| 1. |
- Garcia, Johan, 1970-, et al.
(författare)
-
KauNet : Design and Usage
- 2008
-
Rapport (övrigt vetenskapligt/konstnärligt)abstract
- KauNet is an emulation system that allows deterministic placement of packet losses and bit-errors as well as more precise control over bandwidth and delay changes. KauNet is an extension to the well-known Dummynet emulator in FreeBSD and allows the use of pattern and scenario files to increase control and repeatability. This report provides a comprehensive description of the usage of KauNet, as well as a technical description of the design and implementation of KauNet.
|
|
| 2. |
- Blom, Martin, et al.
(författare)
-
An Experimental Evaluation of Documentation Methods and Reusability
- 2008
-
Konferensbidrag (refereegranskat)abstract
- This paper presents an experimental evaluation carried out in an academic environment. The goal of the experiment was to compare how different methods of documenting semantic information affect software reuse. More specifically, the goal was to measure if there were any differences between the methods with regard to the time needed to implement changes to existing software. Four methods of documentation were used; executable contracts, non-executable contracts, Javadoc-style documentation and sequence diagrams. The results indicate that executable contracts demanded more time than the other three methods and that sequence diagrams and Javadoc demanded the least time
|
|
| 3. |
|
|
| 4. |
- Faigl, Zoltán, et al.
(författare)
-
Experimental Evaluation of the Performance Costs of Different IKEv2 Authentication Methods
- 2008
-
Konferensbidrag (refereegranskat)abstract
- This paper presents an experimental evaluation of the costs of different IKEv2 authentication methods. The studied methods are pre-shared keys (PSK), extensible authentication protocol (EAP) using MD5 and TLS, which are typically referred to as EAP-MD5 and EAP-TLS, respectively. For the EAP-based methods RADIUS is used as AAA server. Different lengths of certification chains are studied in the EAP-TLS case. The paper first presents a brief overview of the considered authentication methods. Then, an experimental comparison of the costs for computations and messages transfers associated with the authentication methods are provided. The measurement results illustrate the practical costs involved for IKEv2 authentication, and show the performance implications of using different authentication methods. EAP-TLS is several times more demanding than both PSK and EAP-MD5. When EAP-TLS is used, the length of certificate chains also has a notable impact on performance
|
|
| 5. |
|
|
| 6. |
|
|
| 7. |
- Lindskog, Stefan, et al.
(författare)
-
A Comparison of End-to-End Security Solutions for SCTP
- 2008
-
Konferensbidrag (refereegranskat)abstract
- A comparison of three different end-to-end security solutions for the stream control transmission protocol (SCTP) is presented in this paper. The compared solutions are SCTP over IPsec, TLS over SCTP, and secure socket SCTP (SS-SCTP). The two former are standardized solutions, whereas the latter is a newly proposed solution that was designed to offer as much security differentiation support as possible using standardized solutions and mechanisms. The comparison focuses on three main issues: packet protection, security differentiation, and message complexity. SS-SCTP compares favorably in terms of offered security differentiation and message overhead. Confidentiality protection of SCTP control information is, however, only offered by SCTP over IPsec
|
|
| 8. |
- Lindskog, Stefan, et al.
(författare)
-
A Conceptual Model for Analysis and Design of Tunable Security Services
- 2008
-
Ingår i: Journal of Networks. - : Academy Publisher.
-
Tidskriftsartikel (refereegranskat)abstract
- Security is an increasingly important issue for networked services. However, since networked environments may exhibit varying networking behavior and contain heterogeneous devices with varying resources tunable security services are needed. A tunable security service is a service that provides different security configurations that are selected, and possibly altered, at run-time. In this paper, we propose a conceptual model for analysis and design of tunable security services. The proposed model can be used to describe and compare existing tunable security services and to identify missing requirements. Five previously proposed services are analyzed in detail in the paper. The analysis illustrates the powerfulness of the model, and highlights some key aspects in the design of tunable security services. Based on the conceptual model, we also present a high-level design methodology that can be used to identify the most appropriate security configurations for a particular scenario
|
|
| 9. |
- Lindskog, Stefan, et al.
(författare)
-
An End-to-End Security Solution for SCTP
- 2008
-
Konferensbidrag (refereegranskat)abstract
- The stream control transmission protocol (SCTP) is a fairly new transport protocol that was initially designed for carrying signaling traffic in IP networks. SCTP offers a reliable end-to-end (E2E) transport. Compared to TCP, SCTP provides a much richer set of transport features such as message oriented transfer, multistreaming to handle head-of-line blocking, and multihoming for enhanced failover. These are all very attractive features, but at the same time proven hard and complex to secure for E2E transports. All existing security solutions have limitations. In this paper, a survey of existing solutions is first given. Then, an alternative solution is proposed. The proposed solution uses the new authenticated chunks for SCTP for integrity protection, TLS for key exchange and authentication, and symmetric encryption implemented at the socket layer for confidentiality protection. A qualitative comparison of the described E2E security solutions is also given
|
|
| 10. |
|
|
