Computer networks

Network Function Virtualization (NFV) is an emerging technology that transforms legacy hardware-based network infrastructure into software-based virtualized networks. Instead of using dedicated hardware and network equipment, NFV relies on cloud and virtualization technologies to deliver network services to its users. These virtualized network services are considered better solutions than hardware-based network functions because their resources can be dynamically increased upon the consumer’s request. While their usefulness can’t be denied, they also have some security implications. In complex systems like NFV, the threats can come from a variety of domains due to it containing both the hardware and the virtualize entities in its infrastructure. Also, since it relies on software, the network service in NFV can be manipulated by external entities like third-party providers or consumers. This leads the NFV to have a larger attack surface than the traditional network infrastructure. In addition to its own threats, NFV also inherits security threats from its underlying cloud infrastructure. Therefore, to design a secure NFV system and utilize its full potential, we must have a good understanding of its underlying architecture and its possible security threats. Up until now, only imprecise models of this architecture existed. We try to improve this situation by using architectural modeling to describe and analyze the threats to NFV. Architectural modeling using Patterns and Reference Architectures (RAs) applies abstraction, which helps to reduce the complexity of NFV systems by defining their components at their highest level. The literature lacks attempts to implement this approach to analyze NFV threats. We started by enumerating the possible threats that may jeopardize the NFV system. Then, we performed an analysis of the threats to identify the possible misuses that could be performed from them. These threats are realized in the form of misuse patterns that show how an attack is performed from the point of view of attackers. Some of the most important threats are privilege escalation, virtual machine escape, and distributed denial-of-service. We used a reference architecture of NFV to determine where to add security mechanisms in order to mitigate the identified threats. This produces our ultimate goal, which is building a security reference architecture for NFV.

Cloud computing has provided many services to potential consumers, one of these services being the provision of network functions using virtualization. Network Function Virtualization is a new technology that aims to improve the way we consume network services. Legacy networking solutions are different because consumers must buy and install various hardware equipment. In NFV, networks are provided to users as a software as a service (SaaS). Implementing NFV comes with many benefits, including faster module development for network functions, more rapid deployment, enhancement of the network on cloud infrastructures, and lowering the overall cost of having a network system. All these benefits can be achieved in NFV by turning physical network functions into Virtual Network Functions (VNFs). However, since this technology is still a new network paradigm, integrating this virtual environment into a legacy environment or even moving all together into NFV reflects on the complexity of adopting the NFV system. Also, a network service could be composed of several components that are provided by different service providers; this also increases the complexity and heterogeneity of the system. We apply abstract architectural modeling to describe and analyze the NFV architecture. We use architectural patterns to build a flexible NFV architecture to build a Reference Architecture (RA) for NFV that describe the system and how it works. RAs are proven to be a powerful solution to abstract complex systems that lacks semantics. Having an RA for NFV helps us understand the system and how it functions. It also helps us to expose the possible vulnerabilities that may lead to threats toward the system. In the future, this RA could be enhanced into SRA by adding misuse and security patterns for it to cover potential threats and vulnerabilities in the system. Our audiences are system designers, system architects, and security professionals who are interested in building a secure NFV system.

Finite elds of the form F2m play an important role in coding theory and
cryptography. We show that the choice of how to represent the elements of these elds
can have a signi cant impact on the resource requirements for quantum arithmetic.
In particular, we show how the Gaussian normal basis representations and \ghost-bit
basis" representations can be used to implement inverters with a quantum circuit
of depth O(mlog(m)). To the best of our knowledge, this is the rst construction
with subquadratic depth reported in the literature. Our quantum circuit for the
computation of multiplicative inverses is based on the Itoh-Tsujii algorithm which
exploits the property that, in a normal basis representation, squaring corresponds
to a permutation of the coe cients. We give resource estimates for the resulting
quantum circuit for inversion over binary elds F2m based on an elementary gate set
that is useful for fault-tolerant implementation.
Elliptic curves over nite elds F2m play a prominent role in modern cryptography.
Published quantum algorithms dealing with such curves build on a short
Weierstrass form in combination with a ne or projective coordinates. In this thesis
we show that changing the curve representation allows a substantial reduction in the number of T-gates needed to implement the curve arithmetic. As a tool, we present
a quantum circuit for computing multiplicative inverses in F2m in depth O(mlogm)
using a polynomial basis representation, which may be of independent interest.
Finally, we change our focus from the design of circuits which aim at attacking
computational assumptions on asymmetric cryptographic algorithms to the design of
a circuit attacking a symmetric cryptographic algorithm. We consider a block cipher,
SERPENT, and our design of a quantum circuit implementing this cipher to be used
for a key attack using Grover's algorithm as in [18]. This quantum circuit is essential
for understanding the complexity of Grover's algorithm.

This thesis describes routing in mobile ad hoc wireless networks. Ad hoc networks are lack of wired backbone to maintain routes as mobile hosts move and power is on or off. Therefore, the hosts in ad hoc networks must cooperate with each other to determine routes in a distributed manner. Routing based on a connected dominating set is a frequently used approach, where the searching space for a route is reduced to nodes in small connected dominating set subnetwork. We propose a simple and efficient distributed algorithm for calculating connected dominating set in a given un-directed ad hoc network, then evaluate the proposed algorithm through simulation. We also discuss connected dominating set update/recalculation algorithms when the topology of the ad hoc network changes. We also explore the possible extension of using hierarchical connected dominating set. The shortest path routing and the dynamic source routing, which are based on the connected dominating set subnetwork, are discussed.

High speed ATM networks support a variety of communication services, that have different traffic characteristics, which causes the network to be congested quickly. An ATM network with different communication services, data, voice and video, is simulated to study the effect of congestion on network operation. A modified leaky bucket mechanism is used to shape the traffic entering the network, which improved the performance in terms of cell losses and cell delay. The original leaky bucket mechanism is so conservative, that it drops a large number of ATM cells. Another scheme called virtual leaky bucket is proposed in this thesis. In this scheme violating cells are marked and then allowed to enter the network. The scheme is simulated and its performance is compared to the leaky bucket mechanism. Shaped virtual leaky bucket with marking is shown to have much better performance as long as the minimum requirements of non-violating cells are guaranteed.

This thesis addresses issues faced in the practical implementation of a wireless ad hoc network (WAHN) protocol for data transmission. This study focuses on: (1) Evaluating existing hardware and software options available for the WAHN implementation. (2) Appraising the issues faced while implementing a practical wireless ad hoc protocol. (3) Applying a set of MAC protocol specifications developed for a wireless ad hoc data network to a practical test network. Specific to the above topics of interest, the following research tasks are performed: (1) An elaborate survey and relevant discussions on wireless MAC protocols. (2) A comprehensive study comparing various wireless transceivers is performed. Range, data rate, frequency, interfacing method and cost are the factors compared. (3) A simple, low-cost and low baud-rate transceiver is modified with appropriate interface circuits to support wireless communications. A more advanced transceiver is also considered and used for the software foundation of a practical implementation of the ad hoc and MAC protocols. The studies enable assessing the problems faced during the implementation and suggest solutions to resolve these problems. Further areas for study are also discussed.

Asynchronous Transfer Mode (ATM) Networks are based on connections that are multiplexed dynamically on a single link. For satisfactory performance in an ATM network, congestion control is extremely necessary to guarantee the negotiated Quality of Service (QoS) for every connection. Traffic shaping is a congestion control mechanism that alters the traffic characteristics of a stream of cells on a connection to achieve better network efficiency by meeting the QoS objectives. We study a model for Traffic Shaping, Second Order Leaky Bucket, which consists of two leaky buckets to police the Sustained Cell Rate (SCR) and Burst Tolerance (BT) for each ATM connection. With this algorithm, ATM cells enter the first leaky bucket and the Cells conforming to the first leaky bucket enter the ATM network with Cell Loss Priority set to zero (CLP = 0). Any cell non-conforming to the first leaky bucket is sent to a second leaky bucket, and will be tagged CLP = 1 only if found to be non-conforming to the second leaky bucket. Cells conforming to the second leaky bucket are allowed to enter the ATM network with CLP = 0. We simulate the second-order leaky bucket for traffic shaping and show the effectiveness of second order leaky bucket in protecting the QoS experienced by connections passing through a common internodal link queue.

In this thesis, a low interprocessor communication overhead and high performance data parallelism parallel application model in a network of workstations (NOWs) is proposed. Checkpointing and rollback technologies are used in this model for performance enhancement purpose. The proposed model is analyzed both theoretically and numerically. The simulation results show that a high performance of the parallel application model is expected. As a case study, the proposed model is used to the parallel Everglades Landscape Fire Model (ELFM) code which was developed by South Florida Water Management District (SFWMD). The parallel programming environment is Message-Passing Interface (MPI). A synchronous checkpointing and rollback mechanism is used to handle the spread of fire which is a dynamic and irregular component of the model. Results show that the performance of the parallel ELFM using MPI is significantly enhanced by the application of checkpointing and rollback.

This thesis addresses a method of deducing the statistical upper and lower bounds associated with the cell-transfer delay variations (CDVs) encountered by the cells transmitted in the asynchronous transfer mode (ATM) networks due to cell losses. This study focuses on: (1) Estimating CDV arising from multiplexing/switching for both constant bit rate and variable bit rate services via simulations. (2) Deducing an information-theoretics based new technique to get an insight of the combined BER-induced and multiplexing/switching-induced CDVs in ATM networks. Algorithms on the CDV statistics are derived and the lower and upper bounds of the statistics are obtained via simulations in respect of CBR and VBR traffics. These bounds bounds are useful in the cell-admission control (CAC) strategies adapted in ATM transmissions. Inferential remarks indicating the effects of traffic parameters (such as bandwidth, burstiness etc.) on the values of the statistical bounds are presented, and scope for further work is indicated.

Signal processing requires a steady flow of sampled data to be able to properly manipulate the signal to get the desired output. By using Asynchronous Transfer Mode (ATM) networks, it is possible to divide signal processing amongst a number of stations where each station can be specialized to a single function. Unfortunately, most commercially available ATM Network Interface Cards (NIC) only support message mode ATM Adaptation Layer 5 (AAL5) which is unsuitable to signal processing due to the delays of having to wait for an entire message to be formed prior to sending. It is shown that by using an ATM NIC using streaming mode AAL5, where cells are sent as soon as enough data to create an ATM cell of 48 bytes, leads to better quality signal processing. It is also shown that the message latency (time it takes for a message to traverse the network) is reduced by using streaming mode AAL5.