Protocol Header Research Articles

Hidden and under control

Network covert channels are policy-breaking and stealthy communication channels in computer networks. These channels can be used to bypass Internet censorship, to exfiltrate data without raising attention, to allow a safe and stealthy communication for members of political oppositions and for spies, to hide the communication of military units at the battlefield from the enemy, and to provide stealthy communication for today’s malware, especially for botnets. To enhance network covert channels, researchers started to add protocol headers, so-called micro-protocols, to hidden payload in covert channels. Such protocol headers enable fundamental features such as reliability, dynamic routing, proxy capabilities, simultaneous connections, or session management for network covert channels—features which enrich future botnet communications to become more adaptive and more stealthy than nowadays. In this survey, we provide the first overview and categorization of existing micro-protocols. We compare micro-protocol features and present currently uncovered research directions for these protocols. Afterwards, we discuss the significance and the existing means for micro-protocol engineering. Based on our findings, we propose further research directions for micro-protocols. These features include to introduce multi-layer protocol stacks, peer auto-configuration, and peer group communication based on micro-protocols, as well as to develop protocol translation in order to achieve inter-connectivity for currently separated overlay networks.

IPMT, an IPv6 Packet Manipulation Tool: Design Considerations and Applications

To facilitate research into IPv6 protocol, we propose IPMT in this paper, an IPv6 packet manipulation tool that allows rapid encode and decapsulation of IPv6 frames. IPMT offers capabilities of IPv6 packet manipulation, such as packet encapsulation, packet decapsulation, and packet trace. We mainly focus on IPv6 protocols because most popular network tools that are currently used don't support IPv6. We describe the main features of IPMT and demonstrate how the IPMT programming class enables users to easily develop portable IPv6 packet analysis tools without needing to consider the details of the capture format, file compression or intermediate protocol headers. Unlike other popular network tools, IPMT can almost decode all layers all at once. We divide IPMT into two modules and implement the tool and test the tool in a real test scenario to show that the tool works well. At the same time, we design a versatile way of storing decoding information result. As a result, we conclude that IPMT is a valuable contribution to the passive measurement community that will aid the development of better and more reliable IPv6 analysis and network monitoring tools.

Secure transmission of morphed stego keys over internet using IP steganography

Image data security over the internet is very important today. Steganography is a method of embedding data into the images. Image morphing is a process of generating intermediate images from one image to another. The concept of image morphing is used for image steganography to achieve the high embedding capacity and image security. Stego keys were generated during morphing process. These stego keys are destination cover image, number of bits used for steganography, a number of intermediate images and sequence number of intermediate images. These stage keys are needed to transfer the image data securely over the internet. Internet protocol header identification field is used for carrying these stego keys securely without changing the actual purpose of identification field. This paper presents the mechanism to transfer the morphed stego keys securely over the internet using IP steganography.

Improvement in the Mobility of Mobile IPV6 Based Mobile Networks using Reverse Routing Header Protocol and Fast Handoff

Improvement in the Mobility of Mobile IPV6 Based Mobile Networks using Reverse Routing Header Protocol and Fast Handoff

The multicast system for seamless live multimedia in WLAN

This paper proposes the multicast system for seamless live multimedia in a wireless network. The multicast technique for live multimedia and a part of handover mechanism are performed on the buffered multicasting/switching agent (BMSA) in a wireless local area network (WLAN). The rest of the handover mechanism is performed on access points (APs). This paper uses a new Internet Protocol (IP) header that is composed of three AP numbers (AP_#s) and 1-bit overwrite bit (OB) to perform seamless service. The three AP_#s support a smooth handover for solving the cutoff service when mobile nodes (MNs) move among other APs in WLAN. The overhead for a new IP header (2 bytes long) is negligible in comparison with multimedia service, and the overhead for the multicast group address (MGA) packet that is used in the transmission of MGA is only 11 bits. The MGA packet is composed of two AP_#s, an overwriting group address (OGA) bit, and MGA. We confirmed that the proposed multicast system can decrease the number of channels required, the delay of service, and the possibility of packet duplication because multicast is not provided on the multimedia server but on the BMSA in WLAN.

Internet protocol header compression technology and its applicability on the tactical edge

The increased usage of net-centric IP applications at the tactical edge has pushed DoD communications systems to maximize bandwidth efficiency amid a limited availability of RF spectrum. One method of increasing bandwidth efficiency (especially with the desire to move to IPv6), is the use of IP header compression (IPHC) to compress headers from the network layer and above into small identifiers before sending to the link layer. Although widely used in cell phone technology, the tactical edge provides some unique challenges to traditional IPHC techniques including highly dynamic links and link conditions due to potential jamming threats and difficult environments, multi-hop scenarios due to lack of infrastructure, and a highly diverse set of radio systems lacking interoperability. In this article, we examine two common IP header compression schemes, Robust Header Compression (RFC 5225) and IP Header Compression (RFC 2507) and one experimental scheme, MANET IP header compression, and identify their current use and applicability in the tactical edge. Furthermore, we identify some challenges in implementing header compression schemes in emerging systems.

Data rate based adaptive thread assignment solution for combating the SlowPOST denial of service attack

Denial of Service (DoS) attacks represent a major threat to network security, especially in today's networked world. There has been significant research in this area, primarily focused on mitigating and preventing DoS attacks affecting transport layer services. This paper addresses issues arising from a new variation of a DoS attack, namely the SlowPOST attack that affects Application Layer services. In SlowPOST, the malicious clients send data at a slow rate after the connection is established, and the server is left waiting for the data to arrive. These attacks are particularly devastating due to their ability to resist detection due to their protocol compliance. In addition, such attacks do not require the massive resources that DoS attacks normally require, making them easier to launch. Some solutions for this issue have already been deployed in some commercial servers. These solutions are based on either monitoring traffic or enforcing a time limit on the transmission of the protocol headers. In order to achieve reliable detection, the detection parameters need to adapt to the constantly changing traffic. This paper proposes a novel algorithm that uses the data rate of connections to evolve a threshold for determining potential attackers in SlowPOST. This proposed method is tested by subjecting a server to an attack, and it was observed that in the absence of this method, the servicing of legitimate requests is not completed.

Ip Header Compression in IEEE 802.11 Mac Layer

In many services and applications the payload of the IP packet is almost of the same size or even smaller than the header. Over the end-to-end connection, comprised of multiple hops, these protocol headers are extremely important but over just one link (hop-to-hop) these headers serve no useful purpose. It is necessary to compress those headers, to save the bandwidth and use the expensive resources efficiently. To address this, we present an IP Header Compression (IPHC) technique for header compression. IEEE 802.11 (WLAN) is a technology that will play an important role in the next generations of wireless networks. WLAN technology doesnt support header compression techniques as part of the Medium Access Control layer at the moment. Header compression techniques such as IP Header Compression (IPHC) can be used to reduce the overhead of the IP-based traffic. The proposed system describes implementation of IPv4 and TCP header compression using IPHC as part of IEEE 802.11 MAC layer.

The Novel Application Model of Internet of Things Based on IPv6 Technology

Pv6 not only solves the problem of IP address deficient, also simplified the protocol header, and the success of the introduction of two new extension header AH and ESP. The Internet of things perceived terminal data format varied, unified management difficult operation, new business difficulty landing. The research of security Internet of things will mainly focus on the open web application security system, individual privacy protection mode of networking, security features, Internet safety laws formulation. The paper presents the novel application model of Internet of things based on IPv6 technology. Experimental results show that the proposed method has high efficiency.

Multi-Layer Iterative LDPC Decoding for Broadband Wireless Access Networks: A Recursive Shortening Algorithm

This paper presents a novel multi-layer iterative decoding scheme using deterministic bits to lower the decoding threshold of LDPC codes in wireless multimedia communication systems. These deterministic bits serve as known information in the LDPC decoding process to reduce the redundancy during data transmission. Unlike the existing work, our proposed scheme addresses the controllable deterministic bits, such as MPEG null packets, rather than the widely investigated protocol headers. In particular, our multi-layer scheme integrates deterministic bit identification into LDPC decoding process. This integration is able to make significant performance improvement if adequate deterministic bits are discovered. We find that the length of deterministic bits may vary from time to time, and the exploring of deterministic bits is associated to a series of shortened parity matrices during the decoding iterations. Accordingly, we develop a recursive LDPC shortening algorithm to match the dynamic length and facilitate the iterative identification of deterministic bits. Simulation results show that our proposed scheme can achieve considerable gain in today's most popular broadband wireless access networks such as WiMAX.

Deploying Internet Protocol Security in satellite networks using Transmission Control Protocol Performance Enhancing Proxies

SUMMARYApplications that use the reliable Transmission Control Protocol (TCP) have a significant degradation over satellite links. This degradation is mainly a consequence of the congestion control algorithm used by standard TCP, which is not suitable for overcoming the impairments of satellite networks. To alleviate this problem, two TCP Performance Enhancing Proxies (PEPs) can be deployed at the edges of the satellite segment. Then these PEPs can use different mechanisms such as snooping, spoofing and splitting to achieve a better TCP performance. In general, these mechanisms require the manipulation of the Internet Protocol (IP) and TCP headers that generates a problem when deploying the standard IP security (IPsec) protocol. The security services that IPsec offers (encryption and/or authentication) are based on the cryptographic protection of IP datagrams, including the corresponding IP and TCP headers. As a consequence, these cryptographic protections of IPsec conflict with the mechanisms that PEPs use to enhance the TCP performance in the satellite link. In this article, we detail the reasons that cause this conflict, and we propose three different approaches to deploy IPsec in a scenario with TCP PEPs. Our proposals provide different trade‐offs between security and TCP performance in some typical scenarios that use satellite networks. Copyright © 2012 John Wiley & Sons, Ltd.

IP/UDP Header Suppression for Signaling in an All-IP DVB Transmission System

This brief presents a simple method to suppress and re-build, if necessary, Internet Protocol and User Datagram Protocol headers for the transmission of signaling metadata when using an all-IP Digital Video Broadcasting (DVB) system. This technique will ease convergence of DVB transmission systems with the Internet. The predicted reduction in packet overhead for signaling when using this technique with the DVB Generic Stream Encapsulation (GSE) is reported.

Libtrace

This paper introduces libtrace, an open-source software library for reading and writing network packet traces. Libtrace offers performance and usability enhancements compared to other libraries that are currently used. We describe the main features of libtrace and demonstrate how the libtrace programming API enables users to easily develop portable trace analysis tools without needing to consider the details of the capture format, file compression or intermediate protocol headers. We compare the performance of libtrace against other trace processing libraries to show that libtrace offers the best compromise between development effort and program run time. As a result, we conclude that libtrace is a valuable contribution to the passive measurement community that will aid the development of better and more reliable trace analysis and network monitoring tools.

A new route optimization scheme for network mobility: Combining ORC protocol with RRH and using quota mechanism

Network mobility (NEMO) based on mobile IP version 6 has been proposed for networks that move as a whole. Route optimization is one of the most important topics in the field of NEMO. The current NEMO basic support protocol defines only the basic working mode for NEMO, and the route optimization problem is not mentioned. Some optimization schemes have been proposed in recent years, but they have limitations. A new NEMO route optimization scheme-involving a combination of the optimized route cache protocol (ORC) and reverse routing header (RRH) and the use of a quota mechanism for optimized sessions (OwR)-is proposed. This scheme focuses on balanced performance in different aspects. It combines the ORC and RRH schemes, and some improvements are made in the session selection mechanism to avoid blindness during route optimization. Simulation results for OwR show great similarity with those for ORC and RRH. Generally speaking, the OwR's performance is at least as good as that of the RRH, and besides, the OwR scheme is capable of setting up optimal routing for a certain number of sessions, so the performance can be improved and the cost of optimal routing in nested NEMO can be decreased.

Wider Adaptation and Enhancement of OpenFlow

This paper shows our design of three enhancements to the current OpenFlow technology. OpenFlow is a promising future internet enabling technology that has a great potential to improve the current Internet by providing new functionalities and a new control scheme and thus enabling new smarter applications to be created. Our study aims to provide OpenFlow with three new features; network equipment to equipment flow installation, low level header description, and a new type of inactive flows. Through which we aim to extend OpenFlow’s usability, by making it more self-aware and traffic-aware, by relieving some of the load off the OpenFlow controller, by enabling it to have the ability to forward and manipulate user defined protocol headers, and by providing OpenFlow with a method to support flows with strict timing requirements. Those modifications are proposed as a step forward towards encouraging a wider adoption of OpenFlow as an easily programed flow-based network technology that holds a great potential as a future Internet technology that can support newer and smarter class of applications.

A cross‐layer framework for IPsec over satellite links

AbstractThe traditional modular OSI‐layered architecture has served a major role in the development of a variety of protocols. However, as physical layer impairments become complex and time varying, a dynamic cross‐layer design can enable better performance. A Cross‐Layer Architecture (CLA) is proposed to improve performance of error‐tolerant applications running over UDP‐Lite. This approach to implementation introduces new challenges in protocol design, as well as in the area of security, where the study proposes a new method to enable IP security (IPsec) authentication and integrity services at the network layer. Target scenarios include satellite multicast for large‐scale delivery of data and video content. In this scenario, CLA can mitigate the effects of physical layer impairments and high latency. Numerical analysis has shown that a link design employing header compression and cross‐layer signalling may protect protocol headers and can reduce the probability of packet discard. To evaluate the feasibility of the CLA, these methods have been implemented as an extension to the IPsec protocol, named Cross‐Layer IPsec (CL‐IPsec). A satellite emulation platform was used to validate the implementation of CL‐IPsec and to evaluate the overall performance improvement resulting from the proposed CLA. Copyright © 2010 John Wiley & Sons, Ltd.

Adaptive Packetization for Conversational Video Service over IEEE 802.11 WLANs with Hidden Terminals

For IEEE 802.11-based wireless local area networks (WLANs), due to inherent random access mechanisms, it is very challenging to provision video services, which are subject to very stringent quality-of-service (QoS) constraints. Collision and fading are two main sources of packet loss in WLANs and as such, both are affected by the packetization at the medium access control (MAC) layer. While a larger packet is preferred to balance protocol header overhead, a shorter packet is less vulnerable to packet loss due to channel fading errors or staggered collisions in the presence of hidden terminals. In this paper, we exploit estimate of collision probabilities to adapt packetization for video frames. We first show analytically that the effective throughput is a unimodal function of packet size when considering both channel fading and staggered collisions. We then design an additive increase and multiplicative decrease (AIMD) packetization strategy which adjusts the MAC-layer packet size based on local estimate of staggered collision probability. It is demonstrated that the proposed approach can greatly improve the effective throughput of WLAN and reduce video frame transfer delay.

무선망에서 효율적인 멀티미디어 전송을 위한 헤더압축 알고리즘 연구

MoIP is technology to transmit a variety of multimedia over IP, but compared to traditional voice services require greater bandwidth and radio resources in a wireless environment has already reached the limits. Therefore, as a way to resolve this issue for header compression is a lot of research. SCTP protocol header compression using ROHC-SCTP has been research, ROHC-SCTP packet structure of the ROHC algorithm with different types and, SCTP header compression to apply the characteristics of the poor performance of many of these have drawbacks. Therefore, in this paper to solve these problems better header compression algorithm was designed. In this paper, the proposed algorithm to evaluate the NS-2 simulation environment was modeled on the header compression operation. Evaluation results, the algorithm designed in this paper compared to ROHC-SCTP algorithms determine the overhead rate was low, the data types vary a lot better when the total header size was small.

Detection of malicious traffic on back‐bone links via packet header analysis

PurposeThis study seeks to investigate modern internet back‐bone traffic in order to study occurrences of malicious activities and potential security problems within internet packet headers.Design/methodology/approachContemporary and highly aggregated back‐bone data have been analyzed regarding consistency of network and transport layer headers (i.e. IP, TCP, UDP and ICMP). Possible security implications of each anomaly observed are discussed.FindingsA systematic listing of packet header anomalies, together with their frequencies as seen “in the wild”, is provided. Inconsistencies in protocol headers have been found within almost every aspect analyzed, including incorrect or incomplete series of IP fragments, IP address anomalies and other kinds of header fields not following internet standards. Internet traffic was shown to contain many erroneous packets; some are the result of software and hardware errors, others the result of intentional and malicious activities.Practical implicationsThe study not only presents occurrences of header anomalies as observed in today's internet traffic, but also provides detailed discussions about possible causes for the inconsistencies and their security implications for networked devices.Originality/valueThe results are relevant for researchers as well as practitioners, and form a valuable input for intrusion detection systems, firewalls and the design of all kinds of networked applications exposed to network attacks.

Building self-optimized communication systems based on applicative cross-layer information

This article proposes the Implicit Packet Meta Header (IPMH) as a standard method to compute and represent common QoS properties of the Application Data Units (ADU) of multimedia streams using legacy and proprietary streams’ headers (e.g. Real-time Transport Protocol headers). The use of IPMH by mechanisms located at different layers of the communication architecture will allow implementing fine per-packet self-optimization of communication services regarding the actual application requirements. A case study showing how IPMH is used by error control mechanisms in the context of wireless networks is presented in order to demonstrate the feasibility and advantages of this approach.