395,508 research outputs found
Dovetail: Stronger Anonymity in Next-Generation Internet Routing
Current low-latency anonymity systems use complex overlay networks to conceal
a user's IP address, introducing significant latency and network efficiency
penalties compared to normal Internet usage. Rather than obfuscating network
identity through higher level protocols, we propose a more direct solution: a
routing protocol that allows communication without exposing network identity,
providing a strong foundation for Internet privacy, while allowing identity to
be defined in those higher level protocols where it adds value.
Given current research initiatives advocating "clean slate" Internet designs,
an opportunity exists to design an internetwork layer routing protocol that
decouples identity from network location and thereby simplifies the anonymity
problem. Recently, Hsiao et al. proposed such a protocol (LAP), but it does not
protect the user against a local eavesdropper or an untrusted ISP, which will
not be acceptable for many users. Thus, we propose Dovetail, a next-generation
Internet routing protocol that provides anonymity against an active attacker
located at any single point within the network, including the user's ISP. A
major design challenge is to provide this protection without including an
application-layer proxy in data transmission. We address this challenge in path
construction by using a matchmaker node (an end host) to overlap two path
segments at a dovetail node (a router). The dovetail then trims away part of
the path so that data transmission bypasses the matchmaker. Additional design
features include the choice of many different paths through the network and the
joining of path segments without requiring a trusted third party. We develop a
systematic mechanism to measure the topological anonymity of our designs, and
we demonstrate the privacy and efficiency of our proposal by simulation, using
a model of the complete Internet at the AS-level
Concurrent Knowledge-Extraction in the Public-Key Model
Knowledge extraction is a fundamental notion, modelling machine possession of
values (witnesses) in a computational complexity sense. The notion provides an
essential tool for cryptographic protocol design and analysis, enabling one to
argue about the internal state of protocol players without ever looking at this
supposedly secret state. However, when transactions are concurrent (e.g., over
the Internet) with players possessing public-keys (as is common in
cryptography), assuring that entities ``know'' what they claim to know, where
adversaries may be well coordinated across different transactions, turns out to
be much more subtle and in need of re-examination. Here, we investigate how to
formally treat knowledge possession by parties (with registered public-keys)
interacting over the Internet. Stated more technically, we look into the
relative power of the notion of ``concurrent knowledge-extraction'' (CKE) in
the concurrent zero-knowledge (CZK) bare public-key (BPK) model.Comment: 38 pages, 4 figure
Analisa Perbandingan Pengaruh Penggunaan Protokol Tunneling IP Security dengan Protokol Tunneling Layer 2 Tunneling Protocol terhadap Quality Of Services pada Jaringan Virtual Private Network
Internet Protocol Security (IPSec) and Layer 2 Tunneling Protocol (L2TP) is a security protocol on the VPN is used to improve the security of an Internet network. Comparison of the use of these protocols may affect network performance or Quality of Services (QoS). The QoS measurement parameters measured by delay, jitter, throughput and packet loss. Network modeling scenarios using the bus topology model. Results of this study was to compare the performance of each protocol which is VPN IPSec and L2TP by measuring the QoS performance without using the protocol as a benchmark to compare their effects on QoS by using the tunneling protocol
Risk Analysis of the Implementation of IPv6 Neighbor Discovery in Public Network
Internet is ubiquitous, and in recent times its growth has been exponential. This rapid growth caused the depletion of the current Internet Protocol version 4 (IPv4) address, prompting IETF with the design of the new Internet Protocol version 6 (IPv6) in the 1990’s. IPv6 is the next generation of the Internet Protocol designed with much larger address space and additional functions to ease its use for the users. One of the new functions is address auto configuration of new host’s via Neighbor Discovery Protocol (NDP). However, the implementation of NDP is not without risk in terms of security. This paper analyzes the risk of NDP implementation in public network. The result shows a number of risks that appear on the implementation of NDP over a Public Network. Neighbors cannot be trusted 100%. One of them could be an attacker who may exploit the NDP message to get their own benefit. In addition the number of insiders increases time to time
Distributed Internet security and measurement
The Internet has developed into an important economic, military, academic, and social resource. It is a complex network, comprised of tens of thousands of independently operated networks, called Autonomous Systems (ASes). A significant strength of the Internet\u27s design, one which enabled its rapid growth in terms of users and bandwidth, is that its underlying protocols (such as IP, TCP, and BGP) are distributed. Users and networks alike can attach and detach from the Internet at will, without causing major disruptions to global Internet connectivity. This dissertation shows that the Internet\u27s distributed, and often redundant structure, can be exploited to increase the security of its protocols, particularly BGP (the Internet\u27s interdomain routing protocol). It introduces Pretty Good BGP, an anomaly detection protocol coupled with an automated response that can protect individual networks from BGP attacks. It also presents statistical measurements of the Internet\u27s structure and uses them to create a model of Internet growth. This work could be used, for instance, to test upcoming routing protocols on ensemble of large, Internet-like graphs. Finally, this dissertation shows that while the Internet is designed to be agnostic to political influence, it is actually quite centralized at the country level. With the recent rise in country-level Internet policies, such as nation-wide censorship and warrantless wiretaps, this centralized control could have significant impact on international reachability
Mobile IP and Route Optimization: A Simulation Study.
Powerful light-weight portable computers, the availability of wireless networks, and the popularity of the Internet are driving the need for better networking support for mobile hosts. Current versions of the Internet Protocol (IP), make an implicit assumption that the point at which a computer attaches to a network is fixed and its IP address identifies the network to which it is attached. Packets are sent to a computer based on the location information contained in its IP address. Therefore, transparent host mobility is not supported by IP. But there is a growing need for users to be able to connect their portable computers to the Internet at any time, and stay connected even when they are on the move. Amongst various options available to implement host mobility, Mobile IP, which is an IETF (Internet Engineering Task Force) Draft Standard, is the most feasible one. The Mobile IP protocol, that is compatible with the TCP/IP protocol suite, allows a mobile host to move around the Internet without changing its identity. It is an internet (IP) layer solution to host mobility. Route Optimization, which is an extension to Mobile IP, allows a node to cache the location of a mobile host and to send packets directly to that mobile host. This thesis describes the development of a model to simulate Mobile IP with Route Optimization. An event-driven simulator was developed to study this protocol. Using this simulator, experiments were conducted to study the performance of the protocol under various changing network parameters. These experiments also establish the merits of Route Optimization over base Mobile IP
- …