498 research outputs found
Design and evaluation of a virtual private network architecture for collaborating specialist users
The expansion of communication systems is the undeniable advantage of the most contemporary digital
technologies. However, when a specialist user such as an inventor or an idea owner communicates through a
communication system, their intellects are exposed to theft. Upon the analysis of the requirements of such users,
it became evident that in order to implement a global, reliable, yet secure system for specialist users, designing a
network architecture that provides centralized private connectivity is crucial. This paper proposes a network
architecture that provides centralized private connectivity and accommodates the requirements of the network
infrastructure of such a system. The proposed virtual private network (VPN) architecture is designed to provide a
trusted environment with centralized control and distributed networking, which is different from existing VPN
models. It is entitled as Inventor-Investor Network (IINet) and the name is derived from its significant benefits for
inventor and investor sets of users. The real experimental IINet prototype is implemented using OpenVPN. For
the purpose of evaluation, round trip time (RTT) is measured and reported as the performance metric based on the
different encryption ciphers and digest ciphers as the network metrics
Options for Securing RTP Sessions
The Real-time Transport Protocol (RTP) is used in a large number of
different application domains and environments. This heterogeneity
implies that different security mechanisms are needed to provide
services such as confidentiality, integrity, and source
authentication of RTP and RTP Control Protocol (RTCP) packets
suitable for the various environments. The range of solutions makes
it difficult for RTP-based application developers to pick the most
suitable mechanism. This document provides an overview of a number
of security solutions for RTP and gives guidance for developers on
how to choose the appropriate security mechanism
A High-Throughput Hardware Implementation of NAT Traversal For IPSEC VPN
In this paper, we present a high-throughput FPGA implementation of IPSec core. The core supports both NAT and non-NAT mode and can be used in high speed security gateway devices. Although IPSec ESP is very computing intensive for its cryptography process, our implementation shows that it can achieve high throughput and low lantency. The system is realized on the Zynq XC7Z045 from Xilinx and was verified and tested in practice. Results show that the design can gives a peak throughput of 5.721 Gbps for the IPSec ESP tunnel mode in NAT mode and 7.753 Gbps in non-NAT mode using one single AES encrypt core. We also compare the performance of the core when running in other mode of encryption
High-performance FPGA architecture for data streams processing on example of IPsec gateway
In modern digital world, there is a strong demand for efficient data streams processing methods. One of application areas is cybersecurity — IPsec is a suite of protocol that adds security to communications at the IP level. This paper presents principles of high-performance FPGA architecture for data streams processing on example of IPsec gateway implementation. Efficiency of the proposed solution allows to use it in networks with data rates of several Gbit/s
A Study of Key Management for Encrypted Storage in Storage Area Network
As secure storage becomes more pervasive throughout the enterprise, the focus quickly moves from implementing encrypting storage devices to establishing effective and secure key management policies. Without the proper key generation, distribution, storage, and recovery, valuable data will be eventually compromised [9]. Although a considerable amount of research has been dedicated to encryption algorithms in the past decades, key management becomes an issue due to the quantity of data. For example, with millions of data you will need million set of keys. To manage and keep track of these keys, complexity and operational inefficiency becomes an issue. How to manage keys becomes a challenging task. Adequate understanding of these new challenges is essential to effectively devise new key management policies and mechanisms to guard against them. We discuss many of these methods in this new context to fill this gap.Storage Security, Key Management, Storage Area Network
Security architecture for law enforcement agencies
In order to carry out their duty to serve and protect, law enforcement agencies
(LEAs) must deploy new tools and applications to keep up with the pace of evolving
technologies. However, police information and communication technology (ICT) systems
have stringent security requirements that may delay the deployment of these new applications,
since necessary security measures must be implemented first. This paper presents an integrated
security architecture for LEAs that is able to provide common security services to novel and
legacy ICT applications, while fulfilling the high security requirements of police forces. By
reusing the security services provided by this architecture, new systems do not have to
implement custom security mechanisms themselves, and can be easily integrated into existing
police ICT infrastructures. The proposed LEA security architecture features state-of-the-art
technologies, such as encrypted communications at network and application levels, or multifactor
authentication based on certificates stored in smart cards.Web of Science7517107321070
- …