Optimization of Transport Security for Securing Peer-to-Peer Communication in Heterogeneous Networks

Chen, Ta-wei

January 2005

This thesis concerns the security of tomorrow’s peer-to-peer real-time communication in heterogeneous networks. Because of the additional delay caused by inband handshake and the poor compatibilities of some transport protocols, it was determined that existing security protocols such as transport layer security (TLS) and datagram transport layer security (DTLS) are not suitable in such a user scenario and a new security protocol should be designed. This new security protocol is called transport encapsulation security payload (TESP). TESP not only has the advantage of low initialization delay, but also fully supports transport protocols including TCP, UDP, stream control transmission protocol (SCTP), and datagram congestion control protocol (DCCP). Also a security analysis of TESP was carried out and no security flaws were found. / Denna uppsats behandlar säkerheten för morgondagens "peer-to-peer" (P2P) realtidskommunikation i heterogena nät. På grund av den adderade fördröjning som orsakas av inbandssignalering och dålig kompabilitet hos många transportprotokoll, så kan man fastställa att existerande säkerhetsprotokoll, såsom "(Datagram) Transport Layer Security" (TLS och DTLS), inte är lämpade för denna typ av kommunikation och att ett nytt säkerhetsprotokoll bör tas fram. "Transport Encapsulation Security Payload" (TESP) är ett sådant protokoll. TESP har inte bara fördelar såsom låg uppstartsfördröjning, utan har också stöd för många transportprotokoll, t.ex. "Transport Control Protocol" (TCP), "User Datagram Protocol" (UDP), "Stream Control Transmission Protocol" (SCTP) och "Datagram Congestion Control Protocol" (DCCP). Även en säkerhetsanalys av TESP har gjorts, där inga säkerhetsproblem har kunnat påvisas.

transport layer security

peer-to-peer communication

heterogeneous network

TESP

TCP

UDP

SCTP

DCCP

TLS

DTLS

Communication Systems

Kommunikationssystem

Architecture réseau pour véhicule de transport en commun communiquant

Bertaux, Lionel

26 September 2013

Avec la démocratisation des appareils mobiles, les transports en commun sont amenés à proposer de nouveaux services à leur usagers et notamment une connexion à Internet. Le véhicule de transport en commun agit alors comme un routeur mobile fournissant une connexion fiable à ses noeuds et doit pour cela être connecté en permanence à un point d'accès. Les zones de couverture étant limitées par les technologies utilisées et par les obstacles, des changements de réseaux sont alors nécessaires et provoquant différents évènements pouvant impacter les performances des protocoles de Transport : introduction de latences dues à la configuration des interfaces, modification des caractéristiques du chemin utilisé par la communication.. Dans cette thèse nous étudions cet impact en déterminant son origine puis nous proposons des solutions visant à le réduire de deux manières : en réduisant les latences introduites par le changement de réseau et en diminuant l'impact de la modification des caractéristiques du réseau.

Réseaux mobiles

Protocole de transport

WiFi

3G

Réseaux de communication par satellite

SCTP

TCP

Peer-to-peer com a utilização do SCTP para aplicativos de compartilhamento de arquivos

Carmo, Gustavo Salvadori Baptista do

24 March 2006

Coordenação de Aperfeiçoamento de Pessoal de Nível Superior / Peer-to-peer networks provide an efficient way for sharing computer resources. The transport layer underlies these networks. On the Internet, TCP and UDP are the mostly used protocols in this layer. SCTP is another transport layer protocol: related to TCP and UDP, SCTP offers additional functionalities that makes it more suitable to certain kinds of applications. This work aims to show the viability of the use of SCTP as the transport layer protocol for peer-to-peer file sharing applications, using the peculiar functionalities of this protocol to satisfy the needs of these applications in a more efficient way. / As redes peer-to-peer oferecem uma forma eficaz para o compartilhamento de recursos dos computadores. Sob essas redes está a camada de transporte. Na Internet, os protocolos mais utilizados nessa camada são o TCP e o UDP. Outro protocolo da camada de transporte e o SCTP, que oferece funcionalidades adicionais em relação ao TCP e ao UDP que o tornam mais apropriado a determinados tipos de aplicações. Este trabalho tem como objetivo mostrar a viabilidade da utiliza¸são do SCTP como protocolo da camada de transporte em aplicativos peer-to-peer de compartilhamento de arquivos, fazendo uso das funcionalidades peculiares a esse protocolo para satisfazer de forma mais eficaz as necessidades destes aplicativos. / Mestre em Ciência da Computação

Redes de computadores

Redes peer-to-peer

SCTP

Camada de transporte

Redes de computação

Computer networks

Peer-to-peer networks

Transport layer

Emulátor Registru uživatelů mobilní sítě / Home Location Register Emulator

Juránek, Michal

January 2014

This thesis presents basic structure and entities of mobile network GSM. It presents principles of signalling with focus on core network via signalling systems SS7 and SIGTRAN. Chosen protocol layers and signalling message types are presented. The thesis is concluded by the design and implementation of the application emulating home location register of mobile users.

Detection of Denial of Service Attacks on the Open Radio Access Network Intelligent Controller through the E2 Interface

Radhakrishnan, Vikas Krishnan

03 July 2023

Open Radio Access Networks (Open RANs) enable flexible cellular network deployments by adopting open-source software and white-box hardware to build reference architectures customizable to innovative target use cases. The Open Radio Access Network (O-RAN) Alliance defines specifications introducing new Radio Access Network (RAN) Intelligent Controller (RIC) functions that leverage open interfaces between disaggregated RAN elements to provide precise RAN control and monitoring capabilities using applications called xApps and rApps. Multiple xApps targeting novel use cases have been developed by the O-RAN Software Community (OSC) and incubated on the Near-Real-Time RIC (Near-RT RIC) platform. However, the Near-RT RIC has, so far, been demonstrated to support only a single xApp capable of controlling the RAN elements. This work studies the scalability of the OSC Near-RT RIC to support simultaneous control signaling by multiple xApps targeting the RAN element. We particularly analyze its internal message routing mechanism and experimentally expose the design limitations of the OSC Near-RT RIC in supporting simultaneous xApp control. To this end, we extend an existing open-source RAN slicing xApp and prototype a slice-aware User Equipment (UE) admission control xApp implementing the RAN Control E2 Service Model (E2SM) to demonstrate a multi-xApp control signaling use case and assess the control routing capability of the Near-RT RIC through an end-to-end O-RAN experiment using the OSC Near-RT RIC platform and an open-source Software Defined Radio (SDR) stack. We also propose and implement a tag-based message routing strategy for disambiguating multiple xApps to enable simultaneous xApp control. Our experimental results prove that our routing strategy ensures 100% delivery of control messages between multiple xApps and E2 Nodes while guaranteeing control scalability and xApp non-repudiation. Using the improved Near-RT RIC platform, we assess the security posture and resiliency of the OSC Near-RT RIC in the event of volumetric application layer Denial of Service (DoS) attacks exploiting the E2 interface and the E2 Application Protocol (E2AP). We design a DoS attack agent capable of orchestrating a signaling storm attack and a high-intensity resource exhaustion DoS attack on the Near-RT RIC platform components. Additionally, we develop a latency monitoring xApp solution to detect application layer signaling storm attacks. The experimental results indicate that signaling storm attacks targeting the E2 Terminator on the Near-RT RIC cause control loop violations over the E2 interface affecting service delivery and optimization for benign E2 Nodes. We also observe that a high-intensity E2 Setup DoS attack results in unbridled memory resource consumption leading to service interruption and application crash. Our results also show that the E2 interface at the Near-RT RIC is vulnerable to volumetric application layer DoS attacks, and robust monitoring, load-balancing, and DoS mitigation strategies must be incorporated to guarantee resiliency and high reliability of the Near-RT RIC. / Master of Science / Telecommunication networks need sophisticated controllers to support novel use cases and applications. Cellular base stations can be managed and optimized for better user experience through an intelligent radio controller called the Near-Real-Time Radio Access Network (RAN) Intelligent Controller (RIC) (Near-RT RIC), defined by the Open Radio Access Network (O-RAN) Alliance. This controller supports simultaneous connections to multiple base stations through the E2 interface and allows simple radio applications called xApps to control the behavior of those base stations. In this research work, we study the performance and behavior of the Near-RT RIC when a malicious or compromised base station tries to overwhelm the controller through a Denial of Service (DoS) attack. We develop a solution to determine the application layer communication delay between the controller and the base station to detect potential attacks trying to compromise the functionality and availability of the controller. To implement this solution, we also upgrade the controller to support multiple radio applications to interact and control one or more base stations simultaneously. Through the developed solution, we prove that the O-RAN Software Community (OSC) Near-RT RIC is highly vulnerable to DoS attacks from malicious base stations targeting the controller over the E2 interface.

srsRAN

Denial of Service

Open Source

Radio Access Network

Open RAN

RAN Control

Kubernetes

SCTP

USRP

SDR

UE

4G

LTE

5G

eNB

gNB

EPC

Uma arquitetura baseada em SCTP e SIP para suporte a aplica??es VoIP m?veis e a especifica??o formal do seu m?dulo de controle

Costa, Daniel Gouveia

25 May 2006

Made available in DSpace on 2014-12-17T14:56:09Z (GMT). No. of bitstreams: 1 DanielGC.pdf: 538651 bytes, checksum: 34bfc134a2af9166b846b044a2968b16 (MD5) Previous issue date: 2006-05-25 / New versions of SCTP protocol allow the implementation of handover procedures in the transport layer, as well as the supply of a partially reliable communication service. A communication architecture is proposed herein, integrating SCTP with the session initiation protocol, SIP, besides additional protocols. This architecture is intended to handle voice applications over IP networks with mobility requirements. User localization procedures are specified in the application layer as well, using SIP, as an alternative mean to the mechanisms used by traditional protocols, that support mobility in the network layer. The SDL formal specification language is used to specify the operation of a control module, which coordinates the operation of the system component protocols. This formal specification is intended to prevent ambiguities and inconsistencies in the definition of this module, assisting in the correct implementation of the elements of this architecture / Novas vers?es do protocolo SCTP permitem sua utiliza??o para implementa??o de mecanismos de handover em n?vel de transporte, bem como o fornecimento de um servi?o de transmiss?o de dados parcialmente confi?vel. Integrando o SCTP com o protocolo de inicia??o de sess?es, SIP, al?m de utilizar adicionalmente servi?os de outros protocolos auxiliares, uma arquitetura de comunica??o p?de ser proposta, a fim de atender ?s aplica??es de voz sobre IP com requisitos de mobilidade. S?o especificados ainda os procedimentos de localiza??o de usu?rio em n?vel de aplica??o, utilizando o protocolo SIP, como alternativa aos mecanismos empregados por protocolos tradicionais que suportam mobilidade na camada de rede. A linguagem de especifica??o formal SDL ? utilizada para especificar o funcionamento de um M?dulo de Controle, relacionado ? opera??o coordenada dos protocolos que comp?e a arquitetura. Pretende-se assim evitar ambig?idades e inconsist?ncias na defini??o desse m?dulo, o que pode auxiliar em implementa??es corretas de elementos dessa arquitetura

Redes de computa??o (Protocolos)

Comunica??o de dados

SCTP (Protocolo de rede de computa??o)

SIP (Protocolo de rede de computa??o)

Computer networks (Protocols)

Communication of data

SCTP (Protocol of Communication Network)

SIP (Session Initiation Protocol)

VoIP (Protocol of Communication Network)

CNPQ::ENGENHARIAS::ENGENHARIA ELETRICA

Diseño de migración de nodos B aplicado para una RNC caida de una red movil

Mallqui Morales, Nayda Isabel

January 2015

La presente tesina consiste en el diseño de migración de nodos B aplicado para una RNC caída de una red móvil, con la finalidad de solucionar los problemas que se presenten ante un incidente que afecte los servicios de voz y datos de los usurarios de una red móvil. En el desarrollo de la tesina, se describe el planteamiento del problema, el marco teórico de la tecnología UMTS y posteriormente nos centramos en los elementos principales de esta tecnología. También describimos los equipos importantes a utilizar en desarrollo del proyecto, en este caso nos enfocamos en la descripción de la RNC. Y finalmente describimos el desarrollo del proyecto, el diseño de la solución e implementación de la misma, y en donde se presentan los resultados del diseño. This thesis is the design of migration of nodes B and its a applied when RNC fall for a mobile network, in order to solve the problems that arise before an incident affecting voice and data services from a mobile network. In developing the thesis, we describe the theoretical framework of UMTS technology and then we focus on the main elements of this technology. We also describe the important equipment used in project development; in this case we focus on the description of the RNC. And finally we describe the solution of design and implementation .Also, the results of this project.

CI (Identidad de celda / Cell Identity)