IP-KRYPTO cipher machine for military use, Journal of Telecommunications and Information Technology, 2004, nr 4

Polish military IP networks can be effectively and cheaply secured by IP-KRYPTO cipher machines which are developed in the Military Communication Institute. The cooperation with Polish manufacturers - Optimus and ABA Kraków and the usage of COTS elements and ideas speed up the research and development works. The IP-KRYPTO cipher machine will be used for securing the “SECRET” data so it must be certified to fulfill E3 ITSEC evaluation criteria. This requirement generates additional challenges in the development process when the COTS elements are to be implemented

Integración segura de MANETs con limitaciones de energía a redes de infraestructura

La seguridad y el consumo de energía son factores importantes para el éxito de la integración de MANETs a redes de infraestructura. La “seguridad”, porque las MANETs utilizan un medio compartido (aire) para transmitir los datos y se encuentran expuestas a posibles “ataques” y/o accesos no autorizados, y el consumo de energía porque algunos o todos los dispositivos móviles de la MANET son alimentados por baterías con energía limitada y por ello se hace necesario optimizar la conservación de energía. En este trabajo realizamos el estudio de un caso de integración de una MANET a una red de infraestructura buscando un equilibrio entre seguridad y consumo de energía. Los resultados de las mediciones nos permiten determinar el consumo adicional de energía generado por el uso de protocolos seguros.Presentado en el VI Workshop Arquitectura, Redes y Sistemas Operativos (WARSO)Red de Universidades con Carreras en Informática (RedUNCI

Advanced Compression and Latency Reduction Techniques Over Data Networks

Applications and services operating over Internet protocol (IP) networks often suffer from high latency and packet loss rates. These problems are attributed to data congestion resulting from the lack of network resources available to support the demand. The usage of IP networks is not only increasing, but very dynamic as well. In order to alleviate the above-mentioned problems and to maintain a reasonable Quality of Service (QoS) for the end users, two novel adaptive compression techniques are proposed to reduce packets’ payload size. The proposed schemes exploit lossless compression algorithms to perform the compression process on the packets’ payloads and thus decrease the overall net- work congestion. The first adaptive compression scheme utilizes two key network performance indicators as design metrics. These metrics include the varying round-trip time (RTT) and the number of dropped packets. The second compression scheme uses other network information such as the incoming packet rate, intermediate nodes processing rate, average packet waiting time within a queue of an intermediate node, and time required to perform the compression process. The performances of the proposed algorithms are evaluated through Network Simulator 3 (NS3). The simulation results show an improvement in network conditions, such as the number of dropped packets, network latency, and throughput

A Technical Comparison of IPSec and SSL

IPSec (IP Security) and SSL (Secure Socket Layer) have been the most robust and most potential tools available for securing communications over the Internet. Both IPSec and SSL have advantages and shortcomings. Yet no paper has been found comparing the two protocols in terms of characteristic and functionality. Our objective is to present an analysis of security and performance properties for IPSec and SSL

The main stages of development of the cryptographic protocols SSL/TLS and IPsec

Рассматриваются основные этапы развития криптографических протоколов от SSL 2.0 (Secure Socket Layer) до TLS 1.3 (Transport Layer Security), обеспечивающих защиту данных транспортного уровня модели OSI. Приводится краткое описание модификации протокола RuTLS, построенного на базе TLS 1.3, и их основные отличия. Развитие IPsec, предоставляющего криптографическую защиту коммуникаций на сетевом уровне модели OSI, рассмотрено на примерах развития трёх наиболее часто применяемых протоколов, на основе которых он строится. В их число входят IKE (Internet Key Exchange), AH (Authentication Header), ESP (Encapsulation Security Payload)

Automatisierte Wahl von Kommunikationsprotokollen für das heutige und zukünftige Internet

Das erfolgreiche Internet basiert auf einer großen Anzahl unterschiedlicher Kommunikationsprotokolle. Diese erfüllen wesentliche Aufgaben, wie Adressierung, Datentransport oder sichere Kommunikation. Wählt man die richtigen Protokolle aus, so können gewünschte Eigenschaften der Kommunikation erreicht werden. Die vorliegende Arbeit betrachtet die automatisierte Wahl von Kommunikationsprotokollen und die damit erreichbare Verbesserung von zum Beispiel Sicherheit

Securing military decision making in a network-centric environment

The development of the society and warfare goes hand in hand. With the proliferation of modern information technology, in particular communication technology, concepts such as information warfare and network-centric warfare have emerged. Information has become one of the core elements in military decision making, where the purpose is to gain information superiority with respect to the enemy while denying the enemy from doing the same. Network-centricity comes from the fact that communication networks are used to enable information warfare in the theatre of operations. Thus, the role of the communication network is to support decision making. In this thesis, military decision making in a network-centric environment is analyzed from the perspective of information warfare. Based on the analysis, a set of security requirements are identified. The thesis also proposes a set of solutions and concepts to the vulnerabilities found and analyzes the solutions with respect to the requirements and a set of use scenarios. The main solutions are Packet Level Authentication, which secures the military infrastructure, and Self-healing Networks, which enable the network to restructure itself after a large-scale or dedicated attack. The restructuring process relies on a Context Aware Management architecture, which has originally been developed to allow network nodes to rapidly react to a changing environment. Furthermore, the thesis presents a trust management model based on incomplete trust to cope with compromised nodes. Also privacy issues are discussed; several different privacy classes are identified and the problems with each of them are addressed.reviewe