A framework for IPSec functional architecture.

In today\u27s network, various stand-alone security services and/or proxies are used to provide different security services. These individual security systems implementing one single security function cannot address security needs of evolving networks that require secure protocol such as IPSec. In this paper, we provide a framework for implementing IPSec security functions in a well structured functional architecture. The proposed architecture is modular and allows for composing software applications from products commercially available and developed by different suppliers to implement the entire security requirements of IPSec protocol. In addition the proposed architecture is robust in the sense that it supports open standards and interfaces, and implements security functions of IPSec as an integrated solution under a unified security management system.Dept. of Electrical and Computer Engineering. Paper copy at Leddy Library: Theses & Major Papers - Basement, West Bldg. / Call Number: Thesis2005 .F34. Source: Masters Abstracts International, Volume: 44-03, page: 1451. Thesis (M.Sc.)--University of Windsor (Canada), 2005

Secure Routing Protocol for Integrated UMTS and WLAN Ad Hoc Networks

The integrated UMTS and WLAN ad hoc networks are getting more and more popular as they hold substantial advantages by next generation networks. We introduce a new secure, robust routing protocol specifically designed for next generation technologies and evaluated its performance. The design of the SNAuth_SPERIPv2 secure routing protocol takes advantage to the integrated network, maintaining Quality of Service (QoS) under Wormhole Attack (WHA). This paper compares performance of newly developed secure routing protocol with other security schemes for CBR video streaming service under WHA

ANCHOR: logically-centralized security for Software-Defined Networks

While the centralization of SDN brought advantages such as a faster pace of innovation, it also disrupted some of the natural defenses of traditional architectures against different threats. The literature on SDN has mostly been concerned with the functional side, despite some specific works concerning non-functional properties like 'security' or 'dependability'. Though addressing the latter in an ad-hoc, piecemeal way, may work, it will most likely lead to efficiency and effectiveness problems. We claim that the enforcement of non-functional properties as a pillar of SDN robustness calls for a systemic approach. As a general concept, we propose ANCHOR, a subsystem architecture that promotes the logical centralization of non-functional properties. To show the effectiveness of the concept, we focus on 'security' in this paper: we identify the current security gaps in SDNs and we populate the architecture middleware with the appropriate security mechanisms, in a global and consistent manner. Essential security mechanisms provided by anchor include reliable entropy and resilient pseudo-random generators, and protocols for secure registration and association of SDN devices. We claim and justify in the paper that centralizing such mechanisms is key for their effectiveness, by allowing us to: define and enforce global policies for those properties; reduce the complexity of controllers and forwarding devices; ensure higher levels of robustness for critical services; foster interoperability of the non-functional property enforcement mechanisms; and promote the security and resilience of the architecture itself. We discuss design and implementation aspects, and we prove and evaluate our algorithms and mechanisms, including the formalisation of the main protocols and the verification of their core security properties using the Tamarin prover.Comment: 42 pages, 4 figures, 3 tables, 5 algorithms, 139 reference

IPsec Remote Access Virtual Private Networks

Tato diplomová práce se zabývá řešením zabezpečené komunikace mezi uživatelem a VPN bránou, umístěnou ve vzdálené síti. Na straně klienta je nainstalován VPN klient, který poskytuje zabezpečené spojení pomocí protokolu IPSec. V současnosti je vzdálený přístup hojně používán k připojení do firem a dalších instituci, a umožňuje například práci z domova. V diplomové práci budou jako VPN brány použita tří zařízení. Jedná se o zařízení Cisco ASA, směrovač Cisco řady 2800 a směrovač Huawei řady AR2200. Autentizace uživatelů je provedena pomocí certifikátů, které vydává certifikační autorita provozována na směrovači Cisco řady 2901.This thesis deals with the solution of secure communication between the user and the VPN gateway which is located on a remote network. On the client side is installed VPN client that provides secure connections using IPSec. At present, remote access is widely used to connect to companies and other institutions, and allows, for example, work from home. In this thesis will be used as a VPN gateway three devices. The devices are the Cisco ASA appliance, Cisco 2800 Series Router and Huawei AR2200 series router. User authentication is performed using certificates issued by a Certification Authority operated on a Cisco 2901 series router.440 - Katedra telekomunikační technikyvelmi dobř

Session Armor: Protection Against Session Hijacking using Per-Request Authentication

Modern life increasingly relies upon web applications to provide critical services and infrastructure. Activities of banking, shopping, socializing, entertainment, and even medical record keeping are now primarily conducted using the Internet as a medium and HTTP as a protocol. A critical requirement of these tools is the mechanism by which they authenticate users and prevent transaction replay. Despite more than 20 years of widespread deployment, the de-facto technique for accomplishing these goals is the use of a static session bearer token to authenticate all requests for the lifetime of a user session. In addition, the use of any method to prevent request replay is not in common practice. This thesis presents Session Armor, a protocol which builds upon existing techniques to provide cryptographically-strong per-request authentication with both time-based and optional absolute replay prevention. Session Armor is designed to perform well and to be easily deployed by web application developers. It acts as a layer on top of existing session tokens, so as not to require modification of application logic. In addition to Session Armor, two additional tools are presented, JackHammer, a cross-browser extension that allows developers to quickly discover session hijacking vulnerabilities in their web applications, and SessionJack, a tool for analyzing the security properties of session tokens found on the web. A formal specification of the Session Armor protocol is provided. An implementation of the protocol is included as a Python Django middleware and a Chrome browser extension. Performance data is provided with a comparison to previous methods. A formal validation of secrecy and correspondence properties is presented in the Dolev-Yao model.M.S., Computer Engineering -- Drexel University, 201