Search results for: IPsec

Authors: M. Moslehpour, S. Khorsandi

Abstract:

Due to shortage in IPv4 addresses, transition to IPv6 has gained significant momentum in recent years. Like Address Resolution Protocol (ARP) in IPv4, Neighbor Discovery Protocol (NDP) provides some functions like address resolution in IPv6. Besides functionality of NDP, it is vulnerable to some attacks. To mitigate these attacks, Internet Protocol Security (IPsec) was introduced, but it was not efficient due to its limitation. Therefore, SEND protocol is proposed to automatic protection of auto-configuration process. It is secure neighbor discovery and address resolution process. To defend against threats on NDP’s integrity and identity, Cryptographically Generated Address (CGA) and asymmetric cryptography are used by SEND. Besides advantages of SEND, its disadvantages like the computation process of CGA algorithm and sequentially of CGA generation algorithm are considerable. In this paper, we parallel this process between network resources in order to improve it. In addition, we compare the CGA generation time in self-computing and distributed-computing process. We focus on the impact of the malicious nodes on the CGA generation time in the network. According to the result, although malicious nodes participate in the generation process, CGA generation time is less than when it is computed in a one-way. By Trust Management System, detecting and insulating malicious nodes is easier.

Keywords: NDP, IPsec, SEND, CGA, modifier, malicious node, self-computing, distributed-computing

Procedia PDF Downloads 253

Authors: Patrick J. Kerpan, Ryan C. Koop, Margaret M. Walker, Chris P. Swan

Abstract:

The User Datagram Protocol (UDP) multicast is a vital part of data center networking that is being left out of major cloud computing providers' network infrastructure. Enterprise users rely on multicast, and particularly UDP multicast to create and connect vital business operations. For example, UPD makes a variety of business functions possible from simultaneous content media updates, High-Performance Computing (HPC) grids, and video call routing for massive open online courses (MOOCs). Essentially, UDP multicast's technological slight is causing a huge effect on whether companies choose to use (or not to use) public cloud infrastructure as a service (IaaS). Allowing the ‘chatty’ UDP multicast protocol inside a cloud network could have a serious impact on the performance of the cloud as a whole. Cloud IaaS providers solve the issue by disallowing all UDP multicast. But what about enterprise use cases for multicast applications in organizations that want to move to the cloud? To re-allow multicast traffic, enterprises can build a layer 3 - 7 network over the top of a data center, private cloud, or public cloud. An overlay network simply creates a private, sealed network on top of the existing network. Overlays give complete control of the network back to enterprise cloud users the freedom to manage their network beyond the control of the cloud provider’s firewall conditions. The same logic applies if for users who wish to use IPsec or BGP network protocols inside or connected into an overlay network in cloud IaaS.

Keywords: cloud computing, protocols, UDP multicast, virtualization

Procedia PDF Downloads 558