Thesis
Trust Management in Active Networks by IPSEC
Prepared by Aydın KOÇAK
In the recent years, bandwidth requirements have increased continuously in parallel with the rice in the number of network application. Today nearly all the current computers worldwide are connected to a network.
The general approach to bandwidth problem has usually been by increasing the line capacities. For example until 5 years ago, 10 Mbps. connection speeds were enough for local area networks. With the dramatic rise in the number and type of applications running on local area networks, line speeds were progressively increased to 100Mbps., 1000Mbps. (1 Gbps.), 10000 Mbps.(10Gbps.) and finaly 40000(40Gbps.).
However, even this connection capacity will not be sufficient for future bandwidth requirements. Thus, upgrading the speeds is not a sufficient method to overcome the bandwidth bottleneck problem.
An alternative idea is changing and improving the calculation methods. In this context, active networks emerge as a new network model containing nodes which can perform application specific calculations on the traffic passing through.
For this reason, active networks rapidly became a widely researched field. However, despite its conformed to laboratories, as it involved many difficulties and uncertainties, particularly security.
In this thesis, firstly introduced to current LAN technologies have been given, followed by a detailed analysis on active networks, with their nodes and structure. Then after listing the difficulties and uncertainties that limit the commercial implementation of active networks, these are analyzed one by one in detail.
Finally, "Trust Management in Active Networks by IPSEC" based on encryption of data and trust management model and application, which is proposed in order to overcome some difficulties, is explained and test bed on which the model is implemented is introduced.
A SECURE DHCP SYSTEM
DESIGN FOR IPV6 NETWORKS
Prepared by Gürsoy DURMUŞ
With the rapid growth of the Internet, IPv4
protocol will leave its duty to IPv6 in the near future. Due to the nature
of IPv6, address distribution and administration have to be done
automatically. This is possible with the help of Dynamic Host Configuration
Protocol (DHCP).
Although the DHCP protocol has a lot of
security deficiencies, it is being widely used for its easiness in
applications nowadays. Despite the fact that there are not so many risks
other than internal threats for the DHCP client and server in local area
networks where physical security is provided, external elements constitute
great risks in wireless networks (i.e. Physical security is not present).
In this work, the secure DHCPv6 client and
server applications were designed and implemented. Security tests were done
for the implemented client and server, and the results were given.
PC BASED DUAL LAYER IP
ROUTER SIMULATION
Prepared by Ahmet SÜSLÜ
Depending on the problems of transition
over present networks, the progress of IPv6 instead of IPv4 will not happen
suddenly and both protocols will be together for a while –maybe forever in
some resources-. The routing mechanisms working on IPv4 today are supposed
to be deficient in near future. The main input to decide the IP routing is
IP lookup process which uses IP address to find the related routing unit.
This process has to be done with enough speed which will not create a
bottleneck for IP routing job.
In this study, a dual routing model has
been proposed based on the clue of necessity of routing IPv4 and IPv6
packets together with reasonable cost software and hardware designs, a
lookup algorithm which can be core of such design was inspected and a dual
IP supporting routing software was simulated
Comparing the RED and Tail
Drop Algorithms
Prepared by Mehmet
KARALAR
In this thesis, Random Early Detection and
Tail-Drop Algorithms were observed in order to make some comparisons
between the performances of each mechanism. They are used in the internet
world to prioritize different types of traffic on low-bandwidth links. On
today’s networks, not only data is carried but also real-time voice and
video services are given. As the voice, video services are time critical applications,
they should be given higher priorities than FTP, e-mail like traffic. In
this work, these different types of traffics were modeled in a test bed and
the performance of them was observed when RED & Tail-Drop mechanisms
are used.
Script MIB-based
Distributed Management System for IPSec/VPN Gateways
Prepared by Mücahit Mutlugün
Today, management of IP networks
more difficult then past. IPSec VPN Gateways, which has a notable part in
today’s IP networks, need advanced management capabilities to reach
management goals. Considering management problems of IPSec VPN gateways;
policy and SA management, security monitoring and event management etc.
cannot be efficiently realized by traditional central management. We
propose a solution, dependent on distributed management architecture with
IETF Script MIB. IPSec devices are grouped as usage domains and each domain
is controlled by a domain manager, which implements Script MIB environment.
Domain managers are also controlled by a manager-of-manager, which delegates
its management responsibilities (configuration, event and monitoring) via
management scripts.
IPSec
Simulation Framework: Design and Implenementation
Prepared by Umut Tekin
Even its planners, never
expected its popularity, today IP is the most widely used protocol of
computer networks. Since IP has no built-in security mechanisms, by the
increase of its popularity, soon security became one of the major flaws of
IP. The increasing needs of security for IP, brought up a new protocol
stack, called IPSec; IPSec is the standard security architecture of
Internet Protocol.
It is clear that as the usage of IPSec in
IP world exponentially grows, new problems, and also research areas on
security and performance of networking will occur. Since it is impossible
to improve a system without effectively measuring its performance, today
network simulators is the main tool of computer network researchers and
device developers. On the other
hand, there is no any actual IPSec modeling framework in the open source
network simulation community yet.
In this thesis, we describe a modular and
extensible IPSec simulation framework that was designed and implemented on
OMNET platform. In the study of the thesis, it is proven that, the new
simulation framework can be easily and adaptively used in academic and
industrial researches
|