排序方式: 共有127条查询结果,搜索用时 15 毫秒
71.
We discuss the strengths and weaknesses of existing tools with respect to the Internet Protocol security (IPsec) name mapping problem: how to ensure a correct mapping between application-layer target names and network-layer target names. We show that DNSSEC is neither necessary nor sufficient for solving the IPsec name mapping problem. We describe design and implementation results for new techniques that are applicable to legacy applications to partially or completely solve the IPsec name mapping problem. As a corollary, we obtain programming recommendations that make it easier to apply these techniques. We show how the set of current IPsec policy parameters can usefully be expanded. We give a prototype of a modified lookup API and argue that the modified API is the preferred long-term solution to the IPsec name mapping problem. We also cover the implications for IPsec key management. Finally, we summarize the environments where IPsec is being used today and discuss which IPsec name mapping techniques are most appropriate for these environments. 相似文献
72.
73.
Three alternative schemes for secure Virtual Private Network (VPN) deployment over the Universal Mobile Telecommunication
System (UMTS) are proposed and analyzed. The proposed schemes enable a mobile node to voluntarily establish an IPsec-based
secure channel to a private network. The alternative schemes differ in the location where the IPsec functionality is placed
within the UMTS network architecture (mobile node, access network, and UMTS network border), depending on the employed security
model, and whether data in transit are ever in clear-text, or available to be tapped by outsiders. The provided levels of
privacy in the deployed VPN schemes, as well as the employed authentication models are examined. An analysis in terms of cost,
complexity, and performance overhead that each method imposes to the underlying network architecture, as well as to the mobile
devices is presented. The level of system reliability and scalability in granting security services is presented. The VPN
management, usability, and trusted relations, as well as their behavior when a mobile user moves are analyzed. The use of
special applications that require access to encapsulated data traffic is explored. Finally, an overall comparison of the proposed
schemes from the security and operation point of view summarizes their relative performance.
Christos Xenakis received his B.Sc. degree in computer science in 1993 and his M.Sc. degree in telecommunication and computer networks in
1996, both from the Department of Informatics and Telecommunications, University of Athens, Greece. In 2004 he received his
Ph.D. from the University of Athens (Department of Informatics and Telecommunications). From 1998–2000 was with the Greek
telecoms system development firm Teletel S.A., where was involved in the design and development of advanced telecommunications
subsystems for ISDN, ATM, GSM, and GPRS. Since 1996 he has been a member of the Communication Networks Laboratory of the University
of Athens. He has participated in numerous projects realized in the context of EU Programs (ACTS, ESPRIT, IST). His research
interests are in the field of mobile/wireless networks, security and distributed network management. He is the author of over
15 papers in the above areas.
Lazaros Merakos received the Diploma in electrical and mechanical engineering from the National Technical University of Athens, Greece, in
1978, and the M.S. and Ph.D. degrees in electrical engineering from the State University of New York, Buffalo, in 1981 and
1984, respectively. From 1983 to 1986, he was on the faculty of Electrical Engineering and Computer Science at the University
of Connecticut, Storrs. From 1986 to 1994 he was on the faculty of the Electrical and Computer Engineering Department at Northeastern
University, Boston, MA. During the period 1993–1994 he served as Director of the Communications and Digital Processing Research
Center at Northeastern University. During the summers of 1990 and 1991, he was a Visiting Scientist at the IBM T. J. Watson
Research Center, Yorktown Heights, NY. In 1994, he joined the faculty of the University of Athens, Athens, Greece, where he
is presently a Professor in the Department of Informatics and Telecommunications, and Director of the Communication Networks
Laboratory (UoA-CNL) and the Networks Operations and Management Center. His research interests are in the design and performance
analysis of broadband networks, and wireless/mobile communication systems and services. He has authored more than 150 papers
in the above areas. Since 1995, he is leading the research activities of UoA-CNL in the area of mobile communications, in
the framework of the Advanced Communication Technologies & Services (ACTS) and Information Society Technologies (IST) programmes
funded by the European Union (projects RAINBOW, Magic WAND, WINE, MOBIVAS, POLOS, ANWIRE). He is chairman of the board of
the Greek Universities Network, the Greek Schools Network, and member of the board of the Greek Research Network. In 1994,
he received the Guanella Award for the Best Paper presented at the International Zurich Seminar on Mobile Communications. 相似文献
74.
在探讨了IPsecVPN和NAT原理的基础之上,提出了利用UDP协议和IKE相结合来解决NAT穿透问题的方法,为VPN在局域网中的应用提供了很好的解决方案. 相似文献
75.
本文在比较目前常用的VPN技术的特点的基础上,介绍了在公共数据网络上应用IPSec隧道网关协议技术来实现相同教育部门之间的Internet互联的方法,并给出了IPSec隧道网关协议技术在教育城域网中的实现。 相似文献
76.
基于IPsec的VPN研究 总被引:2,自引:0,他引:2
张扬 《重庆理工大学学报(自然科学版)》2008,22(1):115-117
介绍了VPN(虚拟专用网)技术,分析了IPsec协议及IPsec VPN工作原理,包括IPsec协议的安全体系结构和IPsec VPN的数据包发送和接受的过程,指出了IPsec VPN的优越性及局限性,为IPsec VPN的应用提供了参考. 相似文献
77.
基于NAT-PT的转换网关实现IPv4向IPV6过渡存在诸多的不足,且不能兼容Ipsec,IPsec是IPv6下的强制安全协议,提供网络层数据的安全。本文在分析了几种转换网关的原理及与IPsec不兼容的原因后,提出了自己兼容IPsec协议的转换网关的设计方案。 相似文献
78.
79.
1 引言简单讲,虚拟专用网(Virtual Private Network)是利用公共网络基础设施(如Internet)来仿真专有广域网络,以下简称VPN。它正快速成为新一代网络服务的基础。目前VPN有多种类型,其中最主要的是基于IP的VPN与MPLS-VPN,这两种VPN各有优势。本文所关心的不是如何论证谁更合适,这超出本文的范围。我们所关心的是如何在IP-VPN体系结构上提供服务质量保证。 相似文献
80.
IPv6协议是取代IPv4的下一代网络协议,它具有许多新的特性和功能.本篇文章主要研究IPv6蜂巢式移动通讯网络[1]的安全机制,利用IETF所制订的IPsec[2]标准应用在下一代移动通讯系统网络中来完成数据传输的保密性与完整性. 相似文献