Extending the Functionality of the Realm Gateway

dc.contributorAalto-yliopistofi
dc.contributorAalto Universityen
dc.contributor.advisorTilli, Juha-Matti
dc.contributor.advisorKabir, Hammad
dc.contributor.authorRiaz, Maria
dc.contributor.schoolSähkötekniikan korkeakoulufi
dc.contributor.supervisorKantola, Raimo
dc.date.accessioned2019-10-27T19:46:52Z
dc.date.available2019-10-27T19:46:52Z
dc.date.issued2019-10-21
dc.description.abstractThe promise of 5G and Internet of Things (IoT) expects the coming years to witness substantial growth of connected devices. This increase in the number of connected devices further aggravates the IPv4 address exhaustion problem. Network Address Translation (NAT) is a widely known solution to cater to the issue of IPv4 address depletion but it poses an issue of reachability. Since Hypertext Transfer Protocol (HTTP) and Hypertext Transfer Protocol Secure (HTTPS) application layer protocols play a vital role in the communication of the mobile devices and IoT devices, the NAT reachability problem needs to be addressed particularly for these protocols. Realm Gateway (RGW) is a solution proposed to overcome the NAT traversal issue. It acts as a Destination NAT (DNAT) for inbound connections initiated towards the private hosts while acting as a Source NAT (SNAT) for the connections in the outbound direction. The DNAT functionality of RGW is based on a circular pool algorithm that relies on the Domain Name System (DNS) queries sent by the client to maintain the correct connection state. However, an additional reverse proxy is needed with RGW for dealing with HTTP and HTTPS connections. In this thesis, a custom Application Layer Gateway (ALG) is designed to enable end-to-end communication between the public clients and private web servers over HTTP and HTTPS. The ALG replaces the reverse proxy used in the original RGW software. Our solution uses a custom parser-lexer for the hostname detection and routing of the traffic to the correct back-end web server. Furthermore, we integrated the RGW with a policy management system called Security Policy Management (SPM) for storing and retrieving the policies of RGW. We analyzed the impact of the new extensions on the performance of RGW in terms of scalability and computational overhead. Our analysis shows that ALG's performance is directly dependent on the hardware specification of the system. ALG has an advantage over the reverse proxy as it does not require the private keys of the back-end servers for forwarding the encrypted HTTPS traffic. Therefore, using a system with powerful processing capabilities improves the performance of RGW as ALG outperforms the NGINX reverse proxy used in the original RGW solution.en
dc.format.extent86
dc.format.mimetypeapplication/pdfen
dc.identifier.urihttps://aaltodoc.aalto.fi/handle/123456789/40865
dc.identifier.urnURN:NBN:fi:aalto-201910275869
dc.language.isoenen
dc.locationP1fi
dc.programmeCCIS - Master’s Programme in Computer, Communication and Information Sciences (TS2013)fi
dc.programme.majorCommunications Engineeringfi
dc.programme.mcodeELEC3029fi
dc.subject.keywordapplication layer gatewayen
dc.subject.keywordpolicy management systemen
dc.subject.keywordnetwork address translationen
dc.subject.keywordHTTPen
dc.subject.keywordHTTPSen
dc.titleExtending the Functionality of the Realm Gatewayen
dc.typeG2 Pro gradu, diplomityöfi
dc.type.ontasotMaster's thesisen
dc.type.ontasotDiplomityöfi
local.aalto.electroniconlyyes
local.aalto.openaccessyes
Files
Original bundle
Now showing 1 - 1 of 1
No Thumbnail Available
Name:
master_Riaz_Maria_2019.pdf
Size:
5.31 MB
Format:
Adobe Portable Document Format