MPLS VPN in Cellular Mobile IPv6 Architectures(04##017)
|
|
- Ophelia Higgins
- 8 years ago
- Views:
Transcription
1 MPLS VPN in Cellular Mobile IPv6 Architectures(04##017) Yao-Chung Chang, Han-Chieh Chao, K.M. Liu and T. G. Tsuei* Department of Electrical Engineering, National Dong Hwa University Hualien, Taiwan, Republic of China, { changyc, hcc,m *Department of Electronic Engineering Ta Hwa Institute of Technology, Hsinchu, Taiwan, ROC ABSTRACT: Due to the prevalence of Internet and mobile communications, people sending messages through Internet has concentrated on security and encryption regarding data transmission. VPN (Virtual Private Network) is the way to keep personal data secured by sending data through the public network. Following the rapid growth of network and the decrease of IPv4 network addresses, the Internet Engineering Task Force (IETF) has initiated the promotion of next generation IP (IPv6) [3] instead of the current IPv4. IPv6 supports the mobility and security of mobile communication environments. Since the VPN currently does not support cellular mobile IPv6, the goal of this paper is to construct a MPLS VPN framework in the cellular mobile IPv6 (CMIv6) [1] environment, and use the IPSEC [2] defined by IETF to keep the security and integrity of data transmission for future mobile communication systems. Key words: MPLS, VPN (Virtual Private Network), IPSEC, Cellular Mobile IPv6 1. Introduction In the mobile communication environments, Mobile IP is defined to provide users roaming everywhere and transmit information freely. It integrates communication and network systems into Internet. The Mobile IPv6 concepts are similar to Mobile IP, and some new functions of IPv6 bring new features and schemes for mobility support. Two major problems in mobile environments are packet loss and handoff. To solve those problems, the CMIv6 were proposed. The MPLS network provides high-speed IP forwarding and large scalability in the backbone network. One of the major applications of MPLS is the secure VPN [15]. MPLS VPN offers the same level of security as connection-oriented VPN. The VPN describes a technology that supports security services for transmitting encryption data on the public network. IPSEC provides the security service at IP layer, socalled layer-three network security protocol. It can be used to protect one or more paths between a pair of hosts, a pair of security gateways, or a security gateway and a host. This paper is structured as follows. Section2 presents the Mobile Environment briefly. Section3 presents security concerns. Section4 describes the Cellular Mobile IPv6 security mechanism. Section5 presents the conclusions and future work. 2. Mobile Environment 2.1 Mobile IP In the mobile communication environment, Mobile IP is defined to provide users roaming everywhere and integrate communication and network systems into Internet. The IETF Mobile IP defines three functional entities, and its mobility protocols must be implemented: Mobile Node (MN) Changing its link from one to the other, a node using permanent IP home address connects to the Internet. Home Agent A router with an interface connects to mobile node s home link. 1) As the mobile node moves form one link to another, it keeps informed of its current location to the Home Agent by its care-of-address. 2) Home Agent advertises the network-prefix of mobile node s home address. Therefore, packets are destined to the mobile node s home address. 3) Home Agent intercepts packets destined to the mobile node s home address and tunnels them to the mobile node s current location (to the care-of-address). Foreign Agent A router stays on a mobile node s foreign link. 1) Foreign Agent serves the mobile node with informing its home agent of current care-of-address. 2) Foreign Agent provides a care -of-address and detunnel packets for the mobile node that has been tunneled by home agent. 3) When the mobile node connects to the foreign link, Foreign Agent is set to a default router to transmit packets. 2.2 Mobile IPv6 At the beginning, Mobile IP is based on and is compatible with IPv4. The Mobile IPv6 concepts are similar to Mobile IP, and some new functions of IPv6 bring new features and schemes for mobility support. Plug and Play When the mobile node enters a subnet, it can get an IPv6 address from the auto-configuration mechanism of IPv6. In Mobile IPv6, the MN will require a care -ofaddress in a foreign network in the same mechanism. Multiple Care-of-Address and Soft Handoff
2 To overcome the packet loss, the MN will be able to get multiple care -of-address in the wireless communication environment. Thus, the MN can connect one or more base stations (BS) simultaneously. This scenario can be described as a smooth handoff or a soft handoff when the MN moves within the cells of base stations. No Foreign Agent In Mobile IP, an MN registers an address to an FA to build an IP tunnel so that FA can forward the packets to the MN. But in Mobile IPv6, the MN can get a new IPv6 address when the MN enters to another sub-network. Thus, the FA does not need to exist any more. In other words, the FA is replaced by the IPv6 network and the MN itself. Destination Option Header IPv6 defines several kinds of extension headers that can be used to provide extra information in the header of IPv6 packets [7]. Destination Option Header is one of those extension headers and is used for Mobile IPv6 to inform various nodes of their care-of-address [12]. 2) An MN obtains a care-of-address with stateless autoconfiguration in foreign link. Care-of-address = prefix MAC address Figure 1. The framework of Cellular Mobile IPv6 constructed with FHA. 3) A smart router with FHA records the linking status of MN in cache table. 4) MN notifies its care-of-address to Home Agent and Corresponding Node with biding update messages. (Figure 2) Security Support The IP Authentication Header of IPv6 is mandatory for IPv6 nodes. It could provide a mechanism for wide-scale of route-optimization techniques. It can protect routing header, destination operation header, and tunneling under mobile situations. 2.3 Cellular Mobile IPv6 The Mobile IPv6 does not solve the interruption problem of handoff in cellular network. By reducing the delay time and the packet loss of handoff, the seamless handoff can be obtained. Cellular Mobile IPv6 (CMIv6) algorithm provides the way to reduce the packet loss. There are two main mechanisms in CMIv6: Foreign Home Agent (FHA) or Forward Agent (FA) and Cellular Multicasting (CM). FHA is placed in the foreign network, and the principal difference between Mobile IPv4 and CMIv6 is that FHA is not a host or server, it is treated to be a router (or switch) with improved IPv6 protocols. FHA transfers and forwards packets like a layer three IPv6 router or switch. A counter set in the MN to record the handoff frequency. If the MN compares the counter that exceeds the maximum update rate, MN will send the IGMP report message to notify FHA. Packets sent by the CN are delivered to the MN through FHA and forwarded by the FHA according to the IGMP report message in tunneling multicasting. The FHA and the CM (Cellular Multicasting) component in CMIv6 are proposed to reduce the time of forwarding packets and packet loss. Figure 1 shows the framework of Cellular Mobile IPv6 constructed with FHA. The CMIv6 mechanism is described as follows: 1) An MN enters the cellular network and determines its current location using the IPv6 Router Discovery. Figure 2. MN transmits biding update messages to HA and CN. 5) CN transmits packets to MN with its care-of-address. (Figure 3) Figure 3. CN transmits packets to MN with its care-of-address. 6) MN obtains another care-of-address when the MN moves into the overlap cellular between two base stations. 7) MN notifies HA and CN with biding update messages and HA and CN return biding acknowledge messages to MN. FHA records the alteration of MN location. Whenever CN hasn t received the binding update messages from MN yet, the packets transmitted by CN to MN are still forwarded to the previous location of MN.
3 FHA matches the packet s MAC address in cache table and transmits to the MN in the new foreign link. Figure 4. FHA compares the MAC address of packets and sends packets to new destination of MN. 3. Security 3.1 MPLS VPN In the MPLS network, it provides high-speed IP forwarding and large scalability in the backbone network. One of the major applications of MPLS is the secure VPN (Figure5). MPLS VPN offers the same level of security as connection-oriented VPN [15]. VPN traffic is kept separate in MPLS networks. Besides, MPLS supports the quality of service and traffic engineering services The main concepts of VPN are Tunneling and Security Association. Tunneling is the process of placing an entire packet within another packet and sending it over a network. Security Association (SA) is a simplex "connection" that affords security services to the traffic carried by it. Figure5 Architecture of MPLS VPN The basic function of VPN [8,9,10] includes tunneling, encryption and decryption, authentication and key management. In this paper we use the IPSEC protocol (embedded for IPv6) to provide the security service in Mobile IPv6 environment. 3.2 IPSEC IPSEC provides the security service at IP layer, socalled layer-three network security protocol. IPSEC can be used to protect one or more paths between a pair of hosts, a pair of security gateways, or a security gateway and a host. IPSEC protocol divides into three main scopes [2]: 1) Authentication Header (AH) provides connectionless integrity, data origin authentication, and an optional anti-replay service. 2) Encapsulating Security Payload (ESP) provides confidentiality (encryption), and limited traffic flow confidentiality. It may also provide connectionless integrity, data origin authentication, and an anti-replay service. 3) Internet Security Association and Key Management Protocol, ISAKMP [13]: provides auto-configuration of Security Association and manages the encryption and authentication of key exchange. The algorithm of AH is HMAC (Hashed Message Authentication Codes). For example, calculate the value from MD5 (Message Digest 5) [14] can authenticate the authentication and integrity of packets in the receiver. The difference between AH and ESP is the ESP confidentiality for the payload. The format of ESP header shows in Figure 6. Figure 6. Header of ESP There are two different modes: transport mode and tunnel mode. In transport mode, the security headers are added before the transport layer headers. An AH added to the packet will cover the TCP header. An ESP header will cover the TCP header and payload (Figure 7). To reduce the bandwidth, the IP header is not authenticated and encrypted. It can be monitored or intercepted during the transmission. In tunnel mode, both AH and ESP headers are used to cover the entire packet (Figure 8). The IP header and IP payload are both authenticated. Usually, the tunnel mode is used between two firewalls to provide the secure connection. ISAKMP (Internet Security Association and Key Management Protocol) [13] currently uses the IKE (Internet Key Exchange) for IPSEC. ISAKMP manages the exchange of cryptographic keys in two-phase processes. Phase I Two ISAKMP peers establish a secure channel with a Security Association (SA). SA is a single, unidirectional flow of data between two IPSEC nodes. Phase II
4 This phase is responsible for establishing the tunnels or SA of endpoint between IPSEC hosts. Figure9. Using VPN Tunnel, CN gets information of MN from HA. Figure 7. Transport mode and tunnel mode of AH Figure 8. Transport mode and tunnel mode of ESP In Phas1, it needs a lot of CPU resources to authenticate and provide integrity protection. In Phase 2, there is no need to repeat a full authentication like the one done in Phase 1. And according to the secure environment built in the Phase 1, Phase 2 sets the SA of AH and ESP. 4. Cellular Mobile IPv6 Security Mechanism We use VPN technology in the CMIv6 mechanism to provide the security transmission. Here are the assumptions in this paper: 1) There are several base stations connected to FHA. The MN, CN, HA, FHA are the equipments with VPN function, and the connections between them are authorized. 2) The creation, encryption, decryption of VPN Tunnel and the management of key exchange follow the IPSEC standards [2,11,12,13] 3) In the Cellular Mobile IPv6 environment, the biding update messages and the biding acknowledgements transmitted between MN to CN and HA are known deservedly. The secure mechanism CMIv6 is described below: 1) CN gets the address and relative security information of MN from HA when CN wants to transmit data to MN. (Figure 9) Figure10. VPN Tunnels are constructed between CN and FHA, FHA and MN 3) Then MN establishes the new VPN Tunnel to FHA when the MN roams from subnet A to subnet B. The FHA forwards the packets transmitted from CN to MN in the new subnet B by comparing the MAC address of packets. (Figure 11) Figure 11. CN uses the VPN Tunnels to transmit packets to MN. 4) When the MN roams from subnet B to subnet C suddenly, there is no VPN Tunnel established between MN and FHA2. At this time, the MN transmits the binding update message to CN and HA. CN does not establish new VPN Tunnel to the new FHA2, so it still transmits packets to the old FHA. (Figure12) 2) VPN Tunnels are established between CN and FHA, FHA and MN to exchange secure information. (Figure10) Figure 12. CN transmits packets to old FHA1 when MN roams into new subnet B.
5 5) According to the messages from MN, the FHA2 establishes a new VPN Tunnel to FHA1, and FHA1 forwards the packets from CN to FHA2.(Figure 13 issue is that the Mobile Node performs the function of label switch router and establishes label switch patches to Home Agent. Acknowledgements This work is partially supported by National Science Council of Taiwan, R.O.C., under grand number NSC E Figure 13. New VPN Tunnel is established between FHA1 and FHA2. 6) CN establishes the new VPN Tunnel to FHA2, transmits packets to MN, and cuts off the VPN between FHA1 and FHA2. (Figure 14) Figure 14. New VPN Tunnel is established between CN and FHA2. The computation of encryption and decryption data needs a lot of resources (CPU, memory, battery). We can set the VPN function to be optional selections to save the power of MN in the secured CMIv6 mechanism. Once the CN wants to transmit packet with security encryption, the VPN function of MN will be set at ON to enable the security of CMIv6 mechanism. 5. Conclusions and Future Work The Mobile IP provides the mobility of mobile node to roam within different base stations. The mobile environment evolves into Mobile IPv6 with the benefits of IPv6. CMIv6 mechanism is proposed to solve the packet loss and the hand off problems in the Mobile IPv6. The security issues of VPN and IPSEC can provide the encryption, integrity and authorization of CMIv6 mechanism in Mobile Internet. To transmit secure data in the Internet is significant and essential now, especially for the mobile computation environment. This paper uses the VPN technology and IPSEC protocol to provide the security mechanism in CMIv6. Far more, this mechanism can be an optional function for mobile node to save power of computation security information. In the future, combining the benefits of MPLS core network and secure function of VPN into the Mobile IPv6 environment is feasible and practicable. The key Reference [1] H. C. Chao, Y. M. Chu and M. T. Lin, The Implementation of the Next -Generation Wireless Network Design: Cellular Mobile IPv6, IEEE Transaction on Consumer Electronics, vol.46, no.3, August [2] S. Kent and R. Atkinson, Security Architecture for the Internet Protocol, IETF, RFC 2401, November [3] S. Deering and R. Hinden, Internet Protocol, Version 6(IPv6) Specification, IETF, RFC 2460, December [4] C. Perkins, IP Mobility Support, IETF, RFC 2002, October [5] S. Thompson and T. Narten, IPv6 Stateless Address Autoconfiguration, IETF, RFC2462, December [6] James D. Solomon, Mobile IP, the Internet Unplugged, Prentice Hall PTR, [7] Han-Chieh Chao, and Y. M. Chu Seamless Support for Mobile Internet Protocol Based Cellular Environments to appear in the International Journal of Wireless Information Networks. [8] W. Fumy and H. P. Rieb, Network Security Management, Advanced Communications and Application for High Speed Networks, pp , [9] D. Snow and W. Chang, Network Security, Telesystems Conference NTC-92, pp.15/13-15/16, [10] B. C. Soh and S. Young, Network System and World Wide Web Security, Computer Communication, vol.20, pp , [11] S. Kent and R. Atkinson, IP Authentication Header, IETF, RFC 2402, November [12] S. Kent and R. Atkinson, IP Encapsulating Security Payload, IETF, RFC 2406, November [13] D. Maughan, M. Schertler, M. Schneider and J.Turner, Internet Security Association and Key Management Protocol, IETF, RFC 2408, November [14] C. Madson and R. Glenn, The Use of HMAC- MD5-96 within ESP and AH, IETF, RFC 2403, November 1998 [15] K. Muthukrishnan, C. Kathirvelu, T. Walsh, "A Core MPLS IP VPN Architecture "IETF, RFC 2917, July
Introduction to Security and PIX Firewall
Introduction to Security and PIX Firewall Agenda Dag 28 Föreläsning LAB PIX Firewall VPN A Virtual Private Network (VPN) is a service offering secure, reliable connectivity over a shared, public network
More informationTomás P. de Miguel DIT-UPM. dit UPM
Tomás P. de Miguel DIT- 15 12 Internet Mobile Market Phone.com 15 12 in Millions 9 6 3 9 6 3 0 1996 1997 1998 1999 2000 2001 0 Wireless Internet E-mail subscribers 2 (January 2001) Mobility The ability
More informationProtocol Security Where?
IPsec: AH and ESP 1 Protocol Security Where? Application layer: (+) easy access to user credentials, extend without waiting for OS vendor, understand data; (-) design again and again; e.g., PGP, ssh, Kerberos
More information21.4 Network Address Translation (NAT) 21.4.1 NAT concept
21.4 Network Address Translation (NAT) This section explains Network Address Translation (NAT). NAT is also known as IP masquerading. It provides a mapping between internal IP addresses and officially
More informationMobility on IPv6 Networks
Mobility on IPv6 Networks Pedro M. Ruiz Project Manager Agora Systems S.A. Global IPv6 Summit Madrid 13-15 March 2002 Pedro M. Ruiz (c) Agora Systems S.A, 2002 1 Outline Motivation MIPv6 architecture MIPv6
More informationMobile IP Part I: IPv4
Mobile IP Part I: IPv4 Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu These slides are available on-line at: http://www.cse.wustl.edu/~jain/cse574-06/ 12-1 q Mobile
More informationSecurity in IPv6. Basic Security Requirements and Techniques. Confidentiality. Integrity
Basic Security Requirements and Techniques Confidentiality The property that stored or transmitted information cannot be read or altered by an unauthorized party Integrity The property that any alteration
More informationIP Security. Ola Flygt Växjö University, Sweden http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49
IP Security Ola Flygt Växjö University, Sweden http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49 1 Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security
More informationSecuring IP Networks with Implementation of IPv6
Securing IP Networks with Implementation of IPv6 R.M.Agarwal DDG(SA), TEC Security Threats in IP Networks Packet sniffing IP Spoofing Connection Hijacking Denial of Service (DoS) Attacks Man in the Middle
More informationAPNIC elearning: IPSec Basics. Contact: training@apnic.net. esec03_v1.0
APNIC elearning: IPSec Basics Contact: training@apnic.net esec03_v1.0 Overview Virtual Private Networks What is IPsec? Benefits of IPsec Tunnel and Transport Mode IPsec Architecture Security Associations
More informationPríprava štúdia matematiky a informatiky na FMFI UK v anglickom jazyku
Univerzita Komenského v Bratislave Fakulta matematiky, fyziky a informatiky Príprava štúdia matematiky a informatiky na FMFI UK v anglickom jazyku ITMS: 26140230008 dopytovo orientovaný projekt Moderné
More informationMobile IP. Bheemarjuna Reddy Tamma IIT Hyderabad. Source: Slides of Charlie Perkins and Geert Heijenk on Mobile IP
Mobile IP Bheemarjuna Reddy Tamma IIT Hyderabad Source: Slides of Charlie Perkins and Geert Heijenk on Mobile IP IP Refresher Mobile IP Basics 3 parts of Mobile IP: Outline Advertising Care-of Addresses
More informationREDUCING PACKET OVERHEAD IN MOBILE IPV6
REDUCING PACKET OVERHEAD IN MOBILE IPV6 ABSTRACT Hooshiar Zolfagharnasab 1 1 Department of Computer Engineering, University of Isfahan, Isfahan, Iran hoppico@eng.ui.ac.ir hozo19@gmail.com Common Mobile
More informationMobile Routing. When a host moves, its point of attachment in the network changes. This is called a handoff.
Mobile Routing Basic Notions of Mobility When a host moves, its point of attachment in the changes. This is called a handoff. The point of attachment is a base station (BS) for cellular, or an access point
More informationMobility Management 嚴 力 行 高 雄 大 學 資 工 系
Mobility Management 嚴 力 行 高 雄 大 學 資 工 系 Mobility Management in Cellular Systems Cellular System HLR PSTN MSC MSC VLR BSC BSC BSC cell BTS BTS BTS BTS MT BTS BTS BTS BTS HLR and VLR HLR (Home Location Register)
More informationMobility Management in DECT/IPv6 Networks
Mobility Management in DECT/IPv6 Networks Sarantis Paskalis 1, Georgios Lampropoulos 1, and Georgios Stefanou 1 Department of Informatics and Telecommunications University of Athens, Greece Abstract. The
More informationBuilding scalable IPSec infrastructure with MikroTik. IPSec, L2TP/IPSec, OSPF
Building scalable IPSec infrastructure with MikroTik IPSec, L2TP/IPSec, OSPF Presenter information Tomas Kirnak Network design Security, wireless Servers Virtualization MikroTik Certified Trainer Atris,
More informationIPv6 Security: How is the Client Secured?
IPv6 Security: How is the Client Secured? Jeffrey L Carrell Network Conversions Network Security Consultant 1 IPv6 Security: How is the Client Secured? IPv6/IPsec IPsec Challenges IPsec Monitoring/Management
More information5.0 Network Architecture. 5.1 Internet vs. Intranet 5.2 NAT 5.3 Mobile Network
5.0 Network Architecture 5.1 Internet vs. Intranet 5.2 NAT 5.3 Mobile Network 1 5.1The Internet Worldwide connectivity ISPs connect private and business users Private: mostly dial-up connections Business:
More informationSecurity Engineering Part III Network Security. Security Protocols (II): IPsec
Security Engineering Part III Network Security Security Protocols (II): IPsec Juan E. Tapiador jestevez@inf.uc3m.es Department of Computer Science, UC3M Security Engineering 4th year BSc in Computer Science,
More informationIntroduction to Mobile IPv6
1 Introduction to Mobile IPv6 III IPv6 Global Summit Moscow Dr. Dimitrios Kalogeras dkalo@grnet.gr GRNET Outline Introduction Relevant Features of IPv6 Major Differences between MIPv4 and MIPv6 Mobile
More informationIP and Mobility. Requirements to a Mobile IP. Terminology in Mobile IP
IP and Mobility Chapter 2 Technical Basics: Layer Methods for Medium Access: Layer 2 Chapter Wireless Networks: Bluetooth, WLAN, WirelessMAN, WirelessWAN Mobile Telecommunication Networks: GSM, GPRS, UMTS
More informationLecture 17 - Network Security
Lecture 17 - Network Security CMPSC 443 - Spring 2012 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12/ Idea Why donʼt we just integrate some of these neat
More informationCS 4803 Computer and Network Security
Network layers CS 4803 Computer and Network Security Application Transport Network Lower level Alexandra (Sasha) Boldyreva IPsec 1 2 Roughly Application layer: the communicating processes themselves and
More informationINF3510 Information Security University of Oslo Spring 2011. Lecture 9 Communication Security. Audun Jøsang
INF3510 Information Security University of Oslo Spring 2011 Lecture 9 Communication Security Audun Jøsang Outline Network security concepts Communication security Perimeter security Protocol architecture
More information13 Virtual Private Networks 13.1 Point-to-Point Protocol (PPP) 13.2 Layer 2/3/4 VPNs 13.3 Multi-Protocol Label Switching 13.4 IPsec Transport Mode
13 Virtual Private Networks 13.1 Point-to-Point Protocol (PPP) PPP-based remote access using dial-in PPP encryption control protocol (ECP) PPP extensible authentication protocol (EAP) 13.2 Layer 2/3/4
More informationIntroducing Reliability and Load Balancing in Mobile IPv6 based Networks
Introducing Reliability and Load Balancing in Mobile IPv6 based Networks Jahanzeb Faizan Southern Methodist University Dallas, TX, USA jfaizan@engr.smu.edu Hesham El-Rewini Southern Methodist University
More informationObjectives. Remote Connection Options. Teleworking. Connecting Teleworkers to the Corporate WAN. Providing Teleworker Services
ITE I Chapter 6 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 1 Objectives Providing Teleworker Services Describe the enterprise requirements for providing teleworker services Explain how
More informationVPN. Date: 4/15/2004 By: Heena Patel Email:hpatel4@stevens-tech.edu
VPN Date: 4/15/2004 By: Heena Patel Email:hpatel4@stevens-tech.edu What is VPN? A VPN (virtual private network) is a private data network that uses public telecommunicating infrastructure (Internet), maintaining
More informationIntroduction to IP v6
IP v 1-3: defined and replaced Introduction to IP v6 IP v4 - current version; 20 years old IP v5 - streams protocol IP v6 - replacement for IP v4 During developments it was called IPng - Next Generation
More informationIPsec Details 1 / 43. IPsec Details
Header (AH) AH Layout Other AH Fields Mutable Parts of the IP Header What is an SPI? What s an SA? Encapsulating Security Payload (ESP) ESP Layout Padding Using ESP IPsec and Firewalls IPsec and the DNS
More informationIPv6 SECURITY. May 2011. The Government of the Hong Kong Special Administrative Region
IPv6 SECURITY May 2011 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without the express
More informationProactive DAD: An L2-assisted Fast Address Acquisition. Strategy for Mobile IPv6 Networks
Proactive DAD: An L2-assisted Fast Address Acquisition Strategy for Mobile IPv6 Networks Chien-Chao Tseng Department of Computer Science and Information Engineering National Chiao-Tung University Hsinchu,
More informationSecurity vulnerabilities in the Internet and possible solutions
Security vulnerabilities in the Internet and possible solutions 1. Introduction The foundation of today's Internet is the TCP/IP protocol suite. Since the time when these specifications were finished in
More informationSecurity. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1
Contents Security requirements Public key cryptography Key agreement/transport schemes Man-in-the-middle attack vulnerability Encryption. digital signature, hash, certification Complete security solutions
More informationCisco Which VPN Solution is Right for You?
Table of Contents Which VPN Solution is Right for You?...1 Introduction...1 Before You Begin...1 Conventions...1 Prerequisites...1 Components Used...1 NAT...2 Generic Routing Encapsulation Tunneling...2
More informationProCurve Networking IPv6 The Next Generation of Networking
ProCurve Networking The Next Generation of Networking Introduction... 2 Benefits from... 2 The Protocol... 3 Technology Features and Benefits... 4 Larger number of addresses... 4 End-to-end connectivity...
More informationThe BANDIT Products in Virtual Private Networks
encor! enetworks TM Version A.1, March 2010 2010 Encore Networks, Inc. All rights reserved. The BANDIT Products in Virtual Private Networks One of the principal features of the BANDIT products is their
More informationNeighbour Discovery in IPv6
Neighbour Discovery in IPv6 Andrew Hines Topic No: 17 Email: hines@zitmail.uni-paderborn.de Organiser: Christian Schindelhauer University of Paderborn Immatriculation No: 6225220 August 4, 2004 1 Abstract
More informationAppendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003
http://technet.microsoft.com/en-us/library/cc757501(ws.10).aspx Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003 Updated: October 7, 2005 Applies To: Windows Server 2003 with
More informationSecure Networking Using Mobile IP
Secure Networking Using Mobile IP Alexandros Karakos and Konstantinos Siozios Democritus University of Thrace eepartment of Electrical and Computer Engineering GR-671 00 Xanthi, GREECE Abstract. The increasing
More informationConfiguring a Site-to-Site VPN Tunnel Between Cisco RV320 Gigabit Dual WAN VPN Router and Cisco (1900/2900/3900) Series Integrated Services Router
print email Article ID: 4938 Configuring a Site-to-Site VPN Tunnel Between Cisco RV320 Gigabit Dual WAN VPN Router and Cisco (1900/2900/3900) Series Integrated Services Router Objective Virtual Private
More informationChapter 10. Network Security
Chapter 10 Network Security 10.1. Chapter 10: Outline 10.1 INTRODUCTION 10.2 CONFIDENTIALITY 10.3 OTHER ASPECTS OF SECURITY 10.4 INTERNET SECURITY 10.5 FIREWALLS 10.2 Chapter 10: Objective We introduce
More informationSecurity Considerations for Intrinsic Monitoring within IPv6 Networks: Work in Progress
Security Considerations for Intrinsic Monitoring within IPv6 Networks: Work in Progress Alan Davy and Lei Shi Telecommunication Software&Systems Group, Waterford Institute of Technology, Ireland adavy,lshi@tssg.org
More informationETSF10 Part 3 Lect 2
ETSF10 Part 3 Lect 2 DHCP, DNS, Security Jens A Andersson Electrical and Information Technology DHCP Dynamic Host Configuration Protocol bootp is predecessor Alternative: manual configuration IP address
More informationOn the Design of Mobility Management Scheme for 802.16-based Network Environment
On the Design of obility anagement Scheme for 802.16-based Network Environment Junn-Yen Hu and Chun-Chuan Yang ultimedia and Communications Laboratory Department of Computer Science and Information Engineering
More information6 Mobility Management
Politecnico di Milano Facoltà di Ingegneria dell Informazione 6 Mobility Management Reti Mobili Distribuite Prof. Antonio Capone Introduction Mobility management allows a terminal to change its point of
More informationAnalysis of Mobile IP in Wireless LANs
ENSC 835: COMMUNICATION NETWORKS FINAL PROJECT PRESENTATIONS Spring 2011 Analysis of Mobile IP in Wireless LANs www.sfu.ca/~bshahabi Babak Shahabi (bshahabi@sfu.ca( bshahabi@sfu.ca) 301102998 Shaoyun Yang
More informationAdministrivia. CSMA/CA: Recap. Mobility Management. Mobility Management. Channel Partitioning, Random Access and Scheduling
Administrivia No lecture on Thurs. Last work will be out this week (not due, covers wireless) Extra office hours for next week and the week after. Channel Partitioning, Random Access and Scheduling Channel
More informationChapter 2 Virtual Private Networking Basics
Chapter 2 Virtual Private Networking Basics What is a Virtual Private Network? There have been many improvements in the Internet including Quality of Service, network performance, and inexpensive technologies,
More informationSecurity issues with Mobile IP
Technical report, IDE1107, February 2011 Security issues with Mobile IP Master s Thesis in Computer Network Engineering Abdel Rahman Alkhawaja & Hatem Sheibani School of Information Science, Computer and
More informationInternet Protocol Security IPSec
Internet Protocol Security IPSec Summer Semester 2011 Integrated Communication Systems Group Ilmenau University of Technology Outline Introduction Authentication Header (AH) Encapsulating Security Payload
More informationApplication Note: Onsight Device VPN Configuration V1.1
Application Note: Onsight Device VPN Configuration V1.1 Table of Contents OVERVIEW 2 1 SUPPORTED VPN TYPES 2 1.1 OD VPN CLIENT 2 1.2 SUPPORTED PROTOCOLS AND CONFIGURATION 2 2 OD VPN CONFIGURATION 2 2.1
More informationSecurity Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP)
Security Protocols Security Protocols Necessary to communicate securely across untrusted network Provide integrity, confidentiality, authenticity of communications Based on previously discussed cryptographic
More informationChapter 9. IP Secure
Chapter 9 IP Secure 1 Network architecture is usually explained as a stack of different layers. Figure 1 explains the OSI (Open System Interconnect) model stack and IP (Internet Protocol) model stack.
More informationVirtual Private Networks
Virtual Private Networks The Ohio State University Columbus, OH 43210 Jain@cse.ohio-State.Edu http://www.cse.ohio-state.edu/~jain/ 1 Overview Types of VPNs When and why VPN? VPN Design Issues Security
More informationGroup Encrypted Transport VPN
Group Encrypted Transport VPN Petr Růžička petr.ruzicka@cisco.com Cisco Systems Czech Republic V Celnici 10, 117 21 Praha Abstract Today's networked applications, such as voice and video, are accelerating
More informationNetwork Security. Lecture 3
Network Security Lecture 3 Design and Analysis of Communication Networks (DACS) University of Twente The Netherlands Security protocols application transport network datalink physical Contents IPSec overview
More informationCSCI 454/554 Computer and Network Security. Topic 8.1 IPsec
CSCI 454/554 Computer and Network Security Topic 8.1 IPsec Outline IPsec Objectives IPsec architecture & concepts IPsec authentication header IPsec encapsulating security payload 2 IPsec Objectives Why
More informationChapter 32 Internet Security
Chapter 32 Internet Security Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 32: Outline 32.1 NETWORK-LAYER SECURITY 32.2 TRANSPORT-LAYER SECURITY 32.3
More informationAn Active Network Based Hierarchical Mobile Internet Protocol Version 6 Framework
An Active Network Based Hierarchical Mobile Internet Protocol Version 6 Framework Zutao Zhu Zhenjun Li YunYong Duan Department of Business Support Department of Computer Science Department of Business
More informationIPV6 vs. SSL comparing Apples with Oranges
IPV6 vs. SSL comparing Apples with Oranges Reto E. Haeni r.haeni@cpi.seas.gwu.edu The George Washington University Cyberspace Policy Institute 2033 K Str. Suite 340 N Washington DC 20006 Washington DC,
More informationApproaches to Multicast over Firewalls: an Analysis
Approaches to Multicast over Firewalls: an Analysis Loïc Oria Loico@hplp.hpl.hp.com August 1999 1 Introduction Most commercial organisations, and increasingly even universities, use firewalls to constrain
More informationEthernet. Ethernet. Network Devices
Ethernet Babak Kia Adjunct Professor Boston University College of Engineering ENG SC757 - Advanced Microprocessor Design Ethernet Ethernet is a term used to refer to a diverse set of frame based networking
More informationComputer Networks. Secure Systems
Computer Networks Secure Systems Summary Common Secure Protocols SSH HTTPS (SSL/TSL) IPSec Wireless Security WPA2 PSK vs EAP Firewalls Discussion Secure Shell (SSH) A protocol to allow secure login to
More informationVPN Technologies: Definitions and Requirements
VPN Technologies: Definitions and Requirements 1. Introduction VPN Consortium, January 2003 This white paper describes the major technologies for virtual private networks (VPNs) used today on the Internet.
More informationInternet Security. Internet Security Voice over IP. Introduction. ETSF10 Internet Protocols 2011-11-22. ETSF10 Internet Protocols 2011
Internet Security Voice over IP ETSF10 Internet Protocols 2011 Kaan Bür & Jens Andersson Department of Electrical and Information Technology Internet Security IPSec 32.1 SSL/TLS 32.2 Firewalls 32.4 + Voice
More informationNetwork Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide
Network Security [2] Public Key Encryption Also used in message authentication & key distribution Based on mathematical algorithms, not only on operations over bit patterns (as conventional) => much overhead
More informationEVOLVING ENTERPRISE NETWORKS WITH SPB-M APPLICATION NOTE
EVOLVING ENTERPRISE NETWORKS WITH SPB-M APPLICATION NOTE EXECUTIVE SUMMARY Enterprise network managers are being forced to do more with less. Their networks are growing in size and complexity. They need
More informationCCNA Security 1.1 Instructional Resource
CCNA Security 1.1 Instructional Resource Chapter 8 Implementing Virtual Private Networks 2012 Cisco and/or its affiliates. All rights reserved. 1 Describe the purpose and types of VPNs and define where
More informationChapter 4 Virtual Private Networking
Chapter 4 Virtual Private Networking This chapter describes how to use the virtual private networking (VPN) features of the FVL328 Firewall. VPN tunnels provide secure, encrypted communications between
More informationVirtual Private Networks: IPSec vs. SSL
Virtual Private Networks: IPSec vs. SSL IPSec SSL Michael Daye Jr. Instructor: Dr. Lunsford ICTN 4040-001 April 16 th 2007 Virtual Private Networks: IPSec vs. SSL In today s society organizations and companies
More informationBUY ONLINE AT: http://www.itgovernance.co.uk/products/730
IPSEC VPN DESIGN Introduction Chapter 1: Introduction to VPNs Motivations for Deploying a VPN VPN Technologies Layer 2 VPNs Layer 3 VPNs Remote Access VPNs Chapter 2: IPSec Overview Encryption Terminology
More information7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?
7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk
More informationFinal exam review, Fall 2005 FSU (CIS-5357) Network Security
Final exam review, Fall 2005 FSU (CIS-5357) Network Security Instructor: Breno de Medeiros 1. What is an insertion attack against a NIDS? Answer: An insertion attack against a network intrusion detection
More informationSERVICE DISCOVERY AND MOBILITY MANAGEMENT
Objectives: 1) Understanding some popular service discovery protocols 2) Understanding mobility management in WLAN and cellular networks Readings: 1. Fundamentals of Mobile and Pervasive Computing (chapt7)
More informationStudy on Remote Access for Library Based on SSL VPN
, pp.111-122 http://dx.doi.org/10.14257/ijca.2016.9.1.11 Study on Remote Access for Library Based on SSL VPN Mei Zhang Library, Linyi University, Shandong, 276000, China zhangmei7596@163.com Abstract With
More informationNetwork Security Part II: Standards
Network Security Part II: Standards Raj Jain Washington University Saint Louis, MO 63131 Jain@cse.wustl.edu These slides are available on-line at: http://www.cse.wustl.edu/~jain/cse473-05/ 18-1 Overview
More informationMobility Management for IP-based Mobile Networks
Mobility Management for IP-based Mobile Networks H. Becker, N. Gerlich, M. Schopp Siemens Information & Communication Mobile Munich, Germany 1 Overview Introduction to IP-based Radio Access Networks Definition
More informationThis chapter covers the following topics: Characteristics of roaming Layer 2 roaming Layer 3 roaming and an introduction to Mobile IP
This chapter covers the following topics: Characteristics of roaming Layer 2 roaming Layer 3 roaming and an introduction to Mobile IP C H A P T E R 5 Mobility This book covers the major components of 802.11
More informationVPN. VPN For BIPAC 741/743GE
VPN For BIPAC 741/743GE August, 2003 1 The router supports VPN to establish secure, end-to-end private network connections over a public networking infrastructure. There are two types of VPN connections,
More informationCase Studies. Static p2p GRE over IPsec with a Branch Dynamic Public IP Address Case Study. Overview CHAPTER
CHAPTER 5 The following two case studies are provided as reference material for implementing p2p GRE over IPsec designs. Static p2p GRE over IPsec with a Branch Dynamic Public IP Address Case Study This
More informationInterconnection of Heterogeneous Networks. Internetworking. Service model. Addressing Address mapping Automatic host configuration
Interconnection of Heterogeneous Networks Internetworking Service model Addressing Address mapping Automatic host configuration Wireless LAN network@home outer Ethernet PPS Internet-Praktikum Internetworking
More informationOutline. INF3510 Information Security. Lecture 10: Communications Security. Communication Security Analogy. Network Security Concepts
Outline INF3510 Information Security Lecture 10: Communications Security Network security concepts Communication security Perimeter security Protocol architecture and security services Example security
More informationWAN Data Link Protocols
WAN Data Link Protocols In addition to Physical layer devices, WANs require Data Link layer protocols to establish the link across the communication line from the sending to the receiving device. 1 Data
More informationMonitoring of Tunneled IPv6 Traffic Using Packet Decapsulation and IPFIX
Monitoring of Tunneled IPv6 Traffic Using Packet Decapsulation and IPFIX Martin Elich 1,3, Matěj Grégr 1,2 and Pavel Čeleda1,3 1 CESNET, z.s.p.o., Prague, Czech Republic 2 Brno University of Technology,
More informationEITF25 Internet Techniques and Applications L5: Wide Area Networks (WAN) Stefan Höst
EITF25 Internet Techniques and Applications L5: Wide Area Networks (WAN) Stefan Höst Data communication in reality In reality, the source and destination hosts are very seldom on the same network, for
More informationReport to WIPO SCIT Plenary Trilateral Secure Virtual Private Network Primer. February 3, 1999
Report to WIPO SCIT Plenary Trilateral Secure Virtual Private Network Primer February 3, 1999 Frame Relay Frame Relay is an international standard for high-speed access to public wide area data networks
More informationGuide to TCP/IP, Third Edition. Chapter 3: Data Link and Network Layer TCP/IP Protocols
Guide to TCP/IP, Third Edition Chapter 3: Data Link and Network Layer TCP/IP Protocols Objectives Understand the role that data link protocols, such as SLIP and PPP, play for TCP/IP Distinguish among various
More informationLecture 10: Communications Security
INF3510 Information Security Lecture 10: Communications Security Audun Jøsang University of Oslo Spring 2015 Outline Network security concepts Communication security Perimeter security Protocol architecture
More informationITL BULLETIN FOR JANUARY 2011
ITL BULLETIN FOR JANUARY 2011 INTERNET PROTOCOL VERSION 6 (IPv6): NIST GUIDELINES HELP ORGANIZATIONS MANAGE THE SECURE DEPLOYMENT OF THE NEW NETWORK PROTOCOL Shirley Radack, Editor Computer Security Division
More informationMoonv6 Test Suite DRAFT
Moonv6 Test Suite DHCP Interoperability Test Suite DRAFT Technical Document Revision 0.1 IPv6 Consortium 121 Technology Drive, Suite 2 InterOperability Laboratory Durham, NH 03824-3525 Research Computing
More informationOverview. Lecture 16: IP variations: IPv6, multicast, anycast. I think we have a problem. IPv6. IPv6 Key Features
Overview Lecture 16: IP variations: IPv6, multicast, anycast Next generation IP: IPv6 6lowpan and the Internet of Things IP multicast IP anycast Practical considerations throughout I think we have a problem
More informationSEcure Neighbour Discovery: A Report
SEcure Neighbour Discovery: A Report Arun Raghavan (Y6111006) CS625: Advanced Computer Networks Abstract The IPv6 [5] Neighbour Discovery [12] protocol is used by nodes in IPv6 for such purposes as discover
More informationCS 356 Lecture 27 Internet Security Protocols. Spring 2013
CS 356 Lecture 27 Internet Security Protocols Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists
More informationOverview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP
Overview Securing TCP/IP Chapter 6 TCP/IP Open Systems Interconnection Model Anatomy of a Packet Internet Protocol Security (IPSec) Web Security (HTTP over TLS, Secure-HTTP) Lecturer: Pei-yih Ting 1 2
More informationABSTRACT. Introduction. Table of Contents. By Yi-an Chen
A Survey Paper on Mobile IP By Yi-an Chen ABSTRACT Mobile Internet Protocol (IP) is a new recommended Internet protocol designed to support the mobility of a user (host). Host mobility is becoming important
More informationRARP: Reverse Address Resolution Protocol
SFWR 4C03: Computer Networks and Computer Security January 19-22 2004 Lecturer: Kartik Krishnan Lectures 7-9 RARP: Reverse Address Resolution Protocol When a system with a local disk is bootstrapped it
More information(Refer Slide Time: 01:38 01:37)
Computer Networks Prof. S. Ghosh Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Lecture No: 29 IP Version 6 & Mobile IP Good day, in the last lecture we discussed
More informationIPsec VPN Security between Aruba Remote Access Points and Mobility Controllers
IPsec VPN Security between Aruba Remote Access Points and Mobility Controllers Application Note Revision 1.0 10 February 2011 Copyright 2011. Aruba Networks, Inc. All rights reserved. IPsec VPN Security
More information