Security Mechanisms for a Cooperative Firewall

Loading...
Thumbnail Image
Journal Title
Journal ISSN
Volume Title
Sähkötekniikan korkeakoulu | Master's thesis
Date
2014-03-31
Department
Major/Subject
Networking Technology
Mcode
S3029
Degree programme
TLT - Master’s Programme in Communications Engineering
Language
en
Pages
115+3
Series
Abstract
The growing number of mobile users and mobile broadband subscriptions around the world calls for support of mobility in the Internet and also demands more addresses from the already depleting IP address space. The deployment of Network Address Translation (NAT) at network edges to extend the lifetime of IPv4 address space introduced the reachability problem in the Internet. While various NAT traversal proposals have attempted to solve the reachability problem, no perfect solution for mobile devices has been proposed. A solution is proposed at COMNET department of Aalto University, which is called Customer Edge Switching and it has resulted in a prototype called Customer Edge Switches (CES). While it addresses many of the current Internet issues i.e. reachability problem, IPv4 address space depletion, so far security has generally been considered out of scope. This thesis aims at identifying the security vulnerabilities present within the CES architecture. The architecture is secured against various network attacks by presenting a set of security models. The evaluation and performance analysis of these security models proves that the CES architecture is secured against various network attacks only by introducing minimal delay in connection establishment. The delay introduced does not affect the normal communication pattern and the sending host does not notice a difference compared to the current situation. For legacy interworking a CES can have the Private Realm Gateway (PRGW) function. The security mechanisms for PRGW also generate promising results in terms of security. The thesis further contributes towards security by discussing a set of deployment models for PRGW and CES-to-CES communication.
Description
Supervisor
Kantola, Raimo
Thesis advisor
Beijar, Nicklas
Keywords
IP, CES, security, traversal, DoS, NAT, reachability
Other note
Citation