Marko Schuba

Performance investigations of the IP multicast architecture

The big interest in desktop audio and video conferencing has led to a broad usage of multimedia tools in wide and local area networks. Many of these tools are based upon the IP multicast protocols. The general advantages of multicast services, like the efficient utilization of network resources and thus the possibility to reach arbitrary large numbers of receivers have by now rendered performance considerations of multicast protocols obsolete. Yet, the rapid growth of multicast usage, especially in the IP Internet, may lead to severe congestion problems, if performance trade-offs are not considered carefully in protocol design. In this paper we present performance investigations of the IP multicast architecture with special emphasis on routing protocols. Performance results derived from measurements and simulations will be discussed. Based upon these results, protocol improvements are suggested and evaluated.

Mobile Payments - State of the Art and Open Problems

We describe electronic payment solutions and the technical problems, which have to be solved in order to make these payments mobile. Mobile payments should be both secure and convenient for the consumer. The problems of implementing mobile payment systems are manifold. The technical capabilities of mobile devices are - at least today - too limited to allow a simple re-use of existing Internet payment protocols. Moreover, a number of different mobile application environments exist today, which differ from a technical perspective as well as from geographical spread. This makes it extremely difficult to define mobile payment protocols, which can be used on a global basis. Therefore, compromise solutions have to be found and standardized, which offer a reasonable level of security based on the existing functions offered in mobile devices and networks.

Windows Phone 7 from a Digital Forensics' Perspective

Windows Phone 7 is a new smartphone operating system with the potential to become one of the major smartphone platforms in the near future. Phones based on Windows Phone 7 are only available since a few months, so digital forensics of the new system is still in its infancy. This paper is a first look at Windows Phone 7 from a forensics’ perspective. It explains the main characteristics of the platform, the problems that forensic investigators face, methods to circumvent those problems and a set of tools to get data from the phone. Data that can be acquired include the file system, the registry, and active tasks. Based on the file system, further information like SMSs, Emails and Facebook data can be extracted.

Cold Boot Attacks on DDR2 and DDR3 SDRAM

Cold boot attacks provide a means to obtain a dump of a computers volatile memory even if the machine is locked. Such a dump can be used to reconstruct hard disk encryption keys and get access to the content of Bit locker or True crypt encrypted drives. This is even possible, if the obtained dump contains errors. Cold boot attacks have been demonstrated successfully on DDR1 and DDR2 SDRAM. They have also been tried on DDR3 SDRAM using various types of equipment but all attempts have failed so far. In this paper we describe a different hardware setup which turns out to work for DDR3 SDRAM as well. Using this setup it will be possible for digital forensic investigators to recover keys from newer machines that use DDR3 SDRAM.

Performance evaluation of multicast communication in packet-switched networks

In this paper we describe the theoretical background and practical application of QNA-MC (queueing network analyser supporting multicast), a tool for the analytical evaluation of multicast protocols. QNA-MC is based on the QNA method, which (approximately) analyses open networks of GI|G|m queues. In contrast to standard QNA, QNA-MC allows for the specification and evaluation of multicast routes. As in real multicast communication, packets leaving a particular node can be copied and deterministically routed to several other nodes. In order to analyse such queueing networks, QNA-MC converts the multicast routes to a suitable input for standard QNA. From the results delivered by QNA, QNA-MC then derives several performance measures for multicast streams in the network. A validation of QNA-MC, via a comparison to simulation results, shows that QNA-MC yields very good results. Finally, we give a detailed application example by evaluating different multicast routing algorithms for a realistic video conferencing scenario in the European MBONE.

SRMT-a scalable and reliable multicast transport protocol

Many applications require reliable multicast for data transmission. A number of protocols have been proposed previously for large-scale reliable multicast. Unfortunately these protocols may suffer from the length of the retransmission paths between the source and receivers which yields a very high cost for retransmissions. Therefore we propose the SRMT protocol (scalable and reliable multicast transport protocol) as an alternative to existing approaches. In SRMT an overlay network consisting of SRMT nodes is built on top of existing multicast routing protocols. Retransmissions take place between neighbouring SRMT nodes in the multicast tree. A simple analysis shows the advantages of our method compared to two existing protocols. In the case of networks with high loss probabilities our approach is the only one applicable. For small loss probabilities our protocol (in an example) yields a reduction of more than 65% of the retransmission load caused by the other methods.

QNA-MC: A Performance Evaluation Tool for Communication Networks with Multicast Data Streams

In this paper we present QNA-MC (Queueing Network Analyzer supporting MultiCast), a new performance evaluation tool for the analytical evaluation of multicast protocols. QNA-MC is based on the QNA tool which (approximately) analyses open networks consisting of GI|G|m nodes. We extend this method by allowing a more general input in form of multicast routes. These routes are then converted to serve as input for standard QNA. From the results delivered by QNA our tool derives several performance measures for multicast streams in the network. We validate our approach by comparison to simulation results. Moreover, we give an application example by evaluating different multicast routing algorithms in the European MBONE using QNA-MC.

Towards In-Network Security for Smart Homes

The proliferation of the Internet of Things (IoT) in the context of smart homes entails new security risks threatening the privacy and safety of end users. In this paper, we explore the design space of in-network security for smart home networks, which automatically complements existing security mechanisms with a rule-based approach, i. e., every IoT device provides a specification of the required communication to fulfill the desired services. In our approach, the home router as the central network component then enforces these communication rules with traffic filtering and anomaly detection to dynamically react to threats. We show that in-network security can be easily integrated into smart home networks based on existing approaches and thus provides additional protection for heterogeneous IoT devices and protocols. Furthermore, in-network security relieves users of difficult home network configurations, since it automatically adapts to the connected devices and services.

Security Analysis of the ADS Protocol of a Beckhoff CX2020 PLC

ICSs (Industrial Control Systems) and its subset SCADA systems (Supervisory Control and Data Acquisition) are getting exposed to a constant stream of new threats. The increasing importance of IT security in ICS requires viable methods to assess the security of ICS, its individual components, and its protocols. This paper presents a security analysis with focus on the communication protocols of a single PLC (Programmable Logic Controller). The PLC, a Beckhoff CX2020, is examined and new vulnerabilities of the system are revealed. Based on these findings recommendations are made to improve security of the Beckhoff system and its protocols.

Streamlining Extraction and Analysis of Android RAM Images

The Android operating system powers the majority of the world’s mobile devices and has been becoming increasingly important in day-to-day digital forensics. Therefore, technicians and analysts are in need of reliable methods for extracting and analyzing memory images from live Android systems. This paper takes different existing, extraction methods and derives a universal, reproducible, reliably documented method for both extraction and analysis. In addition the VOLIX II front-end for the Volatility Framework is extended with additional functionality to make the analysis of Android memory images easier for technically non-adept