Spelling suggestions: "subject:"ipscs""
41 |
IP Security für LinuxParthey, Mirko 19 January 2001 (has links) (PDF)
Die Nutzung des Internet für sicherheitskritische Anwendungen erfordert kryptographische Schutzmechanismen. IP Security (IPsec) definiert dafür geeignete Protokolle. Diese Arbeit gibt einen Überblick über IPsec. Eine IPsec-Implementierung für Linux (FreeS/WAN) wird auf Erweiterbarkeit und Praxistauglichkeit untersucht. / Using the Internet in security-critical areas requires cryptographic protection, for which IP Security (IPsec) defines suitable protocols. This paper gives an overview of IPsec. A Linux implementation of IPsec is examined under the aspects of extendability and usability.
|
42 |
VPN/IPSecSchreiber, Alexander, Sieber, Holm 22 August 2002 (has links) (PDF)
Gesicherte Kommunikation ueber offene und ungesicherte Netze, sichere Einbindung mobiler Clients in eigene Netze, end-to-end Verschluesselung im IP-Datenverkehr.
|
43 |
Συ-σχεδίαση υλικού/λογισμικού και υλοποίηση σε πλατφόρμα FPGA του πρωτοκόλλου ασφαλείας IPsec για το IPv6Γκίτσας, Γεώργιος 28 August 2014 (has links)
Τις τελευταίες δεκαετίες η ασφάλεια υπολογιστών και δικτύων έχει τραβήξει το ενδιαφέρον τόσο των ερευνητών όσο και της βιομηχανίας. Το ενδιαφέρον αυτό συνεχίζει να αυξάνεται με εκθετικό ρυθμό τα τελευταία χρόνια λόγω των συνεχώς αυξανόμενων επιθέσεων, της συνεχούς μεγέθυνσης των εταιρικών και κυβερνητικών δικτύων καθώς και την ολοένα αυξανόμενη χρήση και αξιοποίηση των υπολογιστικών συστημάτων σε κάθε πτυχή της ανθρώπινης δραστηριότητας.
Στο πολύ ενεργό αυτό πεδίο, προκύπτουν συνέχεια νέα προβλήματα και παρουσιάζονται συνεχώς νέες ιδέες για την επίλυσή τους. Μία από τις πιο υποσχόμενες είναι η σουίτα IPsec, η οποία προστατεύει την κίνηση των δικτύων στο επίπεδο IP της στοίβας πρωτοκόλλων του Internet, TCP/IP. Η εφαρμογή του έχει ήδη ξεκινήσει τα τελευταία χρόνια, σε μικρή κλίμακα, αλλά με την μετάβαση που προβλέπεται να γίνει από το IPv4 στο IPv6, η υλοποίηση του IPsec θα είναι υποχρεωτικό να υπάρχει σε κάθε δικτυακό σύστημα με την προοπτική της ενδυνάμωσης της ασφάλειας στο Internet.
Ακόμα, η ανάπτυξη υπολογιστικών συστημάτων ειδικών εφαρμογών έχει καταφύγει τα τελευταία χρόνια στην μορφή των ενσωματωμένων συστημάτων (embedded systems). Για την σχεδίαση και πιστοποίηση της ορθής λειτουργίας αυτών των συστημάτων είναι σύνηθες να χρησιμοποιούνται FPGA (Field Programmable Gated Array) chip ενώ η τελική μορφή του συστήματος είναι συνήθως υλοποιημένη σε ASIC (Application Specific Integrated Circuit) διότι δίνει τα πλεονεκτήματα μεγαλύτερης ταχύτητας και μικρότερης κατανάλωσης ενέργειας σε σχέση με τα FPGA.
Στην παρούσα διπλωματική εργασία σχεδιάστηκε το πρωτόκολλο IPsec ως ένα ενσωματωμένο σύστημα υλικού-λογισμικού και υλοποιήθηκε στην πλατφόρμα FPGA Virtex 5 της εταιρείας Xilinx. Το ενσωματωμένο σύστημα εμπεριέχει έναν επεξεργαστή Microblaze και επιταγχυντές υλικού (hardware accelerators). Η υλοποίηση έγινε με αποδοτική συσχεδίαση υλικού και λογισμικού ώστε να γίνεται αξιοποίηση των πλεονεκτημάτων και των δύο. Συγκεκριμένα, σε υλικό σχεδιάστηκαν οι, απαιτητικοί σε χρόνο, κρυπτογραφικοί πυρήνες του συστήματος, CBC-AES-128 και HMAC-SHA1-96, ενώ το υπόλοιπο τμήμα του IPsec σχεδιάστηκε σε λογισμικό. Για την σχεδίαση και υλοποίηση του ακολουθήθηκαν οι προδιαγραφές που δίνονται στα αντίστοιχα Data-Sheets και RFCs (Request For Comments) και έγινε προσπάθεια να υλοποιηθεί όσο το δυνατόν μεγαλύτερο μέρος αυτών και με όση το δυνατόν ακρίβεια. Τέλος, έγινε on-chip πιστοποίηση ορθής λειτουργίας του συστήματος στην αναπτυξιακή πλακέτα ML507 (Virtex-5) με σύνδεση της σε ένα δίκτυο υπολογιστών και κρυπτογράφηση/αποκρυπτογράφηση πραγματικών πακέτων δεδομένων. / Computer and network security have been of great interest within the research and the industrial community for the last decades. This interest still grows exponentially due to continually growing attacks in number and scale, the growth of corporative and government networks and the increasing use and trust of computer systems in every aspect of life.
Many new problems and many new ideas and solutions have occurred in this active field. One of the most promising is the IPsec protocol suite, which protects network traffic in the IP level of the internet protocol stack, TCP/IP. Its usage begun a few years ago, in small scale, but with the foreseeing transition from IPv4 to IPv6, it will be mandatory for every networking system to have an IPsec implementation, with the perspective of strengthening Internet security.
Moreover, development of application specific systems turned to embedded system solutions. For the development and verification process of embedded systems, it’s usual the usage of FPGA (Field Programmable Gate Array) chips, while the final form of the system is, in most cases, an ASIC (Application Specific Integrated Circuit) system because of the advantages in speed and low power consumption.
The current diploma thesis deals with the design and implementation of IPsec protocol suite in the form of a hardware-software embedded system, using the Virtex 5 FPGA platform, product of the company Xilinx. It uses a Microblaze processor and hardware accelerators. The system is designed with hardware/software co-design, utilizing efficiently their advantages. Specifically, the most time consuming cryptographic components, CBC-AES-128 and HMAC-SHA1-96, are implemented in hardware, while the rest of the IPsec is implemented in software. The implementation followed the corresponding Data-Sheets and RFC (Request For Comments) specifications as much as possible in the manner of features and implementation accuracy. Finally, the system was interconnected as part of a computer network and was verified with processing of real packets.
|
44 |
Caso de estudio de comunicaciones seguras sobre redes móviles ad hocRocabado, Sergio 11 March 2014 (has links)
En este trabajo se presenta el estudio de un caso de integración de una MANET, desplegada en una zona remota, a una red de infraestructura. La finalidad principal es la de proporcionar, a los nodos de la red ad hoc, acceso “seguro” a un servidor de la red de infraestructura, sin comprometer recursos como ancho de banda y energía que son limitados en la zona de despliegue. Para ello, se implemento un escenario de pruebas que comprende el despliegue de una MANET en zona remota y la integración de la misma a una red de infraestructura a través de la red celular. Sobre el escenario propuesto se establecieron canales de comunicación extremo a extremo, entre un nodo de la MANET y un servidor de infraestructura. Inicialmente, se realizaron pruebas inyectando tráfico de datos sobre un canal “no seguro” para obtener valores de referencia para latencia, throughput y consumo de energía. Luego, se efectuaron las mismas pruebas utilizando canales de comunicación “seguros” configurados sobre protocolos IPSEC y SSL/TLS. Los resultados obtenidos utilizando canales “seguros” fueron comparados con los valores de referencia para determinar las diferencias de consumo de recursos. Las desviaciones que surgieron de estas comparaciones, permitieron:
- Establecer el consumo adicional de recursos generado por el uso de protocolos seguros.
- Realizar un estudio comparativo de rendimiento, entre diferentes configuraciones de protocolos de seguridad.
- Determinar que protocolo seguro se adapta mejor a este tipo de entornos.
|
45 |
Lightweight Security Solutions for the Internet of ThingsRaza, Shahid January 2013 (has links)
The future Internet will be an IPv6 network interconnecting traditional computers and a large number of smart object or networks such as Wireless Sensor Networks (WSNs). This Internet of Things (IoT) will be the foundation of many services and our daily life will depend on its availability and reliable operations. Therefore, among many other issues, the challenge of implementing secure communication in the IoT must be addressed. The traditional Internet has established and tested ways of securing networks. The IoT is a hybrid network of the Internet and resource-constrained networks, and it is therefore reasonable to explore the options of using security mechanisms standardized for the Internet in the IoT. The IoT requires multi-facet security solutions where the communication is secured with confidentiality, integrity, and authentication services; the network is protected against intrusions and disruptions; and the data inside a sensor node is stored in an encrypted form. Using standardized mechanisms, communication in the IoT can be secured at different layers: at the link layer with IEEE 802.15.4 security, at the network layer with IP security (IPsec), and at the transport layer with Datagram Transport Layer Security (DTLS). Even when the IoT is secured with encryption and authentication, sensor nodes are exposed to wireless attacks both from inside the WSN and from the Internet. Hence an Intrusion Detection System (IDS) and firewalls are needed. Since the nodes inside WSNs can be captured and cloned, protection of stored data is also important. This thesis has three main contributions. (i) It enables secure communication in the IoT using lightweight compressed yet standard compliant IPsec, DTLS, and IEEE 802.15.4 link layer security; and it discusses the pros and cons of each of these solutions. The proposed security solutions are implemented and evaluated in an IoT setup on real hardware. (ii) This thesis also presents the design, implementation, and evaluation of a novel IDS for the IoT. (iii) Last but not least, it also provides mechanisms to protect data inside constrained nodes. The experimental evaluation of the different solutions shows that the resource-constrained devices in the IoT can be secured with IPsec, DTLS, and 802.15.4 security; can be efficiently protected against intrusions; and the proposed combined secure storage and communication mechanisms can significantly reduce the security-related operations and energy consumption.
|
46 |
Design and performance analysis of a reconfigurable, unified HMAC-hash unit for IPSec authenticationKhan, Esam Ali Hasan 15 December 2009 (has links)
In this dissertation, we discuss the design of a reconfigurable, unified HMAC-hash unit for IPSec authentication. The proposed unit is reconfigurable at runtime to enable implementing any of six standard algorithms: MD5, SHA-1, RIPEMD-160. HMAC-MD5. HMAC-SHA-1, and HMAC-RIPEMD-160. The designed unit can be used for IPSec or any other security application that uses hash functions, such as digital signature. We applied speedup techniques, such as pipelining and parallelism, to enhance the design of the HMAC-hash unit. We also proposed a key reuse technique to improve the HMAC through-put. We used an emerging system design methodology in designing the HNLAC-hash unit. This methodology uses a high level language, Handel-C, to implement the designed unit and directly map it to FPGA platforms. We used the available constructs of Handel-C to conduct a design space exploration of the HMAC-hash unit. The performance of the designed unit was analyzed and compared to performance reported in previous work. To our knowledge, this work is the first in the literature that integrates six standard hash algorithms in one unified, reconfigurable unit. It is also the first in the literature that implements HMAC-RIPEMD-160 on FPGA. The work reported in this dissertation is the first to integrate HMAC with three hash functions. The achieved throughput is 173.69 Mbps for MD5 and 139.38 Mbps for each of SHA-I and RIPEMD-160. Compared to results reported in previous work, our unit achieves better throughput than those integrating three or more hash functions and a comparable throughput to those integrating two hash functions. We achieved better maximum frequency, which is 44.1 MHz. than all other work. We achieved comparable results to those integrating HMAC with some hash functions. The area utilization of the designed unit is less than 33% of the available logic on the FPGA chip we used. Thus, the designed unit can fit on a single FPGA chip as an SoC.
|
47 |
Securing a wireless local area network : using standard security techniquesEkström, Dan January 2003 (has links)
Wireless equipment offers several possibilities which make it more attractive than the wired alternative. Meetings or temporary office spaces could be assigned with less consideration of the presence of permanent networking facilities. It also makes it possible for users to create ad-hoc networks simply by being within a certain range of each other, which facilitates information sharing. Since information is broadcasted in the air, it also requires stringent security measures. Vendors of wireless equipment have their non-standard security solutions which lock-in the acquirer. For this purpose I study standard security schemes which could be applied independent of the wireless device manufacturer. The techniques that I have chosen are IPSec, Kerberos and MS Passport. The study describes each technique from the perspectives of manageability, security, performance, compatibility, cost and ease of implementation. The result is a comparison of the studied techniques. I conclude with a recommendation to use a combination of IPSec and Kerberos to enhance the security of a wireless local area network and a reservation towards MS Passport.
|
48 |
Investigation of different VPN SolutionsRehman, Sheikh Riaz Ur January 2009 (has links)
Abstract The rapid growth of e-business in past few years has improved companies efficiency and revenue growth. E-business applications such as e-commerce, remote access has enabled companies to manage processes, lower operating costs and increased customer satisfaction. Also the need rises for the scalable networks that accommodate voice, video, and data traffic. With the increased dependability of networks the security issues are raised and networks become more and more vulnerable to different types of security threats. To overcome security issues different security technologies are in action by vendors and technologists. Also for the survival of many businesses to allow open access to network resources, today’s networks are designed with the requirement of availability to the Internet and public networks, therefore, information confidentiality is the major issue in these networks to ensure that the network resources and user data are as secure as possible. With the requirement of network security, concept of Virtual private network was established. A Virtual Private Network (VPN) can be defined as a network in which connectivity between multiple customers’ sites is deployed on a shared network with the same security as a private network. Different VPN technologies and protocols architectures are available in market among are MPLS VPN architecture, IPSec VPN architecture, and SSL VPN architecture. Like With the introduction of Multiprotocol Label Switching (MPLS), which combines the benefits of Layer 2 switching and Layer 3 routing, it became possible to construct a technology that combines the benefits of an overlay VPN with the benefits of peer-to-peer VPN implementation in which routing is simple. MPLS/VPN is a new and simple technology, which provides simpler to routing and also makes number of topologies easy to implement which are otherwise difficult to implement. All architectures have benefits and drawbacks, also each of them can be implemented separately or in combination of other according to customer security requirement and performance of the network.
|
49 |
On the security of TLS and IPsec : Mitigation through physical constraints / Om säkerheten hos TLS och IPsec : Lindring genom fysiska begränsningarReimers, Erik January 2015 (has links)
TLS and IPsec are two protocols that provide secure communication on the Internet. They provide similar services but operate on different levels. This report compiles some of thecurrent known vulnerabilities that exist in those two protocols. It also describes attacks that exploit those vulnerabilities. Based on the vulnerabilities this paper gives guidelines onhow to avoid them when implementing TLS and IPsec. This paper also demonstrates a proof-of-concept that shows how IPsec can be configured to avoid some of the vulnerabilities. Theproof-of-concept also shows how IPsec can be used to setup a secure connection between two peers, using Near Field Communication, on an ad hoc network.
|
50 |
Securing Communication in IP-Connected Industrial Wireless Sensor NetworksRaza, Shahid January 2011 (has links)
With the advent of wireless sensor networks (WSN) and success of wirelesscommunication in the local and personal area networks such asWi-Fi and Bluetoothmore serious efforts to apply standard wireless communication in sensitiveindustrial networks were initiated. This effort resulted in the standardizationof WirelessHART. Other standardization efforts include ISA 100.11a andZigBee. Keeping in mind the nature of wireless communication and sensitivityof industrial environments security of these network gets greater importance. In this thesis we work on security issues in industrial WSN in general andIP-connected WSN in particular. Currently WirelessHART is the only approvedstandard for secure wireless communication in industrial WSNs. Westart our work with the analysis of security mechanisms in WirelessHART.We propose solutions for the security shortcomings in WirelessHART, and designand implement the missing security components. Particularly, we specify,design, implement, and evaluate the first open security manager for WirelessHARTnetworks. With the standardization of IP in WSNs (6LoWPAN) and birth of Internetof Things the need for IP communication in industrial WSN is getting importance.The recently proposed ISA 100.11a standard is IP-based since its inception.Also standardization efforts are in progress to apply IP in WirelessHARTand Zigbee. Recently, WSNs and traditional IP networks are more tightly integratedusing IPv6 and 6LoWPAN. We realize the importance of having aninteroperable standardized secure IP communication in industrial WSNs. IPSecurity (IPsec) is a mandatory security solution in IPv6. We propose to useIPsec for 6LoWPAN enabled industrial WSNs. However, it is not meaningfulto use IPsec in its current form in resource constrained WSNs. In additionto providing security solutions for WirelessHART, in this thesis we also specify,design, implement, and extensively evaluate lightweight IPsec that enablesend-to-end secure communication between a node in a 6LoWPAN and a device in the traditional Internet. Our results show that lightweight IPsec is a sensibleand practical solution for securing WSN.
|
Page generated in 0.0514 seconds