Skip to main content

Enhancements to the SOCKS network security protocol, 2008

 Item — Call Number: MU Thesis Sun
Identifier: b2090076

Scope and Contents

From the Collection:

The collection consists of theses written by students enrolled in the Monmouth University graduate Computer Science program. The holdings are primarily bound print documents that were submitted in partial fulfillment of requirements for the Master of Science degree.

Dates

  • Creation: 2008

Creator

Conditions Governing Access

The collection is open for research use. Access is by appointment only.

Access to the collection is confined to the Monmouth University Library and is subject to patron policies approved by the Monmouth University Library.

Collection holdings may not be borrowed through interlibrary loan.

Research appointments are scheduled by the Monmouth University Library Archives Collections Manager (723-923-4526). A minimum of three days advance notice is required to arrange a research appointment for access to the collection.

Patrons must complete a Researcher Registration Form and provide appropriate identification to gain access to the collection holdings. Copies of these documents will be kept on file at the Monmouth University Library.

Extent

1 Items (print book) : 185 pages ; 8.5 x 11.0 inches (28 cm).

Language of Materials

English

Abstract

This thesis is the result of work done on extending the capabilities of SOCKS protocol. SOCKS is an application layer network security protocol deployed in firewalls, standardized in Request For Comments (RFC) 1928 by the Internet Engineering Task Force (IETF) as SOCKS Version 5.

There are two proposed extensions to the SOCKS protocol made and implemented in this thesis. The first extension is the addition of multicast capabilities to the SOCKS protocol. The current standard of the protocol does not support multicasting and is suitable only for securing unicast TCP and UDP based applications. Multicast sessions are typically blocked by network firewalls protecting enterprise networks because of the nature of IP multicast and the security threats associated with such sessions. In such networks, the goals for adding multicast capabilities in the SOCKS protocol are to stream multicast sessions through the network boundaries in a secure and controlled fashion, hiding internal multicast sessions from being visible outside the network and preventing unwanted multicast sessions from the internet from being relayed into the network.

The second proposed extension is UDP tunneling intended for networks where UDP datagrams are blocked by firewalls for security reasons. UDP tunneling can be used to establish a trusted channel for forwarding UDP datagrams via a TCP or TLS tunnel from application nodes on another network through an insecure network like the internet. Each network will have a firewall running the new SOCKS protocol. Socks clients on one network can request the SOCKS server to transport UDP datagrams to an application or end point on the other network. The SOCKS server at the originating end, upon receipt of this request, will act as a client to the SOCKS server on the destination network. After exchanging SOCKS protocol messages, the two SOCKS severs will open a tunnel for transporting UDP datagrams across the two networks.

The proposed extensions to the SOCKS protocol are prototyped in a reference implementation. Performance evaluation has been conducted in a simulated test environment in order to evaluate the new schemes using the throughput, response time and packet delay as performance metrics. The obtained results have shown that the new schemes perform well under heavy load and do not impact the overall performance of the SOCKS server. Moreover, the results are very close to the results that were obtained by running the same tests without the use of the SOCKS server in a non-firewall environment proving that the overhead added by the new schemes in the SOCKS server is minimal and acceptable.

Partial Contents

1. Introduction -- 2. Background and research -- 3. Proposed extensions -- 4. Performance and results -- 5. Conclusions and future work -- References -- Appendix A. Code listing.

Source

Repository Details

Part of the Monmouth University Library Archives Repository

Contact:
Monmouth University Library
400 Cedar Avenue
West Long Branch New Jersey 07764 United States
732-923-4526