No full-text available
To read the full-text of this research,
you can request a copy directly from the authors.
Security architecture for the Internet Protocol (IPSec)
... Concerning the relevant research design [14,15], OICIE-ACS mainly consists of four parts, including (i)login module, (ii)registration module, (3) examinee identification and authentication module, and(iii) web page control module. The functional structure of the system is shown in Fig. 1. ...
... The system's overall architecture includes system structure, functional module division, data flow, methods, and so on. The system employs a B/S architecture [15,16] (as illustrated in Fig. 2), with the client side written in Java and the server side employing a SQL database management system. The user layer is in charge of log- ging in users, registering users, and managing user names, passwords, and other information; the server layer is in charge of back-end maintenance, processing user requests, and receiving user feedback; and the system layer is in charge of running the preceding layers from the bottom up. ...
The authenticity and effectiveness of teaching testing and evaluation is an important evaluation index for the development of online teaching, and how to combat cheating behavior has become a significant impediment in this process. This paper introduces a hybrid technology based on a fuzzy evaluation method that is used to judge and prompt (suspicious) cheating behavior in international Chinese online teaching tests or evaluations. The goal of this hybrid technology applied to international Chinese online teaching is to assist teachers in monitoring and judging international students’ cheating behavior in online testing or evaluation, and making sound judgments on it, to ensure the authenticity and effectiveness of the test or evaluation results. Based on the technical root of cheating behavior in the online testing process, as well as the technical flaws in various existing online testing systems, this system proposes the idea and scheme of online examination cheating detection using fuzzy cluster analysis, as well as the specific implementation steps. We applied the system to the small-scale practical teaching process to test its security and stability, and we got the expected positive results.
... Due to DAD failure, the interface will never be enabled on the link. To address security issues in NDP messages, IETF the originator of IPv6 itself has formulated enhancements like IPSec [22], SeND [13] and CGA [25]. It is also inferred after keen analysis that several techniques have been proposed by researchers with the intension to secure DAD process to enable autoconfiguration by enhancing the standards provided by IETF. ...
... Internet Security Protocol (IPSec) [22] an innate protocol of IPv6 was devised to secure data transmitted in the IP layer. It extends the IPv6 header to include Encapsulating Security payload Header (ESP) and the Authentication Header (AH) to provide data integrity and confidentiality by authenticating and encrypting the data packets. ...
The demand for internet and its applications has eventually led to the depletion of the dominant IPv4 addresses. This has resulted in the inevitable need for the next generation Internet Protocol IPv6, which contains an enormous pool of IP addresses. Address Autoconfiguration, a remarkable feature of IPv6 enables a node connected in the network to automatically configure an IP address for its interface and instantly participate in network communications. The Internet Engineering Task Force (IETF) has classified autoconfiguration into Stateless and Stateful mechanisms. Several IPv6 protocols have been employed to achieve autoconfiguration of networks. However, in addition to the excellent competence of this feature, autoconfiguration certainly suffers in terms of security and optimization. This paper attempts to enlighten the need and merits of Address Autoconfiguration and finally highlights the challenges, open issues and countermeasures involved in achieving this in real time environment.
... Attacks on the commercial Internet can be various from eavesdropping, data modification, spoofing to repudiation of transactions, which can cause serious loss. In order to address this security issue the IPSec protocol [2,3] was developed. The IP Security (IPSec) protocol is one of the most popular protocols used today to provide confidentiality, authenticity and integrity to internet communications. ...
... Once established, IPsec allows transparently protect all application traffic and network services that makes use of IP packets. IPSec protocol consists of two parts, IKE protocol and ESP protocol [2]. Projects such as Kame [6], Openbsd [7], Freeswan [8], OpenIKEv2 [9] and strongswan [10] provide software implementations of IKE protocol, while ESP protocol is often a part of operating systems. ...
In this paper, we present a high-throughput FPGA implementation of IPSec core. The core supports both NAT and non-NAT mode and can be used in high speed security gateway devices. Although IPSec ESP is very computing intensive for its cryptography process, our implementation shows that it can achieve high throughput and low lantency. The system is realized on the Zynq XC7Z045 from Xilinx and was verified and tested in practice. Results show that the design can gives a peak throughput of 5.721 Gbps for the IPSec ESP tunnel mode in NAT mode and 7.753 Gbps in non-NAT mode using one single AES encrypt core. We also compare the performance of the core when running in other mode of encryption.
... The same authors extend their work to propose P4-IPsec [81], an IPsec implementation using the P4 language. IPsec [142] can ensure confidentiality, integrity, and authentication for IP packets, and it is widely adopted in Virtual Private Network (VPN) protocols. IPsec comprises different protocols and modes; however, for simplification, P4-IPsec only implements Encapsulating Security Payload (ESP) in tunnel mode with two cipher suites (AES Counter Mode (AES-CTR) and NULL ciphers). ...
... Such functions often require complex arithmetic operations and are resource-intensive. For the switch to operate at line rate, the supported operations in the P4 language are limited (e.g., additions, subtractions, bit concatenation, etc.).Recently, a number of research contributions proposed some workaround to implement cryptographic functions and security protocols in the programmable data plane, such as Advanced Encryption Standard (AES)[140], Media Access Control security (MACsec) protocol [141], and Internet Protocol Security (IPsec) protocol[142]. ...
The emergence of the IoT, cloud systems, data centers, and 5G networks is increasing the demand for a rapid development of new applications and protocols at all levels of the protocol stack. However, traditional fixed-function data planes have been characterized by a lengthy and costly development process at the hand of few chip manufacturers. Recently, data plane programmability has attracted significant attention, permitting network owners to run customized packet processing functions using P4, the de facto data plane programming language. Network security is one of the key research areas exploiting the capabilities of programmable switches. Examples include new encapsulations and secure tunnels implemented in short times, mitigation techniques for DDoS attacks that occur at terabit rates, customized firewalls that track hundreds of thousands of connections per second, and traffic anonymization systems that operate at line rate. Moreover, applications can be reconfigured in the field without additional hardware upgrades, facilitating the deployment of new defenses against unforeseen attacks and vulnerabilities. Furthermore, these security applications are designed by network owners who can meet their specific requirements, rather than by chip manufacturers. Despite the impressive advantages of programmable data plane switches, the literature has been missing a comprehensive survey on security applications. To this end, this paper provides a concise background on programmable switches and their main features that are relevant to security. It then presents a taxonomy that surveys, classifies, and analyzes articles related to security applications developed with P4. Additionally, the paper employs a STRIDE analysis to examine vulnerabilities related to general P4 applications (e.g., congestion control, load balancing, in-network cache) and proposes plausible remediation approaches. Furthermore, challenges associated with programmable data planes, the impact of these challenges on security implementations, and schemes to eliminate or mitigate them are discussed. Finally, the paper discusses future endeavors and open research problems. Keywords: P4 language, programmable data plane, P4 security applications and implications, STRIDE model, challenges and solutions in P4.
... Secure ad hoc on-demand distance vector is an enhancement to the AODV protocol [20]. Implements digital signature and hash chain mechanisms to safeguard AODV packets A message authentication code is used to verify non-message field data fields. ...
An ad hoc network is a network made of movable nodes built on the fly and constructed dynamically when there is no longer an infrastructure or pre-built network on the scene. The nodes can also perform both end-to-end terminals and shape MANET roles, meaning they contribute to each route's configurations. The data must travel through several intermediate nodes during the route while routing a given flow from a source to a destination. The data should be larger than needed for just a single application use. The intermediate nodes forward data to the intended destination, taking into account the locations to which it must be sent to arrive correctly. The routing protocol in an Ad hoc network (human-made network) uses nodes to look at different device locations and procedures for any data path they choose before deciding on the route and ways in which they exchange data are viable. Anomaly, since the existing trust among the various nodes and dynamic topology, leaves the routing protocols susceptible to Denial of service attacks like a black hole, wormhole, Denial of service, and being non-integrated into a central infrastructure present a condition which MANETs are subject to such as Conventional networks typically work by injecting some control packets and tracking the target's movement once the user is already on the wireless. Still, in a MANET, the attacker acts before the mark has moved into the wireless medium. Maliciously exploiting various routing information has the potential to drive the system into a situation of more significant disorder, which will eventually lead to widespread network failure. This existing AODV attack, called the Blackhole attack, might have worked by purposefully withholding important routing information from end-users who could have benefitted from it, which is just what the adversary does in this task. In this scenario, the data packets are never delivered, and the system suffers a total data loss. The variety of detection and protection techniques employed against the blackhole attacker significantly lower the number of suspects. Therefore, this paper advocate for OSPFV [for wireless LANs] protocol integration with built-in security, where Threshold evaluation and cryptographic verification are employed. In this paper, two protocols: the blackhole attack and the proposed AODV-BS protocols, are simulated on different MANET models, and the two other network metrics are used: Network Packet Delivery Ratio and the normalized Out of Routing Overhead Utilization and Network Delay are calculated, and then their performance is studied to discover the result.
... 2) IPSec: IPSec is a security architecture for the Internet Protocol defined in RFC 4301 [15] and RFC 4303 [16], which aims at providing security over the third layer of the OSI Model. By adding authentication and encryption, IPSec can help to prevent eavesdropping, replay attack, and message modification attack [17]. ...
In recent years, the scientific community has been focusing on deterministic Ethernet, which has helped drive the adoption of Time-Sensitive Networking (TSN) standards. Precision Time Protocol (PTP), specified in IEEE1588 [1], is a TSN standard that enables network devices to be synchronized with a degree of precision that is noticeably higher than other Ethernet synchronization protocols [2]. Generic Precision Time Protocol (gPTP) [3], a profile of PTP, is designed to have low latency and jitter, which makes it suitable for industrial applications. However, like PTP, gPTP does not have any built-in security measures. In this work, we assess the efficacy of additional security mechanisms that were suggested for inclusion in IEEE 1588 (PTP) 2019 [1]. The analysis consists of implementing these security mechanisms on a physical gPTP-capable testbed and evaluating them on several high-risk attacks against gPTP [4].
... The protocol on the Si interface is MAP (Mobile Application Part), an existing non-IMS protocol used in GSM networks. MAP is specified in 3GPP TS 29.002 [20]. 3GPP TS 23.278 [3] defines the interactions of CAMEL with the IMS. ...
Nowadays, information technology and
communication systems are evolving, and there is a growing
demand for multiservice network analysis processes to
provide multimedia services through IMS. IP Multimedia
Subsystem (IMS) is a next-generation standard-based
network architecture designed for telecommunications
operators who want to deliver cutting-edge services over
mobile and fixed networks. IMS is a service-oriented
architectural framework that aims to provide current and
future Internet services to fixed and mobile end users on an
all-IP multi-access platform. The 3rd Generation
Partnership Project (3GPP) and 3GPP2 developed IMS to
provide service delivery platforms for a converged
communication model
... This holds even if the data is sent to another enterprise. Note that policy management on a per-user-basis is useful once consent and different sources need to be considered [4]. Examples are managing data of different policy versions (e.g., due to different collection times), different user roles (e.g., premium and users funded by advertising), or users from different legislation (e.g., Europe and US). ...
Special Issue on the impact of new technologies on privacy and data protection, pp. 63-143.
... Протокол IPSec [1,2] використовується для забезпечення цілісності, автентичності та конфіденційності даних, що передають незахищеними комп'ютерними мережами. Головною перевагою IPSec, яка зумовила його широке використання, є можливість шифрування і/або автентифікування всієї інформації, яка передається на рівні інтернет-протоколу. ...
У даній роботі розглянуто базові структури операційних пристроїв хешування для процесорів підтримки протоколу IPSec. Розглянуто особливості алгоритмів хешування MD5 і SHA-1. Виділено базові операції алгоритмів та на їх основі розглянуто структури операційних пристроїв хешування. Виділено ряд граф-алгоритмічних операційних пристроїв. Отримано аналітичні вирази, які описують часові характеристики цих пристроїв. Використовуючи результати синтезу базової операції алгоритму SHA-1 на програмовану логічну інтегральну схему, отримано графіки залежностей часових параметрів операційних пристроїв та виділено області їх доцільного використання.
... Senevirathne et al. [3] proposes an encryption approach using a modified version of IPsec. IPsec is defined by the IETF [4], and is an all-purpose encryption protocol that includes key distribution, authentication for the IP header, and authentication and encryption for the IP payload. Senevirathne et al. [3] translate these capabilities to an MPLS environment. ...
In real time systems the FPGA can implement with soft core, hard core and many embedded applications. It is a major platform for reconfigurable, high execution speed and low power consumption. The design resources can also be reached by using this FPGA. This can be implemented by using blow fish algorithm (encryption and decryption) based on security purposes. Earlier we are implementing this process in single FPGA system for multiple process tasks with low operating speed. But now, the multiple FPGA system has been implemented over here for high execution speed. This process can be communicated through the RS232 communication link.
... [168] IP Security Working Group was established as a part of the Internet Engineering Task Force in 1993 to unify the efforts made by multiple research institutions, mainly the United stated Naval Research Laboratory (USNRL), and to set a standard for security services provided in the network layer. [169] This group had published three Requests for Comments in 1995, [170][171] [172] and that was but an introduction for dozens of RFCs and standards in the following years [173] until 2005 when it was obsoleted. [169] Application ...
Internet Protocol version 4 (IPv4) is an internetwork protocol that is active at the internet layer according to the TCP/IP model, it was developed in 1981 within a project managed by Defense Advanced Research Projects Agency. In the following years, the use of IPv4 grew to dominate data networks around the world, becoming the backbone of the modern Internet. In this survey, we highlight the operation of the protocol, explain its header structure, and show how it provides the following functions: Quality of service control, host addressing, data packet fragmentation and reassembly, connection multiplexing, and source routing. Furthermore, we handle both address-related and fragmentation-related implementation problems, focusing on the IPv4 address space exhaustion and explaining the short and long terms proposed solutions. Finally, this survey highlights several auxiliary protocols that provide solutions to IPV, namely address resolution, error reporting, multicast management, and security.
... Funciona de dos formas: en modo transporte o túnel para las pruebas se implementó en modo túnel [23], [24]. En cuanto al protocolo SSL (secure sockets layer capa de sockets seguro) [25], provee privacidad y confiabilidad a la comunicación entre aplicaciones cliente-servidor vía web para autenticar los equipos. En cuanto a TLS surge de la necesidad de estandarizar un protocolo que provea seguridad entre el cliente y el servidor a través de internet debido a que SSL es un protocolo creado y patentado por Netscape. ...
Colombia continúa debatiendo la implementación del voto electrónico evidenciando que existen temores en el acceso al sistema y en la transferencia de datos, esta investigación busca minimizar vulnerabilidades ante ataques informáticos por medio de un prototipo para el análisis de ataques y protección del envió de información durante la votación dando confianza en la transmisión, además verificando el acceso físico del sufragante mediante lecturas biométricas, la herramienta usa los protocolos SSL/TLS para la autenticación del elector y el protocolo IPSEC para validar el sitio, los datos y proteger las comunicaciones de operaciones no autorizadas. Este sistema propone el primer modelo integrado seguro para transporte y acceso de datos de votación, garantizando la confiabilidad a los electores; los protocolos SSL/TLS complementados con IPSEC y los nuevos sistemas electrónicos de validación de electores durante transmisión en los puntos de votación beneficiaran la democracia nacional soportada en nuevas tecnologías.
... Another issue that was not addressed is the IPSec protocol [53] which has two operations way in the transport mode, the IPSec preserves the original I.P. header and encrypts the segment received from the 'Transport layer', and the tunnelling approach creates a new I.P. header and encapsulates the complete I.P. packet. It can change the destination I.P. because the tunnel can end before reaching the destination host. ...
Threats such as Botnets have become very popular in the current usage of the Internet, such as attacks like distributed denial of services (DoS) which can cause a significant impact on the use of technology. One way to mitigate such issues can be a focus on using intelligent models that can attempt to identify the existence of Botnets in the network traffic early. Thus, this work aims to evaluate the current state of the art on threats related to Botnets and how intelligent technology has been used in real-world restrictions such as real-time deadlines and increased network traffic. From our findings, we have indications that Botnet detection in real-time still is a more significant challenge because the computation power has not grown at the same rate that Internet traffic. This has pointed out other restrictions that must be considered, like privacy legislation and employing cryptography methods for all communications. In this context, we discuss the following steps to deal with the identified issues.
... IPsec can achieve layer security by providing end-to-end security along with authentication, confidentiality, integrity, and compatibility with any network layer [178]. For this purpose, IPsec uses Encapsulated Security Protocol (ESP) [179] and Authentication Header (AH) protocol [180]. ...
Internet of Things (IoT) is the paramount virtual network that enables remote users to access connected multimedia devices. It has dragged the attention of the community because it encompasses real-world scenarios with implicit environs. Despite several beneficial aspects, IoT is surrounded by provocations for successful implementation, as data travels in different layers. One of the critical challenges is the security of the data in these layers. Researchers conducted numerous studies focused on the level of security at a single technique, creating loopholes to address the entire scenario of securing an IoT network. This study aims to comprehensively review current security issues, wireless communication techniques, and technologies for securing IoT. This work’s utmost significance is addressing all the security perspectives at a glance. For this purpose, research contributions from the previous years are investigated for better understanding. Some countermeasures and snags from security perspectives have also been analyzed in detail concerning the current industry trends. Blockchain, machine learning, fog, and edge computing are possible solutions to secure IoT. After studying these techniques and their immunity to attacks, machine learning can become a hope if incorporated with end-to-end security. This comprehensive review will provide adequate understanding and knowledge in defining security lines of action for the successful implementation of IoT.
... IP security (IPSec) [88] is a suite of protocols designed by IETF. This protocol provides network layer (Internet) encryption and authentication of traffic at IP level. ...
For the past few years, the Internet of Things (IoT) technology continues to not only gain popularity and importance, but also witnesses the true realization of everything being smart. With the advent of the concept of
smart everything
, IoT has emerged as an area of great potential and incredible growth. An IoT ecosystem centers around innovation perspective which is considered as its fundamental core. Accordingly, IoT enabling technologies such as hardware and software platforms as well as standards become the core of the IoT ecosystem. However, any large-scale technological integration such as the IoT development poses the challenge to ensure secure data transmission. Perhaps, the ubiquitous and the resource-constrained nature of IoT devices and the sensitive and private data being generated by IoT systems make them highly vulnerable to physical and cyber threats. In this paper, we re-define an IoT ecosystem from the core technologies view point. We propose a modified three layer IoT architecture by dividing the perception layer into elementary blocks based on their attributed functions. Enabling technologies, attacks and security countermeasures are classified under each layer of the proposed architecture. Additionally, to give the readers a broader perspective of the research area, we discuss the role of various state-of-the-art emerging technologies in the IoT security. We present the security aspects of the most prominent standards and other recently developed technologies for IoT which might have the potential to form the yet undefined IoT architecture. Among the technologies presented in this article, we give a special interest to one recent technology in IoT domain. This technology is named IQRF that stands for Intelligent Connectivity using Radio Frequency. It is an emerging technology for wireless packet-oriented communication that operates in sub-GHz ISM band (868 Mhz) and which is intended for general use where wireless connectivity is needed, either in a mesh network or point-to-point (P2P) configuration. We also highlighted the security aspects implemented in this technology and we compare it with the other already known technologies. Moreover, a detailed discussion on the possible attacks is presented. These attacks are projected on the IoT technologies presented in this article including IQRF. In addition, lightweight security solutions, implemented in these technologies, to counter these threats in the proposed IoT ecosystem architecture are also presented. Lastly, we summarize the survey by listing out some common challenges and the future research directions in this field.
... IP is not designed with the security-by-design, facing lots of SP issues during its journey. The IPSec suite [27], [28] is considered the most advanced effort in the standardization of IP security. IPSec covers both versions of IP -i.e., IPv4 and IPv6 -and provides some basic security services, including IP datagrams' confidentiality, integrity, and origin authentication. ...
Internet usage has changed from its first design. Hence, the current Internet must cope with some limitations, including performance degradation, availability of IP addresses, and multiple security and privacy issues. Nevertheless, to unsettle the current Internet's network layer i.e., Internet Protocol with ICN is a challenging, expensive task. It also requires worldwide coordination among Internet Service Providers , backbone, and Autonomous Services. Additionally, history showed that technology changes e.g., from 3G to 4G, from IPv4 to IPv6 are not immediate, and usually, the replacement includes a long coexistence period between the old and new technology. Similarly, we believe that the process of replacement of the current Internet will surely transition through the coexistence of IP and ICN. Although the tremendous amount of security and privacy issues of the current Internet taught us the importance of securely designing the architectures, only a few of the proposed architectures place the security-by-design. Therefore, this article aims to provide the first comprehensive Security and Privacy analysis of the state-of-the-art coexistence architectures. Additionally, it yields a horizontal comparison of security and privacy among three deployment approaches of IP and ICN protocol i.e., overlay, underlay, and hybrid and a vertical comparison among ten considered security and privacy features. As a result of our analysis, emerges that most of the architectures utterly fail to provide several SP features including data and traffic flow confidentiality, availability and communication anonymity. We believe this article draws a picture of the secure combination of current and future protocol stacks during the coexistence phase that the Internet will definitely walk across.
... As características dinâmicas dos cenários de acesso remoto utilizando IPSec [Kent and Atkinson, 1998] impedem que um gateway VPN, que protege o acessoà rede da organização, identifique o cliente de acesso remoto com base no seu endereço IP. Isto impossibilita o uso de segredos pré-compartilhados como forma de autenticação durante o Main Mode do IKE [Harkins and Carrel, 1998] Neste cenário de chave pública, a chave de sessão simétrica que cifra a troca IKE iniciada com a mensagem depende somente do segredo Diffie-Hellman estabelecido pelas mensagens e ¡ . ...
Neste trabalho é apresentada uma solução de acesso remoto VPN utilizando o software FreeS/WAN, uma implementação Open Source do protocolo IPSec baseada em Linux. Tal solução visa atender a requisitos de autenticação, configuração do sistema remoto e passagem por intermediários apresentados pelos cenários comuns de acesso remoto utilizando IPSec. Devido à expressiva parcela de mercado ocupada por produtos Microsoft, também são abordadas soluções integradas de clientes VPN baseados em Windows.
... Dentre as baseadas em padrões, destaca-se o algoritmo de criptografia Wired Equivalent Privacy -WEP [1], por fazer parte da especificação padrão do IEEE 802.11. Das soluções não-baseadas em padrões, as VPNs através do Protocolo IP Seguro (IP Security Protocol -IPSec) [6,7] são as mais utilizadas e possuem um alto nível de segurança. Por outro lado, quanto maior for esse nível de segurança, maior será a sobrecarga no sistema, como mostrado na seção 4. Nas seções abaixo, serão descritos os mecanismos WEP e VPN/IPSec. ...
Apresenta-se neste artigo uma análise comparativa da sobrecarga introduzida nas Redes 802.11b pelos mecanismos de segurança WEP e VPN/IPSec. É analisado o comportamento dos tráfegos TCP e UDP, sob alguns cenários de redes locais sem fio em função do número de conexões ativas e da solução de segurança utilizada. De posse desta análise, pode-se estimar de maneira mais adequada, a aplicação destes mecanismos no ambiente de rede sem fio desejado, tomando como base o protocolo da camada de transporte utilizado e o nível de segurança pretendido.
... Algumas transformações possíveis são descritas no RFC 1812 [15] tais como fragmentação de pacotes, processamento de opções do pacote IP, processamento de pacotes ICMP e duplicação de pacotes. Outras formas de transformações incluem NAT, tunelamento IPsec [17] e IP-in-IP [16]. Muitas destas transformações resultam em perdas irrecuperáveis do estado do pacote original. ...
Este trabalho apresenta uma estratégia que permite determinar a origem e a rota percorrida por um pacote recebido da Internet. A arquitetura da Internet não tem esta funcionalidade, que pode ser usada, por exemplo, após a detecção de um ataque para determinar sua rede de origem. São mantidos logs separados de tráfego para cada uma das interfaces dos roteadores participantes, armazenados de forma eficiente em filtros de Bloom. A comunicação entre os componentes do sistema é realizada de maneira a preservar a confidencialidade do pacote. Uma estratégia de paginação dinâmica dos logs também é definida. A arquitetura foi implementada e resultados experimentais obtidos são apresentados.
... Encryption is one of the traditional and important means to obtain confidentiality over the public Internet. It also provides other services, such as authentication, integrity and non-repudiation [2], [6]. Since the Internet allows multiple processes to connect with no physical direct connections, their information may flow among intermediate eavesdropper(s); therefore, it is important to protect their privacy. ...
We live in a world where the Internet has become the backbone of most of our dealings. The Internet has turned
this big planet into a small village. The Internet can be reached by everyone, everywhere, at any time. Some
authors predict that the number of various types of devices capable of connecting via the Internet will reach
75.44 billion by 2025. These devices vary from low-processing power processors to heavy-processing power
processors. It often requires the protection of mobile data between devices. These devices that have limited
energy and resources require the protection technology to be adapted. The time it takes to encrypt a message
using Data Encryption Standard (DES) is much less than the time it takes to encrypt the same message using
Advanced Encryption Standard (AES). The problem with DES is that the key size is small and this makes it
vulnerable to brute force attack. This paper gives complete guidelines for adapting the original DES and making
it more secure, along with improving its performance compared to the existing standard encryption algorithms,
such as AES. The proposed approach improves the original DES security by extending the key size of DES
without affecting the cost of DES. The new algorithm is called DES22 and is convenient for low-processing
power devices, such as wireless sensors. DES22 has three variants for key size: 128 bits, 256 bits and 512 bits.
The paper also proposes another improvement to DES through random permutation and the distribution of the
initial permutation and final permutation tables between the encryption and decryption algorithms. The
experimental results show that DES22 is more secure and faster than AES.
... The IPsec is a protocol suite that provides a variety of security services such as integrity, authenticity, confidentiality and more, to the IP traffic. The first standardized specification of the IPsec protocols was published in 1995, in an RFC1825 document called Security architecture for the internet protocol [22]. IPsec operates on a network layer of a TCP/IP (Transport Control Protocol/Internet Protocol) protocol stack 1 , and thus provides end to end security at all levels of connectivity. ...
Quantum Key Distribution (QKD) is an approach for establishing symmetrical binary keys between distant users in an information-theoretically secure way. In this paper we provide an overview of existing solutions that integrate QKD within the most popular architecture for establishing secure communications in modern IP (Internet Protocol) networks - IPsec (Internet Protocol security). The provided overview can be used to further design the integration of QKD within the IPsec architecture striving for a standardized solution.
... First, the annex K of the IEEE 1588-2008 standard [9] introduced a number of mechanisms to improve the security of PTP. These were extended and enhanced in the latest, recently released version (i.e., in the annex P of IEEE 1588-2019 [4]) and include the deployment of security protocols such as MACsec [10] and IPsec [11] in order to ensure data origin authentication, communication confidentiality, data integrity, as well as replay attack protection and, in consequence, to prevent PTP message manipulation [8], message dropping and insertion [12], denial of service (DoS) attacks [13], as well as master node falsification attacks [14]. ...
Precision time protocol (PTP) is one of the most widely used protocols for clock synchronization in packet-switched networks, on which, among others, the transaction synchronization of the stock markets relies. PTP was not standardized with security as a core requirement and is therefore vulnerable and attractive to manifold kinds of malicious attacks, such as time-delay attacks (TDAs). TDAs, in short, corrupt the exchange of timestamped messages and thus cause an incorrect synchronization process. The annex P of the IEEE 1588-2019 standard has defined a number of security mechanisms for clock synchronization, but, however, none of these can protect a PTP-based system completely against TDAs. In this work, we enhance existing approaches by introducing a so-called observation task and analytically deriving attack properties of an ongoing TDA. Following the recommendation of the annex P of the IEEE 1588-2019 standard, these attack parameters are intended to serve as an additional input for intrusion detection systems to allow for a more reliable and sensitive detection of TDAs. The impact of the derived attack parameters is explored by means of comprehensive experiments.
Purpose: This research paper aims to enhance Big Data security by implementing comprehensive data protection measures, focusing on securing data at rest and in transit. In the era of Big Data, organizations handle vast quantities of data characterized by high velocity, volume, and variety, which complicates management and increases security risks. Methodology: The study examines various data protection strategies, including encryption, access control, data masking, immutable storage, tokenization, and physical security for data at rest. For data in transit, it explores encryption protocols, secure transfer methods like SSH and TLS, VPNs, Zero Trust architecture, and secure APIs. These methods are crucial for safeguarding sensitive information and preventing unauthorized access. Findings: The findings highlight common security challenges in Big Data, such as data breaches, unauthorized access, and integrity issues. The study emphasizes the need for robust protection measures and offers a comprehensive view of the data security landscape. Implementing these strategies helps organizations safeguard sensitive information and ensure compliance with international data protection regulations, enhancing their overall security posture. Unique contribution to theory policy and practice: This paper contributes to theory, policy, and practice by advocating comprehensive data protection strategies. It stresses the importance of continuous monitoring and regulatory compliance, providing practical insights into best practices and technologies that protect Big Data. The research supports developing robust data protection policies and practices, advancing knowledge in Big Data security.
With the publication of version 2.0 of the IEEE 1588 Standard for accurate time transfer over packet networks in 2008, the Precision Time Protocol (PTP) quickly became the only viable clock synchronization technology for all application domains relying on ethernet as a transport medium. PTP was deliberately defined in highly generic terms, allowing it to be tailored to application-specific requirements via PTP profiles. The SMPTE ST 2059–2 standard is the PTP profile for the broadcasting industry and a crucial element for any all-IP studio deployment. In 2019, the IEEE published a new version of the IEEE 1588 standard (PTP v2.1), where PTP was enhanced with several interesting optional features aimed primarily at improving the overall reliability of PTP, especially for larger deployments. In this article, we explain all major new features of PTP v2.1 and investigate to what extent broadcasting applications may benefit from adopting them as part of a new version of the ST 2059–2 PTP profile. Specific focus will be put on possible implications with respect to implementation efforts and operating requirements. We analyze whether the overall reliability of PTP can be improved by adding new features such as PTP security or extended monitoring. The high-accuracy extensions to PTP v2.1 will be described together with a rough effort estimate required to develop and deploy products supporting subnanosecond accuracy. The article concludes with a list of recommendations summarizing the benefits of these new features for deploying broadcasting networks at scale.
Today’s Internet is experiencing a massive number of users with a continuously increasing need for data, which is the leading cause of introduced limitations among security and privacy issues. To overcome these limitations, a shift from host-centric to data-centric is proposed, and in this context, Information-Centric Networking (ICN) represents a promising solution. Nevertheless, unsettling the current Internet’s network layer -i.e., Internet Protocol (IP) -with ICN is a challenging, expensive task since it requires worldwide coordination among Internet Service Providers (ISPs), backbone, and Autonomous Services (AS). Therefore, researchers foresee that the replacement process of the current Internet will transition through the coexistence of IP and ICN. In this perspective, novel architectures combine IP and ICN protocols. However, only a few of the proposed architectures place the security-by-design feature. Therefore, this article provides the first comprehensive Security and Privacy (SP) analysis of the state-of-the-art IP-ICN coexistence architectures by horizontally comparing the SP features among three deployment approaches -i.e., overlay, underlay, and hybrid -and vertically comparing among the ten considered SP features. Lastly, the article sheds light on the open issues and possible future directions for IP-ICN coexistence. Our analysis shows that most architectures fail to provide several SP features, including data and traffic flow confidentiality, availability, and anonymity of communication. Thus, this article shows the secure combination of current and future protocol stacks during the coexistence phase that the Internet will definitely walk across.
This paper describes an attack-directed approach to test SIP authentication vulnerabilities in session establishment and user registration. This approach aims to exercise the known areas of weakness including the inherent vulnerabilities in SIP specification and the implementation vulnerabilities caused by programmers' negligence. By using this approach and a self-made testing tool, we have successfully identified a number of vulnerabilities in a popular open source SIP implementation, namely VOCAL. This effective approach can also be used to test any other SIP implementations.
In the paper the operating device of IPSec protocol optimized for treatment media of packages is investigated. Analytical expressions which describe time of media packages processing depending on the parameters of operating device structure are offered, the mathematical model of operating device of IPSec processor is developed. On the basis of mathematical model, with the purpose of reduction of delay and jitter, which rise up during the generation of media package, software is developed for optimization of structures descriptions of processor IPSec operating device. The row of the optimized structures of operating device is got for different services of given IPSec treatment at different technological descriptions of component base. The analysis of results allowed to set that in most cases, the least time of treatment media of packages is observed at iterative and iterative-conveyer realization of IPSec operating device.
Assessment of degradation area due to mining area in parts of karimnagar and Adilabad using Hyperspectlal satellite data
Satellite communication is very popular to provide the services like audio communication, video communication, positioning of satellite, message communication, etc. Satellite mobile communication is started as first climatic development as GEO type. In satellite communication, some attacks occur due to delay in communication and connection of link intermittently. In the proposed work, we have studied the paper that reduces the effect of attack and so key algorithm has been used. Authentication of satellite system is done to restrict the message from unauthorized entity. Communication delay is also reduced to improve the performance of the communication of the satellite. In this paper, we have also reviewed different schemes and mentioned that the authentication of satellite is done and key generation for the satellite and updating of the key and privacy and integrity is maintained. Authentication of the satellite is very important to be very sure that the coming message or information is from trusted source. The satellites that send the information are authentic, and we can rely on that information. Authentication of the message is also necessary so that it maintains the integrity of the message. Authenticity of the message means that message is accurate and came from the trusted source. Key update is required for satellite communication. When new LEO satellite enters into the network, then it is necessary to update the key for those LEO satellite which is compromised by adversary, so that it can be protected from adversary.KeywordsAuthenticationSecurityGeostationary earth orbitLower earth orbitKey updateLogical key hierarchyGroup Diffie–Hellman
The subject of the research in this article is the methods for detecting intrusions into the information systems of organizations to justify the requirements for the functioning of the monitoring agent of the selected logical object. The aim is to develop a method for building a dynamic model of the logical object of the information system and determine the law of its operation. Tasks: to substantiate the need to create security monitoring agents for logical objects of information systems; identify the main functions of security monitoring agents for logical objects; to propose a method for building a dynamic model of the functioning of a logical object and determining the law of its functioning. The methods used are abstraction, system approach, and methods of mathematical modeling using the provisions of the theory of finite automata. The following results were obtained. A method for constructing a dynamic model of a logical object of an information system is proposed. The dynamic model of the operation of the selected logical object reflects the allowable processes in the space of states that occur during the implementation of functions following the specifications defined by the protocol. This dynamic model is represented by a system of algebraic equations in the space of states, which are formed because of the formalization of the processes of realization of certain functions. The solution of a system of algebraic equations in the space of states as a dynamic model of a logical object is a regular expression for a set of admissible processes. This regular expression defines the set of possible trajectories in the space of states, which is the law of operation of this logical object. Conclusions. The proposed method for building a dynamic model of the logical object in contrast to the existing one is based on the formalization of the processes of implementing of partial functions of the protocol, which allows determining the law of the selected logical object, to ensure the adequacy and accuracy of the model. The law of functioning is the basis for the substantiation of initial data for a statement of problems of identification and diagnosing of a condition of the safety of logical objects of an information system. The solution to these problems is needed to substantiate the requirements for the functioning of the agent to monitor the state of the selected logical object and respond to its changes.vulnerabilities of information systems; the logical object of the information system; information system security status; dynamic model of a logical object; the law of functioning of a logical object
This is a journey through fifty years of Internet history. The book begins by presenting how to model a data network showing the origins of the network and the function of Internetworking. Then, it explains how the Internet protocol (IPv4) was developed: What is it? why did we need it, what kind of services does it provide? how do its auxiliary works? The book then follows the problem of exhaustion of the IPv4 addresses space discussing the solutions that have been put forward to confront this problem, namely Classless interdomain Routing (CIDR) and Network address translation (NAT), and down to the IPv6, the protocol which represents the definitive solution. The book ends by discussing the auxiliaries of IPv6, namely the Internet control message protocol for IPv6 (ICMPv6) Neighbor Discovery Protocol (NDP).
Traditional cryptographic block cipher algorithms are often unsuitable for low-resource profiled IoT (Internet of Things) devices. A lightweight cryptographic algorithm is thus mandated. The S boxes are often called the heart of a cryptographic protocol, as a considerable amount of resource and time complexities are associated with the design of an S box. A lightweight S box will consume less memory, less power and less time, ensuring a high-level Shanon’s property of confusion. This paper proposes a lightweight S box design to meet all the requirements of lightweight cryptographic ciphers. The proposed method applies a couple of transformations- the multiplicative inverse in the Galois field \(({2}^{4})\) and affine transformations on selected irreducible polynomials to create \(4\times 4\) S-boxes. Several cryptanalyses such as balance test, bijection property, difference distribution table test, and Boomerang Connectivity were performed to demonstrate the robust characteristics of the proposed method.
Virtual private networks (VPNs) allow organizations to support their remote employees by creating tunnels that ensure confidentiality, integrity and authenticity of communicated packets. However, these same services are often provided by the application, in protocols such as TLS. As a result, the historical driving force for VPNs may be in decline. Instead, VPNs are often used to determine whether a communicating host is a legitimate member of the network to simplify filtering and access control. However, this comes with a cost: VPN implementations often introduce performance bottlenecks that affect the user experience.
In Europe the SESAR air traffic management master plan foresees the introduction of several modern digital data links for aeronautical communications. The candidate for long-range continental communication is LDACS. LDACS is a cellular, ground-based digital communications system for flight guidance and communications related to the safety and regularity of flight. Hence, the aeronautical standards for cybersecurity of the link layer and the network layer apply. In previous works, threat- and risk analyses of LDACS were conducted, a draft for an LDACS cybersecurity architecture was introduced, algorithms proposed, and the security of the STS-based MAKE procedure of LDACS formally verified. However, options for cipher-suites and certificate management for LDACS are still missing. This paper proposes a cell-attachment procedure which establishes a secure LDACS communication channel between an aircraft and corresponding ground-station upon cell-entry of the aircraft that addresses these shortcomings. It introduces a full cell-attachment protocol including cipher-suites and certificate revocation for LDACS.
Today cloud computing is seen as the feature of IT industry. Use of IAAS, PAAS and SAAS is transforming capital expenses (CapEx) into operational expenses (OpEx) without sacrificing performance of communication and without compromising security and even streamlines workload with maximum profits. As organization look to build up modern IT architecture that scales rapidly and globally while supporting numerous digital channels and a variety of devices, the cloud is nothing less than critical. This paper, on one hand, exaggerates cloud feature like SSO with its underlying implementation details using SAML, improves communication security at TLS level and uses improved DH as "DH with an ASCII digit" to secure (handshake) public and private key shared on the network, on the other hand. These two additional security factors make cloud users more immune & secure and cloud security invincible for eavesdroppers/ attackers.
An ad hoc network is a network made of movable nodes built on the fly and constructed dynamically when there is no longer an infrastructure or pre-built network on the scene. The nodes can also perform both end-to-end terminals and shape MANET roles, meaning they contribute to each route's configurations. The data must travel through several intermediate nodes during the route while routing a given flow from a source to a destination. The data should be larger than needed for just a single application use. The intermediate nodes forward data to the intended destination, taking into account the locations to which it must be sent to arrive correctly. The routing protocol in an Ad hoc network (human-made network) uses nodes to look at different device locations and procedures for any data path they choose before deciding on the route and ways in which they exchange data are viable. Anomaly, since the existing trust among the various nodes and dynamic topology, leaves the routing protocols susceptible to Denial of service attacks like a black hole, wormhole, Denial of service, and being non-integrated into a central infrastructure present a condition which MANETs are subject to such as Conventional networks typically work by injecting some control packets and tracking the target's movement once the user is already on the wireless. Still, in a MANET, the attacker acts before the mark has moved into the wireless medium. Maliciously exploiting various routing information has the potential to drive the system into a situation of more significant disorder, which will eventually lead to widespread network failure. This existing AODV attack, called the Blackhole attack, might have worked by purposefully withholding important routing information from end-users who could have benefitted from it, which is just what the adversary does in this task. In this scenario, the data packets are never delivered, and the system suffers a total data loss. The variety of detection and protection techniques employed against the blackhole attacker significantly lower the number of suspects. Therefore, this paper advocate for OSPFV [for wireless LANs] protocol integration with built-in security, where Threshold evaluation and cryptographic verification are employed. In this paper, two protocols: the blackhole attack and the proposed AODV-BS protocols, are simulated on different MANET models, and the two other network metrics are used: Network Packet Delivery Ratio and the normalized Out of Routing Overhead Utilization and Network Delay are calculated, and then their performance is studied to discover the result.
Now-a-days the significance of security has been greater than before because of the fact that data has been accessed and transferred through public network. The data which has been transferred could be sniffed which may be a loss for us. When data is transferred in to public network we need confidentiality, integration and authentication. In this review paper we will discuss all these factors that keep our data safe enough. In order to provide this factor a site-to-site virtual private network has been designed which provide more security to data and made the public network into private network. The virtual private network hides the source and destination address as well as it also hides the internal network so that our network would be safe enough.
ResearchGate has not been able to resolve any references for this publication.