Filters








107 Hits in 2.7 sec

Security and Privacy Implications of Middlebox Cooperation Protocols [article]

Thomas Fossati and Roman Muentener and Stephan Neuhaus and Brian Trammell
2018 arXiv   pre-print
This white paper presents an analysis done by the MAMI project of the privacy and security concerns surrounding middlebox cooperation protocols (MCPs), based on our experimental experience with the Path  ...  While middlebox cooperation can make a passive adversary's job easier, it does not enable entirely new attacks.  ...  In this white paper we address the question of whether such middlebox cooperation protocols (MCP) potentially pose security and privacy issues outweighing the problems that they solve, as: a.  ... 
arXiv:1812.05437v1 fatcat:um7mlcp4inhhtkt4pixxgh7jnu

Analysis and Consideration on Management of Encrypted Traffic [article]

Pedro A. Aranda Gutiérrez and Diego López and Thomas Fossati
2018 arXiv   pre-print
protocol layer, such as PLUS, that contains the necessary information outside of the encrypted payload.  ...  The two main approaches we consider are 1.- extending and adapting a widely deployed protocol such as TLS, so that information necessary for network management can be obtained; and 2.- introducing a new  ...  In addition, [25] casts a shadow of doubt in some security aspects of mcTLS. • Middlebox Secutiry Protocol ETSI is working in its Technical Committee on Cyber-security (TC CYBER) on the Middlebox Secutiry  ... 
arXiv:1812.04834v2 fatcat:bfnlxm22ovfcti36qvt3nxxcme

IPv6 Address Obfuscation by Intermediate Middlebox in Coordination with Connected Devices [chapter]

Florent Fourcot, Laurent Toutain, Stefan Köpsell, Frédéric Cuppens, Nora Cuppens-Boulahia
2013 Lecture Notes in Computer Science  
Our IPv6 privacy proposal uses ephemeral addresses outside the trusted network but stable addresses inside the local network, allowing the control of the local network security by the administrator.  ...  Our solution is based on new opportunities of IPv6: a large address space and a new flow label field.  ...  But the computational cost of CGA generation with an adequate security level is high [3] and prevents to use it as a privacy solution with high frequency of CGA calculation.  ... 
doi:10.1007/978-3-642-40552-5_14 fatcat:szibbsz5hjah7ptqmvl6kh7gp4

Challenges in Network Management of Encrypted Traffic [article]

Mirja Kühlewind, Brian Trammell, Tobias Bühler, Gorry Fairhurst, Vijay Gurbani
2018 arXiv   pre-print
and the development of new protocols and mechanisms.  ...  layers, and 3) replace transparent middleboxes with middlebox transparency in order to increase visibility, rebalance control and enable cooperation.  ...  Still all information that is radiated from an endpoint may contain user-specific information and should be evaluated for its privacy implications.  ... 
arXiv:1810.09272v1 fatcat:774qlyaum5b7ngnloqc4jt6hza

Patterns and Interactions in Network Security [article]

Pamela Zave, Jennifer Rexford
2020 arXiv   pre-print
protocols, packet filtering, and dynamic resource allocation.  ...  This article is a concise tutorial on the large subject of networks and security, written for all those interested in networking, whether their specialty is security or not.  ...  The general idea of proxies that cooperate with endpoints is developed further in Middlebox TLS (mbTLS) [44] .  ... 
arXiv:1912.13371v2 fatcat:qfhdtj2pi5cmjk67h2gq53vzem

De-Ossifying the Internet Transport Layer: A Survey and Future Perspectives

Giorgos Papastergiou, Gorry Fairhurst, David Ros, Anna Brunstrom, Karl-Johan Grinnemo, Per Hurtig, Naeem Khademi, Michael Tuxen, Michael Welzl, Dragana Damjanovic, Simone Mangiante
2017 IEEE Communications Surveys and Tutorials  
We argue that the development of a comprehensive transport layer framework, able to facilitate the integration and cooperation of specialized solutions in an application-independent and flexible way, is  ...  His research interests include various aspects of transport protocol design, implementation, and performance evaluation.  ...  ACKNOWLEDGMENT The authors would like to thank the anonymous reviewers for their useful suggestions and comments.  ... 
doi:10.1109/comst.2016.2626780 fatcat:hrldvr7mdnc2lihsxpplk5eyo4

Oblivious Inspection: On the Confrontation between System Security and Data Privacy at Domain Boundaries

Jorge Sancho, José García, Álvaro Alesanco
2020 Security and Communication Networks  
The results point out the importance of the inspection function being aligned with the underlying garbled circuit protocol.  ...  All together, this approach penalizes performance to align system security and data privacy, but it could be appropriate for those scenarios where this performance degradation can be justified by the sensibility  ...  "Construyendo Europa desde Aragón" (T31_20R), and Ministerio de Educación, Cultura y Deporte from Gobierno de España via a doctoral grant to the first author (FPU15/04841).  ... 
doi:10.1155/2020/8856379 fatcat:o2i62eo2svgebgkb3xw3tnkvcu

Internet Evolution and the Role of Software Engineering [chapter]

Pamela Zave
2010 The Future of Software Engineering  
This paper aims to encourage the software-engineering community to participate in this research by providing a starting point and a broad program of research questions and projects.  ...  For the past decade, the networking community has been focused on the many deficiencies of the current Internet and the possible paths toward a better future Internet.  ...  Acknowledgment Most of my understanding of Internet evolution is due to the generous and expert guidance of Jennifer Rexford.  ... 
doi:10.1007/978-3-642-15187-3_12 dblp:conf/birthday/Zave10 fatcat:gbp72kpayjhsvmbr4rbrju272i

A path layer for the Internet: Enabling network operations on encrypted protocols

Mirja Kuhlewind, Tobias Buhler, Brian Trammell, Stephan Neuhaus, Roman Muntener, Gorry Fairhurst
2017 2017 13th International Conference on Network and Service Management (CNSM)  
Encryption, in addition to improving privacy, helps to address ossification of network protocols caused by middleboxes that assume certain information to be present in the clear.  ...  We present an implementation of this wire image integrated with the QUIC protocol, as well as a basic stateful middlebox built on Vector Packet Processing (VPP) provided by FD.io.  ...  We intend PLUS as a foundational mechanism for research and experimentation with uses for an Internet-deployable path layer, and new methods for network traffic management leveraging cooperation between  ... 
doi:10.23919/cnsm.2017.8255973 dblp:conf/cnsm/KuhlewindBTNMF17 fatcat:7swsb2mhvvbntklp5cn3uxwbx4

Private Peer-to-Peer Networks [chapter]

Michael Rogers, Saleem Bhatti
2009 Handbook of Peer-to-Peer Networking  
This chapter offers a survey of the emerging field of private peer-to-peer networks, which can be defined as internet overlays in which the resources and infrastructure are provided by the users, and which  ...  We describe deployed systems, classify them architecturally, and identify some technical and social tradeoffs in the design of private peer-to-peer networks.  ...  inadvertently undermine their users' security or privacy.  ... 
doi:10.1007/978-0-387-09751-0_28 fatcat:662sewebeffslih3pewcca524q

The compositional architecture of the internet

Pamela Zave, Jennifer Rexford
2019 Communications of the ACM  
networks, each network is a microcosm with all the basic network mechanisms including a namespace, routing, a forwarding protocol, session protocols, and directories.  ...  The mechanisms are specialized for the network's purposes, membership, geographical span, and level of abstraction.  ...  Security properties on individual sessions include endpoint authentication, data confidentiality, data integrity, and privacy.  ... 
doi:10.1145/3226588 fatcat:kdsqmit3ufh2hmwo32kab6pwle

Security Challenges in the IP-based Internet of Things

Tobias Heer, Oscar Garcia-Morchon, René Hummen, Sye Loong Keoh, Sandeep S. Kumar, Klaus Wehrle
2011 Wireless personal communications  
In this paper, we discuss the applicability and limitations of existing Internet protocols and security architectures in the context of the Internet of Things.  ...  We then present challenges and requirements for IP-based security solutions and highlight specific technical limitations of standard IP security protocols.  ...  In this section, we discuss general forms of network operation, how to communicate a thing's identity and the privacy implications arising from the communication of this identity. Distributed vs.  ... 
doi:10.1007/s11277-011-0385-5 fatcat:qgq2ahp7qbhgnb43mlayxgnjty

CloudNaaS

Theophilus Benson, Aditya Akella, Anees Shaikh, Sambit Sahu
2011 Proceedings of the 2nd ACM Symposium on Cloud Computing - SOCC '11  
flexible interposition of various middleboxes.  ...  Central to many of these challenges is the limited support for control over cloud network functions, such as, the ability to ensure security, performance guarantees or isolation, and to flexibly interpose  ...  Our prototype design and implementation of CloudNaaS leverages programmable network devices and supports isolation, middlebox functions, and Quality-of-Service, and helps minimize application rewrites  ... 
doi:10.1145/2038916.2038924 dblp:conf/cloud/BensonASS11 fatcat:hfl4cvqhtzcn3myldr7urecl54

Self-service cloud computing

Shakeel Butt, H. Andrés Lagar-Cavilla, Abhinav Srivastava, Vinod Ganapathy
2012 Proceedings of the 2012 ACM conference on Computer and communications security - CCS '12  
Attacks against or misuse of the administrative domain can compromise client security and privacy.  ...  The system-wide administrative domain cannot inspect the code, data or computation of client VMs, thereby ensuring security and privacy.  ...  Parts of this work were completed when the first two authors were at AT&T Research.  ... 
doi:10.1145/2382196.2382226 dblp:conf/ccs/ButtLSG12 fatcat:umdjhuwvpbb4ld4jje3xgreeqa

Exploring infrastructure support for app-based services on cloud platforms

Hai Nguyen, Vinod Ganapathy, Abhinav Srivastava, Shivaramakrishnan Vaidyanathan
2016 Computers & security  
Cloud apps can also implement a number of other non-security-related utilities, such as memory and disk deduplication, and network middleboxes such as packet shapers and QoS tools.  ...  This allows clients to deploy services such as VM introspection-based security tools and network middleboxes on their work VMs without requiring the cloud provider to deploy these services on their behalf  ...  This research was supported in part by NSF grant CNS-1420815 and a gift from Microsoft Research.  ... 
doi:10.1016/j.cose.2016.07.009 fatcat:gjjorzh7wfgsdkizi75txm4f5e
« Previous Showing results 1 — 15 out of 107 results