265 research outputs found
Options for Securing RTP Sessions
The Real-time Transport Protocol (RTP) is used in a large number of
different application domains and environments. This heterogeneity
implies that different security mechanisms are needed to provide
services such as confidentiality, integrity, and source
authentication of RTP and RTP Control Protocol (RTCP) packets
suitable for the various environments. The range of solutions makes
it difficult for RTP-based application developers to pick the most
suitable mechanism. This document provides an overview of a number
of security solutions for RTP and gives guidance for developers on
how to choose the appropriate security mechanism
Options for Securing RTP Sessions
The Real-time Transport Protocol (RTP) is used in a large number of
different application domains and environments. This heterogeneity
implies that different security mechanisms are needed to provide
services such as confidentiality, integrity, and source
authentication of RTP and RTP Control Protocol (RTCP) packets
suitable for the various environments. The range of solutions makes
it difficult for RTP-based application developers to pick the most
suitable mechanism. This document provides an overview of a number
of security solutions for RTP and gives guidance for developers on
how to choose the appropriate security mechanism
Towards a Secure Smart Grid Storage Communications Gateway
This research in progress paper describes the role of cyber security measures
undertaken in an ICT system for integrating electric storage technologies into
the grid. To do so, it defines security requirements for a communications
gateway and gives detailed information and hands-on configuration advice on
node and communication line security, data storage, coping with backend M2M
communications protocols and examines privacy issues. The presented research
paves the road for developing secure smart energy communications devices that
allow enhancing energy efficiency. The described measures are implemented in an
actual gateway device within the HORIZON 2020 project STORY, which aims at
developing new ways to use storage and demonstrating these on six different
demonstration sites.Comment: 6 pages, 2 figure
Flowrider: Fast On-Demand Key Provisioning for Cloud Networks
Increasingly fine-grained cloud billing creates incentives to review the software execution footprint in virtual environments. For example, virtual execution environments move towards lower overhead: from virtual machines to containers, unikernels, and serverless cloud computing. However, the execution footprint of security components in virtualized environments has either remained the same or even increased. We present Flowrider, a novel key provisioning mechanism for cloud networks that unlocks scalable use of symmetric keys and significantly reduces the related computational load on network endpoints. We describe the application of Flowrider to common transport security protocols, the results of its formal verification, and its prototype implementation. Our evaluation shows that Florwider uses up to an order of magnitude less CPU to establish a TLS session while preventing by construction some known attacks
Low-Power IoT Communication Security: On the Performance of DTLS and TLS 1.3
International audienceSimilarly to elsewhere on the Internet, practical security in the Internet of Things (IoT) is achieved by combining an array of mechanisms, at work at all layers of the protocol stack, in system software, and in hardware. Standard protocols such as Datagram Transport Layer Security (DTLS 1.2) and Transport Layer Security (TLS 1.2) are often recommended to secure communications to/from IoT devices. Recently, the TLS 1.3 standard was released and DTLS 1.3 is in the final stages of standardization. In this paper, we give an overview of version 1.3 of these protocols, and we provide the first experimental comparative performance analysis of different implementations and various configurations of these protocols, on real IoT devices based on low-power microcontrollers. We show how different implementations lead to different compromises. We measure and compare bytes-over-the-air, memory footprint, and energy consumption. We show that, when DTLS/TLS 1.3 requires more resources than DTLS/TLS 1.2, this additional overhead is quite reasonable. We also observe that, in some configurations, DTLS/TLS 1.3 actually decreases overhead and resource consumption. All in all, our study indicates that there is still room to optimize the existing implementations of these protocols
Patterns in network security: an analysis of architectural complexity in securing recursive inter-network architecture networks
Recursive Inter-Network Architecture (RINA) networks have a shorter protocol stack
than the current architecture (the Internet) and rely instead upon separation of mech-
anism from policy and recursive deployment to achieve large scale networks. Due
to this smaller protocol stack, fewer networking mechanisms, security or otherwise,
should be needed to secure RINA networks. This thesis examines the security proto-
cols included in the Internet Protocol Suite that are commonly deployed on existing
networks and shows that because of the design principles of the current architecture,
these protocols are forced to include many redundant non-security mechanisms and
that as a consequence, RINA networks can deliver the same security services with
substantially less complexity
- …