Global ETD Search

71	Economical and Political Implications of DNSSEC Deployment Eldh, Axel Fant, Kirvesniemi, Mattias January 2010 (has links) This report provides a summary of the current deployment of Domain Name System (DNS) Security Extensions (DNSSEC) as well as a discussion of future deployments and deployment rates. It analyses the problems that have occurred and considers those that may arise. This thesis focuses mainly on economical and political perspectives, rather than the technical perspective used in most reports regarding this subject. There were four areas that needed to be examined: the technical basis for DNSSEC, the deployment process, the current level of DNSSEC deployment, and the opinions regarding this subject. The information about the deployment process was obtained mainly through articles, but also through reports from organizations such as the Internet Corporation for Assigned Names and Numbers (ICANN) and the Electronic Privacy Information Centre. To acquire up to date data on DNSSEC deployment, SecSpider was used to research the level of deployment as of 2010-05-06. The search was restricted to the generic Top Level Domains (gTLDs) and country code TLDs (ccTLDs) of the top 20 countries in terms of Internet usage as well as the OECD countries. This restriction was made to narrow down the scope to the TLDs where DNSSEC would have the greatest impact. The “Top 20” comprises 77.27 % of the world’s Internet users, hence it is where DNSSEC deployment would affect the most people. The OECD is in this thesis considered a sufficient ly large selection to represent themost technologically advanced and economically powerful countries in the world regardless of size. Major powers such as China, India, and Russia while not included in the OECD are represented in the “Top 20” due to their size. Our results show that some major TLDs have implemented DNSSEC and that the rate of deployment has increased in the last few years. However, the level of DNSSEC deployment in the TLDs is still rather low; 15.00 % in the gTLDs and ccTLDs of the Top 20 countries in Internet usage, and 20.00 % in the OECD’s ccTLDs. Deployment in the root is ongoing during spring 2010, this could have a great impact on the rate of deployment as deployment in a gTLD or ccTLD is highly dependent on deployment high up in the hierarchy due to the nature of DNSSEC. It is unlikely that corporations would implement DNSSEC without a potential return on investment (ROI) and management control measures from governments might be required to increase deployment pace at the lower levels of the DNS hierarchy. / Denna rapport innehåller en sammanfattning av den nuvarande spridningen av Domain Name System (DNS) Security Extensions (DNSSEC) och även en diskussion om framtida spridning och spridningstakt. Den analyserar problemen som uppstått och avväger de som kan uppstå. Rapporten fokuserar mer på de ekonomiska och politiska perspektiven, snarare än det tekniska som använts i de flesta rapporter inom området. Det var fyra områden som behövde undersökas: den tekniska basen, spridningsprocessen, nuvarande spridningsnivåer av DNSSEC samt åsikter kring området (om inte DNSSEC adopteras av faktiska användare kommer dess effekt att bli minimal). Informationen angående spridningsprocessen anskaffades huvudsakligen genom artiklar, men även från rapporten utgivet av organisationer likt the Internet Corporation for Assigned Names and Numbers (ICANN) och the Electronic Privacy Information Centre. För att erhålla färsk information på spridningen av DNSSEC undersökte vi spridningsnivån 2010-05-06 med SecSpider. Vi avgränsade vår undersökning till generic Top Level Domains (gTLDs) och country code TLDs (ccTLDs) från de 20 främsta länderna i Internetanvändande samt OECD-länderna. Denna avgränsning gjordes för att fokusera på de TLDs där spridning av DNSSEC skulle ge störst påverkan. ”Topp 20” innehåller 77.27 % av världens Internetanvändare och det är här spridning av DNSSEC skulle nå flest användare. OECD anses i denna rapport vara ett tillräckligt urval för att representera de mest teknologiskt avancerade och ekonomiskt mäktiga ländrena oavsett storlek. Betydande makter såsom Kina, Indien och Ryssland som inte ingår i OECD är inkluderade i ”Topp 20” tack vare sin storlek. Resultaten visar att några betydande TLDs har implementerat DNSSEC och att spridningstakten har ökat de senaste åren. Dock är spridningsnivån i TLDs fortfarande ganska låg; 15.00 % i gTLDs och ccTLDs i ”Topp 20”, och 20.00 % i OECDs ccTLDs. Implementering i rooten pågår under våren 2010, något som skulle kunna ha stor påverkan på spridningstakten eftersom den är starkt beroende av spridning högt upp i hierarkin på grund av DNSSECs natur. Det är osannolikt att företag skulle implementera DNSSEC utan möjlig avkastning på investerat kapital och ekonomiska styrmedel från regeringar kan behövas för att öka spridningstakten på de lägre nivåerna. IPv6 Multicast Proxying Tunneling Routing Communication Systems Kommunikationssystem
72	IPv6 multicast home proxy Kullberg, Elis, Junnila, Hannes January 2010 (has links) The Internet is becoming increasingly fragmented, leading to a more heterogeneous end-user experience depending on the user's network location (i.e., point of attachment to the network). This is a consequence of several ongoing changes of the Internet. Different regions of the world are in different phases of their rollout of IPv6, making intercommunication increasingly challenging. Copyright legislation has caught up with ICT technology, but differences in licensing agreements may very from nation to nation which often hinders content being accessed beyond borders. Finally, several high-profile government attempts have been made to enforce stringent censorship of data. Therefore, we believe that a demand exists for simple consumer-oriented technologies for proxying and tunneling data between separate regions of the Internet. Furthermore, we believe that this demand will increase dramatically during the coming years. A key success factor for this next generation of proxies will be the ability to handle multicast IPv6 packets, as these packets represent the most probable distribution method for IPTV in the future. This thesis examines the challenges presented by IPv6 multicast-routing in the context of constructing a proxy. It also presents a best-practice solution to the problem of designing, implementing, and utilizing such a proxy. The thesis also contains a review of current IPv6 multicast routing technology. Several implementations are benchmarked against each other, with the goal of building a prototype for a consumer-oriented IPv6 multicast proxy. The prototype is presented and was tested. These tests demonstrate the functionality of the prototype proxy and reveal areas where the prototype could be improved. Finally a possible capitalization strategy is suggested. / Internet utvecklas mot att bli mer fragmenterat. Detta leder till en heterogen användarupplevelse beroende på uppkopplingspunkt. Utvecklingen är en konsekvens av flera pågående trender. Världens olika regioner ligger i ofas i utbyggnaden av IPv6 vilket medför nya tekniska utmaningar. Samtidigt har upphovsrättslagstiftningen hunnit ikapp teknikutvecklingen, så att länder med olika licensieringsmodeller inte kan dela innehåll. Slutligen försöker flera länder aktivt censurera datatrafik. Som konsekvens av detta ökar behovet för enkla konsumentorienterade metoder för att knyta ihop olika delar av Internet, så att åtkomst till data garanteras oavsett uppkopplingspunkt. Därmed förutspår vi att efterfrågan på produkter baserade på sofistikerad tunnelteknik kommer öka under de kommande åren. Denna rapport undersöker de utmaningar IPv6 multicast routing medför i samband med byggandet av en IPv6 multicast proxy. Rapporten presenterar en grundlig teoretisk genomgång av tekniken bakom IPv6 multicast routing. Vidare föreslås ett optimalt tillvägagångssätt för att designa, bygga och använda en sådan proxy. Flera existerande tekniker för multicast forwarding utvärderas och jämförs. Utifrån utvärderingen byggdes tre implementeringar av en IPv6 multicast proxy. Därefter analyseras dessa, tillsammans med förslag för fortsatta studier. Slutligen presenteras en möjlig kapitaliseringsstrategi för tekniken. IPv6 Multicast Proxying Tunneling Routing Communication Systems Kommunikationssystem
73	IPv6 Home Automation Hådén, Thor January 2009 (has links) Home automation is the systematic controlling and monitoring of everyday home devices such as lighting, heating, window blinds and appliances (both white goods and home electronics). This report describes how to control and monitor home appliances over IPv6 by using existing home automation hardware and an Internet connected gateway. There are many commercial home automation systems available. However, these are often proprietary and/or designed for limited use. This project seeks to pave the way for IP-enabling home appliances, making such devices part of the Internet. Therefore, these devices can individually be controlled both from within the home and remotely. Internet enabling each of these devices eliminates the need for special Internet connected control units, simplifying home automation and hopefully giving yet another incentive to deploy IPv6 on a larger scale. The practical goal of this project has been to create a virtual, but practically usable, IPv6 home automation system. This has been done using existing simple home automation hardware tied to a gateway relaying uniquely addressed IPv6 command messages to the appropriate device. This gateway's only function will be to translate IPv6 commands to whatever interface the device being controlled is using (this includes translating to and from the appropriate link and physical layers). Using this platform, new applications can be created by enabling the devices to interact without relying on a central control node. The report also describes the basic design ideas of a computer connected interface to also relay information from the home automation system to the Internet. / Hemautomation handlar om att styra och övervaka vanliga funktioner i hemmet såsom belysning, värme, persienner samt apparater såsom vitvaror och hemelektronik. Denna rapport beskriver hur man kan styra och övervaka sådana apparater över IPv6 genom att använda existerande hemautomationssystem och en internetansluten gateway. Det finns många tillgängliga hemautomationssystem men dessa är ofta tillverkarspecifika och/eller bara designade för väldigt specifika syften. Syftet med detta projekt är att bana väg för att få apparater i hemmet att kommunicera via IP och göra dem internetanslutna. På så sätt kan apparaterna styras både inom hemmet men även från andra platser. Genom att göra varje apparat internetansluten krävs ingen central internetansluten styrenhet, vilket skulle göra hemautomation enklare och bidra med ytterligare en bra anledning att implementera IPv6 på större skala. Målet för detta projekt har varit att skapa en virtuell, användbar prototyp av ett hemautomationssystem för IPv6. Detta har gjorts genom att använda existerande hårdvara för hemautomation och en PCbaserad gateway som översätter kontrollkommandon från IPv6 till det hemautomationssystem som används. Detta innebär att överföra data mellan olika länk- och fysiska lager. Genom att använda denna plattform kan man skapa nya applikationer där apparaterna kommunicerar mellan varandra utan att förlita sig på en central styrenhet. Denna rapport beskriver också grunderna för hur ett datorgränssnitt kan överföra information från anslutna apparater i hemmet till Internet. IPv6 home automation wireless gateway Communication Systems Kommunikationssystem
74	IMS Interworking Kalaglarski, Boris Iv., Di Geronimo, Emilio January 2007 (has links) The goal of this project was to analyze the IP Multimedia Subsystem (IMS) with respect to the interworking functionality between two or more IMS domains belonging to different operators. The thesis presents an overview of IMS, its purpose, the circumstances and the environment in which it has evolved, and a look into some of the challenges that lie ahead. Through careful examination of the history of the mobile communications and of IMS itself, the thesis attempts to give the reader a full and comprehendible understanding of what IMS is, what its purpose is, and why it came into existence. The thesis considers the different models of IMS interworking, as they are currently envisioned by the standardisation bodies and the telecom industry. This analysis aims to identify some of the problematic aspects of the IMS Interworking and to suggest concrete areas for further investigation, which will contribute to the future successful IMS development and deployment. The report looks into such aspects of IMS interworking as the DNS, different models for ENUM DNS resolution; security issues and technical challenges of security with respect to the network as a whole and some of the IMS network elements in particular, such as the DNS. This thesis also presents the findings of the authors, regarding the challenges of interworking between networks built to support different versions of the IP protocol. The thesis focuses on the areas of interest, mentioned above, as these have been identified as being of particular significance in connection with the further development of the IMS architecture. / Målet med denna uppsats var att analysera IP Multimedia Subsystem (IMS) med fokus på samverkan mellan två eller flera IMS domäner som tillhör olika operatörer. Examensjobbet beskriver en övergripande bild av IMS, dess målsättning, förhållanderna och miljön som den har utvecklats i och några utav utmaningarna som ligger framöver. Uppsatsen försöker med hjälp av bakgrundsfakta om mobiltelefonins historia ge läsarna förståelse om vad IMS är, syftet med det och varför det existerar. Uppsatsen beskriver olika samverkningsmodeller av IMS som grundar sig i modeller från de olika standardiseringsorganen samt från telecomindustrin. Målet med denna analys är att identifiera några problemaspekter samt presentera konkreta områden att fortsätta arbeta på gällande IMS och dess gällande samverkan mellan olika operatörer. Detta kan bidra till fortsatt framgång med utvecklingen samt utspridningen av IMS. Uppsatsen tar upp samverkningsproblem med IMS så som DNS, olika uppslagsmetoder av ENUM DNS, säkerhetsfrågor och säkerhetstekniska utmaningar med fokus på nätverket samt några IMS nätverkselement som DNS:en. Uppsatsen lägger också fram författarnas slutsatser gällande samverkan av de olika nätverken med olika versioner av IP protokollet. Examensjobbet fokuserar på de olika områderna som är ovan nämnda, då de har blivit identiferade med speciell betydelse för att kunna fortsätta att framgångsrikt utveckla IMS arkitekturen. IMS Interworking 3G DNS Security IPv6 Communication Systems Kommunikationssystem
75	Procesní jednotka pro analýzu a editaci síťového provozu v FPGA / Processing Unit for Analysis and Modification of Network Traffic Pazdera, Jan Unknown Date (has links) This paper deals with the design and implementation of the Processing Unit for Analysis and Modification of Network Traffic. The proposed unit is intended to analyse an incoming network traffic and perform packet header editations to provide the proper packet delivery. The designed architecture has the following characteristics. It is based on the stream processor concept which allows to process independent stream elements (i.e. packets) in parallel. Multiply stream clients can be used to process the same stream data concurrently. The stream clients can be driven either autonomously or by program. The packets are processed according to the incoming metadata and transmited to the output. The Processing Unit has been implemented in VHDL language. The target technology is Field Programmable Gate Array (FPGA).
76	A Bandwidth Estimation Method for IP Version 6 Networks Crocker, Marshall 09 December 2006 (has links) Efficiently and accurately estimating bandwidths in packet networks is a problem that has intrigued researchers for years. There is no simple manner for estimating bandwidths in IPv4 networks that is accurate, efficient, flexible, and suitable for a variety of applications. Many of the available estimation techniques suffer from inherent flaws such as inaccuracy due to simple assumptions about the network or an overall high complexity that makes it inappropriate in all but a few highly specific situations. The next generation Internet Protocol, IP version 6, has the functionality necessary to implement feedback mechanisms to assist in accurate bandwidth estimations. This thesis proposes a timestamp hop-by-hop option for IPv6 and then applies this option to create a new bandwidth estimation technique. Instead of passive observations, the network infrastructure actively assists in bandwidth measurements resulting in a bandwidth estimation technique that is accurate, efficient, flexible, and suitable for many different applications and scenarios. Both analytical and simulation analysis show that the IPv6 bandwidth estimation technique outperforms a comparable IPv4 estimation method. IPv6 extension header available bandwidth bottleneck bandwidth timestamp
77	Achieving Security and Privacy in the Internet Protocol Version 6 Through the Use of Dynamically Obscured Addresses Dunlop, Matthew William 24 April 2012 (has links) Society's increased use of network applications, such as email, social networking, and web browsing, creates a massive amount of information floating around in cyber space. An attacker can collect this information to build a profile of where people go, what their interests are, and even what they are saying to each other. For certain government and corporate entities, the exposure of this information could risk national security or loss of capital. This work identifies vulnerabilities in the way the Internet Protocol version 6 (IPv6) forms addresses. These vulnerabilities provide attackers with the ability to track a node's physical location, correlate network traffic with specific users, and even launch attacks against users' systems. A Moving Target IPv6 Defense (MT6D) that rotates through dynamically obscured network addresses while maintaining existing connections was developed to prevent these addressing vulnerabilities.MT6D is resistant to the IPv6 addressing vulnerabilities since addresses are not tied to host identities and continuously change. MT6D leverages the immense address space of IPv6 to provide an environment that is infeasible to search efficiently. Address obscuration in MT6D occurs throughout ongoing sessions to provide continued anonymity, confidentiality, and security to communicating hosts. Rotating addresses mid-session prevents an attacker from determining that the same two hosts are communicating. The dynamic addresses also force an attacker to repeatedly reacquire the target node before he or she can launch a successful attack. A proof of concept was developed that demonstrates the feasibility of MT6D and its ability to seamlessly bind new IPv6 addresses. Also demonstrated is MT6D's ability to rotate addresses mid-session without dropping or renegotiating sessions.This work makes three contributions to the state-of-the-art IPv6 research. First, it fully explores the security vulnerabilities associated with IPv6 address formation and demonstrates them on a production IPv6 network. Second, it provides a method for dynamically rotating network addresses that defeats these vulnerabilities. Finally, a functioning prototype is presented that proves how network addresses can be dynamically rotated without losing established network connections. If IPv6 is to be globally deployed, it must not provide additional attack vectors that expose user information. / Ph. D. Dynamic Addressing Security Privacy Moving Target Defense IPv6
78	Improving the Security, Privacy, and Anonymity of a Client-Server Network through the Application of a Moving Target Defense Morrell, Christopher Frank 03 May 2016 (has links) The amount of data that is shared on the Internet is growing at an alarming rate. Current estimates state that approximately 2.5 exabytes of data were generated every day in 2012. This rate is only growing as people continue to increase their on-line presence. As the amount of data grows, so too do the number of people who are attempting to gain access to the data. Attackers try many methods to gain access to information, including a number of attacks that occur at the network layer. A network-based moving target defense is a technique that obfuscates the location of a machine on the Internet by arbitrarily changing its IP address periodically. MT6D is one of these techniques that leverages the size of the IPv6 address space to make it statistically impossible for an attacker to find a specific target machine. MT6D was designed with a number of limitations that include manually generated static configurations and support for only peer to peer networks. This work presents extensions to MT6D that provide dynamically generated configurations, a secure and dynamic means of exchanging configurations, and with these new features, an ability to function as a server supporting a large number of clients. This work makes three primary contributions to the field of network-based moving target defense systems. First, it provides a means to exchange arbitrary information in a way that provides network anonymity, authentication, and security. Second, it demonstrates a technique that gives MT6D the capability to exchange configuration information by only sharing public keys. Finally, it introduces a session establishment protocol that clients can use to establish concurrent connections with an MT6D server. / Ph. D. IPv6 Security Privacy Moving Target Defense Client Server Network
79	Strengthening MT6D Defenses with Darknet and Honeypot capabilities Basam, Dileep Kumar 09 December 2015 (has links) With the ever increasing adoption of IPv6, there has been a growing concern for security and privacy of IPv6 networks. Mechanisms like the Moving Target IPv6 Defense (MT6D) leverage the immense address space available with the new 128-bit addressing scheme to improve security and privacy of IPv6 networks. MT6D allows participating hosts to hop onto new addresses, that are cryptographically computed, without any disruption to ongoing conversations. However, there is no feedback mechanism in the current MT6D implementation to substantiate the core strength of the scheme i.e., to find an attacker attempting to discover and target any MT6D addresses. This thesis proposes a method to monitor the intruder activity targeting the relinquished addresses to extract information for reinforcing the defenses of the MT6D scheme. Our solution identifies and acquires IPv6 addresses that are being discarded by MT6D hosts on a local network, in addition to monitoring and visualizing the incoming traffic on these addresses. This is essentially equivalent to forming a darknet out of the discarded MT6D addresses. The solution's architecture also includes an ability to deploy a virtual (LXC-based) honeypot on-demand, based on any interesting traffic pattern observed on a discarded address. With this solution in place, we can become cognizant of an attacker trailing an MT6D-host along the address changes, as well as understanding the composition of attack traffic hitting the discarded MT6D addresses. With the honeypot deployment capabilities, the solution can take the conversation forward with the attacker to collect more information on attacker methods and delay further tracking attempts. The solution architecture also allows an MT6D host to query the solution database for network activity on its relinquished addresses as a JavaScript Object Notation (JSON) object. This feature allows the MT6D host to identify any suspicious activity on its discarded addresses and strengthen the MT6D scheme parameters accordingly. We have built a proof-of-concept for the proposed solution and analyzed the solution's feasibility and scalability. / Master of Science Moving Target Defense MT6D Darknet Honeypot Dionaea IPv6
80	Micro-Moving Target IPv6 Defense for 6LoWPAN and the Internet of Things Sherburne, Matthew Gilbert 07 May 2015 (has links) The Internet of Things (IoT) is composed of billions of sensors and actuators that have varying tasks aimed at making industry, healthcare, and home life more efficient. These sensors and actuators are mainly low-powered and resource-constrained embedded devices with little room for implementing IP security in addition to their main function. With the fact that more of these devices are using IPv6 addressing, we seek to adapt a moving-target defense measure called Moving Target IPv6 Defense for use with embedded devices in order to add an additional layer of security. This adaptation, which we call Micro-Moving Target IPv6 Defense, operates within IPv6 over Low power Wireless Personal Area Networks (6LoWPAN) which is used in IEEE 802.15.4 wireless networks in order to establish IPv6 communications. The purpose of this defense is to obfuscate the communications between a sensor and a server in order to thwart a potential attacker from performing eavesdropping, denial-of-service, or man-in-the-middle attacks. We present our work in establishing this security mechanism and analyze the required control overhead on the wireless network. / Master of Science Internet of Things IPv6 Security 6LoWPAN Moving Target Defense

Search results