Secure communication channel mechanisms for isolated networks

Karadağ, Gökdeniz
Current network security solutions are consisted of a single host, with network interfaces of the host connected to protected and external networks at the same time. This design ensures security by restricting traffic flow to a single point, where it can be examined and acted on by a set of rules. However, this design also has a flaw and a single point of failure, that being the vulnerabilities in the security device itself. An adversary would have unhindered access to protected networks if a vulnerability in the security device itself leads to its compromise. To prevent this possibility, high-security networks are completely isolated from external networks, by prohibiting any network connection and constituting a so-called air gap in between. But, data transfer needs do arise between external networks and high-security networks, and in current technology this problem does not have a solution without human intervention. In this theses, we propose a set of mechanisms that allows near-realtime data transfers between high-security network and external networks, without requiring any human intervention. The design consists of two hosts connected via a shared storage, transferring only application layer data between networks. This prevents attacks targeting network stacks of the security device's OS, and confines a compromised security device to the network that it is already connected to. In case of a compromise the amount of possible unwanted traffic to and from the high-security network is vastly reduced.


Performance evaluation of routing protocols in wireless ad hoc networks with service differentiation
Yılmaz, Semra; Koçyiğit, Altan; Erten, Murat; Department of Information Systems (2003)
An ad hoc network is a collection of wireless mobile nodes dynamically forming a temporary network without the use of any fixed network infrastructure or centralized administration. Due to the limitations in the wireless environment, it may be necessary for one mobile host to enlist the aid of other hosts in forwarding a packet to its destination. In order to enable communication within the network, a routing protocol is needed to discover routes between nodes. The primary goal of ad hoc network routing pro...
Machine learning algorithms for accurate flow-based network traffic classification: Evaluation and comparison
Soysal, Murat; Schmidt, Şenan Ece (Elsevier BV, 2010-06-01)
The task of network management and monitoring relies on an accurate characterization of network traffic generated by different applications and network protocols. We employ three supervised machine learning (ML) algorithms, Bayesian Networks, Decision Trees and Multilayer Perceptrons for the flow-based classification of six different types of Internet traffic including peer-to-peer (P2P) and content delivery (Akamai) traffic. The dependency of the traffic classification performance on the amount and composi...
Optimal resource allocation algorithms for efficient operation of wireless networks
Özel, Ömür; Uysal Bıyıkoğlu, Elif; Department of Electrical and Electronics Engineering (2009)
In this thesis, we analyze allocation of two separate resources in wireless networks: transmit power and buffer space. Controlled allocation of power can provide good performance for both users and the network. Although centralized mechanisms are possible, distributed power control algorithms are preferable for efficient operation of the network. Viewing distributed power allocation as the collection of rational decisions of each user, we make game theoretic problem formulations, devise distributed algorith...
Software implementations of QoS scheduling algorithms for high speed networks /
Pehlivanlı, Aydın; Schmidt, Şenan Ece; Department of Electrical and Electronics Engineering (2015)
The end to end Quality of Service (QoS) support for the dominating multimedia traffic in the contemporary computer networks is achieved by implementing schedulers in the routers and deploying traffic shapers. To this end, realistic modeling and simulation of these components is essential for network performance evaluation. The first contribution of this thesis is the design and implementation of a C++ simulator QueST (Quality of Service simulaTor) for this task. QueST is a modular cycle accurate simulator w...
Placement of 5G RAN Slices in Multi-tier O-RAN 5G Networks with Flexible Functional Splits
Sarikaya, Egemen; Onur, Ertan (2021-01-01)
The network slicing concept has gained much attention with the development of software-defined network and network function virtualization technologies, enabling logically isolated networks for different purposes in the same network infrastructure. The virtualization of network functions enables the functional split of radio access network functions to fulfill different 5G radio access network requirements. Functional split can be expressed as deciding the distribution of radio access network functionalitie...
Citation Formats
G. Karadağ, “Secure communication channel mechanisms for isolated networks,” M.S. - Master of Science, Middle East Technical University, 2009.