The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
Currently the most popular secure protocol is SSL (Secure Sockets Layer), but it has some negative aspects: First, it imposes a heavier burden on handheld wireless devices, and when a certificate uses PKI (Public Key Infrastructure) e.g. RSA algorithms, it takes a long time to establish a secure connection between client and server. This paper proposes a lightweight protocol based on the SSL protocol,...
Mobility protocols are originally proposed to support ongoing Internet connectivity of hosts or networks in motion. However, the requirement of seamless connectivity in mobile environment and use of route optimization between the communicating nodes have introduced several security vulnerabilities to mobility protocols. In this paper, we explain with illustrative examples major security threats on...
In the research of the anomaly detection system analyzing the packet header on the Internet, previous researches have proposed the anomaly detection system using chi-square values in terms of the source IP address and/or the destination port number. In these previous researches, the chi-square values were calculated from one feature causing the degradation in the False-Positive when the same symbol...
This paper provides a performance study for securing media streaming based on hash chain methodology. We introduce a new technique that combines the signature of window-based hash chain with redundancy codes for achieving high reliability and robustness against many attacks. Also, the Window technique integrates the Time-Stamped which strongly eliminates the anti-replay attack. It will also control...
Research, Development and Evaluation Commission once hold an Internet election of “Top Ten Complaints”, the result showed that the overabundance of phone and Internet fraud was included. This result represents that the phone and Internet fraud trouble people a lot. Thus, this paper will first discuss the analysis of the crime mode of phone and Internet fraud and the collect the security threats of...
Botnets are considered by specialists, in both industry and academy, as one of the greatest threats to security on the Internet. These networks are composed by a large number of malware-infected hosts acting under a central command. They are usually employed to perform DDoS attacks or phishing scams. The behaviour of these botnets evolves due the adoption of new and sophisticated infection methods,...
As a key approach to securing large networks, existing anomaly detection techniques focus primarily on network traffic data. However, the sheer volume of such data often renders detailed analysis very expensive and reduces the effectiveness of these tools. In this paper, we propose a light-weight anomaly detection approach based on unproductive DNS traffic, namely, the failed DNS queries, with a novel...
Currently attackers are trying to paralyze servers and networks with various types of DDoS attacks. For example, on 7th July in 2009, a DDoS attack occurred against 48 web sites in South Korea and U.S.A. In this attack, the attack traffic pattern and the botnet construction methods are different from that of previous version. Due to the differences of the attack patterns, the 7.7 DDoS attack was not...
For TCP/IP Agreement has certain security bugs, the hacker catches the opportunity to attack the Network. On the basis of the analysis of the TCP/IP Agreement's vulnerability, the article has further analyzed the vulnerability of the Transport Layer Agreement, and discussed the security and the promotion method of TCP/IP Agreement's transport layer.
We introduce a non-interactive RSA time-lock puzzle scheme whose level of difficulty can be arbitrarily chosen by artificially enlarging the public exponent. Solving a puzzle for a message m means for Bob to encrypt m with Alice's public puzzle key by repeated modular squaring. The number of squarings to perform determines the puzzle complexity. This puzzle is non-parallelizable. Thus, the solution...
Session Initiation Protocol (SIP) is an application-layer signaling and control protocol for creating, modifying and terminating sessions including Internet telephone calls, multimedia distribution and multimedia conferences. Flexible, extensible and open, SIP has a complete security mechanism that allows security of both media and signaling. SIP RFC recommends the use of TLS or DTLS to provide an...
Botnet has become a prevalent platform for malicious attacks, which poses a significant threat to Internet security. Recently, botnets are inclined to utilize HTTP to route their command and control (C&C) communication instead of using the protocol Internet Relay Chat (IRC). And these web-based C&C bots try to blend into normal HTTP traffic, which makes them more difficult to be identified...
Vehicular ad hoc networks, also known as VANETs, enable vehicles which are not necessarily within the same radio transmission range to communicate with each other. In addition to allowing direct communication between vehicles, VANETs also enable vehicles to connect to Roadside Units (RSUs) which are inexpensive infrastructure that have the capability of communicating with each others and with passing...
Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks are posing major threat to today's essential Internet service. The need to protect servers and connected systems is an important aspect in network security. Hence this research work proposes a novel approach called Hop Count based Packet processing to counter DDoS attacks. DDoS attacks are difficult to identify at the source...
With rising concerns on user privacy over the Internet, anonymous communication systems that hide the identity of a participant from its partner or third parties are highly desired. Existing approaches either rely on a relative small set of pre-selected relay servers to redirect the messages, or use structured peer-to-peer systems to multicast messages among a set of relay groups. The pre-selection...
Life of modern people is greatly influenced byte emerging technologies and tremendous growth of the internet. The growth of the Internet is the driving force behind many popular multicast based group applications like e-learning, conferencing, TV over Internet, interactive gaming etc. These group based are vulnerable to many attacks. The features that make multicast so applicative, in turn make security...
Defending against DoS attacks is extremely difficult; effective solutions probably require significant changes to the Internet architecture. We present a series of architectural changes aimed at preventing most flooding DoS attacks, and making the remaining attacks easier to defend against. The goal is to stimulate a debate on tradeoffs between the flexibility needed for future Internet evolution...
The current routing system has been facing serious scalability problem, mobility supporting issue, multi-homing and traffic engineering supporting issue, and provider lock-in problem. Locator/identifier split idea is considered as a promising way to solve the mentioned issue. However, how to design a proper framework for identifier-based routing in the locator/identifier split context is still an...
This paper analyzes the characteristics of network authentication and accounting, list the status of the network, propose separation objective conditions in the implementation of a unified network authentication, authentication and billing, discussed problems which the IEEE 802.1X and LDAP want to solve, and analysis something relevant to provide the overall network security certification program...
Teredo is a service that enables nodes located behind one or more IPv4 Network Address Translations (NATs) to obtain IPv6 connectivity by tunneling packets over IPv4 UDP. Although Teredo is a useful protocol, it also has some weaknesses. It can not work with symmetric NAT, and it raises some security concerns, such as bypassing security controls, reducing defense in depth, and allowing unsolicited...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.