The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
Covert channels are malicious conversation in a legitimate secured network communication that violates the security policies laid down. Covert channels are hidden, intended design in the legitimate communication whose motto is to leak information. Trapdoors are unintended design with a communication system that exists in network covert channels as a part of rudimentary protocols. Subliminal channel,...
Authentication of RFID tags is commonly achieved through cryptographic means with protocols that encrypt communication between the parties of interest. There is an extensive literature in this area that address various facets associated with authentication. As RFID tags gain more popularity, there is a concomitant increase in frequency with which they (i.e., the tagged object) change ownership. There...
IPSec is a protocol that allows to make secure connections between branch offices and allows secure VPN accesses. However, the efforts to improve IPSec are still under way; one aspect of this improvement is to take quality of service (QoS) requirements into account. QoS is the ability of the network to provide a service at an assured service level while optimizing the global usage of network resources...
The Secure Real-Time Transport Protocol (SRTP) is an Internet standards-track security profile for RTP used to provide confidentiality, integrity and replay protection for RTP traffic. We study the performance of SRTP when it is used to secure VoIP conversations. Experiments are conducted using snom and Twinkle softphones running on Windows and Linux platforms respectively and a bare PC softphone...
This paper considers the problem of packet classification in a co-mingled traffic stream. Given an encrypted co-mingled stream consisting of different protocol flows originating from different sources; we investigate if it is possible to assign packets to their respective sources and identify the protocol for each source. Encryption makes it difficult to obtain any information from packet headers...
This paper first discusses the classic methods of covert communication to traverse the firewall devices which control the network communication. And based on the analysis of IPSec protocol architecture, that the worse of network compatibility of IPSec is got. So the new IPSec over HTTP protocol based on IPSec tunnel and HTTP tunnel is exposed including its structure and procedure. The soft structure...
This paper evaluates security issues of the recently designed and implemented next generation protocol UDTv4 and offers two contributions to this area of research. Firstly, since UDT is a relatively new protocol, its security requirements have not been considered and explored. An examination investigating its security requirements in implementation is performed. The objective is to achieve a wide...
IPSec VPN is commonly used to implement secure communications between different branch intranets over public networks. Multi-link aggregate IPSec VPN can make better use of multiple physical links of corporation. On the basis of analysis on the insufficiency of packet-based scheduling, a session-based tunnel scheduling model for multi-link aggregate IPSec VPN is proposed. The new model can distribute...
In this work, we address the performance problems that arise when unicast security protocols IPSEC and SSL are applied for securing the end-to-end communication in hybrid satellite networks. Satellite networks use TCP and HTTP performance-enhancing proxy servers to overcome the adverse effect of the large delay-bandwidth product of the satellite channel. However, the proxy servers cannot function...
This paper investigates and quantifies the effect of different security protocols on the performance of a wireless LAN. Experiments were performed on a wireless test-bed and the data obtained was analyzed for throughput, delay and packet loss under different security scenarios. Both TCP and UDP traffic streams were analyzed at three different data rates. The effect of congestion is also quantified...
The Internet based telephony services (IPTel) are mainly exposed to set of vulnerabilities that inherited from the employed protocols such as TCP/IP and proprietary VoIP protocols. One of the most critical threats in this sensitive environments is considered the denial of service (DoS) attacks. The main concern of a mechanism that focuses on detecting such attacks is the potential end-to-end delay...
A framework of three attributes for video surveillance systems is underlined: availability, accessibility and authenticity. Under this framework, a scenario in which surveillance cameras can be accessed by remote devices, such as mobile phones, PDAs, over IP is addressed. Some security drawbacks of an off-the-shelf product are depicted and a new solution is proposed which uses cryptographic authentication...
This paper introduces the IPSec security architecture and its mechanism, and gives an in-depth analysis of the IPSec security. Due to the flaws of the pre-shared key authentication method and the fact that it is vulnerable to DoS attacks, this paper proposes a dynamic pre-shared key generation method to avoid the harm to the system caused by crack of the pre-shared key. The improved method generates...
TLS (Transport Layer Security) is one of the most popular protocols to provide a secure channel between the client and Web server; however, the high overhead of which degrades the server performance considerably. Existing load-balancing schemes for TLS Web system can improve the performance of the system, but the balance of loads is very difficult for the features of TLS, which results in degrading...
Current Internet architecture is vulnerable to IP address spoofing attacks. Ingress filtering and unicast reverse path forwarding (uRPF) allow IP source address validation at an aggregated level. Up to date, Internet architecture still lacks for a fine-grained intradomain filtering at the host level. The possibility of IP address forging by an attacker located inside of the local network leads to...
The emergence of Distributed Denial of Service (DDoS) attack increases the destructive force of Denial of Service (DoS) attack drastically. Besides bringing more terrible threats, the attack from far and near and the employment of internet protocol (IP) spoofing make the abnormal traffic detection harder and harder. This paper proposes a mechanism defined as AMHI (Address Matching and Hash Inspection)...
The security of well established secure channel technologies like transport layer security (TLS) or IP security (IPSec) can be significantly improved by emerging concepts like trusted computing. The use of trusted platform modules (TPMs) offers new methods for improving the security of these well established technologies. How secure channel technologies can be adapted to use trusted computing concepts...
IP layer encryption introduces substantial challenges for bandwidth on demand satellite communication. Our solution, namely broadband HAIPE-embeddable SATCOM terminal (BHeST), utilizes novel network performance enhancement algorithms for high latency geosynchronous bandwidth-on-demand satellite links protected in the presence of high assurance Internet protocol encryption (HAIPE). The problems experienced...
The rapid increasing Internet services need high performance, scalable and flexible network security devices. IPSec is a set of protocols to ensure transmission of packets in IP network. Multi-core processors are targeted to a wide range of applications with complex packet processing and high throughput requirements. Although there are several designs of IPSec system with heterogeneous hardware platforms,...
In order to effectively manage network resources and to serve different traffic needs, several works have been done in the QoS area. Basically, ldquomulti-field (MF) packet classifiersrdquo classify a packet by looking for multiple fields of the IP/TCP headers, recognize which flow the packet belongs to, and according to this information, provide service differentiation in IP networks. However, for...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.