TCP Compression Filter

We propose a TCP filter option to install compression in a virtual layer between TCP and the application layer. The method is incrementally deployable, as neither party will install the compression layer without the other's consent

TCP Compression Filter

We propose a TCP filter option to install compression in a virtual layer between TCP and the application layer. The method is incrementally deployable, as neither party will install the compression layer without the other's consent

TCP Filters

We propose a method to specify general-purpose filters between TCP and the application layer. The method is incrementally deployable, as neither party will use a filter layer without the other's consent

Moat: A Virtual Private Network Appliance and Services Platform

Vakava onnettomuus, sairaus tai aivoinfarkti voi aiheuttaa tilan, jossa ihminen ei pysty liikkumaan eikä puhumaan. Usein kyky liikuttaa silmiä kuitenkin säilyy, vaikka ihminen olisi muuten täysin halvaantunut. Silmien liikettä ja katseen suuntaa voidaan tällöin hyödyntää kommunikaatiossa. Lääkäri voi esimerkiksi pyytää potilasta katsomaan ylös myöntymisen merkiksi. Vammautuneen henkilön eteen voidaan myös asettaa läpinäkyvä kommunikaatiotaulu, johon on kiinnitetty kuvia tai kirjaimia. Taulun avulla on mahdollista muodostaa sanoja ja lauseita katsomalla kirjaimia yksi kerrallaan. Keskustelukumppani tulkitsee viestin seuraamalla kommunikaatiotaulun toiselta puolelta henkilön katseen suuntaa. Kommunikaatiotaulua kehittyneempi menetelmä on katseenseurantalaite, joka mahdollistaa itsenäisen kirjoittamisen ja tietokoneen ohjaamisen katseella. Katseenseurantalaitteessa on tyypillisesti videokamera, joka kuvaa käyttäjän silmän liikkeitä. Tietokoneen ohjelma tulkitsee katseen suunnan ja päättelee, mihin kohtaan näytöllä käyttäjä kulloinkin katsoo. Yksinkertaisimmillaan näytöllä on kuva näppäimistöstä ja käyttäjä kirjoittaa silmillään katsomalla näppäimistön kirjaimia. Jotta tietokone erottaisi, milloin käyttäjä haluaa valita katsomansa kohteen, käyttäjän pitää katsoa kirjainta riittävän pitkään. Pitkä viive auttaa ehkäisemään virhevalintoja, mutta hidastaa samalla kommunikaatiota. Katseeseen perustuvia tekstinsyöttöjärjestelmiä on kehitetty muutaman vuosikymmenen ajan ja niiden käyttö kommunikaation apuvälineenä on yleistynyt viime vuosina. Katseella kirjoittamista ei kuitenkaan ole juurikaan tutkittu. Väitöskirja tarjoaa perusteellisen katsauksen aiheen tutkimukseen ja eri tapoihin käyttää katsetta tekstin tuottamiseen ja kommunikointiin. Työssä esitellään uusia tapoja tehostaa katseella kirjoittamista yksinkertaisten käyttöliittymäratkaisujen avulla. Väitöskirja tarjoaa tutkimustuloksiin perustuvia konkreettisia esimerkkejä ja ohjeita siitä, kuinka katseella kirjoittamisen miellyttävyyttä ja nopeutta voidaan parantaa huolellisen käyttöliittymäsuunnittelun avulla. Käyttäjätutkimukset osoittavat, että esimerkiksi ohjelman tarjoama palaute vaikuttaa merkittävästi kirjoitusnopeuteen ja virheiden määrään. Vastaavasti mahdollisuus säätää valintaan vaadittavaa viivettä mahdollistaa katsekirjoituksen nopean ja tehokkaan oppimisen.Text entry by eye gaze is used by people with severe motor disabilities. An eye tracking device follows the user s eye movements, and a computer program analyzes the gaze behavior. To type by gaze, the user typically points at the characters on an on-screen keyboard by looking at them and selects them by means of dwell time, a prolonged gaze that separates an intentional command from casual viewing. The basic methods for producing text by gaze have been researched and in real-world use since the early 1980s; however, the design issues have not been studied in detail. Until recently, assistive eye tracking systems were used mostly by a small number of people who were totally paralyzed and for whom gaze control was a necessity and the only option. The technology and its usability have improved considerably, and several new systems have appeared on the market, making the technology available for a much wider group of users with varying need and abilities. Today, the eye tracker can be considered an optional assistive device worth considering since it provides easy and fast access to information technology by gaze alone. This thesis provides an extensive review of the research conducted in the area of gaze-based text entry. It summarizes results from several experiments that study various aspects of text entry by gaze. Results show that small improvements in the interface design can lead to significant improvements in user performance and satisfaction. For example, adding a simple "click" that confirms the selection by gaze can significantly improve the text entry speed over that of plain visual feedback. The improvement is small, but the effect accumulates in the repetitive task of text entry. An overview of different design solutions and guidelines derived from the research results are given. It is hoped that the thesis will provide a useful starting point for developers, researchers, and assistive technology professionals wishing to gain deeper insight into gaze-based text entry

Toward the PSTN/Internet Inter-Networking--Pre-PINT Implementations

This document contains the information relevant to the development of the inter-networking interfaces underway in the Public Switched Telephone Network (PSTN)/Internet Inter-Networking (PINT) Working Group. It addresses technologies, architectures, and several (but by no means all) existing pre-PINT implementations of the arrangements through which Internet applications can request and enrich PSTN telecommunications services. The common denominator of the enriched services (a.k.a. PINT services) is that they combine the Internet and PSTN services in such a way that the Internet is used for non-voice interactions, while the voice (and fax) are carried entirely over the PSTN. One key observation is that the pre-PINT implementations, being developed independently, do not inter-operate. It is a task of the PINT Working Group to define the inter-networking interfaces that will support inter-operation of the future implementations of PINT services

On the security of some password-based key agreement schemes

In this paper we show that two potential security vulnerabilities exist in the strong password-only authenticated key exchange scheme due to Jablon. Two standardised schemes based on Jablon's scheme, namely the first password-based key agreement mechanism in ISO/IEC FCD 11770-4 and the scheme BPKAS-SPEKE in IEEE P1363.2 also suffer from one or both of these security vulnerabilities. We further show that other password-based key agreement mechanisms, including those in ISO/IEC FCD 11770-4 and IEEE P1363.2, also suffer from these two security vulnerabilities. Finally, we propose means to remove these security vulnerabilities

Measuring Name System Health

Modern critical infrastructure assets are exposed to security threats arising from their use of IP networks and the Domain Name System (DNS). This paper focuses on the health of DNS. Indeed, due to the increased reliance on the Internet, the degradation of DNS could have significant consequences for the critical infrastructure. This paper describes the Measuring Naming System (MeNSa), a framework designed to provide a formal methodology, metrics and tools for evaluating DNS health. Additionally, it proposes a process for aggregating health and security metrics to provide potential threat indicators. Results from a scenario-based experiment demonstrate the utility of the framework and aggregation metrics

A new approach to deploy a self-adaptive distributed firewall

Distributed firewall systems emerged with the proposal of protecting individual hosts against attacks originating from inside the network. In these systems, firewall rules are centrally created, then distributed and enforced on all servers that compose the firewall, restricting which services will be available. However, this approach lacks protection against software vulnerabilities that can make network services vulnerable to attacks, since firewalls usually do not scan application protocols. In this sense, from the discovery of any vulnerability until the publication and application of patches there is an exposure window that should be reduced. In this context, this article presents Self-Adaptive Distributed Firewall (SADF). Our approach is based on monitoring hosts and using a vulnerability assessment system to detect vulnerable services, integrated with components capable of deciding and applying firewall rules on affected hosts. In this way, SADF can respond to vulnerabilities discovered in these hosts, helping to mitigate the risk of exploiting the vulnerability. Our system was evaluated in the context of a simulated network environment, where the results achieved demonstrate its viability