6,683 research outputs found
A security analysis of version 2 of the Network Time Protocol (NTP): A report to the privacy and security research group
The Network Time Protocol is being used throughout the Internet to provide an accurate time service. The security requirements are examined of such a service, version 2 of the NTP protocol is analyzed to determine how well it meets these requirements, and improvements are suggested where appropriate
The security of NTP's datagram protocol
For decades, the Network Time Protocol (NTP) has been
used to synchronize computer clocks over untrusted network paths. This
work takes a new look at the security of NTPâs datagram protocol. We
argue that NTPâs datagram protocol in RFC5905 is both underspecified
and flawed. The NTP specifications do not sufficiently respect (1) the
conflicting security requirements of different NTP modes, and (2) the
mechanism NTP uses to prevent off-path attacks. A further problem
is that (3) NTPâs control-query interface reveals sensitive information
that can be exploited in off-path attacks. We exploit these problems
in several attacks that remote attackers can use to maliciously alter a
targetâs time. We use network scans to find millions of IPs that are
vulnerable to our attacks. Finally, we move beyond identifying attacks
by developing a cryptographic model and using it to prove the security
of a new backwards-compatible client/server protocol for NTP.https://eprint.iacr.org/2016/1006.pdfhttps://eprint.iacr.org/2016/1006.pdfPublished versio
Distributed Protocols at the Rescue for Trustworthy Online Voting
While online services emerge in all areas of life, the voting procedure in
many democracies remains paper-based as the security of current online voting
technology is highly disputed. We address the issue of trustworthy online
voting protocols and recall therefore their security concepts with its trust
assumptions. Inspired by the Bitcoin protocol, the prospects of distributed
online voting protocols are analysed. No trusted authority is assumed to ensure
ballot secrecy. Further, the integrity of the voting is enforced by all voters
themselves and without a weakest link, the protocol becomes more robust. We
introduce a taxonomy of notions of distribution in online voting protocols that
we apply on selected online voting protocols. Accordingly, blockchain-based
protocols seem to be promising for online voting due to their similarity with
paper-based protocols
Service discovery at home
Service discovery is a fairly new field that kicked off since the advent of ubiquitous computing and has been found essential in the making of intelligent networks by implementing automated discovery and remote control between devices. This paper provides an overview and comparison of several prominent service discovery mechanisms currently available. It also introduces the at home anywhere service discovery protocol (SDP@HA) design which improves on the current state of the art by accommodating resource lean devices, implementing a dynamic leader election for a central cataloguing device and embedding robustness to the service discovery architecture as an important criterion
Performance Analysis of Publish/Subscribe Systems
The Desktop Grid offers solutions to overcome several challenges and to
answer increasingly needs of scientific computing. Its technology consists
mainly in exploiting resources, geographically dispersed, to treat complex
applications needing big power of calculation and/or important storage
capacity. However, as resources number increases, the need for scalability,
self-organisation, dynamic reconfigurations, decentralisation and performance
becomes more and more essential. Since such properties are exhibited by P2P
systems, the convergence of grid computing and P2P computing seems natural. In
this context, this paper evaluates the scalability and performance of P2P tools
for discovering and registering services. Three protocols are used for this
purpose: Bonjour, Avahi and Free-Pastry. We have studied the behaviour of
theses protocols related to two criteria: the elapsed time for registrations
services and the needed time to discover new services. Our aim is to analyse
these results in order to choose the best protocol we can use in order to
create a decentralised middleware for desktop grid
Design of a Hybrid Modular Switch
Network Function Virtualization (NFV) shed new light for the design,
deployment, and management of cloud networks. Many network functions such as
firewalls, load balancers, and intrusion detection systems can be virtualized
by servers. However, network operators often have to sacrifice programmability
in order to achieve high throughput, especially at networks' edge where complex
network functions are required.
Here, we design, implement, and evaluate Hybrid Modular Switch (HyMoS). The
hybrid hardware/software switch is designed to meet requirements for modern-day
NFV applications in providing high-throughput, with a high degree of
programmability. HyMoS utilizes P4-compatible Network Interface Cards (NICs),
PCI Express interface and CPU to act as line cards, switch fabric, and fabric
controller respectively. In our implementation of HyMos, PCI Express interface
is turned into a non-blocking switch fabric with a throughput of hundreds of
Gigabits per second.
Compared to existing NFV infrastructure, HyMoS offers modularity in hardware
and software as well as a higher degree of programmability by supporting a
superset of P4 language
- âŠ