Modern Internet routing gives end users little control over the paths their packets take and little evidence that packets followed an intended route after transmission. Although routing protocols such as BGP determine reachability at Internet scale, they do not provide packet-level guarantees that traffic traversed a chosen set of routers or avoided untrusted network regions. This gap is increasingly relevant for use cases involving regulatory compliance, data-residency requirements, security-sensitive communication, and post-incident forensic analysis. Existing approaches to path validation and source-controlled routing either require clean-slate deployment, rely on cryptographic primitives that are too expensive for programmable data planes, or introduce per-hop header overhead that grows with path length. This thesis investigates whether controllable packet forwarding can be combined with lightweight cryptographic path verification in programmable data planes. It presents Hermes, a prototype system that allows a sender to route packets through an ordered set of trusted switches and later verify that the packet traversed exactly that path. Hermes uses a compact in-band accumulator carried in each packet. Each switch on the authorised path shares a pool of secret keys and opcode assignments with a central Hermes server. As a packet passes through a switch, the switch applies a keyed operation to the accumulator using only P4-compatible arithmetic and bitwise operations. The receiver emits the resulting accumulator to the control plane, after which the Hermes server independently replays the computation and returns an "Accept" or "Reject" verdict. The design avoids data-plane AES, HMAC, modular exponentiation, and other primitives that are difficult to express in a P4 match-action pipeline. Instead, Hermes uses an optical Diffie--Hellman variant based on XOR and AND operations to provision per-switch key material, and a Galois Linear Feedback Shift Register (LFSR) to drive key-index selection after the initial key pool has been consumed. Replay protection is provided through per-flow sequence numbers, millisecond-resolution timestamps, and server-issued nonces. The prototype is implemented using P4, Python, and C++, and evaluated through a set of experiments measuring key-exchange latency, end-to-end verification latency, throughput and loss behaviour, key-rotation overhead, path-deviation detection, and header overhead. The evaluation shows that Hermes can perform key provisioning within millisecond-scale latency, verify packets with low and stable end-to-end latency across the tested probe rates, and detect the evaluated path-deviation and replay scenarios with perfect accuracy in the experimental setup. The protocol introduces a fixed per-packet header overhead rather than overhead that grows with path length. The security analysis shows that the accumulator construction provides practical path-integrity evidence under the stated threat model, but also identifies important limitations: repeated observations under key reuse remain the dominant source of cryptanalytic risk, the 32-bit accumulator limits the strength of the construction, and the key-exchange channel must be protected in a production deployment. Overall, Hermes demonstrates that programmable data planes can support a lightweight form of controllable and verifiable routing without relying on heavyweight cryptography in the forwarding path. The system should not be interpreted as a replacement for full Internet-scale architectures such as SCION or ICING; rather, it shows that switch-level path verification is feasible as an incremental building block for more accountable network infrastructures. ... Read more

Our challenge was to create a server program for retail RFID system with advanced message handling. However, RFID software solutions are heavily dependent on the requirements and use cases of the system. The developed solution allows for convenient interaction with RFID tags through different components of the designed system. The complete system has been developed with scalability and maintainability in mind and is thoroughly tested using unit testing, integration testing and end-to-end testing. ... Read more