3,868 research outputs found
A Survey on Handover Management in Mobility Architectures
This work presents a comprehensive and structured taxonomy of available
techniques for managing the handover process in mobility architectures.
Representative works from the existing literature have been divided into
appropriate categories, based on their ability to support horizontal handovers,
vertical handovers and multihoming. We describe approaches designed to work on
the current Internet (i.e. IPv4-based networks), as well as those that have
been devised for the "future" Internet (e.g. IPv6-based networks and
extensions). Quantitative measures and qualitative indicators are also
presented and used to evaluate and compare the examined approaches. This
critical review provides some valuable guidelines and suggestions for designing
and developing mobility architectures, including some practical expedients
(e.g. those required in the current Internet environment), aimed to cope with
the presence of NAT/firewalls and to provide support to legacy systems and
several communication protocols working at the application layer
Enabling the Internet White Pages Service -- the Directory Guardian
The Internet White Pages Service (IWPS) has been slow
to materialise for many reasons. One of them is the
security concerns that organisations have, over allowing
the public to gain access to either their Intranet or their
directory database. The Directory Guardian is a firewall
application proxy for X.500 and LDAP protocols that is
designed to alleviate these fears. Sitting in the firewall
system, it filters directory protocol messages passing into
and out of the Intranet, allowing security administrators
to carefully control the amount of directory information
that is released to the outside world. This paper describes
the design of our Guardian system, and shows how
relatively easy it is to configure its filtering capabilities.
Finally the paper describes the working demonstration of
the Guardian that was built for the 1997 World
Electronic Messaging Association directory challenge.
This linked the WEMA directory to the NameFLOWParadise
Internet directory, and demonstrated some of
the powerful filtering capabilities of the Guardian
BitTorrent Sync: Network Investigation Methodology
The volume of personal information and data most Internet users find
themselves amassing is ever increasing and the fast pace of the modern world
results in most requiring instant access to their files. Millions of these
users turn to cloud based file synchronisation services, such as Dropbox,
Microsoft Skydrive, Apple iCloud and Google Drive, to enable "always-on" access
to their most up-to-date data from any computer or mobile device with an
Internet connection. The prevalence of recent articles covering various
invasion of privacy issues and data protection breaches in the media has caused
many to review their online security practices with their personal information.
To provide an alternative to cloud based file backup and synchronisation,
BitTorrent Inc. released an alternative cloudless file backup and
synchronisation service, named BitTorrent Sync to alpha testers in April 2013.
BitTorrent Sync's popularity rose dramatically throughout 2013, reaching over
two million active users by the end of the year. This paper outlines a number
of scenarios where the network investigation of the service may prove
invaluable as part of a digital forensic investigation. An investigation
methodology is proposed outlining the required steps involved in retrieving
digital evidence from the network and the results from a proof of concept
investigation are presented.Comment: 9th International Conference on Availability, Reliability and
Security (ARES 2014
DCCP Simultaneous-Open Technique to Facilitate NAT/Middlebox Traversal
https://datatracker.ietf.org/doc/rfc5595/Publisher PD
Outsmarting Network Security with SDN Teleportation
Software-defined networking is considered a promising new paradigm, enabling
more reliable and formally verifiable communication networks. However, this
paper shows that the separation of the control plane from the data plane, which
lies at the heart of Software-Defined Networks (SDNs), introduces a new
vulnerability which we call \emph{teleportation}. An attacker (e.g., a
malicious switch in the data plane or a host connected to the network) can use
teleportation to transmit information via the control plane and bypass critical
network functions in the data plane (e.g., a firewall), and to violate security
policies as well as logical and even physical separations. This paper
characterizes the design space for teleportation attacks theoretically, and
then identifies four different teleportation techniques. We demonstrate and
discuss how these techniques can be exploited for different attacks (e.g.,
exfiltrating confidential data at high rates), and also initiate the discussion
of possible countermeasures. Generally, and given today's trend toward more
intent-based networking, we believe that our findings are relevant beyond the
use cases considered in this paper.Comment: Accepted in EuroSP'1
- …