The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
The TLS protocol is the primary technology used for securing web transactions. It is based on X.509 certificates that are used for binding the identity of web servers' owners to their public keys. Web browsers perform the validation of X.509 certificates on behalf of web users. Our previous research in 2009 showed that the validation process of web browsers is inconsistent and flawed. We showed how...
Software-defined networks (SDN) are vulnerable to most of the attacks that traditional networks are vulnerable to. In addition, SDN has introduced new vulnerabilities through its unique architecture such as those related to the southbound and northbound controller interfaces. In this paper, we introduce a lightweight flow-based Intrusion Detection System (IDS) that periodically gathers statistical...
This paper designs a high-speed network data acquisition system based on big data platform with good expansibility and high real-time, aiming at the need of enterprises or organizations to acquire high-speed network data efficiently in network intrusion detection. Taking into account the storage capacity and computing power requirements of high-speed network traffic capture and processing, the whole...
Vehicular ad-hoc network (VANET) is a new emerging area of research; it consists of many challenging issues for implementing intelligent transportation system in real world scenario. Nowadays academic and industry is concerned about supporting vehicular network with seamless communication so that vehicles in an interconnected form transmit information to avoid traffic jams, accidents etc. and act...
Information-Centric Networking (ICN) has emerged as an interesting approach to overcome many of the limitations of legacy IP-based networks. However, the drastic changes to legacy infrastructure required to realise an ICN have significantly hindered its adoption by network operators. As a result, alternative deployment strategies are investigated, with Software-Defined Networking (SDN) arising as...
The Internet of Things (IoT) ecosystem, is constantly growing and attracting interest for next generation information and communication infrastructures. In this paper we focus on the exploitation of IoT platforms for remote healthcare status monitoring within the context of the so called connected health applications. In this context users and most importantly healthcare service providers and first...
In this work, we propose a system-on-chip (SoC) design tool for the automatic generation of hardware sandboxes for securing untrusted IP to be integrated into trusted systems. The Component Authentication Process for Sandboxed Layouts (CAPSL) is a design flow that incorporates behavioral specifications of IP interfaces in order to generate sandboxes purposed for detecting trojan activation and isolating...
Firewalls are critical security devices handling all traffic in and out of a network. Firewalls, like other software and hardware network devices, have vulnerabilities, which can be exploited by motivated attackers. However, just like any other networking and computing devices, firewalls often have vulnerabilities that can be exploited by attackers. In this paper, first, we investigate some possible...
Multi-tenant data centers for cloud computing require the deployment of virtual private networks for tenants in an on-demand manner, providing isolation and security between tenants. To address these requirements, network virtualization techniques such as encapsulation and tunneling have been widely used. However, these approaches inherently incur processing overhead on end-points (such as the host...
This paper presents an enhancement of IP (Internet Protocol) standard to support user authentication within the protocol itself. The options field in an IP header is used for carrying specific data to add the ability of self-authentication. The specific data consist of a user identifier, a timestamp, and an HMAC calculated with important data in the IP header. The major purpose is to verify a device...
Next generation applications of wireless IP networks face an ever increasing demand of real-time dissemination of sensory and similar data to nearby devices. During situations when the transmission capabilities become scarce due to overused bandwidth, such as vehicular and various IoT use-cases, limiting the number of transmitted bytes over the wireless interfaces could ease the network load considerably...
The Distributed Mobility Management protocol (DMM) was defined by the Internet Engineering Task Force (IETF) for providing the alternative IP mobility management method. DMM has the characteristic of efficient network deployment capable and efficiency to fit user's demands. In the wireless network, it is possible that a lot of mobile nodes (MNs) may switch from the same previous network to the same...
Centralized botnets inherently suffer the single point of failure problem. To resolve this, botmasters are generally designed with peer-to-peer architecture to harden the botnet infrastructures. In the last several years, hybrid P2P botnets relying on peer-list exchange represent one of the emerging trends in advanced botnets. Although these botnets are immune to index poisoning, they are still vulnerable...
This paper discuss and analyze the IPv6 deployment in Japan, from the view point of large scale multiple-stack layer 3 network development and deployment, focusing on the future network development. Since IPv6 network does not have compatibility with IPv4 network, it is considered the dual-stack operation is mandatory. However, when we analyze the IPv6 deployment in Japan, we realized that the integration...
Network renumbering in the IP world is a complicated and expensive procedure that has to be carefully planned and executed to avoid routing, security (firewall, ACLs) and transport connection integrity problems. The source of most of these issues is in the lack of a complete naming and addressing architecture in the TCP/IP protocol suite. This paper analyses the issues related to IP networks renumbering,...
Network load-balancers generally either do not take application state into account, or do so at the cost of a centralized monitoring system. This paper introduces a load-balancer running exclusively within the IP forwarding plane, i.e. in an application protocol agnostic fashion - yet which still provides application-awareness and makes real-time, decentralized decisions. To that end, IPv6 Segment...
With the rapid growth of the Internet-of-Things (IoT), concerns about the security of IoT devices have become prominent. Several vendors are producing IP-connected devices for home and small office networks that often suffer from flawed security designs and implementations. They also tend to lack mechanisms for firmware updates or patches that can help eliminate security vulnerabilities. Securing...
Network firewall rules are usually written by administrators or automated intrusion detection systems and often contain inconsistencies. Therefore, it is fundamental to ensure that only an absolutely correct configuration is active. In this paper, we design an open source conflict resolution framework (C application and Linux firewall kernel module on top of netfilter) that can be used as a constant...
Host Identity Protocol (HIP), a novel internetworking technology proposes separation of the identity-location roles of the Internet Protocol (IP). HIP has been successful from the technological perspectives for network security and mobility, however, it has very limited deployment. In this paper we assess HIP to find the reasons behind its limited deployment and highlight the challenges faced by HIP...
CAN FD (Controller Area Network with Flexible Data Rate) is a new standard which provides a fast data rate while preserving the compatibility with CAN. In this paper, we propose the C3 (Configurable CAN FD Controller) IP core architecture, which is compatible with the non-ISO CAN FD standard. C3 supports up to 96 transmit and receive buffers. The transmit buffers are organized as mailboxes with CAN...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.