3 research outputs found
Implementation and Performance Evaluation of Embedded IPsec in Microkernel OS
The rapid development of the embedded systems
and the wide use of them in many sensitive fields require
safeguarding their communications. Internet Protocol Security
(IPsec) is widely used to solve network security problems by
providing confidentiality and integrity for the communications
in the network, but it introduces communication overhead.
This overhead becomes a critical factor with embedded
systems because of their low computing power and limited
resources. In this research, we studied the overhead of using
embedded IPsec in constrained resource systems, which run
microkernel operating system (OS), in terms of the network
latency and throughput. To conduct our experiment first, we
ran the test with an unmodified network stack, and then we
ran the same test with the modified network stack which
contains the IPsec implementation. Later, we compared the
results obtained from these two sets of experiments to examine
the overhead. Our research demonstrated that the overhead
imposed by IPsec protocols is small and well within the
capabilities of even low cost microcontrollers such as the one
used in the Raspberry Pi computer
Collaborative, Trust-Based Security Mechanisms for a National Utility Intranet
This thesis investigates security mechanisms for utility control and protection networks using IP-based protocol interaction. It proposes flexible, cost-effective solutions in strategic locations to protect transitioning legacy and full IP-standards architectures. It also demonstrates how operational signatures can be defined to enact organizationally-unique standard operating procedures for zero failure in environments with varying levels of uncertainty and trust. The research evaluates layering encryption, authentication, traffic filtering, content checks, and event correlation mechanisms over time-critical primary and backup control/protection signaling to prevent disruption by internal and external malicious activity or errors. Finally, it shows how a regional/national implementation can protect private communities of interest and foster a mix of both centralized and distributed emergency prediction, mitigation, detection, and response with secure, automatic peer-to-peer notifications that share situational awareness across control, transmission, and reliability boundaries and prevent wide-spread, catastrophic power outages
The Networking Perspective of Security Performance- a Measurement Study-
Abstract. The recent term Quality of Security Services leads directly to the question of the performance impact of security protocols like IPSec and SSL. The impact depends not only on the situation, but also on the configuration. We measured the processing delay and the throughput for implementations of IPSec under Linux with different kernel versions on current computers. Our focus is to cover the effect of the various parameters of IPSec. Most important for the IPSec performance is the choice of the cryptographic algorithms and hash functions. Our measurements indicate that the latter are becoming the bottleneck as fast encryption algorithms like the AES and Blowfish more and more replace the slow 3DES.