The emergence of various technologies has since pushed researchers to develop new protocols that support high density data transmissions in Wide Area Networks. Many of these protocols are TCP protocol variants, which have demonstrated better performance in simulation and several limited network experiments but have limited practical applications because of implementation and installation difficulties. On the other hand, users who need to transfer bulk data (e.g., in grid/cloud computing) usually turn to application level solutions where these variants do not fair well. Among protocols considered in the application level solutions are UDP-based protocols, such as UDT (UDP-based Data Transport Protocol) for cloud /grid computing. Despite the promising development of protocols like UDT, what remains to be a major challenge that current and future network designers face is to achieve
survivability and security of data and networks. Our previous research surveyed various security methodologies which led to the development of a framework for UDT. In this paper we present lowerlevel security by introducing an Identity Packet (IP) and Authentication Option (AO) for UDT.
PROTECTOR CONTROL PC-AODV-BH IN THE AD HOC NETWORKSZac Darcy
In this paper we deal with the protector control that which we used to secure AODV routing protocol in Ad
Hoc networks. The considered system can be vulnerable to several attacks because of mobility and absence
of infrastructure. While the disturbance is assumed to be of the black hole type, we purpose a control
named "PC-AODV-BH" in order to neutralize the effects of malicious nodes. Such a protocol is obtained by
coupling hash functions, digital signatures and fidelity concept. An implementation under NS2 simulator
will be given to compare our proposed approach with SAODV protocol, basing on three performance
metrics and taking into account the number of black hole malicious nodes.
IJERA (International journal of Engineering Research and Applications) is International online, ... peer reviewed journal. For more detail or submit your article, please visit www.ijera.com
Inter-Process Communication in distributed systemsAya Mahmoud
Inter-Process Communication is at the heart of all distributed systems, so we need to know the ways that processes can exchange information.
Communication in distributed systems is based on Low-level message passing as offered by the underlying network.
Multi port network ethernet performance improvement techniquesIJARIIT
An Ethernet has its own importance and space in network subsystem. In today’s resource-intensive engineering the
applications need to deal with the real-time data processing, server virtualization, and high-volume data transactions. The realtime
technologies such as video on demand and Voice over IP operations demand the network devices with efficient network
data processing as well as better networking bandwidth. The performance is the major issues with the multi-port network
devices. It requires the sufficient network bandwidth and CPU processing speed to process the real-time data at the context.
And this demand is goes on increasing. The new multi-port hardware technologies can help to improvements in the
performance of the virtualized server environments. But, these hardware technologies having their own limitations in terms of
CPU utilization levels and power consumption. It also impacts on latency and the overall system cost. This thesis will provide
the insights to some of the key configuration decisions at hardware as well as software designs in order to facilitate multi-port
network devices performance improvement over the existing infrastructure. This thesis will also discuss the solutions such as
Virtual LAN and balanced or symmetric network to reduce the cost and hardware dependency to improve the multi-port
network system performance significantly over the currently existing infrastructure. This performance improvement includes
CPU utilization and bandwidth in the heavy network loads.
The document is a cover sheet for a student submitting a coursework assignment. It includes the student's details such as name, student number, degree and module. It requires the student to declare that the submitted work is their own and has not been plagiarized. The student must sign and date the form for the submission to be accepted by examiners.
Implementation model architecture software defined network using raspberry Pi...TELKOMNIKA JOURNAL
Software defined network (SDN) made with basic concepts that are different from traditional networks in controlling the network, the separation between the control layer and forwarding layer on different devices allows the administrator to adjust the control plan for all devices centralized in one action, while in traditional network, the control and forwarding layers are located in the infrastructure making network administrator must manage devices one by one. Research using single board computers on network technology provides an opportunity to implement SDN architecture. Raspberry Pi has sufficient ability. QoS results meet the ITU-T G.1010 reference which indicates that Raspberry Pi can be used on designed networks.
New generations of applications call for new demands
that are totally different from previous uses of the Internet (e.g.,
cross-layer and network function virtualization), and the existing
networks are not optimized for these new demands due to being
overwhelmed by enormous numbers of external network
protocols. Overlay network technologies aim to respond to such
future network demands. Systems on overlay networks mitigate
this protocol overload by exploiting the unlimited
programmability of the overlay nodes comprising the system.
This paper proposes an overlay node that works as a transparent
proxy server and router for encrypted communication over
overlay networks. This overlay node acts as a virtual switch over
multiple layers of the OSI reference model (the datalink, network, transport, and session layers) using general-purpose components (a personal computer, physical network interface card, and
virtual network interface card, developed using the C language).
The ideas behind this proposal derive from the effectiveness of
software-defined networks and network function virtualization.
Finally, we examine the performance of the overlay node
experimentally and suggest possible designs for future overlay
networks.
PROTECTOR CONTROL PC-AODV-BH IN THE AD HOC NETWORKSZac Darcy
In this paper we deal with the protector control that which we used to secure AODV routing protocol in Ad
Hoc networks. The considered system can be vulnerable to several attacks because of mobility and absence
of infrastructure. While the disturbance is assumed to be of the black hole type, we purpose a control
named "PC-AODV-BH" in order to neutralize the effects of malicious nodes. Such a protocol is obtained by
coupling hash functions, digital signatures and fidelity concept. An implementation under NS2 simulator
will be given to compare our proposed approach with SAODV protocol, basing on three performance
metrics and taking into account the number of black hole malicious nodes.
IJERA (International journal of Engineering Research and Applications) is International online, ... peer reviewed journal. For more detail or submit your article, please visit www.ijera.com
Inter-Process Communication in distributed systemsAya Mahmoud
Inter-Process Communication is at the heart of all distributed systems, so we need to know the ways that processes can exchange information.
Communication in distributed systems is based on Low-level message passing as offered by the underlying network.
Multi port network ethernet performance improvement techniquesIJARIIT
An Ethernet has its own importance and space in network subsystem. In today’s resource-intensive engineering the
applications need to deal with the real-time data processing, server virtualization, and high-volume data transactions. The realtime
technologies such as video on demand and Voice over IP operations demand the network devices with efficient network
data processing as well as better networking bandwidth. The performance is the major issues with the multi-port network
devices. It requires the sufficient network bandwidth and CPU processing speed to process the real-time data at the context.
And this demand is goes on increasing. The new multi-port hardware technologies can help to improvements in the
performance of the virtualized server environments. But, these hardware technologies having their own limitations in terms of
CPU utilization levels and power consumption. It also impacts on latency and the overall system cost. This thesis will provide
the insights to some of the key configuration decisions at hardware as well as software designs in order to facilitate multi-port
network devices performance improvement over the existing infrastructure. This thesis will also discuss the solutions such as
Virtual LAN and balanced or symmetric network to reduce the cost and hardware dependency to improve the multi-port
network system performance significantly over the currently existing infrastructure. This performance improvement includes
CPU utilization and bandwidth in the heavy network loads.
The document is a cover sheet for a student submitting a coursework assignment. It includes the student's details such as name, student number, degree and module. It requires the student to declare that the submitted work is their own and has not been plagiarized. The student must sign and date the form for the submission to be accepted by examiners.
Implementation model architecture software defined network using raspberry Pi...TELKOMNIKA JOURNAL
Software defined network (SDN) made with basic concepts that are different from traditional networks in controlling the network, the separation between the control layer and forwarding layer on different devices allows the administrator to adjust the control plan for all devices centralized in one action, while in traditional network, the control and forwarding layers are located in the infrastructure making network administrator must manage devices one by one. Research using single board computers on network technology provides an opportunity to implement SDN architecture. Raspberry Pi has sufficient ability. QoS results meet the ITU-T G.1010 reference which indicates that Raspberry Pi can be used on designed networks.
New generations of applications call for new demands
that are totally different from previous uses of the Internet (e.g.,
cross-layer and network function virtualization), and the existing
networks are not optimized for these new demands due to being
overwhelmed by enormous numbers of external network
protocols. Overlay network technologies aim to respond to such
future network demands. Systems on overlay networks mitigate
this protocol overload by exploiting the unlimited
programmability of the overlay nodes comprising the system.
This paper proposes an overlay node that works as a transparent
proxy server and router for encrypted communication over
overlay networks. This overlay node acts as a virtual switch over
multiple layers of the OSI reference model (the datalink, network, transport, and session layers) using general-purpose components (a personal computer, physical network interface card, and
virtual network interface card, developed using the C language).
The ideas behind this proposal derive from the effectiveness of
software-defined networks and network function virtualization.
Finally, we examine the performance of the overlay node
experimentally and suggest possible designs for future overlay
networks.
This document provides an overview of network security concepts including:
- The OSI reference model which defines 7 layers of network architecture.
- Common network devices like switches, routers, and hubs.
- Reconnaissance and scanning phases that attackers use to identify vulnerabilities.
- Network-based attacks such as sniffing, spoofing, and denial-of-service attacks.
- Sniffing software and hardware that can intercept and analyze network traffic.
SDN: A New Approach to Networking TechnologyIRJET Journal
This document summarizes SDN (Software Defined Networking) and its relationship to network virtualization and NFV (Network Function Virtualization). It discusses how SDN separates the control plane from the data plane to make networks programmable. It also describes how network virtualization allows multiple virtual networks to run simultaneously on top of a physical network. NFV aims to virtualize network functions like firewalls and load balancers that were traditionally hardware-based. The document argues that SDN, network virtualization, and NFV work together to provide flexible, easily reconfigurable networks and reduce costs. When combined, they allow networks to be centrally programmed and abstracted from physical hardware.
SYSTEM NETWORK ADMINISTRATIONS GOALS and TIPSProf Ansari
The goal of network administration is to ensure that the users of networks receive the information and technically serves with the quality of services they expect.
Network administration means the management of network infrastructures devices (such as router and switches)
Network administration compromises of 3 majors groups:
1. Network provisioning
2. Network operations
3. Network maintenance
This document analyzes the performance of application protocols like HTTP and FTP in a mobile ad hoc network (MANET) using the network simulation tool OPNET. It describes 6 simulation scenarios with varying numbers of nodes. Traffic is generated using FTP and HTTP applications. Key metrics like throughput, network load, and media access delay are observed. The document finds that as the number of nodes increases, these performance metrics are affected.
Performance Analysis of TCP and SCTP For Congestion Losses In ManetIJERA Editor
Transmission control protocols have been used for data transmission process. TCP has been pre-owned for data transmission over wired communication having different bandwidths and message delays over the network. TCP provides communication using 3-handshake which sends RTS and ACK comes from server end and data message has been transmitted over the bandwidth provided. This does not provide security over flooding attack occurred on the network. TCP provides communication between different nodes of the wired communication but when multi-streaming occurs in a network TCP does not provides proper throughput of the system which is major problem that occurred in the previous system. In the proposed work, to overcome this problem SCTP transmission control protocol has been implemented for the system performance of the system. SCTP provides 4-handshake communication in the message transmit due to which security factor get increases and this also provides communication services over multi-streaming and multi-homing. Multiple sender and receivers can communicate over wired network using various approaches of communication through same routers, which degrades in the TCP protocol. In final we evaluate parameters for performance evaluation. Here, we designed and implemented our test bed using Network Simulator (NS-2.35) to test the performance of both Routing protocols.
An Investigation on Standards and Applications of Signalling System No.7IJRES Journal
Signaling system 7 (SS7) is the standard communication system that has been used to control public telephone networks since 1980s. Also to control the GSM network (for related and not related circuit signal), SS7 technology later offers advanced intelligent network features.SS7 network are now interconnecting with and operating on Internet data network (SS7 over IP). Based on signaling system- No.7 , a device named REMOTE CONTROL OBSERVER has been developed. The purpose of this device is to start, switch off, open, lock, break down and display the location of the vehicle on the electronic map which is fixed inside it; also it enables the Security Department to locate the place and direction of vehicle inside the GSM Network. The device is consists of a screen (displays the electronic map), and a box consists of a device similar to the cellular phone (with few differences ) , batteries and electronic circuit used to break down the electrical circuit of the vehicle ,where the device is subscribed with the GSM Network. The main advantage of this device is to use the available technologies and applications with adding and amending some of the programs and tasks for cellular phone and using the data base of the Home Location Register (HLR) and Visitor Location Register (VLR) by connecting a terminal to enable the user to search for any vehicle.
An intrusion detection system for detecting malicious nodes in manet using tr...ijctet
This document summarizes an intrusion detection system called EAACK that detects malicious nodes in mobile ad hoc networks (MANETs). It begins by providing background on MANETs and challenges related to their decentralized structure and dynamic topology. It then discusses common attacks on MANETs like packet dropping, and the need for intrusion detection systems to increase network security. Existing IDS methods are outlined along with their limitations. The document proposes a new IDS called EAACK that aims to more accurately detect malicious behaviors without impacting network performance. Key concepts of trust values and monitoring nodes are incorporated into EAACK to reduce false detections.
UNIT I INTRODUCTION 7
Examples of Distributed Systems–Trends in Distributed Systems – Focus on resource sharing – Challenges. Case study: World Wide Web.
This topic is based on the IoT network Protocol which is based on the X.25 network protocol.In this topic we discussed about X.25 introduction,basic features and work performance of the X.25..
This thesis examines cross-layer interactions between middleware and routing protocols in mobile ad hoc networks (MANETs). The author developed CrossROAD, a middleware that optimizes the establishment and maintenance of a structured overlay network through interactions with the routing layer. An XL-plugin was also created to extend the proactive routing protocol UniKOLSR to support service discovery and allow information sharing between the middleware and routing layers. Experimental results showed CrossROAD performed well with low delays and supported mobility. Future work could explore using different routing protocols and evaluating applications' quality of service in larger, more mobile MANET environments.
This document presents a formal specification and validation of multiparty WebRTC conferencing systems using the Specification and Description Language (SDL). The authors first provide an overview of multiparty conferencing systems and the challenges of using WebRTC for these systems. They then discuss their SDL model, which models the signaling and control planes of a multiparty conferencing system. Finally, they discuss validating their SDL model to check for design errors.
This document provides an overview of wide area networks (WANs) including what they are, how they have evolved, common connection technologies and options. A WAN connects devices over a broader geographic area than a local area network (LAN) using carriers. As networks grow, hierarchical designs must also grow to aggregate WAN traffic and provide scalability, availability and user access. Common WAN connection technologies include dedicated leased lines, circuit-switched options like ISDN, and packet-switched options like Frame Relay, ATM, DSL, cable broadband and wireless. Virtual private networks (VPNs) provide secure, encrypted connections between private networks over public networks like the Internet.
Sync IT is a file transfer solution that uses BitTorrent's peer-to-peer protocol to efficiently sync files between multiple locations over any network. It provides centralized management, supports many platforms, uses encryption for security, and is optimized for wide area networks and unreliable connections. Sync IT can be used for tasks like replicating training materials to remote workstations, syncing medical data from rural clinics to expert reviewers, and distributing emergency information to first responders in the field.
The document provides an overview of the TCP/IP architecture and reference model. It discusses:
1) An architectural model separates network communication functions into stacked layers, with each layer performing a specific task. The TCP/IP model has four layers - network access, internet, transport, and application.
2) Data is passed down the stack from higher to lower layers, with each layer adding encapsulation headers and trailers. At the receiving end, these are removed in reverse order.
3) The four layers of the TCP/IP model are described in detail. The network access layer handles physical network delivery. The internet layer provides routing. The transport layer enables reliable end-to-end communication. The application
Attacks Prevention and Detection Techniques In MANET: A SurveyIJERA Editor
Wireless sensor network is a set of distributed sensor nodes. Which are randomly deployed in geographical area
to capture climatic changes like temperature, humidity and pressure. In Wireless Network MANET is a Mobile
Ad-Hoc Networks which is a one self-configurable network. MANET is a collection of Wireless mobile node
which is dynamically moves from one location to another location. Both attacks Active as well as Passive
attacks is in MANET. It doesn’t have a static structure. Security for wireless network is much difficult as
compare to wired networks. In last few years many security and attacks issue are face many researchers in
MANET. Attacks like Packet dropping attack, Black-Hole attack, Denial of Service attack, wormhole attacks
and Packet modification attacks found in MANET. At the time of data communication all the above mentioned
attacks access data easily without permission. To solve the problem of attacks in MANET and secure data
communication use Intrusion Detection System. In This paper propose the survey of different kinds of attacks
on MANET and Wireless sensor networks. This paper helps to young researcher for implement new hybrid
algorithm for secure intrusion detection in MANET.
This document discusses various distributed system architectures including centralized, decentralized, and hybrid architectures. It covers software architectures like layered architectures, object-based architectures, and event-based architectures. It also discusses system architectures including client-server, peer-to-peer, structured P2P (like Chord and CAN), unstructured P2P, and hybrid architectures combining centralized and decentralized elements like edge server systems and collaborative distributed systems. Middleware is described as sitting between applications and distributed platforms to provide distribution transparency. Adaptability techniques like interceptors, separation of concerns, reflection, and feedback control loops are also summarized.
The document discusses virtual private networks (VPNs) and their implementation. It covers:
1) VPNs allow secure connections between remote users through public networks like they are on a private network. Common VPN protocols include IPSec, L2TP, PPTP.
2) IPSec VPNs provide encryption and authentication at the IP layer to securely transmit data through public IP networks within encrypted tunnels.
3) MPLS VPNs offer scalability and allow centralized services like multicast and QoS across locations connected through the VPN.
HOST AND NETWORK SECURITY by ThesisScientist.comProf Ansari
Network management means different things to different people. In some cases, it involves a solitary network consultant monitoring network activity with an outdated protocol analyzer. In other cases, network management involves a distributed database, auto polling of network devices, and high-end workstations generating real-time graphical views of network topology changes and traffic. In general, network management is a service that employs a variety of tools, applications, and devices to assist human network managers in monitoring and maintaining networks.
VEGAS: Better Performance than other TCP Congestion Control Algorithms on MANETsCSCJournals
The document analyzes the performance of six TCP congestion control algorithms (BIC, Cubic, Compound, Vegas, Reno, and Westwood) on mobile ad hoc networks (MANETs) using network simulator 2 (NS2). Simulation results show that the Vegas algorithm provided better and more stable throughput than the other algorithms over the entire simulation time, both with and without node mobility. While BIC achieved the highest throughput after 75 seconds, Vegas was the only algorithm that maintained almost constant throughput from the start to end of the 200 second simulations. Therefore, the document concludes that Vegas is the most suitable algorithm for MANET scenarios.
Internet of things protocols for resource constrained applications Pokala Sai
A detailed documentation on internet protocols at present happening of internet of things applications and a bit comparison of protocols using basic requirements
This document proposes a new telecommunications architecture that aims to simplify converged networks handling TDM and IP. It involves a modular router/protocol machine that performs telecom functions rather than using complex concurrent protocols. The machine translates between legacy and IP networks and can transfer different data streams and signaling. It uses proprietary protocols internally to efficiently process data while maintaining standards-based interfaces. This modular design allows flexibility in implementation and scale as well as supporting centralized or distributed architectures and redundancy. The core components are connected via buses and coordinated by a main system controller to implement the routing functions.
This document provides an overview of network security concepts including:
- The OSI reference model which defines 7 layers of network architecture.
- Common network devices like switches, routers, and hubs.
- Reconnaissance and scanning phases that attackers use to identify vulnerabilities.
- Network-based attacks such as sniffing, spoofing, and denial-of-service attacks.
- Sniffing software and hardware that can intercept and analyze network traffic.
SDN: A New Approach to Networking TechnologyIRJET Journal
This document summarizes SDN (Software Defined Networking) and its relationship to network virtualization and NFV (Network Function Virtualization). It discusses how SDN separates the control plane from the data plane to make networks programmable. It also describes how network virtualization allows multiple virtual networks to run simultaneously on top of a physical network. NFV aims to virtualize network functions like firewalls and load balancers that were traditionally hardware-based. The document argues that SDN, network virtualization, and NFV work together to provide flexible, easily reconfigurable networks and reduce costs. When combined, they allow networks to be centrally programmed and abstracted from physical hardware.
SYSTEM NETWORK ADMINISTRATIONS GOALS and TIPSProf Ansari
The goal of network administration is to ensure that the users of networks receive the information and technically serves with the quality of services they expect.
Network administration means the management of network infrastructures devices (such as router and switches)
Network administration compromises of 3 majors groups:
1. Network provisioning
2. Network operations
3. Network maintenance
This document analyzes the performance of application protocols like HTTP and FTP in a mobile ad hoc network (MANET) using the network simulation tool OPNET. It describes 6 simulation scenarios with varying numbers of nodes. Traffic is generated using FTP and HTTP applications. Key metrics like throughput, network load, and media access delay are observed. The document finds that as the number of nodes increases, these performance metrics are affected.
Performance Analysis of TCP and SCTP For Congestion Losses In ManetIJERA Editor
Transmission control protocols have been used for data transmission process. TCP has been pre-owned for data transmission over wired communication having different bandwidths and message delays over the network. TCP provides communication using 3-handshake which sends RTS and ACK comes from server end and data message has been transmitted over the bandwidth provided. This does not provide security over flooding attack occurred on the network. TCP provides communication between different nodes of the wired communication but when multi-streaming occurs in a network TCP does not provides proper throughput of the system which is major problem that occurred in the previous system. In the proposed work, to overcome this problem SCTP transmission control protocol has been implemented for the system performance of the system. SCTP provides 4-handshake communication in the message transmit due to which security factor get increases and this also provides communication services over multi-streaming and multi-homing. Multiple sender and receivers can communicate over wired network using various approaches of communication through same routers, which degrades in the TCP protocol. In final we evaluate parameters for performance evaluation. Here, we designed and implemented our test bed using Network Simulator (NS-2.35) to test the performance of both Routing protocols.
An Investigation on Standards and Applications of Signalling System No.7IJRES Journal
Signaling system 7 (SS7) is the standard communication system that has been used to control public telephone networks since 1980s. Also to control the GSM network (for related and not related circuit signal), SS7 technology later offers advanced intelligent network features.SS7 network are now interconnecting with and operating on Internet data network (SS7 over IP). Based on signaling system- No.7 , a device named REMOTE CONTROL OBSERVER has been developed. The purpose of this device is to start, switch off, open, lock, break down and display the location of the vehicle on the electronic map which is fixed inside it; also it enables the Security Department to locate the place and direction of vehicle inside the GSM Network. The device is consists of a screen (displays the electronic map), and a box consists of a device similar to the cellular phone (with few differences ) , batteries and electronic circuit used to break down the electrical circuit of the vehicle ,where the device is subscribed with the GSM Network. The main advantage of this device is to use the available technologies and applications with adding and amending some of the programs and tasks for cellular phone and using the data base of the Home Location Register (HLR) and Visitor Location Register (VLR) by connecting a terminal to enable the user to search for any vehicle.
An intrusion detection system for detecting malicious nodes in manet using tr...ijctet
This document summarizes an intrusion detection system called EAACK that detects malicious nodes in mobile ad hoc networks (MANETs). It begins by providing background on MANETs and challenges related to their decentralized structure and dynamic topology. It then discusses common attacks on MANETs like packet dropping, and the need for intrusion detection systems to increase network security. Existing IDS methods are outlined along with their limitations. The document proposes a new IDS called EAACK that aims to more accurately detect malicious behaviors without impacting network performance. Key concepts of trust values and monitoring nodes are incorporated into EAACK to reduce false detections.
UNIT I INTRODUCTION 7
Examples of Distributed Systems–Trends in Distributed Systems – Focus on resource sharing – Challenges. Case study: World Wide Web.
This topic is based on the IoT network Protocol which is based on the X.25 network protocol.In this topic we discussed about X.25 introduction,basic features and work performance of the X.25..
This thesis examines cross-layer interactions between middleware and routing protocols in mobile ad hoc networks (MANETs). The author developed CrossROAD, a middleware that optimizes the establishment and maintenance of a structured overlay network through interactions with the routing layer. An XL-plugin was also created to extend the proactive routing protocol UniKOLSR to support service discovery and allow information sharing between the middleware and routing layers. Experimental results showed CrossROAD performed well with low delays and supported mobility. Future work could explore using different routing protocols and evaluating applications' quality of service in larger, more mobile MANET environments.
This document presents a formal specification and validation of multiparty WebRTC conferencing systems using the Specification and Description Language (SDL). The authors first provide an overview of multiparty conferencing systems and the challenges of using WebRTC for these systems. They then discuss their SDL model, which models the signaling and control planes of a multiparty conferencing system. Finally, they discuss validating their SDL model to check for design errors.
This document provides an overview of wide area networks (WANs) including what they are, how they have evolved, common connection technologies and options. A WAN connects devices over a broader geographic area than a local area network (LAN) using carriers. As networks grow, hierarchical designs must also grow to aggregate WAN traffic and provide scalability, availability and user access. Common WAN connection technologies include dedicated leased lines, circuit-switched options like ISDN, and packet-switched options like Frame Relay, ATM, DSL, cable broadband and wireless. Virtual private networks (VPNs) provide secure, encrypted connections between private networks over public networks like the Internet.
Sync IT is a file transfer solution that uses BitTorrent's peer-to-peer protocol to efficiently sync files between multiple locations over any network. It provides centralized management, supports many platforms, uses encryption for security, and is optimized for wide area networks and unreliable connections. Sync IT can be used for tasks like replicating training materials to remote workstations, syncing medical data from rural clinics to expert reviewers, and distributing emergency information to first responders in the field.
The document provides an overview of the TCP/IP architecture and reference model. It discusses:
1) An architectural model separates network communication functions into stacked layers, with each layer performing a specific task. The TCP/IP model has four layers - network access, internet, transport, and application.
2) Data is passed down the stack from higher to lower layers, with each layer adding encapsulation headers and trailers. At the receiving end, these are removed in reverse order.
3) The four layers of the TCP/IP model are described in detail. The network access layer handles physical network delivery. The internet layer provides routing. The transport layer enables reliable end-to-end communication. The application
Attacks Prevention and Detection Techniques In MANET: A SurveyIJERA Editor
Wireless sensor network is a set of distributed sensor nodes. Which are randomly deployed in geographical area
to capture climatic changes like temperature, humidity and pressure. In Wireless Network MANET is a Mobile
Ad-Hoc Networks which is a one self-configurable network. MANET is a collection of Wireless mobile node
which is dynamically moves from one location to another location. Both attacks Active as well as Passive
attacks is in MANET. It doesn’t have a static structure. Security for wireless network is much difficult as
compare to wired networks. In last few years many security and attacks issue are face many researchers in
MANET. Attacks like Packet dropping attack, Black-Hole attack, Denial of Service attack, wormhole attacks
and Packet modification attacks found in MANET. At the time of data communication all the above mentioned
attacks access data easily without permission. To solve the problem of attacks in MANET and secure data
communication use Intrusion Detection System. In This paper propose the survey of different kinds of attacks
on MANET and Wireless sensor networks. This paper helps to young researcher for implement new hybrid
algorithm for secure intrusion detection in MANET.
This document discusses various distributed system architectures including centralized, decentralized, and hybrid architectures. It covers software architectures like layered architectures, object-based architectures, and event-based architectures. It also discusses system architectures including client-server, peer-to-peer, structured P2P (like Chord and CAN), unstructured P2P, and hybrid architectures combining centralized and decentralized elements like edge server systems and collaborative distributed systems. Middleware is described as sitting between applications and distributed platforms to provide distribution transparency. Adaptability techniques like interceptors, separation of concerns, reflection, and feedback control loops are also summarized.
The document discusses virtual private networks (VPNs) and their implementation. It covers:
1) VPNs allow secure connections between remote users through public networks like they are on a private network. Common VPN protocols include IPSec, L2TP, PPTP.
2) IPSec VPNs provide encryption and authentication at the IP layer to securely transmit data through public IP networks within encrypted tunnels.
3) MPLS VPNs offer scalability and allow centralized services like multicast and QoS across locations connected through the VPN.
HOST AND NETWORK SECURITY by ThesisScientist.comProf Ansari
Network management means different things to different people. In some cases, it involves a solitary network consultant monitoring network activity with an outdated protocol analyzer. In other cases, network management involves a distributed database, auto polling of network devices, and high-end workstations generating real-time graphical views of network topology changes and traffic. In general, network management is a service that employs a variety of tools, applications, and devices to assist human network managers in monitoring and maintaining networks.
VEGAS: Better Performance than other TCP Congestion Control Algorithms on MANETsCSCJournals
The document analyzes the performance of six TCP congestion control algorithms (BIC, Cubic, Compound, Vegas, Reno, and Westwood) on mobile ad hoc networks (MANETs) using network simulator 2 (NS2). Simulation results show that the Vegas algorithm provided better and more stable throughput than the other algorithms over the entire simulation time, both with and without node mobility. While BIC achieved the highest throughput after 75 seconds, Vegas was the only algorithm that maintained almost constant throughput from the start to end of the 200 second simulations. Therefore, the document concludes that Vegas is the most suitable algorithm for MANET scenarios.
Internet of things protocols for resource constrained applications Pokala Sai
A detailed documentation on internet protocols at present happening of internet of things applications and a bit comparison of protocols using basic requirements
This document proposes a new telecommunications architecture that aims to simplify converged networks handling TDM and IP. It involves a modular router/protocol machine that performs telecom functions rather than using complex concurrent protocols. The machine translates between legacy and IP networks and can transfer different data streams and signaling. It uses proprietary protocols internally to efficiently process data while maintaining standards-based interfaces. This modular design allows flexibility in implementation and scale as well as supporting centralized or distributed architectures and redundancy. The core components are connected via buses and coordinated by a main system controller to implement the routing functions.
Modbus is a common communication protocol used in industrial and building automation to allow devices connected to the same network to transmit information. It is often used to connect supervisory computers to remote terminal units in SCADA systems. TCP/IP and the OSI model provide standard protocols to ensure interoperability between different communication systems. A protocol converter can translate between different protocols like converting Serial Modbus RTU to SNMP over Ethernet, with the transport layer encapsulating the data in TCP/UDP packets and transmitting it within seconds. General protocol converter architectures involve an internal master protocol communicating with external slave devices to collect data and update an internal database for external masters to request and receive.
Performance Analysis of WiMAX and LTE Using NS-2IJERA Editor
The increasing use of wireless devices and in particular smart phones has resulted the need for greater capacity
and higher speed than the existing network technologies. Hence, LTE (Long Term Evolution) and WiMAX
(Worldwide Interoper- ability for Microwave Access) became the two leading technologies. Services are
increasingly shifting from voice to data and from circuit-switched to packet-switched ones. Battle between LTE
and WiMAX technologies is already heating up with WiMAX being ahead due to availability of standards
through IEEE 802.16 and is up and running but lacks in substantial roll out plans due to cost. The targets for
LTE indicate bandwidth increases as high as 100 Mbps on the downlink, and up to 50 Mbps on the uplink.
However, this potential increase in bandwidth is just a small part of the overall improvement LTE aims to
provide. This study illustrates the model and representation of LTE links and traffics using NS-2 network
simulator and observation of TCP performance investigated. The Evaluation of the network performance with
TCP is mainly based on congestion window behavior, throughput, average delay and lost packet.
Analysis Of Internet Protocol ( IP ) DatagramsEmily Jones
Here are the key points about wireless sensor networks:
- WSN consist of small, low-cost sensors that can sense and monitor various environments and phenomena. They communicate wirelessly to form dense networks.
- The sensors have limited processing, storage and power capabilities. They must operate autonomously for long periods with small batteries or energy harvesting.
- WSN enable ubiquitous sensing and monitoring without being constrained by wires. They provide more flexibility in deployment compared to wired networks.
- Common applications of WSN include environmental/habitat monitoring, healthcare applications, home automation, traffic control, and industrial/machine monitoring.
- Key technical challenges in WSN include limited power/energy, dynamic network topology, fault tolerance
Priority based flow control protocol for internet of things built on light f...IJECEIAES
Excessive usage of internet by most of the applications that use internet of things (IoT) has resulted in need for high bandwidth network. Light fidelity (LiFi) is one such network having bandwidth in terms of GigaHertz, but LiFi has a limited propagation range hence it can be deployed only in the local area. When IoT nodes are connected using LiFi network in the local area they start pushing large data to the cloud there by arising need for flow control. Some of the IoT applications such as patient monitoring systems and nuclear systems, generate critical data. The protocol for flow control in this case should be based on priority of data since critical data with high priority have to be transmitted first. We develop a flow control protocol named priority based flow control protocol (PFCP) by providing priority to flows that carry critical data especially in IoT system that use LiFi network. We evaluate performance of different transmission control protocol (TCP) variants and modify TCP variant that yields maximum goodput according to the priority based protocol developed and demonstrate that flows that carry critical data are given priority compared to non-prioritized flows.
The transport layer is responsible for host-to-host communication and provides services like reliable data transfer, flow control, and multiplexing. Common transport layer protocols include TCP and UDP, which provide connection-oriented and connectionless services respectively, and help applications exchange data over network layers. The transport layer sits above the network layer and below the application layer in network stacks.
The document discusses the User Datagram Protocol (UDP). It provides the following key points:
- UDP is an alternative to TCP that offers a limited connectionless datagram service for delivery of messages between devices on an IP network. It does not guarantee delivery, order of packets, or duplicate protection like TCP.
- UDP is commonly used for applications that require low latency and minimal processing time like DNS, SNMP, and streaming media. These applications can tolerate some data loss since reliability is not critical.
- The UDP header is only 8 bytes, containing source/destination port numbers and length fields. It provides an optional checksum for error detection but no other reliability mechanisms.
International Journal of Computational Engineering Research (IJCER) is dedicated to protecting personal information and will make every reasonable effort to handle collected information appropriately. All information collected, as well as related requests, will be handled as carefully and efficiently as possible in accordance with IJCER standards for integrity and objectivity.
Recital Study of Various Congestion Control Protocols in wireless networkiosrjce
IOSR Journal of Computer Engineering (IOSR-JCE) is a double blind peer reviewed International Journal that provides rapid publication (within a month) of articles in all areas of computer engineering and its applications. The journal welcomes publications of high quality papers on theoretical developments and practical applications in computer technology. Original research papers, state-of-the-art reviews, and high quality technical notes are invited for publications.
This document discusses and compares several congestion control protocols for wireless networks, including TCP, RCP, and RCP+. It implemented an enhanced version of RCP+ in the NS-2 simulator. Simulation results showed that the proposed approach achieved higher throughput and packet delivery ratio than TCP and RCP+ in a wireless network with 10-50 nodes, with performance degrading as the number of nodes increased beyond 20 due to increased congestion. The paper analyzes the mechanisms and equations of each protocol and argues the proposed approach combines benefits of improved AIMD and RCP+ to address their individual shortcomings.
The document describes a student project to implement the User Datagram Protocol (UDP) in hardware using two FPGA development boards. The goals were to include a proper checksum calculation, demonstrate multiplexing and demultiplexing of ports, and introduce errors. UDP segments were sent between the boards using a simple bus protocol to simulate network transmission. The project provides a platform for exploring how UDP works and customizable hardware implementation of transport protocols.
IP resides at the network layer of the OSI model and provides logical addressing that allows systems on different logical networks to communicate. IP packets contain source and destination addresses as well as other fields. Transport protocols like UDP and TCP run on top of IP, with UDP being connectionless and used for real-time voice traffic in VoIP due to its simplicity and lower latency compared to TCP, which provides reliability but higher latency through mechanisms like acknowledgments and retransmissions. RTP runs on top of UDP to provide additional timestamping and sequencing information important for applications like voice calling.
Implementation of Steganographic Method Based on IPv4 Identification Field ov...IJERA Editor
This document presents a study on implementing a steganographic method (covert channel) to hide secret data in the IP identification field. The implementation was carried out using the Network Simulator 3 (NS-3).
The document first provides background on covert channels and discusses their application in TCP/IP layers for VoIP. It then analyzes each TCP/IP layer for their technical difficulty, generality, and reachability for covert channels. Specifically, the network layer presents opportunities due to unused or optional bits in the IP header.
The implementation hides the word "hello" by encoding each character into the IP identification field of successive packets. The simulation confirms successful transmission of the hidden message across the point-to-
IP resides at the network layer and provides logical addressing that allows systems on different logical networks to communicate. It is a connectionless protocol that does not provide reliability, flow control, or sequencing. VoIP uses RTP, which sits atop UDP, to transport real-time voice data in an efficient manner without retransmissions. UDP is used instead of TCP for VoIP as reliability is less important than latency for real-time voice communications.
MQTT is a lightweight publish/subscribe protocol that is commonly used for IoT and M2M communication. It uses a publish/subscribe messaging model with topics to decouple senders and receivers. MQTT can transmit data over small devices using TCP/IP over various network types. It is an open standard protocol that has been widely adopted for IoT applications.
Computer Communication Networks- TRANSPORT LAYER PROTOCOLSKrishna Nanda
The document discusses transport layer protocols. It begins by explaining that the transport layer sits between the application and network layers, providing services to applications and receiving services from the network layer. It then notes that the three major transport layer protocols are UDP, TCP, and SCTP. UDP provides a simple, unreliable connectionless service. TCP provides a reliable, connection-oriented service through mechanisms like flow and error control. SCTP combines features of UDP and TCP, providing both connection-oriented and connectionless services.
Introduction to Building Communication Protocols Mahmoud Ahmed
Introduction to Building Communication Protocols and Integration to Siemens Desigo System Considerations
Semelhante a SECURING DATA TRANSFER IN THE CLOUD THROUGH INTRODUCING IDENTIFICATION PACKET AND UDT -AUTHENTICATION OPTION FIELD: A CHARACTERIZATION (20)
Advanced control scheme of doubly fed induction generator for wind turbine us...IJECEIAES
This paper describes a speed control device for generating electrical energy on an electricity network based on the doubly fed induction generator (DFIG) used for wind power conversion systems. At first, a double-fed induction generator model was constructed. A control law is formulated to govern the flow of energy between the stator of a DFIG and the energy network using three types of controllers: proportional integral (PI), sliding mode controller (SMC) and second order sliding mode controller (SOSMC). Their different results in terms of power reference tracking, reaction to unexpected speed fluctuations, sensitivity to perturbations, and resilience against machine parameter alterations are compared. MATLAB/Simulink was used to conduct the simulations for the preceding study. Multiple simulations have shown very satisfying results, and the investigations demonstrate the efficacy and power-enhancing capabilities of the suggested control system.
Use PyCharm for remote debugging of WSL on a Windo cf5c162d672e4e58b4dde5d797...shadow0702a
This document serves as a comprehensive step-by-step guide on how to effectively use PyCharm for remote debugging of the Windows Subsystem for Linux (WSL) on a local Windows machine. It meticulously outlines several critical steps in the process, starting with the crucial task of enabling permissions, followed by the installation and configuration of WSL.
The guide then proceeds to explain how to set up the SSH service within the WSL environment, an integral part of the process. Alongside this, it also provides detailed instructions on how to modify the inbound rules of the Windows firewall to facilitate the process, ensuring that there are no connectivity issues that could potentially hinder the debugging process.
The document further emphasizes on the importance of checking the connection between the Windows and WSL environments, providing instructions on how to ensure that the connection is optimal and ready for remote debugging.
It also offers an in-depth guide on how to configure the WSL interpreter and files within the PyCharm environment. This is essential for ensuring that the debugging process is set up correctly and that the program can be run effectively within the WSL terminal.
Additionally, the document provides guidance on how to set up breakpoints for debugging, a fundamental aspect of the debugging process which allows the developer to stop the execution of their code at certain points and inspect their program at those stages.
Finally, the document concludes by providing a link to a reference blog. This blog offers additional information and guidance on configuring the remote Python interpreter in PyCharm, providing the reader with a well-rounded understanding of the process.
Redefining brain tumor segmentation: a cutting-edge convolutional neural netw...IJECEIAES
Medical image analysis has witnessed significant advancements with deep learning techniques. In the domain of brain tumor segmentation, the ability to
precisely delineate tumor boundaries from magnetic resonance imaging (MRI)
scans holds profound implications for diagnosis. This study presents an ensemble convolutional neural network (CNN) with transfer learning, integrating
the state-of-the-art Deeplabv3+ architecture with the ResNet18 backbone. The
model is rigorously trained and evaluated, exhibiting remarkable performance
metrics, including an impressive global accuracy of 99.286%, a high-class accuracy of 82.191%, a mean intersection over union (IoU) of 79.900%, a weighted
IoU of 98.620%, and a Boundary F1 (BF) score of 83.303%. Notably, a detailed comparative analysis with existing methods showcases the superiority of
our proposed model. These findings underscore the model’s competence in precise brain tumor localization, underscoring its potential to revolutionize medical
image analysis and enhance healthcare outcomes. This research paves the way
for future exploration and optimization of advanced CNN models in medical
imaging, emphasizing addressing false positives and resource efficiency.
Electric vehicle and photovoltaic advanced roles in enhancing the financial p...IJECEIAES
Climate change's impact on the planet forced the United Nations and governments to promote green energies and electric transportation. The deployments of photovoltaic (PV) and electric vehicle (EV) systems gained stronger momentum due to their numerous advantages over fossil fuel types. The advantages go beyond sustainability to reach financial support and stability. The work in this paper introduces the hybrid system between PV and EV to support industrial and commercial plants. This paper covers the theoretical framework of the proposed hybrid system including the required equation to complete the cost analysis when PV and EV are present. In addition, the proposed design diagram which sets the priorities and requirements of the system is presented. The proposed approach allows setup to advance their power stability, especially during power outages. The presented information supports researchers and plant owners to complete the necessary analysis while promoting the deployment of clean energy. The result of a case study that represents a dairy milk farmer supports the theoretical works and highlights its advanced benefits to existing plants. The short return on investment of the proposed approach supports the paper's novelty approach for the sustainable electrical system. In addition, the proposed system allows for an isolated power setup without the need for a transmission line which enhances the safety of the electrical network
Optimizing Gradle Builds - Gradle DPE Tour Berlin 2024Sinan KOZAK
Sinan from the Delivery Hero mobile infrastructure engineering team shares a deep dive into performance acceleration with Gradle build cache optimizations. Sinan shares their journey into solving complex build-cache problems that affect Gradle builds. By understanding the challenges and solutions found in our journey, we aim to demonstrate the possibilities for faster builds. The case study reveals how overlapping outputs and cache misconfigurations led to significant increases in build times, especially as the project scaled up with numerous modules using Paparazzi tests. The journey from diagnosing to defeating cache issues offers invaluable lessons on maintaining cache integrity without sacrificing functionality.
SECURING DATA TRANSFER IN THE CLOUD THROUGH INTRODUCING IDENTIFICATION PACKET AND UDT -AUTHENTICATION OPTION FIELD: A CHARACTERIZATION
1. International Journal of Network Security & Its Applications (IJNSA), Vol.2, No.4, October 2010
DOI : 10.5121/ijnsa.2010.2402 13
SECURING DATA TRANSFER IN THE CLOUD
THROUGH INTRODUCING IDENTIFICATION PACKET
AND UDT -AUTHENTICATION OPTION FIELD: A
CHARACTERIZATION
Danilo Valeros Bernardo1
and Doan B Hoang2
1
i-NEXT, Faculty of Engineering and Information Technology,
The University of Technology- Sydney
bernardan@gmail.com
2
i-NEXT, Faculty of Engineering and Information Technology,
dhoang@it.uts.edu.au
ABSTRACT
The emergence of various technologies has since pushed researchers to develop new protocols that
support high density data transmissions in Wide Area Networks. Many of these protocols are TCP
protocol variants, which have demonstrated better performance in simulation and several limited network
experiments but have limited practical applications because of implementation and installation
difficulties. On the other hand, users who need to transfer bulk data (e.g., in grid/cloud computing)
usually turn to application level solutions where these variants do not fair well. Among protocols
considered in the application level solutions are UDP-based protocols, such as UDT (UDP-based Data
Transport Protocol) for cloud /grid computing. Despite the promising development of protocols like
UDT, what remains to be a major challenge that current and future network designers face is to achieve
survivability and security of data and networks. Our previous research surveyed various security
methodologies which led to the development of a framework for UDT. In this paper we present lower-
level security by introducing an Identity Packet (IP) and Authentication Option (AO) for UDT.
KEYWORDS
Next Generation Network Protocol, High Speed Bandwidth, UDT, AO, IP, SHA-1, SHA-256, MD5,
Cloud, GRID
1. INTRODUCTION
Many TCP protocol variants have demonstrated better performance in simulation and several
limited network experiments [19]. However, practical use in real applications of these protocols
is still very limited because of the implementation and installation difficulties. On the other
hand, users who need to transfer bulk data (e.g., in grid/cloud computing) usually turn to
application level solutions where these variants do not fair well. Among protocols considered in
the application level solutions are UDP-based protocols, such as UDT (UDP-based Data
Transport Protocol).
UDT is considered one of the most recently developed new transport protocols with congestion
control algorithms. It was developed to support next generation high-speed networks, including
wide area optical networks. It is considered a state-of-the-art protocol, which promptly
addresses various infrastructure requirements for transmitting data in high-speed networks. Its
development, however, creates new vulnerabilities because like many other protocols, it is
designed to rely solely on existing security mechanisms for existing protocols such as the
2. International Journal of Network Security & Its Applications (IJNSA), Vol.2, No.4, October 2010
14
Transmission Control Protocol (TCP) and User Datagram Protocol (UDP). Some of these
security mechanisms cannot be used to absolutely protect UDT, just as security mechanisms
devised for wired networks cannot be used to protect unwired ones. Both the recently developed
UDT and the decades-old TCP/UDP lack a well-thought-out security architecture that addresses
problems in today’s networks.
In this paper, we extend our previous works [7-13] and introduce additional approaches that can
further assist network and security investigators, designers, and users who consider and
incorporate security in the important layers when implementing UDT across wide area
networks. These can support security architectural designs of UDP-based protocols as well as
assist in the future development of other state-of-the-art fast data transfer protocols.
1.1 Background
The emergence of advanced high speed networks has created opportunities for new technologies
to prosper. From mobile to wireless and network heterogeneous systems, issues of speed and
performance may finally be addressed. However, due to the limitations of today’s network
protocols, it is difficult to scale data intensive applications from local clusters and metropolitan
area networks to wide area networks. Many existing solutions are built around the existing
constraints of existing mature protocols, such as TCP/IP.
Recent developments in network research introduced UDT, considered to be one of the next
generation of high performance UDP- data transfer protocols [10]. UDT introduces a new three-
layer protocol architecture that is composed of a connection flow multiplexer, enhanced
congestion control, and resource management. The UDT design allows protocol to be shared by
parallel connections and to be used by future connections. It improves congestion control and
reduces connection set-up time.
It provides [8,9,10,11] better usability by supporting a variety of network environments and
application scenarios [8,9,10,11]. It addresses TCP’s limitations by reducing the overhead
required to send and receive streams of data.
The choice of UDT in this paper is significant for several reasons: UDT as a newly designed
next generation protocol is considered one of the most promising and fastest protocols ever
created that operates either on top of the UDP or IP. It is a reliable UDP based application level
data transport protocol for distributed data intensive applications over wide area and optical
high-speed networks.
1.2 UDT Fast Data Transfer Protocol
UDT is a UDP-based approach [12] and is considered to be the only UDP-based protocol that
employs a congestion control algorithm targeting shared networks. It is a new application level
protocol with support for user-configurable control algorithms and more powerful APIs. It has
no security mechanism to protect itself from adversaries [12,19].
1.2.1 Packet Structures
UDT is designed to have two packet structures: data packets and control packets. The packets
are distinguished by the first bit (flag bit) of the packet header. The data packet header starts
with 0, while the control packet header starts with 1 (fig. 1) [19].
3. International Journal of Network Security & Its Applications (IJNSA), Vol.2, No.4, October 2010
15
Data Packet
Control Packet
Figure. 1: UDT packet header structures [19]. The first bit of the packet header is a flag
indicating if this is a data or control packet. Data packets contain a 31-bit sequence number, 29-
bit message number, and a 32-bit time stamp. Conversely, for control packet headers bits 1-15
are the packet type information and bits 16 -31 can be used for user-defined types. The detailed
control information depends on the packet type.
The packet sequence number uses 31 bits after the flag bit. It uses packet-based sequencing,
which means the sequence number is increased by 1 for each data packet sent. The sequence
number is wrapped after it is increased to the maximum number (231
-1) [7,12,19].
As in other protocols such as DCCP, the sequence number is used to arrange packets into
sequence in order to detect loss [2,19] and network duplicates; it is also used to protect against
attackers, half-open connections, and delivery of very old packets. Every packet carries a
sequence number. Most packet types include an acknowledgment number, which is carried in a
control packet – the second packet structure of UDT. The control packet is parsed according to
the structure if the flag bit of a UDT packet is 1.
UDT sequence numbers are data packet based. Like TCP, they are generated by each endpoint
increased by 1. Both data and control packets that do not carry user data increment the sequence
number. UDT is not a true reliable protocol as there are no real retransmissions. Even if there
were, retransmissions of data packets would also predictably increment the sequence number
[2]. However, this allows UDT implementations to include features such as detecting network
duplications, retransmissions, and loss.
Another characteristic of UDT is that it is a connection-oriented duplex protocol that supports
data streaming and partial reliable messaging. It also uses rate-based congestion control (rate
control) and window-based flow control to regulate outgoing traffic. This was designed so that
the rate control updates the packet-sending period at constant intervals, whereas the flow control
0 or 1
Sequence
Number 31 bit
FF 0
Message
Number 29 bit
Time Stamp 32 bit
0
1
Packet
type
Information
15
User defined
types
1 Type
Extended
Type 31 bit
X
ACK Sub -
Sequence
Number
Time Stamp
Control
Information
4. International Journal of Network Security & Its Applications (IJNSA), Vol.2, No.4, October 2010
16
updates the flow window size each time an acknowledgment packet is received. This protocol
has been expanded to satisfy further requirements for both network research and applications
development. This expansion is called Composable UDT and was designed to complement the
kernel space network stacks. However, this feature is intended for the following:
• Implementation and deployment of new control algorithms;
• Data transfer through private links that are implemented using Composable
UDT;
• Supporting application-aware algorithms through Composable UDT; and
• Ease of testing new algorithms for kernel space when using Composable UDT
compared to modifying an OS kernel.
The Composable UDT library implements a standard TCP Congestion Control Algorithm
(CTCP). CTCP can be redefined to implement more TCP variants, such as TCP (low-based) and
TCP (delay-based). The designers [19] emphasised that the Composable UDT library does not
implement the same mechanisms in the TCP specification. TCP uses byte-based sequencing,
whereas UDT uses packet-based sequencing. The designers stressed that this does not prevent
CTCP from simulating TCP’s congestion avoidance behaviour [7-13].
UDT was designed with the Configurable Congestion Control (CCC) interface, which is
composed of four categories. The designers [19] included: 1) control event handler callbacks; 2)
protocol behaviour configuration; 3) packet extension; and 4) performance monitoring.
As shown in Table 1 (Appendix), UDT’s services/features can be used for bulk data transfer and
streaming data processing. TCP cannot be used for this type of processing because it has two
problems. First, the link must be clean (little packet loss) for it to fully utilize the bandwidth.
Second, when two TCP streams start at the same time, a stream will be starved due to the RTT
bias problem; thus, the data analysis process will have to wait for the slower data stream.
Moreover, UDT can offer streaming video to many clients. It can also provide selective
streaming for each client when required, but its data reliability control needs to be handled by
the application since UDP, which it operates on, cannot send data at a fixed rate.
1.2.2 UDT Implementation
One example of the implementation of UDT is the Sloan Digital Sky Survey (SDSS) project
[40,44], which is mapping in detail one quarter of the entire sky, determining the positions and
brightness of more than 300 million celestial objects. It measures distances to more than a
million galaxies and quasars. The data from the SDSS project so far has increased to 13
terabytes and continues to grow and transmitted across Australia, Japan, South Korea, and
China [19].
Securing data during its operations across network layers is therefore imperative in ensuring
UDT itself is protected when implemented. The challenge to achieve confidentiality, data
integrity, and privacy for communication links and the challenge to address the complexity of
running streaming applications over the Internet and through wireless and mobile devices,
continue to mount.
In our previous works we presented a framework which adequately addresses vulnerability
issues by implementing security mechanisms in UDT while maintaining transparency in data
delivery. The development of the framework was based on the analyses drawn from the source
5. International Journal of Network Security & Its Applications (IJNSA), Vol.2, No.4, October 2010
17
codes of UDT found at SourceForge.net. The source codes were analyzed and tested on Win32
and Linux environments to gain a better understanding on the functions and characteristics of
this new protocol.
Network and security simulations tools such as NS2 [31], EMIST [32], and proprietarily
developed vulnerability testing tools were used to perform various simulation and experiments.
Most of the security vulnerability tests, however, were conducted through simple penetration
and traffic load tests. Tests were also performed on simulated environment running IPSec and
developed simple solutions using Kerberos to test the method.
The results found in [10,11] provided significant groundwork in the development of a
methodology which composes a variety of mechanisms to secure UDT against various
adversaries, such as Sybil, addresses, man-in-the-middle and the most common, DoS attacks.
1.2.3 Unsecured UDT
UDT is at the application layer or on top of UDP. Subsequently data that it carries are required
to be transmitted securely and correctly by each application.
UDT implementations are based on generic libraries [19] and through the its five application-
dependent components, such as the API module, the sender, receiver, and UDP channel, as well
as four data components: sender’s protocol buffer, receiver’s protocol buffer, sender’s loss list
and receiver’s loss list, require that UDT security features must be implemented on an
application basis [9,10,12].
The contention, therefore, for the need of security mechanisms of the new UDT is moreover
derived from four important observations [2,7-13,19].
• Absence of an inherent security mechanism, such as checksum for UDT
• Dependencies on user preferences and implementation on the layer on which it is
implemented
• Dependencies on existing security mechanisms of other layers on the stack
• Dependencies on TCP/UDP which are dependent on nodes and their addresses for high
speed data transfer protocol leading to a number of attacks such as neighborhood, Sybil
and DoS (Denial of Service) attacks
We contend the need to minimize its sending rates [7-11] in retransmissions, and to introduce its
own checksum and Identity Packet (IP), and Authentication Option (AO) in its design.
This paper support the importance of implementing security in UDT, however, the introduction
of other security mechanisms to secure UDT is presented to address its vulnerabilities to
adversaries exploiting the application, transport, and IP layers.
1.3 Related Works
We [8-13] presented a security framework highlighting the need to secure UDT and its existing
features in comparison to TCP and UDP (Appendix table 1). The work focuses on UDT’s
position in the layer architecture which provides a layer-to-layer approach to addressing security
(see figures 1 and 2). Its implementation relies on proven security mechanisms developed and
implemented on existing mature protocols.
6. International Journal of Network Security & Its Applications (IJNSA), Vol.2, No.4, October 2010
18
Figure 1: UDT in Layer Architecture. UDT is in the application layer above UDP. The application exchanges its data
through UDT socket, which then uses UDP socket to send or receive data [7-13].
A summary of these security mechanisms and their implementations are presented in fig. 2.
Figure 2. : UDT in Layer Architecture. UDT is in the application layer above UDP. The application exchanges its
data through UDT socket, which then uses UDP socket to send or receive data .
7. International Journal of Network Security & Its Applications (IJNSA), Vol.2, No.4, October 2010
19
1.4 Contributions
Past investigations [10,12] yield a developed practical and unified approach to securing UDT.
The results make our approach attainable for other future protocols. We have used existing but
novel methods for UDT and conducted experimentally-validated characterisations of UDT
behaviours and its Socket API.
The proposed approaches are useful in several ways. They are presented to support future
protocol implementations, and provided as a basis for design of both lower and higher-level
communication layers and in the development of new protocols. To the best of our knowledge
our contributions to UDT security is first in the literature.
2. METHODOLOGY
A comprehensive overview of the basic security mechanisms [7,8,9,12] for UDT was presented
and as the research progressed, the introduction of additional set of methods in securing UDT
was presented, ranging from securing UDT from the IP/Network Layers to the Transport and
Application Layers.
The following methods are introduced. Firstly, utilizing IPsec (RFC 2401); however, for a
number of reasons, this is only suitable for some applications [3,18]. Secondly, designing a
custom security mechanism on the application layer using API, such as GSS-API [12,43], or a
custom security mechanism on IP layer, such as HIP-CGA [1,21,23,38], or SASL[28]. Thirdly,
integrating DTLS [16,35] on the transport layer, and lastly, which this paper proposes is the
introduction of UDT Identity Packet and Authentication Option –AO.
The following are so far the approaches presented that are significant for application and
transport layer- based authentication and end-to-end security for UDT. They are as follows:
2.1 IP layer
• Host Identity Protocol (HIP) [38]
• Self-certifying addresses using CGA [1]
• HIP+CGA [1,21,23,38]
• IPsec – IP security [3]
2.2 Session/Application and Transport Layers
• GSS-API - Generic Security Service Application Program Interface [1,21,23,38]
• UDT-AO – Authentication Option
• SASL - Simple Authentication and Security Layer (SASL) [28]
• DTLS – Data Transport Layer Security [16,35]
[7-13] presented an overview on securing UDT implementations in various layers. However
securing UDT in application and other layers needs to be explored in future UDT deployments
in various applications.
There are application and transport layer-based authentication and end-to-end [12] security
options for UDT. It is advocated the use of GSS-API in UDT in the development of an
application using TCP/UDP. The use of Host Identity Protocol (HIP), a state of the art protocol,
combined with Cryptographically Generated Addresses (CGA) is explored to solve the
8. International Journal of Network Security & Its Applications (IJNSA), Vol.2, No.4, October 2010
20
problems of address-related attacks. We presented a comprehensive review for each approach in
our previous works [7-13].
In this paper, two approaches are introduced: (1) Identity Packet and (2) Authentication Option
for UDT.
3. APPROACHES
3.1 Identity Packet within UDT
It was proposed [21,23] that the first packet of interaction should carry identity information. In
today’s Internet, the first packet (e.g. the TCP SYN) carries no higher-level data that provides
adequate sender’s information. On the initial transmission, it only carries the source IP address
(network layer) and an initial sequence number (transport layer). The high-level data can be
only exchanged or transmitted only after the complete ACK has been instantiated.
Consequently, the receivers will not be able to establish from whom the data is coming from
without using additional overhead.
UDT like TCP, contains no data which can be used to identify a user (except such information
is contained within the (unencrypted) data part of the packet). While, the source and destination
ports (TCP/UDP) in cooperation with the IP address of the sender and receiver can identify both
participating parties [14,15,39] in the lower level, it carries no higher-level data that can identify
the source before an application processes the packets received.
Network protocols, such as UDT, has a Sequence number field that provides identification,
however, the initial value is determined by the implementer how the initial sequence number is
chosen (e.g., randomly). The same is true for instance for the Window field used for congestion
control. As the congestion control has a key influence on the overall performance of the
protocol, many attempts to optimize them are done e.g., by operating system manufactures.
The lack of identity at the lower-level (network layer) in the existing network protocols has
made achieving network security difficult. Several protocols developed and implemented on top
of transport and IP layers usually created overhead and network incompatibilities. The
development of a new technology that includes identity directly into the packets while retaining
backward compatibility to allow an identity based approach to network security is a challenge.
This has been introduced through placing encrypted and digitally signed identity information
into the packets by developing applications that become part of the stack that add digitally
signed identity information to the packets and decode the information of any incoming
connection attempts.
For UDT to be utilized in tomorrow’s Internet it has to accommodate higher-level data
association while maintaining its dependency on the low-level protocol such as TCP and UDP.
In other works [14,15] the initial packet of any association, which is called the rendezvous
packet [15], carries high-level information to initiate the association. This provides the receiving
entity the information on which it can decide on whether to process the first packet of an
association. This information can be delivered in a reliable manner , through cryptographically
protecting it prior and during the transmission[15].
A mechanism for “first packet identity” (see figure 3) within UDT should be devised that is
robust enough that a receiver cannot be flooded by requests that require to take excessive action
before they have verified the identity and trust at the application level. This information can be
9. International Journal of Network Security & Its Applications (IJNSA), Vol.2, No.4, October 2010
21
created using user-defined types field + information. It is possible to delegate this decision-
making based on the first packet identity to a guard machine that can take on the burden and risk
of overload from suspect sources.
Message
Application Layer
UDT
UDP
UDT Socket
OS Socket Interface
Src addr, Dest addr, Chksm
Src IP, Dest IP, Chksm ,TTL
Src Port, Dest Port, Len, Chksm
ETH Header
IP Header
UDP Header
UDT Data from Sender to
Receiver
UDT Control Flow-
Receiver to Receiver
SSL/TLS, SSH, HTTPS
Ipsec – Network /IP layer
CCC
Figure 3. First packet Identity in UDT in Layer Architecture. The application exchanges its data through
UDT socket, which then uses UDP socket to send or receive data through an encrypted mechanism.
UDT Packet
0
1
Packet
type
Information
15
User
defined
types
1 Type
IDENTITY
packet Extended
Type 31 bit
X
ACK Sub –
Sequence
Number
Time Stamp
Control
Information
UDT needs to build on the identity representation that is used at the application level, because
that may not be visible to the routes (e.g., it might be encrypted see figure 4), it may reveal too
many attributes of the user, and it may not be associated with each transmission unit
(applications may be willing to install more state than routers are). It needs to be robust to deal
with resource usage and flooding attacks.
10. International Journal of Network Security & Its Applications (IJNSA), Vol.2, No.4, October 2010
22
Figure 4. Conceptual design of UDT flow using end-to-end security. First packet identity is transmitted
through IPsec[23].
3.2 UDT Option for Message Authentication
In this section ,we introduce a mechanism – UDT-Authentication Option (AO) to secure UDT -
a new UDP-based data transport protocol. We describe this mechanism through the introduction
of UDT extension to achieve security. We evaluate UDT-AO through the use of existing
message authenticity for other protocols such as TCP. We review existing message protection
that can act like a signature for UDT segment incorporating information known only to the
connection end points. Since UDT is operating on UDP for high speed data transfer, we propose
the creation of a new option in UDT that can significantly reduce the danger of attacks on
applications running UDT. This can maintain message integrity during data transmissions on
high speed networks.
We propose the creation of an UDT-AO option which will be added with the UDP checksum.
UDT is a connection oriented protocol. As such, it needs to include an OPTION for
authentication when it is used in data transmission. This is because its connections like TCP, are
likely to be spoofed [41].
In TCP, this option is part of the options (0-44 bytes) that occupy space at the end of the TCP
header. In utilising the option in TCP [18], this needs to be enabled in the socket. A few
systems support this option, which is identified as TCP_MD5SIG option. Note: for the purpose
of conceptual analysis, we use MD5 in this paper.
int opt = 1; Enabling this option
setsockopt(sockfd, IPPROTO_TCP, TCP_MD5SIG, &opt, sizeof(opt));
Additionally, the option is included in the checksum. The option may begin on any byte
boundary, and the header must be padded with zeros to make the header length a multiple of 32
bits.
Better authentication options in TCP are in progress to address the collision issue in MD5
[25,34]. However in this paper, the primary motivation is to initially introduce an option to
allow UDT to protect itself against the introduction of spoofed segments into the connection
stream, regardless what authentication schemes required in a given number of bytes. This
option, like in TCP, will be included in the UDP header.
11. International Journal of Network Security & Its Applications (IJNSA), Vol.2, No.4, October 2010
23
UDT is in user space above the network transport layer of UDP, it is dependent on UDP where
this option is not available, thus becomes a challenge in its implementation. UDT, however,
provides transport functionalities to applications.
To spoof a connection of UDT, an attacker would not only have to guess UDT’s sequence
numbers, but would also have had to obtain the password included in the MD5 digest. This
password never appears in the connection stream, and the actual form of the password is up to
the application, according to RFC 2385. It could during the lifetime of a particular connection
so long as this change was synchronised on both ends (although retransmission can become
problematical in some implementations with changing passwords).
To utilize this option in UDT, similar to TCP this needs to be enabled in the socket. A few
systems support this option, which can be identified as UDT_MD5SIG or in the case of using
SHA, UDT_SHASIG option.
int opt = 1; Enabling this option
setsockopt(sockfd, IPPROTO_UDT, UDT_MD5SIG, &opt, sizeof(opt));
Likewise, the option is included in the UDP checksum. However, there is no negotiation for the
use of this option in a connection (also in TCP) rather it is purely a matter of site policy whether
or not its connections use the option.
3.2.1 Syntax for UDT Option
The proposed option can be applied on type 2 of the UDT header. This field is reserved to
define specific control packets in the Composable UDT framework.
Every segment sent on a UDT connection to be protected against spoofing will similarly contain
the 16-byte MD5 digest produced by applying the MD5 algorithm to these items in the
following similar order required for TCP :
1. UDP pseudo header (Source and Destination IP addresses, port number, and segment
length)
2. UDT header + UDP (Sequence number and timestamp), and assuming a UDP checksum
zero
3. UDT control packet or segment data (if any)
4. Independently-specified key or password, known to both UDTs and presumably
connection-specific and
5. Connection key
The UDT packet header and UDP pseudo-header are in network byte order. The nature of the
key is deliberately left unspecified, but it must be known by both ends of the connection, similar
with TCP. A particular UDT implementation will determine what the application may specify as
the key.
12. International Journal of Network Security & Its Applications (IJNSA), Vol.2, No.4, October 2010
24
To calculate UDP checksum a "pseudo header" is added to the UDP message header. This
includes:
IP Source Address 4 bytes
IP Destination Address 4 bytes
Protocol 2 bytes
UDP Length 2 bytes
The checksum is calculated over all the octets of the pseudo header, UDP header and data. If the
data contains an odd number of octets a pad, zero octet is added to the end of data. The pseudo
header and the pad are not transmitted with the packet.
Upon receiving a signed segment, the receiver must validate it by calculating its own digest
from the same data (using its own key) and comparing the two digest. A failing comparison
must result in the segment being dropped and must not produce any response back to the sender.
Logging the failure is advisable [22].
Unlike other TCP extensions (e.g., the Window Scale option [RFC1323]), the absence of the
option in the SYN,ACK segment must not cause the sender to disable its sending of signatures.
This negotiation is typically done to prevent some TCP implementations from misbehaving
upon receiving options in non-SYN segments. In UDT it is ACK2 (ACK of ACK).
This is not a problem for this option, according to Heffernan [22], as similarly since the SYN,
ACK sent during connection negotiation will not be signed and will thus be ignored. This is the
same with ACK2 for UDT. The connection will never be made, and non-SYN segments (which
does not exist in UDP) with options will never be sent. More importantly, the sending of
signatures must be under the complete control of the application, not at the mercy of the remote
host not understanding the option.
The MD5 digest is always 16 bytes in length, and the option would appear in every
segment of a connection [22,25,34,42].
3.2.2 Implications
3.2.2.1 Hashing Algorithm
MD5 algorithm has been found to be vulnerable to collision search attacks, and is considered by
some to be insufficiently strong for this type of application [22,25,34,42].
However, we specify the MD5 algorithm for this option as basis of our argument to include AO
to UDT. Systems that use UDT have been deployed operationally, and there was no "algorithm
type" field defined to allow an upgrade using the same option number.
This does not, therefore, prevent the deployment of another similar option which uses another
hashing algorithm (like SHA-1, SHA-256). Moreover, should most implementations pad the 18
byte option as defined to 20 bytes anyway, it would be just as well to define a new option which
contains an algorithm type field.
In addressing this implication, we recommend using a more secure message algorithm such as
SHA-1 or SHA-256.
13. International Journal of Network Security & Its Applications (IJNSA), Vol.2, No.4, October 2010
25
3.2.2.2. Key configuration
It should be noted that the key configuration mechanism of routers may restrict the possible
keys that may be used between peers. It is strongly recommended that an implementation be
able to support at minimum a key composed of a string of printable ASCII of 80 bytes or less,
as this is current practice in TCP [34].
4. CONCLUSIONS
New applications vary in traffic and connection characteristics in various communication links.
Most of them still use TCP for data transfer because of its reliability and stability. Despite being
widely used, there are a number of serious security flaws inherent in TCP and UDP [2,3,4].
There have also been performance issues in the implementation of large networks that require
high bandwidths.
On the other hand, the current and future Internet has no mechanism to constrain hosts that offer
and use excess traffic more than the required bandwidths. Particularly, it contains no defense
against DDoS (distributed denial of service) attacks. It does not include an architectural
approach to protect its own elements from any attack [15]. Its existing link encryption may be
sufficient and efficient for securing connectivity but not securing the Internet per se. The link
encryption can also create network and application incompatibilities.
In this paper, we introduced ‘first packet identity’ which needs to be instituted but devised in
such as way that it is robust enough that a receiver cannot be flooded by requests that require the
receiver to take excessive action before they have verified the identity and trust at the
application level.
We also introduced and proposed a state-of-the-art security mechanism for UDT and for its
future implementations to various network topologies by adding a field for AO, authentication
options. We demonstrated the use of MD5 [25], while we encourage the use of other hash
functions, such as SHA-1 or SHA-256.
The preceding discussions presented in this paper focused on the conceptual low-level
protection of the end node since UDT relies on TCP and UDP for data delivery. We proposed
the inclusion of identity on its packet header (IP) and Authentication Option (AO) before the
transmission is validated at the application level.
Future works include the implementation of the proposed framework [7-13] and the conceptual
approach presented in this paper to device an Identity Packet for UDT and introduce
Authentication Option to protect data transmission. The works will include evaluating other
existing network protocols in order to adequately secure current and future high speed networks,
including the Internet.
14. International Journal of Network Security & Its Applications (IJNSA), Vol.2, No.4, October 2010
26
ACKNOWLEDGEMENTS
Acknowledgement goes to Db2Powerhouse for its Science and Technology Initiative (STI),
research grant #DB2P01021 and anonymous reviewers for their constructive comments that
helped improve this work.
APPENDIX
Table 1
15. International Journal of Network Security & Its Applications (IJNSA), Vol.2, No.4, October 2010
27
REFERENCES
[1.] Aura, T. Cryptographically Generated Addresses (CGA). In C. Boyd andW. Mao, editors, ISC,
volume 2851 of Lecture Notes in Computer Science, pages 29–43. Springer, 2003.
[2.] Bellovin, S. “ Defending Against Sequence Number Attacks”,RFC 1948 1996
[3.] Bellovin, S."Guidelines for Mandating the Use of IPsec", Work in Progress, IETF, October 2003
[4.] Bellovin, S., Touch, J.,Bonica, R. "Problem Statement and Requirements for a TCP Authentication
Option," draft-bellovin-tcpsec-01, (work in progress), Jul.2007.
[5.] Bonica, R.,Weis, B., Viswanathan, S., Lange, A., Wheeler, O., "Authentication for TCP-based
Routing and Management Protocols," draft-bonica-tcp-auth-06, (work in progress),Feb. 2007.
[6.] Dobbertin, H., "The Status of MD5 After a Recent Attack", RSA Labs' CryptoBytes, Vol. 2 No. 2,
Summer 1996.
[7.] Bernardo, D.V. and Hoang, D.B., “A Conceptual Approach against Next Generation Security
Threats: Securing a High Speed Network Protocol – UDT”, Proc. IEEE the 2nd ICFN 2010, Shanya
China
[8.] Bernardo, D.V. and Hoang, D.B., “Network Security Considerations for a New Generation Protocol
UDT. Proc. IEEE the 2nd ICCIST Conference 2009, Beijing China
[9.] Bernardo, D.V. and Hoang, D.B.,, “A Security Framework and its Implementation in Fast Data
Transfer Next Generation Protocol UDT”, Journal of Information Assurance and Security Vol 4(354-
360). ISN 1554-1010. 2009.
[10.] Bernardo, D.V. and Hoang, D.B., “Security Analysis of Proposed Practical Security Mechanisms
for High Speed Data Transfer Protocol”, International Information Security and Assurance
Conference, Japan, LNCS Springer–Verlag Berlin Heidelberg, June 23-25, 2010
[11.] Bernardo, D.V. and Hoang, D.B., “A Pragmatic Approach: Achieving Acceptable Security
Mechanisms for High Speed Data Transfer Protocol – UDT”, International Journal of Security and its
Applications, SERSC, Vol. 4, no. 3, 2010 ISSN 1738-9976 (in the press)
[12.] Bernardo, D.V. and Hoang, D.B., “Protecting Next Generation High Speed Protecting–UDT
through Generic Security”, 4th IEEE International Conference on Emerging Security Information,
Systems and Technologies SECURWARE 2010 Service Application Program Interface GSS-API,
Venice/Mestre, Italy , July 18-25, 2010.
[13.] Bernardo, D.V. and Hoang, D.B., “Security Requirements for UDT”, IETF Internet-Draft –
working paper, September 2009
[14.] Blumenthal, M. and Clark, D. Rethinking the Design of the Internet: End-to-End Argument vs. the
Brave New World, Proc. ACM Trans Internet Technology, 1, August 2001
[15.] Clark, D., Sollins, L. Wroclwski, J., Katabi, D., Kulik, J., Yang X., New Arch: Future Generation
Internet Architecture, Technical Report, DoD – ITO, 2003
[16.] Dierks , T. and Allen C., “The TLS Protocol Version 1.0”, RFC 2246, January 1999
[17.] Falby, N., Fulp, J. , Clark, P., Cote, R., Irvine, C., Dinolt, G., Levin, T., Rose, M., and Shifflett, D.
“Information assurance capacity building: A case study,” Proc. 2004 IEEE Workshop on Information
Assurance, U.S. Military Academy, June, 2004, 31- 36.
[18.] Gorodetsky, V., Skormin, V. and Popyack, L. (Eds.),Information Assurance in Computer Networks:
Methods, Models, and Architecture for Network Security, St. Petersburg, Springer, 2001.
[19.] Gu, Y., Grossman, R., UDT: UDP-based Data Transfer for High-Speed Wide Area Networks.
Computer Networks (Elsevier). Volume 51, Issue 7, 2007.
[20.] Hamill, J., Deckro, and Kloeber, J., “Evaluating information assurance strategies,” in Decision
Support Systems, Vol. 39, Issue 3 (May 2005), 463-484.
16. International Journal of Network Security & Its Applications (IJNSA), Vol.2, No.4, October 2010
28
[21.] H. I. for Information Technology, H. U. of Technology, et al. Infrastructure for HIP, 2008.
[22.] Heffernan, A., RFC 2385 “Protection of BGP Sessions via the TCP MD5 Signature Option”,
August 1998
[23.] Jokela, P., Moskowitz, R.,and Nikander, P., Using the Encapsulating Security Payload (ESP)
Transport Format with the Host Identity Protocol (HIP). RFC 5202, IETF, April 2008.
[24.] Kent, S., Atkinson, R., “Security Architecture for the Internet Protocol”, RFC 2401, 1998.
[25.] Leech, M., "Key Management Considerations for the TCP MD5 Signature Option," RFC-3562,
Informational, July 2003.
[26.] Leon-Garcia, A., Widjaja, I., Communication Networks, McGraw Hill,2000
[27.] Mathis, M., Mahdavi, J., Floyd,S. and Romanow, A.: TCP selective acknowledgment options. IETF
RFC 2018, April 1996.
[28.] Melnikov, A., Zeilenga,, K., Simple Authentication and Security Layer (SASL) IETF, RFC 4422,
June 2006
[29.] Menezes, A.J., Oorschot, van P.C. and Vanstone, S. A. ,Handbook of Applied Cryptography, CRC
Press, 1997
[30.] NIST SP 800-37, Guide for the Security Certification and Accreditation of Federal Information
Systems, May 2004.
[31.] NS2. Accessed Jan. 2010 http://isi.edu/nsna/ns.
[32.] PSU Evaluation Methods for Internet Security Technology (EMIST) , 2004, http://emist.ist.psu.edu
visited December 2009
[33.] Rabin, M., “Digitized signatures and public-key functions as intractable as Factorization,” MIT/LCS
Technical Report, TR-212 (1979).
[34.] Rivest, R., "The MD5 Message-Digest Algorithm," RFC 1321, April 1992.
[35.] Rescorla, E., Modadugu, N., “Datagram Transport Layer Security” RFC 4347, IETF, April 2006
[36.] Schwartz, M., Broadband Integrated Networks, Prentice Hall, 1996.
[37.] Stewart, R., (Editor), Stream Control Transmission Control, RFC 4960, 2007.
[38.] Stiemerling, M., Quittek, J., and Eggert, L., NAT and Firewall Traversal Issues of Host Identity
Protocol (HIP) Communication. RFC 5207, IETF, April 2008.
[39.] Stoica, I., Adkins,D.,.Zhuang, S., Shenker, S., Surana, S., Internet Indirection Infrastructure, Proc.
ACM SIGCOMM 2002, August 2002.
[40.] Szalay, A., Gray, J., Thakar,A., Kuntz, P., Malik,T., Raddick, J., Stoughton. C., Vandenberg,J.,: The
SDSS SkyServer - Public access to the Sloan digital sky server data. ACM SIGMOD 2002
[41.] Touch, J., "Defending TCP Against Spoofing Attacks," RFC-4953, Informational, Jul. 2007.
[42.] Wang, X., Yu, H., "How to break MD5 and other hash functions," Proc. IACR Eurocrypt 2005,
Denmark, pp.19-35.
[43.] Williams, N., "Clarifications and Extensions to the Generic Security Service Application Program
Interface (GSS-API) for the Use of Channel Bindings", RFC 5554, May 2009
[44.] Globus XIO: unix.globus.org/toolkit/docs/3.2/xio/index.html. Retrieved on November 1, 2009
[45.] Zhang, M., Karp, B., Floyd, S., and Peterson,L.,: RR-TCP: A reordering-robust TCP with DSACK.
Proc. the Eleventh IEEE International Conference on Networking Protocols (ICNP 2003), Atlanta,
GA, November 2003.