Authentication protocols for mobile network environment value-addedservices

The secure provision of mobile computing and telecommunication services is rapidly increasing in importance as both demand and applications for such services continue to grow. This paper is concerned with the design of public key based protocols suitable for application in upcoming third-generation mobile systems such as the Universal Mobile Telecommunications Service. Candidate protocols are considered for the authentication of a mobile user to a value-added service provider with initialization of a mechanism enabling payment for the value-added service. A set of goals for such a protocol are identified, as are a number of generic attacks; these goals and attacks are then used to evaluate the suitability of seven candidate third-generation user-to-network authentication protocols. Many of these candidate protocols are shown to have highly undesirable features     

Active networks for efficient distributed network management

The emerging next generation of routers exhibit both high performance and rich functionality, such as support for virtual private networks and QoS. To achieve this, per-flow queuing and fast IP filtering are incorporated into the router hardware. The management of a network comprising such devices and efficient use of the new functionality introduce new challenges. A truly distributed network management system is an attractive candidate to address these challenges. We describe how active network techniques can be used to allow fast and easy deployment of distributed network management applications in IP networks. We describe a prototype system where legacy routers are enhanced with an adjunct active engine, which enables the safe execution and rapid deployment of new distributed management applications in the network layer. This system can gradually be integrated in today's IP network, and allows smooth migration from IP to programmable networks. This is done with an emphasis on efficient use of network resources, which is somewhat obscure by many of today's high-level solutions     

Design and evaluation of network reconfiguration protocols for mostly-off sensor networks

A new class of sensor network applications is mostly-off. Exemplified by Intel’s FabApp, in these applications the network alternates between being off for hours or weeks, then activating to collect data for a few minutes. While configuration of traditional sensornet applications is occasional and so need not be optimized, these applications may spend half their active time in reconfiguration every time when they wake up. Therefore, new approaches are required to efficiently “resume” a sensor network that has been “suspended” for long time. This paper focuses on the key question of when the network can determine that all nodes are awake and ready to communicate. Existing approaches assume worst-case clock drift, and so must conservatively wait for minutes before starting an application. We propose two reconfiguration protocols to largely reduce the energy cost during the process. The first approach is low-power listening with flooding, where the network restarts quickly by flooding a control message as soon as the first node determines that the whole network is up. The second protocol uses local update with suppression, where nodes only notify their one-hop neighbors, avoiding the cost of flooding. Both protocols are fully distributed algorithms. Through analysis, simulation and testbed experiments, we show that both protocols are more energy efficient than current approaches. Flooding works best in sparse networks with six neighbors or less, while local update with suppression works best in dense networks (more than six neighbors).     

网络入侵中未知协议识别单元的设计与测试

为了提高复杂环境下的网络安全性,设计并实现了一种网络入侵中未知协议识别单元。系统通过网络入侵检测模块对网络入侵进行检测并过滤,使得未知协议识别单元的设计不受网络入侵的干扰。利用流量采集模块对网络节点的网络流量进行采集,为后续阶段提供完整的网络数据包以及充分的数据分析样本,将采集的网络数据包以指针的形式返回,发送至流量调度模块。通过流量调度模块将网络数据包的源IP地址作为调度参数,依据用户自定义调度算法将网络数据包传输至指定识别模块,实现整个网络入侵中未知协议识别单元的负载均衡。利用规则匹配模块将从流量调度模块接收到的信息和协议特征库进行匹配,从而实现未知协议的识别。软件设计过程中,对网络入侵中未知协议识别单元进行了详细分析,并给出了网络入侵中未知协议识别的程序代码。仿真实验结果验证了该系统的可行性和实用性。     

自组网路由协议综述

自组网路由协议用于监控网络拓扑结构变化,交换路由信息,定位目的节点位置,产生、维护和选择路由,并根据选择的路由转发数据。本文综述了自组网路由协议研究方面的一些最新工作,描述了设计自组网路由协议所面临的问题,并着重对该研究开展以来所提出的各种主要协议进行了对比、分析和分类阐述,为进一步的研究提出了新的课题。     

MAC protocols for wireless sensor networks: a survey

Wireless sensor networks are appealing to researchers due to their wide range of application potential in areas such as target detection and tracking, environmental monitoring, industrial process monitoring, and tactical systems. However, low sensing ranges result in dense networks and thus it becomes necessary to achieve an efficient medium-access protocol subject to power constraints. Various medium-access control (MAC) protocols with different objectives have been proposed for wireless sensor networks. In this article, we first outline the sensor network properties that are crucial for the design of MAC layer protocols. Then, we describe several MAC protocols proposed for sensor networks, emphasizing their strengths and weaknesses. Finally, we point out open research issues with regard to MAC layer design.     

Energy-conserving access protocols for identification networks

A myriad of applications are emerging, in which energy conservation is a critical system parameter for communications. Radio frequency identification device (RFID) networks, smart cards, and even mobile computing devices, in general, need to conserve energy. In RFID systems, nodes are small battery-operated inexpensive devices with radio receiving/transmitting and processing capabilities, integrated into the size of an ID card or smaller. These identification devices are designed for extremely low-cost large-scale applications, such that the replacement of batteries is not feasible. This imposes a critical energy constraint on the communications (access) protocols used in these systems, so that the total time a node needs to be active for transmitting or receiving information should be minimized. Among existing protocols, classical random access protocols are not energy conserving, while deterministic protocols lead to unacceptable delays. This paper deals with designing communications protocols with energy constraint, in which the number of time slots in which tags need to be in the active state is minimized, while the access delay meets the applications constraints. We propose three classes of protocols which combine the fairness of random access protocols with low energy requirements     

Transport protocols for Internet-compatible satellite networks

We address the question of how well end-to-end transport connections perform in a satellite environment composed of one or more satellites in geostationary orbit (GEO) or low-altitude Earth orbit (LEO), in which the connection may traverse a portion of the wired Internet. We first summarize the various ways in which latency and asymmetry can impair the performance of the Internet's transmission control protocol (TCP), and discuss extensions to standard TCP that alleviate some of these performance problems. Through analysis, simulation, and experiments, we quantify the performance of state-of-the-art TCP implementations in a satellite environment. A key part of the experimental method is the use of traffic models empirically derived from Internet traffic traces. We identify those TCP implementations that can be expected to perform reasonably well, and those that can suffer serious performance degradation. An important result is that, even with the best satellite-optimized TCP implementations, moderate levels of congestion in the wide-area Internet can seriously degrade performance for satellite connections. For scenarios in which TCP performance is poor, we investigate the potential improvement of using a satellite gateway, proxy, or Web cache to “split” transport connections in a manner transparent to end users. Finally, we describe a new transport protocol for use internally within a satellite network or as part of a split connection. This protocol, which we call the satellite transport protocol (STP), is optimized for challenging network impairments such as high latency, asymmetry, and high error rates. Among its chief benefits are up to an order of magnitude reduction in the bandwidth used in the reverse path, as compared to standard TCP, when conducting large file transfers. This is a particularly important attribute for the kind of asymmetric connectivity likely to dominate satellite-based Internet access     

The changing environment for security protocols

The systematic study of security protocols started, as far as the public literature is concerned, almost 20 years ago. A paper by M.D. Schroeder and the present writer may be taken as a specimen; it was written in 1977 and published in 1978. It was, of course, written against the background of the technology of the time and made various assumptions about the organizational context in which its techniques would be used. The substantial research literature that has since appeared has, by and large, made similar assumptions about the technological organizational environments. Those environments have in fact changed very considerably, and the purpose of this article is to consider whether the changes should affect our approach to security problems. It turns out that where confidentiality is concerned, as distinct from authenticity and integrity, there is indeed a new range of options