Global ETD Search

671	Snap: Robust Tool for Internet-wide Operating System Fingerprinting Nandwani, Ankur Bharatbhushan 2010 December 1900 (has links) Different approaches have been developed for TCP/IP fingerprinting, but none of these approaches is suited for Internet-wide fingerprinting. In this work, we develop approaches that rigorously tackle the issue of noise and packet loss while carrying out Internet-wide fingerprinting. We then carry out an Internet-wide scan to determine the distribution of different operating systems on the Internet. The results of our scan indicate that there are approximately 8.9 million publicly accessible web-servers on the Internet running Linux, while there are nearly 9.6 million web-servers with different embedded operating systems. Internet Operating System Fingerprinting TCP/IP Stack Security Network Security Scanning
672	Design and implementation of a multi-digital broadcasting standard channel decoder Chou, Hsiao-fang 18 August 2004 (has links) With the approach of the era of digital TV system around the world, how to grasp the design techniques of the receiver of the DVB-T has become a very important topic. The goal of this thesis is to pursue a highly optimized VLSI architecture compatible to the channel decoding standard of the DVB-T protocol. The channel decoding scheme adopted in DVB-T is based on the concatenated code; which is comprised of an inner Viterbi decoder, outer Reed-Solomon decoder and inner and outer de-interleaver modules. These modules all require a significant amount of data storage space, therefore the main feature of the proposed channel decoder architectures is to realize the data storage based on RAM instead of registers. This approach can lead to the reduction of silicon area and the dynamic power dissipation compared with the shift register based architecture. In order to achieve this, in the design of Viterbi module, the popular register-exchange and trace-back techniques used for the detection of the survivor path has been combined for the survivor memory management unit. As for the design of Reed-Solomon decoder, it is designed based on the modified inverse-free Berlekamp-Massey algorithm. A novel finite field constant multiplier architecture has been proposed which can reduce the required gate count of the multipliers by 20%. For outer convolutional deinterleaver, a specific address generator has been designed such that the data deinterleaver path can be merged and implemented as two memory blocks. For inner symbol deinterleaver, a lookahead technique has been applied to the design of address generator and deinterleaver memory has been reduced by a half compared with those in the literature. These four modules have been verified and integrated as robust channel decoder silicon IP. The related models used for IP integration and verification have also been provided. The prototyping on the FPGA has been tested to satisfy the requirement of the spec. FEC decoder IP DVB channel decoder DVB intellectual property Reed-Solomon Codes
673	The Research of Network Security in IP Traceback Tseng, Yu-kuo 29 September 2004 (has links) With the dramatic expansion of computers and communication networks, computer crimes, such as threatening letters, fraud, and theft of intellectual property have been growing at a dreadful rate. The increasing frequency of malicious computer attacks on government agencies and Internet businesses has caused severe economic waste and unique social threats. The problems of protecting data and information on computers and communication networks has become even more critical and challenging, since the widespread adoption of the Internet and the Web. Consequently, it is very urgent to design an integrated network-security architecture so as to make information safer, proactively or reactively defeat any network attack, make attackers accountable, and help the law enforcement system to collect the forensic evidences. Among a variety of attacks on computer servers or communication networks, a prevalent, famous, and serious network-security subject is known as "Denial of Service" (DoS) or "Distributed Denial of Service" (DDoS) attacks. According to an investigation on computer crime conducted by CSI/FBI in 2003, Internet DoS/DDoS have increased in frequency, severity, and sophistication, and have caught international attentions to the vulnerability of the Internet. DoS/DDoS attacks consume the resources of a remote host or network, thereby denying or degrading service to legitimate users. Such attacks are among the hardest security problems to address because they are simple to implement, difficult to prevent, and very difficult to trace. Therefore, this dissertation will firstly concentrate on how to resolve these troublesome DoS/DDoS problems. This is considered as the first step to overcome generic network security problems, and to achieve the final goal for accomplishing a total solution of network security. Instead of tolerating DoS/DDoS attacks by mitigating their effect, to trace back the attacking source for eliminating the attacker is an aggressive and better approach. However, it is difficult to find out the true attacking origin by utilizing the incorrect source IP address faked by the attacker. Accordingly, this dissertation will aim at conquering this representative network security problem, i.e. DoS/DDoS attacks, with IP traceback, and designing an optimal IP traceback. IP traceback ¡X the ability to trace IP packets to their origins¡Xis a significant step toward identifying, and thus stopping, attackers. A promising solution to the IP traceback is probabilistic packet marking (PPM). This traceback approach can be applied during or after an attack, and it does not require any additional network traffic, router storage, or packet size increase. Therefore, the IP traceback research on countering DoS/DDoS attacks will be based on PPM scheme. In this dissertation, three outstanding improvements among four PPM criteria¡Xthe convergency, the computational overhead, and the incomplete PPM deployment problem¡Xhas been achieved. PPM-NPC is proposed to improve the PPM convergency and computational overhead. With non-preemptively compensation, the probability of each marked packet arrived at the victim equals its original marking probability. Therefore, PPM-NPC will efficiently achieve the optimal convergent situation by simply utilizing a 2-byte integer counter. Another better scheme, CPPM, is also proposed, such that the marked packets can be fully compensated as well while they are remarked. With CPPM, the probability of each marked packet arrived at the victim will also equal its original marking probability. Consequently, CPPM will achieve the optimal convergent situation efficiently as well. Furthermore, RPPM-NPC is presented to advance the accuracy of a reconstructed path in an incomplete PPM deployment environment by correcting and recovering any discontinuous individual transparent router and any segment of consecutive double transparent routers. This scheme may also reduce the deployment overhead without requiring the participation of all routers on the attack path. Except for these improved criteria, PPM robustness, some weak assumptions in PPM, and a few unsolved problems for PPM, e.g. reflective DDoS attacks, will also be improved in the future. It is also interesting in combining other network security researches, such as IDS, system access control mechanism, etc., for constructing a more complete network security architecture. Therefore, this research hereby is done in order to completely resolve the troublesome flood-style DoS/DDoS problems, and as the basis for accomplishing a total solution of network security. IP traceback probabilitic packet marking denial of service attack computer network security
674	Prototype Development And Verification For An Ip Lookup Engine On Fpgas Performance Study Ozkaner, Akin 01 February 2012 (has links) (PDF) The increasing use of the internet demands more powerful routers with higher speed, less power consumption and less physical space occupation. IP lookup operation is one of the major concerns in today&rsquo / s routers for providing such attributes. To accomplish IP lookup on routers, hardware or software based solutions can be used. In this thesis, an SRAM based pipelined architecture proposed earlier for ASIC implementation is re-designed and implemented on an FPGA in the form of a BRAM based pipelined 8x8 torus architecture using Xilinx ISE and simulated and verified using Modelsim Simulator. Some necessary modifications and improvements for FPGA implementation are carried out. The results of our experiments, which are performed for a real router lookup table and a real time traffic load with various optimizations, are also presented. Our study and design effort demonstrates the feasibility of the FPGA implementation of the proposed technique, of course with a considerable performance penalty. IP lookup, FPGA, router
675	A Novel Scatternet Scheme with QoS Support and IP Compatibility Tan, Der-Hwa 03 August 2001 (has links) The bluetooth technology encompasses a simple low-cost, low-power, global radio system for integration into mobile devices to solve a simple problem: replace the cables used on mobile devices with radio frequency waves. Such devices can form a quick ad-hoc secure "piconet" and communicate among the connected devices. While WLANs had good ad-hoc networking capabilities, there was no clear market standard among them. Moreover, there were no global standards that can be integrated and implemented into small handheld devices. Some market analysts predict that there will be some 1.4 billion Bluetooth devices in operation by the year 2005 [1]. That is the reason we replace the cable from the "Network Adapter" with a low-cost RF link that we now call Bluetooth. However, the current specification1.1 [2][3] does not describe the algorithms or mechanisms to create a scatternet due to a variety of unsolved issues. Since the upper layers are not defined in Bluetooth, it is not possible to implement scatternet in current specification. Hence in this research, we need make some modifications to Bluetooth protocol in order to support the transmissions of packets in scatternet. In this paper we describe a novel scatternet architecture, and present link performance results of the proposed architecture. Scatternet Piconet Bluetooth IP Bluetooth Best Effort Weighted Best Effort. Control Master
676	A Route Optimization Method Using MMA (Middle Mobility Agent) for Mobile IP Wu, Chen-Chi 11 August 2003 (has links) Nowadays in mobile and wireless networks environment, Mobile IP is the preferred standard in supporting IP mobility among several standards. However, several problems still need to be solved. One of them is the triangle routing problem. Although drafts have been proposed by the IETF (Internet Engineering Task Force) for solving this problem, the proposed solution can not be achieved unless the draft of the Mobile IP route optimization method becomes a typical standard of the Mobile IP. In this paper, we present an extended routing agent architecture to solve this problem. The Middle Mobility Agent (MMA) in the proposed architecture can intercept datagrams earlier and determine to tunnel the incoming packet or not than the MH¡¦s original home agent. This architecture can solve the triangle routing problem by reducing packet¡¦s routing length. An analytical model and a simulation environment were set up to evaluate and measure the packet¡¦s routing length and delay time of proposed architecture. The evaluation and simulation results demonstrate that the proposed method can reduce the routing length, delay time and solve the triangle routing problem. triangle routing problem MMA middle mobility agent mobile ip route optimization
677	A Packet-Buffered Mobile IP with Fast Retransmission in Wireless LANs Lyu, Sian-Bin 19 August 2003 (has links) Today¡¦s mobile IP supports host mobility by dynamic changing IP addresses while the mobile host roaming in the Internet. However, There still exists performance problems during handoffs, such as packet loss, throughput degradation, and so on. In this Thesis, we propose a mechanism to reduce packet loss during handoff. The packet buffering mechanism at a home agent is initiated by mobile hosts when the signal-to-noise ratio of the wireless link falls below some predefined threshold. Once the handoff has completed, the home agent immediately delivers the first packet in the buffer to the mobile host. The home agent then clears the buffered packets already received by the mobile host through the returned ACK such that no further duplicate packets are sent out. In addition, we propose a route-selection policy to reduce end-to-end transmission delay by sending out probe packets along the paths. For the purpose of demonstration, we implement the mechanism on Linux platform. Through the measurements from the experiment, we have shown that the proposed mechanism can improve the throughput and solve the packet retransmission problem while handoffs. Linux Handoff Mobile IP Packet Loss Signal-to-Noise Ratio Throughput
678	En applikation som analyserar loggfiler genererade av en brandvägg / An application that analyzes logfiles that are Fondelius, Henric January 2006 (has links) <p>Målet med projektet var att skapa en applikation för Ericsson AB R&D som kan hjälpa till att analysera datatrafiken i deras nätverk (ECN). Det finns tre stycken accesspunkter till ECN som skyddas av brandväggar. Alla datauppkopplingar genom brandväggarna lagras dygnvis i loggar. Genom loggarna kan obehörig trafik upptäckas. Ett verktyg som analyserar brandväggsloggarna underlättar arbetet.</p><p>Resultatet av mitt examensarbete är en applikation som är skriven i Perl. Programmeringsspråket Perl valdes för dess effektiva texthantering. Programmet exekveras genom terminalen (Solaris) / kommandoraden (Windows). De två viktigaste funktionerna är Searchlog och Check. Searchlog hanterar sökning av IP-adresser och Check kontrollerar att det inte finns några säkerhetsöverträdelser i brandväggsloggarna. Funktionerna har konstruerats så att största vikt är lagd på exekveringstiden och korrekt utdata.</p><p>Slutsatsen av arbetet med brandväggsloggar är att det kräver testning för att få programmet att uppnå optimalt resultat. Perls reguljära uttryck var till stor hjälp i mitt arbete. De är bra vid behandling av stora mängder text. Minnesanvändningen kanske kan göras effektivare. Eftersom att exekveringstiden prioriterades kom det i andra hand.</p> / <p>The goal of this project was to construct an application that can analyze the traffic through the network (ECN) at Ericsson. There are three accesspoints to ECN protected by firewalls. The connections through the firewalls are logged daily. With the help from firewall logs unauthorized access can be found. A tool which analyzes the logs is therefore needed.</p><p>The program is made in the computer language Perl. Perl was chosen because of its superior text handling capabilities. The application is executed through the terminal/command line. The two most important functions are Searchlog and Check. Searchlog handles the IP-searching and the Check function searches for unauthorized connections in the firewall logs. Execution time and data integrity were the main goals that were strived for.</p><p>My conclusion is that working with firewall logs requires a lot of testing to achieve the best result. I realized that regular expressions is the easiest and most powerful tool to use when working with large amounts of text. Since the speed was prioritized and not memory usage there is room for memory improvement.</p> Computer engineering Datorteknik
679	Efficient content distribution in IPTV environments Galijasevic, Mirza, Liedgren, Carl January 2008 (has links) <p>Existing VoD solutions often rely on unicast to distribute content, which leads to a higher load on the VoD server as more nodes become interested in the content. In such case, P2P is an alternative way of distributing content since it makes better use of available resources in the network. In this report, several P2P structures are evaluated from an operators point of view. We believe BitTorrent is the most adequate protocol for a P2P solution in IPTV environments. Two BitTorrent clients have been implemented on an IP-STB as proof of concept to find out whether P2P is suited for IPTV environments. Several tests were conducted to evaluate the performance of both clients and to see if they were able to reach a sufficient throughput on the IP-STB. Based upon the tests and the overall impressions, we are convinced that this particular P2P protocol is well suited for IPTV environments. Hopefully, a client developed from scratch for the IP-STB will offer even greater characteristics.</p><p>Further, we have studied how to share recorded content among IP-STBs. Such a design would probably have many similarities to BitTorrent since a central node needs to keep track of content; the IP-STBs take care of the rest.</p><p>The report also brings up whether BitTorrent is suitable for streaming. We believe that the necessary changes required to obtain such functionality will disrupt the strengths of BitTorrent. Some alternative solutions are presented where BitTorrent has been extended with additional modules, such as a server.</p> IPTV IP-STB P2P MPEG BitTorrent Network coding Other information technology Övrig informationsteknik
680	Investigation and Integration of a Scalable Vector Graphics Engine on a Set-Top Box Johansson, Fredrik January 2008 (has links) <p>A set top box is an embedded device, much like a computer with limited capabilities. Its main purpose is to decode a video signal and output it to a TV. The set top box market is constantly growing and to be competitive in it, a set top box has to be able to do more than only TV. One way to make an attractive product is to give it an appealing user interface. This thesis is a part of a larger work at the company to find new ways to create graphical user interfaces. Its goal is to investigate what SVG implementations that exits, which one that is most suitable for an integration attempt and then perform the integration.</p><p>Several SVG engines were investigated and one provided by the company was selected for integration. Three ways to integrate the SVG engine were identified. One of these alternatives was to extend the callback interface be- tween the engine and the underlying platform. Because of the good fit with the current architecture this alternative was chosen and implemented. As a part of this investigation a demo application suite of SVG content was also constructed.</p><p>This investigation resulted in a working integration of the chosen SVG engine on the platform. It has also showed that SVG is a suitable language to build graphical user interfaces on set top boxes.</p> set-top box ip-stb IPTV SVG vector graphics Ecmasciprt graphical interfaces TECHNOLOGY TEKNIKVETENSKAP

Search results