Misuse Patterns for the SSL/TLS Protocol

Unknown Date

The SSL/TLS is the main protocol used to provide secure data connection between a client and a server. The main concern of using this protocol is to avoid the secure connection from being breached. Computer systems and their applications are becoming more complex and keeping these secure connections between all the connected components is a challenge. To avoid any new security flaws and protocol connections weaknesses, the SSL/TLS protocol is always releasing newer versions after discovering security bugs and vulnerabilities in any of its previous version. We have described some of the common security flaws in the SSL/TLS protocol by identifying them in the literature and then by analyzing the activities from each of their use cases to find any possible threats. These threats are realized in the form of misuse cases to understand how an attack happens from the point of the attacker. This approach implies the development of some security patterns which will be added as a reference for designing secure systems using the SSL/TLS protocol. We finally evaluate its security level by using misuse patterns and considering the threat coverage of the models. / Includes bibliography. / Dissertation (Ph.D.)--Florida Atlantic University, 2017. / FAU Electronic Theses and Dissertations Collection

Computer networks--Security measures.

Computer network protocols.

Computer software--Development.

Computer architecture.

Markov modulated CSMA protocols with backoff scheduling algorithms. / CUHK electronic theses & dissertations collection

January 2011

Furthermore, we show that geometric retransmission algorithm is intrinsically unstable for large population sizes. On the other hand, exponential backoff algorithm is more robust and scalable. Even for infinity population sizes, the stable throughput and bounded delay region still exists under certain conditions. / In the light of the concern, we propose a queueing model of the general CSMA protocol with probability-based backoff scheduling algorithm. The input buffer of each node is modeled as a Geo/G/1 queue, in which the service time distribution of each individual head-of-line (HOL) packet can be described by a Markov chain. By means of this queueing model, we can obtain the characteristic equation of throughput, the packet queueing delay as well as the stable conditions with admissible input traffic. We also specify stable throughput and bounded delay regions with respect to the retransmission factor and input rate. / Last but not least, the proposed queueing model can be systematically generalized to investigate various types of MAC protocols, such as ALOHA, CSMA protocols, IEEE 802.11 protocols. Specifically, we illustrate the methodology by full analyses of the non-persistent CSMA and 1-persistent CSMA protocols in this thesis. / Medium Access Control (MAC) protocols have been continuously updated to keep up with the emerging new services and QoS requirements. Despite of the rapid changes of MAC protocols, a comprehensive performance analysis of any MAC protocol remains an open issue for over several decades. / Most of existing analysis of MAC protocols focused on the network throughput and packet access delay under the assumption that the network is saturated which is not realistic. We know very little about the stability of MAC protocol under the normal network operation for lack of a systematic model that can be adaptively applied to various MAC protocols with different service requirements and backoff scheduling algorithms. / Other than the probability-based backoff algorithm, this thesis also includes the study of window-based backoff algorithm. It is shown that the probability-based and window-based backoff algorithms are equivalent to each other. Moreover, we find that the characteristic equation of network throughput is invariant to backoff scheduling algorithms. / Wong, Pui King. / Adviser: Tony T. Lee. / Source: Dissertation Abstracts International, Volume: 73-06, Section: B, page: . / Thesis (Ph.D.)--Chinese University of Hong Kong, 2011. / Includes bibliographical references (leaves 125-133). / Electronic reproduction. Hong Kong : Chinese University of Hong Kong, [2012] System requirements: Adobe Acrobat Reader. Available via World Wide Web. / Electronic reproduction. [Ann Arbor, MI] : ProQuest Information and Learning, [201-] System requirements: Adobe Acrobat Reader. Available via World Wide Web. / Abstract also in Chinese.

Computer scheduling--Mathematical models

Pipeline rings and integrated services rings.

January 1989

Wong, Po-Choi. / Summary in Chinese. / Thesis (Ph.D.)--Chinese University of Hong Kong, 1989. / Bibliography: leaves 156-164.

Ring networks (Computer networks)

Computer network protocols

Integrated services digital networks

Real-time multicast with scalable reliability.

January 1998

by Patrick C.K. Wu. / Thesis (M.Phil.)--Chinese University of Hong Kong, 1998. / Includes bibliographical references (leaves 57-[59]). / Abstract also in Chinese. / Chapter 1 --- Introduction --- p.1 / Chapter 1.1 --- Research Objectives --- p.2 / Chapter 1.2 --- Organization of the Thesis --- p.2 / Chapter 2 --- Background --- p.4 / Chapter 2.1 --- Reliable Multicasting --- p.4 / Chapter 2.2 --- Related Work --- p.5 / Chapter 2.2.1 --- RMTP --- p.5 / Chapter 2.2.2 --- RMP --- p.6 / Chapter 2.2.3 --- RAMP --- p.7 / Chapter 2.3 --- Multicast with Scalable Reliability (MSR) --- p.8 / Chapter 3 --- Traffic Shaping in MSR --- p.10 / Chapter 3.1 --- Single Queue System --- p.11 / Chapter 3.2 --- Scaling factor α --- p.12 / Chapter 4 --- Retransmission Scheme in MSR --- p.15 / Chapter 4.1 --- Packet Loss Detection and Requests for Retransmission at the Receivers --- p.17 / Chapter 4.2 --- Retransmission at the Sender --- p.19 / Chapter 4.3 --- Dynamic Adjustment of Retransmission Timeout Value --- p.22 / Chapter 4.4 --- Scaling Reliability using Transmit-Display Window --- p.29 / Chapter 5 --- NACK Implosion Prevention --- p.31 / Chapter 5.1 --- Electing a Representative Receiver --- p.32 / Chapter 5.2 --- Determining T --- p.33 / Chapter 5.3 --- Determining β --- p.34 / Chapter 6 --- Performance Study of MSR --- p.38 / Chapter 6.1 --- Performance Study of MSR in Simple Network Topologies --- p.39 / Chapter 6.2 --- Star Topology --- p.40 / Chapter 6.3 --- Tree Topology --- p.44 / Chapter 6.4 --- Exploring the use of MSR Gateway --- p.47 / Chapter 7 --- Conclusion and Future Work --- p.50 / Chapter 7.1 --- Future Work --- p.50 / Chapter 7.2 --- Conclusions --- p.51 / Chapter A --- MSR Packet Formats --- p.52 / Chapter A.1 --- MSR Fixed Header --- p.52 / Chapter A.2 --- MSR Audio Data Header --- p.54 / Chapter A.3 --- MSR NACK Packets --- p.55 / Bibliography --- p.57

Multicasting (Computer networks)

Computer networks--Reliability

Computer network protocols

Real-time data processing

An end-to-end adaptation algorithm for best effort video delivery over Internet.

January 1998

by Walter Chi-Woon Fung. / Thesis (M.Phil.)--Chinese University of Hong Kong, 1998. / Includes bibliographical references (leaves 64-[67]). / Abstract also in Chinese. / Chapter 1 --- Introduction --- p.1 / Chapter 1.1 --- Background --- p.1 / Chapter 1.2 --- Limitation of Existing Research --- p.3 / Chapter 1.3 --- Contributions of This Thesis --- p.3 / Chapter 1.4 --- Organization of the Thesis --- p.4 / Chapter 2 --- Related Work --- p.5 / Chapter 2.1 --- Ongoing Efforts For The Support of Real Time Applications on the Internet - RTP --- p.5 / Chapter 2.2 --- Using the Algorithm on top of RTP --- p.7 / Chapter 3 --- An Adaptive Video Retrieval Algorithm --- p.9 / Chapter 3.1 --- Lossless Environment --- p.9 / Chapter 3.1.1 --- Adapting the Request Rate to the Available Bandwidth --- p.12 / Chapter 3.2 --- Lossy Environment --- p.17 / Chapter 3.2.1 --- Adapting Ar in Lossy Environment --- p.20 / Chapter 3.3 --- Adjusting the Window Size --- p.24 / Chapter 3.4 --- Measurement Issues --- p.27 / Chapter 3.5 --- Mapping between Data Rate and Frame Rate --- p.28 / Chapter 4 --- Rate Measurement --- p.30 / Chapter 4.1 --- Arrival Rate Estimation --- p.30 / Chapter 4.2 --- Loss Rate Estimation --- p.32 / Chapter 5 --- Frame Skipping and Stuffing --- p.37 / Chapter 5.1 --- MPEG-1 Video Stream Basics --- p.37 / Chapter 5.2 --- Frame Skipping --- p.38 / Chapter 5.3 --- Frame Stuffing In Lossy Environment --- p.40 / Chapter 6 --- Experiment Result and Analysis --- p.43 / Chapter 6.1 --- Experiment --- p.43 / Chapter 6.2 --- Analysis --- p.54 / Chapter 6.2.1 --- Interacting With Streams With No Rate Control --- p.56 / Chapter 6.2.2 --- Multiple Streams Running The Algorithm --- p.58 / Chapter 6.2.3 --- Calculation of p --- p.59 / Chapter 7 --- Conclusions --- p.61 / Bibliography --- p.64

Image transmission

Real-time data processing

Computer network protocols

Computer algorithms

Selective Flooding for Better QoS Routing

Kannan, Gangadharan

10 May 2000

Quality-of-service (QoS) requirements for the timely delivery of real-time multimedia raise new challenges for the networking world. A key component of QoS is QoS routing which allows the selection of network routes with sufficient resources for requested QoS parameters. Several techniques have been proposed in the literature to compute QoS routes, most of which require dynamic update of link-state information across the Internet. Given the growing size of the Internet, it is becoming increasingly difficult to gather up-to-date state information in a dynamic environment. We propose a new technique to compute QoS routes on the Internet in a fast and efficient manner without any need for dynamic updates. Our method, known as Selective Flooding, checks the state of the links on a set of pre-computed routes from the source to the destination in parallel and based on this information computes the best route and then reserves resources. We implemented Selective Flooding on a QoS routing simulator and evaluated the performance of Selective Flooding compared to source routing for a variety of network parameters. We find Selective Flooding consistently outperforms source routing in terms of call-blocking rate and outperforms source routing in terms of network overhead for some network conditions. The contributions of this thesis include the design of a new QoS routing algorithm, Selective Flooding, extensive evaluation of Selective Flooding under a variety of network conditions and a working simulation model for future research.

High-speed Networks

Selective Flooding

QoS Routing

Computer network protocols

Internet

Real-time data processing

Improving Content Delivery and Service Discovery in Networks

Srinivasan, Suman Ramkumar

January 2016

Production and consumption of multimedia content on the Internet is rising, fueled by the demand for content from services such as YouTube, Netflix and Facebook video. The Internet is shifting from host-based to content-centric networking. At the same time, users are shifting away from a homogeneous desktop computing environment to using a heterogeneous mix of devices, such as smartphones, tablets and thin clients, all of which allow users to consume data on the move using wireless and cellular data networks. The popularity of these new class of devices has, in turn, increased demand for multimedia content by mobile users. The emergence of rich Internet applications and the widespread adoption and use of High Definition (HD) video has also placed higher pressure on the service providers and the core Internet backbone, forcing service providers to respond to increased bandwidth use in such networks. In my thesis, I aim to provide clarity and insight into the usage of core networking protocols and multimedia consumption on both mobile and wireless networks, as well as the network core. I also present research prototypes for potential solutions to some of the problems caused by the increased multimedia consumption on the Internet.

Multimedia systems--Standards

Computer network protocols

Internet

Multimedia systems

Computer science

Performance and control of CSMA wireless networks. / CUHK electronic theses & dissertations collection

January 2010

Motivated by the fact that the contention graph associated with ICN is a Markov random field (MRF) with respect to the probability distribution of its system states, and that the belief propagation algorithm (BP) is an efficient way to solve "inference" problems in graphical models such as MRF, we study how to apply BP algorithms to the analysis and control of CSMA wireless networks. We investigate three applications: (1) computation of link throughputs given link access intensities; (2) computation of link access intensities required to meet target link throughputs; and (3) optimization of network utility via the control of link access intensities. We show that BP solves the three problems with exact results in tree networks and has manageable computation errors in a network with loopy contention graph. In particular, we show how a generalized version of BP, GBP, can be designed to solve the three problems above with higher accuracy. Importantly, we show how the BP and GBP algorithms can be implemented in a distributed manner, making them useful in practical CSMA network operation. / The above studies focus on computation and control of "equilibrium" link throughputs. Besides throughputs, an important performance measure in CSMA networks is the propensity for starvation. In this thesis, we show that links in CSMA wireless networks are particularly susceptible to "temporal" starvation. Specifically, certain links may have good equilibrium throughputs, yet they can still receive no throughput for extended periods from time to time. We develop a "trap theory" to analyze temporal throughput fluctuations. The trap theory serves two functions. First, it allows us to derive new mathematical results that shed light on the transient behavior of CSMA networks. Second, we can develop automated analytical tools for computing the "degrees of starvation" for CSMA networks to aid network design. We believe that the ability to identify and characterize temporal starvation as established in this thesis will serve as an important first step toward the design of effective remedies for it. / This thesis investigates the performance and control of CSMA wireless networks. To this end, an analytical model of CSMA wireless networks that captures the essence of their operation is important. We propose an Ideal CSMA Network (ICN) model to characterize the dynamic of the interactions and dependency of links in CSMA wireless networks. This model allows us to address various issues related to performance and control of CSMA networks. / We show that the throughput distributions of links in ICN can be computed from a continuous-time Markov chain and are insensitive to the distributions of the transmission time (packet duration) and the backoff countdown time in the CSMA MAC protocol given the ratio of their means rho, referred to as the access intensity. An outcome of the ICN model is a Back-of-the-Envelope (BoE) approximate computation method that allows us to bypass complicated stochastic analysis to compute link throughputs in many network configurations quickly. The BoE computation method emerges from ICN in the limit rho → infinity. Our results indicate that BoE is a good approximation technique for modest-size networks such as those typically seen in 802.11 deployments. Beyond serving as the foundation for BoE, the theoretical framework of ICN is also a foundation for understanding and optimization of large CSMA networks. / Kai, Caihong. / Adviser: Soung Chang Liew. / Source: Dissertation Abstracts International, Volume: 73-03, Section: B, page: . / Thesis (Ph.D.)--Chinese University of Hong Kong, 2010. / Includes bibliographical references (leaves 180-183). / Electronic reproduction. Hong Kong : Chinese University of Hong Kong, [2012] System requirements: Adobe Acrobat Reader. Available via World Wide Web. / Electronic reproduction. [Ann Arbor, MI] : ProQuest Information and Learning, [201-] System requirements: Adobe Acrobat Reader. Available via World Wide Web. / Abstract also in Chinese.

Computers--Access control

Protocol sequences for the collision channel without feedback. / CUHK electronic theses & dissertations collection

January 2010

At last, we focus on the detection problem in the protocol sequence design. The objective is to construct user-detectable sequences that allow any active user be detected by the receiver via some algorithm within some bounded delay if and only if it has become active. / First of all, in order to minimize variation of throughput due to delay offsets, we investigate protocol sequences whose pairwise Hamming cross-correlation is a constant for all possible relative offsets. It can be viewed as a generalization of completely shift-invariant sequences, which can achieve the zero-variation in throughput over a slot-synchronized channel. / Provided that the number of active users is smaller than the number of potential users, strongly conflict-avoiding codes are introduced with the non-blocking property in the asynchronous channel. It can be viewed as an extension of completely irrepressible sequences. / The second one is a non-blocking property which ensures that each active user can successfully transmit information at least once in its each active period. With the assumption that all potential users may be active simultaneously, user-irrepressible sequences and completely irrepressible sequences are studied respectively for different level of synchronization, to support the non-blocking property. / This thesis is based on Massey's model on collision channels without feedback, in which collided packets are considered unrecoverable. A collision occurs if two or more packets are partially or totally overlapped. Each potential user is assigned a deterministic zero-one pattern, called the protocol sequence, and sends a packet if and only if it is active and the value of the sequence is equal to one. Due to lack of feedback, the beginning of the protocol sequences cannot be synchronized and variation in relative offsets is inevitable. It further yields variation in throughput. / We study the design of protocol sequences from three different perspectives. / Zhang, Yijin. / Adviser: Wing Shing Wong. / Source: Dissertation Abstracts International, Volume: 73-03, Section: B, page: . / Thesis (Ph.D.)--Chinese University of Hong Kong, 2010. / Includes bibliographical references (leaves 1116). / Electronic reproduction. Hong Kong : Chinese University of Hong Kong, [2012] System requirements: Adobe Acrobat Reader. Available via World Wide Web. / Electronic reproduction. [Ann Arbor, MI] : ProQuest Information and Learning, [201-] System requirements: Adobe Acrobat Reader. Available via World Wide Web. / Abstract also in Chinese.

Sequential processing (Computer science)

Improving routing performance of underwater wireless sensor networks

Ayaz, Beenish

January 2016

In this research work we propose a 3D node deployment strategy by carefully considering the unique characteristics of underwater acoustic communication as well as 3D dynamic nature of UWSN. This strategy targets 3D UWSN and not only improves the routing protocol performance significantly in terms of end to end delay and energy consumption but also provides reliability in data transmission. This strategy has been developed step by step from a single line of vertical communication to an effective 3D node deployment for UWSN. Several simulation experiments were carried out after adding different features to the final design to observe their impact on the overall routing performance. Finally, it is verified that this design strategy improves the routing performance, provides reliability to the network and increases network lifetime. Furthermore, we compared our results to the random node deployment in 3D, which is commonly used for analysing the performance of UWSN routing protocols. The comparison results verified our effective deployment design and showed that it provides almost 150% less end-to-end delay and almost 25% less energy consumption to the random deployment. It also revealed that by increasing the data traffic, our 3D node deployment strategy has no loss of data due to several back-up paths available, which is in contrast to random node deployment, where the packet loss occurs by increasing the data traffic. Improving the routing performance by carefully analysing the impact of 3D node deployment strategy and ensuring full sensing, transmission and back-up coverage in a highly unpredictable underwater environment, is a novel approach. Embedding this strategy with any networking protocol will improve its performance significantly.

620