Relevant bibliographies by topics / IPsec / Dissertations / Theses
To see the other types of publications on this topic, follow the link: IPsec.

Dissertations / Theses on the topic 'IPsec'

Author: Grafiati
Published: 4 June 2021
Last updated: 25 May 2024

Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles

Select a source type:

Consult the top 50 dissertations / theses for your research on the topic 'IPsec.'

Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.

You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.

Browse dissertations / theses on a wide variety of disciplines and organise your bibliography correctly.

1

Schreiber, Alexander, and Holm Sieber. "VPN/IPSec." Universitätsbibliothek Chemnitz, 2002. http://nbn-resolving.de/urn:nbn:de:bsz:ch1-200200982.

Full text
APA, Harvard, Vancouver, ISO, and other styles
2

Agar, Christopher D. "Dynamic parameterization of IPSEC." Thesis, Monterey, Calif. : Springfield, Va. : Naval Postgraduate School ; Available from National Technical Information Service, 2001. http://handle.dtic.mil/100.2/ADA401378.

Full text
Abstract:
Thesis (M.S. in Computer Science) Naval Postgraduate School, December 2001.
Thesis Advisor (s): Irvine, Cynthia E. "December 2001." Includes bibliographical references (p. 311-313). Also available online.
APA, Harvard, Vancouver, ISO, and other styles
3

Xu, Chen, and chen8002004@hotmail com. "Building mobile L2TP/IPsec tunnels." RMIT University. Electrical and Computer Engineering, 2010. http://adt.lib.rmit.edu.au/adt/public/adt-VIT20100329.160455.

Full text
Abstract:
Wireless networks introduce a whole range of challenges to the traditional TCP/IP network, especially Virtual Private Network (VPN). Changing IP address is a difficult issue for VPNs in wireless networks because IP addresses are used as one of the identifiers of a VPN connection and the change of IP addresses will break the original connection. The current solution to this problem is to run VPN tunnels over Mobile IP (MIP). However, Mobile IP itself has significant problems in performance and security and that solution is inefficient due to double tunneling. This thesis proposes and implements a new and novel solution on simulators and real devices to solve the mobility problem in a VPN. The new solution adds mobility support to existing L2TP/IPsec (Layer 2 Tunneling Protocol/IP Security) tunnels. The new solution tunnels Layer 2 packets between VPN clients and a VPN server without using Mobile IP, without incurring tunnel-re-establishment at handoff, without losing packets during handoff, achieves better security than current mobility solutions for VPN, and supports fast handoff in IPv4 networks. Experimental results on a VMware simulation showed the handoff time for the VPN tunnel to be 0.08 seconds, much better than the current method which requires a new tunnel establishment at a cost of 1.56 seconds. Experimental results with a real network of computers showed the handoff time for the VPN tunnel to be 4.8 seconds. This delay was mainly caused by getting an IP address from DHCP servers via wireless access points (4.6 seconds). The time for VPN negotiation was only 0.2 seconds. The experimental result proves that the proposed mobility solution greatly reduces the VPN negotiation time but getting an IP address from DHCP servers is a large delay which obstructs the real world application. This problem can be solved by introducing fast DHCP or supplying an IP address from a new wireless access point with a strong signal while the current Internet connection is weak. Currently, there is little work on fast DHCP and this may open a range of new research opportunities.
APA, Harvard, Vancouver, ISO, and other styles
4

Davis, Carlton R. "IPSec base virtual private network." Thesis, McGill University, 2000. http://digitool.Library.McGill.CA:80/R/?func=dbin-jump-full&object_id=33390.

Full text
Abstract:
The Internet evolved from an experiential packet-switching network called the ARPANET. This network has grown exponentially since its conversion from an experimental to an operational network in 1975. However, the need for confidential and secure data channel has dissuaded many enterprises from using this ubiquitous public infrastructure. The IPSec protocol suite developed by the Internet Engineering Task Force (IETF) makes it possible to implement secure communication channels or virtual private network (VPN) over the Internet. Corporations can benefit from substantial financial savings by utilizing VPN for inter-company or intra-company communications rather than using expensive lease or privately own network infrastructure with its associated high maintenance costs. In this thesis, we will discuss the architecture, design and use of IPSec base VPN.
APA, Harvard, Vancouver, ISO, and other styles
5

Jones, Chad F. (Chad Frederick) 1975. "An application level emulation of IPSEC." Thesis, Massachusetts Institute of Technology, 1998. http://hdl.handle.net/1721.1/50051.

Full text
Abstract:
Thesis (M.Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 1998.
Includes bibliographical references (leaves 38-39).
by Chad F. Jones.
M.Eng.
APA, Harvard, Vancouver, ISO, and other styles
6

Falconi, Aritana Pinheiro. "Uso dinâmico de IPSEC com IPV6." Instituto Nacional de Pesquisas Espaciais, 2004. http://urlib.net/sid.inpe.br/jeferson/2005/01.07.10.46.

Full text
Abstract:
Este trabalho tem como objetivo propor uma metodologia de uso da plataforma de segurança IP Security - IPSec - com o Internet Protocol Version 6 - IPv6 - no intuito de avaliar e aumentar o desempenho da comunicação entre máquinas interligadas por uma rede de computadores. Propõe-se habilitá-lo quando estritamente necessário, sem manter um túnel criptógrafico durante toda a comunicação entre as máquinas envolvidas. Isso é feito permitindo que as aplicações acessem diretamente a base de dados de políticas do IPSec, alterando suas políticas. Para validar a metodologia, utilizou-se os serviços POP3 e FTP com uso do IPSec durante a transferência de senha de um usuário da aplicação, desabilitando o IPSec durante o resto da sessão TCP, mantendo a sessão.
The objective of this work is to propose a methodology of use of the security platform IP Security - IPSec - with the Internet Protocol Version 6 - IPv6 - in order to evaluate and increase the performance of the communication between machines connected by a network computer. The proposition is enabling IPSec only when strictly necessary, without keeping an encryption tunnel during the whole communication between machines. This is made by the applications having access directly to the IPSec security policies database and modifying some policies. The POP3 and FTP services had been used to evaluate the IPSec use only during the transference of an application user password. After that, the IPSec is disabled during the same TCP session.
APA, Harvard, Vancouver, ISO, and other styles
7

Hiran, Vaishali Rahul. "Usability evaluation of IPsec configuring components." Thesis, Linköpings universitet, Institutionen för datavetenskap, 2015. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-122423.

Full text
Abstract:
The security protocol IPsec is used in the LTE network to achieve a securecommunication from prying eyes. However, the use of IPsec is optional bythe LTE standard. Whether or not to use the IPsec thus becomes a securitydecision that each operator has to make after having considered applicablerisks and anticipated costs. It is also important to consider the OperationalExpenditure (OPEX) for deploying, operating, and maintaining the IPsecinstallation. One important factor that can aect OPEX is usability. Forthis reason understanding the usability properties of a system can help toidentify improvements that can reduce OPEX.This study mainly focused on investigating the challenges and also investigateswhether poor usability was a contributing factor for deploymentchallenges of IPsec in the LTE infrastructure. Additionally, this study alsofocused on prerequisite knowledge for an individual in order to ensure thecorrect deployment of IPsec in the LTE network.Cognitive Walkthrough and Heuristic Evaluation usability methods wereused in this study. By using these methods, several usability issues related toIPsec conguring components like documentation, the MO structure, anda used tool were identied. It was also identied that each componenthad rooms for improvements, especially for documentation which can signicantly aid in the deployment of IPsec. Moreover, in order to smoothlydeploy IPsec in the LTE network, it is important to have beforehand knowledgeof conguring components used to deploy IPsec.
APA, Harvard, Vancouver, ISO, and other styles
8

Kavun, Elif Bilge. "A Compact Cryptographic Processor For Ipsec Applications." Master's thesis, METU, 2010. http://etd.lib.metu.edu.tr/upload/12612439/index.pdf.

Full text
Abstract:
A compact cryptographic processor with custom integrated cryptographic coprocessors is designed and implemented. The processor is mainly aimed for IPSec applications, which require intense processing power for cryptographic operations. In the present design, this processing power is achieved via the custom cryptographic coprocessors. These are an AES engine, a SHA-1 engine and a Montgomery modular multiplier, which are connected to the main processor core through a generic flexible interface. The processor core is fully compatible with Zylin Processor Unit (ZPU) instruction set, allowing the use of ZPU toolchain. A minimum set of required instructions is implemented in hardware, while the rest of the instructions are emulated in software. The functionality of the cryptographic processor and its suitability for IPSec applications are demonstrated through implementation of sample IPSec protocols in C-code, which is compiled into machine code and run on the processor. The resultant processor, together with the sample codes, presents a pilot platform for the demonstration of hardware/software co-design and performance evaluation of IPSec protocols and components.
APA, Harvard, Vancouver, ISO, and other styles
9

Jutvik, Vilhelm. "IPsec and IKEv2 for the Contiki Operating System." Thesis, Uppsala universitet, Institutionen för informationsteknologi, 2014. http://urn.kb.se/resolve?urn=urn:nbn:se:uu:diva-229574.

Full text
Abstract:
Contiki is a small and resource-efficient OS for the IoT (Internet of Things). IPsec and IKEv2 are two standards used for secure communication over the Internet. Can they be implemented on Contiki using current hardware while still being interoperable with other Internet hosts? The question was answered by implementing and then evaluating the standards. A connection was established with another Internet host while measurements were made of ROM / RAM consumption, required processing time (i.e. energy consumption). By writing an efficient runtime and using Elliptic Curve Cryptography, I concluded that an interoperable implementation for Contiki was feasible. However, I also found that the standards -as such- were unsuitable for the IoT infrastructure due to their complexity and the fact that IPsec's policies are expressed in network layer primitives (i.e. unsuitable for networks with a dynamic topology).
APA, Harvard, Vancouver, ISO, and other styles
10

Ульянік, О. М. "Графічний інтерфейс налаштування набору технологій DMVPN(Multipoint GRE+NHRP) over IPsec." Master's thesis, Сумський державний університет, 2020. https://essuir.sumdu.edu.ua/handle/123456789/82385.

Full text
Abstract:
Розроблена веб-орієнтована інформаційна система, графічний інтерфейс якої дозволяє вибрати необхідні налаштування, автоматично конфігурувати інтерфейси роутера, налаштувати на маршрутизаторах конфігурацію захищених мереж DMVPN over IPsec. Система дозволяє зручно перенести згенерований код налаштувань роутера в налаштування реального мережевого обладнання. Система має пояснювальну записку щодо отриманих команд, а також має захист від невірно введених початкових даних. Систему реалізовано у формі веб-додатку з використанням мови програмування JavaScript.
APA, Harvard, Vancouver, ISO, and other styles
11

Horn, John F. "IPSec-based dynamic security services for the MYSEA environment." Thesis, Monterey, Calif. : Springfield, Va. : Naval Postgraduate School ; Available from National Technical Information Service, 2005. http://library.nps.navy.mil/uhtbin/hyperion/05Jun%5FHorn.pdf.

Full text
Abstract:
Thesis (M.S. in Computer Science)--Naval Postgraduate School, June 2005.
Thesis Advisor(s): Cynthia E. Irvine, Thuy D. Nguyen. Includes bibliographical references (p. 107-109). Also available online.
APA, Harvard, Vancouver, ISO, and other styles
12

Sherwood, Nicholas. "An IPsec Compatible Implementation of DBRA and IP-ABR." Digital WPI, 2005. https://digitalcommons.wpi.edu/etd-theses/738.

Full text
Abstract:
Satellites are some of the most difficult links to exploit in a Quality of Service (QoS) sensitive network, largely due to their high latency, variable-bandwidth and low-bandwidth nature. Central management of shared links has been shown to provide efficiency gains and enhanced QoS by effectively allocating resources according to reservations and dynamic resource availability. In a modern network, segregated by secure gateways and tunnels such as provided by IPsec, central management appears impossible to implement due to the barriers created between a global Dynamic Bandwidth Resource Allocation (DBRA) system and the mediators controlling the individual flows. This thesis explores and evaluates various through-IPsec communications techniques aimed at providing a satellite-to-network control channel, while maintaining data security for all communications involved.
APA, Harvard, Vancouver, ISO, and other styles
13

Павленко, Є. Р., Дмитро Володимирович Великодний, Дмитрий Владимирович Великодный, and Dmytro Volodymyrovych Velykodnyi. "Мережева безпека на основі протоколів IPsec і SSL VPN." Thesis, Сумський державний університет, 2017. http://essuir.sumdu.edu.ua/handle/123456789/65678.

Full text
Abstract:
Історично склалося, що багатьом організаціям важко знайти вдале співвідношення між ступенем захисту інформації в комп’ютерній мережі і витратами, що необхідно здійснити на підтримку такого захисту. Для вирішення проблеми захисту, на сьогодні існує велика кількість можливих рішень. Найактуальнішими серед них є стек протоколів IPsec та SSL VPN. Кожен з них зайняв свою нішу, та має високу популярність у своєму сегменті.
APA, Harvard, Vancouver, ISO, and other styles
14

Павленко, Є. Р., Дмитро Володимирович Великодний, Дмитрий Владимирович Великодный, and Dmytro Volodymyrovych Velykodnyi. "Мережева безпека на основі протоколів IPsec і SSL VPN." Thesis, Сумський державний університет, 2017. http://essuir.sumdu.edu.ua/handle/123456789/64400.

Full text
Abstract:
На сьогодні безпечна передача даних є надзвичайно важли- вою задачею. Проте існує багато методів вирішення цієї проблеми. Знання особливостей таких методів дозволить ефективно використо- вувати їх у залежності від поставленої задачі.
APA, Harvard, Vancouver, ISO, and other styles
15

Hayatnagarkar, Abhijit N. "On realizing traffic-driven security association establishment for IPSec." Raleigh, NC : North Carolina State University, 1999. http://www.lib.ncsu.edu/etd/public/etd-2754151749911361/etd.pdf.

Full text
APA, Harvard, Vancouver, ISO, and other styles
16

Manfredsson, Alexander. "Spårbarhet i ett nätverk : En jämförelse mellan IPsec och 802.1x." Thesis, Linnéuniversitetet, Institutionen för datavetenskap, fysik och matematik, DFM, 2013. http://urn.kb.se/resolve?urn=urn:nbn:se:lnu:diva-23777.

Full text
Abstract:
På ett företag eller universitet finns det oftast regler/policys som förklarar hur manfår använda deras nätverk. Om någon bryter mot reglerna vill man kunna identifierapersonen. Denna rapport inriktar sig på att identifiera en användare i ett nätverk. För att kunna identifiera en användare behöver man uppnå spårbarhet. En jämförelsemellan två teknologier (IPsec och dot1x) utfördes, två testmiljöer för detta sattes uppen för vardera teknologi. PfSense (routern) ansluter användarna från det internanätverket till det externa. I routern kan man sedan med hjälp av Packet Capture sevad användaren gör på nätverket. Ett PING används för att illustrera att något görsmot servern, det skulle lika gärna kunna vara en attack som utförts. Illustreringenvisar då att man kan spåra om något utförts som strider mot företagets/universitetetsregler. Resultaten delades upp i två delar, en för dot1x och en för IPsec. Flera scenariongjordes, där användaren har gjort något, exempelvis skickat ett PING till servern.Data utifrån detta samlades in för att se om man kunde identifiera vilken användaresom skickade ett PING till servern. Efter att flera scenarion hade utförts visaderesultatet att spårbarhet gick att uppnå med båda teknologierna.
APA, Harvard, Vancouver, ISO, and other styles
17

Singh, Mankaran. "Connectivity Between Two Distant Sites with Automatic Failover to IPsec." Thesis, California State University, Long Beach, 2017. http://pqdtopen.proquest.com/#viewpdf?dispub=10262849.

Full text
Abstract:

This project presents simulation results on the connectivity, data transfer protocols, reliability, and recovery from failure between two Local Area Networks (LANs), which can be at two geographically distant locations, and are connected through a Wide Area Network (WAN). Connectivity within the WAN is provided by the Border Gateway Protocol (BGP) whereas communication within each of the LANs is based on Enhanced Interior Gateway Routing Protocol (EIGRP). Simulation results show that the network is successful in: (1) establishing communication between the LANs using the BGP protocol, and (2) providing recovery from failure through redundancy by using two BGP links within the WAN and a third Internet Protocol Security (IPsec) link. If one of the BGP link fails, the second one will take over, and if the second link fails, the traffic automatically shifts over to the Internet Protocol Security (IPsec) link.

APA, Harvard, Vancouver, ISO, and other styles
18

Tryggvason, Thorir. "Analysis of the PPTP and IPSec protocols in Virtual Private Networks." Thesis, University of Skövde, Department of Computer Science, 2000. http://urn.kb.se/resolve?urn=urn:nbn:se:his:diva-415.

Full text
Abstract:

Today increasing numbers of individuals are working away from the ordinary workplace while still requiring access to the server located at the workplace. New technology is meeting this demand allowing for safe and secure transmission of the data over the Internet. The aim of this project is to analyse two protocols that are used within the Virtual Private Network (VPN) structure today, with the focus on installation, transmission speed on both Local Area Networks (LAN) and via telephone line and security aspects of the protocols.

The results show that it is quite complicated to setup a VPN network and to get operational. The results also show that there are security compromises within the VPN structure that indicate that if proper precaution is not taken it may give a false sense of security, where the user believes that it is a secure communication when in reality it is not.

APA, Harvard, Vancouver, ISO, and other styles
19

Akinola, Azeez Paul, and zhang chong. "Tunnel comparison between Generic Routing Encapsulation (GRE) and IP Security (IPSec)." Thesis, Högskolan i Halmstad, Sektionen för Informationsvetenskap, Data– och Elektroteknik (IDE), 2012. http://urn.kb.se/resolve?urn=urn:nbn:se:hh:diva-17610.

Full text
Abstract:
Since the introduction of networks, they have been used amongst home users, companies and organizations and most damage on the network is due to inappropriate security configurations. To secure networks, a protocol suite can be used to encrypt and authenticate all IP packets of a session. Therefore, this report will include the advantages and possible solution of some techniques used to offer increased network security such as scalability and data confidentiality. Captures of traffic sent using the two security techniques, IPSec/VPN and GRE-Tunnel will be monitored. The objective behind this project is to configure a network with these two different tunneling techniques and compare the security and network performance. The report also describes the security problems encountered by networks such as the ignorance of network users, vulnerabilities and the security of the devices.IPSecis a standard security protocol solution for TCP/IP, and it provides security through authentication, encryption and data integrity. GRE encapsulates packets and create a logical hub-and spoke topology of virtual point-to-point connections. The Jperf-tool is used to measure network performance and show specific details while another tool, Wireshark is used to analyze the information captured during transmission of data sent using IPSEC and GRE. The comparison further finds that IPSec-tunnel technique makes data transfers very secure but causes network performance disadvantages in comparison to a GRE solution.
APA, Harvard, Vancouver, ISO, and other styles
20

Reimers, Erik. "On the security of TLS and IPsec : Mitigation through physical constraints." Thesis, Linköpings universitet, Institutionen för datavetenskap, 2015. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-119357.

Full text
Abstract:
TLS and IPsec are two protocols that provide secure communication on the Internet. They provide similar services but operate on different levels. This report compiles some of thecurrent known vulnerabilities that exist in those two protocols. It also describes attacks that exploit those vulnerabilities. Based on the vulnerabilities this paper gives guidelines onhow to avoid them when implementing TLS and IPsec. This paper also demonstrates a proof-of-concept that shows how IPsec can be configured to avoid some of the vulnerabilities. Theproof-of-concept also shows how IPsec can be used to setup a secure connection between two peers, using Near Field Communication, on an ad hoc network.
APA, Harvard, Vancouver, ISO, and other styles
21

Mohan, Raj. "XML based adaptive IPsec policy management in a trust management context." Thesis, Monterey, California. Naval Postgraduate School, 2003. http://hdl.handle.net/10945/4824.

Full text
Abstract:
Approved for public release, distribution is unlimited
TCP/IP provided the impetus for the growth of the Internet and the IPsec protocol now promises to add to it the desired security strength. IPsec provides users with a mechanism to enforce a range of security services for both confidentiality and integrity, enabling them to securely pass information across networks. Dynamic parameterization of IPsec further enables security mechanisms to adjust the level of security service "on-the-fly" to respond to changing network and operational conditions. The IPsec implementation in OpenBSD works in conjunction with the Trust Management System, KeyNote, to achieve this. However the KeyNote engine requires that an IPsec policy be defined in the KeyNote specification syntax. Defining a security policy in the KeyNote Specification language is, however, extremely difficult and the complexity of the language could lead to incorrect specification of the desired policy, thus degrading the security of the network. This thesis looks into an alternative XML representation of this language and a graphical user interface to evolve a consistent and correct security policy. The interface has the simplicity of a simple menu-driven editor that not only provides KeyNote with a policy in the specified syntax but also integrates techniques for correctness verification and validation.
APA, Harvard, Vancouver, ISO, and other styles
22

Mohan, Raj. "XML based adaptive IPsec policy management in a trust management context /." Monterey, Calif. : Springfield, Va. : Naval Postgraduate School ; Available from National Technical Information Service, 2002. http://library.nps.navy.mil/uhtbin/hyperion-image/02sep%5FMohan.pdf.

Full text
Abstract:
Thesis (M.S. in Computer Science and M.S. in Information Technology Management)--Naval Postgraduate School, September 2002.
Thesis advisor(s): Cynthia E. Irvine, Timothy E. Levin. Includes bibliographical references (p. 71-72). Also available online.
APA, Harvard, Vancouver, ISO, and other styles
23

Varadarajan, Prabhakar. "ENABLING END-TO-END SECURITY USING IPSEC IN WIRELESS SENSOR NETWORKS." OpenSIUC, 2013. https://opensiuc.lib.siu.edu/theses/1306.

Full text
Abstract:
Wireless sensor networks (WSNs) are becoming increasingly more integrated with the Internet. Successful deployments of wireless sensor networks that are connected to the Internet require secure end-to-end communication paths. Though various aspects of WSNs security have been addressed in prior works, ensuring true end-to-end (E2E) security between IPv6 enabled sensor networks and the Internet remains an open research issue. In this thesis the implemented 6LoWPAN adaptation layer was extended to support both IPsec's Authentication Header (AH) and Encapsulation Security Payload (ESP). Thus, the communication endpoints in WSNs were able to communicate securely using encryption and authentication. The proposed AH and ESP compressed headers in 6LoWPAN for IPv6 communications on IEEE 802.15.4 networks were evaluated through test-bed experimentation. The utilization of IPv6 in WSNs facilitates unique IP addressing among the wireless sensor nodes thus allowing full integration with the Internet. As a result of this, WSN can play a significant role in the emerging paradigm of the `Internet of Things' (IoT). This thesis brings us one step closer to this paradigm by comprehensively evaluating a lightweight implementation of IPsec on WSN that ensures end-to-end security.
APA, Harvard, Vancouver, ISO, and other styles
24

Palomares, Velasquez Daniel. "Study of mechanisms ensuring service continuity for IKEv2 and IPsec protocols." Phd thesis, Institut National des Télécommunications, 2013. http://tel.archives-ouvertes.fr/tel-00939092.

Full text
Abstract:
During 2012, the global mobile traffic represented 70\% more than 2011. The arrival of the 4G technology introduced 19 times more traffic than non-4G sessions, and in 2013 the number of mobile-connected to the Internet exceeded the number of human beings on earth. This scenario introduces great pressure towards the Internet service providers (ISPs), which are called to ensure access to the network and maintain its QoS. At short/middle term, operators will relay on alternative access networks in order to maintain the same performance characteristics. Thus, the traffic of the clients might be offloaded from RANs to some other available access networks. However, the same security level is not ensured by those wireless access networks. Femtocells, WiFi or WiMAX (among other wireless technologies), must rely on some mechanism to secure the communications and avoid untrusted environments. Operators are mainly using IPsec to extend a security domain over untrusted networks. This introduces new challenges in terms of performance and connectivity for IPsec. This thesis concentrates on the study of the mechanism considering improving the IPsec protocol in terms of continuity of service. The continuity of service, also known as resilience, becomes crucial when offloading the traffic from RANs to other access networks. This is why we first concentrate our effort in defining the protocols ensuring an IP communication: IKEv2 and IPsec. Then, we present a detailed study of the parameters needed to keep a VPN session alive, and we demonstrate that it is possible to dynamically manage a VPN session between different gateways. Some of the reasons that justify the management of VPN sessions is to provide high availability, load sharing or load balancing features for IPsec connections. These mechanisms increase the continuity of service of IPsec-based communication. For example, if for some reason a failure occurs to a security gateway, the ISP should be able to overcome this situation and to provide mechanisms to ensure continuity of service to its clients. Some new mechanisms have recently been implemented to provide High Availability over IPsec. The open source VPN project, StrongSwan, implemented a mechanism called ClusterIP in order to create a cluster of IPsec gateways. We merged ClusterIP with our own developments in order to define two architectures: High Availability and Context Management over Mono-LAN and Multi-LAN environments. We called Mono-LAN those architectures where the cluster of security gateways is configured under a single IP address, whereas Multi-LAN concerns those architectures where different security gateways are configured with different IP addresses. Performance measurements throughout the thesis show that transferring a VPN session between different gateways avoids re-authentication delays and reduce the amount of CPU consumption and calculation of cryptographic material. From an ISP point of view, this could be used to avoid overloaded gateways, redistribution of the load, better network performances, improvements of the QoS, etc. The idea is to allow a peer to enjoy the continuity of a service while maintaining the same security level that it was initially proposed
APA, Harvard, Vancouver, ISO, and other styles
25

Palomares, Velasquez Daniel. "Study of mechanisms ensuring service continuity for IKEv2 and IPsec protocols." Electronic Thesis or Diss., Evry, Institut national des télécommunications, 2013. http://www.theses.fr/2013TELE0025.

Full text
Abstract:
En 2012, le trafic mobile mondial représentait 70% de plus qu'en 2011. L'arrivée de la technologie 4G a multiplié par 19 le volume de trafic non 4G, et en 2013 le nombre de mobiles connectés à l'Internet a dépassé le nombre d'êtres humains sur la planète. Les fournisseurs d'accès Internet (FAI) subissent une forte pression, car ils ont pour obligations d'assurer à leurs clients l'accès au réseau et le maintien de la qualité de service. À court/moyen terme, les opérateurs doivent délester une partie de leur trafic sur des réseaux d'accès alternatifs afin de maintenir les mêmes caractéristiques de performances. Ainsi, pour désengorger les réseaux d'accès radio (RAN), le trafic des clients peut être préférentiellement pris en charge par d'autres réseaux d'accès disponibles. Notons cependant que les réseaux d'accès sans fil offrent des niveaux de sécurité très différents. Pour les femtocells, WiFi ou WiMAX (parmi d'autres technologies sans fil), il doit être prévu des mécanismes permettant de sécuriser les communications. Les opérateurs peuvent s'appuyer sur des protocoles (tels que IPsec) afin d'étendre un domaine de sécurité sur des réseaux non sécurisés. Cela introduit de nouveaux défis en termes de performances et de connectivité pour IPsec. Cette thèse se concentre sur l'étude des mécanismes permettant de garantir et améliorer les performances du protocole IPsec en termes de continuité de service. La continuité de service, aussi connu comme résilience, devient cruciale lorsque le trafic mobile est dévié depuis un réseau d'accès RAN vers d'autres réseaux d'accès alternatifs. C'est pourquoi nous nous concentrons d'abord dans l'ensemble de protocoles assurant une communication IP: IKEv2 et IPsec. Ensuite, nous présentons une étude détaillée des paramètres nécessaires pour maintenir une session VPN, et nous démontrons qu'il est possible de gérer dynamiquement une session VPN entre différentes passerelles de sécurité. L'une des raisons qui justifient la gestion des sessions VPN est d'offrir de la haute disponibilité, le partage de charge ou l'équilibrage de charge pour les connexions IPsec. Ces mécanismes ont pour finalité d'augmenter la continuité de service de sessions IPsec. Certains nouveaux mécanismes ont été récemment mis en oeuvre pour assurer la haute disponibilité sur IPsec. Le projet open source VPN, StrongSwan, a mis en place un mécanisme appelé ClusterIP afin de créer un cluster de passerelles IPsec. Nous avons fusionné cette solution basée sur ClusterIP avec nos propres développements afin de définir deux architectures : une architecture permettant la Haute Disponibilité et une deuxième architecture présentant la gestion dynamique d'un contexte IPsec. Nous avons défini deux environnements : le Mono-LAN où un cluster de noeuds est configuré sous une même adresse IP unique, et le Multi-LAN où chaque passerelle de sécurité dispose d'une adresse IP différente. Les mesures de performance tout au long de la thèse montrent que le transfert d'une session VPN entre différentes passerelles évite les délais supplémentaires liés à la ré-authentification et réduit la consommation CPU, ainsi que les calculs par le matériel cryptographique. D'un point de vue FAI, le transfert de contexte IPsec/IKEv2 pourrait être utilisé pour éviter la surcharge des passerelles, et permettre la redistribution de la charge, de meilleures performances du réseau ainsi que l'amélioration de la qualité de service. L'idée est de permettre à un utilisateur de profiter de la continuité d'un service tout en conservant le même niveau de sécurité que celui initialement proposé
During 2012, the global mobile traffic represented 70\% more than 2011. The arrival of the 4G technology introduced 19 times more traffic than non-4G sessions, and in 2013 the number of mobile-connected to the Internet exceeded the number of human beings on earth. This scenario introduces great pressure towards the Internet service providers (ISPs), which are called to ensure access to the network and maintain its QoS. At short/middle term, operators will relay on alternative access networks in order to maintain the same performance characteristics. Thus, the traffic of the clients might be offloaded from RANs to some other available access networks. However, the same security level is not ensured by those wireless access networks. Femtocells, WiFi or WiMAX (among other wireless technologies), must rely on some mechanism to secure the communications and avoid untrusted environments. Operators are mainly using IPsec to extend a security domain over untrusted networks. This introduces new challenges in terms of performance and connectivity for IPsec. This thesis concentrates on the study of the mechanism considering improving the IPsec protocol in terms of continuity of service. The continuity of service, also known as resilience, becomes crucial when offloading the traffic from RANs to other access networks. This is why we first concentrate our effort in defining the protocols ensuring an IP communication: IKEv2 and IPsec. Then, we present a detailed study of the parameters needed to keep a VPN session alive, and we demonstrate that it is possible to dynamically manage a VPN session between different gateways. Some of the reasons that justify the management of VPN sessions is to provide high availability, load sharing or load balancing features for IPsec connections. These mechanisms increase the continuity of service of IPsec-based communication. For example, if for some reason a failure occurs to a security gateway, the ISP should be able to overcome this situation and to provide mechanisms to ensure continuity of service to its clients. Some new mechanisms have recently been implemented to provide High Availability over IPsec. The open source VPN project, StrongSwan, implemented a mechanism called ClusterIP in order to create a cluster of IPsec gateways. We merged ClusterIP with our own developments in order to define two architectures: High Availability and Context Management over Mono-LAN and Multi-LAN environments. We called Mono-LAN those architectures where the cluster of security gateways is configured under a single IP address, whereas Multi-LAN concerns those architectures where different security gateways are configured with different IP addresses. Performance measurements throughout the thesis show that transferring a VPN session between different gateways avoids re-authentication delays and reduce the amount of CPU consumption and calculation of cryptographic material. From an ISP point of view, this could be used to avoid overloaded gateways, redistribution of the load, better network performances, improvements of the QoS, etc. The idea is to allow a peer to enjoy the continuity of a service while maintaining the same security level that it was initially proposed
APA, Harvard, Vancouver, ISO, and other styles
26

Bani-Hani, Raed M. "Enhancing the IKE preshared key authentication method." Diss., Columbia, Mo. : University of Missouri-Columbia, 2006. http://hdl.handle.net/10355/4406.

Full text
Abstract:
Thesis (Ph. D.) University of Missouri-Columbia, 2006.
The entire dissertation/thesis text is included in the research.pdf file; the official abstract appears in the short.pdf file (which also appears in the research.pdf); a non-technical general description, or public abstract, appears in the public.pdf file. Title from title screen of research.pdf file (viewed on July 31, 2007) Includes bibliographical references.
APA, Harvard, Vancouver, ISO, and other styles
27

Amso, Julian, and Achille Faienza. "IPsec Intrusion Detection Analysis : Using data from an Ericsson Ethernet Interface Board." Thesis, KTH, Kommunikationssystem, CoS, 2008. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-91865.

Full text
Abstract:
IP security (IPsec) is commonly used for protection in Virtual Private Networks (VPN). It is also used for the protection of traffic between nodes in third generation (3G) mobile networks. The main duty of telecommunication operators is to assure the quality of service and availability of the network for their users. Therefore knowledge of threats that could affect these requirements is of relevance. Denial of Service (DoS) and other attacks could constitute serious threats in 3G networks and, if successful, they could lead to financial and reputation damage for the telecommunication operator. One of the goals of each telecommunications vendor is to produce equipment and software in such a way as to reduce the risk of successful attacks upon networks built using their equipment and software. This master’s thesis aims to identify the classes of attacks that could affect the regular operation of an IPsec-protected network. Therefore, the IPsec protocol and its possible weaknesses are explained. As practical demonstration of these ideas, an Intrusion Detection Analyzer prototype for an Ericsson Ethernet Interface board was developed to detect anomalous IPsec-protected traffic.
IP security (IPsec) is commonly used for protection in Virtual Private Networks (VPN). It is also used for the protection of traffic between nodes in third generation (3G) mobile networks. The main duty of telecommunication operators is to assure the quality of service and availability of the network for their users. Therefore knowledge of threats that could affect these requirements is of relevance. Denial of Service (DoS) and other attacks could constitute serious threats in 3G networks and, if successful, they could lead to financial and reputation damage for the telecommunication operator. One of the goals of each telecommunications vendor is to produce equipment and software in such a way as to reduce the risk of successful attacks upon networks built using their equipment and software. This master’s thesis aims to identify the classes of attacks that could affect the regular operation of an IPsec-protected network. Therefore, the IPsec protocol and its possible weaknesses are explained. As practical demonstration of these ideas, an Intrusion Detection Analyzer prototype for an Ericsson Ethernet Interface board was developed to detect anomalous IPsec-protected traffic.
APA, Harvard, Vancouver, ISO, and other styles
28

Schmalen, Daniel. "Security Concept for VPN IPsec Site-to-Site Connections to Third Parties." Thesis, California State University, Long Beach, 2018. http://pqdtopen.proquest.com/#viewpdf?dispub=10688606.

Full text
Abstract:

VPN (Virtual Private Network) connections between two companies are a very common method to pair networks with each other to facilitate the access to specific resources for both sides of the connection. However, the security aspect for such a pairing has not been thoroughly researched either by academic or industrial organizations. Nevertheless, screening this topic from a security perspective is crucial to give companies a recommendation.

This thesis covers every key facet of such a VPN connection and therefore, all components are researched individually to discover the key findings for each part. Furthermore, the findings are applied to create a practical, enterprise-close security concept that is both complete and comprehensible.

The security concept may play a significant role in the overall understanding of the given use-case, a VPN IPsec (Internet Protocol Security) Site-to-Site connection to a third-party company, to avoid security leaks in the owner’s network. Furthermore, the VPN itself has to be secured against outsider adversaries such as eavesdroppers.

APA, Harvard, Vancouver, ISO, and other styles
29

Hadjichristofi, George Costa. "IPSec Overhead in Wireline and Wireless Networks for Web and Email Applications." Thesis, Virginia Tech, 2001. http://hdl.handle.net/10919/35710.

Full text
Abstract:
This research focuses on developing a set of secure communication network testbeds and using them to measure the overhead of IP Security (IPSec) for email and web applications. The network testbeds are implemented using both wireline and wireless technologies. The testing involves a combination of authentication algorithms such as Hashed Message Authentication Code-Message Digest 5 (HMAC-MD5) and Hashed Message Authentication Code-Secure Hash Algorithm 1 (HMAC-SHA1), implemented through different authentication protocols such as ESP and AH, and used in conjunction with the Triple Digital Encryption Standard (3DES). The research examines the overhead using no encryption and no authentication, authentication and no encryption, and authentication and encryption. A variety of different sizes of compressed and uncompressed files, are considered when measuring the overhead. The testbed realizes security using IPSec to secure the connection between different nodes. The email protocol that is used is the Simple Mail Transfer Protocol (SMTP) and the web protocol considered is the Hyper Text Transfer Protocol (HTTP). The key metrics considered are the network load in bytes, the number of packets, and the transfer time. This research emphasizes the importance of using HTTP to access files than using SMTP. Use of HTTP requires fewer packets, lower network loads, and lower transfer times than SMTP. It is demonstrated that this difference, which occurs regardless of security, is magnified by the use of authentication and encryption. The results also indicate the value of using compressed files for file transfers. Compressed and uncompressed files require the same transfer time, network load and number of packets since FreeS/WAN IPSec does not carry any form of compression on the data before passing it to the data link layer. Both authentication algorithms, HMAC-MD5 and HMAC- SHA1, result in about the same network load and number of packets. However, HMAC-SHA1 results in a higher transfer time than HMAC-MD5 because of SHA1's higher computational requirements. ESP authentication and ESP encryption reduce the network load for small files only, compared to ESP encryption and AH authentication. ESP authentication could not be compared with AH authentication, since the FreeS/WAN IPSec implementation used in the study does not support ESP authentication without using encryption. In a wireless environment, using IPSec does not increase the network load and the number of transactions, when compared to a wireline environment. Also, the effect of security on transfer time is higher compared to a wireline environment, even though that increase is overshadowed by the high transfer time percentage increase due to the wireless medium.
Master of Science
APA, Harvard, Vancouver, ISO, and other styles
30

Ховріна, М. А. "VPN технології для реалізації концепції високозахищеного віддаленого доступу." Master's thesis, Сумський державний університет, 2020. https://essuir.sumdu.edu.ua/handle/123456789/82257.

Full text
Abstract:
Pозглянуто основні характеристики та класифікацію VPN, проаналізовано основні протоколи VPN на різних рівнях моделі OSI, порівняно технології побудови VPN мережі, визначено способи підсилення захисту мережі. Розроблено модель найбільш захищеного доступу віддалених співробітників до корпоративної мережі з розподіленими офісами за допомогою IPSec VPN та SSL VPN.
APA, Harvard, Vancouver, ISO, and other styles
31

Marleta, Marcelo Honorato. "Projeto de uma VPN(Rede Privada Virtual) baseada em computação reconfigurável e aplicada a robôs móveis." Universidade de São Paulo, 2007. http://www.teses.usp.br/teses/disponiveis/55/55134/tde-18062007-101411/.

Full text
Abstract:
Este trabalho apresenta uma implementação de VPN utilizando-se dos circuitos reprogramáveis do tipo FPGA (Field Programmable Gate Array) que são a base da computação reconfigurável. VPNs utilizam criptografia para permitir que a comunicação seja privada entre as partes. Assim, todo o custo computacional decorrente desta prática é executado em nível de hardware, procurando-se atingir um alto desempenho e voltado para as aplicações de sistemas embutidos. O uso desta solução, VPN por hardware, será na interligação de um robô (em desenvolvimento no Laboratório de Computação Reconfigurável - LCR do Instituto de Ciências Matemáticas e de Computação da Universidade de São Paulo) ao seu servidor de configuração e tarefas, através de linhas privadas. O emprego de uma VPN em robótica permitirá a utilização de um sistema de comunicação, com ou sem fio, e toda a infra-estrutura da Internet para a comunicação com o robô (e no futuro entre os robôs) a qualquer distância de forma segura e confiável. O hardware reconfigurável utilizado para a VPN deste trabalho proporciona flexibilidade no modo de implementação, possibilitando que o sistema seja adequado para satisfazer situações que exijam alto desempenho. Além disso, a arquitetura proposta possibilita que parte das operações sejam executadas em software (no caso, foi utilizado o sistema operacional ?Clinux e ferramentas para se estabelecer a VPN) e parte das operações executadas em hardware (um coprocessador criptográfico AES). As principais ferramentas de software são o conjunto ipsec-tools que foram desenvolvidas para serem executadas com o IPSec nativo do Kernel e devidamente portadas para o ?Clinux
This work designs a system that implements a VPN using FPGA (Field Programmable Gate Array) reprogrammable circuits, which are the basis of reconfigurable computing. VPNs use cryptography to allow private communication between parts. In this manner, the computational cost of the cryptography is handled by the hardware, achieving great performance and allowing its usage on embedded systems applications. The system proposed in this thesis has been used to establish secure communication between a PC and a mobile robot (that is in development at Reconfigurable Computing Laboratory - LCR of Institute of Mathematics and Computer Science of Univesity of São Paulo). The use of VPN in robotics will allow a communication, either wired or wireless, using Internet?s infrastructure with the robot (and in the future among robots), in a secure and trustable manner. The reconfigurable hardware used in this work allows flexibility in the implementation, making possible its usage in situations that requires high performance. Furthermore, the proposed architecture allows part of applications executing in software (using ?Clinux operating system and tools to establish the VPN) and other parts in hardware (a cryptographic coprocessor AES). The main software tools are the ipsec-tools that were developed to execute with native Kernel IPSec?s implementation and were properly ported to ?Clinux
APA, Harvard, Vancouver, ISO, and other styles
32

Wikström, Alexander, Mark Thomson, and Lolita Mageramova. "Virtual Private Networks: : A feasibility study of secure communications between remote locations." Thesis, Högskolan i Halmstad, Sektionen för Informationsvetenskap, Data– och Elektroteknik (IDE), 2014. http://urn.kb.se/resolve?urn=urn:nbn:se:hh:diva-24550.

Full text
Abstract:
Virtual Private Networks (VPNs) are an integral part of protecting company communications from unauthorized viewing, replication or manipulation. In order for employees to remotely conduct business in an effective and secure manner from a branch location or while traveling, Virtual Private Networks can be viewed as an absolute necessity.   Starting with a certain set of network communication requirements, our project's hypothesis was that the most suitable VPN implementation for Cheap Flats (a fictitious company we created) would be an IPSec client VPN. Included in the report are basic definitions, implementations and tests for three different types of VPNs that were used to confirm this hypothesis: 1) Site-to-site: Tunnel mode connection between VPN gateways. The process of encrypting and transferring data between networks is transparent to end-users. [1] 2) IPSec client: Network Layer VPN for both network-to-network and remote-access deployments. End-users will need to run either Cisco or Open Source VPN software on their PCs. 3) Clientless SSL: “Remote-access VPN technology that provides Presentation Layer encryption services for Applications through local redirection on the client.” [2] VPN communications are established using a browser rather than specific software installed on the end-user’s device.   The test results from the above VPN implementations have been published and comparisons were made between the different types of VPNs regarding the time taken to apply network device/end-user configurations, expenses incurred in procuring additional equipment/software to implement the VPN (if any), impact on end-users, scalability and lastly, the overall functionality of the VPN solution as it relates to the day-to-day business operations.   Following the testing phase, a discussion of the merits and drawbacks of each of the VPN implementations was drafted. After which, a final recommendation was presented regarding the VPN solution that best fit the needs of the hypothetical company described in the paper.
APA, Harvard, Vancouver, ISO, and other styles
33

Torres, Sánchez David. "INTRODUCCIÓN Y CONFIGURACIÓN DEL PROTOCOLO IPV6." Tesis de Licenciatura, Universidad Autonoma del Estado de México, 2017. http://hdl.handle.net/20.500.11799/82865.

Full text
Abstract:
El protocolo IPv6 ofrece ciertas ventajas en comparación a su antigua versión. Por ejemplo, los paquetes del nuevo IP contienen un encabezado de tamaño fijo y no poseen campos redundantes que puedan consumir ancho de banda innecesario. Asimismo, proporciona seguridad y confiabilidad al ejecutar el protocolo IPsec, el cual ofrece autenticación y cifrado a la información que viaja a través de la red. También desarrolló una nueva forma de comunicación a través de las direcciones anycast, utilizando parámetros como las métricas de enrutamiento para realizar una entrega más rápida a un grupo de nodos con una misma dirección
Actualmente, es fundamental la coexistencia de las redes en las telecomunicaciones, puesto que sería una gran catástrofe si dejasen de funcionar, ya que como ha de suponerse es uno de los pilares que mantiene la comunicación a nivel mundial en la actualidad. No obstante, es importante resaltar que uno de los factores más esenciales para el funcionamiento de las redes y por ende el éxito de las comunicaciones es el Protocolo de Internet (IP), específicamente en su cuarta versión o mejor conocido como IPv4. Además, a partir de su creación e implementación desde la década de 1970, se convirtió en uno de los protocolos más utilizados mundialmente.
APA, Harvard, Vancouver, ISO, and other styles
34

Florin, Snöarve Jonathan, and Filip Nilsson. "IPv6 : en nulägesstudie." Thesis, Högskolan Kristianstad, Sektionen för hälsa och samhälle, 2016. http://urn.kb.se/resolve?urn=urn:nbn:se:hkr:diva-15570.

Full text
Abstract:
IPv4-adresser är begränsat när det gäller antalet det finns att dela ut, ett framtida problem är att dessa adresser med största sannolikhet kommer att ta slut. Vårt arbete har således fokuserat på att inhämta information som bidrar till en klarare bild av hur dagsläget ser ut kopplat mot implementeringen av IPv6 som sker i Europa och Sverige. För att kunna förklara denna implementering på ett bra sätt finns det delar i arbetet som beskriver de tekniska hinder och möjligheter som bidrar till införandet av detta protokoll. Huvuddelen av tiden har spenderats med att inhämta information och fakta som ger en fördjupad kunskap i ämnet, med avsikten att skriva en gedigen bas som utredningsdelen i arbetet utger. Intervjuer har också varit en del, denna del finns i syfte att ge en bild över hur internetleverantörer arbetar med införandet av IPv6. De organisationer som finns och arbetar med införandet av IPv6 har alla en bra pool med fakta som beskriver hur situationen ser ut i dagsläget. RIPE NCCs databas visar klart och tydligt de organisationer som finns med i arbetet med implementeringen av IPv6. Denna databas samt information tagen från genomförda intervjuer ger oss en uppfattning om att införandet än så länge inte har kommit särskilt långt, detta i relation till bristen av IPv4 adresser som råder. I Sverige jobbar PTS mycket mot att hjälpa organisationer med en eventuell övergång till IPv6, deras arbete är ordentligt men problematiken där är istället att organisationer idag inte är i behov av denna information. Det positiva är således att informationen finns där, hos PTS, att hämta vid behov.Trots att de sista IPv4-blocken är utdelade finns det egentligen inget behov av att implementera IPv6 i dagsläget. Ett IPv4-nätverk med fungerande NAT fungerar och kommer med största sannolikhet fungera ett bra tag framöver.
APA, Harvard, Vancouver, ISO, and other styles
35

Vyshnavi, Bandaru. "Virtual VPN in the Cloud : Design and Modelling of an IPSec VPN in Virtualized Environment." Thesis, Blekinge Tekniska Högskola, Institutionen för kommunikationssystem, 2015. http://urn.kb.se/resolve?urn=urn:nbn:se:bth-10801.

Full text
APA, Harvard, Vancouver, ISO, and other styles
36

Kuna, Vignesh. "Performance Analysis of end-to-end DTLS and IPsec based communication in IoT systems : Security and Privacy ~ Distributed Systems Security." Thesis, Blekinge Tekniska Högskola, Institutionen för datalogi och datorsystemteknik, 2017. http://urn.kb.se/resolve?urn=urn:nbn:se:bth-15497.

Full text
APA, Harvard, Vancouver, ISO, and other styles
37

Budda, Shiva Tarun. "Performance Analysis of Proxy based Encrypted communication in IoT environments : Security and Privacy ~ Distributed Systems Security." Thesis, Blekinge Tekniska Högskola, Institutionen för datalogi och datorsystemteknik, 2017. http://urn.kb.se/resolve?urn=urn:nbn:se:bth-15500.

Full text
APA, Harvard, Vancouver, ISO, and other styles
38

Hia, Henry Erik. "Secure SNMP-Based Network Management in Low Bandwidth Networks." Thesis, Virginia Tech, 2001. http://hdl.handle.net/10919/32126.

Full text
Abstract:
This research focuses on developing a secure, SNMP-based network management system specifically tailored for deployment in internetworks that rely on low-bandwidth backbone networks. The network management system developed uses a two-level hierarchy of network management applications consisting of one top-level management application communicating with several mid-level management applications strategically distributed throughout the internetwork. Mid-level management applications conduct routine monitoring chores on behalf of the top-level management application and report results in a way that makes intelligent use of the limited bandwidth available on the backbone network. The security framework is based on using SNMPv2c over IPSec. This research shows that the other security alternative considered, SNMPv3, consumes as much as 24 percent more network capacity than SNMPv2c over IPSec. The management framework is based on the Management by Delegation (MbD) model and is implemented using the IETF DISMAN Script MIB. This research demonstrates that the MbD-based management framework consumes only 2 percent of the network capacity required by the traditional, centralized management scheme.
Master of Science
APA, Harvard, Vancouver, ISO, and other styles
39

Loutocký, Tomáš. "Hardwarové kryptografické moduly pro zabezpečení LAN." Master's thesis, Vysoké učení technické v Brně. Fakulta elektrotechniky a komunikačních technologií, 2008. http://www.nusl.cz/ntk/nusl-217282.

Full text
Abstract:
The thesis deal with the problems of virtual private network (VPN). The first part of the thesis is focused on the description of the basic terms of computer security which are useful for better understanding the other parts. There is a description of VPN technology and its separation of VPN by various aspects in the second part of the thesis. The next chapter is dedicated to the description of realization of VPN by using IPSec. There is shown how to secure laboratory network by using of the products of the Safenet Company in the practical part of the thesis. There are also stated the modular techniques how to use products in the network in practical part. Some of the modular techniques describe security weaknesses of the products which are possible to exploit in the laboratory network and they also describe the ways how to protect them against misusage.
APA, Harvard, Vancouver, ISO, and other styles
40

Thunström, Robert. "Jämförelse av autentisering i SIP och H.323." Thesis, University of Gävle, Department of Mathematics, Natural and Computer Sciences, 2008. http://urn.kb.se/resolve?urn=urn:nbn:se:hig:diva-625.

Full text
Abstract:

H.323 och Session Initiation Protocol är två olika protokoll som kan användas t ex för att koppla upp röstsamtal eller videosamtal via Internet. Det är ofta önskvärt i en uppkoppling mellan två personer att personerna kan autentisera sig för varandra. Denna autentisering är avsedd att garantera identiteten på deltagarna i kommunikationen. Den här undersökningen jämför protokollens struktur vid autentiseringen och visar skillnader i säkerhetssynpunkt. Autentisering finns i 3 skikt i de båda protokollen. I applikationsskiktet skiljer sig protokollen åt då SIP använder sig av lösenord för autentisering medan H.323 både kan använda lösenord och en PKI-baserad lösning med utbyte av nyckelcertifikat. I transportskiktet och nätverksskiktet kan båda protokollen använda TLS och IPSec för autentisering och därmed är det ingen större skillnad på protokollen i dessa skikt.

APA, Harvard, Vancouver, ISO, and other styles
41

Rocha, Natalia Ezagui Garcia. "Avaliação do desempenho do sistema GATELINK para PHM utilizando métodos de segurança WPA-2 e IPsec." Instituto Tecnológico de Aeronáutica, 2009. http://www.bd.bibl.ita.br/tde_busca/arquivo.php?codArquivo=1277.

Full text
Abstract:
O monitoramento da saúde dos sistemas de uma aeronave - PHM (Prognostic and Heatlth Monitoring) - é o cenário deste estudo, que aborda a transferência dos dados do avião no solo até o centro de operação e manutenção de uma companhia aérea, tendo em vista alguns requisitos de operação, como um tempo mínimo para que os dados sejam transmitidos, o tamanho de um arquivo típico de PHM e como a necessidade de se obter um canal seguro sob o ponto de vista de integridade e confidencialidade dos dados impacta no cumprimento destes requisitos. O sistema de transmissão de dados em solo abordado é composto pelo Gatelink, que utiliza um sistema de comunicação sem fio através do protocolo 802.11 entre a aeronave e um roteador no aeroporto, e uma rede cabeada Frame Relay dentro do aeroporto. Para segurança, são adotados os protocolos WPA-2 no trecho sem fio e o IPsec no trecho cabeado. O estudo demonstra que o tempo para se transmitir um quadro no trecho sem fio mostrou-se pouco afetado pela introdução do cabeçalho de segurança do WPA-2. Os cabeçalhos inseridos pelo IPsec afetam o tempo de transmissão dos dados, porém mostra-se que ainda é possível transmitir dentro do intervalo de tempo especificado considerando o método de cifragem dos dados AES.
APA, Harvard, Vancouver, ISO, and other styles
42

Hellsing, Mattias, and Odervall Albin. "Efficient Multi-Core Implementation of the IPsec Encapsulating Security Payload Protocol for a Single Security Association." Thesis, Linköpings universitet, Programvara och system, 2018. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-151984.

Full text
Abstract:
As the mobile Internet traffic increases, the workload of the base stations processing this traffic increases with it. To cope with this, the telecommunication providers responsible for the systems deployed in these base stations have looked to parallelism. This, together with the fact that these providers have a vested interest in protecting their users' data from potential attackers, means that there is a need for efficient parallel packet processing software which handles encryption as well as authentication. A well known protocol for encryption and authentication of IP packets is the Encapsulating Security Payload (ESP) protocol of the IPsec protocol suite. IPsec establishes simplex connections, called Security Associations (SA), between entities that wish to communicate. This thesis investigates a special case of this problem where the work of encrypting and authenticating the packets within a single SA is parallelized. This problem was investigated by developing and comparing two multi-threaded implementations based on the Eventdev, an event driven programming library, and ring buffer libraries of Data Plane Development Kit (DPDK). One additional Eventdev-based implementation was also investigated which schedules linked lists of packets, instead of single packets, in an attempt to reduce the overhead of scheduling packets to the worker cores. These implementations were then evaluated in terms of throughput, latency, speedup, and last level cache miss rates. The results showed that the ring buffer-based implementation performed the best in all metrics while the single packet-scheduling Eventdev-based implementation was outperformed by the one using linked lists of packets. It was shown that the packet generation, which was done by the receiving core, was the main limiting factor for all implementations. In addition, the memory resources such as the memory bus, memory controller and prefetching hardware were shown to likely be an area of contention and a possible bottleneck as the packet generation rate increases. The conclusion drawn from this was that a parallelized packet retrieval solution such as Receive Side Scaling (RSS) together with minimizing memory resource contention is necessary to further improve performance.
APA, Harvard, Vancouver, ISO, and other styles
43

Wu, Xiao. "SIP on an Overlay Network." Thesis, KTH, Kommunikationssystem, CoS, 2009. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-91491.

Full text
Abstract:
With the development of mobile (specifically: wide area cellular telephony) technology, users’ requirements have changed from the basic voice service based on circuit switch technology to a desire for high speed packet based data transmission services. Voice over IP (VoIP), a packet based service, is gaining increasing attention due to its high performance and low cost. However, VoIP does not work well in every situation. Today Network address translation (NAT) traversal has become the main obstruction for future VoIP deployment. In this thesis we analyze and compare the existing NAT traversal solutions. Following this, we introduce a VoIP over IPSec (VOIPSec) solution (i.e., a VoIP over IPSec virtual private network (VPN) scheme) and an extended VOIPSec solution mechanism. These two solutions were tested and compared to measure their performance in comparison to a version of the same Session Initiation Protocol (SIP) user agent running without IPSec. In the proposed VOIPSec solution, the IPSec VPN tunnel connects each of the SIP clients to a SIP server, thus making all of the potential SIP participants reachable, i.e., solving the NAT traversal problem. All SIP signaling and media traffic for VoIP calls are transmitted through this prior established tunnel. This VPN tunnel provides the desired universal means for VoIP traffic to traverse NAT equipment. Additionally, the IPSec VPN also guarantees the security of VoIP calls at the IP level. In order to improve the security level of media streams for the VOIPSec solution, we deployed and evaluated an extended VOIPSec solution which provides end-to-end protection of the real time media traffic. In this extended VOIPSec solution, we used SRTP instead of RTP to carry the media content. This extended method was shown to provide all of the advantages of VOIPSec and SRTP without any additional delay for the media traffic (as compared to the VoIPSec solution). Note that the solution proposed in this thesis may be of limited practical importance in the future as more NATs become VoIP capable; but the solution is currently essential for facilitating the increasing deployment of VoIP systems in practice. For VoIP calls that do not need end-to-end security, we recommend the use of the VOIPSec solution as a means to solve the NAT traversal problem and to protect traffic at the IP level. When application to application security is not needed we prefer the VOIPSec solution to the extended VOIPSec solution for the following reasons: (1) our test results show that the time for call setup for the extended VOIPSec solution is twice time the time needed for the VOIPSec solution and the extended VOIPSec solution requires the use of user agents that support SRTP. While, the VOIPSec solution does not require a special user agent and all VoIP clients in the market are compatible with this solution. However, when more SIP user agents add support for SRTP, the extended VOIPSec solution will be applicable for users of these SIP user agents.
Med utvecklingen av mobil (specifikt: wide area cellulär telefoni)-teknik, har användarnas krav ändras från den grundläggande röst-tjänst som bygger på krets kopplad teknik till att vilja ha hög-hastighets paket baserade dataöverföringstjänster. Voice over IP (VoIP) som vinner allt mer uppmärksamhet på grund av sin höga prestanda och låga kostnader är en paket baserad telefon tjänst. Däremot fungerar VoIP inte bra i alla situationer. Network address translation (NAT) har blivit det största hinder för en framtida användning av VoIP. I denna avhandling analyserar vi och jämför nuvarande NAT lösningar. Efter detta inför vi en VoIP över IPSec (VOIPSec) lösning (dvs. ett VoIP över IPSec Virtual Private Network (VPN) system) och en utvidgad VOIPSec lösnings mekanism. Dessa två lösningar testas och jämfördes för att mäta prestationer i förhållande till en version av samma SIP User Agent som körs utan IPSec. I den föreslagna lösningen VOIPSec ansluter IPSec en VPN-tunnel till varje SIP-klient och SIP-server, vilket gör att alla de potentiella SIP deltagarna kan nås, dvs eventuella NAT problem löses. All SIP-signalering och media trafik för VoIP-samtal överförs via denna etablerade tunnel. Denna VPN-tunnel ger allmänna medel för VoIP-trafik att passera NAT utrustningen. Dessutom ger IPSec VPN också garanterad säkerheten för VoIP-samtal på IP-nivå. För att förbättra skyddsnivån för mediaströmmar med VOIPSec, skapade vi och utvärderade en utsträckt VOIPSec lösning som innehåller end-to-end skydd av realtids media trafik. I denna utökade VOIPSec lösning, använde vi SRTP stället för RTP för att bära medieinnehåll. Denna utvidgade metod visade sig ge alla fördelar VOIPSec och SRTP kunde erbjuda utan ytterligare dröjsmål för media trafiken (jämfört med VoIPSec lösningen). Observera att den lösning som föreslås i denna avhandling kan vara av begränsad praktisk betydelse i framtiden då fler NAT lösningar blir VoIP kapabla, men lösningen är idag nödvändigt för att underlätta den ökande användningen av VoIP-system i praktiken. För VoIP-samtal som inte behöver end to end säkerhet rekommenderar vi användning av VOIPSec lösningen som ett sätt att lösa NAT problem och för att skydda trafiken på IP-nivå. När end to end säkerhet inte behövs föredrar vi VOIPSec lösningen av följande skäl: (1) våra testresultat visar att tiden för samtal inställning för det förlängda VOIPSec lösningen är dubbelt den tid som krävs för VOIPSec lösningen och den utökade VOIPSec lösningen kräver användning av användarprogram som stödjer SRTP. Medan VOIPSec lösningen inte kräver en speciell användar agent och alla VoIP-klienter på marknaden är kompatibla med denna lösning. Men när fler SIP användaragenter får stöd för SRTP, kommer den förlängda VOIPSec lösning tillämpas för användare av dessa SIP användarprogram.
APA, Harvard, Vancouver, ISO, and other styles
44

Normark, Vendela. "SharkNet : Cooperation with service providers outside the secure infrastructure." Thesis, Blekinge Tekniska Högskola, Institutionen för programvaruteknik och datavetenskap, 2003. http://urn.kb.se/resolve?urn=urn:nbn:se:bth-3895.

Full text
Abstract:
This master thesis presents how the authentication is handled in two frequently used protocols. It is a study of the authentication procedure in IPsec and TLS where the techniques have been compared based on facts from literature and practical tests. The results in this thesis are to be used as part arguments for continuous development of cooperation between operators using Ericsson´s charging system and content providers.
I detta magisterarbete beskrivs hur autentisering går till i två vanligt förekommande protokoll. Det är en undersökning av autentiseringen i IPsec och TLS där teknikerna har jämförts utifrån litterära studier och praktiska tester. Resultaten i arbetet ska användas som delargument i den fortsatta utvecklingen av samarbeten mellan mobiltelefonoperatörer som använder Ericssons betalningssystem och externa leverantörer.
APA, Harvard, Vancouver, ISO, and other styles
45

Izadinia, Vafa Dario. "Fingerprinting Encrypted Tunnel Endpoints." Diss., University of Pretoria, 2005. http://hdl.handle.net/2263/25351.

Full text
Abstract:
Operating System fingerprinting is a reconnaissance method used by Whitehats and Blackhats alike. Current techniques for fingerprinting do not take into account tunneling protocols, such as IPSec, SSL/TLS, and SSH, which effectively `wrap` network traffic in a ciphertext mantle, thus potentially rendering passive monitoring ineffectual. Whether encryption makes VPN tunnel endpoints immune to fingerprinting, or yields the encrypted contents of the VPN tunnel entirely indistinguishable, is a topic that has received modest coverage in academic literature. This study addresses these question by targeting two tunnelling protocols: IPSec and SSL/TLS. A new fingerprinting methodology is presented, several fingerprinting discriminants are identified, and test results are set forth, showing that endpoint identities can be uncovered, and that some of the contents of encrypted VPN tunnels can in fact be discerned.
Dissertation (MSc (Computer Science))--University of Pretoria, 2005.
Computer Science
unrestricted
APA, Harvard, Vancouver, ISO, and other styles
46

Van, Quang Đao Dupeyrat Gérard Wei-Liu Anne. "Contribution à l'étude de la qualité de service pour les protocoles sécurisés de télécommunications application à IPSec /." Créteil : Université de Paris-Val-de-Marne, 2005. http://doxa.scd.univ-paris12.fr:80/theses/th0231084.pdf.

Full text
APA, Harvard, Vancouver, ISO, and other styles
47

Van, Quang Đao. "Contribution à l'étude de la qualité de service pour les protocoles sécurisés de télécommunications : application à IPSec." Paris 12, 2005. https://athena.u-pec.fr/primo-explore/search?query=any,exact,990002310840204611&vid=upec.

Full text
Abstract:
Si le protocole IPSec renforce la sécurité des trafics dans le réseau IP, il provoque une dégradation de la performance de ces réseaux. Cette thèse vise à (i) analyser la performance du protocole IPSec par modélisation, (ii) à évaluer la dégradation du protocole IPSec par simulation, en particulier pour les trafics à temps réel, (iii) proposer des solutions pour améliorer la performance des trafics à temps réel. D'abord, nous précisons les inconvénients d'IPSec en temps nécessaire pour les opérations sécurisées et en en-têtes supplémentaires nécessaires pour l'encapsulation des paquets IP. Ces deux traitements dégradent la performance des réseaux et en certains cas, il devient alors difficile d'assurer la Qualité de Service. Trois types de trafics, la voix, la vidéo et les données seront considérés. Ensuite, nous utilisons les modèles analytiques pour modéliser les comportements de ces trafics avec IPSec et avec IPv4. L'estimation de performance se fait en termes de délai de bout en bout et perte de paquets. Nous comparons les performances entre IPSec et IPv4 par modélisation et par simulation. Les résultats obtenus montrent que la performance de la voix, la vidéo et les données est réduite significativement à cause d'IPSec. Poue assurer la sécurité et la QoS, nous proposons deux méthodes : la compression des en-têtes supplémentaires et une négociation supplémentaire dans IPSec. Ces deux méthodes permettent d'obtenir un meilleur compromis entre une sécurité minimale et une QoS minimale
If the IPSec protocol reinforces the security of the traffics in IP network, it causes a degradation of the performance. This thesis aims (i) to analyze the performance of the IPSec protocol by modeling, (ii) to evaluate the degradation of the IPSec protocol by simulation, in particular for the real-times traffics, (iii) to propose solutions to improve the performance of these real-time traffics. Initially, we specify the disadvantages of IPSec in time necessary for the secure operations and in additional headers required by the encapsulation of IP packets. These two treatments degrade the performance of the networks and in many cases, it becomes difficult to ensure the Quality of Service. Three types of traffics : the video, the voice and the data will be considered. Then we use the analystical models to model the behaviors of these traffics with IPSec and IPv4. The estimation of performance are done in terms of end-to-end delau and packet loss. We compare the performances between IPSec and IPv4 by modeling and simulation. The results obtained show that the performance of the voice, the video and the data is reduced significantly because of IPSec. To ensure the security and the QoS, we propose two methods : the compression of the additional headers and an additional negociation in IPSec. These two methods make it possible to obtain a better compromise between a minimal security and a minimal QoS
APA, Harvard, Vancouver, ISO, and other styles
48

Migault, Daniel. "Naming and security in a mobile, multihomed and multiple interfaces environement." Phd thesis, Institut National des Télécommunications, 2012. http://tel.archives-ouvertes.fr/tel-01016686.

Full text
Abstract:
ISPs are concerned about providing and maintaining the level of security of its End User's communications. A communication is initiated by the End User with a name, and goes on by exchanging packets between two IP addresses. In this thesis, we focused our attention on two main points: (1) providing a secure Naming service, and (2) making IPsec communication resilient to IP address modification, addition or lost of an interface. We designed MOBIKE-X for that purpose and propose it as a standard at the IETF
APA, Harvard, Vancouver, ISO, and other styles
49

Schindler, Vladimír. "Problematika optimální šířky přenosového pásma pro přenos medicinských obrazových dat." Doctoral thesis, Vysoké učení technické v Brně. Fakulta elektrotechniky a komunikačních technologií, 2014. http://www.nusl.cz/ntk/nusl-233631.

Full text
Abstract:
This dissertation thesis is focused on the optimization of bandwidth parameters for the transport of medical image data between medical devices and remote data storage. As real and fully functional structure, which will be analyzed in this work. It was selected system MeDiMed (Metropolitan Digital Imaging System in Medicine). The thesis examines the operation of the small health organizations and their modalities, which use this system for remote data archiving. Traffic analysis is then statistically processed. The thesis also deals with the analysis of increasing the security during accessing health system, and assesses its impact on transmitted data. The effect of setting the transmission parameters and the most widely used types of ciphers on the transfer speed is also compared.
APA, Harvard, Vancouver, ISO, and other styles
50

Novotňák, Jiří. "Hardwarová akcelerace šifrování síťového provozu." Master's thesis, Vysoké učení technické v Brně. Fakulta informačních technologií, 2010. http://www.nusl.cz/ntk/nusl-237117.

Full text
Abstract:
The aim of this thesis is to draft and implement high-speed encryptor of network trafic with throughput 10Gb/s in one way. It has been implementated for FPGA Xilinx Virtex5vlx155t placed on card COMBOv2-LXT. The encryption is based on AES algorithm using 128 bit key length. The security protokol is ESP in version for protokol IPv4. Design is fully synthesizable with tool Xilinx ISE 11.3, however it is not tested on real hardware. Tests in simulation works fine.
APA, Harvard, Vancouver, ISO, and other styles
You might also be interested in the bibliographies on the topic 'IPsec' for other source types:
Journal articles Books
We offer discounts on all premium plans for authors whose works are included in thematic literature selections. Contact us to get a unique promo code!

To the bibliography