The work presented in this thesis proposes a new technique to improve the security of Ethernet Optical Passive Networks (EPONs). An Ethernet PON is a type of passive optical network that carries encapsulated data within Ethernet frames. In this way it combines the capacity of the PONs to transport data, voice, video and broadband integrated services over distances of over 20km with the characteristics of the Ethernet protocol. This protocol is configured as a low-cost technology, characterized by wide diffusion and interoperability with standard network devices. The exponential growth of Internet traffic verified during the last decade has favored the high number of new services and applications which require large bandwidth. Existing technologies based on cooper (e.g. Digital Subscriber Line (DSL)) could not keep any more with such demands. EPON has emerged to be good candidate for offering higher capacity to the subscribers under relatively low costs. EPON networks have proven to be potential candidates to offer users greater capacity at relatively reasonable costs. Naturally, as in any telecommunications network used to serve a large number of users by transferring high bit-rate data, network security is also a key aspect in EPONs. Firstly, in this thesis the general functioning of an EPON will be presented, we will talk about its architecture and we will discuss a security aspect of our interest (the attack of degradation). Security aspect born from the fact that if some UN do not obey the standards imposed by the MPCP protocol, collisions can still occur. Then this degradation attack will be described based on the possibility of the UN to send data out of the assigned time slot in order to obtain a bandwidth gain. Being cases of packet collisions and considering the congestion control mechanisms implemented in the TCP protocol, it becomes clear that to understand how to reduce the effects of these attacks, we must study how the TCP protocol works. So, following the presentation of the EPON and the probable attacks, we will make an overview of the operation of the TCP protocol and see the various types of algorithms implemented in the congestion control. Secondly, an EPON implementation will be proposed in the OMNet ++ open source simulator. In which the counter measures implemented to limit the effects of the attacks will be discussed. Based on simulations results conducted through our OMNeT ++ simulator, it will be proved that this type of behavior (of malign ONU that transmits data when it should not) really generate a bandwidth gain for the malign ONU, while the others ONU will experience a decrease in capacity assigned to them. Applying the counter measures, we will see from the simulations results of the simulations that we can limit the effects of such attacks. And finally, from the analysis, we will see that the gain for the malignant ONU and the capacity decreases (or the degradation effect) for the other ONU will change according to the TCP algorithm implemented or used in the running simulations.
Il lavoro presentato in questa tesi propone una nuova tecnica per migliorare la sicurezza delle Ethernet Optical Passive Networks (EPONs). Una PON Ethernet è una tipologia di rete ottica passiva (Passive Optical Network) che trasporta dati incapsulati all'interno di trame Ethernet. In questo modo essa combina la capacità propria delle PONs di trasportare servizi dati, voce, video ed integrati a larga banda per distanze superiori ai 20km con le caratteristiche del protocollo Ethernet. Tale protocollo si configura come una tecnologia a basso costo, caratterizzata da ampia diffusione ed interoperabilità con i dispositivi standard di rete. La crescita esponenziale del traffico Internet verificata durante l'ultimo decennio ha favorito la diffusione di innumerevoli servizi ed applicazioni a larga banda, i quali comportano una richiesta di risorse che le tecnologie esistenti (ad esempio le Digital Subscriber Lines (DSL) con doppino in rame) non sono più in grado di soddisfare. Le reti EPON hanno dimostrato di essere potenziali candidate per offrire agli utenti maggiore capacità, a costi relativamente accettabili. Naturalmente, come in ogni rete di telecomunicazioni adibita a servire un alto numero di utenti trasferendo dati ad alto bit- rate, anche nelle EPON la sicurezza di rete costituisce un aspetto fondamentale. In primo luogo, in questa tesi verrà presentato il funzionamento generale di una EPON, parleremo della sua architettura e discuteremo di un aspetto di sicurezza di nostro interesse (l’attacco di degrado). Aspetto di sicurezza nato dal fatto che se alcune ONU non obbediscono agli standard imposti dal protocollo MPCP, possono comunque verificarsi collisioni. Quindi verrà descritto questo attacco di degrado basato sulla possibilità delle ONU di inviare dati fuori del time slot a loro assegnato al fine di ottenere un guadagno in banda. Essendo casi di collisioni dei pacchetti, e considerando i meccanismi di controllo di congestione implementati nel protocollo TCP, diventa chiaro che per ben capire come ridurre gli effetti di questi attacchi, dobbiamo studiare come funziona il protocollo TCP. Quindi a seguito della presentazione dell’EPON e gli attacchi probabile, faremo un overview del funzionamento del protocollo TCP e vedremmo i vari tipi di algoritmi implementati nel controllo di congestione. In secondo luogo, verrà proposta un’implementazione di EPON nel simulatore open source OMNet++. In cui verranno discusse le contro misure implementate per limitare gli effetti degli attacchi. Sulla base di simulazioni condotte tramite il nostro simulatore OMNeT++, verrà quindi provato che questo tipo di comportamento (delle ONU maligne che trasmettono dati quando non lo dovrebbero) comporta effettivamente un guadagno di banda per le ONU maligne, mentre le altre ONU sperimenteranno una diminuzione della capacità a loro assegnata. Applicando le contro misure vedremo dai resultati delle simulazioni che si può limitare gli effetti di tali attacchi. E finalmente, dall’analisi, vedremo che il guadagno per le ONU maligne e le diminuzioni delle capacità per le altre ONU cambieranno asseconda dell’algoritmo di TCP implementato e o usato nelle simulazioni effettuate.
A study of TCP performance in presence of degradation attacks in Ethernet passive optical network
TATSINKOUNDE, CHRISTIAN
2017/2018
Abstract
The work presented in this thesis proposes a new technique to improve the security of Ethernet Optical Passive Networks (EPONs). An Ethernet PON is a type of passive optical network that carries encapsulated data within Ethernet frames. In this way it combines the capacity of the PONs to transport data, voice, video and broadband integrated services over distances of over 20km with the characteristics of the Ethernet protocol. This protocol is configured as a low-cost technology, characterized by wide diffusion and interoperability with standard network devices. The exponential growth of Internet traffic verified during the last decade has favored the high number of new services and applications which require large bandwidth. Existing technologies based on cooper (e.g. Digital Subscriber Line (DSL)) could not keep any more with such demands. EPON has emerged to be good candidate for offering higher capacity to the subscribers under relatively low costs. EPON networks have proven to be potential candidates to offer users greater capacity at relatively reasonable costs. Naturally, as in any telecommunications network used to serve a large number of users by transferring high bit-rate data, network security is also a key aspect in EPONs. Firstly, in this thesis the general functioning of an EPON will be presented, we will talk about its architecture and we will discuss a security aspect of our interest (the attack of degradation). Security aspect born from the fact that if some UN do not obey the standards imposed by the MPCP protocol, collisions can still occur. Then this degradation attack will be described based on the possibility of the UN to send data out of the assigned time slot in order to obtain a bandwidth gain. Being cases of packet collisions and considering the congestion control mechanisms implemented in the TCP protocol, it becomes clear that to understand how to reduce the effects of these attacks, we must study how the TCP protocol works. So, following the presentation of the EPON and the probable attacks, we will make an overview of the operation of the TCP protocol and see the various types of algorithms implemented in the congestion control. Secondly, an EPON implementation will be proposed in the OMNet ++ open source simulator. In which the counter measures implemented to limit the effects of the attacks will be discussed. Based on simulations results conducted through our OMNeT ++ simulator, it will be proved that this type of behavior (of malign ONU that transmits data when it should not) really generate a bandwidth gain for the malign ONU, while the others ONU will experience a decrease in capacity assigned to them. Applying the counter measures, we will see from the simulations results of the simulations that we can limit the effects of such attacks. And finally, from the analysis, we will see that the gain for the malignant ONU and the capacity decreases (or the degradation effect) for the other ONU will change according to the TCP algorithm implemented or used in the running simulations.| File | Dimensione | Formato | |
|---|---|---|---|
|
2018_07_Tatsinkounde.pdf
accessibile in internet solo dagli utenti autorizzati
Descrizione: Thesis text
Dimensione
1.88 MB
Formato
Adobe PDF
|
1.88 MB | Adobe PDF | Visualizza/Apri |
I documenti in POLITesi sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
https://hdl.handle.net/10589/141823