DRBDv8 Regression TestSuite

The “DRBDv8 Regression Testsuite” was designed to enforce rare, but fatal situations in the DRBDv8 pre-release. The testsuite executes and verifies predefined (but fully configurable) testcases by issueing the given commands on two or more nodes of a DRBD cluster. Before each testcase the so-called agents, who process the commands on local nodes, synchronize themselves so that resources can be accessed at the very same time.

The testsuite was developed in Perl in cooperation with Linbit. Two of our first three testcases were able to trigger an unhandled excecption in the DRBDv8 pre-release; and were fixed in the final release, of course.

Load Balancing of Virtual Machines

A framework based on the Red Hat Cluster Suite that enables virtualization technologies to load balance virtual machines with zero-downtime (live migration) among physical servers.

lb

The LBVM consists of several scripts that allow to load balance virtual machines (currently preconfigured: Xen and OpenVZ) among physical servers – the algorithm is fully configurable. LBVM uses the Red Hat Cluster Suite to provide high availability and rgmanager (part of the Red Hat Cluster Suite) to perform the actual migration. Developed cluster scripts for Xen and OpenVZ allow the rgmanager to perform live migrations with zero-downtime to provide maximum reliability and uptime. The load balancing algorithm uses preconfigured resources (cpu, mem, load; fully configurable) to decide when and where to move a virtual machine. Reports and migrations are logged and also available in human-readable format.

lb2

The project was developed during my time at the University and was honored with the “Best Project Award”. For more information check out theofficial page (link).

Security methods of the ePassport

This bachelor thesis in cooperation with NXP, analyzes the Austrian ePassport (MRTD with RFID chip) and outlines security and privacy issues, with corresponding emphasis on the implemented protocol (BAC, EAC).

epassport

Abstract:
The new ePassport, which contains a contact less smart card controller with the personal data of the passport holder, has already been issued in the middle of 2006 in several countries. The security methods of those passports are specified by the guidelines of the internationally civil aviation organization (ICAO) and used worldwide.
Several vulnerabilities could be found in the procedures by analyzing the security methods and investigating possible attacks. In particular, the access controls, which were developed for the protection of the personal data, offer a wide range of attacks. Without any optional protocols, it is even possible to gather the personal data of the passport holder while passing by. Even with the implementation of optional access controls and encrypted communication it is still possible to eavesdrop unnoticed from a several meters distance and decode the data within a few hours. In combination with the portrait of the passport holder, which is digitized in a very high quality on the chip and transferred with each passport control, the ePassport makes it possible to gather a new identity easily.
A serious problem is the possibility to uniquely identify an ePassports. Without optional protocols, person profiles and thus personal bombs can be built due to the personal data.
In 2008, the European Union stores further biometric data on the ePassport, which could be abused for certain access controls if the ePassport is stolen. Therefore, the question comes up whether the ePassport actually offers more security or is a huge risk, like renowned technologists state.

Written 2007 in cooperation with
NXP Semiconductors
Gratkorn, Austria