Valter Vasić

A network testbed for commercial telecommunications product testing

Have open-source network topology emulators out-grown the realm of academic and educational playgrounds? We tackle with that question by dissecting our experiences with preproduction testing of functional blocks implemented in commercial carrier-grade telco equipment, which we performed in a testbed based on open-source tools. As the concepts and mechanisms on which popular network emulation platforms are based vary, so does their applicability to different problem domains in telco product testing. Our survey of the existing open-source tools reveals that the spectrum of their features and limitations is multidimensional, with the choice of virtualization techniques applied being crucial to the raw packet processing throughput, topology size scaling, experiment instantiation speeds, and the flexibility of integrating diverse tools in a single testbed environment. We measured key performance metrics for two conceptually similar emulation platforms (IMUNES and CORE) running on different operating systems (FreeBSD and Linux). Three testbed scenarios for commercial telecommunication products were described and analyzed.

Lightweight and adaptable solution for security agility

Secure communication is an important aspect of today’s interconnected environments and it can be achieved by the use of cryptographic algorithms and protocols. However, many existing cryptographic mechanisms are tightly integrated into communication protocols. Issues emerge when security vulnerabilities are discovered in cryptographic mechanisms because their replacement would eventually require replacing deployed protocols. The concept of cryptographic agility is the solution to these issues because it allows dynamic switching of cryptographic algorithms and keys prior to and during the communication. Most of today’s secure protocols implement cryptographic agility (IPsec, SSL/TLS, SSH), but cryptographic agility mechanisms cannot be used in a standalone manner. In order to deal with the aforementioned limitations, we propose a lightweight cryptographically agile agreement model, which is formally verified. We also present a solution in the Agile Cryptographic Agreement Protocol (ACAP) that can be adapted on various network layers, architectures and devices. The proposed solution is able to provide existing and new communication protocols with secure communication prerequisites in a straightforward way without adding substantial communication overhead. Furthermore, it can be used between previously unknown parties in an opportunistic environment. The proposed model is formally verified, followed by a comprehensive discussion about security considerations. A prototype implementation of the proposed model is demonstrated and evaluated.

Adaptable secure communication for the Cloud of Things

Cloud of Things (CoT) is a novel concept driven by the synergy of the Internet of Things (IoT) and cloud computing paradigm. The CoT concept has expedited the development of smart services resulting in the proliferation of their real world deployments. However, new research challenges arise because of the transition of research‐driven and proof‐of‐concept solutions to commercial offerings, which need to provide secure, energy‐efficient, and reliable services. An open research issue in the CoT is to provide a satisfactory level of security between various IoT devices and the cloud. Existing solutions for secure CoT communication typically use devices with pre‐loaded and pre‐configured parameters, which define a static setup for secure communication. In contrast to existing pre‐configured solutions, we present an adaptable model for secure communication in CoT environments. The model defines six secure communication operations to enable CoT entities to autonomously and dynamically agree on the security protocol and cryptographic keys used for communication. Further on, we focus on device agreement and present an original solution, which uses the Agile Cryptographic Agreement Protocol in the context of CoT. We verify our solution by a prototype implementation of CoT device agreement based on required security level, which takes into account the capabilities of communicating devices. Our experimental evaluation compares the average processing times of the proposed secure communication operations demonstrating the viability of the proposed solution in real‐world deployments. Copyright

Smart Detection and Classification of Application-Layer Intrusions in Web Directories

The Republic of Croatia homepage and directory of Croatian web servers (www.hr) attracts several thousand visitors daily, which makes it the target of various attacks. In order to lower the risk from such attacks, we propose a concept for an intrusion detection system and a classifier of detected intrusions. We first examined the concepts of existing intrusion detection systems and combined their individual benefits into a concept best suited for protecting web services on the application layer. The proposed concept uses machine learning techniques for both intrusion detection and classification. Intrusion detection, observed through analysis of requests, is implemented by a feed-forward neural network, while intrusion classification is done using self-organizing maps. The case study and preliminary evaluation is presented on the Republic of Croatia homepage (www.hr), followed by guidelines for further research.