1,198 research outputs found

    Mobile IP: state of the art report

    Get PDF
    Due to roaming, a mobile device may change its network attachment each time it moves to a new link. This might cause a disruption for the Internet data packets that have to reach the mobile node. Mobile IP is a protocol, developed by the Mobile IP Internet Engineering Task Force (IETF) working group, that is able to inform the network about this change in network attachment such that the Internet data packets will be delivered in a seamless way to the new point of attachment. This document presents current developments and research activities in the Mobile IP area

    IPv6 Network Mobility

    Get PDF
    Network Authentication, Authorization, and Accounting has been used since before the days of the Internet as we know it today. Authentication asks the question, “Who or what are you?” Authorization asks, “What are you allowed to do?” And fi nally, accounting wants to know, “What did you do?” These fundamental security building blocks are being used in expanded ways today. The fi rst part of this two-part series focused on the overall concepts of AAA, the elements involved in AAA communications, and highlevel approaches to achieving specifi c AAA goals. It was published in IPJ Volume 10, No. 1[0]. This second part of the series discusses the protocols involved, specifi c applications of AAA, and considerations for the future of AAA

    Packet tagging system for enhanced traffic profiling

    Get PDF
    This paper describes the design and implementation of a system for managing the tagging of traffic, in order to create detailed personal and applicational profiles. The ultimate goal of this separation is to facilitate the task of traffic auditing tools, namely in their struggle against botnets. The architecture was designed for domestic or enterprise facilities and uses the 802. IX authentication architecture as the base support infrastructure for dealing with unequivocal traffic binding to specific entities (persons or servers). Simultaneously, such binding uses virtual identities and encryption for preserving the privacy and protection of traffic originators from network eavesdroppers other than authorized traffic auditors. The traffic from each known originator is profiled with some detail, namely it includes a role tag and an application tag. Role tags are defined by originators and only partially follow a standard policy. On the contrary, application tags should follow a standard policy in order to reason about abnormal scenarios raised when correlating traffic from several instances of the same application. A first prototype was developed for Linux, using iptables and FreeRADIUS and conveying packet tagging information on a new IP option field

    Reducing the integration tax of cross-organizational identity-based services with identity federation platforms.

    Full text link
    The Internet has become an incomparable communication channel to reach old and new customers and to offer innovative services. Due to the increasing interest in Internet-based services, enterprises are trying to make the best use of the advantages provided by an online presence. Moreover, they collaborate in order to provide crossorganizational identity-based services, giving an added value to their traditional services. This poses new challenges regarding identity management between domains. An option to overcome them is to integrate an identity-federation platform with that type of services, but it is a very complex task. In this paper we propose to extend the capabilities of an Open Source application server in order to make it compatible with an identity-federation platform as a basis to support cross-organizational identity-based services, reducing dramatically the integration tax

    A Novel Design and Implementation of Dos-Resistant Authentication and Seamless Handoff Scheme for Enterprise WLANs

    Get PDF
    With the advance of wireless access technologies, the IEEE 802.11 wireless local area network (WLAN) has gained significant increase in popularity and deployment due to the substantially improved transmission rate and decreased deployment costs. However, this same widespread deployment makes WLANs an attractive target for network attacks. Several vulnerabilities have been identified and reported regarding the security of the current 802.11 standards. To address those security weaknesses, IEEE standard committees proposed the 802.11i amendment to enhance WLAN security. The 802.11i standard has demonstrated the capability of providing satisfactory mutual authentication, better data confidentiality, and key management support, however, the design of 802.11i does not consider network availability. Thus 802.11i is highly susceptible to malicious denial-of-service (DoS) attacks, which exploit the vulnerability of unprotected management frames. This paper proposes, tests and evaluates a combination of three novel methods by which the exploitation of 802.11i by DoS attacks can be improved. These three methods include an access point nonce dialogue scheme, a fast access point transition protocol handoff scheme and a location management based selective scanning scheme. This combination is of particular value to real-time users running time-dependant applications such as VoIP. In order to acquire practical data to evaluate the proposed schemes, a prototype network has been implemented as an experimental testbed using open source tools and drivers. This testbed allows practical data to be collected and analysed. The result demonstrates that not only the proposed authentication scheme eradicates most of the DoS vulnerabilities, but also substantially improved the handoff performance to a level suitable for supporting real-time services

    Network Access Control: Disruptive Technology?

    Get PDF
    Network Access Control (NAC) implements policy-based access control to the trusted network. It regulates entry to the network by the use of health verifiers and policy control points to mitigate the introduction of malicious software. However the current versions of NAC may not be the universal remedy to endpoint security that many vendors tout. Many organizations that are evaluating the technology, but that have not yet deployed a solution, believe that NAC presents an opportunity for severe disruption of their networks. A cursory examination of the technologies used and how they are deployed in the network appears to support this argument. The addition of NAC components can make the network architecture even more complex and subject to failure. However, one recent survey of organizations that have deployed a NAC solution indicates that the \u27common wisdom\u27 about NAC may not be correct

    Mobile IP: state of the art report

    Get PDF

    Key Agreement

    Get PDF
    WPA and WPA2 (Wi-Fi Protected Access) is a certification program developed by the Wi-Fi Alliance to indicate compliance with the security protocol created by the WiFi alliance to secure wireless networks. The alliance defined the protocol in response to several weaknesses researchers had found in the previous Wired Equivalent Privacy (WEP) system. Many sophisticated authentication and encryption techniques have been embedded into WPA but it is still facing a lot of challenging situations. In this paper we discuss the vulnerabilit
    • …
    corecore