9/22/20151 Network Research at College of Computing and Digital Media James Yu, Ph.D. Associate Professor DePaul University 08/31/09.

Slides:



Advertisements
Similar presentations
Quality-of-Service Routing in IP Networks Donna Ghosh, Venkatesh Sarangan, and Raj Acharya IEEE TRANSACTIONS ON MULTIMEDIA JUNE 2001.
Advertisements

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.
Page 1 / 14 The Mesh Comparison PLANET’s Layer 3 MAP products v.s. 3 rd ’s Layer 2 Mesh.
CCNA2 Module 4. Discovering and Connecting to Neighbors Enable and disable CDP Use the show cdp neighbors command Determine which neighboring devices.
Multi-Layer Switching Layers 1, 2, and 3. Cisco Hierarchical Model Access Layer –Workgroup –Access layer aggregation and L3/L4 services Distribution Layer.
Bandwidth Management Framework for IP based Mobile Ad Hoc Networks Khalid Iqbal ( ) Supervisor: Dr. Rajan Shankaran ITEC810 June 05, 2009.
Multicasting in Mobile Ad-Hoc Networks (MANET)
Jan 13, 2006Lahore University of Management Sciences1 Protection Routing in an MPLS Network using Bandwidth Sharing with Primary Paths Zartash Afzal Uzmi.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.
Multiple constraints QoS Routing Given: - a (real time) connection request with specified QoS requirements (e.g., Bdw, Delay, Jitter, packet loss, path.
December 20, 2004MPLS: TE and Restoration1 MPLS: Traffic Engineering and Restoration Routing Zartash Afzal Uzmi Computer Science and Engineering Lahore.
UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.
Di Wu 03/03/2011 Geographic Routing in Clustered Multi-layer Vehicular Ad Hoc Networks for Load Balancing Purposes.
PPP (Point to Point protocol).  On WAN connection, the protocol depends on the WAN technology and communicating equipment:  Examples:  HDLC –  The.
Routing and Routing Protocols
COMPUTER NETWORKS.
Network Topology. Cisco 2921 Integrated Services Router Security Embedded hardware-accelerated VPN encryption Secure collaborative communications with.
1 Semester 2 Module 6 Routing and Routing Protocols YuDa college of business James Chen
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.
CECS 5460 – Assignment 3 Stacey VanderHeiden Güney.
9/8/2015 CSC426 1 Network Research at CDM James Yu, Ph.D. Associate Professor School of Computing
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Wireless Router LAN Switching and Wireless – Chapter 7.
1 Multi Protocol Label Switching Presented by: Petros Ioannou Dept. of Electrical and Computer Engineering, UCY.
1 Introducing Routing 1. Dynamic routing - information is learned from other routers, and routing protocols adjust routes automatically. 2. Static routing.
Performance Analysis of AODV and SAODV Routing Protocols in Ad-Hoc Mesh Networks- A Simulation Study Sangeeta Ghangam Division of Computing Studies, Arizona.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Identifying Application Impacts on Network Design Designing and Supporting Computer.
“Intra-Network Routing Scheme using Mobile Agents” by Ajay L. Thakur.
Denial of Service (DoS) Attacks in Green Mobile Ad–hoc Networks Ashok M.Kanthe*, Dina Simunic**and Marijan Djurek*** MIPRO 2012, May 21-25,2012, Opatija,
1 BitHoc: BitTorrent for wireless ad hoc networks Jointly with: Chadi Barakat Jayeoung Choi Anwar Al Hamra Thierry Turletti EPI PLANETE 28/02/2008 MAESTRO/PLANETE.
Mobile Networking Challenges1 5.6 Mobile Ad Hoc Networks  Ad hoc network does not have any preexisting centralized server nodes to perform packet routing,
A survey of Routing Attacks in Mobile Ad Hoc Networks Bounpadith Kannhavong, Hidehisa Nakayama, Yoshiaki Nemoto, Nei Kato, and Abbas Jamalipour Presented.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Identifying Application Impacts on Network Design Designing and Supporting.
Data and Computer Communications Chapter 10 – Circuit Switching and Packet Switching (Wide Area Networks)
Methods for providing Quality of Service in WLANs W.Burakowski, A. Beben, J.Sliwinski Institute of Telecommunications, Warsaw University of Technology,
Fast Handoff for Seamless wireless mesh Networks Yair Amir, Clauiu Danilov, Michael Hilsdale Mobisys’ Jeon, Seung-woo.
1 CHAPTER 8 TELECOMMUNICATIONSANDNETWORKS. 2 TELECOMMUNICATIONS Telecommunications: Communication of all types of information, including digital data,
Load-Balancing Routing in Multichannel Hybrid Wireless Networks With Single Network Interface So, J.; Vaidya, N. H.; Vehicular Technology, IEEE Transactions.
WIRELESS AD-HOC NETWORKS Dr. Razi Iqbal Lecture 6.
William Stallings Data and Computer Communications
Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) Sriram Gopinath( )
Ch 4. Routing in WMNs Myungchul Kim
SIP Trunking As a Managed Service Why an E-SBC Matters By: Alon Cohen, CTO Phone.com.
Doc.: IEEE 11-04/0319r0 Submission March 2004 W. Steven Conner, Intel Corporation Slide 1 Architectural Considerations and Requirements for ESS.
CCNA Guide to Cisco Networking Chapter 2: Network Devices.
Introducing a New Concept in Networking Fluid Networking S. Wood Nov Copyright 2006 Modern Systems Research.
+ Routing Concepts 1 st semester Objectives  Describe the primary functions and features of a router.  Explain how routers use information.
Ad Hoc On-Demand Distance Vector Routing (AODV) ietf
Networking Components Assignment 3 Corbin Watkins.
DETECTION AND IGNORING BLACK HOLE ATTACK IN VANET NETWORKS BASED LATENCY TIME CH. BENSAID S.BOUKLI HACENE M.K.FAROUAN 1.
1 Traffic Engineering By Kavitha Ganapa. 2 Introduction Traffic engineering is concerned with the issue of performance evaluation and optimization of.
Prof. Alfred J Bird, Ph.D., NBCT Office – Science 3rd floor – S Office Hours – Monday and Thursday.
Prof. Alfred J Bird, Ph.D., NBCT Office – McCormick 3rd floor 607 Office Hours – Monday 3:00 to 4:00 and.
Network Processing Systems Design
100% Exam Passing Guarantee & Money Back Assurance
1Security for Service Providers – Dave Gladwin – Newport Networks – SIP ’04 – 22-Jan-04 Security for Service Providers Protecting Service Infrastructure.
Author:Zarei.M.;Faez.K. ;Nya.J.M.
100% Exam Passing Guarantee & Money Back Assurance
Instructor Materials Chapter 6: Quality of Service
Instructor Materials Chapter 2: Point-to-Point Connections
A Location-Based Routing Method for Mobile Ad Hoc Networks
Mobicom ‘99 Per Johansson, Tony Larsson, Nicklas Hedman
PPP PROTOCOL The First semester
IS3120 Network Communications Infrastructure
任課教授:陳朝鈞 教授 學生:王志嘉、馬敏修
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 6: Quality of Service Connecting Networks.
Network Research at CTI
Network Research at CTI
A Routing Protocol for WLAN Mesh
Performance of VoIP in a b wireless mesh network
Presentation transcript:

9/22/20151 Network Research at College of Computing and Digital Media James Yu, Ph.D. Associate Professor DePaul University 08/31/09 DePaul University 1

Outline Wireless LAN Security Protection against DoS Attacks Wireless LAN Security Protection against DoS Attacks VoIP Traffic Engineering VoIP Traffic Engineering Netconf for Configuration Validation Netconf for Configuration Validation Hybrid Routing for MANET Hybrid Routing for MANET 08/31/09 DePaul University2

WLAN Security: Problem Statement   It is relatively easy for a hacker to send a faked deauthenitcaiton or disaasoication frame to a wireless client, and to terminate its connection to the Wireless Access Point (WAP).   Making it worse, a hacker could flood a wireless client with deauthentication or disassociatation frames.   During the attacks, communications to the client are dead.   i provides an effective mechanism to address crypto attacks, but it does not prevent most DoS attacks. 08/31/09 DePaul University3

Research Approach   Building an empirical framework to study DoS attacks over WLANs.   Investigation of DoS attacks on wireless communication.   w – a draft solution to the problem   Network simulation of WLAN DoS Attacks   Implementation and improvement of w to resolve DoS attacks.   Verification and Validation 08/31/09 DePaul University4

DeauthF and DisassF DoS attacks 1.Deauthentication Flooding (DeauthF): A hacker floods the WLAN with faked deauthentication frames to force authenticated wireless clients to drop their connections with the AP. 2.Disassociation Flooding (DisassF): The attacker floods disassociation frames to wireless clients to force them to disconnect from the AP. 08/31/09 DePaul University5

Test Environment for WLAN DoS Attacks 08/31/09 DePaul University6

Flow Analysis of Deauthentication attacks 08/31/09 DePaul University7

802.11w (draft)   A new draft standard to enhance i capability   w extends the security protection to management frames   Deauthentication or disassociation frames are encrypted and sent to the client. The client check for the authenticity of the management frame and then accept (or reject) it. 08/31/09 DePaul University8

Implementation and Analyses of w  We implement and investigate the performance and effectiveness of w to protect the management frames of deauthentication and disassociation.  We use the ns-2 simulator to analyze w under four cases. They are the 1.normal WLAN, 2.the WLAN under DeauthF, 3.the WLAN under DeauthF w, and 4.the WLAN under DeauthF w w/ Traffic Shaping. 08/31/09 DePaul University9

WLAN under Deauthentication Attacks 08/31/09 DePaul University10

WLAN under w Protection 08/31/09 DePaul University11

Traffic Shaping   An enhancement implemented in the 802.1w solution.   Monitor the DoS attacking rate.   When the attacking rate is higher than a threshold value (which is configurable), the client will shape the traffic to no more than 10 fps.   When the attacking rate is below the threshold value, the standard w operation continues. 08/31/09 DePaul University12

WLAN under Protection of w and Traffic Shaping 08/31/09 DePaul University13

Contribution and Future Research   Empirical work   Implementation of w   To develop a queuing model to explain the attacking scenarios.   The queuing model is to be validated by the empirical results and also the ns-2 simulation model. 08/31/09 DePaul University14

Voice Traffic Engineering Goal: Design the network with sufficient capacity to meet the traffic demand with satisfactory performance Goal: Design the network with sufficient capacity to meet the traffic demand with satisfactory performance Demand (A) - Traffic Intensity Demand (A) - Traffic Intensity number of calls × duration of average calls Erlang Erlang Resources (N) – Number of Trunks Resources (N) – Number of Trunks Grade of Service (GoS) – blocking probability Grade of Service (GoS) – blocking probability Erlang B Model Erlang B Model 08/31/09 DePaul University15

VoIP Network PSTN Switch SS7 IP (public) Trunk MG SoftSwitch SS7 IP (private)IP (internal) PSTN Switch Access MG Call Manager (SIP Proxy) SoftSwitch Call Manager (Enterprise) Trunk MG Q.931 MG: Media Gateway Carrier VoIP Network 08/31/09 DePaul University16

Call Admission Control (CAC) The network (call manager or softswitch) accepts a call request only if it could guarantee the quality of service (QoS) of the call. The network (call manager or softswitch) accepts a call request only if it could guarantee the quality of service (QoS) of the call. In a network with dedicated bandwidth for VoIP, we can calculate the max number of simultaneous calls based on the allocated bandwidth. In a network with dedicated bandwidth for VoIP, we can calculate the max number of simultaneous calls based on the allocated bandwidth. This is the parameter N of the Erlang-B model This is the parameter N of the Erlang-B model Maximum Call Load Maximum Call Load When there are N calls in the network, any new call request will be rejected – When there are N calls in the network, any new call request will be rejected – Same as no trunks are available to route the call. Same as no trunks are available to route the call. 08/31/09 DePaul University17

Experimental Results (Bandwidth Utilization) Bandwidth Utilization = observed max call load ÷ expected max call load 08/31/09 DePaul University Problem! 18

Analysis – Limiting Resource Most studies consider the bandwidth (bps) as the limiting resource for the VoIP network. Most studies consider the bandwidth (bps) as the limiting resource for the VoIP network. In our experiment, the device (router) is the limiting resource. In our experiment, the device (router) is the limiting resource. Packet Throughput of Cisco 2600 router: 15,000 pps Packet Throughput of Cisco 2600 router: 15,000 pps 15,000 ÷ (1000 ÷ 20) ÷ 4 = 75 calls/sec Packet sampling rate: 20 ms 08/31/09 DePaul University19

Current Research Establish a research project with Neutral Tandem – a Telecommunications Service Provider which has an IP-code network for voice traffic. Establish a research project with Neutral Tandem – a Telecommunications Service Provider which has an IP-code network for voice traffic. Collect and analyze the real traffic data Collect and analyze the real traffic data Build a traffic engineering model Build a traffic engineering model Model development Model development Model validation Model validation 08/31/09 DePaul University20

Netconf for Network Management 08/31/09 DePaul University21

Network Management Requirements Easy to use Easy to use Ability to manipulate complete device configuration rather than individual entities Ability to manipulate complete device configuration rather than individual entities Support multiple configurations Support multiple configurations Configuration transactions across multiple devices simultaneously Configuration transactions across multiple devices simultaneously Human-readable format Human-readable format Integration with existing security infrastructure Integration with existing security infrastructure 08/31/09 DePaul University22

Evolution of Network Management Command- Oriented Object-Oriented Document- Oriented Variable-Oriented Transaction- Oriented Vendor specif ic SNMP/MIB CORBA XML-Based NETCONF 08/31/09 DePaul University23

NETCONF Transport Secure Shell (SSH) Secure Shell (SSH) Mandatory for NETCONF implementation Mandatory for NETCONF implementation Secured Secured Simple Object Access Protocol (SOAP) Simple Object Access Protocol (SOAP) SOAP over HTTP(s) SOAP over HTTP(s) Web Services support Web Services support Blocks Extensible Exchange Protocol (BEEP) Blocks Extensible Exchange Protocol (BEEP) peers on the transport level peers on the transport level NETCONF Agent NETCONF Manager SSH SOAP BEEP 08/31/09 DePaul University24

Netconf-based Validation System 08/31/09 DePaul University25

Data Model for Netconf Validation 08/31/09 DePaul University26

Current Research Joint Research work with Tail-f which provides the Netconf manager and Netconf agent. Developing a formal language (based on Yang) to specify the data requirements. Software Modules Parsers (requirements) Data aggregator (device configuration data) Validation 2 nd phase: automation of configuration. 08/31/09 DePaul University27

Position-based Routing Background The cost of collecting and maintaining routing information in MANET is high. On demand routing solves the problem partially, but still costly when mobility is involved. Location Based Routing (using geographical information) became feasible with the spread of location-aware devices MANET: Mobile Ad Hoc Network 08/31/09 DePaul University28

Location-Based Routing Greedy Forwarding: move the packet to the node closer to destination. Pros: No topology information is required No routing loops  used by many location-based routing protocols Cons: Cannot recover dead ends (when the node holding the packet is closer to the destination than its neighbors) Difficult to get the destination location 08/31/09 DePaul University29

HMRP Approach Integration of both location-based routing and on demand routing Two forwarding modes Default is Greedy Forwarding Location information is required for first hop only Obtained by exchanging a periodic hello message On Demand shortest-path Used to recover greedy dead-ends Controlled broadcast mechanism to obtain route and geographical information in one request/reply pair Shortest path will be cached and served as a backup route 08/31/09 DePaul University30

HMRP Approach (cont’d) HMRP optionally utilizes a Minimum Connected Dominating Set (MCDS) Limit location and route requests to MCDS HMRP can automatically detect and adopt to MCDS if exist HMRP adopts the concept of clustering in a loose manner where a child node can accept replies from any neighboring Dominating nodes if they provide better route information When a child node needs to send information requests, it forwards the request to its dominator which invokes the broadcast mechanism  Improved scalability and less overhead 08/31/09 DePaul University31

Performance Evaluation Packet loss End-to-End Latency Performance results are from the ns2 simulator. 08/31/09 DePaul University32

Performance Evaluation Path LengthOverhead 08/31/09 DePaul University33

HMRP Summary A new approach that combines on demand and location based routing: HMRP has the benefits of both approaches Performance improvement over both Location-Based and On-Demand Provide a new metric (routing capability) which is exchanged in the hello message. This metric is used to improve routing decisions. It is calculated based on several factors such as available node power, and number of packets forwarded 08/31/09 DePaul University34