Global ETD Search

131	Security for home, small & medium sized enterprises IPv6 networks : Security using simple network equipment Folke, Fredrik January 2012 (has links) This theses project investigates and presents different threats that a network can be exposed to and the common protection techniques that can be applied, with a focus on the network perimeter – specifically the router/firewall between the local area network and the Internet. All Internet connected devices and networks are exposed to and affected by security threats to some degree, hence security is important in almost every type of network. With the constant growth of the Internet the 32-bit addressing scheme ipv4 is proving to be inadequate, and therefore the transition to the 128-bit addressing scheme ipv6 is becoming critical. With ipv6 comes new security threats (while still old threats remain) that requires an understanding of perimeter security. In this thesis we secure a home router and describe these steps to enable home and small business owners to secure their IPv6 network at a relatively low cost. / Detta projekt kommer att undersöka och presentera olika hot som ett IPv6 nätverk kan utsättas för samt de vanligaste skydds mekanismer som används idag, med fokus på nätverkets skallskydd mellan det interna lokala nätet och det yttre publika Internet. I stort sätt all Internet ansluten utrustning och nätverk är exponerad och påverkad i någon grad av säkerhets brister, säkerhet är en viktig del i stort sätt alla nätverk oavsett syfte eller verksamhet. Genom ett ständigt växande Internet börjar de 32-bitar adresser tillhörande IPv4 nätet ta slut, vilket gör behovet av att immigrera till 128-bitar adresser på IPv6 nätet allt mer kritiskt. Med IPv6 kommer nya säkerhetshot, samt att även vissa äldre hot kvarstår, som kräver en förståelse av perimeter skydd. I denna rapport säkrar vi en hemma router och beskriver för varje steg tillvägagångssättet för att hem och små företagare ska få möjlighet att skydda sina IPv6 nätverk till en relativt låg kostnad. IPv6 security home networks small and medium sized enterprises Communication Systems Kommunikationssystem
132	Säker grannupptäck i IPv6 / Secure Neighbor Discovery in IPv6 Huss, Philip January 2011 (has links) The IPv6 protocol offers with some new functions, one of them is auto configuration. With auto configuration it is possible for nodes, i.e. hosts and routers, for automatically associated with IPv6 addresses without manual configuration. Auto configuration it is another protocol as it uses Neighbor Discovery protocol (ND) messages (ND is mandatory in the IPv6 stack). The main purpose of ND is that nodes can discover other nodes on the local link, perform address resolution, check that addresses are unique, and check the reachability with active nodes. There are exactly the same vulnerabilities of IPv6 as IPv4 and is now exception, ND if not properly secured. IPsec is a standard security mechanism for IPv6 but it does not solve the problem of secure auto configuration due the bootstrapping problem. Therefore the Internet Engineering Task Force (IETF) introduced Secure Neighbor Discovery (SEND). SEND is a mechanism for authentication, message protection, and router authentication. One important element of SEND is the use of Cryptographically Generated Address (CGA) an important mechanism to prove that the sender of the ND message is the actual owner of the address it claims NDprotector is an open-source implementation of SEND served as the basis for the analysis presented in this report. This implementation was evaluated in a small lab environment against some attacks in order to establish if it can defend itself from these attacks. / IPv6 protokollet kom det ett par nya funktioner där en av dem är autokonfiguration. Autokonfiguration gör det möjligt för noder, d.v.s. hostar och routrar för att automatiskt bli tilldelade IPv6 adresser manuell konfigurering. För att autokonfiguration ska fungera så används Neighbor Discovery (ND) meddelanden som är ett obligatoriskt protokoll i IPv6- stacken. ND har till huvudsaklig uppgift att noder kan upptäcka andra noder på den lokala länken, utföra adressöversättningar, kolltrollera så att adresser är unika samt kontrollera tillgängligheten hos aktiva noder. Precis som IPv4 så har IPv6 en hel del sårbarheter och med ND så är det inget undantag då det inte är säkrat. IPsec som är en den standard säkerhets mekanism till IPv6 löser inte problemet på grund av bootstrapping problemet. Det var därför Internet Engineering Task Force (IETF) introducerade Secure Neighbor Discovery (SEND). SEND är en mekanism för autentisering, meddelande skydd och router autentisering. En viktig del av SEND är Cryptographilcally Generated Address (CGA), en teknik som används för att försäkra sig så att det är den sändaren av ND meddelandet som är den riktiga ägaren av den hävdade adressen. NDprotector är en öppen källkods implementation av SEND som jag har valt att ha som grund för denna rapport. Jag kommer att sätta upp NDprotector i en liten labbmiljö där jag kommer att utföra olika attacker samt se efter om det klarar att försvara sig emot attackerna. IPV6 security Neighbor Discovery Secure Neighbor Discovery Cryptographically Generated Addresses Engineering and Technology Teknik och teknologier
133	Integration of UAVS with Real Time Operating Systems and Establishing a Secure Data Transmission Ravi, Niranjan 08 1900 (has links) Indiana University-Purdue University Indianapolis (IUPUI) / In today’s world, the applications of Unmanned Aerial Vehicle (UAV) systems are leaping by extending their scope from military applications on to commercial and medical sectors as well. Owing to this commercialization, the need to append external hardware with UAV systems becomes inevitable. This external hardware could aid in enabling wireless data transfer between the UAV system and remote Wireless Sensor Networks (WSN) using low powered architecture like Thread, BLE (Bluetooth Low Energy). The data is being transmitted from the flight controller to the ground control station using a MAVlink (Micro Air Vehicle Link) protocol. But this radio transmission method is not secure, which may lead to data leakage problems. The ideal aim of this research is to address the issues of integrating different hardware with the flight controller of the UAV system using a light-weight protocol called UAVCAN (Unmanned Aerial Vehicle Controller Area Network). This would result in reduced wiring and would harness the problem of integrating multiple systems to UAV. At the same time, data security is addressed by deploying an encryption chip into the UAV system to encrypt the data transfer using ECC (Elliptic curve cryptography) and transmitting it to cloud platforms instead of radio transmission. UAV Thread protocol Bluetooth communication MavLink Encryption algorithm C++ Internet of things Sensors IEEE 802.15.4 IPv6
134	Performance Evaluation of TCP Multihoming for IPV6 Anycast Networks and Proxy Placement Alsharfa, Raya 01 January 2015 (has links) In this thesis, the impact of multihomed clients and multihomed proxy servers on the performance of modern networks is investigated. The network model used in our investigation integrates three main components: the new one-to-any Anycast communication paradigm that facilitates server replication, the next generation Internet Protocol Version 6 (IPv6) that offers larger address space for packet switched networks, and the emerging multihoming trend of connecting devices and smart phones to more than one Internet service provider thereby acquiring more than one IP address. The design of a previously proposed Proxy IP Anycast service is modified to integrate user device multihoming and Ipv6 routing. The impact of user device multihoming (single-homed, dual-homed, and triple-homed) on network performance is extensively analyzed using realistic network topologies and different traffic scenarios of client-server TCP flows. Network throughput, packet latency delay and packet loss rate are the three performance metrics used in our analysis. Performance comparisons between the Anycast Proxy service and the native IP Anycast protocol are presented. The number of Anycast proxy servers and their placement are studied. Five placement methods have been implemented and evaluated including random placement, highest traffic placement, highest number of active interface placements, K-DS placement and a new hybrid placement method. The work presented in this thesis provides new insight into the performance of some new emerging communication paradigms and how to improve their design. Although the work has been limited to investigating Anycast proxy servers, the results can be beneficial and applicable to other types of overlay proxy services such as multicast proxies. Anycast network multihoming ipv6 proxy (pias) native anycast Electrical and Computer Engineering Electrical and Electronics Engineering
135	Säkerhetsgranskning av DMZ-kraven för CGI:s Digital Portal Nikitin, Evgenii, Fernström, Cornelis January 2024 (has links) Internet är idag en enorm samling av information och möjligheter, där webbservrar bland annat finns placerade för att tillgängliggöra olika webbtjänster. Inom detta arbete har vi i samband med det internationella IT-företaget CGI utfört en analys på säkerhetsaspekter kring webbtjänsten Digital Portal (en självbetjäningsportal) som CGI byggde för att erbjuda tjänster till sina kunder. Denna analys fokuserar framför allt på den DMZ som portalen utnyttjar, vilket innebär säkerhetskrav, brister och risker hos uppställningen och till sist olika bekämpningsmetoder och åtgärder för dessa brister och risker. Vi utforskade frågor angående hur kraven uppfylls, vilka brister och åtgärder som finns i uppställningen. Eftersom CGI:s DMZ huvudsakligen bygger på IPv4 har vi i denna rapport även analyserat styrkor och svagheter för rent IPv6-baserade DMZ-uppställningar. Inom detta arbete har vi studerat litteratur som behandlar säkerheten hos DMZ. Vi har analyserat de krav CGI ställer på sin egen DMZ för en självbetjäningsportal, där vi med det som referens utforskat risker och brister hos DMZ-uppställningar. Med hjälp av intervjuer av personal hos CGI har vi även fått direkt tillgång till tankar och detaljer som inte visar sig i dokumentationen, där vi kan få ett direkt intryck till motivationen vid utvecklingen av denna DMZ. Med denna metod har vi kunnat visa att alla de utforskade kraven uppfylls. Utöver detta har vi identifierat potentiella risker angående fildelning där endast filändelsen granskas vid färd till DMZ, samt filskanning som endast sker vid anländande till server. Vi har även kommit fram till att SSO kan ha bristfälligt skydd mot phishing- och DoS-attacker. CGI DMZ Demilitariserad zon Nätverkssäkerhet Nätverkskommunikation Datakommunikation IPv4/IPv6 SSO Communication Systems Kommunikationssystem
136	Cybersecurity for the Internet of Things: A Micro Moving Target IPv6 Defense Zeitz, Kimberly Ann 04 September 2019 (has links) As the use of low-power and low-resource embedded devices continues to increase dramatically with the introduction of new Internet of Things (IoT) devices, security techniques are necessary which are compatible with these devices. This research advances the knowledge in the area of cybersecurity for the IoT through the exploration of a moving target defense to apply for limiting the time attackers may conduct reconnaissance on embedded systems while considering the challenges presented from IoT devices such as resource and performance constraints. We introduce the design and optimizations for µMT6D, a Micro-Moving Target IPv6 Defense, including a description of the modes of operation and use of lightweight hash algorithms. Through simulations and experiments µMT6D is shown to be viable for use on low power and low resource embedded devices in terms of footprint, power consumption, and energy consumption increases in comparison to the given security benefits. Finally, this provides information on other future considerations and possible avenues of further experimentation and research. / Doctor of Philosophy / This research aims to advance knowledge in the area of cybersecurity for the Internet of Things through the exploration and validation of a moving target defense to apply for limiting the time attackers may conduct reconnaissance on low powered embedded system devices considering the challenges presented from IoT devices such as resource and performance constraints. When an attack is carried out against a network, reconnaissance is utilized to identify the target machine or device. Limiting the time for reconnaissance, therefore has a direct impact on the ability of an adversary to carry out an attack. Many of the security techniques utilized today do not fit the IoT constraints. Research in this area is just beginning and security is often not considered. Sensors collecting and sending information can be compromised both through the network and access to the physical devices. How can these devices securely send information? How can these devices withstand attacks aiming to stop their functionality or to gain information? There are many aspects which need to be investigated to understand security vulnerabilities and potential defenses. As our technologies evolve our security defenses need to evolve as well. My research aims to further the understanding of the security of the IoT devices which have quickly become pervasive in our society. This research will expand the knowledge of the ability to safe guard connected devices from cyber-attacks and provide insight into the space and performance requirements of a technique previously only used on large scale systems. By designing, implementing experimental prototypes, and conducting simulations and experiments this research assesses the viable use of a Micro Moving Target IPv6 Defense (µMT6D). Internet of Things IPv6 Security Embedded Systems Moving Target Defense Wireless Sensor Networks
137	An?lise de campo do desempenho de acessos Web em IPv6. Pirani, Deivis Fernandes 07 February 2014 (has links) Made available in DSpace on 2016-04-04T18:31:39Z (GMT). No. of bitstreams: 1 Deivis Fernandes Pirani.pdf: 1504986 bytes, checksum: e4989c06d3fc9c76df085862e18609d0 (MD5) Previous issue date: 2014-02-07 / This paper shows a field-trial investigation comparing the use of IPv4 and IPv6 protocols on web pages access considering the real user perspective and the transition period from IPv4 to IPv6. To perform this study, it was developed a testbed in which three adressing configurations of Internet Protocol, IPv4, IPv6, and Duas Stack (IPv4+IPv6), were used to access the top 100 world most visited web pages with an IPv6 enabled address. In addiction, several software tools were developed, that enabled more than 600 simultaneous accesses between IPv4, IPv6 and Dual Stack, to each of these pages. Those accesses were performed every hour during the period of a month, enabling to obtain more than 20 GB of information on the web access. Results showed that lower loading times obtained by IPv6 and Dual Stack are related to the partial acquisition of the content. In fact, for IPv6, the number of web pages with faster loading times goes from 57 to 20% when the average number of bytes obtained by IPv6 and the IPv4 is similar. For Dual Stack the number goes from 25 to 5% given the same conditions. It was also noted that 18 of the 100 pages which were considered, no content would be presented to the user in more than 50% of the performed accesses. Regarding the preference for IPv6 instead of IPv4, on Dual Stack it was observed that 90% of the acquired content for 27 of 100 web pages was made by IPv6. / Este trabalho apresenta um estudo de campo, comparativo, sobre a utiliza??o dos protocolos IPv4 e IPv6 no acesso a p?ginas web. Foi considerada a perspectiva de um usu?rio real deste tipo de servi?o, no atual per?odo de transi??o do IPv4 para o IPv6. Para que tal estudo pudesse ser realizado, foi desenvolvido um arranjo no qual tr?s configura??es de endere?amento do Protocolo de Internet, IPv4, IPv6 e Pilha Dupla (IPv4+IPv6), foram utilizadas nos acessos ?s 100 p?ginas web, com suporte ao I v6, mundialmente mais visitadas. Al?m disso, foram desenvolvidas uma s?rie de shell scripts que possibilitaram mais de 600 acessos simult?neos do IPv4, IPv6 e Pilha Dupla, a cada uma dessas p?ginas. Tais acessos foram executados de hora em hora, durante o per?odo de um m?s, possibilitando a obten??o de mais de 20 GB de informa??es relativas ao acesso web. Os resultados do estudo mostraram que os tempos de carregamento menores obtidos pelo IPv6 e pela Pilha Dupla, est?o relacionados com a aquisi??o parcial do conte?do. De fato, para o IPv6, o n?mero de p?ginas web com tempos de carregamento menores diminui de 57 para 20% quando a m?dia do n?mero de bytes obtidos pelo IPv6 e pelo IPv4 ? similar. Para a Pilha Dupla, dadas as mesmas condi??es, o n?mero diminui de 25 para 5%. Tamb?m foi observado que para 18 das 100 p?ginas web consideradas, nenhum conte?do foi apresentado ao usu?rio em mais de 50% dos acessos efetuados. Com rela??o ? prefer?ncia pelo IPv6 ao IPv4, na Pilha Dupla, observou-se que 90% da aquisi??o do conte?do, de 27 das 100 p?ginas web, ocorreu pelo IPv6. IPv6 pilha dupla acesso Web P?ginas Web Perspectiva do Usu?rio Usu?rio final An?lise de Campo Happy Eyeballs IPv6 Dual Stack Web Access Web Pages User Perspective End User Field-trial Happy Eyeballs
138	Fünfter Deutscher IPv6 Gipfel 2012 January 2013 (has links) Am 29. und 30. November 2012 fand am Hasso-Plattner-Institut für Softwaresystemtechnik GmbH in Potsdam der 5. Deutsche IPv6 Gipfel 2012 statt, als dessen Dokumentation der vorliegende technische Report dient. Wie mit den vorhergegangenen nationalen IPv6 Gipfeln verfolgte der Deutsche IPv6-Rat auch mit dem 5. Gipfel, der unter dem Motto „IPv6- der Wachstumstreiber für die Deutsche Wirtschaft” stand, das Ziel, Einblicke in aktuelle Entwicklungen rund um den Einsatz von IPv6 zu geben. Unter anderem wurden die Vorzüge des neue Internetstandards IPv6 vorgestellt und über die Anwendung von IPv6 auf dem Massenmarkt, sowie den Einsatz von IPv6 in Unternehmen und in der öffentlichen Verwaltung referiert. Weitere Themen des Gipfels bezogen sich auf Aktionen und Bedingungen in Unternehmen und Privathaushalten, die für den Umstieg auf IPv6 notwendig sind und welche Erfahrungen dabei bereits gesammelt werden konnten. Neben Vorträgen des Bundesbeauftragten für Datenschutz Peter Schaar und des Geschäftsführers der Technik Telekom Deutschland GmbH, Bruno Jacobfeuerborn, wurden weiteren Beiträge hochrangiger Vertretern aus Politik, Wissenschaft und Wirtschaft präsentiert, die in diesem technischen Bericht zusammengestellt sind. / The 5th German IPv6 Summit took place at the Hasso Plattner Institute for Software System Engineering in Potsdam at November 29-30, 2012. This technical report is summarizing the talks and presentations and serves as a documentation of the summit. Like with previous IPv6 summits, the goal of this summit was to present current developments concerning the implementation of the new IPv6 technology from political and economic perspectives, as well as from a technological point of view. According to the motto "IPv6- der Wachstumstreiber für die Deutsche Wirtschaft", the advantages of the new Internet standards have been presented. Furthermore the application of IPv6 in industry, politics and administration has been discussed. The actions and procedures have been identified, which have to be applied for the change to IPv6 in industry and private households and gained experiences have been discussed. Besides presentations of the Federal Commissioner for Data Protection, Peter Schaar and Bruno Jacob Feuerborn, CTO at Deutsche Telekom, the summit was complemented by talks and presentations of high-ranking representatives from industry, government, and research. Internet IPv6 IPv4 Internet Protocol Internet Service Provider Infrastruktur Computernetzwerke Netzpolitik Konferenz Datenschutz Internet IPv6 IPv4 Internet Protocol Computer Networks Network Politics conference Data processing Computer science
139	Vierter Deutscher IPv6 Gipfel 2011 January 2012 (has links) Am 1. und 2. Dezember 2011 fand am Hasso-Plattner-Institut für Softwaresystemtechnik GmbH in Potsdam der 4. Deutsche IPv6 Gipfel 2011 statt, dessen Dokumentation der vorliegende technische Report dient. Wie mit den vorhergegangenen nationalen IPv6-Gipfeln verfolgte der Deutsche IPv6-Rat auch mit dem 4. Gipfel, der unter dem Motto „Online on the Road - Der neue Standard IPv6 als Treiber der mobilen Kommunikation” stand, das Ziel, Einblicke in aktuelle Entwicklungen rund um den Einsatz von IPv6 diesmal mit einem Fokus auf die automobile Vernetzung zu geben. Gleichzeitig wurde betont, den effizienten und flächendeckenden Umstieg auf IPv6 voranzutreiben, Erfahrungen mit dem Umstieg auf und dem Einsatz von IPv6 auszutauschen, Wirtschaft und öffentliche Verwaltung zu ermutigen und motivieren, IPv6-basierte Lösungen einzusetzen und das öffentliche Problembewusstsein für die Notwendigkeit des Umstiegs auf IPv6 zu erhöhen. Ehrengast war in diesem Jahr die EU-Kommissarin für die Digitale Agenda, Neelie Kroes deren Vortrag von weiteren Beiträgen hochrangiger Vertretern aus Politik, Wissenschaft und Wirtschaft ergänzt wurde. / This technical report is summarizing the talks and presentations of the 4th German IPv6 Summit 2011 at the Hasso Plattner Institute for Software System Engineering in Potsdam on December 1./2. 2011. The goal of this summit was to present current developments concerning the implementation of the new IPv6 technology from political and economic perspectives, as well as from a technological point of view. According to the motto 'Online on the Road - The New Technology Standard IPv6 as Driving Force for Mobile Communications" this year's focus was on automobile networking and communication. This year's guest of honor was EU commissioner for Digital Agenda Neelie Kroes. Besides her, the conference was complemented by talks and presentations of high-ranking representatives from industry, government, and research. IPv6 IPv4 Internet Protocol Internet Service Provider Infrastruktur Computernetzwerke Netzpolitik Datenschutz Netzneutralität IPv6 IPv4 Internet Protocol Internet Service Provider Infrastructure Computer Networks Network Politics conference data security Data processing Computer science
140	Akviziční jednotka pro zabezpečovací techniku / Acquisition Unit for Security System Pejchal, Luboš January 2012 (has links) Project is focused to development of security unit for security of homes, flats and other similar spaces against intruders (thieves). Design is focused to solution of hardware and firmware for security units and their control software for PC. Hardware design solve supply over ethernet PoE, backup of supply, connection securities sensors to security unit. Firmware prevents failure of units and it is communicating with sensors and PC. Software in PC provides settings of security units, deactivating of alarm and measure temperature by security unit.

Search results