Extension of IPSec for Port Control

インターネットは現代社会において欠くことのできない存在となっている。最近では、外出先などからインターネットを使って安全に社内へアクセスしたり、特定のビジネスパートナーに対して安全に情報提供したりするニーズが高まっている。このようなニーズに対して専用線を用いる方法があるが、コストが高いという問題があった。インターネットを利用した場合にはコストの削減が可能であるが、データの盗聴・改ざんの危険が存在する。この両方の問題を改善するものとしてVPN (Virtual Private Network)が考えられた。VPNに使われる技術の１つにIPsecがある。本論文では、このIPsecについて、アプリケーションごとに制御できるように機能の追加を行う。修士論

Performance Implications of IPSec Deployment

Virtual Private Networks (VPNs) use the Internet or other data network service as a backbone to provide a secure connection across a potentially hostile WAN. Such security guarantees provide the motivation for VPN deployment. This security does, however, come at a performance cost brought about by the increased processing overhead. This paper presents an investigation into these overheads. In particular, this investigation will consider different user resource availability in addition to router type and encryption algorithms

An Analysis of IPsec Deployment Performance in High and Low Power Devices

Virtual Private Networks (VPNs) use the Internet or other network service as a backbone to provide a secure connection across a potentially hostile WAN. Such security guarantees provide the motivation for VPN deployment. This security does, however, come at a performance cost brought about by the increased processing overhead. This paper presents an investigation into these overheads. In particular, this investigation will consider different user resource availability based on the client platform in addition to router type and encryp- tion algorithms

A Cryptographic Tour of the IPsec Standards

In this article, we provide an overview of cryptography and cryptographic key management as they are specified in IPsec, a popular suite of standards for providing communications security and network access control for Internet communications. We focus on the latest generation of the IPsec standards, recently published as Request for Comments 4301–4309 by the Internet Engineering Task Force, and how they have evolved from earlier versions of the standards

SECURITY AND PRIVACY ISSUES IN MOBILE NETWORKS, DIFFICULTIES AND SOLUTIONS

Mobile communication is playing a vital role in the daily life for the last two decades; in turn its fields gained the research attention, which led to the introduction of new technologies, services and applications. These new added facilities aimed to ease the connectivity and reachability; on the other hand, many security and privacy concerns were not taken into consideration. This opened the door for the malicious activities to threaten the deployed systems and caused vulnerabilities for users, translated in the loss of valuable data and major privacy invasions. Recently, many attempts have been carried out to handle these concerns, such as improving systems’ security and implementing different privacy enhancing mechanisms. This research addresses these problems and provides a mean to preserve privacy in particular. In this research, a detailed description and analysis of the current security and privacy situation in the deployed systems is given. As a result, the existing shortages within these systems are pointed out, to be mitigated in development. Finally a privacy preserving prototype model is proposed. This research has been conducted as an extensive literature review about the most relevant references and researches in the field, using the descriptive and evaluative research methodologies. The main security models, parameters, modules and protocols are presented, also a detailed description of privacy and its related arguments, dimensions and factors is given. The findings include that mobile networks’ security along with users are vulnerable due to the weaknesses of the key exchange procedures, the difficulties that face possession, repudiation, standardization, compatibility drawbacks and lack of configurability. It also includes the need to implement new mechanisms to protect security and preserve privacy, which include public key cryptography, HIP servers, IPSec, TLS, NAT and DTLS-SRTP. Last but not least, it shows that privacy is not absolute and it has many conflicts, also privacy requires sophisticated systems, which increase the load and cost of the system.fi=Opinnäytetyö kokotekstinä PDF-muodossa.|en=Thesis fulltext in PDF format.|sv=Lärdomsprov tillgängligt som fulltext i PDF-format

Security performance and protocol consideration in optical communication system with optical layer security enabled by optical coding techniques

With the fast development of communication systems, network security issues have more and more impact on daily life. It is essential to construct a high degree of optical layer security to resolve the security problem once and for all. Three different techniques which can provide optical layer security are introduced and compared. Optical chaos can be used for fast random number generation. Quantum cryptography is the most promising technique for key distribution. And the optical coding techniques can be deployed to encrypt the modulated signal in the optical layer. A mathematical equation has been derived from information theory to evaluate the information-theoretic security level of the wiretap channel in optical coding schemes. And the merits and limitation of two coherent optical coding schemes, temporal phase coding and spectral phase coding, have been analysed. The security scheme based on a reconfigurable optical coding device has been introduced, and the corresponding security protocol has been developed. By moving the encryption operation from the electronic layer to the optical layer, the modulated signals become opaque to the unauthorised users. Optical code distribution and authentication is the one of the major challenges for our proposed scheme. In our proposed protocol, both of the operations are covered and defined in detail. As a preliminary draft of the optical code security protocol, it could be a useful guidance for further research

A scalable scheme for multilevel packet authentication in secure multicasting

Since communication has become an integral part of modernlife, security and authentication have also become important issues for providing secure communication. The issue of providing communication among a group of users has also been in the forefront, and multicasting has become a key technology for supporting such communication. This thesis explores new methods for multicast authentication. First, the thesis discusses several multicast authentication schemes: (i) public-key systems and Message Authentication Codes (MACs), and their relation to multicast authentication, and (ii) different views of multicast authentication, including digital streams, off-line computation, and using less secure but more efficient authentication algorithms. Then, the thesis proposes a scheme for multicast authentication based on a digital streams scheme, extended Fiege-Fiat-Shamir (eFFS), which is efficient and scalable. eFFS allows multiple levels of authentication, but sending these multiple levels may consume a lot of bandwidth. This research enhances eFFS (the enhanced scheme is called Modified eFFS, or MeFFS) by partitioning the receivers of a group to form several multicast subgroups, and sending different authentication levels to different subgroups. The performance enhancement of MeFFS, in terms of bandwidth savings, is quantified through simulation studies. Our studies show that MeFFS outperforms eFFS for multicast groups where the trees corresponding to the subgroups are highly disjoint. Finally, some suggestions are made to make the scheme more scalable and deployable