Abstract: Due to shortage in IPv4 addresses, transition to IPv6 has gained significant momentum in recent years. Like Address Resolution Protocol (ARP) in IPv4, Neighbor Discovery Protocol (NDP) provides some functions like address resolution in IPv6. Besides functionality of NDP, it is vulnerable to some attacks. To mitigate these attacks, Internet Protocol Security (IPsec) was introduced, but it was not efficient due to its limitation. Therefore, SEND protocol is proposed to automatic protection of auto-configuration process. It is secure neighbor discovery and address resolution process. To defend against threats on NDP’s integrity and identity, Cryptographically Generated Address (CGA) and asymmetric cryptography are used by SEND. Besides advantages of SEND, its disadvantages like the computation process of CGA algorithm and sequentially of CGA generation algorithm are considerable. In this paper, we parallel this process between network resources in order to improve it. In addition, we compare the CGA generation time in self-computing and distributed-computing process. We focus on the impact of the malicious nodes on the CGA generation time in the network. According to the result, although malicious nodes participate in the generation process, CGA generation time is less than when it is computed in a one-way. By Trust Management System, detecting and insulating malicious nodes is easier.
Abstract: This work presents a new approach of securing a
wireless network. The configuration is focused on securing &
Protecting wireless network traffic for a small network such as a
home or dorm room. The security Mechanism provided both
authentication, allowing only known authorized users access to the
wireless network, and encryption, preventing anyone from reading
the wireless traffic. The mentioned solution utilizes the open source
free S/WAN software which implements the Internet Protocol
Security –IPSEC. In addition to wireless components, wireless NIC
in PC and wireless access point needs a machine running Linux to act
as security gateway. While the current configuration assumes that the
wireless PC clients are running Linux, Windows XP/VISTA/7 based
machines equipped with VPN software which will allow to interface
with this configuration.
Abstract: IPsec has now become a standard information security
technology throughout the Internet society. It provides a well-defined
architecture that takes into account confidentiality, authentication,
integrity, secure key exchange and protection mechanism against
replay attack also. For the connectionless security services on packet
basis, IETF IPsec Working Group has standardized two extension
headers (AH&ESP), key exchange and authentication protocols. It is
also working on lightweight key exchange protocol and MIB's for
security management. IPsec technology has been implemented on
various platforms in IPv4 and IPv6, gradually replacing old
application-specific security mechanisms. IPv4 and IPv6 are not
directly compatible, so programs and systems designed to one
standard can not communicate with those designed to the other. We
propose the design and implementation of controlled Internet security
system, which is IPsec-based Internet information security system in
IPv4/IPv6 network and also we show the data of performance
measurement. With the features like improved scalability and
routing, security, ease-of-configuration, and higher performance of
IPv6, the controlled Internet security system provides consistent
security policy and integrated security management on IPsec-based
Internet security system.
Abstract: In this paper an efficient implementation of Ripemd-
160 hash function is presented. Hash functions are a special family
of cryptographic algorithms, which is used in technological
applications with requirements for security, confidentiality and
validity. Applications like PKI, IPSec, DSA, MAC-s incorporate
hash functions and are used widely today. The Ripemd-160 is
emanated from the necessity for existence of very strong algorithms
in cryptanalysis. The proposed hardware implementation can be
synthesized easily for a variety of FPGA and ASIC technologies.
Simulation results, using commercial tools, verified the efficiency of
the implementation in terms of performance and throughput. Special
care has been taken so that the proposed implementation doesn-t
introduce extra design complexity; while in parallel functionality was
kept to the required levels.
Abstract: IPsec protocol[1] is a set of security extensions
developed by the IETF and it provides privacy and authentication
services at the IP layer by using modern cryptography. In this paper,
we describe both of H/W and S/W architectures of our router system,
SRS-10. The system is designed to support high performance routing
and IPsec VPN. Especially, we used Cavium-s CN2560 processor to
implement IPsec processing in inline-mode.
Abstract: Security management has changed from the
management of security equipments and useful interface to manager.
It analyzes the whole security conditions of network and preserves the
network services from attacks. Secure router technology has security
functions, such as intrusion detection, IPsec(IP Security) and access
control, are applied to legacy router for secure networking. It controls
an unauthorized router access and detects an illegal network intrusion.
This paper relates to a security engine management of router based on
a security policy, which is the definition of security function against a
network intrusion. This paper explains the security policy and designs
the structure of security engine management framework.
Abstract: The VoIP networks as alternative method to traditional PSTN system has been implemented in a wide variety of structures
with multiple protocols, codecs, software and hardware–based
distributions. The use of cryptographic techniques let the users to have a secure communication, but the calculate throughput as well as the QoS parameters are affected according to the used algorithm. This
paper analyzes the VoIP throughput and the QoS parameters with
different commercial encryption methods. The measurement–based
approach uses lab scenarios to simulate LAN and WAN
environments. Security mechanisms such as TLS, SIAX2, SRTP,
IPSEC and ZRTP are analyzed with μ-LAW and GSM codecs.
Abstract: Recently, various services such as television and the
Internet have come to be received through various terminals.
However, we could gain greater convenience by receiving these
services through cellular phone terminals when we go out and then
continuing to receive the same services through a large screen digital
television after we have come home. However, it is necessary to go
through the same authentication processing again when using TVs
after we have come home. In this study, we have developed an
authentication method that enables users to switch terminals in
environments in which the user receives service from a server through
a terminal. Specifically, the method simplifies the authentication of
the server side when switching from one terminal to another terminal
by using previously authenticated information.
Abstract: Elliptic curve-based certificateless signature is slowly
gaining attention due to its ability to retain the efficiency of
identity-based signature to eliminate the need of certificate
management while it does not suffer from inherent private
key escrow problem. Generally, cryptosystem based on elliptic
curve offers equivalent security strength at smaller key sizes
compared to conventional cryptosystem such as RSA which
results in faster computations and efficient use of computing
power, bandwidth, and storage. This paper proposes to implement
certificateless signature based on bilinear pairing to
structure the framework of IKE authentication. In this paper,
we perform a comparative analysis of certificateless signature
scheme with a well-known RSA scheme and also present the
experimental results in the context of signing and verification
execution times. By generalizing our observations, we discuss the
different trade-offs involved in implementing IKE authentication
by using certificateless signature.
Abstract: This paper proposes a VPN Accelerator Board
(VPN-AB), a virtual private network (VPN) protocol designed for
trust channel security system (TCSS). TCSS supports safety
communication channel between security nodes in internet. It
furnishes authentication, confidentiality, integrity, and access control
to security node to transmit data packets with IPsec protocol. TCSS
consists of internet key exchange block, security association block,
and IPsec engine block. The internet key exchange block negotiates
crypto algorithm and key used in IPsec engine block. Security
Association blocks setting-up and manages security association
information. IPsec engine block treats IPsec packets and consists of
networking functions for communication. The IPsec engine block
should be embodied by H/W and in-line mode transaction for high
speed IPsec processing. Our VPN-AB is implemented with high speed
security processor that supports many cryptographic algorithms and
in-line mode. We evaluate a small TCSS communication environment,
and measure a performance of VPN-AB in the environment. The
experiment results show that VPN-AB gets a performance throughput
of maximum 15.645Gbps when we set the IPsec protocol with
3DES-HMAC-MD5 tunnel mode.