Institute for Systems Research

Permanent URI for this communityhttp://hdl.handle.net/1903/4375

Browse

Filters

1999 - 199912000 - 20041

Settings

Subject: search.filters.subject.security

Search Results

Now showing 1 - 2 of 2
  • Thumbnail Image
    Item
    Distributed Trust Evaluation in Ad-Hoc Networks
    (2004) Theodorakopoulos, Georgios; Baras, John S.; ISR; CSHCN
    An important concept in network security is trust, interpreted as a relation among entities that participate in various protocols. Trust relations are based on evidence related to the previous interactions of entities within a protocol. In this work, we are focusing on the evaluation process of trust evidence in Ad Hoc Networks. Because of the dynamic nature of Ad Hoc Networks, trust evidence may be uncertain and incomplete. Also, no pre-established infrastructure can be assumed. The process is formulated as a path problem on a directed graph, where nodes represent entities, and edges represent trust relations. We show that two nodes can establish an indirect trust relation without previous direct interaction. The results are robust in the presence of attackers. We give intuitive requirements for any trust evaluation algorithm. The performance of the scheme is evaluated on various topologies.
  • Thumbnail Image
    Item
    IPSEC and the Internet
    (1999) Karir, Manish; Baras, John S.; ISR; CSHCN
    Secure and efficient communication between computers is becoming more essential as companies attempt to utilize the public network infrastructure for supporting communication between their various sites.

    The IPSEC protocols have been proposed as a solution to balance the needs of security and networking between computers. The basic IPSEC protocols are based on the end-to-end security model and when used in the most secure mode do not allow any intermediate nodes in the network to access and obtain information from packet headers encrypted by the security end-points.

    However, with the advent of smart applications in the middle of the network, which attempt to make it more efficient, a tradeoff is created between security and efficiency. This tradeoff is the result of the need for these intelligent applications to access packet header information which is not possible with secure IPSEC flows.

    This thesis analyzes and evaluates several possible solutions to this problem and argues why they all involve an unacceptable loss in the level of security or are not practical in any real system. On the basis of these arguments it thenproposes the use of Layered IPSEC to solve the problem. Layered IPSEC adds flexibility to the current IPSEC protocols by providing the ability to use multiple encryption algorithms with separate encryption keys for different parts of a packet.

    We also describe an experimental implementation of the concept and provide timing measurements from it. On the basis of our experience with the implementation and our experimental measurements we argue for the feasiblity and usefulness of this scheme.