|
|
Acceleration of Open vSwitch
Vodák, David ; Orsák, Michal (referee) ; Martínek, Tomáš (advisor)
Virtual switch is a program, which is used for connecting virtual machines to network and that is why it is a crucial part of server virtualization. However virtual switch is consuming too much performance of the server which it is running on. A measurement of Open vSwitch (OvS) indicates that for data speed of 10 Gb/s, approximately 4 cores of the processor are fully occupied. As the consumption of performance is directly proportional to transmission speed, it may eventually get to the point where the consumption of performance cannot be handled. This bachelor thesis is about acceleration of the Open vSwitch with the help of the DPDK Poll Mode Driver extended by support of the SR-IOV virtualization technology as well as the interface for offloading classification rules to hardware called RTE flow. In the scope of this thesis the SR-IOV is implemented and then tested on OvS. Furthermore, the RTE flow support was designed and partially implemented.
|
|
|
Extension of the Monitoring Probe with Wi-Fi Support
Findra, Michal ; Tisovčík, Peter (referee) ; Orsák, Michal (advisor)
The purpose of this work is to study Wi-Fi networks and their security and to create an extension for network probe, which is able to catch and analyze Wi-Fi traffic developed by The Accelerated Network Technologies (ANT) research group on FIT BUT. Study of software flexprobe components are described with proposal of wireless extension. Wi-Fi standards are described with their flaws and tools to crack Wi-Fi security with ability to intercept traffic on specific network. Implementation of wireless extension with testing is described in the last part of this thesis.
|
|
|
Acceleration of NAT and Packet Filter in FPGA for 10G Networks
Orsák, Michal ; Kořenek, Jan (referee) ; Viktorin, Jan (advisor)
This thesis deals with the design of a universal hardware acceleration unit for packet filtering in FPGA for 10G networks. Maximum count of rules is greatly increased by the use of external QDR-II memory. Parameters of accelerator are suitable for NAT, packet filtering and lawful interceptions. The platform uses variable number of processing units. One of them controls accelerator by USB port. The rest is used for network processing.
|
|
|
Analysis of Parameters of Packet Classification Rule Sets
Sabo, Jozef ; Orsák, Michal (referee) ; Matoušek, Jiří (advisor)
A theme of bachelor's thesis is an analysis of rules used for packet classification in computer networks. A theoretical part of the thesis introduces packet classification and describes the role of classification rules. This part also presents the format of classification rules utilized in real tools. Based on these information, a tool able to analyze IP 5-tuple classification rules in any format was designed and implemented. Output of the implemented tool is a parameter file containing different statistics and probability distributions of examined rule sets. This parameter file can be used for generating synthetic rule sets using ClassBench and ClassBench-ng tools. The final part of the thesis examines parameter files created by the implemented tool from available real rule sets.
|
|
| |
|
|
Wi-Fi Password Cracking
Šopf, Petr ; Tisovčík, Peter (referee) ; Orsák, Michal (advisor)
This bachelor's thesis deals with the issues of Wi-Fi networks security. The first part of thesis is about security options and issues related to those options. Next part compares most used tools for Wi-Fi attacks and lists features of those tools. Best tool is then used and software for sniffing communication between access point and client is created. Sniffing tool is created in two version, one version is used for standalone devices and another one for probe developed on FIT BUT.
|
|
|
Black-Box Analysis of Wi-Fi Stacks Security
Venger, Adam ; Orsák, Michal (referee) ; Malinka, Kamil (advisor)
Zariadenia, na ktoré sa každodenne spoliehame, sú stále zložitejšie a využívajú zložitejšie protokoly. Jedným z týchto protokolov je Wi-Fi. S rastúcou zložitosťou sa zvyšuje aj potenciál pre implementačné chyby. Táto práca skúma Wi-Fi protokol a použitie fuzz testingu pre generovanie semi-validných vstupov, ktoré by mohli odhaliť zraniteľné miesta v zariadeniach. Špeciálna pozornosť bola venovaná testovaniu Wi-Fi v systéme ESP32 a ESP32-S2. Výsledkom práce je fuzzer vhodný pre testovanie akéhokoľvek Wi-Fi zariadenia, monitorovací nástroj špeciálne pre ESP32 a sada testovacích programov pre ESP32. Nástroj neodhalil žiadne potenciálne zraniteľnosti.
|
|
|
Network Traffic Generator for Testing of Packet Classification Algorithms
Janeček, David ; Orsák, Michal (referee) ; Matoušek, Jiří (advisor)
Pokrok při zdokonalování klasifikačních algoritmů je zpomalován nedostatkem dat potřebných pro testování. Reálná data je obtížné získat z důvodu bezpečnosti a ochrany citlivých informací. Existují však generátory syntetických sad pravidel, jako například ClassBench-ng. K vyhodnocení správného fungování, propustnosti, spotřeby energie a dalších vlastností klasifikačních algoritmů je zapotřebí také vhodný síťový provoz. Tématem této práce je tvorba takového generátoru síťového provozu, který by umožnil testování těchto vlastností v kombinaci s IPv4, IPv6 a OpenFlow1.0 pravidly vygenerovanými ClassBench-ng. Práce se zabývá různými způsoby, jak toho dosáhnout, které vedly k vytvoření několika verzí generátoru. Vlastnosti jednotlivých verzí byly zkoumány řadou experimentů. Implementace byla provedena pomocí jazyku Python. Nejvýznamnějším výsledkem je generátor, který využívá principů několika zkoumaných přístupů k dosažení co nejlepších vlastností. Dalším přínosem je nástroj, který bylo nutné vytvořit pro analýzu užitých sad klasifikačních pravidel a vyhodnocení vlastností vygenerovaného síťového provozu.
|
|
|
Network Traffic Analysis Using NXP Processor and FPGA
Orsák, Michal ; Vrána, Roman (referee) ; Kořenek, Jan (advisor)
The primary goal of this thesis is to exploit possibilites of aa entirely new hardware based on NXP LS2088 and FPGA. The secondary goal is to create firmware for this processor working out-of-box and perform optimisations of existing software for L7 analysis. This software was deeply bound to a previous hardware platform. The network processor NXP LS2088 contains many hardware accellerators and a virtual reconfigurable network. This thesis exploits all hardware parts of on this platform. Many tweaks and optimizations were performed based on this analysis to achieve maximum efficieny of software for L7 analysis. There were many intensive optimisations like rewriting for the DPDK library and new hardware or hardware synchronization of worker threads of this application. The main result of this thesis is working platform with efficient L7 analysis software which actively uses accelerators in FPGA and NXP network processor. SDK for new platform is also prepared.
|
|
|
Traffic Analysis of Network Protocols Kerberos, NTLM, and SAML 2.0
Krůl, Michal ; Orsák, Michal (referee) ; Tisovčík, Peter (advisor)
This thesis engages the problem consisting of analysis and detection of the attacks carried out on the authentication protocols in the environment of network structures, like those used in big corporations. In~this thesis, the problem is examined in the light of the netflow analysis. Main content of the thesis is a simulation of the attacks targeting network architectures, where the authentication is served by mentioned protocols, and effort to detect these attack by the netflow monitoring. The outcome of this thesis is a draft, how to automatically detect the attacks carried out in the network structures, and plugin for the exporter of the Flowmon sond, the product of Flowmon Networks company, which will be extracting the information needed for the performance of the detection.
|
guest ::
