A Framework for Digital Investigation of Peer-to-Peer (P2P) Networks. An Investigation into the Security Challenges and Vulnerabilities of Peer-to-Peer Networks and the Design of a Standard Validated Digital Forensic Model for Network Investigations

View/ Open
PhD Thesis (5.012Mb)
Download
Publication date
2022Author
Musa, Ahmad S.Supervisor
Awan, Irfan U.Keyword
Peer-to-Peer (P2P) networksDigital forensics
Models
Investigation
Network security
Validation
Evidence
Detection
Rights

The University of Bradford theses are licenced under a Creative Commons Licence.
Institution
University of BradfordDepartment
Department of Computer Science. Faculty of Engineering and InformaticsAwarded
2022
Metadata
Show full item recordAbstract
Peer-to-Peer (P2P) Networks have been presenting many fascinating capabilities to the internet since their inception, which has made and is still gathering so much interest. As a result, it is being used in many domains, particularly in transferring a large amount of data, which is essential for modern computing needs. A P2P network contains many independent nodes to form a highly distributed system. These nodes are used to exchange all kinds of files without using a single server as in a Client-Server architecture. Such types of files make the network highly vulnerable to malicious attackers. Nevertheless, P2P systems have become susceptible to different malicious attacks due to their widespread usage, including the threat of sharing malware and other dangerous programs, which can be significantly damaging and harmful. A significant obstacle with the current P2P network traffic monitoring and analysis involves many newly emerging P2P architectures possessing more intricate communication structures and traffic patterns than the traditional client-server architectures. The traffic volume generated by these networks, such as uTorrent, Gnutella, Ares, etc., was once well over half of the total internet traffic. The dynamic use of port numbers, multiple sessions, and other smart features of these applications complicate the characterization of current P2P traffic. Transport-level traffic identification is a preliminary but required step towards traffic characterization, which this thesis addresses. Therefore, a novel detection mechanism that relies on transport-level traffic characterization has been presented for P2P network investigation The importance of the investigation necessitates the formalization of frameworks to leverage the integration of forensics standards and accuracy to provide integrity to P2P networks. We employed the standard Analysis, Design, Development, Implementation, and Evaluation (ADDIE) model to aid a credible digital investigation. We considered the ADDIE model for validation as a standard digital forensic model for P2P network investigations using the United States’ Daubert Standard, the United Kingdom's Forensic Science Regulator Guidance – 218 (FSR-G-218), and Forensic Science Regulator Guidance – 201 (FSR-G-201) methodologies. The solution was evaluated using a realistic P2P investigation and showed accurate load distribution and reliable digital evidence.Type
ThesisQualification name
PhDCollections
Related items
Showing items related by title, author, creator and subject.
-
Network Coding for Multihop Wireless Networks: Joint Random Linear Network Coding and Forward Error Correction with Interleaving for Multihop Wireless NetworksHu, Yim Fun; Pillai, Prashant; Susanto, Misfa (University of BradfordFaculty of Engineering and Informatics. School of Electrical Engineering and Computer Science, 2015)Optimising the throughput performance for wireless networks is one of the challenging tasks in the objectives of communication engineering, since wireless channels are prone to errors due to path losses, random noise, and fading phenomena. The transmission errors will be worse in a multihop scenario due to its accumulative effects. Network Coding (NC) is an elegant technique to improve the throughput performance of a communication network. There is the fact that the bit error rates over one modulation symbol of 16- and higher order- Quadrature Amplitude Modulation (QAM) scheme follow a certain pattern. The Scattered Random Network Coding (SRNC) system was proposed in the literature to exploit the error pattern of 16-QAM by using bit-scattering to improve the throughput of multihop network to which is being applied the Random Linear Network Coding (RLNC). This thesis aims to improve further the SRNC system by using Forward Error Correction (FEC) code; the proposed system is called Joint RLNC and FEC with interleaving. The first proposed system (System-I) uses Convolutional Code (CC) FEC. The performances analysis of System-I with various CC rates of 1/2, 1/3, 1/4, 1/6, and 1/8 was carried out using the developed simulation tools in MATLAB and compared to two benchmark systems: SRNC system (System-II) and RLNC system (System- III). The second proposed system (System-IV) uses Reed-Solomon (RS) FEC code. Performance evaluation of System IV was carried out and compared to three systems; System-I with 1/2 CC rate, System-II, and System-III. All simulations were carried out over three possible channel environments: 1) AWGN channel, 2) a Rayleigh fading channel, and 3) a Rician fading channel, where both fading channels are in series with the AWGN channel. The simulation results show that the proposed system improves the SRNC system. How much improvement gain can be achieved depends on the FEC type used and the channel environment.
-
An Exposition of Performance-Security Trade-offs in RANETs Based on Quantitative Network ModelsMiskeen, Guzlan M.A.; Kouvatsos, Demetres D.; Habib Zadeh, Esmaeil (2013)Security mechanisms, such as encryption and authentication protocols, require extra computing resources and therefore, have an adverse effect upon the performance of robotic mobile wireless ad hoc networks (RANETs). Thus, an optimal performance and security trade-off should be one of the main aspects that should be taken into consideration during the design, development, tuning and upgrading of such networks. In this context, an exposition is initially undertaken on the applicability of Petri nets (PNs) and queueing networks (QNs) in conjunction with their generalisations and hybrid integrations as robust quantitative modelling tools for the performance analysis of discrete flow systems, such as computer systems, communication networks and manufacturing systems. To overcome some of the inherent limitations of these models, a novel hybrid modelling framework is explored for the quantitative evaluation of RANETs, where each robotic node is represented by an abstract open hybrid G-GSPN_QN model with head-of-line priorities, subject to combined performance and security metrics (CPSMs). The proposed model focuses on security processing and state-based control and it is based on an open generalised stochastic PN (GSPN) with a gated multi-class 'On-Off' traffic and mobility model. Moreover, it employs a power consumption model and is linked in tandem with an arbitrary QN consisting of finite capacity channel queues with blocking for 'intra' robot component-to-component communication and 'inter' robot-to-robot transmission. Conclusions and future research directions are included.
-
Performance and Security Trade-offs in High-Speed Networks. An investigation into the performance and security modelling and evaluation of high-speed networks based on the quantitative analysis and experimentation of queueing networks and generalised stochastic Petri nets.Kouvatsos, Demetres D.; Miskeen, Guzlan M.A. (University of BradfordDepartment of Computing, 2014-05-30)Most used security mechanisms in high-speed networks have been adopted without adequate quantification of their impact on performance degradation. Appropriate quantitative network models may be employed for the evaluation and prediction of ¿optimal¿ performance vs. security trade-offs. Several quantitative models introduced in the literature are based on queueing networks (QNs) and generalised stochastic Petri nets (GSPNs). However, these models do not take into consideration Performance Engineering Principles (PEPs) and the adverse impact of traffic burstiness and security protocols on performance. The contributions of this thesis are based on the development of an effective quantitative methodology for the analysis of arbitrary QN models and GSPNs through discrete-event simulation (DES) and extended applications into performance vs. security trade-offs involving infrastructure and infrastructure-less high-speed networks under bursty traffic conditions. Specifically, investigations are carried out focusing, for illustration purposes, on high-speed network routers subject to Access Control List (ACL) and also Robotic Ad Hoc Networks (RANETs) with Wired Equivalent Privacy (WEP) and Selective Security (SS) protocols, respectively. The Generalised Exponential (GE) distribution is used to model inter-arrival and service times at each node in order to capture the traffic burstiness of the network and predict pessimistic ¿upper bounds¿ of network performance. In the context of a router with ACL mechanism representing an infrastructure network node, performance degradation is caused due to high-speed incoming traffic in conjunction with ACL security computations making the router a bottleneck in the network. To quantify and predict the trade-off of this degradation, the proposed quantitative methodology employs a suitable QN model consisting of two queues connected in a tandem configuration. These queues have single or quad-core CPUs with multiple-classes and correspond to a security processing node and a transmission forwarding node. First-Come-First-Served (FCFS) and Head-of-the-Line (HoL) are the adopted service disciplines together with Complete Buffer Sharing (CBS) and Partial Buffer Sharing (PBS) buffer management schemes. The mean response time and packet loss probability at each queue are employed as typical performance metrics. Numerical experiments are carried out, based on DES, in order to establish a balanced trade-off between security and performance towards the design and development of efficient router architectures under bursty traffic conditions. The proposed methodology is also applied into the evaluation of performance vs. security trade-offs of robotic ad hoc networks (RANETs) with mobility subject to Wired Equivalent Privacy (WEP) and Selective Security (SS) protocols. WEP protocol is engaged to provide confidentiality and integrity to exchanged data amongst robotic nodes of a RANET and thus, to prevent data capturing by unauthorised users. WEP security mechanisms in RANETs, as infrastructure-less networks, are performed at each individual robotic node subject to traffic burstiness as well as nodal mobility. In this context, the proposed quantitative methodology is extended to incorporate an open QN model of a RANET with Gated queues (G-Queues), arbitrary topology and multiple classes of data packets with FCFS and HoL disciplines under bursty arrival traffic flows characterised by an Interrupted Compound Poisson Process (ICPP). SS is included in the Gated-QN (G-QN) model in order to establish an ¿optimal¿ performance vs. security trade-off. For this purpose, PEPs, such as the provision of multiple classes with HoL priorities and the availability of dual CPUs, are complemented by the inclusion of robot¿s mobility, enabling realistic decisions in mitigating the performance of mobile robotic nodes in the presence of security. The mean marginal end-to-end delay was adopted as the performance metric that gives indication on the security improvement. The proposed quantitative methodology is further enhanced by formulating an advanced hybrid framework for capturing ¿optimal¿ performance vs. security trade-offs for each node of a RANET by taking more explicitly into consideration security control and battery life. Specifically, each robotic node is represented by a hybrid Gated GSPN (G-GSPN) and a QN model. In this context, the G-GSPN incorporates bursty multiple class traffic flows, nodal mobility, security processing and control whilst the QN model has, generally, an arbitrary configuration with finite capacity channel queues reflecting ¿intra¿-robot (component-to-component) communication and ¿inter¿-robot transmissions. Two theoretical case studies from the literature are adapted to illustrate the utility of the QN towards modelling ¿intra¿ and ¿inter¿ robot communications. Extensions of the combined performance and security metrics (CPSMs) proposed in the literature are suggested to facilitate investigating and optimising RANET¿s performance vs. security trade-offs. This framework has a promising potential modelling more meaningfully and explicitly the behaviour of security processing and control mechanisms as well as capturing the robot¿s heterogeneity (in terms of the robot architecture and application/task context) in the near future (c.f. [1]. Moreover, this framework should enable testing robot¿s configurations during design and development stages of RANETs as well as modifying and tuning existing configurations of RANETs towards enhanced ¿optimal¿ performance and security trade-offs.