Finished Theses

61 Entries found

RSS


[Abstract of final thesis] Secure network protocols use cryptography to protect payload data against attacks by adversaries. Such protocols differ in their functionality, compatibility and performance, making it reasonable to either use multiple protocols at the same time for different purposes or to exchange the active protocol with another one during operation, depending on changes in the network environment.

Secure protocols require cryptographic keys. If multiple secure protocols are used on the same system, the effort for providing keys to protocols increases. On a system that allows switching to protocols at runtime that are not known in advance, manual key distribution becomes impossible and a generic, automatic key management mechanism is required.

In this work, we design and implement a key distribution system that can automatically provide keys to multiple protocols if at least one initial key is available. The initial key has to be supplied by the administrator to our implementation or directly to a protocol. We show how to transform symmetric to asymmetric keys and vice versa, how to handle different key lengths and different or unknown key formats.

We connect our implementation with a set of protocols (SSH, OpenVPN, TLS) and discuss switches at runtime from one protocol to another one. In case of directly obtaining a symmetric key from our system, the delay during the protocol switch is reduced, compared to always renegotiate a key with asymmetric cryptografy after a switch. 

[Abstract of final thesis] Mobile smart phones store sensitive data. Mechanisms to prevent leakage from mobile phones are vigorously developed. This leads to attackers developing an interest in unconventional methods for data exfiltration. Covert channels can be used to bypass these mechanisms. An experiment using acoustic covert channels on mobile phones is constructed to evaluate the feasibility and the limits of usable frequencies, transmission speeds, and distances. Furthermore, the possibility of the detection of the covert channel is analyzed. For this, the audio capabilities of different devices are analyzed. Also, detectability through humans and frequency analyzers is evaluated. Furthermore, three different modulations are evaluated: frequency shift keying, phase shift keying and direct sequence spread spectrum. Also, special forms of the modulations are inspected, specifically Gaussian frequency shift keying and the phase shift keying baud 31 used in amateur radio. Two methods to improve error robustness are demonstrated, which are a simple forward error correction with repetition and interleaving, and a modification of the direct sequence spread spectrum called escorting. It is shown that acoustic covert channel can be utilized to successfully exfiltrate data over long distances. Finally, it is shown that the attack can be discovered by the usage of simple tools.

[Abstract of final thesis] Ethernet networks are generally considered safe for communication as long as both parties at the ends of an Ethernet cable are trusted and secure. This thesis tries to answer the question, is data transferred over an Ethernet cable is secure? The goal of this thesis is to engineer and attempt possible security breaches at physical layer of Ethernet networks. In order to provide a practical approach, this thesis draws parallels with the existing techniques for attacking wireless networks, and provide possible modifications to apply them for wired communication. The thesis is divided into passive and active attacks. For the passive eavesdropping attack, a method to acquire the electromagnetic signature from Ethernet cables is presented, along with a step by step process to analyze and decode these signatures into readable data. In active attacks, method on how to perform jamming or Denial- of-Service attack on Ethernet cable with the use of RF transmission is explained, followed by a discussion on possible data injection techniques. The thesis concludes by highlighting the vulnerabilities in Ethernet communication, with the extension of more sophisticated attacks possible in near future.

[Abstract of final thesis] A plethora of routing protocols for mobile ad-hoc networks has been proposed by researchers. But due to their intention of solving small specialized problems, no universal best protocols exist. One approach to tackle this has proposed in the form of protocol transitions. This proposal suggests to always use the optimal protocol for the current state of a deployment scenario. But this approach left the growing need for secure communication out of the picture.

Attacks on infrastructure are more common than ever before. In the same time, the usage of wireless networks is increasing. With the introduction of reconfiguration of networks, like the proposed transitions of MANETs, secure protocols and the ability to switch them becomes important.

My approach is to use a system where trust relations have already been defined by one protocol, and reuse these existing relations to enable nodes to transition them from one protocol to another efficiently. This allows to also change secure protocols as needed and to dynamically choose the right protocol for each new scenario.

This thesis describes the design and the implementation of a system to handle these tasks. It presents a system based on the Click packet routing framework to switch between several secure ad-hoc routing protocols and secure transport protocols.

Different secure routing protocols are compared in regard to their ability to secure data on the control plane and on the data plane. To show the change between different classes of cryptographic material, transitions between some of the network protocols are elaborated upon. This leads to the proposal for an abstract transition scheme for protocols and the layout for a transition module to enable a network to change security associations between nodes. The functionality and schematics of the security association transition module and the modified protocol element implementations in Click are discussed. The implemented protocols are tested on real hardware in the SEEMOO mesh network testbed. The setup for the devised experiments and the varied parameters are presented. The tests are performed using a test framework to deploy and control the nodes involved in an experiment.

The thesis ends with an evaluation of the absolved real-life tests in the mesh testbed and an outlook towards future challenges.

[Abstract of final thesis] Due to the broad diversity of opportunities and challenges of wireless mesh networks in recent years many different types of routing protocols emerged from research. It is in the nature of things, that these protocols are tailored to specific requirements and conditions, as there is no individual protocol which performs optimal for all situations. In the scope of this work we design and implement a System Information Service that supports the common usage of protocol information to enable collaboration beyond protocol boundaries and flexible adaptions to new arising network situations. We consider the exchange of arbitrary types of data in the process. The connection of the service with protocols is done and evaluated using the example of two existing routing protocols, AODV and OLSR. The results of the studies reveal the feasibility of this approach on the one hand and also show, that the service slows down the forwarding of data packets in the network. Furthermore, the studies quantify additional performance overhead and motivate follow–up research in that area. An overview of further interesting research aspects concludes this work.

[Abstract of final thesis] The performance of routing protocols in Wireless Mesh Networks is subject to large variations, especially when the protocol needs to bootstrap in a heavily utilized network. The root cause is that routing protocol messages are handled no different than ordinary datagram traffic. To mitigate this, a testbed setup that is compatible with existing IEEE 802.11 Wireless Local Area Networks is developed, in which arbitrary packets are sent with individual, custom transmission parameters. We demonstrate the capabilities of the system by showing how it can be employed for experiments in a Wireless Mesh Networks.

[Abstract of final thesis] Mobile Ad-Hoc Networks (MANETs) are decentralized and autonomous communication systems: They can be used to provide connectivity when a natural disaster has brought down the infrastructure, or they can support freedom of speech in countries with governmental Internet restrictions. MANET design requires careful attention to scalability and security due to low-capacity and error-prone wireless links as well as the openness of these systems.

In this thesis, we address the issue of multicast as a means to efficiently support the MANET application of group communication on the network layer. To this aim, we first survey the research literature on the current state of the art in MANET routing, and we identify a gap between scalability and security in multicast routing protocols—two aspects that were only considered in isolation until now. We then develop an explicit multicast protocol based on the design of a secure unicast protocol, aiming to maintain its security properties while introducing minimal overhead.

Our simulation results reveal that our protocol reduces bandwidth utilization in group communication scenarios by up to 45% compared to the original unicast protocol, while providing significantly better resilience under blackhole attacks. A comparison with pure flooding allows us to identify a practical group size limit, and we present ideas for better large-group support.

[Abstract of final thesis] Due to the increasing number of end devices in local area networks the need of a simple way to tell the end devices the configuration parameters of services inside the networks is growing. Existing solutions are mostly based on proprietary protocols and platform- bound software from single manufacturers. This requires often the installation of special software, which is often not available for mobile devices or the software is only available for newer products. In this work we present a approach which extracts the configuration parameters of services from the data traffic of a local area network traffic and announces the configuration parameters to all end devices of the local network. Furthermore we evaluate the scalability of this approach on higher data rates inside the local area net- work and on rising number of end devices and services.

[Abstract of final thesis] To fulfill confidentiality requirements in wireless systems, cryptography is generally used even though the physical communication channel offers secrecy potential. A widely discussed physical layer secrecy approach in Multiple Input Multiple Output (MIMO) systems aims at reducing an eavesdropper’s Signal to Noise Ratio (SNR) by transmitting artificial noise into the null space of the intended receiver’s channel. This work evaluates the secrecy of such a system in practice by designing a known plaintext attack based on the eavesdropper’s partial knowledge of the exchanged information. The eavesdropper uses the plaintext symbols to train an adaptive filter that separates the information from the artificial noise. For a practical implementation, the Wireless Open-Access Research Platform (WARP) is employed. Our results show that the protection of only 150 Orthogonal Frequency-Division Multiplexing (OFDM) symbols (11% of the capacity of a WLAN frame) requires a transmission of eleven times more artifical noise than information to protect a transmission against the proposed attack. This reduces the usability of the aforementioned physical layer secrecy scheme in practical scenarios as the information transfer rate decreases with an increasing amount of artificial noise due to transmit power limitations.




Prof. Dr.-Ing. Matthias Hollick

Technische Universität Darmstadt
Department of Computer Science
Secure Mobile Networking Lab 

Mornewegstr. 32 (S4/14)
64293 Darmstadt, Germany

Phone: +49 6151 16-25472
Fax: +49 6151 16-25471
office@seemoo.tu-darmstadt.de

A A A | Drucken Drucken | Impressum Impressum | Sitemap Sitemap | Suche Suche | Kontakt Kontakt | Webseitenanalyse: Mehr Informationen
zum Seitenanfangzum Seitenanfang