Moving Target Defense for IP-based Control

Size: px
Start display at page:

Download "Moving Target Defense for IP-based Control"

Transcription

1 Moving Target Defense for IP-based Control Vahid Heydari University of Alabama in Huntsville

2 Outline IP-based Control Remote attacks and zero-day vulnerability Moving target defense Related work Mobile IPv6 and route optimization MTM6D Implementation of MTM6D

3 Why use IP for Remote Control? Faster communication Scalability Large number of off-the-shelf test and simulation applications Remote connection capability through satellites using the Internet

4 IP-based Control

5 Boeing Uninterruptible Autopilot Take control of an aircraft away from the pilot or flight crew in the event of a hijacking through wireless connection between the aircraft and a ground station. prevent tragic events such as the 9/11 attack, the Malaysia Airlines flight 370 crash, or the Germanwings flight 9525 crash. Problem: The technology would allow cyberterrorists to hack into an airliner s controls.

6 Remote Attacks Attack from unlimited distance Two main categories: Denial-of-Service (DoS) attacks Remote exploits Take advantage of a bug or vulnerability Countermeasure IPsec Intrusion Detection and Prevention Systems (IDPS) Firewall Vulnerability scanner (Nessus) Penetration testing (Metasploit)

7 Zero-Day Vulnerability Undisclosed and uncorrected computer application vulnerability that could be exploited. Zero-day exploits can defeat the best firewalls and IDPSs. Knowing the IP address of a victim is enough to attack.

8 Moving Target Defense The first step of cyber-attacks: finding information about attack surface IP scanning, port scanning, etc. Solution: changing randomly some of the features of the attack surface Static IP addresses: Easily discoverable Long time access A mechanism to change the IP addresses randomly and dynamically is Moving Target Defense (MTD)

9 MT6D (Related Work) Proactive network layer MTD Rapidly changes IPv6 mid-session without dropping sessions. Peers use the same algorithm with pre-shared symmetric key Generate a random IPv6 per each time interval based on the MAC address as input. Use the peer s MAC address as input to find the peer s IP during the current time interval. Encapsulated by UDP

10 Limitations of MT6D Possibility of packet loss because of address collision For example lack of access to an aircraft, that is in uninterruptible autopilot, during 10 seconds could make a disaster. Key management limitation Relatively tight time synchronization is needed Static address rotation interval

11 Our Approach Static IP is needed to be transparent to the upper layers. Should not be accessible through the Internet. Dynamic IP is needed for connecting to other nodes. Changing the dynamic IP should not cause any delay or packet loss in the network. A mechanism is needed to update peer nodes with the new IP. Add capability of having dynamic address rotation interval. Combination of standard protocols should be used instead of creating a new protocol because: New protocol can add new vulnerabilities to the system. New protocols may have security or scalability problems. Avoid adding new requirements like time synchronization.

12 Mobile IPv6 Overview (RFC 6275) Mobile Node (MN) Home Agent (HA): Acts on behalf of MN (like a proxy) Home address (HoA): Permanent IP of MN typically attached to the HA Care-of-address (CoA): Actual IP that MN uses while in a foreign network Corresponding Node (CN): A node that MN is communicating with Binding Update (BU) message: Updating the HA and correspondent nodes with MN s current CoA Image source: Q. Li, T. Jinmei and K. Shima, IPv6 advanced protocols implementation. Amsterdam: Elsevier/Morgan Kaufmann Publishers, 2007.

13 Route Optimization (RFC 6275) Routing packets between a MN and a CN using the shortest possible path Return routability procedure Home Test: Verify the "right" of the MN to use a specific HoA Care-of Test: Verify the validity of the claimed CoA Image source: Q. Li, T. Jinmei and K. Shima, IPv6 advanced protocols implementation. Amsterdam: Elsevier/Morgan Kaufmann Publishers, 2007.

14 Route Optimization (RFC 4449) Static shared key method Uses a shared symmetric key to omit all messages relating to the return routability tests. Pros: HA is not needed in this process. Low signaling overhead for route optimization. Cons: The CN should have a good reason to trust the actions of the MN. (trust the peer or use Care-of Test) Shared symmetric keys between a MN and each CN are needed. (solved by IPsec + IKEv2) Cannot resist against replay attacks. (solved by IPsec + IKEv2)

15 Moving Target Mobile IPv6 Defense (MTM6D) Use a permanent IP (HoA) to avoid disrupting TCP sessions and a temporary IP for connecting to other nodes (CoA) as explained in Mobile IPv6. Each peer acts like a mobile node of Mobile IPv6. MTM6D dynamically changes the CoA for moving targets. Permanent home address is not accessible through the Internet because we do not have any HA in the network.

16 IP Address Rotator Script Randomly generate a new IP address as the CoA of the MN. Create a random 64 bits address Combine it with the highest significant 64 bits of current CoA to generate the new CoA. This new CoA is checked to be unoccupied by sending a neighbor solicitation message before registering it. Regenerate a new CoA if address collision is occurred. Remove the previous CoA after registering the new CoA. According to the Mobile IPv6, each MN will send the BU message to another MN to inform it of its new CoA.

17 Peer-to-Peer Lossless MTM6D Dynamic IPs on both peers (MN-to-MN communication). Send Binding Updates directly to the peer node s CoA. Solution for IP-based control: Dynamic IPs on both peers Zero packet loss by Multiple CoAs Security by IPsec

18 Implementation

19 Implementation (cont d)

20 Conclusion A novel mobile IPv6 based moving target defense strategy is designed to continuously change IP addresses such that attackers are difficult to find them. Zero extra network delay Zero packet loss Overhead: Signaling overhead: Each round of changing IP needs two message transmissions at each MN (BU and BA messages) with each being 158 bytes (using IPsec). Transmission overhead: For each data packet, we have 24 bytes of overhead due to the use of IPsec (ESP).

21 References P. K. Manadhata and J. M. Wing, An Attack Surface Metric, IEEE Trans. Softw. Eng., vol. 37, no. 3, pp , May 2011 M. Dunlop, S. Groat, W. Urbanski, R. Marchany, and J. Tront, MT6D: A Moving Target IPv6 Defense, in Proceedings of Military Communications Conference - MILCOM 2011, 2011, pp E. D. Brown, D. C. Cameron, K. R. Krothapalli, W. v. K. Jr, and T. M. Williams, System and method for automatically controlling a path of travel of a vehicle, U.S. Patent US B2, Nov., 2006, [Online]. Available: V. Heydari and S.M. Yoo. Securing Critical Infrastructure by Moving Target Defense. 11 th International Conference on Cyber Warfare and Security, (ICCWS 2016). V. Heydari, S. Kim, and S.M. Yoo. Anti-Censorship Framework using Mobile IPv6 based Moving Target Defense. In Proceedings of ACM 11 th Annual Cyber and Information Security Research, (CISR 2016). V. Heydari, S. Kim, and S.M. Yoo. Secure VPN using Mobile IPv6 based Moving Target Defense. Submitted to IEEE GLOBECOM V. Heydari and S.M. Yoo. Preventing Remote Cyber Attacks against Aircraft Avionics Systems. Submitted to IEEE MILCOM 2016.

22 Thank you! QUESTIONS?

REDUCING PACKET OVERHEAD IN MOBILE IPV6

REDUCING PACKET OVERHEAD IN MOBILE IPV6 REDUCING PACKET OVERHEAD IN MOBILE IPV6 ABSTRACT Hooshiar Zolfagharnasab 1 1 Department of Computer Engineering, University of Isfahan, Isfahan, Iran hoppico@eng.ui.ac.ir hozo19@gmail.com Common Mobile

More information

5.0 Network Architecture. 5.1 Internet vs. Intranet 5.2 NAT 5.3 Mobile Network

5.0 Network Architecture. 5.1 Internet vs. Intranet 5.2 NAT 5.3 Mobile Network 5.0 Network Architecture 5.1 Internet vs. Intranet 5.2 NAT 5.3 Mobile Network 1 5.1The Internet Worldwide connectivity ISPs connect private and business users Private: mostly dial-up connections Business:

More information

VPN. Date: 4/15/2004 By: Heena Patel Email:hpatel4@stevens-tech.edu

VPN. Date: 4/15/2004 By: Heena Patel Email:hpatel4@stevens-tech.edu VPN Date: 4/15/2004 By: Heena Patel Email:hpatel4@stevens-tech.edu What is VPN? A VPN (virtual private network) is a private data network that uses public telecommunicating infrastructure (Internet), maintaining

More information

Mobile Internet Protocol v6 MIPv6

Mobile Internet Protocol v6 MIPv6 Mobile Internet Protocol v6 MIPv6 A brief introduction Holger.Zuleger@hznet.de 13-dec-2005 Holger Zuleger 1/15 > c Defined by MIPv6 RFC3775: Mobility Support in IPv6 (June 2004) RFC3776: Using IPsec to

More information

Early Binding Updates for Mobile IPv6

Early Binding Updates for Mobile IPv6 Early Binding Updates for Mobile IPv6 Christian Vogt, chvogt@tm.uka.de Roland Bless, bless@tm.uka.de Mark Doll, doll@tm.uka.de Tobias Küfner, kuefner@tm.uka.de IEEE Wireless and Communications and Networking

More information

MPLS VPN in Cellular Mobile IPv6 Architectures(04##017)

MPLS VPN in Cellular Mobile IPv6 Architectures(04##017) MPLS VPN in Cellular Mobile IPv6 Architectures(04##017) Yao-Chung Chang, Han-Chieh Chao, K.M. Liu and T. G. Tsuei* Department of Electrical Engineering, National Dong Hwa University Hualien, Taiwan, Republic

More information

Mobile IP Part I: IPv4

Mobile IP Part I: IPv4 Mobile IP Part I: IPv4 Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu These slides are available on-line at: http://www.cse.wustl.edu/~jain/cse574-06/ 12-1 q Mobile

More information

Introducing Reliability and Load Balancing in Mobile IPv6 based Networks

Introducing Reliability and Load Balancing in Mobile IPv6 based Networks Introducing Reliability and Load Balancing in Mobile IPv6 based Networks Jahanzeb Faizan Southern Methodist University Dallas, TX, USA jfaizan@engr.smu.edu Hesham El-Rewini Southern Methodist University

More information

Introduction to Mobile IPv6

Introduction to Mobile IPv6 1 Introduction to Mobile IPv6 III IPv6 Global Summit Moscow Dr. Dimitrios Kalogeras dkalo@grnet.gr GRNET Outline Introduction Relevant Features of IPv6 Major Differences between MIPv4 and MIPv6 Mobile

More information

Príprava štúdia matematiky a informatiky na FMFI UK v anglickom jazyku

Príprava štúdia matematiky a informatiky na FMFI UK v anglickom jazyku Univerzita Komenského v Bratislave Fakulta matematiky, fyziky a informatiky Príprava štúdia matematiky a informatiky na FMFI UK v anglickom jazyku ITMS: 26140230008 dopytovo orientovaný projekt Moderné

More information

An Active Network Based Hierarchical Mobile Internet Protocol Version 6 Framework

An Active Network Based Hierarchical Mobile Internet Protocol Version 6 Framework An Active Network Based Hierarchical Mobile Internet Protocol Version 6 Framework Zutao Zhu Zhenjun Li YunYong Duan Department of Business Support Department of Computer Science Department of Business

More information

APNIC elearning: IPSec Basics. Contact: training@apnic.net. esec03_v1.0

APNIC elearning: IPSec Basics. Contact: training@apnic.net. esec03_v1.0 APNIC elearning: IPSec Basics Contact: training@apnic.net esec03_v1.0 Overview Virtual Private Networks What is IPsec? Benefits of IPsec Tunnel and Transport Mode IPsec Architecture Security Associations

More information

SERVICE DISCOVERY AND MOBILITY MANAGEMENT

SERVICE DISCOVERY AND MOBILITY MANAGEMENT Objectives: 1) Understanding some popular service discovery protocols 2) Understanding mobility management in WLAN and cellular networks Readings: 1. Fundamentals of Mobile and Pervasive Computing (chapt7)

More information

Mobile Routing. When a host moves, its point of attachment in the network changes. This is called a handoff.

Mobile Routing. When a host moves, its point of attachment in the network changes. This is called a handoff. Mobile Routing Basic Notions of Mobility When a host moves, its point of attachment in the changes. This is called a handoff. The point of attachment is a base station (BS) for cellular, or an access point

More information

Chapter 9. IP Secure

Chapter 9. IP Secure Chapter 9 IP Secure 1 Network architecture is usually explained as a stack of different layers. Figure 1 explains the OSI (Open System Interconnect) model stack and IP (Internet Protocol) model stack.

More information

Internet Architecture for Robust Mobility. Sangheon Pack (백상헌) Korea University shpack@korea.ac.kr

Internet Architecture for Robust Mobility. Sangheon Pack (백상헌) Korea University shpack@korea.ac.kr Internet Architecture for Robust Mobility Sangheon Pack (백상헌) Korea University shpack@korea.ac.kr Contents Introduction IETF Activity Home Agent Reliability Protocol P2P-based Approaches ROAM and SAMP

More information

Keywords: VoIP, Mobile convergence, NGN networks

Keywords: VoIP, Mobile convergence, NGN networks VoIP Mobility Issues Gábor Bányász, Renáta Iváncsy Department of Automation and Applied Informatics and HAS-BUTE Control Research Group Budapest University of Technology and Economics Goldmann Gy. tér

More information

Security of IPv6 and DNSSEC for penetration testers

Security of IPv6 and DNSSEC for penetration testers Security of IPv6 and DNSSEC for penetration testers Vesselin Hadjitodorov Master education System and Network Engineering June 30, 2011 Agenda Introduction DNSSEC security IPv6 security Conclusion Questions

More information

Mobility Management 嚴 力 行 高 雄 大 學 資 工 系

Mobility Management 嚴 力 行 高 雄 大 學 資 工 系 Mobility Management 嚴 力 行 高 雄 大 學 資 工 系 Mobility Management in Cellular Systems Cellular System HLR PSTN MSC MSC VLR BSC BSC BSC cell BTS BTS BTS BTS MT BTS BTS BTS BTS HLR and VLR HLR (Home Location Register)

More information

13 Virtual Private Networks 13.1 Point-to-Point Protocol (PPP) 13.2 Layer 2/3/4 VPNs 13.3 Multi-Protocol Label Switching 13.4 IPsec Transport Mode

13 Virtual Private Networks 13.1 Point-to-Point Protocol (PPP) 13.2 Layer 2/3/4 VPNs 13.3 Multi-Protocol Label Switching 13.4 IPsec Transport Mode 13 Virtual Private Networks 13.1 Point-to-Point Protocol (PPP) PPP-based remote access using dial-in PPP encryption control protocol (ECP) PPP extensible authentication protocol (EAP) 13.2 Layer 2/3/4

More information

6 Mobility Management

6 Mobility Management Politecnico di Milano Facoltà di Ingegneria dell Informazione 6 Mobility Management Reti Mobili Distribuite Prof. Antonio Capone Introduction Mobility management allows a terminal to change its point of

More information

IPv6 SECURITY. May 2011. The Government of the Hong Kong Special Administrative Region

IPv6 SECURITY. May 2011. The Government of the Hong Kong Special Administrative Region IPv6 SECURITY May 2011 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without the express

More information

Early Binding Updates and Credit-Based Authorization A Status Update

Early Binding Updates and Credit-Based Authorization A Status Update Status update New drafts Implementation Experimentation results Early Binding Updates and Credit-Based Authorization A Status Update Why Do We Need Enhancement? Mobile IPv6 Route Optimization uses return-routability

More information

Performance Evaluation of a QoS-Aware Handover Mechanism

Performance Evaluation of a QoS-Aware Handover Mechanism Performance Evaluation of a QoS-Aware Handover Mechanism 1.Introduction Background Requirements in mobile communication Seamless mobility support Guarantee certain levels of QoS Mobile communications over

More information

SHISA: The IPv6 Mobility Framework for BSD Operating Systems

SHISA: The IPv6 Mobility Framework for BSD Operating Systems SHISA: The IPv6 Mobility Framework for BSD Operating Systems Keiichi Shima Internet Initiative Japan Inc. Ryuji Wakikawa, Koshiro Mitsuya, Keisuke Uehara Keio University Tsuyoshi Momose NEC Corporation

More information

Network Security Administrator

Network Security Administrator Network Security Administrator Course ID ECC600 Course Description This course looks at the network security in defensive view. The ENSA program is designed to provide fundamental skills needed to analyze

More information

Enhancing network security with SDN

Enhancing network security with SDN 11.4.2014 Overview Security in Traditional Networks SDN Security Solutions Ethane OpenFlow Random Host Mutation Security of SDN Potential Threats Possible Solutions Enterprise and Campus Networks Networks

More information

Network Security Part II: Standards

Network Security Part II: Standards Network Security Part II: Standards Raj Jain Washington University Saint Louis, MO 63131 Jain@cse.wustl.edu These slides are available on-line at: http://www.cse.wustl.edu/~jain/cse473-05/ 18-1 Overview

More information

Boosting mobility performance with Multi-Path TCP

Boosting mobility performance with Multi-Path TCP Boosting mobility performance with Multi-Path TCP Name SURNAME 1, Name SURNAME 2 1 Organisation, Address, City, Postcode, Country Tel: +countrycode localcode number, Fax: + countrycode localcode number,

More information

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003 http://technet.microsoft.com/en-us/library/cc757501(ws.10).aspx Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003 Updated: October 7, 2005 Applies To: Windows Server 2003 with

More information

21.4 Network Address Translation (NAT) 21.4.1 NAT concept

21.4 Network Address Translation (NAT) 21.4.1 NAT concept 21.4 Network Address Translation (NAT) This section explains Network Address Translation (NAT). NAT is also known as IP masquerading. It provides a mapping between internal IP addresses and officially

More information

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks

More information

SECURE DATA TRANSMISSION USING INDISCRIMINATE DATA PATHS FOR STAGNANT DESTINATION IN MANET

SECURE DATA TRANSMISSION USING INDISCRIMINATE DATA PATHS FOR STAGNANT DESTINATION IN MANET SECURE DATA TRANSMISSION USING INDISCRIMINATE DATA PATHS FOR STAGNANT DESTINATION IN MANET MR. ARVIND P. PANDE 1, PROF. UTTAM A. PATIL 2, PROF. B.S PATIL 3 Dept. Of Electronics Textile and Engineering

More information

Mobility Management Advanced

Mobility Management Advanced Mobility Management Advanced Summer Semester 2011 Integrated Communication Systems Group Ilmenau University of Technology Outline Motivation Mobility Management Approaches in the TCP/IP Reference Model

More information

Entropy-Based Collaborative Detection of DDoS Attacks on Community Networks

Entropy-Based Collaborative Detection of DDoS Attacks on Community Networks Entropy-Based Collaborative Detection of DDoS Attacks on Community Networks Krishnamoorthy.D 1, Dr.S.Thirunirai Senthil, Ph.D 2 1 PG student of M.Tech Computer Science and Engineering, PRIST University,

More information

Behavior Analysis of TCP Traffic in Mobile Ad Hoc Network using Reactive Routing Protocols

Behavior Analysis of TCP Traffic in Mobile Ad Hoc Network using Reactive Routing Protocols Behavior Analysis of TCP Traffic in Mobile Ad Hoc Network using Reactive Routing Protocols Purvi N. Ramanuj Department of Computer Engineering L.D. College of Engineering Ahmedabad Hiteishi M. Diwanji

More information

G.Vijaya kumar et al, Int. J. Comp. Tech. Appl., Vol 2 (5), 1413-1418

G.Vijaya kumar et al, Int. J. Comp. Tech. Appl., Vol 2 (5), 1413-1418 An Analytical Model to evaluate the Approaches of Mobility Management 1 G.Vijaya Kumar, *2 A.Lakshman Rao *1 M.Tech (CSE Student), Pragati Engineering College, Kakinada, India. Vijay9908914010@gmail.com

More information

Outline. CSc 466/566. Computer Security. 18 : Network Security Introduction. Network Topology. Network Topology. Christian Collberg

Outline. CSc 466/566. Computer Security. 18 : Network Security Introduction. Network Topology. Network Topology. Christian Collberg Outline Network Topology CSc 466/566 Computer Security 18 : Network Security Introduction Version: 2012/05/03 13:59:29 Department of Computer Science University of Arizona collberg@gmail.com Copyright

More information

Protocol Security Where?

Protocol Security Where? IPsec: AH and ESP 1 Protocol Security Where? Application layer: (+) easy access to user credentials, extend without waiting for OS vendor, understand data; (-) design again and again; e.g., PGP, ssh, Kerberos

More information

IT 3202 Internet Working (New)

IT 3202 Internet Working (New) [All Rights Reserved] SLIATE SRI LANKA INSTITUTE OF ADVANCED TECHNOLOGICAL EDUCATION (Established in the Ministry of Higher Education, vide in Act No. 29 of 1995) Instructions for Candidates: Answer any

More information

Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)

Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits) Page 1 of 6 Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits) TNCC Cybersecurity Program web page: http://tncc.edu/programs/cyber-security Course Description: Encompasses

More information

Mobility on IPv6 Networks

Mobility on IPv6 Networks Mobility on IPv6 Networks Pedro M. Ruiz Project Manager Agora Systems S.A. Global IPv6 Summit Madrid 13-15 March 2002 Pedro M. Ruiz (c) Agora Systems S.A, 2002 1 Outline Motivation MIPv6 architecture MIPv6

More information

IP Security. IPSec, PPTP, OpenVPN. Pawel Cieplinski, AkademiaWIFI.pl. MUM Wroclaw

IP Security. IPSec, PPTP, OpenVPN. Pawel Cieplinski, AkademiaWIFI.pl. MUM Wroclaw IP Security IPSec, PPTP, OpenVPN Pawel Cieplinski, AkademiaWIFI.pl MUM Wroclaw Introduction www.akademiawifi.pl WCNG - Wireless Network Consulting Group We are group of experienced professionals. Our company

More information

Internet Firewall CSIS 4222. Packet Filtering. Internet Firewall. Examples. Spring 2011 CSIS 4222. net15 1. Routers can implement packet filtering

Internet Firewall CSIS 4222. Packet Filtering. Internet Firewall. Examples. Spring 2011 CSIS 4222. net15 1. Routers can implement packet filtering Internet Firewall CSIS 4222 A combination of hardware and software that isolates an organization s internal network from the Internet at large Ch 27: Internet Routing Ch 30: Packet filtering & firewalls

More information

Wireless Networks: Network Protocols/Mobile IP

Wireless Networks: Network Protocols/Mobile IP Wireless Networks: Network Protocols/Mobile IP Mo$va$on Data transfer Encapsula$on Security IPv6 Problems DHCP Adapted from J. Schiller, Mobile Communications 1 Mo$va$on for Mobile IP Rou$ng based on IP

More information

Research Article A Two-Layered Mobility Architecture Using Fast Mobile IPv6 and Session Initiation Protocol

Research Article A Two-Layered Mobility Architecture Using Fast Mobile IPv6 and Session Initiation Protocol Hindawi Publishing Corporation EURA Journal on Wireless Communications and Networking Volume 2008, Article ID 348594, 8 pages doi:10.1155/2008/348594 Research Article A Two-Layered Mobility Architecture

More information

Lecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References

Lecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References Lecture Objectives Wireless Networks and Mobile Systems Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks Introduce security vulnerabilities and defenses Describe security functions

More information

Security vulnerabilities in the Internet and possible solutions

Security vulnerabilities in the Internet and possible solutions Security vulnerabilities in the Internet and possible solutions 1. Introduction The foundation of today's Internet is the TCP/IP protocol suite. Since the time when these specifications were finished in

More information

MOBILITY SUPPORT USING INTELLIGENT USER SHADOWS FOR NEXT-GENERATION WIRELESS NETWORKS

MOBILITY SUPPORT USING INTELLIGENT USER SHADOWS FOR NEXT-GENERATION WIRELESS NETWORKS MOBILITY SUPPORT USING INTELLIGENT USER SADOWS FOR NEXT-GENERATION WIRELESS NETWORKS Gergely V. Záruba, Wei Wu, Mohan J. Kumar, Sajal K. Das enter for Research in Wireless Mobility and Networking Department

More information

Provider-Based Deterministic Packet Marking against Distributed DoS Attacks

Provider-Based Deterministic Packet Marking against Distributed DoS Attacks Provider-Based Deterministic Packet Marking against Distributed DoS Attacks Vasilios A. Siris and Ilias Stavrakis Institute of Computer Science, Foundation for Research and Technology - Hellas (FORTH)

More information

Thwarting Selective Insider Jamming Attacks in Wireless Network by Delaying Real Time Packet Classification

Thwarting Selective Insider Jamming Attacks in Wireless Network by Delaying Real Time Packet Classification Thwarting Selective Insider Jamming Attacks in Wireless Network by Delaying Real Time Packet Classification LEKSHMI.M.R Department of Computer Science and Engineering, KCG College of Technology Chennai,

More information

XPROBE-NG. What s new with upcoming version of the tool. Fyodor Yarochkin Armorize Technologies

XPROBE-NG. What s new with upcoming version of the tool. Fyodor Yarochkin Armorize Technologies XPROBE-NG What s new with upcoming version of the tool Fyodor Yarochkin Armorize Technologies Abstract Attacks trends analysis and network modern discovery requirements lazy scanning, application level

More information

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security? 7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk

More information

Ethernet. Ethernet Frame Structure. Ethernet Frame Structure (more) Ethernet: uses CSMA/CD

Ethernet. Ethernet Frame Structure. Ethernet Frame Structure (more) Ethernet: uses CSMA/CD Ethernet dominant LAN technology: cheap -- $20 for 100Mbs! first widely used LAN technology Simpler, cheaper than token rings and ATM Kept up with speed race: 10, 100, 1000 Mbps Metcalfe s Etheret sketch

More information

DDOS WALL: AN INTERNET SERVICE PROVIDER PROTECTOR

DDOS WALL: AN INTERNET SERVICE PROVIDER PROTECTOR Journal homepage: www.mjret.in DDOS WALL: AN INTERNET SERVICE PROVIDER PROTECTOR Maharudra V. Phalke, Atul D. Khude,Ganesh T. Bodkhe, Sudam A. Chole Information Technology, PVPIT Bhavdhan Pune,India maharudra90@gmail.com,

More information

CS335 Sample Questions for Exam #2

CS335 Sample Questions for Exam #2 CS335 Sample Questions for Exam #2.) Compare connection-oriented with connectionless protocols. What type of protocol is IP? How about TCP and UDP? Connection-oriented protocols Require a setup time to

More information

On the Design of Mobility Management Scheme for 802.16-based Network Environment

On the Design of Mobility Management Scheme for 802.16-based Network Environment On the Design of obility anagement Scheme for 802.16-based Network Environment Junn-Yen Hu and Chun-Chuan Yang ultimedia and Communications Laboratory Department of Computer Science and Information Engineering

More information

Mobility Management for Vehicular Ad Hoc Networks

Mobility Management for Vehicular Ad Hoc Networks Mobility Management for Vehicular Ad Hoc Networks Marc Bechler, Lars Wolf Institute of Operating Systems and Computer Networks Technische Universität Braunschweig, Germany Email: [bechler, wolf]@ibr.cs.tu-bs.de

More information

Bit Chat: A Peer-to-Peer Instant Messenger

Bit Chat: A Peer-to-Peer Instant Messenger Bit Chat: A Peer-to-Peer Instant Messenger Shreyas Zare shreyas@technitium.com https://technitium.com December 20, 2015 Abstract. Bit Chat is a peer-to-peer instant messaging concept, allowing one-to-one

More information

Using IPsec VPN to provide communication between offices

Using IPsec VPN to provide communication between offices Using IPsec VPN to provide communication between offices This example provides secure, transparent communication between two FortiGates located at different offices using route-based IPsec VPN. In this

More information

Network Access Control and Cloud Security

Network Access Control and Cloud Security Network Access Control and Cloud Security Overview Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-14/

More information

Networked AV Systems Pretest

Networked AV Systems Pretest Networked AV Systems Pretest Instructions Choose the best answer for each question. Score your pretest using the key on the last page. If you miss three or more out of questions 1 11, consider taking Essentials

More information

EC-Council Network Security Administrator (ENSA) Duration: 5 Days Method: Instructor-Led

EC-Council Network Security Administrator (ENSA) Duration: 5 Days Method: Instructor-Led EC-Council Network Security Administrator (ENSA) Duration: 5 Days Method: Instructor-Led Certification: ENSA Exam 312-38 Course Description This course looks at the network security in defensive view.

More information

Handover Management based on the Number of Retries for VoIP on WLANs

Handover Management based on the Number of Retries for VoIP on WLANs Handover Management based on the Number of Retries for VoIP on WLANs Shigeru Kashihara Yuji Oie Department of Computer Science and Electronics, Kyushu Institute of Technology Kawazu 68-4, Iizuka, 82-852

More information

A Proxy Mobile IP based Layer-3 Handover Scheme for Mobile WiMAX based Wireless Mesh Networks

A Proxy Mobile IP based Layer-3 Handover Scheme for Mobile WiMAX based Wireless Mesh Networks A Proxy Mobile IP based Layer-3 Handover Scheme for Mobile WiMAX based Wireless Mesh Networks Min-Kim, Jong-min Kim, Hwa-sung Kim Dept. of Electronics and Communications Engineering Kwangwoon University

More information

Quality-of-Service Support for Mobile Users using NSIS Roland Bless, Martin Röhricht Networking 2009, Aachen

Quality-of-Service Support for Mobile Users using NSIS Roland Bless, Martin Röhricht Networking 2009, Aachen Quality-of-Service Support for Mobile Users using NSIS Roland Bless, Martin Röhricht Motivation 1 More and more resource demanding Internet applications and multimedia streams video broadcasts, Voice-over-IP,

More information

Tomás P. de Miguel DIT-UPM. dit UPM

Tomás P. de Miguel DIT-UPM. dit UPM Tomás P. de Miguel DIT- 15 12 Internet Mobile Market Phone.com 15 12 in Millions 9 6 3 9 6 3 0 1996 1997 1998 1999 2000 2001 0 Wireless Internet E-mail subscribers 2 (January 2001) Mobility The ability

More information

Security issues with Mobile IP

Security issues with Mobile IP Technical report, IDE1107, February 2011 Security issues with Mobile IP Master s Thesis in Computer Network Engineering Abdel Rahman Alkhawaja & Hatem Sheibani School of Information Science, Computer and

More information

Internet, Part 2. 1) Session Initiating Protocol (SIP) 2) Quality of Service (QoS) support. 3) Mobility aspects (terminal vs. personal mobility)

Internet, Part 2. 1) Session Initiating Protocol (SIP) 2) Quality of Service (QoS) support. 3) Mobility aspects (terminal vs. personal mobility) Internet, Part 2 1) Session Initiating Protocol (SIP) 2) Quality of Service (QoS) support 3) Mobility aspects (terminal vs. personal mobility) 4) Mobile IP Session Initiation Protocol (SIP) SIP is a protocol

More information

Post-Class Quiz: Telecommunication & Network Security Domain

Post-Class Quiz: Telecommunication & Network Security Domain 1. What type of network is more likely to include Frame Relay, Switched Multi-megabit Data Services (SMDS), and X.25? A. Local area network (LAN) B. Wide area network (WAN) C. Intranet D. Internet 2. Which

More information

A NOVEL OVERLAY IDS FOR WIRELESS SENSOR NETWORKS

A NOVEL OVERLAY IDS FOR WIRELESS SENSOR NETWORKS A NOVEL OVERLAY IDS FOR WIRELESS SENSOR NETWORKS Sumanta Saha, Md. Safiqul Islam, Md. Sakhawat Hossen School of Information and Communication Technology The Royal Institute of Technology (KTH) Stockholm,

More information

Mobile IP Network Layer Lesson 02 TCP/IP Suite and IP Protocol

Mobile IP Network Layer Lesson 02 TCP/IP Suite and IP Protocol Mobile IP Network Layer Lesson 02 TCP/IP Suite and IP Protocol 1 TCP/IP protocol suite A suite of protocols for networking for the Internet Transmission control protocol (TCP) or User Datagram protocol

More information

CS 5480/6480: Computer Networks Spring 2012 Homework 4 Solutions Due by 1:25 PM on April 11 th 2012

CS 5480/6480: Computer Networks Spring 2012 Homework 4 Solutions Due by 1:25 PM on April 11 th 2012 CS 5480/6480: Computer Networks Spring 2012 Homework 4 Solutions Due by 1:25 PM on April 11 th 2012 Important: The solutions to the homework problems from the course book have been provided by the authors.

More information

Network Security: A Practical Approach. Jan L. Harrington

Network Security: A Practical Approach. Jan L. Harrington Network Security: A Practical Approach Jan L. Harrington ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Morgan Kaufmann is an imprint of

More information

Performance Evaluation of AODV, OLSR Routing Protocol in VOIP Over Ad Hoc

Performance Evaluation of AODV, OLSR Routing Protocol in VOIP Over Ad Hoc (International Journal of Computer Science & Management Studies) Vol. 17, Issue 01 Performance Evaluation of AODV, OLSR Routing Protocol in VOIP Over Ad Hoc Dr. Khalid Hamid Bilal Khartoum, Sudan dr.khalidbilal@hotmail.com

More information

Introduction to Security and PIX Firewall

Introduction to Security and PIX Firewall Introduction to Security and PIX Firewall Agenda Dag 28 Föreläsning LAB PIX Firewall VPN A Virtual Private Network (VPN) is a service offering secure, reliable connectivity over a shared, public network

More information

Reliable Multicast Protocol with Packet Forwarding in Wireless Internet

Reliable Multicast Protocol with Packet Forwarding in Wireless Internet Reliable Multicast Protocol with Packet Forwarding in Wireless Internet Taku NOGUCHI, Toru YOSHIKAWA and Miki YAMAMOTO College of Information Science and Engineering, Ritsumeikan University 1-1-1, Nojihigashi,

More information

Network Layer: Network Layer and IP Protocol

Network Layer: Network Layer and IP Protocol 1 Network Layer: Network Layer and IP Protocol Required reading: Garcia 7.3.3, 8.1, 8.2.1 CSE 3213, Winter 2010 Instructor: N. Vlajic 2 1. Introduction 2. Router Architecture 3. Network Layer Protocols

More information

Computer Networks. Wireless and Mobile Networks. László Böszörményi Computer Networks Mobile - 1

Computer Networks. Wireless and Mobile Networks. László Böszörményi Computer Networks Mobile - 1 Computer Networks Wireless and Mobile Networks László Böszörményi Computer Networks Mobile - 1 Background Number of wireless (mobile) phone subscribers now exceeds number of wired phone subscribers! Computer

More information

OF-RHM: Transparent Moving Target Defense using Software Defined Networking

OF-RHM: Transparent Moving Target Defense using Software Defined Networking OF-RHM: Transparent Moving Target Defense using Software Defined Networking Haadi Jafarian, Qi Duan and Ehab Al-Shaer ACM SIGCOMM HotSDN Workshop August 2012 Helsinki, Finland Why IP Mutation Static assignment

More information

Mobile IP. Bheemarjuna Reddy Tamma IIT Hyderabad. Source: Slides of Charlie Perkins and Geert Heijenk on Mobile IP

Mobile IP. Bheemarjuna Reddy Tamma IIT Hyderabad. Source: Slides of Charlie Perkins and Geert Heijenk on Mobile IP Mobile IP Bheemarjuna Reddy Tamma IIT Hyderabad Source: Slides of Charlie Perkins and Geert Heijenk on Mobile IP IP Refresher Mobile IP Basics 3 parts of Mobile IP: Outline Advertising Care-of Addresses

More information

Internet Control Protocols Reading: Chapter 3

Internet Control Protocols Reading: Chapter 3 Internet Control Protocols Reading: Chapter 3 ARP - RFC 826, STD 37 DHCP - RFC 2131 ICMP - RFC 0792, STD 05 1 Goals of Today s Lecture Bootstrapping an end host Learning its own configuration parameters

More information

NETWORK SECURITY (W/LAB) Course Syllabus

NETWORK SECURITY (W/LAB) Course Syllabus 6111 E. Skelly Drive P. O. Box 477200 Tulsa, OK 74147-7200 NETWORK SECURITY (W/LAB) Course Syllabus Course Number: NTWK-0008 OHLAP Credit: Yes OCAS Code: 8131 Course Length: 130 Hours Career Cluster: Information

More information

Ethernet. Ethernet. Network Devices

Ethernet. Ethernet. Network Devices Ethernet Babak Kia Adjunct Professor Boston University College of Engineering ENG SC757 - Advanced Microprocessor Design Ethernet Ethernet is a term used to refer to a diverse set of frame based networking

More information

CS5008: Internet Computing

CS5008: Internet Computing CS5008: Internet Computing Lecture 22: Internet Security A. O Riordan, 2009, latest revision 2015 Internet Security When a computer connects to the Internet and begins communicating with others, it is

More information

Comparison of Various Passive Distributed Denial of Service Attack in Mobile Adhoc Networks

Comparison of Various Passive Distributed Denial of Service Attack in Mobile Adhoc Networks Comparison of Various Passive Distributed Denial of Service in Mobile Adhoc Networks YOGESH CHABA #, YUDHVIR SINGH, PRABHA RANI Department of Computer Science & Engineering GJ University of Science & Technology,

More information

How To Improve Alancom Vpn On A Pc Or Mac Or Ipad (For A Laptop) With A Network Card (For Ipad) With An Ipad Or Ipa (For An Ipa) With The Ipa 2.

How To Improve Alancom Vpn On A Pc Or Mac Or Ipad (For A Laptop) With A Network Card (For Ipad) With An Ipad Or Ipa (For An Ipa) With The Ipa 2. Information regarding LANCOM Advanced VPN Client 2.31 Copyright (c) 2002-2013 LANCOM Systems GmbH, Wuerselen (Germany) LANCOM Systems GmbH does not take any guarantee and liability for software not developed,

More information

Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network.

Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network. Course Name: TCP/IP Networking Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network. TCP/IP is the globally accepted group of protocols

More information

Cisco Integrated Services Routers Performance Overview

Cisco Integrated Services Routers Performance Overview Integrated Services Routers Performance Overview What You Will Learn The Integrated Services Routers Generation 2 (ISR G2) provide a robust platform for delivering WAN services, unified communications,

More information

SCADA SYSTEMS AND SECURITY WHITEPAPER

SCADA SYSTEMS AND SECURITY WHITEPAPER SCADA SYSTEMS AND SECURITY WHITEPAPER Abstract: This paper discusses some of the options available to companies concerned with the threat of cyber attack on their critical infrastructure, who as part of

More information

Proxy Mobile IPv6-Based Handovers for VoIP Services in Wireless Heterogeneous Networks

Proxy Mobile IPv6-Based Handovers for VoIP Services in Wireless Heterogeneous Networks IACSIT International Journal of Engineering and Technology, Vol. 4, No. 5, October 12 Proxy Mobile IPv6-Based Handovers for VoIP Services in Wireless Heterogeneous Networks N. P. Singh and Brahmjit Singh

More information

... Lecture 10. Network Security I. Information & Communication Security (WS 2014) Prof. Dr. Kai Rannenberg

... Lecture 10. Network Security I. Information & Communication Security (WS 2014) Prof. Dr. Kai Rannenberg Lecture 10 Network Security I Information & Communication Security (WS 2014) Prof. Dr. Kai Rannenberg T-Mobile Chair of Mobile Business & Multilateral Security Goethe University Frankfurt a. M. Introduction

More information

LANs. Local Area Networks. via the Media Access Control (MAC) SubLayer. Networks: Local Area Networks

LANs. Local Area Networks. via the Media Access Control (MAC) SubLayer. Networks: Local Area Networks LANs Local Area Networks via the Media Access Control (MAC) SubLayer 1 Local Area Networks Aloha Slotted Aloha CSMA (non-persistent, 1-persistent, p-persistent) CSMA/CD Ethernet Token Ring 2 Network Layer

More information

60467 Project 1. Net Vulnerabilities scans and attacks. Chun Li

60467 Project 1. Net Vulnerabilities scans and attacks. Chun Li 60467 Project 1 Net Vulnerabilities scans and attacks Chun Li Hardware used: Desktop PC: Windows Vista service pack Service Pack 2 v113 Intel Core 2 Duo 3GHz CPU, 4GB Ram, D-Link DWA-552 XtremeN Desktop

More information

IPv6 Security Best Practices. Eric Vyncke evyncke@cisco.com Distinguished System Engineer

IPv6 Security Best Practices. Eric Vyncke evyncke@cisco.com Distinguished System Engineer IPv6 Best Practices Eric Vyncke evyncke@cisco.com Distinguished System Engineer security 2007 Cisco Systems, Inc. All rights reserved. Cisco CPub 1 Agenda Shared Issues by IPv4 and IPv6 Specific Issues

More information

A Review on Zero Day Attack Safety Using Different Scenarios

A Review on Zero Day Attack Safety Using Different Scenarios Available online www.ejaet.com European Journal of Advances in Engineering and Technology, 2015, 2(1): 30-34 Review Article ISSN: 2394-658X A Review on Zero Day Attack Safety Using Different Scenarios

More information

IPsec Details 1 / 43. IPsec Details

IPsec Details 1 / 43. IPsec Details Header (AH) AH Layout Other AH Fields Mutable Parts of the IP Header What is an SPI? What s an SA? Encapsulating Security Payload (ESP) ESP Layout Padding Using ESP IPsec and Firewalls IPsec and the DNS

More information

Securing Modern Substations With an Open Standard Network Security Solution. Kevin Leech Schweitzer Engineering Laboratories, Inc.

Securing Modern Substations With an Open Standard Network Security Solution. Kevin Leech Schweitzer Engineering Laboratories, Inc. Securing Modern Substations With an Open Standard Network Security Solution Kevin Leech Schweitzer Engineering Laboratories, Inc. Copyright SEL 2009 What Makes a Cyberattack Unique? While the resources

More information

AERONAUTICAL COMMUNICATIONS PANEL (ACP) ATN and IP

AERONAUTICAL COMMUNICATIONS PANEL (ACP) ATN and IP AERONAUTICAL COMMUNICATIONS PANEL (ACP) Working Group I - 7 th Meeting Móntreal, Canada 2 6 June 2008 Agenda Item x : ATN and IP Information Paper Presented by Naoki Kanada Electronic Navigation Research

More information

School of Computer Science

School of Computer Science Cost and Scalability Analysis of Mobility Management Entities of NEMO Md. Shohrab Hossain and Mohammed Atiquzzaman TR-OU-TNRL-11-102 February 2011 Telecommunication & Network Research Lab School of Computer

More information