Uma variação do protocolo DCCP para redes de alta velocidade / A DCCP variation for high speed networks

Froldi, Carlos Augusto, 1979-

11 November 2011

Orientador: Nelson Luis Saldanha da Fonseca / Dissertação (mestrado) - Universidade Estadual de Campinas, Instituto de Computação / Made available in DSpace on 2018-08-19T17:25:04Z (GMT). No. of bitstreams: 1 Froldi_CarlosAugusto_M.pdf: 543951 bytes, checksum: e4f64a2921c88fd1461445bd39a04278 (MD5) Previous issue date: 2011 / Resumo: Os protocolos da camada de transporte na Internet, TCP e UDP, não oferecem serviços para transmissão eficiente de fluxos multimídia, porém, este último é adotado com maior freqüência por essas aplicações. Uma proposta de um novo protocolo da camada de transporte, chamado DCCP, foi elaborada para atender a demanda das aplicações multimídia e substituir o protocolo UDP. A presente dissertação propõe uma variante deste protocolo, chamada Fast DCCP, para operar de maneira eficiente em redes de alta velocidade. A nova variante foi avaliada através de experimentos de simulação, utilizando o NS-2 e experimentos de medição, utilizando o sistema operacional Linux / Abstract: The Internet transport layer protocols, TCP and UDP, do not provide efficient transport service for multimedia streams. UDP is usually used for these applications, due to its low overhead. A new transport layer protocol, called DCCP, was proposed to meet the demand of multimedia applications, aiming at replacing the UDP protocol. This dissertation will propose a variant for this protocol, called Fast DCCP, for operating efficiently on high-speed networks. It was evaluated by simulation using the NS-2 network simulator and measurements of the FAST DCCP protocol operation in the Linux operating system / Mestrado / Ciência da Computação / Mestre em Ciência da Computação

Sistemas multimídia

DCCP (Protocolo de rede de computador)

Redes de alta velocidade

Protocolos de transporte

Redes de computadores

Multimedia systems

Datagram Congestion Control Protocol

High-speed networks

Transport protocols

Computer networks

Specification et implementation d'une architecture de signalisation a gestion automatique de la QdS dans un environnement IP multi domaines

AURIOL, Guillaume

16 November 2004

L'Internet du futur aura a transporter les donnees de nouvelles applications avec des garanties de qualite de service (QdS). De ce besoin resulte la necessite d'en re-concevoir l'architecture. Par ailleurs, la structure de l'Internet, compose de domaines independants vis a vis de la gestion de la QdS, pose le probleme de la continuite du service lors de la traversee de plusieurs domaines. Face a ces deux problematiques, la these soutenue est celle d'un systeme de communication offrant des garanties de QdS par flux applicatif dans un environnement Internet multi domaines. Son architecture integre un plan communication comportant plusieurs services/protocoles aux niveaux Transport et IP, et un plan signalisation assurant la gestion des ressources a la frontiere des domaines. Nos contributions sont les suivantes. Nous proposons un modele de caracterisation des services IP et Transport, etaye par : (1) des mesures realisees sur une plate forme nationale, (2) une etude en simulation (ns-2) et (3) des mesures realisees sur une plate-forme emulant (Dummynet) un Internet multi domaines. Nous etendons l'architecture de communication proposee dans des travaux anterieurs de facon a abstraire le niveau applicatif de la complexite du choix des services Transport et IP, et a optimiser l'utilisation des ressources du reseau. Nous specifions en UML et implementons en Java notre proposition d'architecture de signalisation permettant d'assurer la continuite du service offert aux applications sur tous les domaines traverses. Enfin, nous testons le systeme de communication avec deux types d'applications multimedias sur une plate-forme emulant le comportement de plusieurs domaines DiffServ.

DIFFServ

UML2

Qualite de service

Architectures

Internet multi domaines

Emulation (Dummynet)

Nouveaux protocoles de Transport

Plate-forme experimentale

Quality of service

Multi-domain Internet

New Transport protocols

Experiment platform

Key establishment : proofs and refutations

Choo, Kim-Kwang Raymond

January 2006

We study the problem of secure key establishment. We critically examine the security models of Bellare and Rogaway (1993) and Canetti and Krawczyk (2001) in the computational complexity approach, as these models are central in the understanding of the provable security paradigm. We show that the partnership definition used in the three-party key distribution (3PKD) protocol of Bellare and Rogaway (1995) is flawed, which invalidates the proof for the 3PKD protocol. We present an improved protocol with a new proof of security. We identify several variants of the key sharing requirement (i.e., two entities who have completed matching sessions, partners, are required to accept the same session key). We then present a brief discussion about the key sharing requirement. We identify several variants of the Bellare and Rogaway (1993) model. We present a comparative study of the relative strengths of security notions between the several variants of the Bellare-Rogaway model and the Canetti-Krawczyk model. In our comparative study, we reveal a drawback in the Bellare, Pointcheval, and Rogaway (2000) model with the protocol of Abdalla and Pointcheval (2005) as a case study. We prove a revised protocol of Boyd (1996) secure in the Bellare-Rogaway model. We then extend the model in order to allow more realistic adversary capabilities by incorporating the notion of resetting the long-term compromised key of some entity. This allows us to detect a known weakness of the protocol that cannot be captured in the original model. We also present an alternative protocol that is efficient in both messages and rounds. We prove the protocol secure in the extended model. We point out previously unknown flaws in several published protocols and a message authenticator of Bellare, Canetti, and Krawczyk (1998) by refuting claimed proofs of security. We also point out corresponding flaws in their existing proofs. We propose fixes to these protocols and their proofs. In some cases, we present new protocols with full proofs of security. We examine the role of session key construction in key establishment protocols, and demonstrate that a small change to the way that session keys are constructed can have significant benefits. Protocols that were proven secure in a restricted Bellare-Rogaway model can then be proven secure in the full model. We present a brief discussion on ways to construct session keys in key establishment protocols and also prove the protocol of Chen and Kudla (2003) secure in a less restrictive Bellare-Rogaway model. To complement the computational complexity approach, we provide a formal specification and machine analysis of the Bellare-Pointcheval-Rogaway model using an automated model checker, Simple Homomorphism Verification Tool (SHVT). We demonstrate that structural flaws in protocols can be revealed using our framework. We reveal previously unknown flaws in the unpublished preproceedings version of the protocol due to Jakobsson and Pointcheval (2001) and several published protocols with only heuristic security arguments. We conclude this thesis with a listing of some open problems that were encountered in the study.

authentication

communications security

computational complexity

computer

security

cryptographic protocols

cryptography

Diffie–Hellman-based protocols

formal methods

formal specification and verification

identity-based protocols

key agreement protocols

key distribution

key establishment protocols

key exchange protocols

key transport protocols

password-based protocols

proofs of security

provable security

provably-secure protocols

security proofs