The work presented in this thesis is based on adding new techniques to enhance current security in Ethernet Optical Passive Networks (EPONs). An Ethernet PON is type of Passive Optical Network (PON) which carries all data encapsulated in Ethernet frames. In this way EPON combines Passive Optical Networks (PONs) capable of delivering bandwidth-intensive integrated, data, voice, and video services at distances beyond 20 km with Ethernet protocol. Main advantage of Ethernet protocol is that it is an inexpensive technology that is ubiquitous and interoperable with variety of legacy equipment. Due to exponential growth of internet traffic in the last decades and high number of new services and applications which require large bandwidth existing technologies based on cooper (e.g. Digital Subscriber Line(DSL)) could not keep any more with such demands. EPON has emerged to be good candidate for offering higher capacity to the subscribers under relatively low costs. As in every telecommunication network that is serving high number of users transferring data at the high bit rate, security in EPON is one of very important issues. While security in downstream transmission channel in EPON was focus of many researches due to its broadcast nature, upstream direction was always assumed to be secure. In upstream direction, due to directional properties of passive couplers, which act as passive splitters for downstream, Ethernet frames from many ONU will only reach the OLT and not any other ONU. In this scenario attacks like eavesdropping and all other attacks that are based on exploiting broadcast nature of transmission channel are eliminated. But this does not means that upstream streams cannot be destroyed or that quality of upstream transmission cannot be degraded in some way. In upstream direction, the logical behavior of an EPON is similar to point-to-point networks, but unlike in a true point-to-point network, collisions may occur among frames transmitted from different ONUs. In general EPON should avoid collisions by means of Multi-Point Control Protocol (MPCP) in the Medium Access Control (MAC) layer. But eventual collisions in upstream direction can not be totally excluded. In fact we will show that if some ONUs do not comply with the directives issued by the MPCP protocol collisions can happen in upstream direction despite to working scheme of MPCP. More precisely we will describe attack that exploits fact that ONUs can send frames even out of its assigned time slots and as final result gain more bandwidth causing collisions in data transmission of other well behaved ONUs (the ones that are sending data only within assigned time period). ONUs that are not respecting their time-slot allocation will be called from now on malicious ONUs. Based on simulations ran in open source simulator OMNeT++ we will show that indeed that this kind of behavior will bring malicious ONU extra bandwidth while other ONUs will experience lack of capacity. We will conduct experiments on two types of TCP transmissions, referred to as client-toserver and server-to-client. In case of client-to-server ONUs are the ones that are sending data while TCP server are sending messages acknowledging that they have successfully received messages from ONUs. In other case it is the other way around, servers are the ones that are sending data while ONUs are sending ACK messages. V Based on upper introduced types of TCP transmission we will show that in case of serverto- client transmission malicious ONU will gain extra bandwidth while in case of client-toserver malicious will not gain any extra bandwidth for itself but it will decrease upstream throughput of other ONUs in the network. This is consequence of static bandwidth allocation that was used in all of our simulations. Secondly, we will show one of possible techniques that can be applied in this kind of attacks in order to detect malicious ONU and then in some way punish it for acting in this way. Proposed algorithm has two phases: detection of malicious ONU and mitigation phase. In case of detection phase first we showed currently exiting detection methods in case of faulty terminal and explained why they are not suitable for detection of malicious ONU in case of degradation attack. Then we have explained working principles of our detection technique and explained why it is working better in case of degradation attack than previous ones. Second phase is based on mitigating effects of degradation attack. During this phase we will start delaying packets originating from malicious ONU. Based on simulation results we will show how different delays have different effects on throughput of malicious ONU. More precisely we will show that in order to halve the throughput our mitigation technique has to introduce delay that is equal to 30 polling cycles or more. Unfortunately we cannot repair the damage inflicted on the well behaved stations by malicious ONU. Throughput of well behaved ONU will keep decreasing but the gap between throughput of ONUs respecting their time slot allocation and malicious ONU will downsize.
Il lavoro presentato in questa tesi propone una nuova tecnica per migliorare la sicurezza delle Ethernet Optical Passive Networks (EPONs). Una PON Ethernet è una tipologia di rete ottica passiva (Passive Optical Network) che trasporta dati incapsulati all'interno di trame Ethernet. In questo modo essa combina la capacità propria delle PONs di trasportare servizi dati, voce, video ed integrati a larga banda per distanze superiori ai 20km con le caratteristiche del protocollo Ethernet. Tale protocollo si configura come una tecnologia a basso costo, caratterizzata da ampia diffusione ed interoperabilità con i dispositivi standard di rete. La crescita esponenziale del traffico Internet verificatasi durante l'ultimo decennio ha favorito la diffusione di innumerevoli servizi ed applicazioni a larga banda, i quali comportano una richiesta di risorse che le tecnologie esistenti (ad esempio le Digital Subscriber Lines(DSL) con doppino in rame) non sono più in grado di soddisfare. Le reti EPON hanno dimostrato di essere potenziali candidate per offrire agli utenti maggiore capacità, a costi relativamente contenuti. Naturalmente, come in ogni rete di telecomunicazioni adibita a servire un alto numero di utenti trasferendo dati ad alto bitrate, anche nelle EPON la sicurezza di rete costituisce un aspetto fondamentale. Innumerevoli attività di ricerca sono state finalizzate a garantire la sicurezza del canale di trasmissione in downstream delle EPON, a causa della sua natura intrinsecamente broadcast, mentre la direzione upstream è stata sempre assunta come sicura. Infatti, grazie alle proprietà direzionali degli accoppiatori, che si comportano da splitter passivi in downstream, le trame Ethernet generate da ciascuna ONU raggiungono soltanto l'OLT e non le altre ONU. In uno scenario di questo tipo, attacchi basati sullo sfruttamento del broadcasting del canale di trasmissione sono dunque eliminati. Tuttavia, ciò non implica che non possano verificarsi collisioni in upstream, o che la qualità delle trasmissioni upstream non possa essere degradata: in tale direzione infatti, il comportamento logico di una EPON è simile a quello delle reti point-to-point ma, a differenza di queste ultime, possono verificarsi collisioni tra trame trasmesse da ONU differenti. In genere le EPON eliminano le collisioni grazie al Multi-Point Control Protocol (MPCP) a livello Medium Acces Control (MAC), che tuttavia non fornisce garanzie di sicurezza assolute. In primo luogo, in questa tesi verrà infatti mostrato che se alcune ONU non obbediscono agli standard imposti dal protocollo MPCP, possono comunque verificarsi collisioni nella direzione upstream. Più precisamente, verranno descritti gli attacchi basati sulla possibilità delle ONU di inviare trame anche al di fuori del time slot ad esse assegnato, al fine di ottenere maggiore banda. Tali ONU, che verranno d'ora in avanti definite maligne giacchè il loro comportamento intrusivo inficia le prestazioni della rete, causano collisioni con le trasmissioni delle ONU che inviano dati soltanto durante il proprio time-slot. Sulla base di simulazioni condotte tramite il simulatore open source OMNeT++ verrà quindi provato che questo tipo di comportamento comporta effettivamente un guadagno di banda per la ONU maligna, mentre le altre ONU sperimenteranno una diminuzione della capacità loro assegnata. Sono stati considerati due tipi di trasmissioni TCP, indicate come client-to-server e server-to-client. Nel primo caso, le ONU inviano dati mentre i server TCP inviano messaggi di riscontro che segnalano la corretta ricezione. Nel secondo caso invece i ruoli si invertono: i server inviano dati e le ONU li riscontrano con messaggi di ACK. VII Per questo tipo di scenario si mostrerà che, in caso di trasmissioni server-to-client, la ONU maligna guadagna banda aggiuntiva, mentre nel caso client-to-server ciò non si verifica ma l'attività della ONU maligna causa un decremento del throughput upstream delle altre ONU della rete. Questi risultati sono diretta conseguenza dell'allocazione statica di banda che ha costituito l'assunzione di base per le simulazioni effettuate. In secondo luogo, verrà proposta una possibile tecnica da applicare in condizioni di attacco per individuare la ONU maligna e per punire il suo comportamento intrusivo. L'algoritmo implementato consta di due fasi: l'individuazione della ONU maligna e la mitigazione della sua attività. Per quanto riguarda la fase di identificazione, verranno descritti i metodi attualmente utilizzati, evidenziando i motivi per cui essi si rivelano inadatti a determinare quale sia la ONU maligna in caso di attacchi di degradazione. Verranno poi illustrati i principi di funzionamento della tecnica di identificazione proposta, sottolineando gli aspetti che la rendono più efficiente delle precedenti. La fase di mitigazione prevede invece che, una volta individuata la ONU maligna, i pacchetti da essa generati vengano ritardati. Sulla base dei risultati sperimentali verrà evidenziato l'impatto che differenti ritardi hanno sul throughput della ONU maligna. In particolare, verrà mostrato che per dimezzare il throughput è necessario introdurre un ritardo pari o maggiore di 30 cicli di polling. Purtroppo non è possibile compensare il danno inflitto alle ONU benigne: il loro throughput continuerà a decrescere, ma verrà ridotta la differenza rispetto a quello della ONU maligna.
An algorithm for detection and mitigation of degradation attack in Ethernet passive optical networks
DRAKULIC, SANDA
2009/2010
Abstract
The work presented in this thesis is based on adding new techniques to enhance current security in Ethernet Optical Passive Networks (EPONs). An Ethernet PON is type of Passive Optical Network (PON) which carries all data encapsulated in Ethernet frames. In this way EPON combines Passive Optical Networks (PONs) capable of delivering bandwidth-intensive integrated, data, voice, and video services at distances beyond 20 km with Ethernet protocol. Main advantage of Ethernet protocol is that it is an inexpensive technology that is ubiquitous and interoperable with variety of legacy equipment. Due to exponential growth of internet traffic in the last decades and high number of new services and applications which require large bandwidth existing technologies based on cooper (e.g. Digital Subscriber Line(DSL)) could not keep any more with such demands. EPON has emerged to be good candidate for offering higher capacity to the subscribers under relatively low costs. As in every telecommunication network that is serving high number of users transferring data at the high bit rate, security in EPON is one of very important issues. While security in downstream transmission channel in EPON was focus of many researches due to its broadcast nature, upstream direction was always assumed to be secure. In upstream direction, due to directional properties of passive couplers, which act as passive splitters for downstream, Ethernet frames from many ONU will only reach the OLT and not any other ONU. In this scenario attacks like eavesdropping and all other attacks that are based on exploiting broadcast nature of transmission channel are eliminated. But this does not means that upstream streams cannot be destroyed or that quality of upstream transmission cannot be degraded in some way. In upstream direction, the logical behavior of an EPON is similar to point-to-point networks, but unlike in a true point-to-point network, collisions may occur among frames transmitted from different ONUs. In general EPON should avoid collisions by means of Multi-Point Control Protocol (MPCP) in the Medium Access Control (MAC) layer. But eventual collisions in upstream direction can not be totally excluded. In fact we will show that if some ONUs do not comply with the directives issued by the MPCP protocol collisions can happen in upstream direction despite to working scheme of MPCP. More precisely we will describe attack that exploits fact that ONUs can send frames even out of its assigned time slots and as final result gain more bandwidth causing collisions in data transmission of other well behaved ONUs (the ones that are sending data only within assigned time period). ONUs that are not respecting their time-slot allocation will be called from now on malicious ONUs. Based on simulations ran in open source simulator OMNeT++ we will show that indeed that this kind of behavior will bring malicious ONU extra bandwidth while other ONUs will experience lack of capacity. We will conduct experiments on two types of TCP transmissions, referred to as client-toserver and server-to-client. In case of client-to-server ONUs are the ones that are sending data while TCP server are sending messages acknowledging that they have successfully received messages from ONUs. In other case it is the other way around, servers are the ones that are sending data while ONUs are sending ACK messages. V Based on upper introduced types of TCP transmission we will show that in case of serverto- client transmission malicious ONU will gain extra bandwidth while in case of client-toserver malicious will not gain any extra bandwidth for itself but it will decrease upstream throughput of other ONUs in the network. This is consequence of static bandwidth allocation that was used in all of our simulations. Secondly, we will show one of possible techniques that can be applied in this kind of attacks in order to detect malicious ONU and then in some way punish it for acting in this way. Proposed algorithm has two phases: detection of malicious ONU and mitigation phase. In case of detection phase first we showed currently exiting detection methods in case of faulty terminal and explained why they are not suitable for detection of malicious ONU in case of degradation attack. Then we have explained working principles of our detection technique and explained why it is working better in case of degradation attack than previous ones. Second phase is based on mitigating effects of degradation attack. During this phase we will start delaying packets originating from malicious ONU. Based on simulation results we will show how different delays have different effects on throughput of malicious ONU. More precisely we will show that in order to halve the throughput our mitigation technique has to introduce delay that is equal to 30 polling cycles or more. Unfortunately we cannot repair the damage inflicted on the well behaved stations by malicious ONU. Throughput of well behaved ONU will keep decreasing but the gap between throughput of ONUs respecting their time slot allocation and malicious ONU will downsize.| File | Dimensione | Formato | |
|---|---|---|---|
|
2010_12_Drakulic.pdf
accessibile in internet per tutti
Descrizione: testo della tesi
Dimensione
1.51 MB
Formato
Adobe PDF
|
1.51 MB | Adobe PDF | Visualizza/Apri |
I documenti in POLITesi sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
https://hdl.handle.net/10589/12043