Trust Management in Active Networks by IPSEC

Prepared by Aydın KOÇAK

In the recent years, bandwidth requirements have increased continuously in parallel with the rice in the number of network application. Today nearly all the current computers worldwide are connected to a network.
The general approach to bandwidth problem has usually been by increasing the line capacities. For example until 5 years ago, 10 Mbps. connection speeds were enough for local area networks. With the dramatic rise in the number and type of applications running on local area networks, line speeds were progressively increased to 100Mbps., 1000Mbps. (1 Gbps.), 10000 Mbps.(10Gbps.) and finaly 40000(40Gbps.).
However, even this connection capacity will not be sufficient for future bandwidth requirements. Thus, upgrading the speeds is not a sufficient method to overcome the bandwidth bottleneck problem.
An alternative idea is changing and improving the calculation methods. In this context, active networks emerge as a new network model containing nodes which can perform application specific calculations on the traffic passing through.
For this reason, active networks rapidly became a widely researched field. However, despite its conformed to laboratories, as it involved many difficulties and uncertainties, particularly security.
In this thesis, firstly introduced to current LAN technologies have been given, followed by a detailed analysis on active networks, with their nodes and structure. Then after listing the difficulties and uncertainties that limit the commercial implementation of active networks, these are analyzed one by one in detail.
Finally, "Trust Management in Active Networks by IPSEC" based on encryption of data and trust management model and application, which is proposed in order to overcome some difficulties, is explained and test bed on which the model is implemented is introduced.



Prepared by Gürsoy DURMUŞ

With the rapid growth of the Internet, IPv4 protocol will leave its duty to IPv6 in the near future. Due to the nature of IPv6, address distribution and administration have to be done automatically. This is possible with the help of Dynamic Host Configuration Protocol (DHCP). 

Although the DHCP protocol has a lot of security deficiencies, it is being widely used for its easiness in applications nowadays. Despite the fact that there are not so many risks other than internal threats for the DHCP client and server in local area networks where physical security is provided, external elements constitute great risks in wireless networks (i.e. Physical security is not present).

In this work, the secure DHCPv6 client and server applications were designed and implemented. Security tests were done for the implemented client and server, and the results were given.



 Prepared by Ahmet SÜSLÜ

Depending on the problems of transition over present networks, the progress of IPv6 instead of IPv4 will not happen suddenly and both protocols will be together for a while –maybe forever in some resources-. The routing mechanisms working on IPv4 today are supposed to be deficient in near future. The main input to decide the IP routing is IP lookup process which uses IP address to find the related routing unit. This process has to be done with enough speed which will not create a bottleneck for IP routing job.

In this study, a dual routing model has been proposed based on the clue of necessity of routing IPv4 and IPv6 packets together with reasonable cost software and hardware designs, a lookup algorithm which can be core of such design was inspected and a dual IP supporting routing software was simulated


Comparing the RED and Tail Drop Algorithms

Prepared by Mehmet KARALAR

In this thesis, Random Early Detection and Tail-Drop Algorithms were observed in order to make some comparisons between the performances of each mechanism. They are used in the internet world to prioritize different types of traffic on low-bandwidth links. On today’s networks, not only data is carried but also real-time voice and video services are given. As the voice, video services are time critical applications, they should be given higher priorities than FTP, e-mail like traffic. In this work, these different types of traffics were modeled in a test bed and the performance of them was observed when RED & Tail-Drop mechanisms are used.



Script MIB-based Distributed Management System for IPSec/VPN Gateways

Prepared by Mücahit Mutlugün


Today, management of IP networks more difficult then past. IPSec VPN Gateways, which has a notable part in today’s IP networks, need advanced management capabilities to reach management goals. Considering management problems of IPSec VPN gateways; policy and SA management, security monitoring and event management etc. cannot be efficiently realized by traditional central management. We propose a solution, dependent on distributed management architecture with IETF Script MIB. IPSec devices are grouped as usage domains and each domain is controlled by a domain manager, which implements Script MIB environment. Domain managers are also controlled by a manager-of-manager, which delegates its management responsibilities (configuration, event and monitoring) via management scripts.


IPSec Simulation Framework: Design and Implenementation

Prepared by Umut Tekin


Even its planners, never expected its popularity, today IP is the most widely used protocol of computer networks. Since IP has no built-in security mechanisms, by the increase of its popularity, soon security became one of the major flaws of IP. The increasing needs of security for IP, brought up a new protocol stack, called IPSec; IPSec is the standard security architecture of Internet Protocol.

  It is clear that as the usage of IPSec in IP world exponentially grows, new problems, and also research areas on security and performance of networking will occur. Since it is impossible to improve a system without effectively measuring its performance, today network simulators is the main tool of computer network researchers and device developers.  On the other hand, there is no any actual IPSec modeling framework in the open source network simulation community yet.

In this thesis, we describe a modular and extensible IPSec simulation framework that was designed and implemented on OMNET platform. In the study of the thesis, it is proven that, the new simulation framework can be easily and adaptively used in academic and industrial researches



Gebze Institute of Technology - Department of Computer Engineering