This paper evaluates the performance of Internet Protocol Security (IPSec) based Multiprotocol Label Switching (MPLS) virtual private network (VPN) in a small to medium sized organization. The demand for security in d...This paper evaluates the performance of Internet Protocol Security (IPSec) based Multiprotocol Label Switching (MPLS) virtual private network (VPN) in a small to medium sized organization. The demand for security in data networks has been increasing owing to the high cyber attacks and potential risks associated with networks spread over distant geographical locations. The MPLS networks ride on the public network backbone that is porous and highly susceptible to attacks and so the need for reliable security mechanisms to be part of the deployment plan. The evaluation criteria concentrated on Voice over Internet Protocol (VoIP) and Video conferencing with keen interest in jitter, end to end delivery and general data flow. This study used both structured questionnaire and observation methods. The structured questionnaire was administered to a group of 70 VPN users in a company. This provided the study with precise responses. The observation method was used in data simulations using OPNET Version 14.5 Simulation software. The results show that the IPSec features increase the size of data packets by approximately 9.98% translating into approximately 90.02% effectiveness. The tests showed that the performance metrics are all well within the recommended standards. The IPSec Based MPLS Virtual private network is more stable and secure than one without IPSec.展开更多
Traditional virtual private networks( VPNs) are conditional security. In order to ensure the security and confidentiality of user data transmission,a model of quantum VPN based on Internet protocol security( IPSec...Traditional virtual private networks( VPNs) are conditional security. In order to ensure the security and confidentiality of user data transmission,a model of quantum VPN based on Internet protocol security( IPSec)protocol is proposed. By using quantum keys for key distribution and entangled particles for identity authentication in the network,a secure quantum VPN is relized. The important parameters affecting the performance of the VPN was analyzed. The quantitative relationship between the security key generation rate,the quantum bit error rate( QBER) and the transmission distance was obtained. The factors that affect the system throughput were also analyzed and simulated. Finally,the influence of the quantum noise channel on the entanglement swapping was analyzed. Theoretical analysis and simulation results show that,under a limited number of decoy states,with the transmission distance increased from 0 to 112. 5 km,the secure key generation rate was reduced from 5. 63 × 10^-3 to 1. 22 × 10^-5. When the number of decoy states is fixed,the QBER increases dramatically with the increase of the transmission distance,and the maximum reaches 0. 393. Analysis shows that various factors in communication have a significant impact on system throughput. The generation rate of the effective entanglement photon pairs have decisive effect on the system throughput. Therefore,in the process of quantum VPN communication,various parameters of the system should be properly adjusted to communicate within a safe transmission distance,which can effectively improve the reliability of the quantum communication system.展开更多
We mainly explore (wo problems when combining fPSec module into TCP/IP stackby porting the famous IPSec software (FreeS/WAN ) into a security gateway. One is how to implementthe IPSee module based on Netfilter in Linu...We mainly explore (wo problems when combining fPSec module into TCP/IP stackby porting the famous IPSec software (FreeS/WAN ) into a security gateway. One is how to implementthe IPSee module based on Netfilter in Linux 2. 4. x kernel The other problem is the performancee-valuation. We test the throughput of our security gateway before and after applying IPSec withdifferent encryption/decryption algorithms, including the soft ware-based and hardware-based methodWith these testing data, we analyzefurther system performance bottleneck. In the end, we also inferthe quantitative relation between the system throughput and the speed of encryption/decryptionalgorithm and propose some valuable conclusions for improving performance.展开更多
Remote access is a means of accessing resources outside one’s immediate physical location. This has made employee mobility more effective and productive for most organizations. Remote access can be achieved via vario...Remote access is a means of accessing resources outside one’s immediate physical location. This has made employee mobility more effective and productive for most organizations. Remote access can be achieved via various channels of remote communication, the most common being Virtual Private Networks (VPNs). The demand for remote access is on the rise, especially during the Covid-19 pandemic, and will continue to increase as most organizations are re-structuring to make telecommuting a permanent part of their mode of operation. Employee mobility, while presenting organizations with some advantages, comes with the associated risk of exposing corporate cyber assets to attackers. The remote user and the remote connectivity technology present some vulnerabilities which can be exploited by any threat agent to violate the confidentiality, integrity and availability (CIA) dimensions of these cyber assets. So, how are users and remote devices authenticated? To what extent is the established connection secured? With employee mobility on the rise, it is necessary to analyze the user authentication role since the mobile employee is not under the monitoring radar of the organization, and the environment from which the mobile employee connects may be vulnerable. In this study, an experiment was setup to ascertain the user authentication roles. The experiment showed the process of 2FA in user authentication and it proved to be an effective means of improving user authentication during remote access. This was depicted via the use of what the user has (mobile phone/soft-token) as a second factor in addition to what the user knows, i.e. password. This authentication method overcomes the security weaknesses inherent in single-factor user authentication via the use of password only. However, the results also showed that though 2FA user authentication ensures security, the remote devices could exhibit further vulnerabilities and pose serious risks to the organization. Thus, a varied implementation was recommended to further enhance the security of remote access communication with regards to the remote user authentication.展开更多
In this paper an expert system for remote fault diagnosis in the ship lift was developed by analysis of the fault tree and combination with VPN. The fault tree was constructed based on the operation condition of the s...In this paper an expert system for remote fault diagnosis in the ship lift was developed by analysis of the fault tree and combination with VPN. The fault tree was constructed based on the operation condition of the ship lift. The diagnosis model was constructed by hierarchical classification of the fault tree structure, and the inference mechanism was given. Logical structure of the fault diagnosis in the ship lift was proposed. The implementation of the expert system for remote fault diagnosis in the ship lift was discussed, and the expert system developed was realized on the VPN virtual network. The system was applied to the Gaobaozhou ship lift project, and it ran successfully.展开更多
In order to fulfill the product concurrent design requirements of discrete manufacturing enterprises, this paper puts forth for the first time a Collaborative Product Commerce (CPC) oriented X2D (X to Design) theory, ...In order to fulfill the product concurrent design requirements of discrete manufacturing enterprises, this paper puts forth for the first time a Collaborative Product Commerce (CPC) oriented X2D (X to Design) theory, which can take Collaboration, Commerce and Concurrence (3C) into realization during the product design stage. At the same time, this research adopts VPN (Virtual Private Network) technique to ensure the security of product data and information during transportation. By building CPC oriented and VPN based framework of X2D product concurrent design system, the paper explores a way for discrete enterprises adapting to the drastically competitive market and performing their product innovation.展开更多
With the development of Internet,e-Business has gradually become a new model for business activity,however,the security of e-Business is a major bottleneck restricting the development of e-Business.Network with virtua...With the development of Internet,e-Business has gradually become a new model for business activity,however,the security of e-Business is a major bottleneck restricting the development of e-Business.Network with virtual private network(VPN)can reduce network costs and communication costs,increase flexibility and provide safe and smooth network for the corporations that do e-Business across regions.This article introduces the definition and the technological core of VPN,and researches and analyzes the VPN application in e-commerce.展开更多
Peer-to-peer(P2P)energy trading is an emerging energy supply paradigm where customers with distributed energy resources(DERs)are allowed to directly trade and share electricity with each other.P2P energy trading can f...Peer-to-peer(P2P)energy trading is an emerging energy supply paradigm where customers with distributed energy resources(DERs)are allowed to directly trade and share electricity with each other.P2P energy trading can facilitate local power and energy balance,thus being a potential way to manage the rapidly increasing number of DERs in net zero transition.It is of great importance to explore P2P energy trading via public power networks,to which most DERs are connected.Despite the extensive research on P2P energy trading,there has been little large-scale commercial deployment in practice across the world.In this paper,the practical challenges of conducting P2P energy trading via public power networks are identified and presented,based on the analysis of a practical Local Virtual Private Networks(LVPNs)case in North Wales,UK.The ongoing efforts and emerging solutions to tackling the challenges are then summarized and critically reviewed.Finally,the way forward for facilitating P2P energy trading via public power networks is proposed.展开更多
文摘This paper evaluates the performance of Internet Protocol Security (IPSec) based Multiprotocol Label Switching (MPLS) virtual private network (VPN) in a small to medium sized organization. The demand for security in data networks has been increasing owing to the high cyber attacks and potential risks associated with networks spread over distant geographical locations. The MPLS networks ride on the public network backbone that is porous and highly susceptible to attacks and so the need for reliable security mechanisms to be part of the deployment plan. The evaluation criteria concentrated on Voice over Internet Protocol (VoIP) and Video conferencing with keen interest in jitter, end to end delivery and general data flow. This study used both structured questionnaire and observation methods. The structured questionnaire was administered to a group of 70 VPN users in a company. This provided the study with precise responses. The observation method was used in data simulations using OPNET Version 14.5 Simulation software. The results show that the IPSec features increase the size of data packets by approximately 9.98% translating into approximately 90.02% effectiveness. The tests showed that the performance metrics are all well within the recommended standards. The IPSec Based MPLS Virtual private network is more stable and secure than one without IPSec.
基金supported by the National Natural Science Foundation of China(61172071)the International Scientific and Technological Cooperation and Exchange Program in Shaanxi Province,China(2015KW-013)the Scientific Research Program Funded by Shaanxi Provincial Education Department,China(16JK1711)
文摘Traditional virtual private networks( VPNs) are conditional security. In order to ensure the security and confidentiality of user data transmission,a model of quantum VPN based on Internet protocol security( IPSec)protocol is proposed. By using quantum keys for key distribution and entangled particles for identity authentication in the network,a secure quantum VPN is relized. The important parameters affecting the performance of the VPN was analyzed. The quantitative relationship between the security key generation rate,the quantum bit error rate( QBER) and the transmission distance was obtained. The factors that affect the system throughput were also analyzed and simulated. Finally,the influence of the quantum noise channel on the entanglement swapping was analyzed. Theoretical analysis and simulation results show that,under a limited number of decoy states,with the transmission distance increased from 0 to 112. 5 km,the secure key generation rate was reduced from 5. 63 × 10^-3 to 1. 22 × 10^-5. When the number of decoy states is fixed,the QBER increases dramatically with the increase of the transmission distance,and the maximum reaches 0. 393. Analysis shows that various factors in communication have a significant impact on system throughput. The generation rate of the effective entanglement photon pairs have decisive effect on the system throughput. Therefore,in the process of quantum VPN communication,various parameters of the system should be properly adjusted to communicate within a safe transmission distance,which can effectively improve the reliability of the quantum communication system.
文摘We mainly explore (wo problems when combining fPSec module into TCP/IP stackby porting the famous IPSec software (FreeS/WAN ) into a security gateway. One is how to implementthe IPSee module based on Netfilter in Linux 2. 4. x kernel The other problem is the performancee-valuation. We test the throughput of our security gateway before and after applying IPSec withdifferent encryption/decryption algorithms, including the soft ware-based and hardware-based methodWith these testing data, we analyzefurther system performance bottleneck. In the end, we also inferthe quantitative relation between the system throughput and the speed of encryption/decryptionalgorithm and propose some valuable conclusions for improving performance.
文摘Remote access is a means of accessing resources outside one’s immediate physical location. This has made employee mobility more effective and productive for most organizations. Remote access can be achieved via various channels of remote communication, the most common being Virtual Private Networks (VPNs). The demand for remote access is on the rise, especially during the Covid-19 pandemic, and will continue to increase as most organizations are re-structuring to make telecommuting a permanent part of their mode of operation. Employee mobility, while presenting organizations with some advantages, comes with the associated risk of exposing corporate cyber assets to attackers. The remote user and the remote connectivity technology present some vulnerabilities which can be exploited by any threat agent to violate the confidentiality, integrity and availability (CIA) dimensions of these cyber assets. So, how are users and remote devices authenticated? To what extent is the established connection secured? With employee mobility on the rise, it is necessary to analyze the user authentication role since the mobile employee is not under the monitoring radar of the organization, and the environment from which the mobile employee connects may be vulnerable. In this study, an experiment was setup to ascertain the user authentication roles. The experiment showed the process of 2FA in user authentication and it proved to be an effective means of improving user authentication during remote access. This was depicted via the use of what the user has (mobile phone/soft-token) as a second factor in addition to what the user knows, i.e. password. This authentication method overcomes the security weaknesses inherent in single-factor user authentication via the use of password only. However, the results also showed that though 2FA user authentication ensures security, the remote devices could exhibit further vulnerabilities and pose serious risks to the organization. Thus, a varied implementation was recommended to further enhance the security of remote access communication with regards to the remote user authentication.
文摘In this paper an expert system for remote fault diagnosis in the ship lift was developed by analysis of the fault tree and combination with VPN. The fault tree was constructed based on the operation condition of the ship lift. The diagnosis model was constructed by hierarchical classification of the fault tree structure, and the inference mechanism was given. Logical structure of the fault diagnosis in the ship lift was proposed. The implementation of the expert system for remote fault diagnosis in the ship lift was discussed, and the expert system developed was realized on the VPN virtual network. The system was applied to the Gaobaozhou ship lift project, and it ran successfully.
文摘In order to fulfill the product concurrent design requirements of discrete manufacturing enterprises, this paper puts forth for the first time a Collaborative Product Commerce (CPC) oriented X2D (X to Design) theory, which can take Collaboration, Commerce and Concurrence (3C) into realization during the product design stage. At the same time, this research adopts VPN (Virtual Private Network) technique to ensure the security of product data and information during transportation. By building CPC oriented and VPN based framework of X2D product concurrent design system, the paper explores a way for discrete enterprises adapting to the drastically competitive market and performing their product innovation.
基金The 2012 Development Plan of Science and Technology of Shanxi Province(No.20120321032)
文摘With the development of Internet,e-Business has gradually become a new model for business activity,however,the security of e-Business is a major bottleneck restricting the development of e-Business.Network with virtual private network(VPN)can reduce network costs and communication costs,increase flexibility and provide safe and smooth network for the corporations that do e-Business across regions.This article introduces the definition and the technological core of VPN,and researches and analyzes the VPN application in e-commerce.
文摘Peer-to-peer(P2P)energy trading is an emerging energy supply paradigm where customers with distributed energy resources(DERs)are allowed to directly trade and share electricity with each other.P2P energy trading can facilitate local power and energy balance,thus being a potential way to manage the rapidly increasing number of DERs in net zero transition.It is of great importance to explore P2P energy trading via public power networks,to which most DERs are connected.Despite the extensive research on P2P energy trading,there has been little large-scale commercial deployment in practice across the world.In this paper,the practical challenges of conducting P2P energy trading via public power networks are identified and presented,based on the analysis of a practical Local Virtual Private Networks(LVPNs)case in North Wales,UK.The ongoing efforts and emerging solutions to tackling the challenges are then summarized and critically reviewed.Finally,the way forward for facilitating P2P energy trading via public power networks is proposed.