Mobile IP: state of the art report

Due to roaming, a mobile device may change its network attachment each time it moves to a new link. This might cause a disruption for the Internet data packets that have to reach the mobile node. Mobile IP is a protocol, developed by the Mobile IP Internet Engineering Task Force (IETF) working group, that is able to inform the network about this change in network attachment such that the Internet data packets will be delivered in a seamless way to the new point of attachment. This document presents current developments and research activities in the Mobile IP area

A Survey on Communication Networks for Electric System Automation

Published in Computer Networks 50 (2006) 877–897, an Elsevier journal. The definitive version of this publication is available from Science Direct. Digital Object Identifier:10.1016/j.comnet.2006.01.005In today’s competitive electric utility marketplace, reliable and real-time information become the key factor for reliable delivery of power to the end-users, profitability of the electric utility and customer satisfaction. The operational and commercial demands of electric utilities require a high-performance data communication network that supports both existing functionalities and future operational requirements. In this respect, since such a communication network constitutes the core of the electric system automation applications, the design of a cost-effective and reliable network architecture is crucial. In this paper, the opportunities and challenges of a hybrid network architecture are discussed for electric system automation. More specifically, Internet based Virtual Private Networks, power line communications, satellite communications and wireless communications (wireless sensor networks, WiMAX and wireless mesh networks) are described in detail. The motivation of this paper is to provide a better understanding of the hybrid network architecture that can provide heterogeneous electric system automation application requirements. In this regard, our aim is to present a structured framework for electric utilities who plan to utilize new communication technologies for automation and hence, to make the decision making process more effective and direct.This work was supported by NEETRAC under Project #04-157

Multilayer Security Mechanism in Computer Networks

In multilayered security infrastructure, the layers are projected in a way that vulnerability of one layer could not compromise the other layers and thus the whole system is not vulnerable. This paper evaluates security mechanism on application, transport and network layers of ISO/OSI reference model and gives examples of today's most popular security protocols applied in each of mentioned layers. A secure computer network systems is recommended that consists of combined security mechanisms on three different ISO/OSI reference model layers : application layer security based on strong user authentication, digital signature, confidentiality protection, digital certificates and hardware tokens, transport layer security based on establishment of a cryptographic tunnel between network nodes and strong node authentication procedure and network IP layer security providing bulk security mechanisms on network level between network nodes. Strong authentication procedures used for user based on digital certificates and PKI systems are especially emphasized.  Keywords: Multilayered Security Systems, PKI systems, Smart Cards

Multilayer Security Mechanism in Computer Networks

In multilayered security infrastructure, the layers are projected in a way that vulnerability of one layer could not compromise the other layers and thus the whole system is not vulnerable. This paper evaluates security mechanism on application, transport and network layers of ISO/OSI reference model and gives examples of today's most popular security protocols applied in each of mentioned layers. A secure computer network systems is recommended that consists of combined security mechanisms on three different ISO/OSI reference model layers : application layer security based on strong user authentication, digital signature, confidentiality protection, digital certificates and hardware tokens, transport layer security based on establishment of a cryptographic tunnel between network nodes and strong node authentication procedure and network IP layer security providing bulk security mechanisms on network level between network nodes. Strong authentication procedures used for user based on digital certificates and PKI systems are especially emphasized. Keywords: Multilayered Security Systems, PKI systems, Smart Cards

An Overview of Cryptography (Updated Version, 3 March 2016)

There are many aspects to security and many applications, ranging from secure commerce and payments to private communications and protecting passwords. One essential aspect for secure communications is that of cryptography...While cryptography is necessary for secure communications, it is not by itself sufficient. This paper describes the first of many steps necessary for better security in any number of situations. A much shorter, edited version of this paper appears in the 1999 edition of Handbook on Local Area Networks published by Auerbach in September 1998

The Dark Side(-Channel) of Mobile Devices: A Survey on Network Traffic Analysis

In recent years, mobile devices (e.g., smartphones and tablets) have met an increasing commercial success and have become a fundamental element of the everyday life for billions of people all around the world. Mobile devices are used not only for traditional communication activities (e.g., voice calls and messages) but also for more advanced tasks made possible by an enormous amount of multi-purpose applications (e.g., finance, gaming, and shopping). As a result, those devices generate a significant network traffic (a consistent part of the overall Internet traffic). For this reason, the research community has been investigating security and privacy issues that are related to the network traffic generated by mobile devices, which could be analyzed to obtain information useful for a variety of goals (ranging from device security and network optimization, to fine-grained user profiling). In this paper, we review the works that contributed to the state of the art of network traffic analysis targeting mobile devices. In particular, we present a systematic classification of the works in the literature according to three criteria: (i) the goal of the analysis; (ii) the point where the network traffic is captured; and (iii) the targeted mobile platforms. In this survey, we consider points of capturing such as Wi-Fi Access Points, software simulation, and inside real mobile devices or emulators. For the surveyed works, we review and compare analysis techniques, validation methods, and achieved results. We also discuss possible countermeasures, challenges and possible directions for future research on mobile traffic analysis and other emerging domains (e.g., Internet of Things). We believe our survey will be a reference work for researchers and practitioners in this research field.Comment: 55 page

Verkon migraatio IPv6-verkoksi

Insinöörityön tarkoituksena oli kuvitteellisen keskikokoisen suomalaisen liikunta-aiheisia verkkopalveluja tarjoavan yrityksen verkon migraatio IPv6-verkoksi. Lisäksi työssä perehdyttiin IPv6-migraation tietoturvaan. Insinöörityön tavoitteena oli löytää juuri tälle esimerkkiyritykselle sopivat IPv6-migraatiotekniikat ja toteuttaa ne soveltuvilta osin migraatiotekniikoiden teorioita tukemaan. Tavoitteena oli tuottaa käytännön osaamista oikeiden IPv6-migraatiotekniikoiden ja osoitteiden valinnassa sekä osoittaa käytännössä, kuinka yritys voi päivittää verkkonsa katkottomasti IPv6-yhteensopivaksi. Työssä käytettiin kahta IPv6-migraatiotekniikkaa: kaksoispinotekniikkaa sisäverkon migraatioon ja IPv4-upotettua IPv6-osoitetekniikkaa yrityksen ulkoverkon migraatioon. Kaksoispinotekniikkaan sisäverkon osalta päädyttiin lähinnä tekniikan pitkäikäisyyden vuoksi: IPv4-protokollaa tullaan käyttämään vielä pitkään ja kaksoispinototeutuksella ei tarvitse verkkoylläpidossa huolehtia mahdollisista siirtymistä jompaan kumpaan protokollaan, kun konfiguraatio kumpaakin protokollaa varten on kerran toteutettu. IPv4-upotetun IPv6-osoitetekniikan merkittävimpänä etuna on helppous: yritys voi taval-laan muuntaa tällä tekniikalla olemassa olevat julkiset IPv4-osoitteensa IPv6-osoitteiksi. Työ koostui kokonaisverkkotopologian suunnittelusta, määrittelystä ja toteutusvaiheesta, johon sisältyi paljon verkkolaitteiden konfiguraatioiden toteutusta kahdella eri protokollalla ja lisäksi näiden konfiguraatioiden testaamista. Insinöörityön tuloksena syntyi teoriatutkimuksen ja suunnittelun lisäksi käytännön toteutustyö, jossa suunniteltiin IPv4-verkko keskikokoisen yrityksen tarpeisiin ja määriteltiin tämä verkko toimimaan myös IPv6-verkkona ja IPv6-osoitteilla.The topic of this thesis is migration of the IPv6 network for an imaginary middle size Finnish company. In addition, this thesis deals with IPv6 migration data security. The objectives of the study were to find the most suitable IPv6 migration techniques for the company and to implement real migration in a laboratory environment to support the theories presented in this thesis. One of the most important objectives was to increase understanding of real IPv6 migration techniques and selection of suitable IPv6 addresses and to demonstrate how this type of a company can upgrade its network device configurations seamlessly to make them IPv6 compatible. In this study two migration techniques were used: the dual stack technique for private network migration and the IPv4 embedded IPv6 address technique with the well-known prefix for the public addresses and external network migration. The dual stack technique was chosen mostly because of its long lifecycle. The IPv4 protocol will still be used for long a time and with the dual stack technique the company does not need to worry about whether its network is capable of communicating with other networks no matter what protocols they use. This study included theoretical studies and practical laboratory work. Network design was put into reality by implementing the configurations for laboratory network devices according to the topology. The migration study could be further developed by researching IPv6 migration techniques in more detail and testing, comparing and rating them. Also further and more deep re-search regarding the security of the migration techniques would be useful if this study was to be continued

IPv6 Applicability in SCADA System Network

     The trend today is to build a secure fault tolerant Internet/Intranet connected distributed SCADA system networks using open and standard software/hardware. This paper made use of advances in Ethernet such as Fast/Gigabit Ethernet, micro-segmentation and full-duplex operation using switches, IPv6 enhanced features and TCP/IP to fulfill the real-time requirements for SCADA system network. OPNET Modeler simulator is used for modeling and simulating the network. The various measured delays showed that IPv6 introduction in such network introduces very small (negligible) delay and shows better performance on applying Quality of Service relative to IPv4. Also it is found that delays increase with increased transported packet size