949 research outputs found
Threat Modelling for Active Directory
This paper analyses the security threats that can arise against an Active Directory server when it is included in a Web application. The approach is based on the STRIDE classification methodology. The paper also provides outline descriptions of countermeasures that can be deployed to protect against the different threats and vulnerabilities identified here
Argumentation-based fault diagnosis for home networks
Home networks are a fast growing market but managing them is a difficult task, and diagnosing faults is even more challenging. Current fault management tools provide comprehensive information about the network and the devices but it is left to the user to interpret and reason about the data and experiment in order to find the cause of a problem. Home users may not have motivation or time to learn the required skills. Furthermore current tools adopt a closed approach which hardcodes a knowledge base, making them hard to update and extend. This paper proposes an open fault management framework for home networks, whose goal is to simplify network troubleshooting for non-expert users. The framework is based on assumption-based argumentation that is an AI technique for knowledge representation and reasoning. With the underlying argumentation theory, we can easily capture and model the diagnosis procedures of network administrators. The framework is rule-based and extensible, allowing new rules to be added into the knowledge base and diagnostic strategies to be updated on the fly.The framework can also utilise external knowledge and make distributed diagnosi
Towards an incremental deployment of ERN protocols: a proposal for an E2E-ERN hybrid protocol
We propose an architecture based on a hybrid E2E-ERN approach to allow incremental deployment of ERN (Explicit Rate Notification) protocols in heterogeneous networks. The proposed IP-ERN architecture combines E2E (End-to-End)and ERN protocols and uses the minimum between both congestion windows to perform. Without introducing complex operation, the resulting E2E-ERN protocol provides inter and intra protocol fairness and benefits from all ERN protocol advantages when possible. We detail the principle of this novel IP-ERN architecture and show that this architecture is highly adaptive to the network dynamic and is compliant with IPv4, IPv6 as well as IP-in-IP tunneling solutions
The Dark Side(-Channel) of Mobile Devices: A Survey on Network Traffic Analysis
In recent years, mobile devices (e.g., smartphones and tablets) have met an
increasing commercial success and have become a fundamental element of the
everyday life for billions of people all around the world. Mobile devices are
used not only for traditional communication activities (e.g., voice calls and
messages) but also for more advanced tasks made possible by an enormous amount
of multi-purpose applications (e.g., finance, gaming, and shopping). As a
result, those devices generate a significant network traffic (a consistent part
of the overall Internet traffic). For this reason, the research community has
been investigating security and privacy issues that are related to the network
traffic generated by mobile devices, which could be analyzed to obtain
information useful for a variety of goals (ranging from device security and
network optimization, to fine-grained user profiling).
In this paper, we review the works that contributed to the state of the art
of network traffic analysis targeting mobile devices. In particular, we present
a systematic classification of the works in the literature according to three
criteria: (i) the goal of the analysis; (ii) the point where the network
traffic is captured; and (iii) the targeted mobile platforms. In this survey,
we consider points of capturing such as Wi-Fi Access Points, software
simulation, and inside real mobile devices or emulators. For the surveyed
works, we review and compare analysis techniques, validation methods, and
achieved results. We also discuss possible countermeasures, challenges and
possible directions for future research on mobile traffic analysis and other
emerging domains (e.g., Internet of Things). We believe our survey will be a
reference work for researchers and practitioners in this research field.Comment: 55 page
Guidelines for Specifying the Use of IPsec Version 2
The Security Considerations sections of many Internet Drafts say, in effect, "just use IPsec". While this is sometimes correct, more often it will leave users without real, interoperable security mechanisms. This memo offers some guidance on when IPsec Version 2 should and should not be specified
SECURITY AND PRIVACY ISSUES IN MOBILE NETWORKS, DIFFICULTIES AND SOLUTIONS
Mobile communication is playing a vital role in the daily life for the last two decades; in turn its fields gained the research attention, which led to the introduction of new technologies, services and applications. These new added facilities aimed to ease the connectivity and reachability; on the other hand, many security and privacy concerns were not taken into consideration. This opened the door for the malicious activities to threaten the deployed systems and caused vulnerabilities for users, translated in the loss of valuable data and major privacy invasions. Recently, many attempts have been carried out to handle these concerns, such as improving systemsâ security and implementing different privacy enhancing mechanisms. This research addresses these problems and provides a mean to preserve privacy in particular. In this research, a detailed description and analysis of the current security and privacy situation in the deployed systems is given. As a result, the existing shortages within these systems are pointed out, to be mitigated in development. Finally a privacy preserving prototype model is proposed. This research has been conducted as an extensive literature review about the most relevant references and researches in the field, using the descriptive and evaluative research methodologies. The main security models, parameters, modules and protocols are presented, also a detailed description of privacy and its related arguments, dimensions and factors is given. The findings include that mobile networksâ security along with users are vulnerable due to the weaknesses of the key exchange procedures, the difficulties that face possession, repudiation, standardization, compatibility drawbacks and lack of configurability. It also includes the need to implement new mechanisms to protect security and preserve privacy, which include public key cryptography, HIP servers, IPSec, TLS, NAT and DTLS-SRTP. Last but not least, it shows that privacy is not absolute and it has many conflicts, also privacy requires sophisticated systems, which increase the load and cost of the system.fi=OpinnĂ€ytetyö kokotekstinĂ€ PDF-muodossa.|en=Thesis fulltext in PDF format.|sv=LĂ€rdomsprov tillgĂ€ngligt som fulltext i PDF-format
Assessing and improving an approach to delay-tolerant networking
Delay-tolerant networking (DTN) is a term invented to describe and encompass
all types of long-delay, disconnected, disrupted or intermittently-connected
networks, where mobility and outages or scheduled contacts may be experienced.
'DTN' is also used to refer to the Bundle Protocol, which has been proposed as
the one unifying solution for disparate DTN networking scenarios, after
originally being designed solely for use in deep space for the 'Interplanetary
Internet.' We evaluated the Bundle Protocol by testing it in space and on the
ground. We have found architectural weaknesses in the Bundle Protocol that may
prevent engineering deployment of this protocol in realistic delay-tolerant
networking scenarios, and have proposed approaches to address these weaknesses.Comment: 2 pages; First Annual CCSR Research Symposium (CRS 2011), Centre for
Communication Systems Research, 30 June 201
- âŠ