safiqul islam
play

Safiqul Islam INF -9090 Project Presentation University of Oslo 2 - PowerPoint PPT Presentation

Sep 18, 2022 •9 likes •229 views

Encrypted Tunnel Through Virtual Network Interface Safiqul Islam INF -9090 Project Presentation University of Oslo 2 Outline Introduction Background Virtual Private Network Virtual Network Interface Link Local

  1. Encrypted Tunnel Through Virtual Network Interface Safiqul Islam INF -9090 – Project Presentation University of Oslo

  2. 2 Outline ¡ Introduction ¡ Background ¡ Virtual Private Network ¡ Virtual Network Interface ¡ Link Local Addressing ¡ Cryptography ¡ Asymmetric Key Cryptography ¡ Symmetric Key Cryptography ¡ Design ¡ Evaluation ¡ Conclusion and Future Work INF5090

  3. 3 Introduction ¡ Virtual Private Network(VPN) provides secure communication over the insecure public network. ¡ Most of the current open source methods do not support *Mobility* - such as : Vtun and OpenVPN ¡ Some proprietary methods: Cisco VPN, and Netmotion support mobility ¡ Designing a system that uses a virtual network interface and supports mobility is the primary goal of this system. INF5090

  4. 4 Virtual Private Network ¡ Provides secure communication over the insecure public network via ¡ Authentication ¡ Encryption ¡ Compression ¡ Tunneling ¡ IPSec ¡ Tunnel Mode ¡ Transport Mode INF5090

  5. 5 Virtual Network Interface ¡ An Ethernet like device ¡ Receives packets from the userspace program ¡ Sends them to the userspace program before sending it via physical media. ¡ TUN/TAP driver is used to create Virtual Network Interface ¡ TUN is used for reading and writing IP packets ¡ TAP is used for reading and writing Ethernet frames ¡ By using TUN/TAP for making connection with the other end, we can add the support of mobility when the connection is moved to different location. INF5090

  6. 6 Cryptography ¡ An art of science for transforming intelligible text to an unintelligible one and vice versa. ¡ Intelligible text is plain text ¡ Unintelligible text is cipher text ¡ Public-key cryptography ¡ Have a pair of cryptographic keys ¡ Public and private – mathematically linked INF5090

  7. 7 Public-key Cryptography ¡ Public key is publicly known, and private key has to be kept secret. ¡ Encryption is done using the public key of the user, and decryption is done using the private key, ¡ Digital signature is also performed using this cryptography. Key R + Receiver Public key Key R - Receiver Private key Plaintext Plaintext Ciphertext Encryp'on) Decryp'on) Algorithm) Algorithm) - (Key R + m = Key R Message, m Key R + (m) (m)) INF5090

  8. 8 Link Local Address ¡ Intended for addressing on a single link or for a Local Area Network ¡ Routers do not forward such packets ¡ Both IPV4 and IPV6 have reserved a block for link local addresses. ¡ 169.254.0.0/16 for IPV4 ¡ Fe80::/64 for IPV6 INF5090

  9. 9 Design ¡ Provides Server/Client functionality ¡ Uses TUN for virtual network interface Applica-on! Applica-on! Virtual! Virtual! Network! Network! Interface! Interface! Physical! Physical! ! Network! Network! Internet! Interface! Interface! INF5090

  10. 10 Design Applica'on* Applica'on* ¡ IPv4 link local addresses are used for configuring the TUN interfaces. TCP/UDP* TCP/UDP* ¡ To successfully traverse the network packet is encapsulated into an UDP IP* IP* packet. VPN* VPN* UDP* UDP* IP* IP* Physical*Media* Physical*Media* INF5090

  11. 11 Design ¡ Encryption ¡ Integrity checking ¡ Mobility !!!!IP!!!!!!!!UDP!!!!!!Signature!!!!!!!!VPN!!!!!!!!!!Payload! Signed!and!Encrypted! INF5090

  12. 12 Challenges ¡ Transport Protocols ¡ UDP – TCP over TCP problems ¡ Simpler methods and higher success rates ¡ Kernel Space vs User Space ¡ Portability ¡ Efficiency INF5090

  13. 13 Evaluation ¡ Metrics ¡ Throughput ¡ Latency ¡ Mobility Test INF5090

  14. 14 Testbed 1 INF5090

  15. 15 Testbed 2 INF5090

  16. 16 File Transfers over SSH Table: File Transfers over SSH for testbed 1 Table: File Transfers over SSH for testbed 2 INF5090

  17. 17 Latency Latency - without VPN Latency - with VPN 0.35 85 80 0.3 Response Time(ms) 75 0.25 Response Time(ms) 70 0.2 65 0.15 60 0.1 0 20 40 60 80 100 55 Packet number 0 20 40 60 80 100 Packet number INF5090

  18. 18 Throughput TCP Throught without VPN using iperf TCP Throughput with VPN using iperf 964000 160 962000 150 960000 Throughput (kbits/s) 140 Throughput (Kbits/s) 958000 130 956000 120 954000 110 952000 950000 100 0 10 20 30 40 50 60 0 20 40 60 80 100 120 Time(s) Time(s) INF5090

  19. 19 Mobility TCP Throughput over VPN - Mobility Test 500 450 400 350 Throughput (Kbits/s) 300 250 200 150 100 50 0 0 10 20 30 40 50 60 Time(s) INF5090

  20. 20 Conclusion ¡ Implemented and evaluated an encrypted tunnel where we used virtual network interface. ¡ Supports mobility ¡ However, regular system outperforms our system ¡ There are some future works : ¡ Symmetric key cryptography. ¡ CPU performance. ¡ IP address derivation from the public key INF5090

  21. 21 Acknowledgement ¡ We would like to thank Hans for helpful discussion and valuable feedback. INF5090

  22. 22 Thanks and Questions ? J INF5090

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Coupled Conges,on Control for RTP Media Safiqul Islam, Michael

Coupled Conges,on Control for RTP Media Safiqul Islam, Michael

Coupled Conges,on Control for RTP Media Safiqul Islam, Michael Welzl, Stein Gjessing and Naeem Khademi Department of Informa,cs University of Oslo Problem

543 views • 27 slides
Start Me Up: Determining and Sharing TCPs Initial Congestion Window Safiqul Islam and Michael

Start Me Up: Determining and Sharing TCPs Initial Congestion Window Safiqul Islam and Michael

Start Me Up: Determining and Sharing TCPs Initial Congestion Window Safiqul Islam and Michael Welzl Department of Informatics University of Oslo Motivation Each TCP connection maintains states in a data structure called Transport

206 views • 5 slides
Islam, Europe, and the Riches of Asia Dar al-Islam, The Abode of Islam The Five Pillars of

Islam, Europe, and the Riches of Asia Dar al-Islam, The Abode of Islam The Five Pillars of

Islam, Europe, and the Riches of Asia Dar al-Islam, The Abode of Islam The Five Pillars of Islam: Faith (shahada) in God, Muhammed as his prophet; Quran as his revelations Prayer (salaat) at mosque, 5 times/day Charity (zakaat) of

377 views • 13 slides
Islam A Brief Look from a Christian Perspective Introduction Islam: The fastest growing

Islam A Brief Look from a Christian Perspective Introduction Islam: The fastest growing

Islam A Brief Look from a Christian Perspective Introduction Islam: The fastest growing religion? Growing in influence even in America So many aspects: Political Cultural Spiritual Brief Highlight Islam: Muhammad's

381 views • 21 slides
Coupled conges-on control for RTP media

Coupled conges-on control for RTP media

Coupled conges-on control for RTP media dra$-welzl-rmcat-coupled-cc-02 Michael Welzl, Safiqul Islam, Stein Gjessing RMCAT @ 88th IETF Mee/ng

182 views • 14 slides
TCP-CCC: single-path TCP congestion control coupling draft-welzl-tcp-ccc-00 Michael Welzl,

TCP-CCC: single-path TCP congestion control coupling draft-welzl-tcp-ccc-00 Michael Welzl,

TCP-CCC: single-path TCP congestion control coupling draft-welzl-tcp-ccc-00 Michael Welzl, Safiqul Islam , Kristian Hiorth, You Jianjie ICCRG 97th IETF Meeting Seoul, South Korean Nov 15 2017 1 Motivation Parallel TCP connections between

279 views • 16 slides
BlueTTT A Bluetooth Based P2P Tic Tac Toe Game Developed as a partial fulfillment of the

BlueTTT A Bluetooth Based P2P Tic Tac Toe Game Developed as a partial fulfillment of the

BlueTTT A Bluetooth Based P2P Tic Tac Toe Game Developed as a partial fulfillment of the requirements of ID2216 Sumanta Saha Md Sakhawat Hossen Md Safiqul Islam sumanta, hossen, islam3 @kth.se Project Target Main objectives of the

599 views • 14 slides
The Nature and Triumph of Islam The Nature and Triumph of Islam The Nature and Triumph of Islam

The Nature and Triumph of Islam The Nature and Triumph of Islam The Nature and Triumph of Islam

The Nature and Triumph of Islam The Nature and Triumph of Islam The Nature and Triumph of Islam The Nature and Triumph of Islam introduction introduction: Early arabia : Early arabia the Saudi Arabian peninsula is mostly desert

566 views • 56 slides
CONVERSION TO ISLAM: A STUDY OF THE CONVERSION MOTIFS OF THE IGBO CHRISTIANS TO ISLAM Chinyere

CONVERSION TO ISLAM: A STUDY OF THE CONVERSION MOTIFS OF THE IGBO CHRISTIANS TO ISLAM Chinyere

CONVERSION TO ISLAM: A STUDY OF THE CONVERSION MOTIFS OF THE IGBO CHRISTIANS TO ISLAM Chinyere .F. Priest (PhD) 8 th Lausanne International Researchers Conference APRIL 30 TH MAY 5 TH 2018 Background Last century, Christianity was

237 views • 21 slides
A NEW HOD BASED INTRUSION DETECTION SYSTEM FOR WIRELESS SENSOR NETWORK IK2206: Internet Security

A NEW HOD BASED INTRUSION DETECTION SYSTEM FOR WIRELESS SENSOR NETWORK IK2206: Internet Security

A NEW HOD BASED INTRUSION DETECTION SYSTEM FOR WIRELESS SENSOR NETWORK IK2206: Internet Security and Privacy Sumanta Saha Md. Safiqul Islam Md. Sakhawat Hossen W IRELESS A D H OC N ETWORK Wireless ad hoc networks are autonomous nodes that

372 views • 15 slides
Inside The Radical Mind Structure of the Day God and Allah Islam in the

Inside The Radical Mind Structure of the Day God and Allah Islam in the

Inside The Radical Mind Structure of the Day God and Allah Islam in the UK today Chris5an Response Lunch Islam and Radical Islam - Sami and

727 views • 28 slides
What is Christmas? What is Christmas? Islam Explains Islam Explains National Nasirat Team

What is Christmas? What is Christmas? Islam Explains Islam Explains National Nasirat Team

What is Christmas? What is Christmas? Islam Explains Islam Explains National Nasirat Team Qudoos Bhatti, Sabahat Pall, Attiya Ghani Jaziba Bahri, Rabia Anwar, Amna Anwar What is Christmas? What is Christmas? Christmas is the annual

152 views • 14 slides
Islam: Myths and Reality Terminology: The religion is called ISLAM. The people are MUSLIMS.

Islam: Myths and Reality Terminology: The religion is called ISLAM. The people are MUSLIMS.

Islam: Myths and Reality Terminology: The religion is called ISLAM. The people are MUSLIMS. 2 Myth #1: Most Muslims are Arabs who live in the Middle East. 3 Reality: Of more than 1 billion Muslims worldwide, only about 1/5 are

1.27k views • 50 slides
IS ISLAM HOW TO EFFECTIVELY MINISTER TO THE MUSLIM BROTHER AND SISTER The founder of

IS ISLAM HOW TO EFFECTIVELY MINISTER TO THE MUSLIM BROTHER AND SISTER The founder of

IS ISLAM HOW TO EFFECTIVELY MINISTER TO THE MUSLIM BROTHER AND SISTER The founder of Islam is the prophet Muhammad. He was born around the year AD 570 in the commercial city of Mecca. He began his prophetic ministry at the age of 40

496 views • 47 slides
ISLAM Submitting Ourselves to Gods Will A Conceptual Overview Dr. Yahia Abdul-Rahman

ISLAM Submitting Ourselves to Gods Will A Conceptual Overview Dr. Yahia Abdul-Rahman

ISLAM Submitting Ourselves to Gods Will A Conceptual Overview Dr. Yahia Abdul-Rahman YARAHMAN@MSN.com +1-626-255-2181 +1-626-818-0855 THE WAVES of ISLAM in AMERICA The 19 th Century: African Muslim Slaves to Work in American Plantations.

585 views • 12 slides
Use of midazolam as a 1 st line anticonvulsant in neonatal seizures Dr. SM Rafiqul Islam 1 Dr. SM

Use of midazolam as a 1 st line anticonvulsant in neonatal seizures Dr. SM Rafiqul Islam 1 Dr. SM

Use of midazolam as a 1 st line anticonvulsant in neonatal seizures Dr. SM Rafiqul Islam 1 Dr. SM Rafiqul Islam 1 Dr. Khurshid Talukder 2 Ms. Monira Akter 3 Prof. Soofia Khatoon 4 1 Senior Consultant Paediatrician 2 Director Research and Senior

720 views • 22 slides
PRISMACLOUD Privacy and Security Maintaining Services in the Cloud Thomas Loruenser AIT Austrian

PRISMACLOUD Privacy and Security Maintaining Services in the Cloud Thomas Loruenser AIT Austrian

PRISMACLOUD Privacy and Security Maintaining Services in the Cloud Thomas Loruenser AIT Austrian Institute of Technology GmbH FOC2015 Vienna / 17.06.2015 Challenges for Future ICT Systems Cloud computing will be at the heart of future ICT

426 views • 17 slides
Securing communication in WSN trough use of cryptography Ace Dimitrievski Biljana Stojkoska

Securing communication in WSN trough use of cryptography Ace Dimitrievski Biljana Stojkoska

Faculty of Electrical Engineering - Skopje Securing communication in WSN trough use of cryptography Ace Dimitrievski Biljana Stojkoska Kire Trivodaliev Danco Davcev NATO-ARW, Suceava, September 4-8, 2006 {ace, biljana.stojkoska,

201 views • 18 slides
Pr rtr rtt

Pr rtr rtt

Pr rtr rtt t r rt

265 views • 25 slides
Should Elliptic Curve Cryptography Really be Deprecated? Connor Adsit cda8519@rit.edu May 13,

Should Elliptic Curve Cryptography Really be Deprecated? Connor Adsit cda8519@rit.edu May 13,

Should Elliptic Curve Cryptography Really be Deprecated? Connor Adsit cda8519@rit.edu May 13, 2016 Objectives Suite B Cryptography The controversial NSA statement A brief history of ECC (and the NSAs involvement) Why would

351 views • 17 slides
Secure Coprocessor What is Secure coprocessor: Robust. (A system that is not easily or is

Secure Coprocessor What is Secure coprocessor: Robust. (A system that is not easily or is

Secure Coprocessor What is Secure coprocessor: Robust. (A system that is not easily or is not wholly affected by a bug in one aspect of it. ) General-purpose computational environments. Secure temper responsive physical package.

366 views • 14 slides
PROJECT RHAPSODY Credential Vault for Personal and Enterprise Use 1 WHAT IS RHAPSODY? A

PROJECT RHAPSODY Credential Vault for Personal and Enterprise Use 1 WHAT IS RHAPSODY? A

RSA LABS PROJECT RHAPSODY Credential Vault for Personal and Enterprise Use 1 WHAT IS RHAPSODY? A credential management service that allows individuals and employees to securely and seamlessly access any app from any device. 2 RHAPSODY

239 views • 9 slides
BAE Systems Proposed Acquisitions of: Collins Aerospaces Military Global Positioning Systems

BAE Systems Proposed Acquisitions of: Collins Aerospaces Military Global Positioning Systems

1 BAE Systems Proposed Acquisitions of: Collins Aerospaces Military Global Positioning Systems business GPS Business and Raytheons Airborne Tactical Radios business Radios Business 20 January 2020 Beta SENSITIVE 2

162 views • 14 slides
Security Essentials for IoT Product Developers Intel Global IoT DevFest 2017 Louis Parks, CEO

Security Essentials for IoT Product Developers Intel Global IoT DevFest 2017 Louis Parks, CEO

11/7/2017 Security Essentials for IoT Product Developers Intel Global IoT DevFest 2017 Louis Parks, CEO LParks@SecureRF.com Derek Atkins, CTO Datkins@SecureRF.com Authentication and Data Protection For the Smallest Internet of Things

430 views • 16 slides

More recommend