Compromis performance/sécurité des passerelles très haut débit pour Internet.

Jacquin, Ludovic

20 November 2013

Dans cette thèse nous abordons le problème de la conception de passerelle IPsec très haut débit pour la sécurisation des communications entre réseaux locaux. Pour cela, nous proposons deux architectures : une passerelle purement logicielle sur un unique serveur, dite intégrée, et une passerelle utilisant plusieurs serveurs et un module matériel cryptographique, dite en rupture. La première partie de nos travaux étudie l'aspect performance des deux architectures proposées. Nous commençons par montrer qu'un serveur générique est limité par sa puissance de calcul pour atteindre l'objectif de chiffrement et communication à 10 Gb/s. De plus, les nouvelles cartes graphiques, bien que prometteuses en terme de puissance, ne sont pas adaptées au problème du chiffrement de paquets réseau (à cause de leur faible taille). Nous mettons alors en place une pile réseau répartie sur plusieurs machines et procédons à sa parallélisation dans le cadre de l'architecture en rupture. Dans un second temps, nous analysons l'intégration d'une passerelle dans un réseau, notamment l'interaction du protocole de contrôle ICMP avec IPsec. ICMP est particulièrement important pour atteindre le haut débit par son implication dans le mécanisme d'optimisation de la taille des paquets. Pour cela, nous avons développé IBTrack, un logiciel d'étude du comportement des routeurs, par rapport à ICMP, le long d'un chemin. Nous montrons ensuite qu'ICMP est un vecteur d'attaque contre IPsec en exploitant un défaut fondamental des normes IP et IPsec : le surcoût des paquets IP créé par le mode tunnel entre en conflit avec le minimum de la taille maximale prévue par IP.

performance

sécurité

IPsec

ICMP

Impact Of Transmission Patterns On One-Way Delay In 3G Networks Of Sweden

Krishna, Vamsi, Dasari, Praveen

January 2012

Over the last few years, there has been a signifi cant rise in the mobile broadband users worldwide. Recently, operators around the world have been improving the 3G networks by providing Dual Carrier-High Speed Packet Access+ (DC-HSPA+) services in both uplink and downlink to the users. However, the delay performance of the operational DC-HSPA+ networks is not focused. Firstly, we investigate and analyze the e ffect of operator service on One-Way Delay (OWD) and Jitter. Secondly, we investigate the treatment of protocols by 3G network for random packet sizes and random Inter Packet Duration (IPD). Thirdly, we investigate the eff ect of background load on OWD for packets generated at very low rate. Fourthly, we investigate the impact of constant IPD and streaming. Fifthly, we investigate the effects of shrinking the interval of IPD on OWD in 3G networks. Lastly, we investigate the OWD for Constant-Bit-Rate (CBR) and Variable-Bit-Rate (VBR) transmission patterns. Firstly, results show that OWD in the DC-HSPA+ networks is lower compared to the OWD in the preceding HSUPA networks and OWD strongly depends on packet-size at lower rates. Secondly, the 3G networks treat User Datagram Protocol (UDP), Transmission Control Protocol (TCP) and Internet Control Message Protocol (ICMP) protocols similarly for random packet size and random IPD. Thirdly, at high rates OWD depends on E-TFCE-DCH Transport Format Combination (ETFC) grants. Thirdly, the results also indicate that background load has a signi ficant impact on the end-to-end OWD. Fourthly, for low rates, OWD depends on packet sizes and for high rates OWD depends on IPD and for higher rates, OWD depends on E-TFC grants. Fifthly, we also observe: Shrinking the interval of IPD does not necessarily improve the OWD performance. Lastly, results also indicate that the VBR pattern has a better OWD performance than the CBR pattern for low transmission rates.

Downlink

DC-HSPA+

E-TFCI

HSPA

ICMP

Mobile broadband

One-way Delay

TCP

UDP

Uplink

3G

Computer Sciences

Datavetenskap (datalogi)

Telecommunications

Telekommunikation

Elektroteknik och elektronik

Implementace ethernetového komunikačního rozhraní do obvodu FPGA / Implementation of ethernet communication inteface into FPGA chip

Skibik, Petr

January 2011

The thesis deals with the implementation of Ethernet-based network communication interface into FPGA chip. VHDL programming language is used for description of the hardware. The interface includes the implementation of link-layer Ethernet protocol and network protocols such as IPv4, ARP, ICMP and UDP. The final design allows bi-directional communication on the transport-layer level of TCP/IP model. The designed interface was implemented into Virtex5 FPGA chip on development board ML506 by Xilinx.

Soubor laboratorních úloh k demonstraci počítačových útoků / Collection of laboratory works for demonstration of computer attacks

Plašil, Matouš

January 2015

Diploma thesis describes published attacks on computers and computer networks. Principles of footprinting such as availability check, OS detection, port scanning were described. Next part explains attacks on confidentiality, integrity and availability. In the practical part were created four laboratory tasks and a virtual environment which allowed testing of ARP spoofing, DNS spoofing, SSL strip, Cross-site scripting, SQL injection, flooding attacks (TCP, ICMP, UDP), TCP reset and attack on operating system using backdoor with Metasploit framework. In practical part were also created video samples with attacks and documentation for teachers.

Entwicklung des Kommunikationsteilsystems für ein objektorientiertes, verteiltes Betriebssystem

09 November 1998

Thema dieser Arbeit ist die Entwicklung eines Kommunikationsteilsystems fuer das Experimentiersystem CHEOPS zur Ermoeglichung einer Interobjektkommunika- tion zwischen Objekten auf dem gleichen bzw. verschiedenen Systemen. Ausgangspunkte stellen dabei eine verfuegbare Implementation eines Ethernet- Treibers der Kartenfamilie WD80x3 fuer MS-DOS, eine geforderte Kommunikations- moeglichkeit mit UNIX-Prozessen sowie die dort benutzbaren Protokoll-Familien dar. Die Arbeit beschaeftigt sich mit der Analyse und Konzipierung des Ethernet- Treibers sowie der Internet-Protokoll-Familie fuer CHEOPS als auch deren Implementation resultierend in einem minimalen Grundsystem. Weiterhin wird ein erster Entwurf fuer ein spaeter weiterzuentwickelndes bzw. zu vervoll- staendigendes Netz-Interface vorgeschlagen und durch eine Beispiel-Implemen- tierung belegt.

info:eu-repo/classification/ddc/004

ddc:004

ARP;

Address Resolution Protocol;

CHEOPS;

Ethernet Device;

Ethernet Treiber;

Ethernet;

ICMP;

IP-Defragmentier-Algorithmus;

IP-Routing-Algorithmus;

IP;

IPv4;

Internet Control Message Protocol;

Internet Protocol Version 4;

Internet Protocol;

Internet Protokoll;

Interobjektkommunikation;

Loopback Device;

Loopback Treiber;

Loopback;

Massage basiertes Internet Protokoll;

Message basierte Kommunikation;

Message;

Multi-Threaded ARP;

Multi-Threaded Ethernet Treiber;

Multi-Threaded ICMP;

Multi-Threaded IP;

Multi-Threaded Loopback Treiber;

Multi-Threaded UDP;

OOP;

Objektorientierte Programmierung;

Objektorientierter Ethernet Treiber;

Objektorientierter Loopback Treiber;

Objektorientiertes ARP;

Objektorientiertes ICMP;

Objektorientiertes IP;

Objektorientiertes Netzwerk-Interface;

Objektorientiertes UDP;

UDP;

User Datagram Protocol;

multithreaded ARP;

multithreaded ICMP;

multithreaded IP;

multithreaded UDP;

multithreaded ethernet device driver;

multithreaded loopback device driver;

Detekce síťových útoků pomocí nástroje Tshark / Detection of Network Attacks Using Tshark

Dudek, Jindřich

January 2018

This diploma thesis deals with the design and implementation of a tool for network attack detection from a captured network communication. It utilises the tshark packet analyser, the meaning of which is to convert the input file with the captured communications to the PDML format. The objective of this conversion being, increasing the flexibility of input data processing. When designing the tool, emphasis has been placed on the ability to expand it to detect new network attacks and on integrating these additions with ease. For this reason, the thesis also includes the design of a complex declarative descriptions for network attacks in the YAML serialization format. This allows us to specify the key properties of the network attacks and the conditions for their detection. The resulting tool acts as an interpreter of proposed declarative descriptions allowing it to be expanded with new types of attacks.

Systém pro řízení intenzity osvětlení / Intelligent lightning system

Harman, Ján

January 2011

The aim of my master’s thesis is a system for control of the light intensity. It is electronic equipment which controls the intensity of the light circuits based on settings and input signals. This equipment could work on single-phase systems or multiphase systems. The equipment is controlled by the signal DMX-512 which is a standard for the control of lighting technologies. The set up of this equipment is based on a personal computer or in a limited form by a small connected display.

Anonymní pohyb v síti internet / Anonymous communication on the internet

Hořejš, Jan

January 2014

The objective of this master’s thesis was to describe current capabilities of anonymous browsing over the Internet. The theoretical part focuses on three main methods of anonymization with main focus on Tor network. The master‘s thesis describes advantages and disadvantages of different solutions and possible attacks on them. In the next part is demonstrated Tor network, implementation of Hidden service and secured access to the server for clients and possible attacks against this proposal. The work also includes the results of measurements of all three anonymizers and the effects on their speed.