On the security of the Mobile IP protocol family

The Internet Engineering Task Force (IETF) has worked on\ud network layer mobility for more than 10 years and a number\ud of RFCs are available by now. Although the IETF mobility\ud protocols are not present in the Internet infrastructure as of\ud today, deployment seems to be imminent since a number\ud of organizations, including 3GPP, 3GPP2 and Wimax, have\ud realized the need to incorporate these protocols into their architectures.\ud Deployment scenarios reach from mobility support\ud within the network of a single provider to mobility support\ud between different providers and technologies. Current Wimax\ud specifications, for example, already support Mobile IPv4,\ud Proxy Mobile IPv4 and Mobile IPv6. Future specifications will\ud also support Proxy Mobile IPv6. Upcoming specifications in\ud the 3GPP Evolved Packet Core (EPC) will include the use of\ud Mobile IPv4, Dual Stack MIPv6 and Proxy Mobile IPv6 for\ud interworking between 3GPP and non 3GPP networks.\ud This paper provides an overview on the state-of-the-art\ud in IETF mobility protocols as they are being considered by\ud standardization organizations outside the IETF and focusing\ud on security aspects

GridFTP: Protocol Extensions to FTP for the Grid

GridFTP: Protocol Extensions to FTP for the Gri

IETF standardization in the field of the Internet of Things (IoT): a survey

Smart embedded objects will become an important part of what is called the Internet of Things. However, the integration of embedded devices into the Internet introduces several challenges, since many of the existing Internet technologies and protocols were not designed for this class of devices. In the past few years, there have been many efforts to enable the extension of Internet technologies to constrained devices. Initially, this resulted in proprietary protocols and architectures. Later, the integration of constrained devices into the Internet was embraced by IETF, moving towards standardized IP-based protocols. In this paper, we will briefly review the history of integrating constrained devices into the Internet, followed by an extensive overview of IETF standardization work in the 6LoWPAN, ROLL and CoRE working groups. This is complemented with a broad overview of related research results that illustrate how this work can be extended or used to tackle other problems and with a discussion on open issues and challenges. As such the aim of this paper is twofold: apart from giving readers solid insights in IETF standardization work on the Internet of Things, it also aims to encourage readers to further explore the world of Internet-connected objects, pointing to future research opportunities

De-ossifying the Internet Transport Layer : A Survey and Future Perspectives

ACKNOWLEDGMENT The authors would like to thank the anonymous reviewers for their useful suggestions and comments.Peer reviewedPublisher PD

The security of NTP's datagram protocol

For decades, the Network Time Protocol (NTP) has been used to synchronize computer clocks over untrusted network paths. This work takes a new look at the security of NTP’s datagram protocol. We argue that NTP’s datagram protocol in RFC5905 is both underspecified and flawed. The NTP specifications do not sufficiently respect (1) the conflicting security requirements of different NTP modes, and (2) the mechanism NTP uses to prevent off-path attacks. A further problem is that (3) NTP’s control-query interface reveals sensitive information that can be exploited in off-path attacks. We exploit these problems in several attacks that remote attackers can use to maliciously alter a target’s time. We use network scans to find millions of IPs that are vulnerable to our attacks. Finally, we move beyond identifying attacks by developing a cryptographic model and using it to prove the security of a new backwards-compatible client/server protocol for NTP.https://eprint.iacr.org/2016/1006.pdfhttps://eprint.iacr.org/2016/1006.pdfPublished versio

Ghana TRIPS Over the TRIPS Agreement on Plant Breeders' Rights

This document is the Accepted Manuscript version of the following article: Thaddeus Manu, 'Ghana Trips Over the TRIPS Agreement on Plant Breeders' Rights', African Journal of Legal Studies, Vol 9 (1): 20-45, July 2017. Under embargo. Embargo end date: 31 July 2019. The final, published version is available online at doi: https://doi.org/10.1163/17087384-12342070. Published by BRILL.The premise under which the global IP system is validated has often focused on a traditional materialistic approach. While this seems to find legitimate support in economic reasoning, such a fundamental view also appears to contradict a related social norm claim which dictates that society ought to be shaped by appropriate values rather than economic rubrics. Although Ghana is not a signatory member of the UPOV Convention, there is explicit evidence that the PBRs Bill under consideration in Parliament contains provisions modelled on the UPOV Act 1991 rather than the potentially flexible and “effective sui generis system” in TRIPS. This paper aims to contribute to a recently active area of discussion on the topic by examining the consequences of stringent legislation on PBRs in the absence of adequate safeguard measures to protect public interests. Consequently, the hypothesis of this paper rests on the argument that every system needs checks and balances and the legislative system is no exception; therefore, social policy matters must be integrated into the so-called PBRs Bill in order not to undervalue public interests. To conclude, the author presents an argument based on a logical balance that ought to be found on the path to promulgating such legislation.Peer reviewe

The evolution of anti-circumvention law

Countries around the world have since 1996 updated copyright laws to prohibit the circumvention of "Technological Protection Measures", technologies that restrict the use of copyright works with the aim of reducing infringement and enforcing contractual restrictions. This article traces the legislative and treaty history that lies behind these new legal provisions, and examines their interaction with a wide range of other areas of law: from international exhaustion of rights, through competition law, anti-discrimination measures, regulation of computer security research, constitutional rights to freedom of expression and privacy, and consumer protection measures. The article finds that anti-circumvention law as promoted by US trade policy has interfered with public policy objectives in all of these areas. It picks out key themes from the free trade agreements, legislation and jurisprudence of the World Trade Organization, World Intellectual Property Organization, USA, EU member states, and South American, Asian and Australasian nations. There is now a significant movement in treaty negotiations and in legislatures to reduce the scope of anti-circumvention provisions to ensure their compatibility with other important policy objectives

Securing The Root: A Proposal For Distributing Signing Authority

Management of the Domain Name System (DNS) root zone file is a uniquely global policy problem. For the Internet to connect everyone, the root must be coordinated and compatible. While authority over the legacy root zone file has been contentious and divisive at times, everyone agrees that the Internet should be made more secure. A newly standardized protocol, DNS Security Extensions (DNSSEC), would make the Internet's infrastructure more secure. In order to fully implement DNSSEC, the procedures for managing the DNS root must be revised. Therein lies an opportunity. In revising the root zone management procedures, we can develop a new solution that diminishes the impact of the legacy monopoly held by the U.S. government and avoids another contentious debate over unilateral U.S. control. In this paper we describe the outlines of a new system for the management of a DNSSEC-enabled root. Our proposal distributes authority over securing the root, unlike another recently suggested method, while avoiding the risks and pitfalls of an intergovernmental power sharing scheme

Design and Experimental Evaluation of a Route Optimisation Solution for NEMO

An important requirement for Internet protocol (IP) networks to achieve the aim of ubiquitous connectivity is network mobility (NEMO). With NEMO support we can provide Internet access from mobile platforms, such as public transportation vehicles, to normal nodes that do not need to implement any special mobility protocol. The NEMO basic support protocol has been proposed in the IETF as a first solution to this problem, but this solution has severe performance limitations. This paper presents MIRON: Mobile IPv6 route optimization for NEMO, an approach to the problem of NEMO support that overcomes the limitations of the basic solution by combining two different modes of operation: a Proxy-MR and an address delegation with built-in routing mechanisms. This paper describes the design and rationale of the solution, with an experimental validation and performance evaluation based on an implementation.Publicad

Integration of heterogeneous devices and communication models via the cloud in the constrained internet of things

As the Internet of Things continues to expand in the coming years, the need for services that span multiple IoT application domains will continue to increase in order to realize the efficiency gains promised by the IoT. Today, however, service developers looking to add value on top of existing IoT systems are faced with very heterogeneous devices and systems. These systems implement a wide variety of network connectivity options, protocols (proprietary or standards-based), and communication methods all of which are unknown to a service developer that is new to the IoT. Even within one IoT standard, a device typically has multiple options for communicating with others. In order to alleviate service developers from these concerns, this paper presents a cloud-based platform for integrating heterogeneous constrained IoT devices and communication models into services. Our evaluation shows that the impact of our approach on the operation of constrained devices is minimal while providing a tangible benefit in service integration of low-resource IoT devices. A proof of concept demonstrates the latter by means of a control and management dashboard for constrained devices that was implemented on top of the presented platform. The results of our work enable service developers to more easily implement and deploy services that span a wide variety of IoT application domains