3,909 research outputs found
Quantum Key Distribution (QKD) and Commodity Security Protocols: Introduction and Integration
We present an overview of quantum key distribution (QKD), a secure key
exchange method based on the quantum laws of physics rather than computational
complexity. We also provide an overview of the two most widely used commodity
security protocols, IPsec and TLS. Pursuing a key exchange model, we propose
how QKD could be integrated into these security applications. For such a QKD
integration we propose a support layer that provides a set of common QKD
services between the QKD protocol and the security applicationsComment: 12Page
Q-ESP: a QoS-compliant Security Protocol to enrich IPSec Framework
IPSec is a protocol that allows to make secure connections between branch
offices and allows secure VPN accesses. However, the efforts to improve IPSec
are still under way; one aspect of this improvement is to take Quality of
Service (QoS) requirements into account. QoS is the ability of the network to
provide a service at an assured service level while optimizing the global usage
of network resources. The QoS level that a flow receives depends on a six-bit
identifier in the IP header; the so-called Differentiated Services code point
(DSCP). Basically, Multi-Field classifiers classify a packet by inspecting
IP/TCP headers, to decide how the packet should be processed. The current IPSec
standard does hardly offer any guidance to do this, because the existing IPSec
ESP security protocol hides much of this information in its encrypted payloads,
preventing network control devices such as routers and switches from utilizing
this information in performing classification appropriately. To solve this
problem, we propose a QoS-friendly Encapsulated Security Payload (Q-ESP) as a
new IPSec security protocol that provides both security and QoS supports. We
also present our NetBSD kernel-based implementation as well as our evaluation
results of Q-ESP
Securing Internet of Things with Lightweight IPsec
Real-world deployments of wireless sensor networks (WSNs) require
secure communication. It is important that a receiver is able to verify that sensor
data was generated by trusted nodes. In some cases it may also be necessary
to encrypt sensor data in transit. Recently, WSNs and traditional IP networks
are more tightly integrated using IPv6 and 6LoWPAN. Available IPv6 protocol
stacks can use IPsec to secure data exchange. Thus, it is desirable to extend
6LoWPAN such that IPsec communication with IPv6 nodes is possible. It is
beneficial to use IPsec because the existing end-points on the Internet do not
need to be modified to communicate securely with the WSN. Moreover, using
IPsec, true end-to-end security is implemented and the need for a trustworthy
gateway is removed.
In this paper we provide End-to-End (E2E) secure communication between
an IP enabled sensor nodes and a device on traditional Internet. This is the
first compressed lightweight design, implementation, and evaluation of 6LoWPAN
extension for IPsec on Contiki. Our extension supports both IPsec's Authentication
Header (AH) and Encapsulation Security Payload (ESP). Thus,
communication endpoints are able to authenticate, encrypt and check the integrity
of messages using standardized and established IPv6 mechanisms
Securing Internet Protocol (IP) Storage: A Case Study
Storage networking technology has enjoyed strong growth in recent years, but
security concerns and threats facing networked data have grown equally fast.
Today, there are many potential threats that are targeted at storage networks,
including data modification, destruction and theft, DoS attacks, malware,
hardware theft and unauthorized access, among others. In order for a Storage
Area Network (SAN) to be secure, each of these threats must be individually
addressed. In this paper, we present a comparative study by implementing
different security methods in IP Storage network.Comment: 10 Pages, IJNGN Journa
Automatic Intent-Based Secure Service Creation Through a Multilayer SDN Network Orchestration
Growing traffic demands and increasing security awareness are driving the
need for secure services. Current solutions require manual configuration and
deployment based on the customer's requirements. In this work, we present an
architecture for an automatic intent-based provisioning of a secure service in
a multilayer - IP, Ethernet, and optical - network while choosing the
appropriate encryption layer using an open-source software-defined networking
(SDN) orchestrator. The approach is experimentally evaluated in a testbed with
commercial equipment. Results indicate that the processing impact of secure
channel creation on a controller is negligible. As the time for setting up
services over WDM varies between technologies, it needs to be taken into
account in the decision-making process.Comment: Parts of the presented work has received funding from the European
Commission within the H2020 Research and Innovation Programme, under grant
agreeement n.645127, project ACIN
On the security of software-defined next-generation cellular networks
In the recent years, mobile cellular networks are ndergoing fundamental changes and many established concepts are being revisited. Future 5G network architectures will be designed to employ a wide range of new and emerging technologies such as Software Defined Networking (SDN) and Network Functions Virtualization (NFV). These create new virtual network elements each affecting the logic of the network management and operation, enabling the creation of new generation services with substantially higher data rates and lower delays. However, new security challenges and threats are also introduced. Current Long-Term Evolution (LTE) networks are not able to accommodate these new trends in a secure and reliable way. At the same time, novel 5G systems have proffered invaluable opportunities of developing novel solutions for attack prevention, management, and recovery. In this paper, first we discuss the main security threats and possible attack vectors in cellular networks. Second, driven by the emerging next-generation cellular networks, we discuss the architectural and functional requirements to enable
appropriate levels of security
Supporting Cyber-Physical Systems with Wireless Sensor Networks: An Outlook of Software and Services
Sensing, communication, computation and control technologies are the essential building blocks of a cyber-physical system (CPS). Wireless sensor networks (WSNs) are a way to support CPS as they provide fine-grained spatial-temporal sensing, communication and computation at a low premium of cost and power. In this article, we explore the fundamental concepts guiding the design and implementation of WSNs. We report the latest developments in WSN software and services for meeting existing requirements and newer demands; particularly in the areas of: operating system, simulator and emulator, programming abstraction, virtualization, IP-based communication and security, time and location, and network monitoring and management. We also reflect on the ongoing
efforts in providing dependable assurances for WSN-driven CPS. Finally, we report on its applicability with a case-study on smart buildings
Teleoperation of passivity-based model reference robust control over the internet
This dissertation offers a survey of a known theoretical approach and novel experimental results in establishing a live communication medium through the internet to host a virtual communication environment for use in Passivity-Based Model Reference Robust Control systems with delays. The controller which is used as a carrier to support a robust communication between input-to-state stability is designed as a control strategy that passively compensates for position errors that arise during contact tasks and strives to achieve delay-independent stability for controlling of aircrafts or other mobile objects. Furthermore the controller is used for nonlinear systems, coordination of multiple agents, bilateral teleoperation, and collision avoidance thus maintaining a communication link with an upper bound of constant delay is crucial for robustness and stability of the overall system. For utilizing such framework an elucidation can be formulated by preparing site survey for analyzing not only the geographical distances separating the nodes in which the teleoperation will occur but also the communication parameters that define the virtual topography that the data will travel through. This survey will first define the feasibility of the overall operation since the teleoperation will be used to sustain a delay based controller over the internet thus obtaining a hypothetical upper bound for the delay via site survey is crucial not only for the communication system but also the delay is required for the design of the passivity-based model reference robust control. Following delay calculation and measurement via site survey, bandwidth tests for unidirectional and bidirectional communication is inspected to ensure that the speed is viable to maintain a real-time connection. Furthermore from obtaining the results it becomes crucial to measure the consistency of the delay throughout a sampled period to guarantee that the upper bound is not breached at any point within the communication to jeopardize the robustness of the controller. Following delay analysis a geographical and topological overview of the communication is also briefly examined via a trace-route to understand the underlying nodes and their contribution to the delay and round-trip consistency. To accommodate the communication channel for the controller the input and output data from both nodes need to be encapsulated within a transmission control protocol via a multithreaded design of a robust program within the C language. The program will construct a multithreaded client-server relationship in which the control data is transmitted. For added stability and higher level of security the channel is then encapsulated via an internet protocol security by utilizing a protocol suite for protecting the communication by authentication and encrypting each packet of the session using negotiation of cryptographic keys during each session
Quantum Cryptography in Practice
BBN, Harvard, and Boston University are building the DARPA Quantum Network,
the world's first network that delivers end-to-end network security via
high-speed Quantum Key Distribution, and testing that Network against
sophisticated eavesdropping attacks. The first network link has been up and
steadily operational in our laboratory since December 2002. It provides a
Virtual Private Network between private enclaves, with user traffic protected
by a weak-coherent implementation of quantum cryptography. This prototype is
suitable for deployment in metro-size areas via standard telecom (dark) fiber.
In this paper, we introduce quantum cryptography, discuss its relation to
modern secure networks, and describe its unusual physical layer, its
specialized quantum cryptographic protocol suite (quite interesting in its own
right), and our extensions to IPsec to integrate it with quantum cryptography.Comment: Preprint of SIGCOMM 2003 pape
- …