Dissertations / Theses on the topic 'Internet addresses'
To see the other types of publications on this topic, follow the link: Internet addresses.
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 41 dissertations / theses for your research on the topic 'Internet addresses.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse dissertations / theses on a wide variety of disciplines and organise your bibliography correctly.
1
Shue, Craig A. "A better Internet without IP addresses." [Bloomington, Ind.] : Indiana University, 2009. http://gateway.proquest.com/openurl?url_ver=Z39.88-2004&rft_val_fmt=info:ofi/fmt:kev:mtx:dissertation&res_dat=xri:pqdiss&rft_dat=xri:pqdiss:3358945.
Full textAbstract:
Thesis (Ph.D.)--Indiana University, Dept. of Computer Science, 2009.Title from PDF t.p. (viewed on Feb. 10, 2010). Source: Dissertation Abstracts International, Volume: 70-05, Section: B, page: 3011. Adviser: Minaxi Gupta.
2
Phillips, Matthew D. W., and Trevor J. Baumgartner. "Implementation of a network address translation mechanism over IPv6." Thesis, Monterey, California. Naval Postgraduate School, 2004. http://hdl.handle.net/10945/1607.
Full textAbstract:
Approved for public release; distribution is unlimitedNetwork Address Translation (NAT) for IPv4 was developed primarily to curb overcrowding of the Internet due to dwindling global IP addresses; however, NAT provides several other benefits. NAT can be used to mask the internal IP addresses of an Intranet. IPv6, the emerging standard for Internet addressing, provides three times the number of bits for IP addressing. While IPv6 does not need NAT for connectivity, other NAT features such as address hiding are valuable. There is currently no NAT implementation for IPv6. The focus of this research was the design and development of a NAT implementation for IPv6. This implementation will be used within a multilevel testbed. In addition, the NAT implementation developed here can facilitate the Department of Defense (DoD) transition to IPv6 planned for 2008 by providing services currently not available for IPv6. A working implementation of NAT for IPv6 within the Linux kernel has been produced. The NAT development created here has been tested for support of the protocols of TCP, UDP and ICMP for IPv6.
Ensign, United States Navy
3
Baumgartner, Trevor J. Phillips Matthew D. W. "Implementation of a Network Address Translation Mechanism Over IPv6 /." Monterey, Calif. : Springfield, Va. : Naval Postgraduate School ; Available from National Technical Information Service, 2004. http://library.nps.navy.mil/uhtbin/hyperion/04Jun%5FBaumgartner%5fPhillips.pdf.
Full textAbstract:
Thesis (M.S. in Computer Science)--Naval Postgraduate School, June 2004.Thesis advisor(s): Cynthia E. Irvine, Thuy D. Nguyen. Includes bibliographical references (p. 81-83). Also available online.
4
Snyder, Mark E. "Critical infrastructure protection and the Domain Name Service (DNS) system." Diss., Rolla, Mo. : Missouri University of Science and Technology, 2008. http://scholarsmine.mst.edu/thesis/pdf/Snyder_09007dcc805e0f32.pdf.
Full textAbstract:
Thesis (M.S.)--Missouri University of Science and Technology, 2008.Vita. The entire thesis text is included in file. Title from title screen of thesis/dissertation PDF file (viewed January 15, 2009) Includes bibliographical references.
5
Dunlop, Matthew William. "Achieving Security and Privacy in the Internet Protocol Version 6 Through the Use of Dynamically Obscured Addresses." Diss., Virginia Tech, 2012. http://hdl.handle.net/10919/77333.
Full textAbstract:
Society's increased use of network applications, such as email, social networking, and web browsing, creates a massive amount of information floating around in cyber space. An attacker can collect this information to build a profile of where people go, what their interests are, and even what they are saying to each other. For certain government and corporate entities, the exposure of this information could risk national security or loss of capital. This work identifies vulnerabilities in the way the Internet Protocol version 6 (IPv6) forms addresses. These vulnerabilities provide attackers with the ability to track a node's physical location, correlate network traffic with specific users, and even launch attacks against users' systems. A Moving Target IPv6 Defense (MT6D) that rotates through dynamically obscured network addresses while maintaining existing connections was developed to prevent these addressing vulnerabilities.MT6D is resistant to the IPv6 addressing vulnerabilities since addresses are not tied to host identities and continuously change. MT6D leverages the immense address space of IPv6 to provide an environment that is infeasible to search efficiently. Address obscuration in MT6D occurs throughout ongoing sessions to provide continued anonymity, confidentiality, and security to communicating hosts. Rotating addresses mid-session prevents an attacker from determining that the same two hosts are communicating. The dynamic addresses also force an attacker to repeatedly reacquire the target node before he or she can launch a successful attack. A proof of concept was developed that demonstrates the feasibility of MT6D and its ability to seamlessly bind new IPv6 addresses. Also demonstrated is MT6D's ability to rotate addresses mid-session without dropping or renegotiating sessions.This work makes three contributions to the state-of-the-art IPv6 research. First, it fully explores the security vulnerabilities associated with IPv6 address formation and demonstrates them on a production IPv6 network. Second, it provides a method for dynamically rotating network addresses that defeats these vulnerabilities. Finally, a functioning prototype is presented that proves how network addresses can be dynamically rotated without losing established network connections. If IPv6 is to be globally deployed, it must not provide additional attack vectors that expose user information.Ph. D.
6
AbuGhazaleh, Shereen N. A. "The resolution of domain name disputes : a comparison of Jordan, United Kingdom, United States, and ICANN rules." Thesis, University of Aberdeen, 2010. http://digitool.abdn.ac.uk:80/webclient/DeliveryManager?pid=158341.
Full textAbstract:
Domain names constitute a valuable key element in electronic commerce. However, some intend to benefit from this fact by registering identical or similar trademarks as domain names, thereby depriving the legitimate owners from obtaining the domain name. This thesis aims to evaluate the protection provided for domain names, by illustrating several models that are under civil, common and international jurisdiction, namely, Jordan, the United Kingdom, the United States and by ICANN. In the first model there are no special regulations. In the second model alternative regulations are applied while, in the third model, a special act is provided; the fourth model constitutes a global protection for specific types of domain name disputes. It is concluded that the absence of a unified legal identity for domain names is the reason why diverse positions are required to protect them; concomitantly, domain name disputes have not been sufficiently addressed, and there is a necessity to provide domain names with a globally comprehensive protection mechanism.
7
Rattananon, Sanchai Electrical Engineering & Telecommunications Faculty of Engineering UNSW. "RPX ??? a system for extending the IPv4 address range." Awarded by:University of New South Wales. School of Electrical Engineering and Telecommunications, 2006. http://handle.unsw.edu.au/1959.4/30210.
Full textAbstract:
In recent times, the imminent lack of public IPv4 addresses has attracted the attention of both the research community and industry. The cellular industry has decided to combat this problem by using IPv6 for all new terminals. However, the success of 3G network deployment will depend on the services offered to end users. Currently, almost all services reside in the IPv4 address space, making them inaccessible to users in IPv6 networks. Thus, an intermediate translation mechanism is required. Previous studies on network address translation methods have shown that Realm Base Kluge Address Heuristic-IP, REBEKAH-IP supports all types of services that can be offered to IPv6 hosts from the public IPv4 based Internet, and provides excellent scalability. However, the method suffers from an ambiguity problem which may lead to call blocking. This thesis presents an improvement to REBEKAH-IP scheme in which the side effect is removed, creating a robust and fully scalable system. The improvement can be divided into two major tasks including a full investigation on the scalability of addressing and improvements to the REBEKAH-IP scheme that allow it to support important features such as ICMP and IP mobility. To address the first task a method called REBEKAH-IP with Port Extension (RPX) is introduced. RPX is extended from the original REBEKAH-IP scheme to incorporate centralised management of both IP address and port numbers. This method overcomes the ambiguity problem, and improves scalability. We propose a priority queue algorithm to further increase scalability. Finally, we present extensive simulation results on the practical scalability of RPX with different traffic compositions, to provide a guideline of the expected scalability in large-scale networks. The second task concerns enabling IP based communication. Firstly, we propose an ICMP translation mechanism which allows the RPX server to support important end-toend control functions. Secondly, we extend the RPX scheme with a mobility support scheme based on Mobile IP. In addition, we have augmented Mobile IP with a new tunneling mechanism called IP-in-FQDN tunneling. The mechanism allows for unique mapping despite the sharing of IP addresses while maintaining the scalability of RPX. We examine the viability of our design through our experimental implementation.
8
Samiuddin, Asim. "IPAM : a web-based IP/DNS management system /." free to MU campus, to others for purchase, 2004. http://wwwlib.umi.com/cr/mo/fullcit?p1422961.
Full text
9
Tang, Jin. "Mobile IPv4 Secure Access to Home Networks." Diss., Georgia Institute of Technology, 2006. http://hdl.handle.net/1853/11536.
Full textAbstract:
With the fast development of wireless networks and devices, Mobile
IP is expected to be used widely so that mobile users can access
the Internet anywhere, anytime without interruption. However, some
problems, such as firewall traversal and use of private IP
addresses, restrict use of Mobile IP. The objective of this thesis
is to design original schemes that can enable a mobile node at
abroad to access its home network as well as the Internet securely
and that can help Mobile IP to be used widely and commercially.
Our solutions are secure, efficient, and scalable. They can be
implemented and maintained easily. In this thesis, we mainly
consider Mobile IPv4, instead of Mobile IPv6. Three research
topics are discussed. In each topic, the challenges are
investigated and the new solutions are presented.
The first research topic solves the firewall traversal problems in
Mobile IP. A mobile node cannot access its firewall-protected home
network if it fails the authentication by the firewall. We propose
that an IPsec tunnel be established between the firewall and the
foreign agent for firewall traversal and that an IPsec transport
security association be shared by the mobile node and a
correspondent node for end-to-end security.
The second topic researches further on firewall traversal problems
and investigates the way of establishing security associations
among network entities. A new security model and a new key
distribution method are developed. With the help of the security
model and keys, the firewall and the relevant network entities set
up IPsec security associations to achieve firewall traversal.
A mobile node from a private home network cannot communicate with
other hosts with its private home address when it is visiting a
public foreign network. A novel and useful solution is presented
in the third research topic. We suggest that the mobile node use
its Network Access Identifier (NAI) as its identification and
obtain a public home address from its home agent. In addition, a
new tunnel between the mobile node and its home agent is proposed.
10
Ahmed, Ejaz. "Monitoring and analysis of internet traffic targeting unused address spaces." Thesis, Queensland University of Technology, 2010. https://eprints.qut.edu.au/34075/1/Ejaz_Ahmed_Thesis.pdf.
Full textAbstract:
Today’s evolving networks are experiencing a large number of different attacks ranging from system break-ins, infection from automatic attack tools such as worms, viruses, trojan horses and denial of service (DoS). One important aspect of such attacks is that they are often indiscriminate and target Internet addresses without regard to whether they are bona fide allocated or not. Due to the absence of any advertised host services the traffic observed on unused IP addresses is by definition unsolicited and likely to be either opportunistic or malicious. The analysis of large repositories of such traffic can be used to extract useful information about both ongoing and new attack patterns and unearth unusual attack behaviors. However, such an analysis is difficult due to the size and nature of the collected traffic on unused address spaces. In this dissertation, we present a network traffic analysis technique which uses traffic collected from unused address spaces and relies on the statistical properties of the collected traffic, in order to accurately and quickly detect new and ongoing network anomalies. Detection of network anomalies is based on the concept that an anomalous activity usually transforms the network parameters in such a way that their statistical properties no longer remain constant, resulting in abrupt changes. In this dissertation, we use sequential analysis techniques to identify changes in the behavior of network traffic targeting unused address spaces to unveil both ongoing and new attack patterns. Specifically, we have developed a dynamic sliding window based non-parametric cumulative sum change detection techniques for identification of changes in network traffic. Furthermore we have introduced dynamic thresholds to detect changes in network traffic behavior and also detect when a particular change has ended. Experimental results are presented that demonstrate the operational effectiveness and efficiency of the proposed approach, using both synthetically generated datasets and real network traces collected from a dedicated block of unused IP addresses.
11
Weaver, Rhiannon. "Behavioral Modeling of Botnet Populations Viewed through Internet Protocol Address Space." Research Showcase @ CMU, 2012. http://repository.cmu.edu/dissertations/152.
Full textAbstract:
A botnet is a collection of computers infected by a shared set of malicious software, that maintain communications to a single human administrator or small organized group. Botnets are indirectly observable populations; cyber-analysts often measure a botnet’s threat in terms of its size, but size is derived from a count of the observable network touchpoints through which infected machines communicate. Activity is often a count of packets or connection attempts, representing logins to command and control servers, spam messages sent, peer-to-peer communications, or other discrete network behavior. Front line analysts use sandbox testing of a botnet’s malicious software to discover signatures for detecting an infected computer and shutting it down, but there is less focus on modeling the botnet population as a collection of machines obscured by the kaleidoscope view of Internet Protocol (IP) address space. This research presents a Bayesian model for generic modeling of a botnet due to its observable activity across a network. A generation-allocation model is proposed, that separates observable network activity at time t into the counts yt generated by the malicious software, and the network’s allocation of these counts among available IP addresses. As a first step, the framework outlines how to develop a directly observable behavioral model informed by sandbox tests and day-to-day user activity, and then how to use this model as a basis for population estimation in settings using proxies or Network Address Translation (NAT) in which only the aggregate sum of all machine activity is observed. The model is explored via a case study using the Conficker-C botnet that emerged in March of 2009.
12
Endo, Patricia Takako. "WBG (Whois Based Geolocation): uma estratégia para localização geográfica de hosts na Internet." Universidade Federal de Pernambuco, 2008. https://repositorio.ufpe.br/handle/123456789/2039.
Full textAbstract:
Made available in DSpace on 2014-06-12T15:54:02Z (GMT). No. of bitstreams: 2
arquivo1953_1.pdf: 1722836 bytes, checksum: 2be769931d2befdf5a296cf78a205f34 (MD5)
license.txt: 1748 bytes, checksum: 8a4605be74aa9ea9d79846c1fba20a33 (MD5)
Previous issue date: 2008Coordenação de Aperfeiçoamento de Pessoal de Nível Superior
Baseado, por exemplo, na localização geográfica de um determinado host na Internet, podese oferecer serviços especializados, como: a) páginas web com preferências regionais (e.g. usuários online podem receber propagandas direcionadas ou ter a linguagem para apresentação de conteúdo selecionada automaticamente); b) controle de disponibilidade de dados, de acordo com a localização do usuário (e.g. pode-se restringir o acesso a determinados dados através de políticas regionais e autorização de transações a partir de localidades pré-estabelecidas), c) estudo e análise de tráfego geolocalizado para entender quem se comunica com quem no nível de usuários, regiões e países e identificação de anomalias de roteamento. Os aspectos comuns destas aplicações são a sua dependência em relação a estratégias, denominadas geolocalização. Contudo, alguns destes mecanismos apresentam uma baixa acurácia ou uma estimativa de localização geográfica não-aceitável para determinadas aplicações. Portanto, torna-se de grande importância estudos que melhorem a precisão, bem como a completude das estratégias utilizadas para inferir a geolocalização de hosts na Internet. Este trabalho tem como principais objetivos o estudo sobre as estratégias de geolocalização existentes; a proposta de uma estratégia que melhore a precisão das inferências de localização geográfica de hosts na Internet e a completude dos resultados; e o estudo de tráfego geolocalizado de uma base de dados da rede acadêmica do Estado de Pernambuco. A estratégia desenvolvida, denominada WBG (Whois Based Geolocation), é baseada em buscas whois online e possui uma heurística baseada na ferramenta traceroute
13
Klíma, Oldřich. "Aplikace pro geolokační databáze." Master's thesis, Vysoké učení technické v Brně. Fakulta elektrotechniky a komunikačních technologií, 2019. http://www.nusl.cz/ntk/nusl-400906.
Full textAbstract:
The thesis deals with possibilities for more precise determination of geographical position of given IP address by combination of estimates of data obtained from geolocation databases. The first part introduces the issue on theoretical level. Possibilities of network device identification, its geographical location and principles of geolocation databases are described here. After analyzing the theoretical part of this issue, the current state of application for geolocation databases is described. The next section introduces a new application which uses original software ip2geotools as a library. Using the three implemented methods for combining results (based on average, median, and cluster analysis by K-Means algorithm), the new program allows to estimate the physical location of IP address. The app is complemented with console interface and geographic data visualization on the map. In the last part, the accuracy of computational methods is validated and a detailed statistical analysis of data obtained by performing a calculation over a set of IP addresses with known geographical location of the RIPE Atlas service is performed.
14
Manocha, Jitendra. "Using innovation from block chain technology to address privacy and security problems of Internet of Things." Thesis, KTH, Industriell Marknadsföring och Entreprenörskap, 2017. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-209682.
Full textAbstract:
Internet of things (IoT) is growing at a phenomenal speed and outpacing all the technological revolutions that occurred in the past. Together with window of opportunity it also poses quite a few challenges. One of the most important and unresolved challenge is vulnerability in security and privacy in IoT. This is mainly due to lack of a global decentralized standard even though characteristically IoT is based on distributed systems. Due to lack of standard IoT has interoperability issue between different devices and platform suppliers which implicitly creates need of reliance on the suppliers as they store and control user data. There is no decentralized industry wide solution which can offer the control of user data and security back to the user. While experts in IoT are still wondering on solving the challenge, a new Block chain technology has surfaced in past few years and showed signs of disruptive innovation in financial industry. This technology is decentralized, secure and private. Let alone information, block chain innovation has proven to keep assets secure. Recently few forms of block chains have emerged. This research will focus on analyzing the innovative block chain technology, their characteristics specifically the types of block chain to address the privacy and security challenges of IoT. Research proposes a new concept of hybrid block chain as a solution to IoT security and privacy problem.
15
Zhuang, Yinfang. "Measuring Effectiveness of Address Schemes for AS-level Graphs." UKnowledge, 2012. http://uknowledge.uky.edu/cs_etds/8.
Full textAbstract:
This dissertation presents measures of efficiency and locality for Internet addressing schemes.
Historically speaking, many issues, faced by the Internet, have been solved just in time, to make the Internet just work~\cite{justWork}. Consensus, however, has been reached that today's Internet routing and addressing system is facing serious scaling problems: multi-homing which causes finer granularity of routing policies and finer control to realize various traffic engineering requirements, an increased demand for provider-independent prefix allocations which injects unaggregatable prefixes into the Default Free Zone (DFZ) routing table, and ever-increasing Internet user population and mobile edge devices. As a result, the DFZ routing table is again growing at an exponential rate.
Hierarchical, topology-based addressing has long been considered crucial to routing and forwarding scalability. Recently, however, a number of research efforts are considering alternatives to this traditional approach. With the goal of informing such research, we investigated the efficiency of address assignment in the existing (IPv4) Internet. In particular, we ask the question: ``how can we measure the locality of an address scheme given an input AS-level graph?''
To do so, we first define a notion of efficiency or locality based on the average number of bit-hops required to advertize all prefixes in the Internet. In order to quantify how far from ``optimal" the current Internet is, we assign prefixes to ASes ``from scratch" in a manner that preserves observed semantics, using three increasingly strict definitions of equivalence.
Next we propose another metric that in some sense quantifies the ``efficiency" of the labeling and is independent of forwarding/routing mechanisms. We validate the effectiveness of the metric by applying it to a series of address schemes with increasing randomness given an input AS-level graph. After that we apply the metric to the current Internet address scheme across years and compare the results with those of compact routing schemes.
16
Messer, Benjamin Lee. "Improving survey response in mail and internet general public surveys using address-based sampling and mail contact procedures." Pullman, Wash. : Washington State University, 2009. http://www.dissertations.wsu.edu/Thesis/Spring2009/B_Messer_040309.pdf.
Full text
17
Signorello, Salvatore. "A multifold approach to address the security issues of stateful forwarding mechanisms in Information-Centric Networks." Electronic Thesis or Diss., Université de Lorraine, 2018. http://www.theses.fr/2018LORR0109.
Full textAbstract:
Ce travail illustre comment les tendances actuelles d'utilisation dominantes sur Internet motivent la recherche sur des architectures futures de réseau plus orientées vers le contenu. Parmi les architectures émergentes pour l'Internet du futur, le paradigme du Information-Centric Networking (ICN) est présenté. ICN vise à redéfinir les protocoles de base d'Internet afin d'y introduire un changement sémantique des hôtes vers les contenus. Parmi les architectures ICN, le Named-Data Networking (NDN) prévoit que les demandes nommées de contenus des utilisateurs soient transmises par leur nom dans les routeurs le long du chemin d'un consommateur à une ou plusieurs sources de contenus. Ces demandes de contenus laissent des traces dans les routeurs traversés qui sont ensuite suivis par les paquets de contenus demandés. La table d'intérêt en attente (PIT) est le composant du plan de données de l'NDN qui enregistre temporairement les demandes de contenus acheminés dans les routeurs. D'une part, ce travail explique que le mécanisme d'acheminement à états de la PIT permet des propriétés comme l'agrégation de requêtes, le multicast de réponses et le contrôle natif de flux hop-by-hop. D'autre part, ce travail illustre comment l'acheminement à états de la PIT peut facilement être mal utilisé par des attaquants pour monter des attaques de déni de service distribué (DDoS) disruptives, appelées Interest Flooding Attacks (IFAs). Dans les IFAs, des botnets vaguement coordonnés peuvent inonder le réseau d'une grande quantité de demandes difficiles à satisfaire dans le but de surcharger soit l'infrastructure du réseau soit les producteurs de contenus. Ce travail de thèse prouve que bien que des contre-mesures contre les IFAs aient été proposées, il manque une compréhension complète de leur efficacité réelle puisque celles-ci ont été testées sous des hypothèses simplistes sur les scénarios d'évaluation. Dans l'ensemble, le travail présenté dans ce manuscrit permet de mieux comprendre les implications des IFAs et les opportunités d'améliorer les mécanismes de défense existants contre ces attaques. Les principales contributions de ce travail de thèse tournent autour d'une analyse de sécurité du plan d'acheminement dans l'architecture NDN. En particulier, ce travail définit un modèle d'attaquant plus robuste pour les IFAs à travers l'identification des failles dans les contre-mesures IFA existantes. Ce travail introduit un nouvel ensemble d'IFAs basé sur le modèle d'attaquant proposé. Les nouveaux IFAs sont utilisés pour réévaluer les plus efficaces contre-mesures IFA existantes. Les résultats de cette évaluation réfutent l'efficacité universelle des mécanismes de défense existants contre l'IFA et, par conséquent, appellent à différentes contre-mesures pour protéger le NDN contre cette menace de sécurité. Pour surmonter le problème révélé, ce travail définit également des contre-mesures proactives contre l'IFA, qui sont de nouveaux mécanismes de défense contre les IFA inspirés par les problèmes rencontrés dans l'état de l'art. Ce travail présente Charon, une nouvelle contre-mesure proactive contre l'IFA, et la teste contre les nouvelles IFAs. Ce travail montre que Charon est plus efficace que les contre-mesures IFA réactives existantes. Enfin, ce travail illustre la conception NDN.p4, c'est-à-dire la première implémentation d'un protocole ICN écrit dans le langage de haut niveau pour les processeurs de paquets P4. Le travail NDN.p4 est la première tentative dans la littérature visant à tirer parti des nouveaux techniques de réseaux programmables pour tester et évaluer différentes conceptions de plan de données NDN. Cette dernière contribution classe également les mécanismes alternatifs d'acheminement par rapport à un ensemble de propriétés cardinales de la PIT. Le travail souligne qu'il vaut la peine d'explorer d'autres mécanismes d'acheminement visant à concevoir un plan de données NDN moins vulnérable à la menace IFAThis work illustrates how today's Internet dominant usage trends motivate research on more content-oriented future network architectures. Among the emerging future Internet proposals, the promising Information-Centric Networking (ICN) research paradigm is presented. ICN aims to redesign Internet's core protocols to promote a shift in focus from hosts to contents. Among the ICN architectures, the Named-Data Networking (NDN) envisions users' named content requests to be forwarded by their names in routers along the path from one consumer to 1-or-many sources. NDN's requests leave trails in traversed routers which are then followed backwards by the requested contents. The Pending Interest Table (PIT) is the NDN's data-plane component which temporarily records forwarded content requests in routers. On one hand, this work explains that the PIT stateful mechanism enables properties like requests aggregation, multicast responses delivery and native hop-by-hop control flow. On the other hand, this work illustrates how the PIT stateful forwarding behavior can be easily abused by malicious users to mount disruptive distributed denial of service attacks (DDoS), named Interest Flooding Attacks (IFAs). In IFAs, loosely coordinated botnets can flood the network with a large amount of hard to satisfy requests with the aim to overload both the network infrastructure and the content producers. This work proves that although countermeasures against IFAs have been proposed, a fair understanding of their real efficacy is missing since those have been tested under simplistic assumptions about the evaluation scenarios. Overall, the work presented in this manuscript shapes a better understanding of both the implications of IFAs and the possibilities of improving the state-of-the-art defense mechanisms against these attacks. The main contributions of this work revolves around a security analysis of the NDN's forwarding plane. In particular, this work defines a more robust attacker model for IFAs by identifying flaws in the state-of-the-art IFA countermeasures. This work introduces a new set of IFAs built upon the proposed attacker model. The novel IFAs are used to re-assess the most effective existing IFA countermeasures. Results of this evaluation disproves the universal efficacy of the state-of-the-art IFA defense mechanisms and so, call for different countermeasures to protect the NDN against this threat. To overcome the revealed issue, this work also defines proactive IFA countermeasures, which are novel defense mechanisms against IFAs inspired by the issues with the state-of-the-art ones. This work introduces Charon, a novel proactive IFA countermeasure, and tests it against the novel IFA attacks. This work shows Charon counteracts latest stealthy IFAs better than the state-of-the-art reactive countermeasures. Finally, this work illustrates the NDN.p4 design, that is, the first implementation of an ICN protocol written in the high-level language for packet processors P4. The NDN.p4 work is the first attempt in the related literature to leverage novel programmable-networks technologies to test and evaluate different NDN forwarding plane designs. This last contribution also classifies existing alternative forwarding mechanisms with respect to a set of PIT cardinal properties. The work outlines that it is worth to explore alternative forwarding mechanisms aiming to design an NDN forwarding plane less vulnerable to the IFA threat
18
Fourcot, Florent. "Address spreading in future Internet supporting both the unlinkability of communication relations and the filtering of non legitimate traffic." Doctoral thesis, Saechsische Landesbibliothek- Staats- und Universitaetsbibliothek Dresden, 2016. http://nbn-resolving.de/urn:nbn:de:bsz:14-qucosa-181117.
Full textAbstract:
The rotation of identifiers is a common security mechanism to protect telecommunication; one example is the frequency hopping in wireless communication, used against interception, radio jamming and interferences.
In this thesis, we extend this rotation concept to the Internet. We use the large IPv6 address space to build pseudo-random sequences of IPv6 addresses, known only by senders and receivers. The sequences are used to periodically generate new identifiers, each of them being ephemeral. It provides a new solution to identify a flow of data, packets not following the sequence of addresses will be rejected. We called this technique “address spreading”.
Since the attackers cannot guess the next addresses, it is no longer possible to inject packets. The real IPv6 addresses are obfuscated, protecting against targeted attacks and against identification of the computer sending a flow of data. We have not modified the routing part of IPv6 addresses, so the spreading can be easily deployed on the Internet.
The “address spreading” needs a synchronization between devices, and it has to take care of latency in the network. Otherwise, the identification will reject the packets (false positive detection). We evaluate this risk with a theoretical estimation of packet loss and by running tests on the Internet. We propose a solution to provide a synchronization between devices.
Since the address spreading cannot be deployed without cooperation of end networks, we propose to use ephemeral addresses. Such addresses have a lifetime limited to the communication lifetime between two devices. The ephemeral addresses are based on a cooperation between end devices, they add a tag to each flow of packets, and an intermediate device on the path of the communication, which obfuscates the real address of data flows. The tagging is based on the Flow Label field of IPv6 packets. We propose an evaluation of the current implementations on common operating systems. We fixed on the Linux Kernel behaviours not following the current standards, and bugs on the TCP stack for flow labels. We also provide new features like reading the incoming flow labels and reflecting the flow labels on a socket.
19
Kibru, Shomoro Abenezer. "EXAMINING FACTORS INFLUENCING NETWORK EXPERT‟S DECISION WHETHER TO RECOMMEND INTERNET PROTOCOL (IP) MIGRATION (IPV4 to IPV6) OR NOT IN ORGANIZATIONS." Thesis, Högskolan i Borås, Institutionen Handels- och IT-högskolan, 2014. http://urn.kb.se/resolve?urn=urn:nbn:se:hb:diva-18130.
Full textAbstract:
Findings of this research work provide clear understanding of why organizationaltechnology(Network technology) adoption decision makers decide to recommend or notrecommend an Internet Protocol migration(adoption of the latest protocol), or a migrationfrom Ipv4 to IPv6/ or adoption of IPv6, to their organizations. A meticulous review ofliterature on the practice of various organizations technology adoption process served as abase for developing relevant research questions and corresponding hypothesis. The researchhypothesis was developed to examine organization‟s technology (Network technology)adoption decision maker‟s perception of IPv6: quality of service, auto configurationcapability, security, mobility, address abundance and cost effectiveness and its effect on theirdecision.The study result indicated that network expert‟s decision to recommend a new networktechnology adoption, specifically, internet protocol migration from IPv4 to IPv6 is highlyinfluenced by their perception of the factors listed in the previous paragraph, thereforenetwork expert‟s perception of the aforementioned factors are instrumental for their decisionof recommending whether to encourage the internet protocol migration. It is also implied thatmanagers at top level can make a technology adoption or migration decision based on therecommendation from the experts already knowing that their decision is highly influenced bytheir perception of capabilities and functionality of the new IP (IPv6). In addition to theapparent contribution of this study to organizations that fall in to the category of organization,where this study was conducted, the result of this study also helps different organizationsengaged in other kinds of business activity, such as: network infrastructure manufacturersand application developers by providing essential information regarding which functionalitiesand capabilities are playing a major role for organization‟s choice for a certain networkinfrastructure.Program: Masterutbildning i Informatik
20
Richter, Wolf R. "'Better' regulation through social entrepreneurship? : innovative and market-based approaches to address the digital challenge to copyright regulation." Thesis, University of Oxford, 2010. http://ora.ox.ac.uk/objects/uuid:8d609027-8605-4815-a499-3d2981028a24.
Full textAbstract:
After the initial excitement about the Internet as a space outside of governmental control has evaporated and courts in several states have applied national laws to ‘Cyberspace’, there is now a consensus among scholars that regulators have in principle the authority and capacity to regulate the Internet. Nevertheless, the application of the established tools of regulation - legislation and adjudication - to the current challenges to copyright regulation posed by the Internet has proven to be ineffective and produced undesirable side effects. Although market self-regulation has been suggested as a more efficacious approach to regulating the Internet and has proven effective in content regulation and Internet governance, the market has so far been unsuccessful in providing an effective and efficient remedy to the challenges to copyright regulation. The purpose of this thesis is to examine a novel approach to regulation and analyse its benefits and limitations. The novel approach defies the conceptualisation as co- and self-regulation, but introduces the solution from outside the regulated environment through entrepreneurship and innovation, and relies on the forces of the market to become effective. In this thesis, I analyse the regulatory systems implemented by two private organisations, Noank Media and Creative Commons, in China’s reportedly ineffective copyright law environment and find that their market-based and innovative approach to regulation can be understood as a form of social entrepreneurship. Social enterprises have been claimed to deliver social goods more effectively and efficiently than governmental intervention, because they are said to rely on local knowledge, to be driven by the demand of the stakeholders, and to be focused on social value creation. Based on quantitative and qualitative fieldwork with Noank Media’s and Creative Common’s stakeholders in China I analyse to what extent these two enterprises managed to successfully leverage the assets of social entrepreneurship. I conclude that while the novel approach has demonstrated the potential to produce more effective and more efficient regulation, it does not automatically result in Better Regulation. Further efforts are required to ensure participation, transparency, and public accountability, and to avoid regulatory fragmentation.
21
Criqui-Barthalais, Géraldine. "La protection des libertés individuelles sur le réseau internet." Thesis, Paris 2, 2018. http://www.theses.fr/2018PA020076/document.
Full textAbstract:
Cette étude envisage le réseau internet comme un nouvel espace invitant à réinterpréter les libertés de la personne physique. Au titre de celles-ci, sont protégées la liberté individuelle, entendue comme le fait de ne pouvoir être arbitrairement détenu et la liberté d’aller et venir. Il doit en aller de même sur le réseau. Etablissant une analogie avec ces libertés, la première partie de la thèse consacre deux libertés : la liberté d’accès au réseau et la liberté de naviguer sur le web. La première implique de définir le contenu d’un service public de l’accès. De plus, il faut affirmer que la coupure d’accès au réseau doit être envisagée comme une mesure privative de liberté ; elle ne peut donc être décidée que par le juge judiciaire. L’affirmation de la liberté de naviguer sur le web conduit à envisager le régime du blocage des sites, une mesure qui ne peut intervenir que dans le cadre d’une police administrative spéciale. Dans la seconde partie il apparaît que ces deux libertés n’ont toutefois de sens que si l’individu a accès au réseau anonymement et n’est pas surveillé arbitrairement quand il navigue sur le web. Cette étude cherche ainsi à préciser le régime devant encadrer le mécanisme d’adressage du réseau. Sont définies les conditions du contrôle de l’identité de l’internaute à partir de son adresse IP. Enfin, il est soutenu qu’un principe général d’effacement des données révélant les sites visités doit être affirmé, principe qui s’applique aux différents acteurs du réseau, notamment les moteurs de recherche. L’interception de ces données ne peut procéder que d’un pouvoir sécuritaire ou hiérarchique sur l’internauteThis study considers the internet as a new territory where rights guaranteed to each individual in physical space can be promoted; not only free speech and privacy, but also the Habeas Corpus prerogative writ, which protects against unlawful imprisonment, and the right to freedom of movement. Thus, processing by analogy, the dissertation intends to promote two specific digital rights: the freedom to connect to the internet and the freedom to surf on the web. The freedom to connect should be part of a public service which promotes this access through public policies. Moreover, barring someone from using the internet can only be decided by a judge. The freedom to surf should protect the web users against unreasonable restrictions. Thus, measures blocking illegal websites should not come through self-regulation but through a legal framework which defines how administrative authorities are entitled to decide such restrictions. The protection of these two rights entails further obligations. Individuals must access the internet anonymously and they must be aware of how the government monitors their actions on the web. This study tries to outline the content of measures aiming to frame network addressing mechanisms. Identity checks based on the IP address should be subject to a strict legal regime. The study concludes that individuals have to be protected from surveillance when data reveal their choices among websites while they are connected. Internet access providers, but also search engines and browsers, must delete this data. Only special measures taken by a public entity or someone entitled to control the web users may lead to this kind of data retention
22
Modrák, Zdeněk. "Webová aplikace zobrazující polohu IP stanic." Master's thesis, Vysoké učení technické v Brně. Fakulta elektrotechniky a komunikačních technologií, 2015. http://www.nusl.cz/ntk/nusl-220392.
Full textAbstract:
Thesis deal with geolocation in internet network. There are described possibilities of geolocation and thesis is mainly focused on passive geolocation methods. Under passive geolocation belongs location databases which there are described as in theoretical way as used in practical part of thesis. In practical part there is created complex system for geolocation in internet environment which used paid and free geolocation databases. Another used database is WHOIS. Data from paid databases is processed and accuracy of databases is evaluated.
23
Signorello, Salvatore. "A multifold approach to address the security issues of stateful forwarding mechanisms in Information-Centric Networks." Thesis, Université de Lorraine, 2018. http://www.theses.fr/2018LORR0109/document.
Full textAbstract:
Ce travail illustre comment les tendances actuelles d'utilisation dominantes sur Internet motivent la recherche sur des architectures futures de réseau plus orientées vers le contenu. Parmi les architectures émergentes pour l'Internet du futur, le paradigme du Information-Centric Networking (ICN) est présenté. ICN vise à redéfinir les protocoles de base d'Internet afin d'y introduire un changement sémantique des hôtes vers les contenus. Parmi les architectures ICN, le Named-Data Networking (NDN) prévoit que les demandes nommées de contenus des utilisateurs soient transmises par leur nom dans les routeurs le long du chemin d'un consommateur à une ou plusieurs sources de contenus. Ces demandes de contenus laissent des traces dans les routeurs traversés qui sont ensuite suivis par les paquets de contenus demandés. La table d'intérêt en attente (PIT) est le composant du plan de données de l'NDN qui enregistre temporairement les demandes de contenus acheminés dans les routeurs. D'une part, ce travail explique que le mécanisme d'acheminement à états de la PIT permet des propriétés comme l'agrégation de requêtes, le multicast de réponses et le contrôle natif de flux hop-by-hop. D'autre part, ce travail illustre comment l'acheminement à états de la PIT peut facilement être mal utilisé par des attaquants pour monter des attaques de déni de service distribué (DDoS) disruptives, appelées Interest Flooding Attacks (IFAs). Dans les IFAs, des botnets vaguement coordonnés peuvent inonder le réseau d'une grande quantité de demandes difficiles à satisfaire dans le but de surcharger soit l'infrastructure du réseau soit les producteurs de contenus. Ce travail de thèse prouve que bien que des contre-mesures contre les IFAs aient été proposées, il manque une compréhension complète de leur efficacité réelle puisque celles-ci ont été testées sous des hypothèses simplistes sur les scénarios d'évaluation. Dans l'ensemble, le travail présenté dans ce manuscrit permet de mieux comprendre les implications des IFAs et les opportunités d'améliorer les mécanismes de défense existants contre ces attaques. Les principales contributions de ce travail de thèse tournent autour d'une analyse de sécurité du plan d'acheminement dans l'architecture NDN. En particulier, ce travail définit un modèle d'attaquant plus robuste pour les IFAs à travers l'identification des failles dans les contre-mesures IFA existantes. Ce travail introduit un nouvel ensemble d'IFAs basé sur le modèle d'attaquant proposé. Les nouveaux IFAs sont utilisés pour réévaluer les plus efficaces contre-mesures IFA existantes. Les résultats de cette évaluation réfutent l'efficacité universelle des mécanismes de défense existants contre l'IFA et, par conséquent, appellent à différentes contre-mesures pour protéger le NDN contre cette menace de sécurité. Pour surmonter le problème révélé, ce travail définit également des contre-mesures proactives contre l'IFA, qui sont de nouveaux mécanismes de défense contre les IFA inspirés par les problèmes rencontrés dans l'état de l'art. Ce travail présente Charon, une nouvelle contre-mesure proactive contre l'IFA, et la teste contre les nouvelles IFAs. Ce travail montre que Charon est plus efficace que les contre-mesures IFA réactives existantes. Enfin, ce travail illustre la conception NDN.p4, c'est-à-dire la première implémentation d'un protocole ICN écrit dans le langage de haut niveau pour les processeurs de paquets P4. Le travail NDN.p4 est la première tentative dans la littérature visant à tirer parti des nouveaux techniques de réseaux programmables pour tester et évaluer différentes conceptions de plan de données NDN. Cette dernière contribution classe également les mécanismes alternatifs d'acheminement par rapport à un ensemble de propriétés cardinales de la PIT. Le travail souligne qu'il vaut la peine d'explorer d'autres mécanismes d'acheminement visant à concevoir un plan de données NDN moins vulnérable à la menace IFAThis work illustrates how today's Internet dominant usage trends motivate research on more content-oriented future network architectures. Among the emerging future Internet proposals, the promising Information-Centric Networking (ICN) research paradigm is presented. ICN aims to redesign Internet's core protocols to promote a shift in focus from hosts to contents. Among the ICN architectures, the Named-Data Networking (NDN) envisions users' named content requests to be forwarded by their names in routers along the path from one consumer to 1-or-many sources. NDN's requests leave trails in traversed routers which are then followed backwards by the requested contents. The Pending Interest Table (PIT) is the NDN's data-plane component which temporarily records forwarded content requests in routers. On one hand, this work explains that the PIT stateful mechanism enables properties like requests aggregation, multicast responses delivery and native hop-by-hop control flow. On the other hand, this work illustrates how the PIT stateful forwarding behavior can be easily abused by malicious users to mount disruptive distributed denial of service attacks (DDoS), named Interest Flooding Attacks (IFAs). In IFAs, loosely coordinated botnets can flood the network with a large amount of hard to satisfy requests with the aim to overload both the network infrastructure and the content producers. This work proves that although countermeasures against IFAs have been proposed, a fair understanding of their real efficacy is missing since those have been tested under simplistic assumptions about the evaluation scenarios. Overall, the work presented in this manuscript shapes a better understanding of both the implications of IFAs and the possibilities of improving the state-of-the-art defense mechanisms against these attacks. The main contributions of this work revolves around a security analysis of the NDN's forwarding plane. In particular, this work defines a more robust attacker model for IFAs by identifying flaws in the state-of-the-art IFA countermeasures. This work introduces a new set of IFAs built upon the proposed attacker model. The novel IFAs are used to re-assess the most effective existing IFA countermeasures. Results of this evaluation disproves the universal efficacy of the state-of-the-art IFA defense mechanisms and so, call for different countermeasures to protect the NDN against this threat. To overcome the revealed issue, this work also defines proactive IFA countermeasures, which are novel defense mechanisms against IFAs inspired by the issues with the state-of-the-art ones. This work introduces Charon, a novel proactive IFA countermeasure, and tests it against the novel IFA attacks. This work shows Charon counteracts latest stealthy IFAs better than the state-of-the-art reactive countermeasures. Finally, this work illustrates the NDN.p4 design, that is, the first implementation of an ICN protocol written in the high-level language for packet processors P4. The NDN.p4 work is the first attempt in the related literature to leverage novel programmable-networks technologies to test and evaluate different NDN forwarding plane designs. This last contribution also classifies existing alternative forwarding mechanisms with respect to a set of PIT cardinal properties. The work outlines that it is worth to explore alternative forwarding mechanisms aiming to design an NDN forwarding plane less vulnerable to the IFA threat
24
Heim, Aileen F. "Preventing Personal Conflicts of Interest for Contractor Employees Performing Acquisition Functions| What Lessons Can Be Learned From This First Effort to Address Government Contractors Employees' Personal Conflicts of Interest." Thesis, The George Washington University, 2013. http://pqdtopen.proquest.com/#viewpdf?dispub=1537342.
Full textAbstract:
Personal conflicts of interest among contractor employees are an increasingly visible and controversial area of U.S. Government contracting, given the U.S. Government’s expanded reliance on contractor personnel. On November 2, 2011, the FAR Council issued a final rule on preventing personal conflicts of interest for contractor employees performing acquisition functions and issued a request for information regarding whether other privately contracted services in addition to acquisition support present sufficient risk to the integrity of the U.S. Government procurement process to warrant additional regulation.
This paper will review the defects in the new rule; will evaluate what lessons can be learned from the new rule to enhance future rules governing the personal conflicts of interest of U.S. Government contractors’ employees; and recommend better integration of U.S. Government compliance regulations to include conflicts of interest rules, protection of proprietary information, and the mandatory disclosure rule to reduce contractor compliance cost and promote implementation efficiencies through integration.
25
Fourcot, Florent [Verfasser], Alexander [Akademischer Betreuer] Schill, Frédéric [Akademischer Betreuer] Cuppens, Jorge [Akademischer Betreuer] Cardoso, and Isabelle [Akademischer Betreuer] Chrisment. "Address spreading in future Internet supporting both the unlinkability of communication relations and the filtering of non legitimate traffic / Florent Fourcot. Betreuer: Alexander Schill ; Frédéric Cuppens. Gutachter: Alexander Schill ; Jorge Cardoso ; Isabelle Chrisment." Dresden : Saechsische Landesbibliothek- Staats- und Universitaetsbibliothek Dresden, 2016. http://d-nb.info/1083462628/34.
Full text
26
Du, Preez Johannes Lodewicus. "Pension interest at divorce : a guide to the treatment of pension interest at divorce with reference to the history, the changes made to legislation, and the expected future outcome as based upon the current outstanding issues to be addressed by the legislature and the Minister of Finance." Thesis, Stellenbosch : Stellenbosch University, 2010. http://hdl.handle.net/10019.1/19878.
Full textAbstract:
Thesis (MAcc) -- Stellenbosch University, 2010.ENGLISH ABSTRACT: Due to a number of legislative changes, the tax treatment of pension interest at divorce has become a complicated issue, as it is not only affected by the Income Tax Act, but also by the Pension Funds Act as well as the Divorce Act. Because these changes are still fairly new to the industry, there are still a couple of technical issues on which the industry is not clear. In practice there are many articles and writers trying to give some form of guidance regarding the technical issues of pension interest at divorce. The study will refer to case law that affected the changes made to the Pension Funds Act, which led to the institution of the “clean-break” principle. Some of the technical issues with regard to a payment of an award made to a non-member spouse by a divorce order will be included along with a discussion on difficulties and uncertainties arising from the “clean-break” principle. The focus of the study will then be directed towards changes made to the Income Tax Act. Specific reference will be made to the tax on an award made to a non-member spouse by a divorce order. In some cases the tax on such an award will be recovered from the member spouse. The Income Tax Act does however provide for a right of recovery, which will be discussed. The payment of the tax from the member’s individual reserve however constitutes an additional accrual according to the Income Tax Act, which leads to a tax-on-tax issue. A discussion on GN33 will be included, as GN33 addresses the tax-on-tax issue. A chapter on preservation funds is included, as it is important to understand the working of these funds on when a non-member spouse has the option to transfer his/her pension interest to such a fund. The study will then look at an inequitable position in which the member finds him/herself when party to a divorce order made before 13 September 2007. Due to the changes made to the Income Tax Act, a situation arose where the member spouse looses out on all or part of his/her R300 000 tax free benefit as allowed by the Income Tax Act for withdrawals from his/her retirement funds. The study will include considerations for financial planning. The industry is placing more and more emphasis on sound financial planning, and it is therefore important to understand the key considerations, which an advisor or a party to a divorce should consider. The study will include a discussion on some of the outstanding issues, which the industry expects the legislature to address in the near future. As the changes to the Income Tax Act are ever changing and the discussion on pension interest at divorce is still a new topic under discussion, the industry is keeping an eye on the expected changes from the finance ministry and the legislature.
AFRIKAANSE OPSOMMING: As gevolg van ’n aantal veranderinge in wetgewing, het die belastinghantering van pensioenbelang by egskeiding ’n ingewikkelde kwessie geword, aangesien dit nie net deur die Inkomstebelastingwet beïnvloed word nie, maar ook deur die Pensioenfondswet sowel as die Egskeidingswet. Die studie sal verwys na regspraak wat aanleiding gegee het tot die veranderinge wat in die Pensioenfondswet gemaak is en wat gelei het tot die instelling van die “skoon-breuk”-beginsel. Sommige van die tegniese vrae wat betref die betaling van ’n toekenning aan ’n nie-lid-gade by ’n egskeidingsbevel sal ingesluit word saam met ’n bespreking van probleme en onsekerhede wat uit die “skoon-breuk”-beginsel voortspruit. Die fokus van die studie sal dan gerig word op veranderinge wat in die Inkomstebelastingwet aangebring is. As gevolg van veranderinge in wetgewing op spesifieke datums, word ’n toekenning wat aan ’n nie-lid-gade gemaak is in terme van ’n egskeidingsbevel belas onder drie verskillende belastingregimes, afhangende van die datum van die egskeidingsbevel. Daar sal spesifiek verwys word na die belasting op ’n toekenning aan ’n nie-lid-gade. In sommige gevalle sal die belasting op so ’n toekenning verhaal word van die lid-gade. Die Inkomstebelastingwet maak egter voorsiening vir ’n verhalingsreg wat ook bespreek sal word. Die betaling van die belasting vanuit die lid-gade se minimum individuele reserwe word egter erken as ’n addisionele toevalling in terme van die Inkomstebelastingwet wat lei tot ’n belasting-op-belasting kwessie. GN33 sal bespreek word aangesien hierdie algemene nota die kwessie aanspreek. ’n Hoofstuk oor bewaringsfondse word ingesluit, aangesien dit belangrik is om die werking van hierdie fondse te verstaan wanneer ’n nie-lid-gade die opsie het om sy/haar pensioenbelang na so ’n fonds oor te dra. Die studie sal dan kyk na ’n onbillike posisie waarin die lid hom/haarself bevind as hy/sy party was by ’n egskeiding voor 13 September 2007. As gevolg van die veranderinge wat in die Inkomstebelastingwet aangebring is, het ’n situasie ontstaan waar die lid eggenoot ’n gedeelte van sy/haar R300 000 belastingvrye voordeel vir onttrekkings van sy/haar aftreefonds, verloor. Die studie sal oorwegings vir finansiële beplanning insluit. Die bedryf plaas al meer klem op omvattende finansiële beplanning en dit is dus belangrik om die deurslaggewende oorwegings waarmee ’n adviseur of ’n party by ’n egskeiding moet rekening hou, te verstaan. Ten slotte sal die studie ’n bespreking insluit van sommige uitstaande kwessies wat die industrie verwag die wetgewer in die toekoms moet aanspreek.
27
Becher, Mike. "Entwicklung des Kommunikationsteilsystems für ein objektorientiertes, verteiltes Betriebssystem." Master's thesis, Universitätsbibliothek Chemnitz, 1998. http://nbn-resolving.de/urn:nbn:de:bsz:ch1-199801481.
Full textAbstract:
Thema dieser Arbeit ist die Entwicklung eines Kommunikationsteilsystems fuer
das Experimentiersystem CHEOPS zur Ermoeglichung einer Interobjektkommunika-
tion zwischen Objekten auf dem gleichen bzw. verschiedenen Systemen.
Ausgangspunkte stellen dabei eine verfuegbare Implementation eines Ethernet-
Treibers der Kartenfamilie WD80x3 fuer MS-DOS, eine geforderte Kommunikations-
moeglichkeit mit UNIX-Prozessen sowie die dort benutzbaren Protokoll-Familien
dar.
Die Arbeit beschaeftigt sich mit der Analyse und Konzipierung des Ethernet-
Treibers sowie der Internet-Protokoll-Familie fuer CHEOPS als auch deren
Implementation resultierend in einem minimalen Grundsystem. Weiterhin wird
ein erster Entwurf fuer ein spaeter weiterzuentwickelndes bzw. zu vervoll-
staendigendes Netz-Interface vorgeschlagen und durch eine Beispiel-Implemen-
tierung belegt.
28
Scarlato, Michele. "Sicurezza di rete, analisi del traffico e monitoraggio." Master's thesis, Alma Mater Studiorum - Università di Bologna, 2012. http://amslaurea.unibo.it/3223/.
Full textAbstract:
Il lavoro è stato suddiviso in tre macro-aree.
Una prima riguardante un'analisi teorica di come funzionano le intrusioni, di quali software vengono utilizzati per compierle, e di come proteggersi (usando i dispositivi che in termine generico si possono riconoscere come i firewall).
Una seconda macro-area che analizza un'intrusione avvenuta dall'esterno verso dei server sensibili di una rete LAN.
Questa analisi viene condotta sui file catturati dalle due interfacce di rete configurate in modalità promiscua su una sonda presente nella LAN.
Le interfacce sono due per potersi interfacciare a due segmenti di LAN aventi due maschere
di sotto-rete differenti. L'attacco viene analizzato mediante vari software.
Si può infatti definire una terza parte del lavoro, la parte dove vengono analizzati i file
catturati dalle due interfacce con i software che prima si occupano di analizzare i dati di
contenuto completo, come Wireshark, poi dei software che si occupano di analizzare i dati di
sessione che sono stati trattati con Argus, e infine i dati di tipo statistico che sono stati trattati
con Ntop.
Il penultimo capitolo, quello prima delle conclusioni, invece tratta l'installazione di Nagios, e
la sua configurazione per il monitoraggio attraverso plugin dello spazio di disco rimanente su
una macchina agent remota, e sui servizi MySql e DNS. Ovviamente Nagios può essere
configurato per monitorare ogni tipo di servizio offerto sulla rete.
29
Yoo, Kevin. "VoIP & NAT compatibility: test techniques and results." Thesis, 2006. http://hdl.handle.net/1828/2213.
Full textAbstract:
Network Address Translation (NAT) devices are common, particularly in the small-offiee/home-office environment. Typically, a NAT device does not disrupt the oper-ation of a client-server application. even if the application is unaware of the device's presence. Unfortunately, the same does not hold for peer-to-peer applications. such as Voice over IP (VoIP).
This thesis investigates the compatibility of VoIP and NAT by making VoIP calls across various NAT device types. Three different test methods are used. differing in the VoIP phone that is used and the degree of automation that is employed. Moreover, the VoIP phones are tested in different configurations, which results in significantly altered traffic and vastly different test results. All test results are presented in detail. along with explanations as to why specific phone/NAT-type combinations succeed or fail.
30
Ravinder, Sunil. "Cache architectures to improve IP lookups." Master's thesis, 2009. http://hdl.handle.net/10048/667.
Full textAbstract:
Thesis (M.Sc.)--University of Alberta, 2009.Title from PDF file main screen (viewed on Mar. 18, 2010). A thesis submitted to the Faculty of Graduate Studies and Research in partial fulfillment of the requirements for the degree of Master of Science, Department of Computing Science, University of Alberta. Includes bibliographical references.
31
Chen, Ting-Hsin, and 陳鼎新. "Strategy Analysis of Internet IPv4 Address Exhaustion." Thesis, 2009. http://ndltd.ncl.edu.tw/handle/66534705597196450261.
Full textAbstract:
碩士淡江大學
資訊管理學系碩士班
97
After the commercial interests in 1991, a large number of Internet service providers started to provide various types of value-added services, and a large number of terminals and 3G, WiMAX communications equipment add to Internet, its geometric growth of the network, IPv4 address space exhaustion issue is more attention. According to IANA''s information, only 12% of the total IPv4 address space remains unallocated in 2009. Geoff Huston observe BGP routing table and the trends of the allocated address over the past 3 years, if current trends continue, projections expect the free pool of unallocated IPv4 address space will run out in the 2 years. For the desired effect, address space exhausted relatively early time. This paper will provide an overview of the current IPv4 allocation of IPv4 address space, the problems of the Internet, tracing the Asia-Pacific Network Information Center with issues of readiness and the impact of IPv4 address space exhaustion. Proposing the strategy of Internet IPv4 address exhaustion and suggesting Taiwan the exhaustion issue. Utilizing the network management, user, continuity, cost, controversy, feasibility, effectiveness of sustainability to assessment of each policy comprehensively. Understanding that the impact of IPv4 address depletion in Taiwan. To ensure that smooth operation and use of the Internet when the depletion of IPv4 resources.
32
Huang, Kenny, and 黃勝雄. "Research on Internet Resource Identifiers and Address Resolution Technologies." Thesis, 2008. http://ndltd.ncl.edu.tw/handle/83917092057964422200.
Full textAbstract:
博士國立政治大學
資訊管理研究所
97
Internet is the information space with the collection of resources, network protocols, resource identifiers and addresses. The resources include not only the physical resources but also the virtual resources such as information services. How to build the efficient identifier mapping mechanism and discover these resources is crucial for efficient use of all kinds of resources. The DNS is the most prevalent means of initiating a network transaction. It is the core of Internet and virtually forwards messages to desired destinations. With the growth of Internet, there are more and more applications and services are innovated with new identifier requirements. DNS simply isn’t capable to identify and resolve these resources. This study describes the DNS technology and its disadvantages. Several technical approaches are evaluated. The study proposes a new Partial match mechanism for resource naming and addressing, which improves the DNS service features, supports the demands for advanced resource identification and resolution. The main contributions of this research are: 1. Research on the issues of equal of simple Chinese characters and traditional Chinese characters; propose a solution based on the algorithm of IDN-Admin to implement the equal of simple Chinese characters (SC) and traditional Chinese (TC) characters, and design TC/SC conversion computing algorithm. 2. Evaluate directory service model in the DNS infrastructure 3. Propose internationalized domain name (IDN) administrative guideline for managing locality IDN implementation and operation. 4. Propose Partial Match Mechanism and multifaceted model. Partial Match Mechanism enhances naming service features and backward integrated with the existing DNS infrastructure. 5. Explore business considerations for multilingual name identifiers.
33
Ho, Fu-Shen, and 何福軒. "On Secure Online Services over the Internet with Network Address Translators." Thesis, 2003. http://ndltd.ncl.edu.tw/handle/77443577856708479489.
Full textAbstract:
博士國立交通大學
資訊工程系
91
In this dissertation, we discuss the issues and propose solutions when deploying secure online services over the Internet with network address translators (NAT). In general, deployment of a secure online service can consist of following steps: probing of services, registration, authentication, payment, content delivery and settlement. We first discuss the pros and cons of NAT from the network layering perspective. Then, to cope with the issues raised by NAT, we propose a service probing and channel establishment protocol that can be deployed across multiple network address realms. After that, customers and service providers have to authenticate each other for further interactions. As an example of efficient authentication mechanism between two parties, we present an ID-based proxy authentication system that leverages the management strength of Public Key Infrastructure (PKI) while inherits the simplicity of a traditional ID-based protocol. Next, we present our payment and settlement models that enables current payment systems to handle transactions involving multiple participants. As the last step, we present two key distribution schemes for content delivery in the conditional access systems of Video-on-Demand (VoD) networks that improve the efficiency of key updates.
34
Wang, Hsiang, and 王翔. "Single-Address-Space Extension on 64-bit Linux and Its Support to Highly Available Internet Service." Thesis, 2005. http://ndltd.ncl.edu.tw/handle/05996095348402878183.
Full textAbstract:
碩士國立清華大學
資訊工程學系
93
Internet service has become very important no matter in business or in our leisure time. Popular Internet service always results in great economical lose while service crash. Due to the long execution time and the huge number of clients, Internet services can easily suffer from transient faults or the software aging problem. Service restart can solve these problems but fully restart of an Internet service may take a long period of time. Thus fully restart will cause the Internet service downtime too long. Some researches have been proposed to reduce the service restart time efficiently. Internet services may achieve higher availability in these researches but will suffer from performance degradation because of the framework characteristic in these researches. We proposed a framework which includes a Single-Address-Space extension on 64-bit Linux and supports to help the Internet service achieve higher availability without much performance degradation as previous researches. In the framework, we make good use of the widespread 64-bit address space. The Internet service with the need of higher availability will be modified to run efficiently in the Single-Address-Space extension and the legacy applications can still run in the traditional Multiple-Address-Space environment.
35
Mtimkulu, Sebabatso. "Towards the functionality South African internet banking websites should provide to address the needs of generation-Y users." Diss., 2014. http://hdl.handle.net/10500/18415.
Full textAbstract:
Despite the widespread adoption of Internet banking, no guidelines exist on what functionality the techno-savvy Generation-Y customer segment (20–37 years) expects from Internet banking websites. This research investigated the functionality that South African Generation-Y customers require from this transacting platform. A user-centred design philosophy with a mixed method research design was used.
The technological characteristics of Generation-Y, abstracted from the literature, were aligned with functionality trends of future Internet banking websites to formulate an initial list of Internet banking functionality guidelines. These were evaluated using a survey and
interviews, and were also used in a heuristic evaluation of the Internet banking platforms of five South African banks.
The findings were integrated to synthesise functionality guidelines. A visual representation of these guidelines was constructed as wireframes for evaluation by Generation-Y users. This study makes a contribution by providing a validated list of Internet banking functionality guidelines for Generation-Y banking customers.College of Engineering, Science & Technology
M. Tech. (Information Technology)
36
Fourcot, Florent. "Address spreading in future Internet supporting both the unlinkability of communication relations and the filtering of non legitimate traffic." Doctoral thesis, 2014. https://tud.qucosa.de/id/qucosa%3A28935.
Full textAbstract:
The rotation of identifiers is a common security mechanism to protect telecommunication; one example is the frequency hopping in wireless communication, used against interception, radio jamming and interferences.
In this thesis, we extend this rotation concept to the Internet. We use the large IPv6 address space to build pseudo-random sequences of IPv6 addresses, known only by senders and receivers. The sequences are used to periodically generate new identifiers, each of them being ephemeral. It provides a new solution to identify a flow of data, packets not following the sequence of addresses will be rejected. We called this technique “address spreading”.
Since the attackers cannot guess the next addresses, it is no longer possible to inject packets. The real IPv6 addresses are obfuscated, protecting against targeted attacks and against identification of the computer sending a flow of data. We have not modified the routing part of IPv6 addresses, so the spreading can be easily deployed on the Internet.
The “address spreading” needs a synchronization between devices, and it has to take care of latency in the network. Otherwise, the identification will reject the packets (false positive detection). We evaluate this risk with a theoretical estimation of packet loss and by running tests on the Internet. We propose a solution to provide a synchronization between devices.
Since the address spreading cannot be deployed without cooperation of end networks, we propose to use ephemeral addresses. Such addresses have a lifetime limited to the communication lifetime between two devices. The ephemeral addresses are based on a cooperation between end devices, they add a tag to each flow of packets, and an intermediate device on the path of the communication, which obfuscates the real address of data flows. The tagging is based on the Flow Label field of IPv6 packets. We propose an evaluation of the current implementations on common operating systems. We fixed on the Linux Kernel behaviours not following the current standards, and bugs on the TCP stack for flow labels. We also provide new features like reading the incoming flow labels and reflecting the flow labels on a socket.
37
YUEH, DAO-YI, and 樂道頤. "The Judgement Against the Competence of a Plaintiff of the Third Party That Shares the Same Interest with the Addressee of the Administrative Decision." Thesis, 2019. http://ndltd.ncl.edu.tw/handle/73xh8c.
Full textAbstract:
碩士輔仁大學
法律學系
107
Ubi jus, ibi remedium Nowadays, the determine foundation of Taiwan’s main stream theory and practice to whether people have public right or legal interest to file an administrative litigation, in order to fulfilling its procedure conditions, is mostly abided by the context of Interpretation No. 469 of Justices and quoted from the “Theory of Protective Norms” under German Law. However, through academic discussions and mass amount of practices, the Theory of Protective Norms are mostly used in those cases that the third party has opposite interest with the addressee of the administrative decision. E.g., neighbor litigation, competitor litigation or environmental litigation. On the opposite, when the third party shares same interest with the addressee of the administrative decision, the Theory of Protective Norms is barely applicable in such circumstances. At this point, how to seek public right for the third party becomes a question. At this moment, the Joint Conference of Presiding Justices and Justices of Supreme Administrative Court reached a resolution in August 2013 which vetoed the citizens to have the standing of a plaintiff. This resolution was made against the question on whether or not citizens have the standing of a plaintiff in the cases of which the authority rejects the resident certification applied by their foreign spouse. As for this deposition, further discussion is necessary since the question on “whether or not citizens (the third party that share the same interest with the addressee of the administrative decision) have the standing of a plaintiff to initiate administrative litigations for their foreign spouse (the opposite party for administrative decision) against the rejected decision” involves both the Marriage and Family Rights in ICCPR&ICESCR and the Right of Instituting Legal Proceedings (also known as where there is a right, there is a remedy) which is guaranteed by the Constitution.
38
Olayinka, Vincent Folajimi, and Вінсент Фолажімі Олайіка. "Deploying IPv6 based network for TopCorn Bank (Nigeria)." Master's thesis, 2017. http://elartu.tntu.edu.ua/handle/lib/24135.
Full textAbstract:
Master’s thesis is devoted to the development of deploying IPv6 . In the thesis presented a structure of deploying IPv6, that inludes designing IPv6 addresses, pinging the network environment, topological schema, physical and logical topology. As a result, the goal of planning and deploying IPv6 for TopCorn bank was established, successful test results how communication with both the main and branch office.
IPv6 must therefore be applied as an important subject to the goal of any banking sector, because it creates for future expansion of any organization.
That is the major reason why deploying IPv6 rather than its older version is very important for any organization sector and that why i chose to deploy it into TopCorn Bank
39
Δελέγκου, Βασιλική. "Ανάλυση πρωτοκόλλων σε επίπεδο εφαρμογής σε δίκτυα τηλεϊατρικής." Thesis, 2011. http://hdl.handle.net/10889/4956.
Full textAbstract:
Η ύπαρξη Διαδικτύου παρέχει την δυνατότητα μεταφοράς δομημένης πληροφορίας, μέσω πολλών διαφορετικών εφαρμογών. Μια από τις πλέον χρησιμοποιούμενες εφαρμογές αποτελεί το ηλεκτρονικό ταχυδρομείο, το οποίο υπάρχει από την αρχή κιόλας του Διαδικτύου. Τα τελευταία χρόνια έχει κάνει την εμφάνιση της μια νέα σημαντική εφαρμογή η τηλεϊατρική, η οποία περιλαμβάνει μηχανισμούς παρόμοιους με το ηλεκτρονικό ταχυδρομείο. Στην παρούσα διπλωματική εργασία παρουσιάζονται τα πρωτόκολλα μορφοποίησης μηνυμάτων Διαδικτύου RFC 822, RFC 2822, RFC 2045 της κατηγορίας MIME καθώς και το RFC 2231. Αποτελούν κάποια από τα βασικότερα πρωτόκολλα ηλεκτρονικού ταχυδρομείου και κατ’επέκταση την βάση για την ανάπτυξη της τηλειατρικής. Ταυτόχρονα γίνεται μια εκτενής αναφορά στα βασικότερα πρωτόκολλα καθορισμού δομής μορφότυπων που χρησιμοποιούνται στην ιατρική πληροφορική. Πιο συγκεκριμένα στο κεφάλαιο 1 παρουσιάζεται το πρωτόκολλο RFC 822 το οποίο καθορίζει το μορφότυπο και τη σημασιολογία των περιεχόμενων του μηνύματος ηλεκτρονικού ταχυδρομείου. Το συγκεκριμένο πρότυπο ενώ είναι ικανοποιητικό για αποστολή μηνυμάτων κειμένου ASCII δεν είναι επαρκές για μεταφορά μορφών κειμένου μη –ASCII. Στο κεφάλαιο 2 γίνεται εκτενής αναφορά στο πρωτόκολλο RFC 2822, το οποίο αποτελεί μια πιο ενημερωμένη έκδοση του RFC 822 ώστε να απεικονίζει την τρέχουσα πρακτική. Καθορίζει αυστηρά την δομή περιεχομένων μηνυμάτων κειμένου ASCII, ενώ ταυτόχρονα δεν λαμβάνει κανένα μέτρο για αποστολή μηνυμάτων πολυμέσων. Στο κεφάλαιο 3 παρουσιάζεται το RFC 2045 της κατηγορίας MIME, το οποίο είναι μια ανεξάρτητη προδιαγραφή που απλά συμπληρώνει το RFC 822. Το πρωτόκολλο αυτό ορίζει τις απαραίτητες πρόσθετες κεφαλίδες στο μήνυμα, ώστε να μπορέσει να σταλεί περιεχόμενο διαφορετικό από κείμενο ASCII. Χρησιμοποιώντας πεδία ετικέτας "MIME- Version", "Content-Type" και "Content-Transfer-Encoding", είναι δυνατό να περιλαμβάνονται με έναν τυποποιημένο τρόπο, αυθαίρετοι τύποι δεδομένων με συμμορφούμενα RFC 822 μηνύματα ταχυδρομείου. Έτσι κανένας περιορισμός που επιβάλλεται από το RFC 822 δεν παραβιάζεται. Στο κεφάλαιο 4 περιγράφεται το πρότυπο RFC 2231, το οποίο καθορίζει τις επεκτάσεις που εξετάζουν διαφόρους περιορισμούς που προκύπτουν από την χρήση παραμέτρων MIME σε πεδία ετικέτας τύπου περιεχομένου και διάθεσης στο Internet. Όλες αυτές οι επεκτάσεις εφαρμόζονται σε ένα μοντέλο που είναι απόλυτα συμβατό σε συντακτικό επίπεδο με υπαρκτές MIME εφαρμογές. Τέλος στο πέμπτο κεφάλαιο παρουσιάζονται τα βασικά πρωτόκολλα καθορισμού δομής μορφοτύπων που χρησιμοποιούνται στον τομέα της τηλειατρικής. Αναλύονται οι λειτουργικές προδιαγραφές της υπηρεσίας WADO. Παρουσιάζεται το IHE XDS σχεδιάγραμμα ολοκλήρωσης, που επιλαμβάνεται του προβλήματος της διαλειτουργικότητας του ΗΑΥΠ. (Hλεκτρονικό Aρχείο Yγειονομικής Περίθαλψης - ΗΑΥΠ -Electronic Healthcare Record – EHR). Το ΗΑΥΠ αποτελεί έναν βασικό ερευνητικό τομέα στην ιατρική πληροφορική.The existence of the Internet provides the possibility to transfer structured information through many different applications.One of the most used applications is the e-mail, which exists from the very beginning of the Internet. Recently a new important application, the telemedicine, appears which includes operations similar to e-mail.In this diploma thesis the protocols for the format of Internet messages RFC 822, RFC 2822, the RFC 2045 of the category of MIME and also the RFC 2231 are presented. These are some of the most basic e-mail protocols and thus the basis for the development of telemedicine. Simultaneously there is a comprehensive reference to the basic protocols that establish a structure format and are used in Medical Informatics.Specifically, Chapter 1presents the protocol RFC 822, which defines the format and semantics of the contents of the e-mail. Atlhough this protocol is sufficient for ASCII text messages sending, it’s not for non-ASCII text messages.In Chapter 2 there is reference to protocol RFC 2822, which is a more updated version of RFC 822, in order to reflect current practice. It strictly defines the structure of contents of text messages while it makes no provision for the transmission of multimedia messages. In Chapter 3 we present the RFC 2045 of the category MIME which is an independent specification that complements RFC 822.This protocol provides the necessary additional header in the mail in order to sent content of non-ASCII text. By using header fields "MIME- Version","Content-Type"and"Content-Transfer-Encoding ", it’s possible arbitrary data types with compliant mail messages to be included in a standard way. Because of this any restriction imposed by RFC 822, is being violated. In Chapter 4 , we describe the standard RFC 2231 which defines the extensions considering different restrictions that arise from the use of MIME parameters in content type and content-disposition header fields in Internet e-mail.All these extensions are applicable to a model which is completely compatible in syntax level with already existing applications. Finally in Chapter 5 we present the basic protocols that determine structure formats and are used in telemedicine. Also the functional specifications of the WADO are analyzed here.The IHE XDS layout integration is presented that address the problem of interoperability of HER. The HER is a key research field in medical informatics.
40
Tladi, Sebolawe Erna Mokowadi. "The regulation of unsolicited electronic communications (SPAM) in South Africa : a comparative study." Thesis, 2017. http://hdl.handle.net/10500/25265.
Full textAbstract:
The practice of spamming (sending unsolicited electronic communications) has been dubbed “the scourge of the 21st century” affecting different stakeholders. This practice is also credited for not only disrupting electronic communications but also, it overloads electronic systems and creates unnecessary costs for those affected than the ones responsible for sending such communications. In trying to address this issue nations have implemented anti-spam laws to combat the scourge. South Africa not lagging behind, has put in place anti-spam provisions to deal with the scourge. The anti-spam provisions are scattered in pieces of legislation dealing with diverse issues including: consumer protection; direct marketing; credit laws; and electronic transactions and communications. In addition to these provisions, an Amendment Bill to one of these laws and two Bills covering cybercrimes and cyber-security issues have been published.
In this thesis, a question is asked on whether the current fragmented anti-spam provisions are adequate in protecting consumers. Whether the overlaps between these pieces of legislation are competent to deal with the ever increasing threats on electronic communications at large. Finally, the question as to whether a multi-faceted approach, which includes a Model Law on spam would be a suitable starting point setting out requirements for the sending of unsolicited electronic communications can be sufficient in protecting consumers. And as spam is not only a national but also a global problem, South Africa needs to look at the option of entering into mutual agreements with other countries and organisations in order to combat spam at a global level.Mercantile Law
LL. D.
41
"Entwicklung des Kommunikationsteilsystems für ein objektorientiertes, verteiltes Betriebssystem." Master's thesis, siehe Literaturverzeichnis, 1998. https://monarch.qucosa.de/id/qucosa%3A17525.
Full textAbstract:
Thema dieser Arbeit ist die Entwicklung eines Kommunikationsteilsystems fuer
das Experimentiersystem CHEOPS zur Ermoeglichung einer Interobjektkommunika-
tion zwischen Objekten auf dem gleichen bzw. verschiedenen Systemen.
Ausgangspunkte stellen dabei eine verfuegbare Implementation eines Ethernet-
Treibers der Kartenfamilie WD80x3 fuer MS-DOS, eine geforderte Kommunikations-
moeglichkeit mit UNIX-Prozessen sowie die dort benutzbaren Protokoll-Familien
dar.
Die Arbeit beschaeftigt sich mit der Analyse und Konzipierung des Ethernet-
Treibers sowie der Internet-Protokoll-Familie fuer CHEOPS als auch deren
Implementation resultierend in einem minimalen Grundsystem. Weiterhin wird
ein erster Entwurf fuer ein spaeter weiterzuentwickelndes bzw. zu vervoll-
staendigendes Netz-Interface vorgeschlagen und durch eine Beispiel-Implemen-
tierung belegt.