Virtual Honeynet Project
Projects Related to Network Architectures and Protocols
With the G-Lab project a Germany-wide research community and experimental facility platform is build up to investigate the interplay between new technologies and the requirements of emerging applications. Funded by the German Federal Ministry of Education and Research (Bundesministerium für Bildung und Forschung) the project consists of 32 partners, now. The first phase started in October 2008 with six partners, scince 2009 the Computer Networking Technology Group is involved in the second phase of the project. A goal is to explore innovative composition-approaches for cooperation between network and services with the focus on security in the future internet.
The Stream Control Transmission Protocol (SCTP) as defined in RFC 4960 is an advanced Transport Layer protocol that provides support for multi-homing. That is, SCTP endpoints may simultaneously use multiple Network Layer addresses, which allows to connect the endpoints to multiple networks for redundancy purposes. However, for the transfer of user data, only one of the possible paths is currently used at a time. All other paths remain as backup and are only used for retransmissions. Clearly, the existence of multiple paths has led to the idea of applying load sharing among the paths. An extension to SCTP -- denoted as Concurrent Multipath Transfer (CMT) -- realises this load sharing functionality. While this approach works well for similar paths, i.e. paths having similar characteristics regarding bandwidths, bit error rates and delays, the use of dissimilar paths does not work that neatly.
The Reliable Server Pooling (RSerPool) architecture currently under standardisation by the IETF RSerPool Working Group is an overlay network framework to provide server replication and session failover capabilities to applications using it. These functionalities as such are not new, but their combination into one generic, application-independent framework is. Initial goal of this project is to gain insight into the complex RSerPool mechanisms by performing experimental and simulative proof-of-concept tests. The further goals are to systematically validate the RSerPool architecture and its protocols, provide improvements and optimisations where necessary and propose extensions if useful. Based on these evaluations, recommendations to implementers and users of RSerPool should be provided, giving guidelines for the tuning of system parameters and the appropriate configuration of application scenarios.
Die Verfügbarkeit von günstigen und energieeffizienten Funktransceivers ermöglicht die drahtlose Vernetzung von kleinen Messgeräten die im Bereich "Building Management" eingesetzt werden können. Geringe Wartungskosten und Langlebigkeit sind entscheidende Faktoren, die die wirtschaftliche Nutzung dieser neuen Technologien beeinflussen. Ziel des Projekts ist die Entwicklung eines batteriebetriebenen funkbasierten ad-hoc Sensorennetzes mit einer erwarteten Lebensdauer von mehreren Jahren. Alle Komponenten der Protokollstruktur müssen energieschonend und effizient zusammenarbeiten um die erwartete Lebensdauer zu ermöglichen. Die Verwendung von einem extrem geringen Arbeitszyklus stellt neue Anforderungen am verwendeten Protokollstack. Beträchtliche Synchronisationsfehler können auftreten und die Konnektivität zwischen Nachbarnknoten beeinflussen. Neue Simulationsmodelle müssen entworfen werden, da die herkömmlichen Verfahren nur bedingt anwendbar sind in einer Umgebung, in der von mehreren beweglichen und nicht beweglichen Hindernissen verursachten Dämpfungen und Reflexionen die Signalausbreitung beeinflussen.
Flow routing is a novel concept for efficient high-speed routing. Combining the flow routing concept with Quality of Service (QoS), a network can efficiently cope with the requirements of modern multimedia applications. The main goal of our flow routing project is to develop, evaluate and finally also standardize a QoS concept for assuring the bandwidth requirements of multimedia applications but requiring only minimal signalling overhead.
The Computer Networking Technology group works in co-operation with Lucent Technologies for the development of the existing Radio Access Networks (RAN) to a Multiband-/Multistandard-Radio Access Network (MxRAN) with a common management of all radio resources.
The overall objective of the KING (Key components for the Internet of the Next Generation) research project was to develop efficient solutions for carrier-grade IP networks that satisfy high QoS and resilience requirements by means of a common approach, while at the same time providing low operational overheads. The Computer Networking Technology Group was involved in this project to develop a security architecture for this new approach.
Projects Related to Network Security
Applications based on Peer-to-Peer (P2P) protocols have become tremendously popular over the last few years now accounting for a significant share of the total network traffic. With P2P overlays, services can be provided fully decentralized without the need for support in the network infrastructure. The Computer Networking Technology group is involved in research on different P2P overlay topologies and their dynamics as well as in investigations of user behavior and impacts on traffic management tasks.
As setting up and mainting firewall systems at all interconnection points is a prohibitively complex and expensive task for IP carriers when they want to protect their networks against certain types of unwanted traffic, they usually set up packet filter configurations inside edge routers. However, in many cases those filters can be better placed inside the network. The distribution of efficient filter configurations in large, heterogenous IP networks (comprising PFNs - Packet Filter Networks) is the goal of this research approach.
We deploy virtual Honeynets for special security applications. While Honeynets are generally used to attract, detect and analyze attacks, wen deploy them for imroving network security. In previous projects we could identify a wide range of attack types coming from the internet. But they were all well-known. With this project we implement and test methods to attract new attack types by using an on-demand service reconfiguration of our virutal networks.
A main focus of research about the Stream Control Transmission Protocol is to secure end-to-end traffic. At the beginning the interwork of SCTP with IPsec and TLS was investigated. Because these solutions do not support all features of SCTP, an extension to SCTP, named Secure-SCTP, was developed.