1,991 research outputs found
Quantum Cryptography in Practice
BBN, Harvard, and Boston University are building the DARPA Quantum Network,
the world's first network that delivers end-to-end network security via
high-speed Quantum Key Distribution, and testing that Network against
sophisticated eavesdropping attacks. The first network link has been up and
steadily operational in our laboratory since December 2002. It provides a
Virtual Private Network between private enclaves, with user traffic protected
by a weak-coherent implementation of quantum cryptography. This prototype is
suitable for deployment in metro-size areas via standard telecom (dark) fiber.
In this paper, we introduce quantum cryptography, discuss its relation to
modern secure networks, and describe its unusual physical layer, its
specialized quantum cryptographic protocol suite (quite interesting in its own
right), and our extensions to IPsec to integrate it with quantum cryptography.Comment: Preprint of SIGCOMM 2003 pape
Quantum Key Distribution (QKD) and Commodity Security Protocols: Introduction and Integration
We present an overview of quantum key distribution (QKD), a secure key
exchange method based on the quantum laws of physics rather than computational
complexity. We also provide an overview of the two most widely used commodity
security protocols, IPsec and TLS. Pursuing a key exchange model, we propose
how QKD could be integrated into these security applications. For such a QKD
integration we propose a support layer that provides a set of common QKD
services between the QKD protocol and the security applicationsComment: 12Page
On the security of software-defined next-generation cellular networks
In the recent years, mobile cellular networks are ndergoing fundamental changes and many established concepts are being revisited. Future 5G network architectures will be designed to employ a wide range of new and emerging technologies such as Software Defined Networking (SDN) and Network Functions Virtualization (NFV). These create new virtual network elements each affecting the logic of the network management and operation, enabling the creation of new generation services with substantially higher data rates and lower delays. However, new security challenges and threats are also introduced. Current Long-Term Evolution (LTE) networks are not able to accommodate these new trends in a secure and reliable way. At the same time, novel 5G systems have proffered invaluable opportunities of developing novel solutions for attack prevention, management, and recovery. In this paper, first we discuss the main security threats and possible attack vectors in cellular networks. Second, driven by the emerging next-generation cellular networks, we discuss the architectural and functional requirements to enable
appropriate levels of security
Demo Abstract: Securing Communication in 6LoWPAN with Compressed IPsec
With the inception of IPv6 it is possible to assign
a unique ID to each device on planet. Recently, wireless sensor
networks and traditional IP networks are more tightly integrated
using IPv6 and 6LoWPAN. Real-world deployments of WSN
demand secure communication. The receiver should be able to
verify that sensor data is generated by trusted nodes and/or
it may also be necessary to encrypt sensor data in transit.
Available IPv6 protocol stacks can use IPsec to secure data
exchanges. Thus, it is desirable to extend 6LoWPAN such that
IPsec communication with IPv6 nodes is possible. It is beneficial
to use IPsec because the existing end-points on the Internet do
not need to be modified to communicate securely with the WSN.
Moreover, using IPsec, true end-to-end security is implemented
and the need for a trustworthy gateway is removed.
In this demo we will show the usage of our implemented
lightweight IPsec. We will show how IPsec ensures end-to-end
security between an IP enabled sensor networks and the
traditional Internet. This is the first compressed lightweight
design, implementation, and evaluation of a 6LoWPAN extension
for IPsec. This demo complements the full paper that will appear
in the parent conference, DCOSS’11
Survey on security issues in file management in cloud computing environment
Cloud computing has pervaded through every aspect of Information technology
in past decade. It has become easier to process plethora of data, generated by
various devices in real time, with the advent of cloud networks. The privacy of
users data is maintained by data centers around the world and hence it has
become feasible to operate on that data from lightweight portable devices. But
with ease of processing comes the security aspect of the data. One such
security aspect is secure file transfer either internally within cloud or
externally from one cloud network to another. File management is central to
cloud computing and it is paramount to address the security concerns which
arise out of it. This survey paper aims to elucidate the various protocols
which can be used for secure file transfer and analyze the ramifications of
using each protocol.Comment: 5 pages, 1 tabl
Options for Securing RTP Sessions
The Real-time Transport Protocol (RTP) is used in a large number of
different application domains and environments. This heterogeneity
implies that different security mechanisms are needed to provide
services such as confidentiality, integrity, and source
authentication of RTP and RTP Control Protocol (RTCP) packets
suitable for the various environments. The range of solutions makes
it difficult for RTP-based application developers to pick the most
suitable mechanism. This document provides an overview of a number
of security solutions for RTP and gives guidance for developers on
how to choose the appropriate security mechanism
Securely Launching Virtual Machines on Trustworthy Platforms in a Public Cloud
In this paper we consider the Infrastructure-as-a-Service (IaaS) cloud model which allows cloud users to run their own virtual machines (VMs) on available cloud computing resources. IaaS gives enterprises the possibility to outsource their process workloads with minimal effort and expense. However, one major problem with existing approaches of cloud leasing, is that the users can only get contractual guarantees regarding the integrity of the offered platforms. The fact that the IaaS user himself or herself cannot verify the provider promised cloud platform integrity, is a security risk which threatens to prevent the IaaS business in general. In this paper we address this issue and propose a novel secure VM launch protocol using Trusted Computing techniques. This protocol allows the cloud IaaS users to securely bind the VM to a trusted computer configuration such that the clear text VM only will run on a platform that has been booted into a trustworthy state. This capability builds user confidence and can serve as an important enabler for creating trust in public clouds. We evaluate the feasibility of our proposed protocol via a full scale system implementation and perform a system security analysis
Automatic Intent-Based Secure Service Creation Through a Multilayer SDN Network Orchestration
Growing traffic demands and increasing security awareness are driving the
need for secure services. Current solutions require manual configuration and
deployment based on the customer's requirements. In this work, we present an
architecture for an automatic intent-based provisioning of a secure service in
a multilayer - IP, Ethernet, and optical - network while choosing the
appropriate encryption layer using an open-source software-defined networking
(SDN) orchestrator. The approach is experimentally evaluated in a testbed with
commercial equipment. Results indicate that the processing impact of secure
channel creation on a controller is negligible. As the time for setting up
services over WDM varies between technologies, it needs to be taken into
account in the decision-making process.Comment: Parts of the presented work has received funding from the European
Commission within the H2020 Research and Innovation Programme, under grant
agreeement n.645127, project ACIN
- …