Performance Analysis of end-to-end DTLS and IPsec based communication in IoT systems : Security and Privacy ~ Distributed Systems Security

Kuna, Vignesh

January 2017

No description available.

DTLS

IoT

IPsec

Performance

Security.

Telecommunications

Telekommunikation

Performance Analysis of Proxy based Encrypted communication in IoT environments : Security and Privacy ~ Distributed Systems Security

Budda, Shiva Tarun

January 2017

No description available.

DTLS

IoT

IPsec

Performance

Security.

Telecommunications

Telekommunikation

Hardwarové kryptografické moduly pro zabezpečení LAN / Hardware cryptographic modules for LAN security

Loutocký, Tomáš

January 2008

The thesis deal with the problems of virtual private network (VPN). The first part of the thesis is focused on the description of the basic terms of computer security which are useful for better understanding the other parts. There is a description of VPN technology and its separation of VPN by various aspects in the second part of the thesis. The next chapter is dedicated to the description of realization of VPN by using IPSec. There is shown how to secure laboratory network by using of the products of the Safenet Company in the practical part of the thesis. There are also stated the modular techniques how to use products in the network in practical part. Some of the modular techniques describe security weaknesses of the products which are possible to exploit in the laboratory network and they also describe the ways how to protect them against misusage.

Secure SNMP-Based Network Management in Low Bandwidth Networks

Hia, Henry Erik

04 May 2001

This research focuses on developing a secure, SNMP-based network management system specifically tailored for deployment in internetworks that rely on low-bandwidth backbone networks. The network management system developed uses a two-level hierarchy of network management applications consisting of one top-level management application communicating with several mid-level management applications strategically distributed throughout the internetwork. Mid-level management applications conduct routine monitoring chores on behalf of the top-level management application and report results in a way that makes intelligent use of the limited bandwidth available on the backbone network. The security framework is based on using SNMPv2c over IPSec. This research shows that the other security alternative considered, SNMPv3, consumes as much as 24 percent more network capacity than SNMPv2c over IPSec. The management framework is based on the Management by Delegation (MbD) model and is implemented using the IETF DISMAN Script MIB. This research demonstrates that the MbD-based management framework consumes only 2 percent of the network capacity required by the traditional, centralized management scheme. / Master of Science

Network Management

SNMP

DISMAN Script MIB

IPSec

Projeto de uma VPN(Rede Privada Virtual) baseada em computação reconfigurável e aplicada a robôs móveis / A VPN (Virtual Private Network) design based on reconfigurable computing and applied to mobile robots

Marleta, Marcelo Honorato

11 April 2007

Este trabalho apresenta uma implementação de VPN utilizando-se dos circuitos reprogramáveis do tipo FPGA (Field Programmable Gate Array) que são a base da computação reconfigurável. VPNs utilizam criptografia para permitir que a comunicação seja privada entre as partes. Assim, todo o custo computacional decorrente desta prática é executado em nível de hardware, procurando-se atingir um alto desempenho e voltado para as aplicações de sistemas embutidos. O uso desta solução, VPN por hardware, será na interligação de um robô (em desenvolvimento no Laboratório de Computação Reconfigurável - LCR do Instituto de Ciências Matemáticas e de Computação da Universidade de São Paulo) ao seu servidor de configuração e tarefas, através de linhas privadas. O emprego de uma VPN em robótica permitirá a utilização de um sistema de comunicação, com ou sem fio, e toda a infra-estrutura da Internet para a comunicação com o robô (e no futuro entre os robôs) a qualquer distância de forma segura e confiável. O hardware reconfigurável utilizado para a VPN deste trabalho proporciona flexibilidade no modo de implementação, possibilitando que o sistema seja adequado para satisfazer situações que exijam alto desempenho. Além disso, a arquitetura proposta possibilita que parte das operações sejam executadas em software (no caso, foi utilizado o sistema operacional ?Clinux e ferramentas para se estabelecer a VPN) e parte das operações executadas em hardware (um coprocessador criptográfico AES). As principais ferramentas de software são o conjunto ipsec-tools que foram desenvolvidas para serem executadas com o IPSec nativo do Kernel e devidamente portadas para o ?Clinux / This work designs a system that implements a VPN using FPGA (Field Programmable Gate Array) reprogrammable circuits, which are the basis of reconfigurable computing. VPNs use cryptography to allow private communication between parts. In this manner, the computational cost of the cryptography is handled by the hardware, achieving great performance and allowing its usage on embedded systems applications. The system proposed in this thesis has been used to establish secure communication between a PC and a mobile robot (that is in development at Reconfigurable Computing Laboratory - LCR of Institute of Mathematics and Computer Science of Univesity of São Paulo). The use of VPN in robotics will allow a communication, either wired or wireless, using Internet?s infrastructure with the robot (and in the future among robots), in a secure and trustable manner. The reconfigurable hardware used in this work allows flexibility in the implementation, making possible its usage in situations that requires high performance. Furthermore, the proposed architecture allows part of applications executing in software (using ?Clinux operating system and tools to establish the VPN) and other parts in hardware (a cryptographic coprocessor AES). The main software tools are the ipsec-tools that were developed to execute with native Kernel IPSec?s implementation and were properly ported to ?Clinux

Computação reconfigurável

Embedded systems

FPGA

FPGA

Ipsec

Ipsec

Reconfigurable computing

Security

Segurança

Sistemas embarcados

VPN

VPN

Projeto de uma VPN(Rede Privada Virtual) baseada em computação reconfigurável e aplicada a robôs móveis / A VPN (Virtual Private Network) design based on reconfigurable computing and applied to mobile robots

Marcelo Honorato Marleta

11 April 2007

Este trabalho apresenta uma implementação de VPN utilizando-se dos circuitos reprogramáveis do tipo FPGA (Field Programmable Gate Array) que são a base da computação reconfigurável. VPNs utilizam criptografia para permitir que a comunicação seja privada entre as partes. Assim, todo o custo computacional decorrente desta prática é executado em nível de hardware, procurando-se atingir um alto desempenho e voltado para as aplicações de sistemas embutidos. O uso desta solução, VPN por hardware, será na interligação de um robô (em desenvolvimento no Laboratório de Computação Reconfigurável - LCR do Instituto de Ciências Matemáticas e de Computação da Universidade de São Paulo) ao seu servidor de configuração e tarefas, através de linhas privadas. O emprego de uma VPN em robótica permitirá a utilização de um sistema de comunicação, com ou sem fio, e toda a infra-estrutura da Internet para a comunicação com o robô (e no futuro entre os robôs) a qualquer distância de forma segura e confiável. O hardware reconfigurável utilizado para a VPN deste trabalho proporciona flexibilidade no modo de implementação, possibilitando que o sistema seja adequado para satisfazer situações que exijam alto desempenho. Além disso, a arquitetura proposta possibilita que parte das operações sejam executadas em software (no caso, foi utilizado o sistema operacional ?Clinux e ferramentas para se estabelecer a VPN) e parte das operações executadas em hardware (um coprocessador criptográfico AES). As principais ferramentas de software são o conjunto ipsec-tools que foram desenvolvidas para serem executadas com o IPSec nativo do Kernel e devidamente portadas para o ?Clinux / This work designs a system that implements a VPN using FPGA (Field Programmable Gate Array) reprogrammable circuits, which are the basis of reconfigurable computing. VPNs use cryptography to allow private communication between parts. In this manner, the computational cost of the cryptography is handled by the hardware, achieving great performance and allowing its usage on embedded systems applications. The system proposed in this thesis has been used to establish secure communication between a PC and a mobile robot (that is in development at Reconfigurable Computing Laboratory - LCR of Institute of Mathematics and Computer Science of Univesity of São Paulo). The use of VPN in robotics will allow a communication, either wired or wireless, using Internet?s infrastructure with the robot (and in the future among robots), in a secure and trustable manner. The reconfigurable hardware used in this work allows flexibility in the implementation, making possible its usage in situations that requires high performance. Furthermore, the proposed architecture allows part of applications executing in software (using ?Clinux operating system and tools to establish the VPN) and other parts in hardware (a cryptographic coprocessor AES). The main software tools are the ipsec-tools that were developed to execute with native Kernel IPSec?s implementation and were properly ported to ?Clinux

Computação reconfigurável

FPGA

Ipsec

Segurança

Sistemas embarcados

VPN

Embedded systems

FPGA

Ipsec

Reconfigurable computing

Security

VPN

Naming and security in a mobile, multihomed and multiple interfaces environement / Nommage et sécurité dans une environnement mobile, multihomé et à interfaces multiples

Migault, Daniel

26 September 2012

Une des problématiques majeure de sécurité pour les opérateur est de permettre à ses utilisateurs de maintenir la sécurité d’une communication même au travers d’un réseau qui ne soit pas de confiance. Pour l’utilisateur, une communication est établie entre deux identifiants, et ceci indépendamment des mouvements et changements de réseau de l’utilisateur. Autrement dit, l’opérateur doit permettre cette communication entre identifiants possible grâce au système DNS, et fournir les mécanismes réseaux nécessaires afin que la communication puisse être maintenue quand le client bouge et change d’adresse. Dans cette thèse nous nous somme concentrés sur les aspects sécurités et plus exactement: - DNSSEC: DNSSEC définit comme sécuriser la résolution d’un nom de domaine. La sécurité a un coût que nous commençons par évaluer avant de proposer des architectures permettant aux ISPs de migrer des plateformes de Service de Résolution de DNS vers DNSSEC. - IPsec: IPsec définit comment sécuriser une communication IP. Dans cette thèse nous définissons une extension qui permet à un utilisateur de maintenir une communication sécurisée par IPsec pour un terminal mobile, Multihomé, et avec de Multiples Interfaces / ISPs are concerned about providing and maintaining the level of security of its End User’s communications. A communication is initiated by the End User with a name, and goes on by exchanging packets between two IP addresses. In this thesis, we focused our attention on two main points: (1) providing a secure Naming service, and (2) making IPsec communication resilient to IP address modification, addition or lost of an interface. We designed MOBIKE-X for that purpose and propose it as a standard at the IETF

DNS

DNSSEC

IPsec

Mobilité

Interfaces multiples

DHT

DNS

DNSSEC

IPsec

Mobility

Multiple interfaces

DHT

Jämförelse av autentisering i SIP och H.323

Thunström, Robert

January 2008

<p>H.323 och Session Initiation Protocol är två olika protokoll som kan användas t ex för att koppla upp röstsamtal eller videosamtal via Internet. Det är ofta önskvärt i en uppkoppling mellan två personer att personerna kan autentisera sig för varandra. Denna autentisering är avsedd att garantera identiteten på deltagarna i kommunikationen. Den här undersökningen jämför protokollens struktur vid autentiseringen och visar skillnader i säkerhetssynpunkt. Autentisering finns i 3 skikt i de båda protokollen. I applikationsskiktet skiljer sig protokollen åt då SIP använder sig av lösenord för autentisering medan H.323 både kan använda lösenord och en PKI-baserad lösning med utbyte av nyckelcertifikat. I transportskiktet och nätverksskiktet kan båda protokollen använda TLS och IPSec för autentisering och därmed är det ingen större skillnad på protokollen i dessa skikt.</p>

H323

SIP

Autentisering

PKI

TLS

IPSec

Computer science

Datavetenskap

Design and implementation of a Hadoop-based secure cloud computing architecture

Cheng, Sheng-Lun

31 January 2011

The goal in this research is to design and implement a secure Hadoop cluster. The cloud computing is a type of network computing, where most data is transmitted through network. To develop a secure cloud architecture, we need to validate users first, and guarantee transmitting data against stealing and falsification. In case of someone steals the data, he is still hard to know content. Therefore, we focus on the following points: I. Authorization¡G First, we investigate the user authorization problem in Hadoop system, and then, propose two solutions: SOCKS Authorization and Service Level Authorization. SOCKS Authorization is a external authorization in Hadoop System, and uses username/password to identify users. Service Level Authorization is a new authorization mechanism in Hadoop 0.20. This mechanism to ensure clients connecting to a particular Hadoop service have the necessary, pre-configured, permissions and are authorized to access the given service. II. Transmission Encryption¡G To keep important data, such as Block ID, Job ID, username, etc, away from exposedness in non-trusted networks, we examine Hadoop transmissions in practice, and point out possible security problems. Subsequently, we use IPSec to implement transmission encryption and packet verification for Hadoop. III. Architecture Design¡G Based on the implementation framework of Hadoop mentioned above, we propose a secure architecture of Hadoop cluster to solve the security problems. In addition, we also evaluate the performances of HDFS and MapRduce in this architecture.

IPSec

SOCKS Authorization

Architecture Design

Hadoop

cloud computing

XML based adaptive IPsec policy management in a trust management context /

Mohan, Raj.

January 2002

Thesis (M.S. in Computer Science and M.S. in Information Technology Management)--Naval Postgraduate School, September 2002. / Thesis advisor(s): Cynthia E. Irvine, Timothy E. Levin. Includes bibliographical references (p. 71-72). Also available online.