Internet Services and Security

This thesis presents my research on IP Traceback and on QoS admission control. It also includes a brief discussion about the security problems we are facing today and how adding new network services affects the original Internet design. Internet security is an ever rising problem. One identified problem is that the basic Internet design, with mutual trust between the communicating entities and stateless intermediate nodes, does not provide any functions that will reveal the path a packet with incorrect source address has travelled through the network. In an attack situation this makes it really difficult for the victim to fight the attack. IP Traceback refers to the mechanism of tracing an IP packet back to its source. In the work presented in this thesis, a selection of the most promising proposals on IP Traceback, using packet marking, are evaluated and also compared with our new proposal. Quality of service in the Internet is becoming a reality. The idea is to split Internet traffic into different forwarding classes, where each class will be provided a specified quality in terms of bandwidth, delay and loss. Some type of admission control algorithm may be used to decide which flows to admit and which to reject. From the operator perspective the ideal situation is to find the threshold where you reach a maximum utilization of the reserved bandwidth for a specific class, without violating the stated QoS objectives. Several admission control algorithms have been proposed, but do not seem to reach deployment. The motivation for the work presented in this thesis was to design an algorithm that should be simple, yet robust, and easily deployed in existing Internet infrastructure. The core idea of our proposal is to use existing router mechanisms, originally used for traffic shaping and policing, to measure current traffic load. We then utilize the delta between reserved capacity according to peak rate, and measurments, to make current and future admission limit estimations.