| dc.description.abstract | The purpose of this research thesis was to design and implement an adaptive congestion control algorithm for virtualized cloud data communication. A congested network leads to packet losses and delays, which in extreme cases can lead to denial of service. Continued denial of services compromises availability, which is one of the goals of information security. The current congestion control algorithms require that the receiver supply the sender with acknowledgement numbers and sequence numbers of the received packets, so that the sender's congestion window can be adjusted accordingly. Unfortunately, these parameters can be captured by an intruder and utilized to carry out sequence number prediction and session hijacking attacks, both of which can compromise confidentiality and integrity of the communication process. To address these challenges, this research thesis developed an adaptive congestion control algorithm which probed the network conditions and transmitted packets, the sizes of which depended on the prevailing network status, without depending on receiver acknowledgement numbers and sequence numbers. The study specific objectives were to: investigate the security challenges of the current congestion control algorithms; determine the values of congestion window and slow start threshold values in a cloud environment; cluster network traffic into finite sets based on the round trip times; design and implement an adaptive congestion control algorithm to transmit the varying-sized finite traffic; and evaluate the security performance of the developed algorithm in a virtualized cloud server environment. To achieve these objectives, a quantitative research design using both simulation and experimental approaches was adopted. The simulation tools that were used provided the data required for this study. These data were presented in tabular and figure format to facilitate the required interpretations. The findings indicated that the current congestion control algorithms were prone to a number of attacks, exampled by sequence number prediction and session hijacking. The initial congestion window was observed to be 1460 bytes while the value of the slow start threshold was 65535 bytes. The developed algorithm adopted the fast retransmit and recovery approach due to their efficient utilization of the available bandwidth. Thereafter, traffic was clustered and transmitted based on the prevailing value of the round trip times. In addition, the adaptive congestion control algorithm developed employed dynamic TCP pacing, in which packets were spaced apart depending on the existing network conditions. The evaluation of this algorithm showed that it quickly adjusted to the available network bandwidth, and it had less time and space complexity compared to current congestion control algorithms. Since it never utilized receiver explicit information such as acknowledgement numbers and sequence numbers, it was immune from sequence number prediction, transmission control protocol synchronization flooding and session hijacking attacks. | en_US |