izpis_h1_title_alt

SPA Scalability in Software Defined Perimeter
ID Krmelj, Gregor Robert (Author), ID Ciglarič, Mojca (Mentor) More about this mentor... This link opens in a new window, ID Pančur, Matjaž (Comentor)

.pdfPDF - Presentation file, Download (549,40 KB)
MD5: 025624789EDDA69E75CFFA9CDA364DE7

Abstract
Single Packet Authorization (SPA) is a method of gaining network access to a network service by sending a single IP packet which contains all the necessary data to authenticate and authorize a particular client. The result of the exchange is a temporary firewall rule that enables the client access to the requested service. OpenSPA is an implementation of SPA which we have re-implemented from the ground up with countermeasures for Denial of Service (DoS) attacks and replaced the binary encoding protocol with a TLV variant. Using our testing environment with a 100 Gbit/s network we were able to defend against a 6.7 Mpps DoS attacks using a single CPU core and a 106 Mpps attack using 16 CPU cores.

Language:English
Keywords:SPA, Firewall, Network Security, eBPF, XDP, Network Protocol Design, Hidden Services
Work type:Master's thesis/paper
Typology:2.09 - Master's Thesis
Organization:FRI - Faculty of Computer and Information Science
Year:2022
PID:20.500.12556/RUL-142965 This link opens in a new window
COBISS.SI-ID:136683779 This link opens in a new window
Publication date in RUL:06.12.2022
Views:1247
Downloads:109
Metadata:XML DC-XML DC-RDF
:
Copy citation
Share:Bookmark and Share

Secondary language

Language:Slovenian
Title:Skalabilnost protokola SPA v programsko določenem robu omrežja
Abstract:
Preverjanje pristnosti z enim paketom (ang. Single Packet Authorization -- SPA) je metoda, s katero lahko pridobimo dostop do storitve izključno na podlagi enega paketa IP. V ta paket shranimo vse informacije, ki jih strežnik potrebuje, da lahko preveri pristnost zahtevka. V primeru, da imamo pravico do željene storitve, strežnik v požarnem zidu določi začasno pravilo, ki nam (odjemalcu) omogoči dostop. Med odprtokodne implementacije principa SPA spada tudi OpenSPA. V magistrski nalogi bomo predstavili našo novo implementacijo protokola OpenSPA. Novosti protokola sta zaščita ob napadih ohromitev storitve (ang. Denial of Service -- DoS) in binarno kodiranje podatkov v formatu TLV. Znotraj testnega okolja z omrežjem hitrosti 100 Gbit/s smo lahko obranili napad DoS velikosti 6.7 Mpps z uporabo 1 jedra in napad DoS velikosti 106 Mpps z uporabo 16 jeder.

Keywords:SPA, požarni zid, omrežna varnost, eBPF, XDP, omrežni protokoli, skrite storitve

Similar documents

Similar works from RUL:
Similar works from other Slovenian collections:

Back