This paper recounts some lessons that we learned from the deployment of host-to-host IPsec in a large corporate network. Several security issues arise from mismatches between the different identifier spaces used by applications, by the IPsec security policy database, and by the security infrastructure (X.509 certificates or Kerberos). Mobile hosts encounter additional problems because private I...

Wireless Mesh Networks (WMN) is an integral broadband wireless network who provides high bandwidth internet service to users. It is kind of multi-hop networks having many to many connections with the capability of dynamic sanify network topology. WMN’s utility network performance can cause a massive fall. Channel your physical security vulnerabilities, due to the dynamic changes of topology is ...

This article proposes a quantitative risk assessment for security systems which have multiple protected assets and a risk-based benefit-cost analysis for decision makers. The proposed methodology consists of five phases: identification of assets, security unit and intrusion path, security unit effectiveness estimation, intrusion path effectiveness estimation, security system risk assessment and...

We have implemented a system for virtual private networking, with special attention to the needs of telecommuters. In particular, we used off-the-shelf hardware and open-source software to create a platform to provide IP security and other services for in-home networks. Our experience has taught us a number of things about the scalability of the FreeS/WAN IPsec system, about the widespread mis-...

Distribution of virtual goods over the IP based infrastructure offered by the Internet requires efficient techniques w.r.t. to the utilization of the existing resources. One approach here applies methods from the peer to peer domain to ensure that the required traffic mostly is situated in the cost efficient last mile. This paper presents this approach and discusses the security implications. T...

In this paper we explore the tradeoffs between security and performance in anonymity networks such as Tor. Using probability of path compromise as a measure of security, we explore the behaviour of various path selection algorithms with a Tor path simulator. We demonstrate that assumptions about the relative expense of IP addresses and cheapness of bandwidth break down if attackers are allowed ...

This paper discusses some security issues of `Classical IP over ATM' networks. After analyzing new threats to IP networks based on ATM, security mechanisms to protect these networks are introduced. The integration of rewalls into ATM networks requires additional considerations. We conclude that careful con guration of ATM switches and ATM services can provide some level of protection against sp...

Vulnerabilities in computer systems arise in part due to programmer’s logical errors, and in part also due to programmer’s false (i.e., over-optimistic) expectations about the guarantees that are given by the abstractions of a programming language. For the latter kind of vulnerabilities, architectures with hardware or instructionlevel support for protection mechanisms can be useful. One trend i...

This paper analyzes the conflict between performance enhancing technology and IPSec in satellite IP networks, and proposes a solution called multilayer IP security with changeable zone (CZML-IPSec). It enables licensed intermediate nodes not only access TCP header, but also object links of upper layer in the form of HTML by converting static zone mapping to changeable dynamic mapping and buildi...