基于多核处理器的加密卡异步并行驱动设计

文中通过对VxWorks下多核编程的研究,根据IPSec层异步加解密调用的需求,设计了一种稳定高效的加密卡缓存和数据收发方案,满足了数据高速加解密的需求。加密卡内含6个加解密信道,6个加解密信道通过一个万兆以太通道与主机端相连。驱动程序接收来自IPSec层的加解密数据并进行缓存后,将报文通过万兆以太通道发送给加密卡上相应的加解密信道进行处理。加密卡处理完成后将加解密数据通过以太通道送回主机端,并返回加密卡驱动层,由加密卡驱动层的回调函数返回IPSec。多核并行运行时,不同的核都可以进行异步加解密操作。测试结果表明,这种设计方案是一种高效的、具有良好兼容性的驱动实现方法。     

SIP信令安全机制的改进与实现

SIP信令安全机制的研究是整个SIP应用安全性研究的一个重要方面。这里根据目前的研究现状,提出了一种改进机制来保证SIP信令的安全性。该机制分为两个阶段,首先建立UAC与注册服务器间的TLS通道,结合HTTP摘要认证实现客户端与服务器的双向认证,然后在SIP代理服务器之间实现IPSec加密,并利用之前建立的TLS通道,实现了会话建立阶段的全程加密。通过仿真实验,证明了该方法的可行性。     

IPSec协议分析

IPSec作为一种IP层安全协议簇,随着4G网络及计算机网络IPv6的发展,其受到了人们的广泛关注。文中介绍了IPSec的安全架构、认证和加密的实施过程,尤其是对AH和ESP协议进行了分析,并对IPSec实际部署中穿越NAT的问题提出了可行的解决方案。     

韩山师院有线电视宽带多媒体网络建设方案

介绍广东潮州韩山师院改造CATV系统、建设宽带多媒体网络方案概况.对宽带业务接入及多媒体业务的实现进行具体描述,并给出系统实现主要框图.对控制回传通道噪声措施进行较为深入的讨论.     

一种新型的WSN量子加密系统

目前无线传感器网络越来越普及,在不久的将来无线传感器网络的服务将会遍布全球。由于无线传感器网络在用户数据方面并没有IPSec的安全策略,因此具有一定程度的安全风险。我们在此设计了一种量子加密机制。这种应用于无线传感器网络的加密机制试图不仅使用类似于IPSec的策略,而且使用新型的量子加密技术。这种系统将有助于改善无线传感器网络的安全性。     

路由和交换设备的安全管理方法

路由器及交换机是当前网络系统的主要设备,也是网络安全的前沿关口.如果路由器连自身的安全都没有保障,整个网络也就毫无安全可言.路由和交换设备的传统管理方法中最方便的是通过Telnet方式来远程管理,由于该方法所传输的用户名及密码为明文传送,因此存在很大的安全隐患.由于现在的路由及交换设备均支持加密协议,因此使用SSH或Kerberized Telnet,或使用IPSec加密路由器所有的管理流,可以大大加强路由交换设备管理的安全性.文中详细介绍了如何在路由交换设备上配置SSH服务以实现安全的路由交换设备的管理,并给出了该方法相对传统管理方法的优点.     

基于IPSec的电子政务MPLS VPN实现

MPLS VPN技术能够满足电子政务中隔离业务流的安全要求,对数据流进行流量管理,实现QoS保证,但它采用明文传输方式容易导致泄密,而IPSec采用加密、认证等安全技术,能够保证MPLS VPN传输中的数据安全性。文中通过对常见实施方法进行分析对比,提出了一种把IPSec融入MPLS内外标签封装过程的方法,利用IPSec的安全可靠及MPLS的高速交换、QoS保证的优点,提供安全、高效、透明的电子政务VPN服务,并给出了实施过程。     

在HFC网络上实现IPTV的技术模式

PTV（Internet Protocol TeleVision）又叫网络电视，是一种利用宽带IP网络，集互联网、多媒体、通讯等多种技术于一体，向家庭用户提供包括广播电视。VOD点播、视频录像、宽带上网、语音通讯等多种交互式服务的崭新技术。它很好地适应了当今网络飞速发展的趋势．最大效率地利用了网络资源。对广电来说．能否在HFC网络上开展IPTV、实现多种交互功能呢？答案是肯定的。从HFC网络自身的特征来看，传送广播业务是其优势。开展IPTV，一般采用DVB方式实现广播业务：为了开展时移电视、点播等等这样的交互业务．需要对现有HFC网络进行双向改造．在单向的广播网络上增加上行通道．以实现交互和控制信息的上传等功能。下面，我们来探讨如何对HFC网络进行改造．实现IPTV有哪些可行的技术模式。     

一种环形Buffer自适应NoC路由器设计

在片上网络(Network-on-Chip,NoC)系统中,对路由器缓存进行有效的设计及管理,能够有效提高系统多方面的性能.设计了一种环形缓冲结构的自适应路由器,该路由器中所有通道的缓冲资源相互连接形成一个封闭的环,繁忙的输入通道能够共享其他通道的空闲缓冲资源.2D Mesh网络中的实验结果表明,环形缓冲结构的路由器与传统路由器相比,能量消耗得到了降低,缓冲使用缩小了5倍.此外,大量的仿真研究表明,该路由器结构提高了网络性能,减少了平均信息延时.     

混合结构宽带网络流量工程设计

本文根据当前宽带网络技术发展的现状,提出了一种由ＡＴＭ交换机和线路由器共同组成的混合结构和宽带网络,并提出了基于多协议记交换（ＭＰＬＳ）技术,采用约束路由的标记分配协议（ＣＲ－ＬＤＰ）和网络策略服务器,实现宽带网络流量工程的方案。同时,文章从流量工程角度出发,对如何设计宽带网络的组织结构提出了建议。     

Security issues in hybrid networks with a satellite component

Satellites are expected to play an increasingly important role in providing broadband Internet services over long distances in an efficient manner. Most future networks will be hybrid in nature - having terrestrial nodes interconnected by satellite links. Security is an important concern in such networks, since the satellite segment is susceptible to a host of attacks, including eavesdropping, session hijacking and data corruption. In this article we address the issue of securing communication in satellite networks. We discuss various security attacks that are possible in hybrid satellite networks, and survey the different solutions proposed to secure data communications in these networks. We look at the performance problems arising in hybrid networks due to security additions like Internet security protocol (IPSec) or secure socket layer (SSL), and suggest solutions to performance-related problems. We also point out important drawbacks in the proposed solutions, and suggest a hierarchical key-management approach for adding data security to group communication in hybrid networks.     

虚拟专用网(VPN)的实现方法

虚拟专用网是利用Internet互联网实现企业内部低成本远程安全访问的一种。深入剖析了基于IPSec协议和L2TP协议的VPN实现方法及其安全性。着重比较IPSec和L2TP的不同模式各自的特点,为企事业单位选择VPN方案提供参考。     

Pesky home networks trouble cable behemoths

Are wireless router users stealing broadband Internet access? The author discusses the application of the NAT (network address translation ) protocol into wireless routers which allows several computers to share a single Internet address. Wireless networks using NAT connect with a cable or DSL modem and then the whole wireless network has Internet access     

Next generation routers

As the broadband access technologies, such as DSL, cable modem, and gigabit Ethernet, are providing affordable broadband solutions to the Internet from home and the enterprise, it is required to build next generation routers with high-speed interfaces (e.g., 10 or 40 Gb/s) and large switching capacity (e.g., multipetabit). This paper first points out the issues of building such routers, such as memory speed constraint, packet arbitration bottleneck, and interconnection complexity. It then presents several algorithms/architectures to implement IP route lookup, packet classification, and switch fabrics. Some of the functions, such as packet classification, route lookup, and traffic management, can be implemented with emerging network processors that have the advantages of providing flexibility to new applications and protocols, shortening the design cycle and time-to-market, and reducing the implementation cost by avoiding the ASIC approach. Several proposed algorithms for IP route lookup and packet classification are compared in respect to their search/update speeds and storage requirements. Different efficient arbitration schemes for output port contention resolution are presented and analyzed. The paper also surveys various switch architectures of commercial routers and switch chip sets. At the end, it outlines several challenging issues that remain to be researched for next generation routers     

基于MPLS骨干网络的VPN解决方案

现有的虚拟专用网(VPN)方案大多基于IP协议,这种结构的VPN在数据包转发速度、扩展性、服务质量等方面都存在欠缺,所以本文提出了基于多协议标记交换(MPLS)骨干网络的VPN解决方案.由于MPLS和IPSec在身份认证方面都没有定义,所以我们在方案中把认证中心(CA)的证书管理引入进来.该方案的核心思想是:利用MPLS在传输效率上的优势,通过CA进行身份认证、IKE协议^[1]进行密钥协商以及IPSec协议^[2]进行数据包加密,从而在MPLS骨干网络上建立一个安全高效的VPN.本文对实现MPLS VPN的每个关键部件都做了进一步的描述.     

Selfishness in mesh networks: wired multihop MANETs

A wireless mesh network is a wired extension of a multihop ad hoc network that defines a new paradigm for broadband wireless Internet access. A packet originating from a mesh client is relayed collaboratively in a multihop fashion by the intermediate mesh routers toward an Internet gateway. All existing mesh routing protocols assume that each MR honestly participates in packet forwarding. This is valid only in a network managed by a single trusted authority. However, a community-based WMN can be formed by a group of independent MRs operated by different service providers. It is a real challenge to establish a priori trust in a multi-operator WMN. In such a situation, a selfish MR might be motivated to monopolize the wireless channel for itself by intentionally dropping others? packets. This results in severe performance degradation. Thus, enforcing collaboration is a determinant aspect in designing a secure and reliable WMN. In this article we analyze selfishness of MRs in a multi-operator WMN and explore its overall negative impact on network performance. We finally present a summary of various existing schemes with respect to detecting selfishness, analyze their usefulness in WMNs, and highlight their relative advantages and deficiencies.     

DICOM image secure communications with Internet protocols IPv6 and IPv4.

Image-data transmission from one site to another through public network is usually characterized in term of privacy, authenticity, and integrity. In this paper, we first describe a general scenario about how image is delivered from one site to another through a wide-area network (WAN) with security features of data privacy, integrity, and authenticity. Second, we give the common implementation method of the digital imaging and communication in medicine (DICOM) image communication software library with IPv6/IPv4 for high-speed broadband Internet by using open-source software. Third, we discuss two major security-transmission methods, the IP security (IPSec) and the secure-socket layer (SSL) or transport-layer security (TLS), being used currently in medical-image-data communication with privacy support. Fourth, we describe a test schema of multiple-modality DICOM-image communications through TCP/IPv4 and TCP/IPv6 with different security methods, different security algorithms, and operating systems, and evaluate the test results. We found that there are tradeoff factors between choosing the IPsec and the SSL/TLS-based security implementation of IPv6/IPv4 protocols. If the WAN networks only use IPv6 such as in high-speed broadband Internet, the choice is IPsec-based security. If the networks are IPv4 or the combination of IPv6 and IPv4, it is better to use SSL/TLS security. The Linux platform has more security algorithms implemented than the Windows (XP) platform, and can achieve better performance in most experiments of IPv6 and IPv4-based DICOM-image communications. In teleradiology or enterprise-PACS applications, the Linux operating system may be the better choice as peer security gateways for both the IPsec and the SSL/TLS-based secure DICOM communications cross public networks.     

IPSec及其实现机制研究

IPSec(Internet协议安全)是一种可无缝为IP引入安全机制的新一代因特网安全协议套件，它在IP层提供安全服务，即适用于目前的IP版本(IPv4)，也适用于下一代IP(IPv6)。IPSec提供的基本服务包括：访问控制、数据源验证、重放包拒绝以及机密性保证机制。本文介绍了IPSec体系结构，对IPSec协议各个组成部分及其实现机制进行了分析，给出了IPSec的实现机制及其应用方式，介绍了其优点，最后简单讨论了IPSec的局限性和未来发展的方向。     

双流县广电互联网接入认证解决方案

在广电双向互动网络基础上,采用PPPoE的接入认证方式为用户提供互联网接入服务,实现安全稳定的宽带接入、快速认证、准确计费和可管理的宽带网络接入认证方案。     

IPSec与IPv6的网络安全

随着Internet的迅猛发展，越来越多的单位和个人把Internet作为传输信息的首要工县，从而导致现有IPv4网络的不安全性和教感信息的保密性之间的矛盾愈演愈烈。为此。IETF在设计下一代互联网协议IPv6时，特别设计了IPSec，用它来保护IP及上层协议的安全。IPsec作为下一代互联网强制支持的安全机制。在很大程度上提高了IP而网络的安全性。介绍了IPsec的安全机制及其应用。以及国内外下一代互联网安全机制的研究现状。