Measurement of the LCG2 and glite file catalogue's performance

When the Large Hadron Collider (LHC) begins operation at CERN in 2007 it will produce data in volumes never before seen. Physicists around the world will manage, distribute and analyse petabytes of this data using the middleware provided by the LHC Computing Grid. One of the critical factors in the smooth running of this system is the performance of the file catalogues which allow users to access their files with a logical filename without knowing their physical location. This paper presents a detailed study comparing the performance and respective merits and shortcomings of two of the main catalogues: the LCG File Catalogue and the gLite FiReMan catalogue

Efficient HTTP based I/O on very large datasets for high performance computing with the libdavix library

Remote data access for data analysis in high performance computing is commonly done with specialized data access protocols and storage systems. These protocols are highly optimized for high throughput on very large datasets, multi-streams, high availability, low latency and efficient parallel I/O. The purpose of this paper is to describe how we have adapted a generic protocol, the Hyper Text Transport Protocol (HTTP) to make it a competitive alternative for high performance I/O and data analysis applications in a global computing grid: the Worldwide LHC Computing Grid. In this work, we first analyze the design differences between the HTTP protocol and the most common high performance I/O protocols, pointing out the main performance weaknesses of HTTP. Then, we describe in detail how we solved these issues. Our solutions have been implemented in a toolkit called davix, available through several recent Linux distributions. Finally, we describe the results of our benchmarks where we compare the performance of davix against a HPC specific protocol for a data analysis use case.Comment: Presented at: Very large Data Bases (VLDB) 2014, Hangzho

Evaluación del rendimiento de la arquitectura de seguridad INDECT

This paper evaluates the performance of the key elements of the security architecture developed by the INDECT project. In particular it first evaluates three different concurrent error detection mechanism (parity check, Berger code, and cyclic redundancy check) developed in software- and hardware-based implementations of the INDECT block cipher. It also analyses the performance hit in secure web servers when enabling TLS/SSL with mutual authentication. Finally, it evaluates the throughput and delay of traffic in the virtual private network based on the OpenVPN software package with the implemented INDECT block cipher. The results of these evaluations demonstrate that the proposed mechanisms, and by extension the whole INDECT security architecture, are viable and can be used in high-performance Police information and communication systems.Este artículo evalúa el rendimiento de los principales elementos de la arquitectura de seguridad desarrollada por el proyecto INDECT. En particular, en primer lugar evalúa tres mecanismos diferentes de detección concurrente de errores (comprobación de paridad, códigos Berger y verificación por redundancia cíclica) desarrollados en las implementaciones software y hardware del algoritmo de cifrado de bloque INDECT. También se analiza el impacto en el rendimiento de los servidores web seguros cuando se activa TLS/SSL con autenticación mutua. Por último, evalúa el rendimiento y el retardo del tráfico en una red privada virtual, basada en el software OpenVPN con el algoritmo de cifrado INDECT. Los resultados de estas evaluaciones demuestran que los mecanismos propuestos, y el algoritmo de cifrado INDECT, son viables y pueden usarse en sistemas de información y comunicaciones de alto rendimiento para la Policía

Security architecture for law enforcement agencies

In order to carry out their duty to serve and protect, law enforcement agencies (LEAs) must deploy new tools and applications to keep up with the pace of evolving technologies. However, police information and communication technology (ICT) systems have stringent security requirements that may delay the deployment of these new applications, since necessary security measures must be implemented first. This paper presents an integrated security architecture for LEAs that is able to provide common security services to novel and legacy ICT applications, while fulfilling the high security requirements of police forces. By reusing the security services provided by this architecture, new systems do not have to implement custom security mechanisms themselves, and can be easily integrated into existing police ICT infrastructures. The proposed LEA security architecture features state-of-the-art technologies, such as encrypted communications at network and application levels, or multifactor authentication based on certificates stored in smart cards.Web of Science7517107321070

Analysis of Token and Ticket Based Mechanisms for Current VoIP Security Issues and Enhancement Proposal

Interior vie

The Impact of TLS on SIP Server Performance

This report studies the performance impact of using TLS as a transport protocol for SIP servers. We evaluate the cost of TLS experimentally using a testbed with OpenSIPS, OpenSSL, and Linux running on an Intel-based server. We analyze TLS costs using application, library, and kernel profiling, and use the profiles to illustrate when and how different costs are incurred, such as bulk data encryption, public key encryption, private key decryption, and MAC-based verification. We show that using TLS can reduce performance by up to a factor of 20 compared to the typical case of SIP over UDP. The primary factor in determining performance is whether and how TLS connection establishment is performed, due to the heavy costs of RSA operations used for session negotiation. This depends both on how the SIP proxy is deployed (e.g., as an inbound or outbound proxy) and what TLS options are used (e.g., mutual authentication, session reuse). The cost of symmetric key operations such as AES or 3DES, in contrast, tends to be small. Network operators deploying SIP over TLS should attempt to maximize the persistence of secure connections, and will need to assess the server resources required. To aid them, we provide a measurement-driven cost model for use in provisioning SIP servers using TLS. Our cost model predicts performance within 15 percent on average