Browsing by Author "Papadopoulos, Christos, committee member"
Now showing 1 - 9 of 9
Results Per Page
Sort Options
Item Open Access Autonomous trucks as a scalable system of systems: development, constituent systems communication protocols and cybersecurity(Colorado State University. Libraries, 2024) Elhadeedy, Ahmed, author; Daily, Jeremy, advisor; Chong, Edwin, committee member; Papadopoulos, Christos, committee member; Luo, Jie, committee memberDriverless vehicles are complex to develop due to the number of systems required for safe and secure autonomous operation. Autonomous vehicles embody the definition of a system of systems as they incorporate several systems to enable functions like perception, decision-making, vehicle controls, and external communication. Constituent systems are often developed by different vendors globally which introduces challenges during the development process. Additionally, as the fleet of autonomous vehicles scales, optimization of onboard and off-board communication between the constituent systems becomes critical. Autonomous truck and trailer configurations face challenges when operating in reverse due to the lack of sensing on the trailer. It is anticipated that sensor packages will be installed on existing trailers to extend autonomous operations while operating in reverse in uncontrolled environments, like a customer's loading dock. Power Line Communication (PLC) between the trailer and the tractor cannot support high bandwidth and low latency communication. Legacy communications use powerline carrier communications at 9600 baud, so upfitting existing trailers for autonomous operations will require adopting technologies like Ethernet or a wireless harness between the truck and the trailer. This would require additional security measures and architecture, especially when pairing a tractor with a trailer. We proposed tailoring the system of systems Model for autonomous vehicles. The model serves as the governing framework for the development of constituent systems. It's essential for the SoS model to accommodate various development approaches that are used for hardware, and software such as Agile, or Vee models. Additionally, a queuing model for certificates authentication compares the named certificate approach with the traditional approach. The model shows the potential benefits of named certificates when the autonomous vehicles are scaled. We also proposed using named J1939 signals to reduce complexities and integration efforts when multiple on-board or off-board systems request vehicle signals. We discuss the current challenges and threats on autonomous truck-trailer communication when Ethernet or a wireless harness is used, and the impact on the Electronic Control Unit (ECU) lifecycle. In addition to using Named Data Networking (NDN) to secure in-vehicle and cloud communication. Named Data Networking can reduce the complexity of the security of the in-vehicle communication networks where it provides a networking solution with security by design.Item Open Access Decentralized and dynamic community formation in P2P networks and performance of community based caching(Colorado State University. Libraries, 2015) Limo, Chepchumba Soti, author; Jayasumana, Anura P., advisor; Yang, Liuqing, committee member; Papadopoulos, Christos, committee memberDistributed Hash Tables (DHT) are commonly used in large Peer-to-Peer networks to increase the efficiently of resolving queries. Minimizing the resource discovery time in P2P networks is highly desirable to improve system-wide performance. Distributed caching is an approach used to reduce the look-up time. File sharing P2P networks have shown that there exists nodes/users who share similar interests based on semantics, geography, etc., and a group of nodes that share similar interests are said to form a community. A Community Based Caching (CBC) algorithm where nodes make caching decisions based on personal interests is investigated. One of CBC’s major contributions is that it alleviates the issue of nodes being limited to caching resources that are popular relative to the entire network. Instead, caching decisions are primarily based on a node's community affiliations and interests. Community discovery algorithms that currently exists either need a centralized source(s) to aid in community discovery or require additional messaging and complicated computations to determine whether to join a group or not. In many cases, nodes are also limited to being members of only one community at a time. A dynamic and decentralized community discovery algorithm, Dynamic Group Discovery (DGD), is proposed. DGD also allows nodes to be members of multiple communities at the same time. DGD's behavior and performance is then evaluated in conjunction with the Community Based Caching algorithm. To aid in group discovery during run time (i.e., dynamically), DGD uses special keys with embedded group identification information. Oversim, a flexible overly network simulation framework is used to evaluate the proposed DGD algorithm. Performance of DGD is compared to Chord and Static Group Allocation (SGA), in which group identification is done only once. Performance is evaluated for different network sizes, community sizes, and asymmetry among communities. Performance results are presented and analyzed when queries are resolved using cache data versus when queries are resolved using non-cache data. The analysis shows that DGD generally improves lookup performance when cache data is used to resolved queries. However, when non-cache data is used, DGD occasionally performs slightly worse than Chord and SGA. For example, in a network with 10,000 nodes, asymmetrical communities and no churn group churn, DGD outperforms Chord by approximately half a hop and 0.1 seconds in latency. When churn was introduced to the same network, DGD performance drops by approximately one hop and 0.15 seconds in latency. The results also show that approximately 90% of the queries are resolved using non-cache data and therefore, even though DGD is guaranteed to reduce lookup time when asymmetrical communities are present and cache records are to used to resolve queries, it is often not enough to significantly improve overall system performance. The results however confirm that caching resources based on personal interests really does reduced lookup performance when resolving queries using cache records.Item Open Access Hermes - scalable real-time BGP broker with routing streams integration(Colorado State University. Libraries, 2011) Belyaev, Kirill Alexandrovich, author; Massey, Daniel F., advisor; Papadopoulos, Christos, committee member; Pallickara, Shrideep, committee member; Hayne, Stephen C., committee memberBGP is the de facto inter-domain routing protocol of Internet and understanding BGP is critically important for current Internet research and operations. Current Internet research is heavily dependent upon the availability of reliable up-to-date BGP data sources and often evaluated using data drawn from the operational Internet. The BGP real data supports a wide range of efforts ranging from understanding the Internet topology to building more accurate simulations for network protocols. To study and address the Internet research challenges, accessible BGP data is needed. Fortunately a number of BGP monitoring projects have been deployed for BGP data provision. However experience over a number of years has also indicated some major limitations in the current BGP data collection model with the most dramatic one being the inability to deliver real-time data and incapability to process and analyze this data fast enough in a flexible and efficient manner. This thesis presents the design and implementation of the new tool for analyzing BGP routing data in real-time - Hermes BGP Broker. Hermes is build upon the solid foundation of the related project - BGPmon [CSU] that is the BGP aggregation and monitoring platform that uses a publish/subscribe overlay network to provide real-time access to vast numbers of peers and clients. All routing events are consolidated into a single XML stream. XML allows to add additional features such as labeling updates to allow easy identification of useful data by clients and other related data structuring. Hermes as the Broker for BGPmon represents the next generation of route monitoring and analysis tools that bring routing data to the level of end-user applications. The main contribution of this thesis is the design and implementation of a new BGP route analysis platform that can be extensively used both in research and operational communities. Our work on Hermes has delivered the system that is able to analyze continuous XML data stream of BGP updates in real time and select non-duplicate messages that correspond to the specified regular expression pattern. Besides effective filtering mechanism Hermes is capable to scale really well with a large number of concurrent stream subscribers. Its performance under intensive benchmarking has been evaluated and estimated to be suitable for real-world deployment under heavy load with a large number of concurrent clients. The system is also able to distribute the filtering computations among a number of nodes and form Hermes data stream meshes of various topologies.Item Open Access Horizontal scaling of video conferencing applications in virtualized environments(Colorado State University. Libraries, 2016) Luo, Mante, author; Pallickara, Shrideep, advisor; Papadopoulos, Christos, committee member; Turk, Daniel, committee memberVideo conferencing is one of the most widely used services in the world. However, it usually requires dedicated hardware and expensive licenses. Cloud computing has helped many companies achieve lower operation costs, and many applications including video conferencing are being transitioned into the cloud. However, most video-conferencing applications do not support horizontal scaling as a built-in feature, which is essential to embrace the advantages of virtualized environments. The objective of this thesis is to explore horizontal scaling of video conferencing applications. We explore these ideas in the context of a Jitsi an open-source video-conferencing. The thesis develops a methodology for horizontal scaling in the Amazon EC2 cloud with the objective of ensuring quality of service such as per-packet latency (primarily), loss rates, jitter, and the number of participants per session. We build predictive models to inform our horizontal scaling decisions. Proactive scaling allows us to preserve several qualities of service metrics for video-conferencing. Scaling in the EC2 environment is fast and cost-effective with the added benefit of high availability, which helps us support large number of users consistently without much downtime.Item Open Access Management of internet-based service quality(Colorado State University. Libraries, 2012) Yan, He, author; Massey, Daniel, advisor; Papadopoulos, Christos, committee member; Pallickara, Shrideep, committee member; Turk, Dan, committee member; Ge, Zihui, committee member; Yates, Jennifer, committee memberAn increasingly diverse set of services, content distribution network (CDN), Internet games, streaming videos, online-banking, IPTV, VPN, cloud computing and VoIP, are built on top of Internet. For most of these Internet-based services, best effort delivery is no longer an acceptable mode of operation as ultra-high reliability and performance is demanded to meet the stringent service-level requirements. In this dissertation, we focus on the research problem: how to manage the Internet- based service quality in a efficient and proactive manner from a service provider's point of view. Managing Internet-based service quality is extremely challenging due to its massive scale, complicated topology, high protocol complexity, ever-changing software or hardware environment and multiple administrative domains. We propose to look into this problem from two views (user view and network view) and design a novel infrastructure that consists of three systems (Argus, G-RCA and TowerScan) to enable managing Internet-based service quality from both views. We deployed our infrastructure in a tier-1 ISP that provides various Internet-based service and it has proven to be a highly effective way to manage the quality of Internet-based services.Item Open Access Representing BGP and routing flows in XML(Colorado State University. Libraries, 2013) Bartlett, Jason D., author; Massey, Daniel F., advisor; Papadopoulos, Christos, committee member; Hayne, Stephen C., committee memberMonitoring routing in the Internet is a significant aspect of network security today. Incorrect information that is introduced into the system can result in problems ranging from a particular service or website becoming temporarily inaccessible, to large blocks of network addresses becoming cut off from the rest of the Internet, to potentially-sensitive user information being redirected to a malicious actor. Current monitoring projects generate a huge dataset for users for sift through. A single collection point collecting routing data from a dozen routers can archive 1800 update messages every 15 minutes. The largest current monitoring projects have 12-16 collection points, some of which can have several dozen routers feeding data into them, and some of which have been saving data for a decade or more. These archives are stored in a binary format called MRT that appends metadata about the particular routing session being monitored to the raw data received by a router. They also depend on tools to convert the binary into usable, but rigid, ASCII formats. Ideally, this data could be represented in a standardized ASCII format that both human user and machine application can make use of. Furthermore, such a format ought to be able to be easily extended, whether to represent new features in the underlying data or to transport user-specific annotations, without creating compatibility problems. XML and XSD provide the mechanisms necessary to accomplish this and the framework necessary to do it in such a way that the resulting definitions can become standardized. This work presents an XSD-based generic format for representing the flow of routing data between arbitrary routers. To provide a concrete realization of this idea, additional schema are defined to describe Border Gateway Protocol messages and several common networking datatypes. All of these schema are defined to provide validation of their underlying data, but are also flexible enough to accommodate extensions within the data and additional datatypes not already included in the schema.Item Open Access ROVER: a DNS-based method to detect and prevent IP hijacks(Colorado State University. Libraries, 2013) Gersch, Joseph E., author; Massey, Daniel, advisor; Papadopoulos, Christos, committee member; Strout, Michelle M., committee member; Hayne, Stephen C., committee memberThe Border Gateway Protocol (BGP) is critical to the global internet infrastructure. Unfortunately BGP routing was designed with limited regard for security. As a result, IP route hijacking has been observed for more than 16 years. Well known incidents include a 2008 hijack of YouTube, loss of connectivity for Australia in February 2012, and an event that partially crippled Google in November 2012. Concern has been escalating as critical national infrastructure is reliant on a secure foundation for the Internet. Disruptions to military, banking, utilities, industry, and commerce can be catastrophic. In this dissertation we propose ROVER (Route Origin VERification System), a novel and practical solution for detecting and preventing origin and sub-prefix hijacks. ROVER exploits the reverse DNS for storing route origin data and provides a fail-safe, best effort approach to authentication. This approach can be used with a variety of operational models including fully dynamic in-line BGP filtering, periodically updated authenticated route filters, and real-time notifications for network operators. Our thesis is that ROVER systems can be deployed by a small number of institutions in an incremental fashion and still effectively thwart origin and sub-prefix IP hijacking despite non-participation by the majority of Autonomous System owners. We then present research results supporting this statement. We evaluate the effectiveness of ROVER using simulations on an Internet scale topology as well as with tests on real operational systems. Analyses include a study of IP hijack propagation patterns, effectiveness of various deployment models, critical mass requirements, and an examination of ROVER resilience and scalability.Item Open Access Secure CAN logging and data analysis(Colorado State University. Libraries, 2020) Van, Duy, author; Daily, Jeremy, advisor; Simske, Steve, committee member; Papadopoulos, Christos, committee member; Hayne, Stephen, committee memberController Area Network (CAN) communications are an essential element of modern vehicles, particularly heavy trucks. However, CAN protocols are vulnerable from a cybersecurity perspective in that they have no mechanism for authentication or authorization. Attacks on vehicle CAN systems present a risk to driver privacy and possibly driver safety. Therefore, developing new tools and techniques to detect cybersecurity threats within CAN networks is a critical research topic. A key component of this research is compiling a large database of representative CAN data from operational vehicles on the road. This database will be used to develop methods for detecting intrusions or other potential threats. In this paper, an open-source CAN logger was developed that used hardware and software following the industry security standards to securely log and transmit heavy vehicle CAN data. A hardware prototype demonstrated the ability to encrypt data at over 6 Megabits per second (Mbps) and successfully log all data at 100% bus load on a 1 Mbps baud CAN network in a laboratory setting. An AES-128 Cipher Block Chaining (CBC) encryption mode was chosen. A Hardware Security Module (HSM) was used to generate and securely store asymmetric key pairs for cryptographic communication with a third-party cloud database. It also implemented Elliptic-Curve Cryptography (ECC) algorithms to perform key exchange and sign the data for integrity verification. This solution ensures secure data collection and transmission because only encrypted data is ever stored or transmitted, and communication with the third-party cloud server uses shared, asymmetric secret keys as well as Transport Layer Security (TLS).Item Open Access Security of virtual coordinate based wireless sensor networks(Colorado State University. Libraries, 2015) Bose, Divyanka, author; Jayasumana, Anura, advisor; Pasricha, Sudeep, committee member; Papadopoulos, Christos, committee memberWireless Sensor Networks (WSNs) perform critical functions in many applications such as, military surveillance, rescue operations, detection of fires and heath care monitoring. In these applications, nodes in the network carry critical and sensitive data. Thus, WSNs are prone to various kinds of attacks that target different protocols and layers of the network. Also, most of the WSNs are placed remotely that makes it difficult to implement security measures after deployment. Thus, security of WSNs needs to be considered at the initial stage of system design. In many applications, the nodes are deployed randomly, and thus are unpredictable in terms of physical network topology. Virtual Coordinate (VC) based WSNs possess significant advantages over Geographical Coordinate (GC) based WSNs. This is because VCs negate the need for physical localization of nodes, which require costly techniques like GPS. The VCs of the nodes in the network are very important for basic functionalities such as routing and self-organization. However, security of VCs has not been extensively researched even though routing algorithms rely on the correctness of the VCs for proper functioning. VC based WSNs are susceptible to attacks resulting from malicious modification of VCs of individual nodes. While the impact of some such attacks is localized, others such as Coordinate Deflation and Wormholes (tunneling) can cause severe disruptions. This thesis proposes techniques for the detection and mitigation of attacks, which are aimed at the VC based WSNs. We propose a novel approach where coordinate attacks are identified by detecting changes in the shape of the network, extracted using Topology Maps. A comprehensive solution for detection of coordinate-based attacks on VC systems is presented that combines Beta Reputation System and a reputation based routing scheme. Latter ensures safe communication that bypasses malicious nodes during detection process. The Coordinate Deflation and Wormhole attacks are discussed and the effect and intensity of these attacks are addressed. Two methods are proposed and compared for the detection of attacks. In the first method, the topology distortion is rated using clusters identifiable by existing VCs, thus requiring low computation and communication overhead. A measure of topology distortion is presented. The existence of a trusted base station is needed for this method. In the second method, the detection is distributed and removes the need for a base station/server. We compare the advantages and disadvantages of the two methods, and discuss the scenarios in which these algorithms maybe implemented. Simulation based evaluations demonstrate that both the schemes efficiently detects Deflation and Wormhole attacks. We choose a variety of dense networks with different topologies and deployment characteristics for evaluation. Networks with voids, representative of physical spaces with voids, as well as randomly deployed networks are considered, to ensure the correct operation and scalability of the algorithms. We show through simulations that the detection schemes can easily differentiate between the changes in the network due to node failures, e.g., caused by battery drain, from those due to an attack. Future sensor networks are predicted to be in the scale of millions of nodes. Thus, a need for security algorithms which can be scaled are highly desirable. We show in our simulations that the proposed detection schemes can be applied to networks of larger density successfully.