search query: @keyword dos / total: 15
reference: 3 / 15
Author: | Kabir, Hammad |
Title: | Security Mechanisms for a Cooperative Firewall |
Publication type: | Master's thesis |
Publication year: | 2014 |
Pages: | xi + 115 s.+ liitt. 3 Language: eng |
Department/School: | Sähkötekniikan korkeakoulu |
Main subject: | Networking Technology (S3029) |
Supervisor: | Kantola, Raimo |
Instructor: | Beijar, Nicklas |
Electronic version URL: | http://urn.fi/URN:NBN:fi:aalto-201404181705 |
OEVS: | Electronic archive copy is available via Aalto Thesis Database.
Instructions Reading digital theses in the closed network of the Aalto University Harald Herlin Learning CentreIn the closed network of Learning Centre you can read digital and digitized theses not available in the open network. The Learning Centre contact details and opening hours: https://learningcentre.aalto.fi/en/harald-herlin-learning-centre/ You can read theses on the Learning Centre customer computers, which are available on all floors.
Logging on to the customer computers
Opening a thesis
Reading the thesis
Printing the thesis
|
Location: | P1 Ark Aalto 1012 | Archive |
Keywords: | IP CES security traversal DoS NAT reachability |
Abstract (eng): | The growing number of mobile users and mobile broadband subscriptions around the world calls for support of mobility in the Internet and also demands more addresses from the already depleting IP address space. The deployment of Network Address Translation (NAT) at network edges to extend the lifetime of IPv4 address space introduced the reachability problem in the Internet. While various NAT traversal proposals have attempted to solve the reachability problem, no perfect solution for mobile devices has been proposed. A solution is proposed at COMNET department of Aalto University, which is called Customer Edge Switching and it has resulted in a prototype called Customer Edge Switches (CES). While it addresses many of the current Internet issues i.e. reachability problem, IPv4 address space depletion, so far security has generally been considered out of scope. This thesis aims at identifying the security vulnerabilities present within the CES architecture. The architecture is secured against various network attacks by presenting a set of security models. The evaluation and performance analysis of these security models proves that the CES architecture is secured against various network attacks only by introducing minimal delay in connection establishment. The delay introduced does not affect the normal communication pattern and the sending host does not notice a difference compared to the current situation. For legacy interworking a CES can have the Private Realm Gateway (PRGW) function. The security mechanisms for PRGW also generate promising results in terms of security. The thesis further contributes towards security by discussing a set of deployment models for PRGW and CES-to-CES communication. |
ED: | 2014-04-20 |
INSSI record number: 48906
+ add basket
INSSI