3,219 research outputs found
Fault Tolerant Scalable Support for Network Portability and Traffic Engineering
The P-SHIM6 architecture provides ISP independence to IPv6 sites without compromising scalability. This architecture is based on a middle-box, the P-SHIM6, which manages the SHIM6 protocol exchange on behalf of the nodes of a site, which are configured with provider independent addresses. Incoming and outgoing packets are processed by the P-SHIM6 box, which can assign different locators to a given communication, either when it is started, or dynamically after the communication has been established. As a consequence, changes required for provider portability are minimized, and fine-grained Traffic Engineering can be enforced at the P-SHIM6 box, in addition to the fault tolerance support provided by SHIM6.This project has been supported by the RiNG project IST-2005-035167 and by the IMPROVISA project TSI2005-07384-C03-02.Publicad
BGP-like TE Capabilities for SHIM6
In this paper we present a comprehensive set of mechanisms that restore to the site administrator the capacity of enforcing traffic engineering (TE) policies in a multiaddressed IPv6 scenario. The mechanisms rely on the ability of SHIM6 to securely perform locator changes in a transparent fashion to transport and application layers. Once an outgoing path has been selected for a communication by proper routing configuration in the site, the source prefix of SHIM6 data packets is rewritten by the site routers to avoid packet discarding due to ingress filtering. The SHIM6 locator preferences exchanged in the context establishment phase are modified by the site routers to influence in the path used for receiving traffic. Scalable deployment is ensured by the stateless nature of these mechanisms.Publicad
Policies and Politics of Reform : The Governmentality of Structural Adjustment in Urban and Rural Egypt
This analysis explores the unique and tumultuous approach to reform in Egypt and addresses
the effects of the implementation of neoliberal policy tools. These tools included privatization, price
liberalization, deregulation, and land reform in both urban and rural areas. Based on these effects, this
analysis will argue that the benefits accrued by the political-economic elite created opportunities for
new patronage networks that upheld elite economic privilege through the process of liberalization
while a wide swath of Egyptians suffered the loss of limited privileges and protections from the state
established by Nasr and upheld by his successors. Consequently, the socialist-statist âsocial contractâ
underlying the legitimacy of successive regimes crumbled as the withdrawal of state support for
industry, agriculture, and services thrust more and more Egyptians into poverty and economic
insecurity, and the failure of a healthy private sector to materialize exacerbated unemployment. The
promise of modernization and economic prosperity via the path of neoliberal reform contrasted
significantly with the reality of concentrated gains captured by few while urban workers, small farmers,
and public sector employees lost their economic security and state supports.
These developments which began during the time of Anwar Sadat and peaked under the rule of Hosni
Mubarak, eroded public quiescence and tolerance of a corrupt and increasingly detached regime,
undercut legitimacy and fomented revolution. The domestic conditions of impending succession from Hosni to Gamal Mubarak combined with declining economic conditions fed off the Tunisian revolution to mobilize the related grievances of Egyptians to demand change
Providing Authentication & Authorization Mechanisms for Active Service Charging
Active network technology enables fast deployment of new network services tailored to the specific needs of end users, among others features. Nevertheless proper charging for these new added value services require suitable authentication and authorization mechanisms. In this article we describe a security architecture for SARA (Simple Active Router-Assistant) architecture, an active network platform deployed in the context of the IST-GCAP project. The proposed solution provides all the required security features, and it also grants proper scalability of the overall system, by using a distributed key-generation algorithm.Publicad
ROSA: Realistic Open Security Architecture for active networks
Proceedings of IFIP-TC6 4th International Working Conference, IWAN 2002 Zurich, Switzerland, December 4â6, 2002.Active network technology enables fast deployment of new network
services tailored to the specific needs of end users, among other features.
Nevertheless, security is still a main concern when considering the industrial
adoption of this technology. In this article we describe an open security
architecture for active network platforms that follow the discrete approach. The
proposed solution provides all the required security features, and it also grants
proper scalability of the overall system, by using a distributed key-generation
algorithm. The performance of the proposal is validated with experimental data
obtained from a prototype implementation of the solution.Publicad
An Architecture for Network Layer Privacy
We present an architecture for the provision of network layer privacy based on the SHIM6 multihoming protocol. In its basic form, the architecture prevents on-path eavesdroppers from using SHIM6 network layer information to correlate packets that belong to the same communication but use different locators. To achieve this, several extensions to the SHIM6 protocol and to the HBA (Hash Based Addresses) addressing model are defined. On its full-featured mode of operation, hosts can vary dynamically the addresses of the packets of on-going communications. Single-homed hosts can adopt the SHIM6 protocol with the privacy enhancements to benefit from this protection against information collectors.IEEE Communications SocietyPublicad
Efficient security for IPv6 multihoming
In this note, we propose a security mechanism for protecting IPv6
networks from possible abuses caused by the malicious usage of a
multihoming protocol. In the presented approach, each
multihomed node is assigned multiple prefixes from its upstream
providers, and it creates the interface identifier part of its
addresses by incorporating a cryptographic one-way hash of the
available prefix set. The result is that the addresses of each
multihomed node form an unalterable set of intrinsically bound
IPv6 addresses. This allows any node that is communicating with
the multihomed node to securely verify that all the alternative
addresses proposed through the multihoming protocol are
associated to the address used for establishing the communication.
The verification process is extremely efficient because it only
involves hash operationsPublicad
An API for IPv6 Multihoming based on HBA and CGA
EUNICE 2005. IFIP International Workshop on Networked Applications, Colmenarejo, Madrid/Spain, 6â8 July, 2005. (Proceedings of the 11th Open European Summer School EUNICE 2005: Networked Applications)This paper proposes an API for Multihoming in IPv6. This API is based on the Hash Based Addresses and Cryptographically Generated Addresses approaches, which are being developed by the IETF multi6 Working Group. The support of Multihoming implies several actions such as failure detection procedures, reachability tests, re-homing procedures and exchange of locators. Applications can benefit from transparent access to Multihoming services only if per host Multihoming parameters are defined. However, more benefits could be obtained by applications if they will be able to configure these parameters. The proposed Multihoming API provides different functions to applications which can modify some parameters and invoke some functions related with the Multihoming Layer.This work has been partly supported by the European Union under the E-Next Project FP6506869 and by OPTINET6 project TIC-2003-09042-C03-01
An API for IPv6 Multihoming
IFIP International Workshop on Networked Applications, Colmenarejo, Madrid/Spain, 6?8 July, 2005This paper proposes an API for Multihoming in IPv6. This API is based on the Hash Based Addresses and Cryptographically Generated Addresses approaches, which are being developed by the IETF multi6 Working Group. The support of Multihoming implies several actions such as failure detection procedures, reachability tests, re-homing procedures and exchange of locators. Applications can benefit from transparent access to Multihoming services only if per host Multihoming parameters are defined. However, more benefits could be obtained by applications if they will be able to configure these parameters. The proposed Multihoming API provides different functions to applications which can modify some parameters and invoke some functions related with the Multihoming Layer.Publicad
IPv6 Multihoming Support in the Mobile Internet
Fourth-generation mobile devices incorporate multiple interfaces with diverse access technologies. The current Mobile IPv6 protocol fails to support the enhanced fault tolerance capabilities that are enabled by the availability of multiple interfaces. In particular, established MIPv6 communications cannot be preserved through outages affecting the home address. In this article,
we describe an architecture for IPv6 mobile host multihoming that enables transport layer survivability through multiple failure modes. The proposed approach relies on the cooperation between the MIPv6 and the SHIM6 protocols.Publicad
- âŠ