Security Mechanisms for a Cooperative Firewall

dc.contributorAalto-yliopistofi
dc.contributorAalto Universityen
dc.contributor.advisorBeijar, Nicklas
dc.contributor.authorKabir, Hammad
dc.contributor.schoolSähkötekniikan korkeakoulufi
dc.contributor.supervisorKantola, Raimo
dc.date.accessioned2014-04-17T10:09:13Z
dc.date.available2014-04-17T10:09:13Z
dc.date.issued2014-03-31
dc.description.abstractThe growing number of mobile users and mobile broadband subscriptions around the world calls for support of mobility in the Internet and also demands more addresses from the already depleting IP address space. The deployment of Network Address Translation (NAT) at network edges to extend the lifetime of IPv4 address space introduced the reachability problem in the Internet. While various NAT traversal proposals have attempted to solve the reachability problem, no perfect solution for mobile devices has been proposed. A solution is proposed at COMNET department of Aalto University, which is called Customer Edge Switching and it has resulted in a prototype called Customer Edge Switches (CES). While it addresses many of the current Internet issues i.e. reachability problem, IPv4 address space depletion, so far security has generally been considered out of scope. This thesis aims at identifying the security vulnerabilities present within the CES architecture. The architecture is secured against various network attacks by presenting a set of security models. The evaluation and performance analysis of these security models proves that the CES architecture is secured against various network attacks only by introducing minimal delay in connection establishment. The delay introduced does not affect the normal communication pattern and the sending host does not notice a difference compared to the current situation. For legacy interworking a CES can have the Private Realm Gateway (PRGW) function. The security mechanisms for PRGW also generate promising results in terms of security. The thesis further contributes towards security by discussing a set of deployment models for PRGW and CES-to-CES communication.en
dc.format.extent115+3
dc.format.mimetypeapplication/pdfen
dc.identifier.urihttps://aaltodoc.aalto.fi/handle/123456789/12903
dc.identifier.urnURN:NBN:fi:aalto-201404181705
dc.language.isoenen
dc.locationP1fi
dc.programmeTLT - Master’s Programme in Communications Engineeringfi
dc.programme.majorNetworking Technologyfi
dc.programme.mcodeS3029fi
dc.rights.accesslevelopenAccess
dc.subject.keywordIPen
dc.subject.keywordCESen
dc.subject.keywordsecurityen
dc.subject.keywordtraversalen
dc.subject.keywordDoSen
dc.subject.keywordNATen
dc.subject.keywordreachabilityen
dc.titleSecurity Mechanisms for a Cooperative Firewallen
dc.typeG2 Pro gradu, diplomityöen
dc.type.okmG2 Pro gradu, diplomityö
dc.type.ontasotDiplomityöfi
dc.type.ontasotMaster's thesisen
dc.type.publicationmasterThesis
local.aalto.digifolderAalto_05872
local.aalto.idinssi48906
local.aalto.openaccessyes
Files
Original bundle
Now showing 1 - 1 of 1
No Thumbnail Available
Name:
master_Kabir_Hammad_2014.pdf
Size:
3.25 MB
Format:
Adobe Portable Document Format