Design and evaluation of a virtual private network architecture for collaborating specialist users

The expansion of communication systems is the undeniable advantage of the most contemporary digital technologies. However, when a specialist user such as an inventor or an idea owner communicates through a communication system, their intellects are exposed to theft. Upon the analysis of the requirements of such users, it became evident that in order to implement a global, reliable, yet secure system for specialist users, designing a network architecture that provides centralized private connectivity is crucial. This paper proposes a network architecture that provides centralized private connectivity and accommodates the requirements of the network infrastructure of such a system. The proposed virtual private network (VPN) architecture is designed to provide a trusted environment with centralized control and distributed networking, which is different from existing VPN models. It is entitled as Inventor-Investor Network (IINet) and the name is derived from its significant benefits for inventor and investor sets of users. The real experimental IINet prototype is implemented using OpenVPN. For the purpose of evaluation, round trip time (RTT) is measured and reported as the performance metric based on the different encryption ciphers and digest ciphers as the network metrics

Options for Securing RTP Sessions

The Real-time Transport Protocol (RTP) is used in a large number of different application domains and environments. This heterogeneity implies that different security mechanisms are needed to provide services such as confidentiality, integrity, and source authentication of RTP and RTP Control Protocol (RTCP) packets suitable for the various environments. The range of solutions makes it difficult for RTP-based application developers to pick the most suitable mechanism. This document provides an overview of a number of security solutions for RTP and gives guidance for developers on how to choose the appropriate security mechanism

A High-Throughput Hardware Implementation of NAT Traversal For IPSEC VPN

In this paper, we present a high-throughput FPGA implementation of IPSec core. The core supports both NAT and non-NAT mode and can be used in high speed security gateway devices. Although IPSec ESP is very computing intensive for its cryptography process, our implementation shows that it can achieve high throughput and low lantency. The system is realized on the Zynq XC7Z045 from Xilinx and was verified and tested in practice. Results show that the design can gives a peak throughput of 5.721 Gbps for the IPSec ESP tunnel mode in NAT mode and 7.753 Gbps in non-NAT mode using one single AES encrypt core. We also compare the performance of the core when running in other mode of encryption

High-performance FPGA architecture for data streams processing on example of IPsec gateway

In modern digital world, there is a strong demand for efficient data streams processing methods. One of application areas is cybersecurity — IPsec is a suite of protocol that adds security to communications at the IP level. This paper presents principles of high-performance FPGA architecture for data streams processing on example of IPsec gateway implementation. Efficiency of the proposed solution allows to use it in networks with data rates of several Gbit/s

A Study of Key Management for Encrypted Storage in Storage Area Network

As secure storage becomes more pervasive throughout the enterprise, the focus quickly moves from implementing encrypting storage devices to establishing effective and secure key management policies. Without the proper key generation, distribution, storage, and recovery, valuable data will be eventually compromised [9]. Although a considerable amount of research has been dedicated to encryption algorithms in the past decades, key management becomes an issue due to the quantity of data. For example, with millions of data you will need million set of keys. To manage and keep track of these keys, complexity and operational inefficiency becomes an issue. How to manage keys becomes a challenging task. Adequate understanding of these new challenges is essential to effectively devise new key management policies and mechanisms to guard against them. We discuss many of these methods in this new context to fill this gap.Storage Security, Key Management, Storage Area Network

Security architecture for law enforcement agencies

In order to carry out their duty to serve and protect, law enforcement agencies (LEAs) must deploy new tools and applications to keep up with the pace of evolving technologies. However, police information and communication technology (ICT) systems have stringent security requirements that may delay the deployment of these new applications, since necessary security measures must be implemented first. This paper presents an integrated security architecture for LEAs that is able to provide common security services to novel and legacy ICT applications, while fulfilling the high security requirements of police forces. By reusing the security services provided by this architecture, new systems do not have to implement custom security mechanisms themselves, and can be easily integrated into existing police ICT infrastructures. The proposed LEA security architecture features state-of-the-art technologies, such as encrypted communications at network and application levels, or multifactor authentication based on certificates stored in smart cards.Web of Science7517107321070