99 Hits in 5.2 sec

An experimental study on the applicability of SYN cookies to networked constrained devices

Juan Jose Echevarria, Pablo Garaizar, Jon Legarda
2017 Software, Practice & Experience  
The Internet protocol suite is increasingly used on devices with constrained resources that operate as both clients and servers within the Internet of Things paradigm.  ...  This paper analyses and compares in a class 2 constrained device the performance of 2 commonly used defence mechanisms (ie, recycle half-open connections and SYN cookies) during a low-rate SYN flood.  ...  ACKNOWLEDGEMENTS This work has been supported in part by a predoctoral fellowship from the Department for Education, Language Policy, and Culture of the Basque Government.  ... 
doi:10.1002/spe.2510 fatcat:tvt4opnoa5hi3ny3rc2g4mi6ue

TCP in the Internet of Things: From Ostracism to Prominence

Carles Gomez, Andres Arcia-Moret, Jon Crowcroft
2018 IEEE Internet Computing  
We argue that, in contrast to generally accepted wisdom, most of those possible issues fall in one of the following categories: i) are also found in well accepted IoT end-to-end reliability mechanisms,  ...  Considering the future prominent role of TCP in the IoT, we provide recommendations for lightweight TCP implementation and suitable operation in such scenarios, based on our IETF standardization work on  ...  His contribution to this work has been carried out in part during his stay as a visiting scholar at the Computer Laboratory of the University of Cambridge.  ... 
doi:10.1109/mic.2018.112102200 fatcat:bojvyppvfvcp7d34uoh4pnnkiy

The Proposal Of Hybrid Intrusion Detection For Defence Of Sync Flood Attack In Wireless Sensor Network

Ruchi Bhatnagar
2012 International Journal of Computer Science & Engineering Survey  
To aid in the defense and detection of these potential threats, WSN employ a security solution that includes an intrusion detection system (IDS).  ...  In this paper, we surveyed denial of service attacks that disseminate the WSN such a way that it temporarily paralyses a network and proposed a hybrid Intrusion Detection approach based on stream flow  ...  INTRODUCTION A wireless sensor network is a network of simple sensing devices; which are capable of sensing some changes of incidents/parameters and communicating with other devices, over a specific geographic  ... 
doi:10.5121/ijcses.2012.3204 fatcat:axobmumnujfdvbiaa25xtdcu3y

On improving resistance to Denial of Service and key provisioning scalability of the DTLS handshake

Marco Tiloca, Christian Gehrmann, Ludwig Seitz
2016 International Journal of Information Security  
This may exhaust memory and network resources on the server, so making it less responsive or even unavailable to legitimate clients.  ...  Tiloca efficient security architecture which addresses both issues, by substantially limiting the impact of DoS, and reducing the number of keys stored on the server side to one unit only.  ...  Compliance with Ethical Standards This work has been carried out during the tenure of an ERCIM "Alain Bensoussan" Fellowship Programme.  ... 
doi:10.1007/s10207-016-0326-0 fatcat:7io7mhv735evrhzdkf2skw26ne

Order P4-66: Characterizing and mitigating surreptitious programmable network device exploitation [article]

Simon Kassing, Hussain Abbas, Laurent Vanbever, Ankit Singla
2021 arXiv   pre-print
We find that compromised programmable devices can easily degrade networked applications by orders of magnitude, while evading diagnosis by even the most sophisticated network diagnosis methods in deployment  ...  We explore a new security threat, from an attacker who has gained control of such devices.  ...  This approach can be viewed as an application of the end-to-end argument [36] -only the application or tenant knows whether the network is working well.  ... 
arXiv:2103.16437v2 fatcat:ls4ltmcmzbg6xidofchsj6auka

Performance of the Transport Layer Security Handshake Over 6TiSCH

Timothy Claeys, Mališa Vučinić, Thomas Watteyne, Franck Rousseau, Bernard Tourancheau
2021 Sensors  
Neglecting to do so can negatively impact the battery lifetime of the entire constrained network.  ...  Our goal is to study how well these mechanisms perform, in the constrained setting of 6TiSCH, compared to TCP's reliability algorithms, relied upon by TLS.  ...  We undertake an experimental study of both handshake protocols when the messages travel over a multihop 6TiSCH network. The 6TiSCH specification is a core technology of the IoT.  ... 
doi:10.3390/s21062192 pmid:33801018 fatcat:p676stshsjdbloekjvdkm64ney

A Review of P4 Programmable Data Planes for Network Security

Ya Gao, Zhenling Wang, Sang-Bing Tsai
2021 Mobile Information Systems  
Programming Protocol-independent Packet Processors (P4) is proposed to define the operations of the data plane and to implement user's applications, e.g., data center networks, security, or 5G.  ...  This paper provides a review of research papers on solving network security problems with P4-based programmable data plane. The work can be organized into two parts.  ...  [47] propose a SYN proxy scheme based on P4 through SYN cookie or SYN authentication. e SYN cookies scheme modifies the relevant fields of each packet, which is completely transparent to the TCP client  ... 
doi:10.1155/2021/1257046 fatcat:qwbafyhmcrbvhlhalteq6dbwha

Investigating the IPv6 teredo tunnelling capability and performance of internet clients

Sebastian Zander, Lachlan L.H. Andrew, Grenville Armitage, Geoff Huston, George Michaelson
2012 Computer communication review  
We find that only 6-7% of connections are from fully IPv6-capable clients, but an additional 15-16% of connections are from clients that would be IPv6-capable if Windows Teredo was not constrained.  ...  We use web-based measurements to investigate the (latent) Teredo capability of Internet clients, and the delay introduced by Teredo.  ...  Acknowledgements We thank the anonymous reviewers.  ... 
doi:10.1145/2378956.2378959 fatcat:n6gpqedornba7dv7xbmi5rfkwq

Edge-IIoTset: A New Comprehensive Realistic Cyber Security Dataset of IoT and IIoT Applications for Centralized and Federated Learning

Mohamed Amine Ferrag, Othmane Friha, Djallel Hamouda, Leandros Maglaras, Helge Janicke
2022 IEEE Access  
Specifically, the dataset has been generated using a purpose-built IoT/IIoT testbed with a large representative set of devices, sensors, protocols and cloud/edge configurations.  ...  In this paper, we propose a new comprehensive realistic cyber security dataset of IoT and IIoT applications, called Edge-IIoTset, which can be used by machine learning-based intrusion detection systems  ...  Flooding the destination with query packets, the network is constrained to reply with an identical number of reply packets. This makes the destination unavailable to regular network traffic.  ... 
doi:10.1109/access.2022.3165809 fatcat:k6qpodd7hnbddjjdlxzkktjs74

Enhancing Security of Software Defined Mobile Networks

Madhusanka Liyanage, Ijaz Ahmed, Jude Okwuibe, Mika Ylianttila, Hammad Kabir, Jesus Llorente Santos, Raimo Kantola, Oscar Lopez Perez, Mikel Uriarte Itzazelaia, Edgardo Montes De Oca
2017 IEEE Access  
The 5th Generation (5G) and future networks aim to deliver ultra-fast and ultra-reliable network access capable of supporting the anticipated surge in data traffic and connected nodes in years to come.  ...  In this paper, we discuss the security challenges these new technologies are prone to in the context of the new telecommunication paradigm.  ...  The authors would like to acknowledge the contributions of their colleagues.  ... 
doi:10.1109/access.2017.2701416 fatcat:paoxsmqk6zddjbgjjgvlmhegbm

SDNDefender: A Comprehensive DDoS Defense Mechanism Using Hybrid Approaches over Software Defined Networking

Tianfang Yu, Lanlan Rui, Xuesong Qiu, Weizhi Meng
2021 Security and Communication Networks  
With the superiorities of centralized control mode and global topological view, Software-Defined Networking (SDN) provides a new way to get over the above issues.  ...  In traditional networks, DDoS attacks are often launched in the network layer or the transport layer. Researchers had explored this problem in depth and put forward plenty of solutions.  ...  controllers that translate the upper applications' requirements and exert low-level control over the network devices through standardized interfaces while providing relevant information up to the SDN applications  ... 
doi:10.1155/2021/5097267 fatcat:enyunk2tcbbsnpslelostqfeue

A multi-layer framework for puzzle-based denial-of-service defense

XiaoFeng Wang, Michael K. Reiter
2007 International Journal of Information Security  
We also provide a game theoretic analysis that sheds light on the potential to use client puzzles for incentive engineering: the costs of solving puzzles on an attackers' behalf could motivate computer  ...  However, how to operationalize this idea in network protocol stacks still has not been sufficiently studied.  ...  Experimental evaluation In this section, we report our experimental study of the puzzle auction mechanism in a network environment.  ... 
doi:10.1007/s10207-007-0042-x fatcat:t45m7akgnncu5dfctrxwqrajsa

SCTP: state of the art in research, products, and technical challenges

Shaojian Fu, M. Atiquzzaman
2004 IEEE Communications Magazine  
The main idea of the cookie mechanism is to store the state information on either the client side or the network, rather than in the memory of the server.  ...  [9] showed that multistreaming results in higher goodput than a single stream when the receiver buffer is constrained, as in the case of wireless handheld devices.  ... 
doi:10.1109/mcom.2004.1284931 fatcat:wwwrqtq235e45oifnuk4wvtfim

Hoop: Offloading HTTP(S) POSTs from User Devices onto Residential Gateways

Kevin Huguenin, Erwan Le Merrer, Nicolas Le Scouarnec, Gilles Straub
2014 2014 IEEE International Conference on Web Services  
In this paper, we advocate the exploitation of the storage capabilities of common devices located on the Wi-Fi access point LAN, typically residential gateways, to decrease the waiting time.  ...  Wi-Fi data offloading overcomes the aforementioned issues for delay-tolerant data, at the cost of constrained mobility for users as they are required to stay within a given area while the data is uploaded  ...  The authors are very grateful to Olivier Heen and Julien Herzen for their insightful comments.  ... 
doi:10.1109/icws.2014.96 dblp:conf/icws/HugueninMSS14 fatcat:55y56tputnf2plcu73qvemrozi

Performance analysis of next generation web access via satellite

R. Secchi, A. C. Mohideen, G. Fairhurst
2016 International Journal of Satellite Communications And Networking  
It then presents a set of tests to evaluate whether current implementations of the new protocols can offer benefit with an operational satellite access network, and suggests how the specifications can  ...  This paper describes the main features of the new protocols and discusses the impact of path delay on their expected performance.  ...  access to user devices (e.g., common for handheld devices on a mobile operator network [43]). • All PEPs introduce an additional service element which can ossify the network, unless the element continues  ... 
doi:10.1002/sat.1201 fatcat:m6rwlxfembd2jfyi6fusshev2q
« Previous Showing results 1 — 15 out of 99 results