1,847 research outputs found
Securing route optimisation in NEMO
Third International Symposium on Modeling and Optimization in Mobile, Ad Hoc,and Wireless Networks. 4-6 April 2005. Riva del Garda, Trentino, ItalyThe network mobility (NEMO) basic support protocol enables mobile networks to change their point of attachment to the Internet, while preserving established sessions of the nodes within the mobile network. When only a nonnested mobile network is considered, the so-called triangle routing is the main problem that should be faced. In mobile IPv6, the route optimisation mechanism solves this problem, and the return routability mechanism aims to limit the security concerns originated because of the route optimisation. Nowadays return routability is considered a weak solution (i.e., based on strong assumptions). In this article we explore different approaches to route optimisation in NEMO and we devise how to adapt some of the terminal mobility solutions to a NEMO environment, where, as we propose, a delegation of signalling rights from the mobile network node to the mobile router is necessary.Publicad
"On the Road" - Reflections on the Security of Vehicular Communication Systems
Vehicular communication (VC) systems have recently drawn the attention of
industry, authorities, and academia. A consensus on the need to secure VC
systems and protect the privacy of their users led to concerted efforts to
design security architectures. Interestingly, the results different project
contributed thus far bear extensive similarities in terms of objectives and
mechanisms. As a result, this appears to be an auspicious time for setting the
corner-stone of trustworthy VC systems. Nonetheless, there is a considerable
distance to cover till their deployment. This paper ponders on the road ahead.
First, it presents a distillation of the state of the art, covering the
perceived threat model, security requirements, and basic secure VC system
components. Then, it dissects predominant assumptions and design choices and
considers alternatives. Under the prism of what is necessary to render secure
VC systems practical, and given possible non-technical influences, the paper
attempts to chart the landscape towards the deployment of secure VC systems
Enabling Practical IPsec authentication for the Internet
On the Move to Meaningful Internet Systems 2006: OTM 2006 Workshops (First International Workshop on Information Security (IS'06), OTM Federated Conferences and workshops). Montpellier, Oct,/Nov. 2006There is a strong consensus about the need for IPsec, although its use is not widespread for end-to-end communications. One of the main reasons for this is the difficulty for authenticating two end-hosts that do not share a secret or do not rely on a common Certification Authority. In this paper we propose a modification to IKE to use reverse DNS and DNSSEC (named DNSSEC-to-IKE) to provide end-to-end authentication to Internet hosts that do not share any secret, without requiring the deployment of a new infrastructure. We perform a comparative analysis in terms of requirements, provided security and performance with state-of-the-art IKE authentication methods and with a recent proposal for IPv6 based on CGA. We conclude that DNSSEC-to-IKE enables the use of IPsec in a broad range of scenarios in which it was not applicable, at the price of offering slightly less security and incurring in higher performance costs.Universidad de Montpellier IIPublicad
On the security of the Blockchain Bix Protocol and Certificates
The BIX protocol is a blockchain-based protocol that allows distribution of
certificates linking a subject with his public key, hence providing a service
similar to that of a PKI but without the need of a CA. In this paper we analyze
the security of the BIX protocol in a formal way, in four steps. First, we
identify formal security assumptions which are well-suited to this protocol.
Second, we present some attack scenarios against the BIX protocol. Third, we
provide a formal security proof that some of these attacks are not feasible
under our previously established assumptions. Finally, we show how another
attack may be carried on.Comment: 16 pages, 1 figur
Deploying Virtual Machines on Shared Platforms
In this report, we describe mechanisms for secure deployment of virtual machines on shared platforms looking into a telecommunication cloud use case, which is also presented in this report. The architecture we present focuses on the security requirements of the major stakeholdersâ part of the scenario we present. This report comprehensively covers all major security aspects including different security mechanisms and protocols, leveraging existing standards and state-of-the art wherever applicable. In particular, our architecture uses TCG technologies for trust establishment in the deployment of operator virtual machines on shared resource platforms. We also propose a novel procedure for securely launching and cryptographically binding a virtual machine to a target platform thereby protecting the operator virtual machine and its related credentials
- âŠ