving objects, either inside an internal network, limited to one area, or in an external network, through GPS\'s (Global Position Systems). The wireless network, which uses the ZigBee protocol, is composed of sensors, actuators and lamps, and is endowed with mobility through remote controls. Thus, it is integrated, through a gateway, to a TCP / IP network to allow remote monitoring and acting on it via an HTTP server and / or a mobile data network (GPRS), responsible for sending the GPS coordinates on the external network, ensuring the ubiquity of monitoring. Further to adaptations in the TCP/IP stack and the development of a software that uses GPRS protocol to send GPS coordinates, the main contributions of this work are: (i) proposal of a new addressing technique, based on a sequential numbering of nodes, instead of the standard one, thus solving problems related to mobility in the network; (ii) proposal of a new security code to emulate AES (Advanced Encryption Standard), either for data encryption or decryption. Tests for validation of the developed prototypes will be presented Banco de dados Criptografia cryptography database GPRS GPRS GPS GPS HTTP servers Redes sem fio Servidores HTTP TCP/IP TCP/IP wireless network ZigBee ZigBee
512	User controlled trust and security level of Web real-time communications / Niveau de confiance et de sécurité des communications Web temps-réel contrôlé par l'utilisateur Corre, Kevin 31 May 2018 (has links) Dans cette thèse, je propose trois contributions principales : dans notre première contribution, nous étudions l'architecture d'identité WebRTC et plus particulièrement son intégration aux algorithmes de délégation d'authentification existants. Cette intégration n'a pas encore été étudiée jusqu'à présent. Dans cette perspective, nous implémentons les composants de l'architecture d'identité WebRTC ce qui nous permet de montrer que cette architecture n'est pas particulièrement adaptée à une intégration aux protocoles de délégation d'authentification existants tels qu'OpenID Connect. Pour répondre à RQ1, nous montrons ensuite comment la position centrale des fournisseurs d'identité dans l'écosystème du Web est renforcée par leur intégration à l'établissement de session WebRTC, posant ainsi un risque supplémentaire contre la discrétion des utilisateurs. Dans l'écosystème Web, la norme est l'architecture des services en silo dont les utilisateurs sont captifs. C'est en particulier le cas des systèmes de délégation d'authentification, pour lesquels la plupart du temps, il n'est pas possible de choisir son fournisseur d'identité. Afin de répondre à RQ3, nous réalisons une étude afin de déterminer pour quelles raisons les utilisateurs ne peuvent pas choisir leur fournisseur d'identité sur Web. Notre étude montre que bien que ce choix soit possible en théorie, l'absence d'implémentation de certains standards par les sites webs et les fournisseurs d'identité empêche ce choix en pratique. Dans notre seconde contribution, nous cherchons à donner plus de contrôle à l'utilisateur. Pour ce faire et en réponse à RQ2, nous proposons une extension de la spécification WebRTC afin de permettre la négociation des paramètres d'identité. Un prototype d'implémentation est proposé afin de valider notre proposition. Cette implémentation révèle certaines limites dues à l'API d'identité WebRTC empêchant notamment d'obtenir un retour sur le niveau d'authentification de l'autre utilisateur ainsi que l'impossibilité de changer de fournisseur d'identité en cours de session. Nous proposons ensuite une API Web permettant aux utilisateurs de choisir leur fournisseur d'identité lors d'une authentification sur un site tiers via une interface de sélection d'identité contrôlée par le navigateur. Répondant à RQ3, notre API repose sur une réutilisation de l'architecture d'identité WebRTC dans un scénario client-serveur. Nous présentons une implémentation de notre solution, basée sur une extension du navigateur Firefox, afin d'en démontrer l'utilisabilité. Nos résultats montrent qu'à long terme, l'adoption de cette API pourrait réduire la charge d'implémentation pour les développeurs de sites Web et permettre aux utilisateurs de préserver leur discrétion en choisissant des fournisseurs d'identité de confiance. / In this thesis, we propose three main contributions : In our first contribution we study the WebRTC identity architecture and more particularly its integration with existing authentication delegation protocols. This integration has not been studied yet. To fill this gap, we implement components of the WebRTC identity architecture and comment on the issues encountered in the process. In order to answer RQ1, we then study this specification from a privacy perspective an identify new privacy considerations related to the central position of identity provider. In the Web, the norm is the silo architecture of which users are captive. This is even more true of authentication delegation systems where most of the time it is not possible to freely choose an identity provider. In order to answer RQ3, we conduct a survey on the top 500 websites according to Alexa.com to identify the reasons why can't users choose their identity provider. Our results show that while the choice of an identity provider is possible in theory, the lack of implementation of existing standards by websites and identity providers prevent users to make this choice. In our second contribution, we aim at giving more control to users. To this end and in order to answer RQ2, we extend the WebRTC specification to allow identity parameters negotiation. We present a prototype implementation of our proposition to validate it. It reveals some limits due to the WebRTC API, in particular preventing to get feedback on the other peer's authentication strength. We then propose a web API allowing users to choose their identity provider in order to authenticate on a third-party website, answering RQ2. Our API reuse components of the WebRTC identity architecture in a client-server authentication scenario. Again, we validate our proposition by presenting a prototype implementation of our API based on a Firefox extension. Finally, in our third contribution, we look back on RQ1 and propose a trust and security model of a WebRTC session. Our proposed model integrates in a single metric the security parameters used in the session establishment, the encryption parameters for the media streams, and trust in actors of the communication setup as defined by the user. Our model objective is to help non-expert users to better understand the security of their WebRTC session. To validate our approach, we conduct a preliminary study on the comprehension of our model by non-expert users. This study is based on a web survey offering users to interact with a dynamic implementation of our model. Web Voix sur IP Sécurité Informatique JavaScript Preuve électronique Droit à la vie privée Authentification WebRTC Web Voice over IP Computer Security JavaScript Assertion Privacy Authentication WebRTC
513	Sessões de comunicações tolerantes a rupturas: uma camada de Socket para aplicações cientes de mobilidade na Internet / Disruption-tolerant sessions: a socket layer for mobility-aware applications on the internet Kimura, Bruno Yuji Lino 16 October 2012 (has links) Com a heterogeneidade de tecnologias de comunicação sem fio presentes na borda de redes de acesso, serviços providos na Internet podem ser acessados de forma quasi ubíqua através de dispositivos móveis ou portáteis. O acesso a esses serviços, contudo, está associado a atrasos e rupturas frequentes na comunicação devido a razões inerentes à mobilidade do dispositivo, como: i) perda de sinal em locais onde há pouca ou nenhuma cobertura de acesso móvel; ii) erros no quadro de dados durante a transmissão e, consequentemente, perdas de pacotes, que podem ser ocasionados por interferência no sinal ou enfraquecimento deste pelo distanciamento do dispositivo em relação à Estação Base; iii) mudanças de endereços IP durante transmissões em andamento causadas pela migração do dispositivo entre diferentes redes. Como consequência, aplicações falham com a ruptura de comunicações orientadas a conexão. Tratar a mobilidade de forma transparente à aplicação é um dos desafios da Computação Móvel e Ubíqua que vem sendo pesquisado ao longo da última década. Soluções foram propostas para operarem desde a Camada de Enlace à Aplicação. Muitas delas, entretanto, exigem modificações na pilha de protocolos TCP/IP e adição de infraestrutura específica de rede no suporte à comunicação fim-a-fim. Além de elevar o custo das etapas de implantação e manutenção, estratégias intrusivas e dependentes de infraestrutura adicional podem não apresentar desempenho satisfatório. Nesse contexto, propomos tratar a mobilidade no nível da própria aplicação através de Sessões de Comunicação que não falham com atrasos e desconexões. Operando somente nos nós-fim e de modo transparente às Camadas adjacentes de Aplicação e Transporte, as sessões não requerem infraestrutura adicional para intermediar ou controlar a comunicação entre pares, tampouco modificações em protocolos legados da pilha TCP/IP. O conceito de Sessões Tolerantes a Rupturas é implementado através de uma API de propósito geral em sistemas Linux que estende a interface de Sockets. A API é, na prática, uma camada transparente sobre o Socket que provê Ciência de Mobilidade à aplicação através de mecanismos para: acompanhar a localização de nós ao longo da duração de uma sessão; detectar rupturas nas transmissões causadas pela mobilidade do nó ou de seu par remoto; suspender e retomar sessões de forma eficiente, segura e confiável. Experimentos conduzidos em ambientes emulados e reais com equipamentos de uso comercial mostram a eficiência das sessões. Além de introduzir baixa degradação na vazão fim-a-fim, rupturas na transmissão podem ser detectadas em microssegundos e sessões suspensas são reabertas em milissegundos. Com um desempenho superior a solução de mobilidade geral da Camada IP, as sessões não necessitam de adaptações de software em equipamentos de rede / Nowadays services available on the Internet can be accessed from mobile devices while they roam across heterogeneous wireless networks. Due to the inherent reasons of device mobility, however, the access to such services is frequently involved with delay and disruptions. The most common reasons are: i) losing radio signal at places where mobile access coverage area is not available; ii) frame error, losses, and fading on the radio signal when the mobile device moves away from the Base Station; iii) changes on the devices IP address over ongoing transmission, while the mobile node migrates among different wireless networks. As result, networked application fails with disruptions on TCP connections established in the mobile users path. Handling seamlessly mobility on the Internet is a technical challenge of the Mobile Computing Paradigm. It has been widely researched over the last decade. Several solutions have been proposed to work from the Link Layer to the Application Layer. Most of them, however, work intrusively and require modifications in the classical TCP/IP protocol stack, as well as rely on additional network infrastructure to support mobile end-to-end communication. Besides increasing the cost of deployment and maintenance, intrusive and infrastructure dependent strategies may not present suitable performance. In this sense, we devised an architecture to handle mobility at the Application level by means of communication sessions that do not fail with delay, disruption or disconnection. Such sessions work only at the end-systems in a such way that: are fully transparent to the adjacent layers of Transport and Application; do not require additional network infrastructure to forward and manage the communication between two mobile peers; and do not impose any modification on the legacy protocols from the TCP/IP stack. The concept of Disruption-Tolerant Sessions is implemented in Linux by means of a general purpose API extended from the Socket interface. Such API is a transparent layer placed on top of the Socket to provide mobility awareness to the Application Layer. To do so, session services are provided for: tracking mobile peers along the session duration; detecting disruptions over TCP connection caused by mobility of the local or remote peer; suspending and resuming sessions with efficiency, security and reliability. Experiments conducted in emulated and real systems (off-the-shelf hardware and open source software) showed the desired efficiency. Besides introducing little overhead on the goodput, disruptions are detected in a range of microseconds and suspended sessions are resumed in milliseconds. With performance greater than the general IP layer mobility solution, the proposed sessions do not require software adaptation in the core of the network infrastructure API de Sockets Aplicações cientes de mobilidade Computação móvel Delay/Disruptions tolerant sessions Gerenciamento de mobilidade IP IP mobility management Mobile computing Mobility-aware applications Sessões tolerantes a atrasos e rupturas Sockets API
514	Métodos geofísicos aplicados na avaliação ambiental em uma indústria química na cidade de São Paulo - SP / Geophysical Methods applied in the Environmental Evaluation of a Chemical Industry in the city of São Paulo SP Minozzo, Marina 11 September 2009 (has links) O uso cada vez maior de derivados de petróleo em processos industriais proporciona a geração de uma diversidade de produtos cada vez mais utilizados pela sociedade atual. As conseqüências negativas do uso e manipulação de hidrocarbonetos é a geração de resíduos e efluentes altamente poluidores. Atualmente, a utilização integrada de técnicas geofísicas podem se constituir em uma ferramenta eficiente na avaliação e caracterização de problemas ambientais. De uma forma geral a utilização da geofísica na caracterização de uma área afetada por substâncias poluentes consiste na detecção e mapeamento da extensão da área afetada e informações sobre a profundidade da zona saturada, direção do fluxo subterrâneo e profundidade do substrato rochoso inalterado. O objetivo principal deste trabalho foi a caracterização geofísica de uma área contaminada por hidrocarbonetos derivados de petróleo, por meio da utilização dos métodos: Eletroresistividade, Polarização Induzida e Eletromagnético Indutivo. Esta caracterização foi realizada através de ensaios de campo e do uso de modelos bidimensionais, tendo como área de estudo uma indústria química localizada no município de São Paulo SP. Esta área foi escolhida com base em estudos precedentes que indicam a ocorrência de contaminação. Os resultados dos modelos de resistividade, cargabilidade e condutividade aparente sugerem a presença de contaminação e seu caminho preferencial, que segue o sentido do fluxo da água subterrânea. Três tipos de anomalias puderam ser individualizadas: a primeira, de baixa resistividade e baixa cargabilidade, que sugerem contaminação mais antiga e a relação com os processos de biodegradação, confirmada através das análises de bactérias; a segunda, de baixa resistividade e alta cargabilidade, geradas pela presença de materiais polarizáveis (metais); e a terceira, as anomalias de alta resistividade e baixa cargabilidade, geradas pela presença do contaminante bruto (sedimento impregnado por tinta), que confirma a contaminação mais recente onde não ocorre processo de biodegradação. / The increasing usage of petroleum derivatives in industrial processes provides a generation of products which are being increasingly used by the contemporary society. The negative consequence from the use and manipulation of hydrocarbons is the generation of residues and highly pollutant effluents. Nowadays, the integrated usage of geophysical techniques can become an efficient tool in the evaluation and characterization of environmental problems. In general, the usage of geophysical in the characterization of an area affected by pollutant substances consists in mapping and detecting the extension of the affected area and inform about the saturated zone deep, the underground flux direction and the deep of the unaltered rocky substrate. The main objective of this research was the geophysical characterization of contaminated area by hydrocarbons derived from petroleum, by the usage of the following methods: Electrical resistivity, Inducted Polarization, and Inductive Electromagnetic. This characterization was carried out through field rehearsals and the usage of two-dimensional models in a chemical industry as study area, placed in the city of São Paulo SP. This area was chosen as the basis in precedent studies which has indicated the event of contamination. The results from the resistivity, chargeability and apparent conductivity models, suggest the presence of contamination and its favorable way, which follows the underground water flux. Three kinds of anomalies could be individualized: first, low resistivity and low chargeability, which suggest older contamination and the relation with the biodegradation processes, confirmed thought the bacterial analysis; second, low resistivity and high chargeability, generated by the presence of polarizable materials (metals); and third, the high resistivity anomalies and low chargeability, generated by the presence of the raw contaminant (paint impregnated sediment), which confirms the most recent pollution where the biodegradation process does not occur. biodegradação biodegradation compostos orgânicos. contaminação contamination Electrical Resistivity Electromagnetic Inductive (EM-34) Eletromagnético Indutivo (EM-34) Eletroresistividade Inducted Polarization (IP) organic composes Polarização Induzida (IP)
515	Estratégias de transição de IPv4 para IPv6 : Criação de um projecto piloto IPv6 na FEUPnet Vieira, Tito Carlos Soares January 2000 (has links) Dissertação apresentada para obtenção do grau de Mestre em Engenharia Electrotécnica e de Computadores (Área de especialização de Informática Industrial), na Faculdade de Engenharia da Universidade do Porto, sob a orientação do Professor Doutor José António Ruela Simões Fernandes Informática industrial Protocolos de comunicação TCP/IP - Protocolo de comunicações Arquitectura TCP/IP Internet Endereçamento IPv4 - protocolo de comunicações IPv6 - protocolo de comunicações
516	影響企業採用整合通訊系統之因素探討 / A study on the factors affecting the implementation of unified communications in an enterprise 陳秋正 Unknown Date (has links) 隨著資訊通訊技術的快速發展，Internet已成為全世界最重要的資料乘載工具，以IP為基礎的多媒體通訊架構，逐漸取代傳統電話的溝通模式，成為企業快速佈署與協同運作的最佳選擇。透過整合通訊系統（Unified Communications, UC）的導入，企業可以將網路電話、視訊會議、電子郵件、即時通訊與行動裝置等通訊系統整合在同一個平台上，以大幅提升企業協同運能力，並有效的提升企業運作效率。現今企業內部充斥著各種溝通工具，從傳統的電話、傳真到Internet興起後的MSN與Skype，這些工具廣泛的運用在商務運行中，其目的皆為了增加溝通效率並節省溝通成本，但這些雜亂無章的溝通方式若未能有效整合，將衍生許多資訊安全與系統相容性問題。 UC的觀念已在許多國際大型企業中獲得驗證，而台灣這個充滿創造力的科技島，在資通訊運用的腳步必須與世界接軌，妥善運用自身優勢，以確保在這波國際化浪潮中，持續保持競爭優勢。本研究經由個案訪談大型銀行業、電子製造業與顧問服務業，以科技接受模型為架構，分別探討個人、組織、技術、任務與環境等五大構面所組成的外部變數，對於UC系統採用之有用與易用認知影響，找出影響企業採用整合通訊系統的相關因素，以做為未來企業在採用整合通訊系統時之參考。關鍵字：Unified Communications，UC，IP Phone，整合通訊系統，TAM，科技接受模型，VoIP，網路電話 / Along with the fast development of the information technology technique, combined with the adoption of Internet that made the Internet the most important transmission tool for communications, the IP-based multi-media communication framework has gradually replacing the traditional fixed-line telephone systems and has become the optimum option for the enterprises for their business establishments and their organizational synchronization. By applying the Unified Communications (UC), enterprises are able to integrate their IP Telephony, Video Conference, e-mail, Instant Message and Mobile Communication devices into the same platform; as a result, the systematic integration has greatly advanced the level of synchronization and improved the efficiency of the business operation. The multiple communication equipment being used such as the traditional telephone, fax, MSN and Skype are for the purposes of enhancing the efficiency of communication and reduce costs. However, the information security and compatibility amongst different systems may become problematic if the integration is not being carefully organized. The adoption of UC was proven to be a success by many international enterprises that has integrated it into their business practices. Therefore, Taiwan, with its good reputation of an island of technology and one who is renowned with its creativity, should keep up to speed with the world in adopting the prevalent information technology. We should keep maintaining our competitive advantage that we have developed over the years. This Study was conducted through interviews with large bank, electronic product manufacturer and consulting services company. The research was based on the TAM framework to analyze the five aspects of the external variables namely, individual, organization, technique, mission and environment. In addition, this Study intends to seek a result that will provide an enterprise a future reference about the factors that can influence in making a decision on the feasibility and applicability of adopting the Unified Communications. Key Words: Unified Communications, UC, IP Phone, TAM（Technology Acceptance Model）, VoIP（Voice over Internet Protocol）, IP Telephony 整合通訊系統科技接受模型網路電話 Unified Communications UC IP Phone TAM Technology Acceptance Model VoIP IP Telephony
517	Integrated Security by using MPLS-VPN for Retail-Banking Network : Case study Mehr bank, Iran H.Daryani, Sara, Taslimi, Pouria January 2010 (has links) <p>The studied application area is a private bank with different branches located in different provinces around the country. There was not integrated security solution to provide communication among different branches. Some of these branches could communicate through the satellite and the others could communicate through a different technology, such as asynchronous transfer mode (ATM).</p><p>Different bank security policies were applied and maintained for different branches separately. In addition, the number of branches is expected to grow during coming year in each province.</p><p>The old topology was partial mesh and it could not support enough redundancy in case of disruption. If a connection between two branches failed, other branches might lose their connectivity as well. In addition, it could not achieve optimum routing.</p><p>Providing integrated quality of service (QoS) for the wide area network (WAN) by using different technologies is not easy to achieve, and it causes so many problems for the system. The bank uses a variety of protocols for different applications, depending on its demand, so the new applied technology should not depend on protocols, or at least should support different protocols at a same time. In the old technology, the bank was responsible for granting availability and connectivity maintenance. Providing proper bandwidth is an important aspect in the bank scenario and for the old technology; supplying enough bandwidth was costly.</p><p>As mentioned above, the old applied technology was dependent upon different protocols. Therefore, packets in different open system interconnection layers (OSI layers) would have to check thoroughly to find the source/ destination address, data and so on, to reach the correct destination. This might cause security problems for entire system. In addition, processing packet in each layer of the OSI model is time consuming.</p><p>One important aspect for the retail-banking scenario is considering all features of the security domain, such as security policy, information security, physical security, access level control, integrated security for the system and so on. Some features of the security domain in this project were not covering completely, such as integrated information security, merged security policy, and integrated physical security for the system.</p><p>In this project, all mentioned problems are solved by implementing a specific communication technology which can overcome the problems above. This technology supports multiple protocols, and it provides fast and secure communication. It can also cover redundancy and it does not cost as much as previous technologies like ATM and satellite. Easy provisioning is one feature of this technology. In this technology, the service provider is responsible for granting availability and connectivity maintenance.</p><p>The mentioned features of the security domain, which were not covered by the old technology, will be covered by a proper, integrated security solution. The IP-based physical security systems provide centralized monitoring and they can define a merged security policy for all different branches around the country. Specific, pre-defined scenarios are created for different events in different situations.</p> MPLS Security Integrated IP base IP enable Physical security Bank Computer and systems science Data- och systemvetenskap Information technology Informationsteknologi Computer engineering Datorteknik Computer science Datavetenskap
518	Modeling TCP/IP software implementation performance and its application for software routers Lepe Aldama, Oscar Iván 03 December 2002 (has links) Existen numerosos trabajos que estudian o tratan la realización software de los protocolos de comunicaciones para el acceso a la Internet-TCP/IP. Sin embargo, no conocemos ninguno que modele de forma general y precisa la ejecución de este software.La presente tesis aporta una caracterización detallada de la ejecución de la realización software de los mencionados protocolos sobre un computador personal y bajo un sistema operativo UNIX. Esta caracterización muestra cómo varía el rendimiento del sistema en función de la velocidad de operación de la CPU, las características del subsistema de memoria, el tamaño de los paquetes y otras variables de importancia para la remisión, autenticación y cifrado de paquetes IP.En otros trabajos se proponen adecuaciones o extensiones a la realización software de los mencionados protocolos que permiten que un software router provea de comunicaciones con diversos niveles asegurados de calidad mediante el uso de mecanismos de planificación para la unidad central de procesamiento. Sin embargo, en dichos trabajos no se contempla la planificación del uso del bus de entrada/salida. Los resultados derivados de nuestro modelo demuestran que, para sistemas que usan CPUs con frecuencias de reloj superiores a 1 GHz, la planificación conjunta de la CPU y el bus de entrada salida es indispensable para la provisión de comunicaciones con diversos niveles asegurados de calidad. Dichas frecuencias de reloj son comunes en los sistemas comerciales actuales, por lo que consideramos que es un problema de gran interés. En la tesis proponemos un mecanismo que consigue garantías de utilización del bus de entrada/salida mediante la modificación de los drivers de los interfaces de red. / Three are the main contributions of this work. In no particular order:" A detailed performance study of the software implementation of the TCP/IP protocols suite, when executed as part of the kernel of a BSD operating system over generic PC hardware." A validated queuing network model of the studied system, solved by computer simulation." An I/O bus utilization guard mechanism for improving the performance of software routers supporting QoS mechanisms and built upon PC hardware and software.This document presents our experiences building a performance model of a PC-based software router. The resulting model is an open multiclass priority network of queues that we solved by simulation. While the model is not particularly novel from the system modeling point of view, in our opinion, it is an interesting result to show that such a model can estimate, with high accuracy, not just average performance-numbers but the complete probability distribution function of packet latency, allowing performance analysis at several levels of detail. The validity and accuracy of the multiclass model has been established by contrasting its packet latency predictions in both, time and probability spaces. Moreover, we introduced into the validation analysis the predictions of a router's single queue model. We did this for quantitatively assessing the advantages of the more complex multiclass model with respect to the simpler and widely used but not so accurate, as here shown, single queue model, under the considered scenario that the router's CPU is the system bottleneck and not the communications links. The single queue model was also solved by simulation.Besides, this document addresses the problem of resource sharing in PC-based software routers supporting QoS mechanisms. Others have put forward solutions that are focused on suitably distributing the workload of the CPU-see this chapter's section on "related work". However, the increase in CPU speed in relation to that of the I/O bus-as here shown-means attention must be paid to the effect the limitations imposed by this bus on the system's overall performance. We propose a mechanism that jointly controls both I/O bus and CPU operation. This mechanism involves changes to the operating system kernel code and assumes the existence of certain network interface card's functions, although it does not require changes to the PC hardware. A performance study is shown that provides insight into the problem and helps to evaluate both the effectiveness of our approach, and several software router design trade-offs. evaluación de sistemas informàticos arquitectura del software de red modelado de sistemas informáticos sistema operativo free BSD TCP/IP conmutador software de paquetes IP 3304. Tecnologia dels ordinadors 004
519	DNSSEC en säkerhetsförbättring av DNS : en studie om Svenska kommuners syn på DNSSEC Telling, Henric, Gunnarsson, Anders January 2010 (has links) Syftet med uppsatsen är att undersöka varför få svenska kommunerna valt att installera DNSSEC på sina domäner. DNS är en av de viktigaste protokollen på Internet och behövs för att sammanlänka IP-adresser med mer lättförståeliga adresser för oss människor. DNS skapades utan att tänka på säkerheten, för att kunna göra DNS säkrare utvecklades ett säkerhetstillägg till DNS detta fick namnet DNSSEC.Vi har använt oss av litteraturstudie, experiment och intervjuer för att skapa en djupare kunskap och förståelse om hur DNS och DNSSEC fungerar samt besvara varför få kommuner har valt att installera DNSSEC.Under vår litteraturstudie läste vi om flera sårbarheter i DNS och hur dessa kan utnyttjas för att utsätta en organisation för attacker såsom cacheförgiftning och MITM. Vi testade dessa sårbarheter och bekräftade det. Efter installationen av DNSSEC kunde inte angreppen längre genomföras i vår testmiljö.Under intervjuerna kom vi fram till att den vanligaste orsaken att kommuner inte väljer att installera DNSSEC är okunskap om tillvägagångsättet för en installation och att de tycker deras nuvarande DNS fungerar bra, det blir då ingen prioriterad fråga. Kommunerna som installerat DNSSEC är nöjda med sin installation och bara en kommun har upplevt problem vid införandet.För att vi ska kunna fortsätta utveckla Internet är en kontroll av säkerheten en nödvändighet och då är DNSSEC en vägvisare. Kommunerna borde föregå med gott exempel och vara bland de första som inför DNSSEC så besökarna till deras hemsidor kan känna sig säkra att informationen på deras sidor är korrekt. / The purpose of this paper is to investigate why few Swedish municipalities have chosen to install DNSSEC on their domains. DNS is one of the most important protocols on the Internet and used to link IP-addresses to understandable addresses for users. DNS was created without thinking about security, to make DNS more secure a security extension was developed to DNS, named DNSSEC.We have used literature review, experiments and interviews to create a deeper knowledge and understanding about DNS and DNSSEC, how it works and why few municipalities have chosen to install DNSSEC.In the literature we read about several vulnerabilities in DNS and it can easily be exposed to attacks such as cache poisoning and MITM. We tested these vulnerabilities and confirmed them. After installation of DNSSEC we could not expose our implemented DNS anymore in our test environment.During the interviews, we concluded that the most common reason why municipalities do not choose to install DNSSEC is ignorance of an installation and they think that their current DNS works well and it does not become a priority. The municipalities that have installed DNSSEC are satisfied with its installation and only one municipality has experienced difficulties during the implementation.In order for us to continue developing the Internet a control of security is a necessity and DNSSEC is a good example. Local authorities should lead by good example and be among the first to implement DNSSEC, so users of their websites can be assured that the information on their pages is accurate. DNS DNSSEC IP Security Cache MITM Internet .SE ARP Intrusion Windows Server DoS. DNS DNSSEC IP Säkerhet Cache MITM Internet .SE ARP Intrång Windows Server DoS.
520	Load balancing solution and evaluation of F5 content switch equipment Ahmed, Toqeer January 2006 (has links) The Thesis focused on hardware based Load balancing solution of web traffic through a load balancer F5 content switch. In this project, the implemented scenario for distributing HTTPtraffic load is based on different CPU usages (processing speed) of multiple member servers.Two widely used load balancing algorithms Round Robin (RR) and Ratio model (weighted Round Robin) are implemented through F5 load balancer. For evaluating the performance of F5 content switch, some experimental tests has been taken on implemented scenarios using RR and Ratio model load balancing algorithms. The performance is examined in terms of throughput (bits/sec) and Response time of member servers in a load balancing pool. From these experiments we have observed that Ratio Model load balancing algorithm is most suitable in the environment of load balancing servers with different CPU usages as it allows assigning the weight according to CPU usage both in static and dynamic load balancing of servers. IP Network Load Balancing F5 content Switch HTTP traffic BIG-IP load balancing algorithm layer7 switching Simulation model Response time Throughput

Search results