Một giải pháp quản lý kết nối mật cho IPSec trên FPGA

Tóm tắt—IPSec (Internet Protocol Security) là bộ giao thức an toàn nhằm bảo vệlưu lượng dữ liệu qua mạng Internet. Mỗi kết nối mật trong mô hình triển khai IPSec có một bộ thuật toán, tham số bảo mật riêng. Để đảm bảo các kết nối mật hoạt động ổn định trong môi trường truyền tin với băng thông lớn, việc quản lý nhiều kết nối mật đồng thời trên thiết bị IPSec đóng vai trò vô cùng quan trọng. Do tính phức tạp của quá trình quản lý, thông thường vấn đề này được thực hiện bằng phần mềm trên hệđiều hành. Giải pháp này bị hạn chế do quá trình trao đổi dữ liệu giữavi mạch Field Programmable Gate Array (FPGA) và bộ vi xử lý. Trong bài viết này, nhóm tác giả đưa ra một giải pháp tổ chức, quản lý kết nối mật sau khi sử dụng giao thức Internet Key Exchange (IKE) để trao đổi khóa cho IPSec trên FPGA sử dụng ngôn ngữ mô tả phần cứng, nhằm đáp ứng yêu cầu tốc độ cao với nhiều kết nối.Abstract—IPSec (Internet Protocol Security) is a secure protocol aiming to protect data traffic via the Internet. There is a separate set of algorithms and security parameters in each secure connection in the IPSec deployment model. In order to ensure stable connections in high-bandwidth environments, managing multiple secure connections simultaneously on IPSec devices holds a significant role. Due to the complexity of the management process, this is commonly done by software on the operating system. This solution is restricted due to data exchange between field-programmable gate array (FPGA) and microprocessor. In this article, a solution was proposed to organize and manage a confidential connection after using Internet Key Exchange (IKE) to exchange keys for IPSec directly using hardware description language on FPGA, aiming to meet high-speed requirements with many connections.

Using I2P Encrypted Virtual Tunnels for a Secure and Anonymous Communication in VANets: I2P Vehicular Protocol (IVP)

Providing security and anonymity within VANet requires application of robust and secure models that meet several characteristics of VANet. I2P as a secure protocol designed to anonymize the communication on the internet, can be used as a reference model to develop new mechanisms of security and anonymity in VANet. I2P uses robust mechanisms and strong algorithms to reinforce the security and the anonymity of the communication. However, the difference between internet and VANet in terms of mobility and connectivity of nodes presents a big issue that needs to be treated when using I2P mechanisms in VANet. In the previous work [1], we propose a protocol based on tunnels and encryption algorithms that use digital signatures and authentication mechanisms. Tunnels are created in static scenarios and without maintaining their existence. In this paper, we complete the last version of the proposed protocol (I2P Vehicular Protocol) by integrating a tunnel maintenance algorithm for maintaining the existence of the created tunnels during the communication. This algorithm allows the implementation of the protocol in mobile scenarios of VANet. The effectiveness and security of IVP protocol are proved by analyzing the added part related to the tunnel maintenance process and showing performance results (end-to-end delay, PDR and overhead). Simulation scenarios were executed using NS3 simulator.

A Secure Two Factor Authentication Protocol for Cloud-Assisted Wireless Body Area Network Using Blockchain

The recent advancements in technologies have allowed us to come so far and resulted in many breakthroughs. One of the various examples is internet of things, wireless communication, and cloud computing which can be useful if utilize in many fields. In the field of medical, these advancements allowed any medical centres to improve patient’s health remotely simply by using wearable devices on patients that then will amalgamate with the wireless body area network (WBAN). However, WBAN has limited resources which limits its services. To solve this problem, cloud computing is used to provide storage and computation. Unfortunately, these methods allow the system to be vulnerable to various malicious attacks. Attackers can easily gain access to the medical records of patients hence the integrity of security and privacy of confidential data have been compromised. In this paper, we presented a secure protocol for cloud-assisted database using multi-factor authentication and blockchain as an added measure to ensure security. Accordingly, we prove that the presented scheme offers more security and privacy. Therefore, it is the most practical method to be applied in the medical field.

Implementation and Evaluation of Security Protocols in E-Commerce Applications

<p>There are a large amount of programs in the development process in todays technology environment, and many of these involve some type of security needs. These needs are usually not dealt with in a sensible way and some even don’t bother with any analysis. This thesis describes a solution of implementing a secure protocol, and gives an evaluation of the process along with the techniques and tools to aid a secure design and implementation process. This allows others to take this knowledge into account when building other applications which have a need for security development.</p>

Implementation and Evaluation of Security Protocols in E-Commerce Applications

<p>There are a large amount of programs in the development process in todays technology environment, and many of these involve some type of security needs. These needs are usually not dealt with in a sensible way and some even don’t bother with any analysis. This thesis describes a solution of implementing a secure protocol, and gives an evaluation of the process along with the techniques and tools to aid a secure design and implementation process. This allows others to take this knowledge into account when building other applications which have a need for security development.</p>

Identification of Technical Objects in the Special Networks According to the Principle of "Friend or Foe"

Introduction. In recent years, military conflicts are moving to a fundamentally new level of development, which is associated with the widespread use of geographically distributed large groups of remotely controlled robotic systems, the rapid growth of information volumes, a significant increase in the speed of its processing, instant messaging to increase situational awareness, management, rapid response, etc. Purpose. The article is devoted to solving an urgent scientific problem — the development of an algorithm for state identification of military objects and personnel. The problems of using modern cryptographic algorithms for state identification, which use data obtained by other stations of the air defense system and radio intelligence, combined in a special network, are considered. Results. A new encryption key exchange protocol and a rationale for choosing a cryptographic algorithm that can be used in real-time systems with low computational performance are proposed. To ensure the stability of the use of electronic warfare tools, it is proposed to use software-defined radio stations based on programmable logic matrices as a hardware basis, since they allow changing the type of signal-code structures, which also applies frequency ranges without replacing radio engineering blocks. Conclusions. With the increase in the number of remotely controlled military equipment objects on the battlefield, the problem of positioning military personnel and equipping them with network communication means requires a review of the methods and algorithms used for state recognition. The paper proposes a new algorithm for state identification of objects and identification of military personnel using symmetric cryptographic algorithms and the use of a secure Protocol for exchanging information received from the network of the Armed Forces of Ukraine. This approach can potentially increase the performance and quality of the identification system.

An Assessment of the Performance of the Secure Remote Update Protocol in Simulated Real-World Conditions

This paper assesses the relative performance of the MQTT protocol in comparison to the Secure Remote Update Protocol (SRUP) in a number of simulated real-world conditions, and describes an experiment that has been conducted to measure the processing delay associated with the use of the more secure protocol. Experimental measurements for power consumption of the devices and the size of comparable TCP packets were also made. Analysis shows that the use of the SRUP protocol added an additional processing delay of between 42.92 ms and 51.60 ms—depending on the specific hardware in use. There was also shown to be a 55.47% increase in power consumption when running the secure SRUP protocol, compared with an MQTT implementation.

An Efficient and Provable Multifactor Mutual Authentication Protocol for Multigateway Wireless Sensor Networks

As the most popular way of communication technology at the moment, wireless sensor networks have been widely concerned by academia and industry and plays an important role in military, agriculture, medicine, and other fields. Identity authentication offers the first line of defence to ensure the security communication of wireless sensor networks. Since the sensor nodes are resource-limited in the wireless networks, how to design an efficient and secure protocol is extremely significant. The current authentication protocols have the problem that the sensor nodes need to execute heavy calculation and communication consumption during the authentication process and cannot resist node capture attack, and the protocols also cannot provide perfect forward and backward security and cannot resist replay attack. Multifactor identity authentication protocols can provide a higher rank of security than single-factor and two-factor identity authentication protocols. The multigateway wireless sensor networks’ structure can provide a larger communication coverage area than the single-gateway network structure, so it has become the focus of recent studies. Therefore, we design a novel multifactor authentication protocol for multigateway wireless sensor networks, which only apply the lightweight hash function and are given biometric information to achieve a higher level of security and efficiency and a larger communication coverage area. We separately apply BAN logic, random oracle model, and AVISPA tool to validate the security of our authentication protocol in Case 1 and Case 2. We put forward sixteen evaluation criteria to comprehensively evaluate our authentication protocol. Compared with the related authentication protocols, our authentication protocol is able to achieve higher security and efficiency.