Spelling suggestions: "subject:"bnetwork 2security."" "subject:"bnetwork bsecurity.""
391 |
Intrusion Identification For Mobile Ad Hoc NetworksSahoo, Chandramani 03 1900 (has links)
A Mobile Ad Hoc Network (MANETs) is a collection of wireless hosts that can be rapidly deployed as a multi hop packet radio network without the aid of any established infrastructure or centralized administration. Such networks can be used to enable next generation of battlefield applications envisioned by the military, including situation awareness systems for maneuvering war fighters, and remotely deployed unmanned microsensor networks. Ad Hoc networks can also provide solutions for civilian applications such as disaster recovery and message exchanges among safety and security personnel involved in rescue missions.
Existing solutions for wired network Intrusion Detection Systems (IDSs) do not suit wireless Ad Hoc networks. To utilize either misuse detection or anomaly detection to monitor any possible compromises, the IDS must be able to distinguish normal from anomaly activities. To enable intrusion detection in wireless Ad Hoc networks, the research problems are:
• How to efficiently collect normal and anomaly patterns of Ad Hoc networks? The lifetime of the hosts is short and Ad Hoc networks do not have traffic concentration points (router, switch).
• How to detect anomalies? The loss could be caused by host movement instead of attacks. Unexpectedly long delay could be caused by unreliable channel instead of malicious discard.
In this thesis, we have proposed a novel architecture that uses specification based intrusion detection techniques to detect active attacks against the routing protocols of mobile Ad Hoc networks. Our work analyzes some of the vulnerabilities and discuss the attacks against the AODV protocol. Our approach involves the use of an FSM (Finite State Machine) for specifying the AODV routing behavior and the distributed network monitors for detecting the sequence number attack. Our method can detect most of the bad nodes with low false positive rate and the packet delivery ratio can also be increased with high detection rate.
For packet dropping attack, we present a distributed technique to detect this attack in wireless Ad Hoc networks. A bad node can forward packets but in fact it fails to do so. In our technique, every node in the network will check the neighboring nodes to detect if any of them fail to forward the packets. Our technique can detect most of the bad nodes with low false positive rate and the packet delivery ratio can also be increased. The proposed solution can be applied to identify multiple malicious nodes cooperating with each other in MANETs and discover secure routes from source to destination by avoiding malicious nodes acting in cooperation. Our technique will detect the sequence number and Packet Dropping attacks in real time within its radio range with no extra overhead.
For resource consumption attack, the proposed scheme incurs no extra overhead, as it makes minimal modifications to the existing data structures and functions related to bad listing a node in the existing version of pure AODV. The proposed scheme is more efficient in terms of the resultant routes established, resource reservations, and computational complexity. If multiple malicious nodes collaborate, they in turn will be restricted and isolated by their neighbors, because they monitor and exercise control over forwarding RREQs by nodes. Hence, the scheme successfully prevents Distributed attacks. The proposed scheme shifts the responsibility of monitoring this parameter to the node's neighbor, ensuring compliance of this restriction. This technique solves all of the problems caused due to unnecessary RREQs from a compromised node. Instead of self-control, the control exercised by a node's neighbor results in preventing this attack. Experiments show that the tool provides effective intrusion detection functionality while using only a limited amount of resources. The loop freedom property has been reduced to an invariant on pairs of nodes. Each node decides & transmits its decision to a control center. Robustness to Threats, Robustness to nodes destruction: Loss of Performance (in terms of ratio) is least for Distributed Option and highest for Centralized Option and Robustness to observations deletion.
All the proposed schemes were analyzed and tested under different topologies and conditions with varying number of nodes .The proposed algorithms for improving the robustness of the wireless Ad Hoc networks using AODV protocol against Packet Dropping Attack, Sequence Number attack and resource consumption attack have been simulated for an illustrative network of about 30 nodes. Our experiments have shown that the pattern extracted through simulation can be used to detect attacks effectively. The patterns could also be applied to detect similar attacks on other protocols.
|
392 |
A multi-modular dynamical cryptosystem based on continuous-interval cellular automataTerrazas Gonzalez, Jesus David 04 January 2013 (has links)
This thesis presents a computationally efficient cryptosystem based on chaotic continuous-interval cellular automata (CCA). This cryptosystem increases data protection as demonstrated by its flexibility to encrypt/decrypt information from distinct sources (e.g., text, sound, and images). This cryptosystem has the following enhancements over the previous chaos-based cryptosystems: (i) a mathematical model based on a new chaotic CCA strange attractor, (ii) integration of modules containing dynamical systems to generate complex sequences, (iii) generation of an unlimited number of keys due to the features of chaotic phenomena obtained through CCA, which is an improvement over previous symmetric cryptosystems, and (iv) a high-quality concealment of the cryptosystem strange attractor. Instead of using differential equations, a process of mixing chaotic sequences obtained from CCA is also introduced. As compared to other recent approaches, this mixing process provides a basis to achieve higher security by using a higher degree of complexity for the encryption/decryption processes. This cryptosystem is tested through the following three methods: (i) a stationarity test based on the invariance of the first ten statistical moments, (ii) a polyscale test based on the variance fractal dimension trajectory (VFDT) and the spectral fractal dimension (SFD), and (iii) a surrogate data test. This cryptosystem secures data from distinct sources, while leaving no patterns in the ciphertexts. This cryptosystem is robust in terms of resisting attacks that: (i) identify a chaotic system in the time domain, (ii) reconstruct the chaotic attractor by monitoring the system state variables, (iii) search the system synchronization parameters, (iv) statistical cryptanalysis, and (v) polyscale cryptanalysis.
|
393 |
A multi-modular dynamical cryptosystem based on continuous-interval cellular automataTerrazas Gonzalez, Jesus David 04 January 2013 (has links)
This thesis presents a computationally efficient cryptosystem based on chaotic continuous-interval cellular automata (CCA). This cryptosystem increases data protection as demonstrated by its flexibility to encrypt/decrypt information from distinct sources (e.g., text, sound, and images). This cryptosystem has the following enhancements over the previous chaos-based cryptosystems: (i) a mathematical model based on a new chaotic CCA strange attractor, (ii) integration of modules containing dynamical systems to generate complex sequences, (iii) generation of an unlimited number of keys due to the features of chaotic phenomena obtained through CCA, which is an improvement over previous symmetric cryptosystems, and (iv) a high-quality concealment of the cryptosystem strange attractor. Instead of using differential equations, a process of mixing chaotic sequences obtained from CCA is also introduced. As compared to other recent approaches, this mixing process provides a basis to achieve higher security by using a higher degree of complexity for the encryption/decryption processes. This cryptosystem is tested through the following three methods: (i) a stationarity test based on the invariance of the first ten statistical moments, (ii) a polyscale test based on the variance fractal dimension trajectory (VFDT) and the spectral fractal dimension (SFD), and (iii) a surrogate data test. This cryptosystem secures data from distinct sources, while leaving no patterns in the ciphertexts. This cryptosystem is robust in terms of resisting attacks that: (i) identify a chaotic system in the time domain, (ii) reconstruct the chaotic attractor by monitoring the system state variables, (iii) search the system synchronization parameters, (iv) statistical cryptanalysis, and (v) polyscale cryptanalysis.
|
394 |
Identifica??o remota de sistemas operacionais utilizando an?lise de processos aleat?rios e redes neurais artificiaisMedeiros, Jo?o Paulo de Souza 19 June 2009 (has links)
Made available in DSpace on 2014-12-17T14:55:36Z (GMT). No. of bitstreams: 1
JoaoPSM.pdf: 2736653 bytes, checksum: 0b1bd7853a47877b24c5f2042e0a5d8e (MD5)
Previous issue date: 2009-06-19 / Petr?leo Brasileiro SA - PETROBRAS / A new method to perform TCP/IP fingerprinting is proposed. TCP/IP fingerprinting is the process of identify a remote machine through a TCP/IP based computer network.
This method has many applications related to network security. Both intrusion and defence procedures may use this process to achieve their objectives. There are many known
methods that perform this process in favorable conditions. However, nowadays there are many adversities that reduce the identification performance. This work aims the creation
of a new OS fingerprinting tool that bypass these actual problems. The proposed method is based on the use of attractors reconstruction and neural networks to characterize and classify pseudo-random numbers generators / ? proposto um novo m?todo para identifica??o remota de sistemas operacionais que operam em redes TCP/IP. Este m?todo possui diversas aplica??es relacionadas ? seguran?a
em redes de computadores e ? normalmente adotado tanto em atividades de ataque quanto de defesa de sistemas. O m?todo proposto ? capaz de obter sucesso em situa??es
onde diversas solu??es atuais falham, inclusive no tratamento com dispositivos possivelmente vulner?veis ao processo de identifica??o. O novo m?todo realiza a an?lise dos
geradores de n?meros aleat?rios usados nas pilhas TCP/IP e, atrav?s do uso de redes neurais artificiais, cria mapas que representam o comportamento destes geradores. Tais
mapas s?o usados para compara??o com mapas rotulados que representam sistemas j? conhecidos, concretizando o processo de identifica??o
|
395 |
Uma ferramenta de manipula??o de pacotes para an?lise de protocolos de redes industriais baseados em TCP/IPKobayashi, Tiago Hiroshi 07 June 2009 (has links)
Made available in DSpace on 2014-12-17T14:55:38Z (GMT). No. of bitstreams: 1
TiagoHK.pdf: 2636025 bytes, checksum: ce24354f7859d7a6bcea2ea448265402 (MD5)
Previous issue date: 2009-06-07 / This work presents a packet manipulation tool developed to realize tests in industrial devices that implements TCP/IP-based communication protocols. The tool was developed
in Python programming language, as a Scapy extension. This tool, named IndPM- Industrial Packet Manipulator, can realize vulnerability tests in devices of industrial networks, industrial protocol compliance tests, receive server replies and utilize the Python interpreter to build tests. The Modbus/TCP protocol was implemented as proof-of-concept. The
DNP3 over TCP protocol was also implemented but tests could not be realized because of the lack of resources. The IndPM results with Modbus/TCP protocol show some implementation
faults in a Programmable Logic Controller communication module frequently utilized in automation companies / Neste trabalho ? apresentada uma ferramenta de manipula??o de pacotes destinada ? realiza??o de testes em dispositivos que implementam protocolos de comunica??o baseados
em TCP/IP utilizados em redes industriais. A ferramenta foi desenvolvida em linguagem de programa??o Python, como uma extens?o ao Scapy. Esta ferramenta, denominada
IndPM - Industrial Packet Manipulator, permite testar os dispositivos presentes em redes industriais em rela??o a poss?veis vulnerabilidades, realizar testes de conformidade
de protocolos, coletar respostas de servidores existentes nas redes e utilizar os recursos do interpretador Python para compor testes. Como prova de conceito, foi implementado
o protocolo Modbus/TCP. O protocolo DNP3 sobre TCP tamb?m foi implementado, mas n?o foi testado por indisponibilidade de recursos. Os resultados dos testes obtidos com a manipula??o de pacotes Modbus/TCP mostram falhas de implementa??o em um m?dulo de comunica??o para um Controlador L?gico Program?vel bastante utilizado na ind?stria
|
396 |
Verificação formal de protocolos de trocas justas utilizando o metodo de espaços de fitas / Formal verification of fair exchange protocols using the strand spaces methodPiva, Fabio Rogério, 1982- 13 August 2018 (has links)
Orientador: Ricardo Dahab / Dissertação (mestrado) - Universidade Estadual de Campinas, Instituto de Computação / Made available in DSpace on 2018-08-13T10:57:18Z (GMT). No. of bitstreams: 1
Piva_FabioRogerio_M.pdf: 1281624 bytes, checksum: 2d4f949b868d1059e108b1cd79314629 (MD5)
Previous issue date: 2009 / Resumo: Os protocolos de trocas justas foram propostos como solução para o problema da troca de itens virtuais, entre duas ou mais entidades, sem que haja a necessidade de confiança entre elas. A popularização da internet criou uma crescente classe de usuários leigos que diariamente participam de transações de troca, como comercio eletrônico (e-commerce), internet banking, redes ponto-a-ponto (P2P), etc. Com tal demanda por justiça, e preciso garantir que os protocolos de trocas justas recebam a mesma atenção acadêmica dedicada aos protocolos clássicos. Neste contexto, fazem-se necessárias diretrizes de projeto, ferramentas de verificação, taxonomias de ataques e quaisquer outros artefatos que possam auxiliar na composição de protocolos sem falhas. Neste trabalho, apresentamos um estudo sobre o problema de trocas justas e o atual estado da arte das soluções propostas, bem como a possibilidade de criar, a partir de técnicas para a verificação formal e detecção de falhas em protocolos clássicos, metodologias para projeto e correção de protocolos de trocas justas. / Abstract: Fair exchange protocols were first proposed as a solution to the problem of exchanging digital items, between two or more entities, without forcing them to trust each other. The popularization of the internet resulted in an increasing amount of lay users, which constantly participate in exchange transactions, such as electronic commerce (ecommerce), internet banking, peer-to-peer networks (P2P), etc. With such demand for fairness, we need to ensure that fair exchange protocols receive the same amount of attention, from academia, as classic protocols do. Within this context, project guideliness are needed, and so are verification tools, taxonomies of attack, and whatever other artifacts that may help correct protocol design. In this work we present a study on the fair exchange problem and the current state-of-the-art of proposed solutions, as well as a discussion on the possibility of building, from currently available formal verification and attack detection techniques for classic protocols, methods for fair exchange protocols design and correction. / Mestrado / Ciência da Computação / Mestre em Ciência da Computação
|
397 |
UM MODELO DE ATUALIZAÇÃO AUTOMÁTICA DO MECANISMO DE DETECÇÃO DE ATAQUES DE REDE PARA SISTEMAS DE DETECÇÃO DE INTRUSÃO / A MODEL OF AUTOMATIC UPDATE OF THE MECHANISM OF DETENTION OF ATTACKS OF NET FOR SYSTEMS OF INTRUSION DETENTIONDias, Rômulo Alves 21 November 2003 (has links)
Made available in DSpace on 2016-08-17T14:52:54Z (GMT). No. of bitstreams: 1
Romulo Alves Dias.PDF: 2725851 bytes, checksum: eaa8311ad62c875b230e288dfc66efa3 (MD5)
Previous issue date: 2003-11-21 / The obsolescence of the IDS's attack identification mechanisms critically
compromises the security level of the networks. This research work presents a
proposal of a automatic updating model of the network attack detection mechanism
for intrusion detection systems based on a society of intelligent agents. The Security
Central Agency, a component of the model, distributes a mini-society of attack
detection agents, called SAARA, that uses a neural network trained with data
captured from several network traffic sources. A computational implementation of the
SAARA model, focusing data driven attack detection, is presented for the multiagent
IDS NIDIA. / A obsolescência dos mecanismos de identificação de ataques dos SDI´s tem
comprometido de forma crítica o nível de segurança das redes de computadores.
Esta dissertação apresenta uma proposta de um modelo de atualização automática
do mecanismo de detecção de ataques de rede para sistemas de detecção de
intrusão baseados na noção de sociedade de agentes inteligentes. A Agência
Central de Segurança integrante deste modelo distribui uma mini-sociedade de
agentes de detecção de ataque, denominada de SAARA, que utiliza uma rede neural
treinada a partir de dados coletados de diversas fontes de tráfego. Uma
implementação computacional da SAARA, abordando detecção de ataques
orientados a dados, é apresentada dentro do contexto do SDI multiagentes NIDIA.
|
398 |
SISTEMA DE DETECÇÃO DE INTRUSOS EM ATAQUES ORIUNDOS DE BOTNETS UTILIZANDO MÉTODO DE DETECÇÃO HÍBRIDO / Intrusion Detection System in Attacks Coming from Botnets Using Method Hybrid DetectionCUNHA NETO, Raimundo Pereira da 28 July 2011 (has links)
Made available in DSpace on 2016-08-17T14:53:19Z (GMT). No. of bitstreams: 1
dissertacao Raimundo.pdf: 3146531 bytes, checksum: 40d7a999c6dda565c6701f7cc4a171aa (MD5)
Previous issue date: 2011-07-28 / The defense mechanisms expansion for cyber-attacks combat led to the malware evolution,
which have become more structured to break these new safety barriers. Among the numerous
malware, Botnet has become the biggest cyber threat due to its ability of controlling, the
potentiality of making distributed attacks and because of the existing structure of control. The
intrusion detection and prevention has had an increasingly important role in network
computer security. In an intrusion detection system, information about the current situation
and knowledge about the attacks contribute to the effectiveness of security process against
this new cyber threat. The proposed solution presents an Intrusion Detection System (IDS)
model which aims to expand Botnet detectors through active objects system by proposing a
technology with collect by sensors, preprocessing filter and detection based on signature and
anomaly, supported by the artificial intelligence method Particle Swarm Optimization (PSO)
and Artificial Neural Networks. / A ampliação dos mecanismos de defesas no uso do combate de ataques ocasionou a evolução
dos malwares, que se tornaram cada vez mais estruturados para o rompimento destas novas
barreiras de segurança. Dentre os inúmeros malwares, a Botnet tornou-se uma grande ameaça
cibernética, pela capacidade de controle e da potencialidade de ataques distribuídos e da
estrutura de controle existente. A detecção e a prevenção de intrusão desempenham um papel
cada vez mais importante na segurança de redes de computadores. Em um sistema de
detecção de intrusão, as informações sobre a situação atual e os conhecimentos sobre os
ataques tornam mais eficazes o processo de segurança diante desta nova ameaça
cibernética. A solução proposta apresenta um modelo de Sistema de Detecção de Intrusos
(IDS) que visa na ampliação de detectores de Botnet através da utilização de sistemas objetos
ativos, propondo uma tecnologia de coleta por sensores, filtro de pré-processamento e
detecção baseada em assinatura e anomalia, auxiliado pelo método de inteligência artificial
Otimização de Enxame da Partícula (PSO) e Redes Neurais Artificiais.
|
399 |
Provendo segurança em redes definidas por software através da integração com sistemas de detecção e prevenção de intrusãoFernandes, Henrique Santos 03 July 2017 (has links)
Submitted by Patrícia Cerveira (pcerveira1@gmail.com) on 2017-06-07T20:29:49Z
No. of bitstreams: 1
Henrique_Fernandes Dissertação.pdf: 2826928 bytes, checksum: f7388a5396e90a8444a4aac05feada53 (MD5) / Approved for entry into archive by Biblioteca da Escola de Engenharia (bee@ndc.uff.br) on 2017-07-03T14:05:51Z (GMT) No. of bitstreams: 1
Henrique_Fernandes Dissertação.pdf: 2826928 bytes, checksum: f7388a5396e90a8444a4aac05feada53 (MD5) / Made available in DSpace on 2017-07-03T14:05:51Z (GMT). No. of bitstreams: 1
Henrique_Fernandes Dissertação.pdf: 2826928 bytes, checksum: f7388a5396e90a8444a4aac05feada53 (MD5) / Os Sistemas de Detecção e Prevenção de Intrusão são fundamentais para a segurança
da rede de computadores, inspecionar o tráfego da rede em tempo real em busca de intrusos
para garantir uma rede confiável é um dos seus papéis. Porém a falta de integração com
os ativos da rede é um dos principais fatores que limitam sua atuação. O conceito de
Redes Definidas por Software visa diminuir a falta de integração entre os ativos de rede
devido a separação do plano de dados do plano de controle. Diante da limitação da
integração entre os ativos de redes e os Sistemas de Detecção e Prevenção de Intrusão,
o presente estudo propõe, desenvolve e demonstra o IDSFlow, um modelo de integração
de sistemas de detecção de intrusão em redes definidas por software. Para validar o
IDSFlow, foram realizados testes utilizando o Openflow, o Mininet, CPqD e o Snort. Os
resultados obtidos pelos algorítimos desenvolvidos e apresentados mostram a capacidade
de integração proposta, é possível verificar a viabilidade de utilizar as regras já existentes e
funcionais para o Snort assim como utilizar o histórico de utilização da rede para aumentar
a efetividade da detecção e dos bloqueios de intrusos. / Intrusion Detection and Prevention Systems are fundamental to the network security,
to inspect the traffic in real time seeking intruders to ensure a reliable network is one of
it’s roles. However the lack of integration between the network equipments, is one of the
biggest factors to limit its operations. The concept of Software Defined Networks aims to
reduce the lack of integration among network assets due to the separation of the data plan
from the control plan. Given the limitation of integration between networks assets and
Intrusion Detection and Prevention Systems, the present study proposes, develops and
demonstrates IDSFlow, an integration model of intrusion detection systems in softwaredefined
networks. To validate IDSFlow, tests were run using Openflow, Mininet, CPqD
and Snort. The results obtained by the algorithms developed and presented show the
proposed integration capacity, it is possible to verify the feasibility of using the existing
and functional rules for Snort as well as to use the network usage history to increase the
effectiveness of intrusion detection and block.
|
400 |
Enhancing security and scalability of Virtual Private LAN ServicesLiyanage, M. (Madhusanka) 21 November 2016 (has links)
Abstract
Ethernet based VPLS (Virtual Private LAN Service) is a transparent, protocol independent, multipoint L2VPN (Layer 2 Virtual Private Network) mechanism to interconnect remote customer sites over IP (Internet Protocol) or MPLS (Multiprotocol Label Switching) based provider networks. VPLS networks are now becoming attractive in many Enterprise applications, such as DCI (data center interconnect), voice over IP (VoIP) and videoconferencing services due to their simple, protocol-independent and cost efficient operation. However, these new VPLS applications demand additional requirements, such as elevated security, enhanced scalability, optimum utilization of network resources and further reduction in operational costs. Hence, the motivation of this thesis is to develop secure and scalable VPLS architectures for future communication networks.
First, a scalable secure flat-VPLS architecture is proposed based on a Host Identity Protocol (HIP). It contains a session key-based security mechanism and an efficient broadcast mechanism that increase the forwarding and security plane scalability of VPLS networks. Second, a secure hierarchical-VPLS architecture is proposed to achieve control plane scalability. A novel encrypted label-based secure frame forwarding mechanism is designed to transport L2 frames over a hierarchical VPLS network. Third, a novel Distributed Spanning Tree Protocol (DSTP) is designed to maintain a loop free Ethernet network over a VPLS network. With DSTP it is proposed to run a modified STP (Spanning Tree Protocol) instance in each remote segment of the VPLS network. In addition, two Redundancy Identification Mechanisms (RIMs) termed Customer Associated RIMs (CARIM) and Provider Associated RIMs (PARIM) are used to mitigate the impact of invisible loops in the provider network.
Lastly, a novel SDN (Software Defined Networking) based VPLS (Soft-VPLS) architecture is designed to overcome tunnel management limitations in legacy secure VPLS architectures. Moreover, three new mechanisms are proposed to improve the performance of legacy tunnel management functions: 1) A dynamic tunnel establishment mechanism, 2) a tunnel resumption mechanism and 3) a fast transmission mechanism.
The proposed architecture utilizes a centralized controller to command VPLS tunnel establishment based on real-time network behavior.
Hence, the results of the thesis will help for more secure, scalable and efficient system design and development of VPLS networks. It will also help to optimize the utilization of network resources and further reduction in operational costs of future VPLS networks. / Tiivistelmä
Ethernet-pohjainen VPLS (Virtual Private LAN Service) on läpinäkyvä, protokollasta riippumaton monipisteverkkomekanismi (Layer 2 Virtual Private Network, L2VPN), jolla yhdistetään asiakkaan etäkohteet IP (Internet Protocol)- tai MPLS (Multiprotocol Label Switching) -yhteyskäytäntöön pohjautuvien palveluntarjoajan verkkojen kautta. VPLS-verkoista on yksinkertaisen protokollasta riippumattoman ja kustannustehokkaan toimintatapansa ansiosta tullut kiinnostavia monien yrityssovellusten kannalta. Tällaisia sovelluksia ovat esimerkiksi DCI (Data Center Interconnect), VoIP (Voice over IP) ja videoneuvottelupalvelut. Uusilta VPLS-sovelluksilta vaaditaan kuitenkin uusia asioita, kuten parempaa tietoturvaa ja skaalautuvuutta, optimaalista verkkoresurssien hyödyntämistä ja käyttökustannusten pienentämistä entisestään. Tämän väitöskirjan tarkoituksena onkin kehittää turvallisia ja skaalautuvia VPLS-arkkitehtuureja tulevaisuuden tietoliikenneverkoille.
Ensin väitöskirjassa esitellään skaalautuva ja turvallinen flat-VPLS-arkkitehtuuri, joka perustuu Host Identity Protocol (HIP) -protokollaan. Seuraavaksi käsitellään istuntoavaimiin perustuvaa tietoturvamekanismia ja tehokasta lähetysmekanismia, joka parantaa VPLS-verkkojen edelleenlähetyksen ja tietoturvatason skaalautuvuutta. Tämän jälkeen esitellään turvallinen, hierarkkinen VPLS-arkkitehtuuri, jolla saadaan aikaan ohjaustason skaalautuvuus. Väitöskirjassa kuvataan myös uusi salattu verkkotunnuksiin perustuva tietokehysten edelleenlähetysmekanismi, jolla L2-kehykset siirretään hierarkkisessa VPLS-verkossa. Lisäksi väitöskirjassa ehdotetaan uuden Distributed Spanning Tree Protocol (DSTP) -protokollan käyttämistä vapaan Ethernet-verkkosilmukan ylläpitämiseen VPLS-verkossa. DSTP:n avulla on mahdollista ajaa muokattu STP (Spanning Tree Protocol) -esiintymä jokaisessa VPLS-verkon etäsegmentissä. Väitöskirjassa esitetään myös kaksi Redundancy Identification Mechanism (RIM) -mekanismia, Customer Associated RIM (CARIM) ja Provider Associated RIM (PARIM), joilla pienennetään näkymättömien silmukoiden vaikutusta palveluntarjoajan verkossa.
Viimeiseksi ehdotetaan uutta SDN (Software Defined Networking) -pohjaista VPLS-arkkitehtuuria (Soft-VPLS) vanhojen turvallisten VPLS-arkkitehtuurien tunnelinhallintaongelmien poistoon. Näiden lisäksi väitöskirjassa ehdotetaan kolmea uutta mekanismia, joilla voidaan parantaa vanhojen arkkitehtuurien tunnelinhallintatoimintoja: 1) dynaaminen tunnelinluontimekanismi, 2) tunnelin jatkomekanismi ja 3) nopea tiedonsiirtomekanismi. Ehdotetussa arkkitehtuurissa käytetään VPLS-tunnelin luomisen hallintaan keskitettyä ohjainta, joka perustuu reaaliaikaiseen verkon käyttäytymiseen.
Tutkimuksen tulokset auttavat suunnittelemaan ja kehittämään turvallisempia, skaalautuvampia ja tehokkaampia VLPS järjestelmiä, sekä auttavat hyödyntämään tehokkaammin verkon resursseja ja madaltamaan verkon operatiivisia kustannuksia.
|
Page generated in 0.0559 seconds