This paper evaluates the performance of Internet Protocol Security (IPSec) based Multiprotocol Label Switching (MPLS) virtual private network (VPN) in a small to medium sized organization. The demand for security in d...This paper evaluates the performance of Internet Protocol Security (IPSec) based Multiprotocol Label Switching (MPLS) virtual private network (VPN) in a small to medium sized organization. The demand for security in data networks has been increasing owing to the high cyber attacks and potential risks associated with networks spread over distant geographical locations. The MPLS networks ride on the public network backbone that is porous and highly susceptible to attacks and so the need for reliable security mechanisms to be part of the deployment plan. The evaluation criteria concentrated on Voice over Internet Protocol (VoIP) and Video conferencing with keen interest in jitter, end to end delivery and general data flow. This study used both structured questionnaire and observation methods. The structured questionnaire was administered to a group of 70 VPN users in a company. This provided the study with precise responses. The observation method was used in data simulations using OPNET Version 14.5 Simulation software. The results show that the IPSec features increase the size of data packets by approximately 9.98% translating into approximately 90.02% effectiveness. The tests showed that the performance metrics are all well within the recommended standards. The IPSec Based MPLS Virtual private network is more stable and secure than one without IPSec.展开更多
Traditional virtual private networks( VPNs) are conditional security. In order to ensure the security and confidentiality of user data transmission,a model of quantum VPN based on Internet protocol security( IPSec...Traditional virtual private networks( VPNs) are conditional security. In order to ensure the security and confidentiality of user data transmission,a model of quantum VPN based on Internet protocol security( IPSec)protocol is proposed. By using quantum keys for key distribution and entangled particles for identity authentication in the network,a secure quantum VPN is relized. The important parameters affecting the performance of the VPN was analyzed. The quantitative relationship between the security key generation rate,the quantum bit error rate( QBER) and the transmission distance was obtained. The factors that affect the system throughput were also analyzed and simulated. Finally,the influence of the quantum noise channel on the entanglement swapping was analyzed. Theoretical analysis and simulation results show that,under a limited number of decoy states,with the transmission distance increased from 0 to 112. 5 km,the secure key generation rate was reduced from 5. 63 × 10^-3 to 1. 22 × 10^-5. When the number of decoy states is fixed,the QBER increases dramatically with the increase of the transmission distance,and the maximum reaches 0. 393. Analysis shows that various factors in communication have a significant impact on system throughput. The generation rate of the effective entanglement photon pairs have decisive effect on the system throughput. Therefore,in the process of quantum VPN communication,various parameters of the system should be properly adjusted to communicate within a safe transmission distance,which can effectively improve the reliability of the quantum communication system.展开更多
The virtual private network (VPN) system, which is one of the construction methods for private networks over the Internet, is gaining prominence. VPNs are currently used for corporate networks to support end to end ...The virtual private network (VPN) system, which is one of the construction methods for private networks over the Internet, is gaining prominence. VPNs are currently used for corporate networks to support end to end communications. But if they are applied to private networks for distributed departments in organizations, some problems should be concerned, such as low efficiency of packet transfer and nonsupport of unsymmetrical VPN connections. At first this paper analyzes the limitations of VPN used in the environment of multiple subnets, and then brings up a distributed module of VPN with low cost, high packet transfer efficiency and powerful functions of user authentication and access control.展开更多
With the rapid development of Virtual Private Network (VPN), many companies and organizations use VPN to implement their private communication. Traditionally, VPN uses security protocols to protect the confidentiality...With the rapid development of Virtual Private Network (VPN), many companies and organizations use VPN to implement their private communication. Traditionally, VPN uses security protocols to protect the confidentiality of data, the message integrity and the endpoint authentication. One core technique of VPN is tunneling, by which clients can access the in- ternal servers traversing VPN. However, the tunneling technique also introduces a concealed security hole. It is possible that if one vicious user can establish tunneling by the VPN server, he can compromise the internal servers behind the VPN server. So this paper presents a novel Application-layer based Centralized Information Access Control (ACIAC) for VPN to solve this problem. To implement an efficient, flexible and multi-decision access control model, we present two key techniques to ACIAC—the centralized management mechanism and the stream-based access control. Firstly, we implement the information center and the constraints/events center for ACIAC. By the two centers, we can provide an abstract access control mechanism, and the material access control can be decided dynamically by the ACIAC’s constraint/event mechanism. Then we logically classify the VPN communication traffic into the access stream and the data stream so that we can tightly couple the features of VPN communication with the access control model. We also provide the design of our ACIAC prototype in this paper.展开更多
We mainly explore (wo problems when combining fPSec module into TCP/IP stackby porting the famous IPSec software (FreeS/WAN ) into a security gateway. One is how to implementthe IPSee module based on Netfilter in Linu...We mainly explore (wo problems when combining fPSec module into TCP/IP stackby porting the famous IPSec software (FreeS/WAN ) into a security gateway. One is how to implementthe IPSee module based on Netfilter in Linux 2. 4. x kernel The other problem is the performancee-valuation. We test the throughput of our security gateway before and after applying IPSec withdifferent encryption/decryption algorithms, including the soft ware-based and hardware-based methodWith these testing data, we analyzefurther system performance bottleneck. In the end, we also inferthe quantitative relation between the system throughput and the speed of encryption/decryptionalgorithm and propose some valuable conclusions for improving performance.展开更多
Remote access is a means of accessing resources outside one’s immediate physical location. This has made employee mobility more effective and productive for most organizations. Remote access can be achieved via vario...Remote access is a means of accessing resources outside one’s immediate physical location. This has made employee mobility more effective and productive for most organizations. Remote access can be achieved via various channels of remote communication, the most common being Virtual Private Networks (VPNs). The demand for remote access is on the rise, especially during the Covid-19 pandemic, and will continue to increase as most organizations are re-structuring to make telecommuting a permanent part of their mode of operation. Employee mobility, while presenting organizations with some advantages, comes with the associated risk of exposing corporate cyber assets to attackers. The remote user and the remote connectivity technology present some vulnerabilities which can be exploited by any threat agent to violate the confidentiality, integrity and availability (CIA) dimensions of these cyber assets. So, how are users and remote devices authenticated? To what extent is the established connection secured? With employee mobility on the rise, it is necessary to analyze the user authentication role since the mobile employee is not under the monitoring radar of the organization, and the environment from which the mobile employee connects may be vulnerable. In this study, an experiment was setup to ascertain the user authentication roles. The experiment showed the process of 2FA in user authentication and it proved to be an effective means of improving user authentication during remote access. This was depicted via the use of what the user has (mobile phone/soft-token) as a second factor in addition to what the user knows, i.e. password. This authentication method overcomes the security weaknesses inherent in single-factor user authentication via the use of password only. However, the results also showed that though 2FA user authentication ensures security, the remote devices could exhibit further vulnerabilities and pose serious risks to the organization. Thus, a varied implementation was recommended to further enhance the security of remote access communication with regards to the remote user authentication.展开更多
In this paper an expert system for remote fault diagnosis in the ship lift was developed by analysis of the fault tree and combination with VPN. The fault tree was constructed based on the operation condition of the s...In this paper an expert system for remote fault diagnosis in the ship lift was developed by analysis of the fault tree and combination with VPN. The fault tree was constructed based on the operation condition of the ship lift. The diagnosis model was constructed by hierarchical classification of the fault tree structure, and the inference mechanism was given. Logical structure of the fault diagnosis in the ship lift was proposed. The implementation of the expert system for remote fault diagnosis in the ship lift was discussed, and the expert system developed was realized on the VPN virtual network. The system was applied to the Gaobaozhou ship lift project, and it ran successfully.展开更多
A multi-homed VPN architecture based on extended SOCKSv5 and TLS was proposed. The architecture employs a dynamic connection mechanism for multiple proxies in the end system,i n which the security-demanded transmissio...A multi-homed VPN architecture based on extended SOCKSv5 and TLS was proposed. The architecture employs a dynamic connection mechanism for multiple proxies in the end system,i n which the security-demanded transmission connections can switch smoothly among the multiple proxies by maint aining a coherent connection context.The mechanism is transparent to application programs and can support th e building of VPN.With the cooperation of some other security components,the mechanism guarantees the reso urce availability and reliability of the end system against some attacks to the specific ports or hosts.展开更多
In order to fulfill the product concurrent design requirements of discrete manufacturing enterprises, this paper puts forth for the first time a Collaborative Product Commerce (CPC) oriented X2D (X to Design) theory, ...In order to fulfill the product concurrent design requirements of discrete manufacturing enterprises, this paper puts forth for the first time a Collaborative Product Commerce (CPC) oriented X2D (X to Design) theory, which can take Collaboration, Commerce and Concurrence (3C) into realization during the product design stage. At the same time, this research adopts VPN (Virtual Private Network) technique to ensure the security of product data and information during transportation. By building CPC oriented and VPN based framework of X2D product concurrent design system, the paper explores a way for discrete enterprises adapting to the drastically competitive market and performing their product innovation.展开更多
MPLS(Multi-Protocol Label Switching) VPN(Virtual Private Network) traffic has been deployed widely, but currently only supports unicast. This paper briefly introduces several available MPLS VPN multicast approaches, a...MPLS(Multi-Protocol Label Switching) VPN(Virtual Private Network) traffic has been deployed widely, but currently only supports unicast. This paper briefly introduces several available MPLS VPN multicast approaches, and then analyzes their disadvantages. A novel mechanism that uses two-layer label stack to support MPLS VPN explicit multicast is proposed and the process is discussed in detail. The scalability and performance of the proposed mechanism are studied analytically. The result shows that our solution has great advantage over the currently available scheme in terms of saving core network bandwidth and improving the scalability.展开更多
With the development of lnternet, eBusiness has gradually become a new model for business activity, however, the security of eBusiness is a major bottleneck restricting the development of eBusiness. Network with virtu...With the development of lnternet, eBusiness has gradually become a new model for business activity, however, the security of eBusiness is a major bottleneck restricting the development of eBusiness. Network with virtual private net work(VPN) can reduce network costs and communication costs, increase flexibility and provide safe and smooth network for the corporations that do eBusiness across regions. This article introduces the definition and the technological core of VPN, and researches and analyzes the VPN application in ecommerce.展开更多
Peer-to-peer(P2P)energy trading is an emerging energy supply paradigm where customers with distributed energy resources(DERs)are allowed to directly trade and share electricity with each other.P2P energy trading can f...Peer-to-peer(P2P)energy trading is an emerging energy supply paradigm where customers with distributed energy resources(DERs)are allowed to directly trade and share electricity with each other.P2P energy trading can facilitate local power and energy balance,thus being a potential way to manage the rapidly increasing number of DERs in net zero transition.It is of great importance to explore P2P energy trading via public power networks,to which most DERs are connected.Despite the extensive research on P2P energy trading,there has been little large-scale commercial deployment in practice across the world.In this paper,the practical challenges of conducting P2P energy trading via public power networks are identified and presented,based on the analysis of a practical Local Virtual Private Networks(LVPNs)case in North Wales,UK.The ongoing efforts and emerging solutions to tackling the challenges are then summarized and critically reviewed.Finally,the way forward for facilitating P2P energy trading via public power networks is proposed.展开更多
With the rapid development of optical elements with large capacity and high speed, the network architecture is of great importance in determing the performance of wavelength division multiplexing passive optical netwo...With the rapid development of optical elements with large capacity and high speed, the network architecture is of great importance in determing the performance of wavelength division multiplexing passive optical network (WDM-PON). This paper proposes a switching struc^re based on the tunable wavelength converter (TWC) and the ar- rayed-waveguide grating (AWG) for WDM-PON, in order to provide the function of opitcal virtual private network (OVPN). Using the tunable wavelength converter technology, this switch structure is designed and works between the optical line terminal (OLT) and optical network units (ONUs) in the WDM-PON system. Moreover, the wavelength assignment of upstream/downstream can be realized and direct communication between ONUs is also allowed by privite wavelength channel. Simulation results show that the proposed TWC and AWG based switching structure is able to achieve OVPN function and to gain better performances in terms of bite error rate (BER) and time delay.展开更多
文摘This paper evaluates the performance of Internet Protocol Security (IPSec) based Multiprotocol Label Switching (MPLS) virtual private network (VPN) in a small to medium sized organization. The demand for security in data networks has been increasing owing to the high cyber attacks and potential risks associated with networks spread over distant geographical locations. The MPLS networks ride on the public network backbone that is porous and highly susceptible to attacks and so the need for reliable security mechanisms to be part of the deployment plan. The evaluation criteria concentrated on Voice over Internet Protocol (VoIP) and Video conferencing with keen interest in jitter, end to end delivery and general data flow. This study used both structured questionnaire and observation methods. The structured questionnaire was administered to a group of 70 VPN users in a company. This provided the study with precise responses. The observation method was used in data simulations using OPNET Version 14.5 Simulation software. The results show that the IPSec features increase the size of data packets by approximately 9.98% translating into approximately 90.02% effectiveness. The tests showed that the performance metrics are all well within the recommended standards. The IPSec Based MPLS Virtual private network is more stable and secure than one without IPSec.
基金supported by the National Natural Science Foundation of China(61172071)the International Scientific and Technological Cooperation and Exchange Program in Shaanxi Province,China(2015KW-013)the Scientific Research Program Funded by Shaanxi Provincial Education Department,China(16JK1711)
文摘Traditional virtual private networks( VPNs) are conditional security. In order to ensure the security and confidentiality of user data transmission,a model of quantum VPN based on Internet protocol security( IPSec)protocol is proposed. By using quantum keys for key distribution and entangled particles for identity authentication in the network,a secure quantum VPN is relized. The important parameters affecting the performance of the VPN was analyzed. The quantitative relationship between the security key generation rate,the quantum bit error rate( QBER) and the transmission distance was obtained. The factors that affect the system throughput were also analyzed and simulated. Finally,the influence of the quantum noise channel on the entanglement swapping was analyzed. Theoretical analysis and simulation results show that,under a limited number of decoy states,with the transmission distance increased from 0 to 112. 5 km,the secure key generation rate was reduced from 5. 63 × 10^-3 to 1. 22 × 10^-5. When the number of decoy states is fixed,the QBER increases dramatically with the increase of the transmission distance,and the maximum reaches 0. 393. Analysis shows that various factors in communication have a significant impact on system throughput. The generation rate of the effective entanglement photon pairs have decisive effect on the system throughput. Therefore,in the process of quantum VPN communication,various parameters of the system should be properly adjusted to communicate within a safe transmission distance,which can effectively improve the reliability of the quantum communication system.
文摘The virtual private network (VPN) system, which is one of the construction methods for private networks over the Internet, is gaining prominence. VPNs are currently used for corporate networks to support end to end communications. But if they are applied to private networks for distributed departments in organizations, some problems should be concerned, such as low efficiency of packet transfer and nonsupport of unsymmetrical VPN connections. At first this paper analyzes the limitations of VPN used in the environment of multiple subnets, and then brings up a distributed module of VPN with low cost, high packet transfer efficiency and powerful functions of user authentication and access control.
基金Project (No. 60373088) supported by the National Natural ScienceFoundation of China
文摘With the rapid development of Virtual Private Network (VPN), many companies and organizations use VPN to implement their private communication. Traditionally, VPN uses security protocols to protect the confidentiality of data, the message integrity and the endpoint authentication. One core technique of VPN is tunneling, by which clients can access the in- ternal servers traversing VPN. However, the tunneling technique also introduces a concealed security hole. It is possible that if one vicious user can establish tunneling by the VPN server, he can compromise the internal servers behind the VPN server. So this paper presents a novel Application-layer based Centralized Information Access Control (ACIAC) for VPN to solve this problem. To implement an efficient, flexible and multi-decision access control model, we present two key techniques to ACIAC—the centralized management mechanism and the stream-based access control. Firstly, we implement the information center and the constraints/events center for ACIAC. By the two centers, we can provide an abstract access control mechanism, and the material access control can be decided dynamically by the ACIAC’s constraint/event mechanism. Then we logically classify the VPN communication traffic into the access stream and the data stream so that we can tightly couple the features of VPN communication with the access control model. We also provide the design of our ACIAC prototype in this paper.
文摘We mainly explore (wo problems when combining fPSec module into TCP/IP stackby porting the famous IPSec software (FreeS/WAN ) into a security gateway. One is how to implementthe IPSee module based on Netfilter in Linux 2. 4. x kernel The other problem is the performancee-valuation. We test the throughput of our security gateway before and after applying IPSec withdifferent encryption/decryption algorithms, including the soft ware-based and hardware-based methodWith these testing data, we analyzefurther system performance bottleneck. In the end, we also inferthe quantitative relation between the system throughput and the speed of encryption/decryptionalgorithm and propose some valuable conclusions for improving performance.
文摘Remote access is a means of accessing resources outside one’s immediate physical location. This has made employee mobility more effective and productive for most organizations. Remote access can be achieved via various channels of remote communication, the most common being Virtual Private Networks (VPNs). The demand for remote access is on the rise, especially during the Covid-19 pandemic, and will continue to increase as most organizations are re-structuring to make telecommuting a permanent part of their mode of operation. Employee mobility, while presenting organizations with some advantages, comes with the associated risk of exposing corporate cyber assets to attackers. The remote user and the remote connectivity technology present some vulnerabilities which can be exploited by any threat agent to violate the confidentiality, integrity and availability (CIA) dimensions of these cyber assets. So, how are users and remote devices authenticated? To what extent is the established connection secured? With employee mobility on the rise, it is necessary to analyze the user authentication role since the mobile employee is not under the monitoring radar of the organization, and the environment from which the mobile employee connects may be vulnerable. In this study, an experiment was setup to ascertain the user authentication roles. The experiment showed the process of 2FA in user authentication and it proved to be an effective means of improving user authentication during remote access. This was depicted via the use of what the user has (mobile phone/soft-token) as a second factor in addition to what the user knows, i.e. password. This authentication method overcomes the security weaknesses inherent in single-factor user authentication via the use of password only. However, the results also showed that though 2FA user authentication ensures security, the remote devices could exhibit further vulnerabilities and pose serious risks to the organization. Thus, a varied implementation was recommended to further enhance the security of remote access communication with regards to the remote user authentication.
文摘In this paper an expert system for remote fault diagnosis in the ship lift was developed by analysis of the fault tree and combination with VPN. The fault tree was constructed based on the operation condition of the ship lift. The diagnosis model was constructed by hierarchical classification of the fault tree structure, and the inference mechanism was given. Logical structure of the fault diagnosis in the ship lift was proposed. The implementation of the expert system for remote fault diagnosis in the ship lift was discussed, and the expert system developed was realized on the VPN virtual network. The system was applied to the Gaobaozhou ship lift project, and it ran successfully.
基金National Natural Science Foundation ofChina (No.90104029)
文摘A multi-homed VPN architecture based on extended SOCKSv5 and TLS was proposed. The architecture employs a dynamic connection mechanism for multiple proxies in the end system,i n which the security-demanded transmission connections can switch smoothly among the multiple proxies by maint aining a coherent connection context.The mechanism is transparent to application programs and can support th e building of VPN.With the cooperation of some other security components,the mechanism guarantees the reso urce availability and reliability of the end system against some attacks to the specific ports or hosts.
文摘In order to fulfill the product concurrent design requirements of discrete manufacturing enterprises, this paper puts forth for the first time a Collaborative Product Commerce (CPC) oriented X2D (X to Design) theory, which can take Collaboration, Commerce and Concurrence (3C) into realization during the product design stage. At the same time, this research adopts VPN (Virtual Private Network) technique to ensure the security of product data and information during transportation. By building CPC oriented and VPN based framework of X2D product concurrent design system, the paper explores a way for discrete enterprises adapting to the drastically competitive market and performing their product innovation.
基金Supported by the National Natural Science Foundation of China(No.90204003)and National"863"Project(2001AAl21052)
文摘MPLS(Multi-Protocol Label Switching) VPN(Virtual Private Network) traffic has been deployed widely, but currently only supports unicast. This paper briefly introduces several available MPLS VPN multicast approaches, and then analyzes their disadvantages. A novel mechanism that uses two-layer label stack to support MPLS VPN explicit multicast is proposed and the process is discussed in detail. The scalability and performance of the proposed mechanism are studied analytically. The result shows that our solution has great advantage over the currently available scheme in terms of saving core network bandwidth and improving the scalability.
基金The 2012 Development Plan of Science and Technology of Shanxi Province(No.20120321032)
文摘With the development of lnternet, eBusiness has gradually become a new model for business activity, however, the security of eBusiness is a major bottleneck restricting the development of eBusiness. Network with virtual private net work(VPN) can reduce network costs and communication costs, increase flexibility and provide safe and smooth network for the corporations that do eBusiness across regions. This article introduces the definition and the technological core of VPN, and researches and analyzes the VPN application in ecommerce.
文摘Peer-to-peer(P2P)energy trading is an emerging energy supply paradigm where customers with distributed energy resources(DERs)are allowed to directly trade and share electricity with each other.P2P energy trading can facilitate local power and energy balance,thus being a potential way to manage the rapidly increasing number of DERs in net zero transition.It is of great importance to explore P2P energy trading via public power networks,to which most DERs are connected.Despite the extensive research on P2P energy trading,there has been little large-scale commercial deployment in practice across the world.In this paper,the practical challenges of conducting P2P energy trading via public power networks are identified and presented,based on the analysis of a practical Local Virtual Private Networks(LVPNs)case in North Wales,UK.The ongoing efforts and emerging solutions to tackling the challenges are then summarized and critically reviewed.Finally,the way forward for facilitating P2P energy trading via public power networks is proposed.
基金supported by the National High Technical Research and Development Program of China(No.2012AA050804)
文摘With the rapid development of optical elements with large capacity and high speed, the network architecture is of great importance in determing the performance of wavelength division multiplexing passive optical network (WDM-PON). This paper proposes a switching struc^re based on the tunable wavelength converter (TWC) and the ar- rayed-waveguide grating (AWG) for WDM-PON, in order to provide the function of opitcal virtual private network (OVPN). Using the tunable wavelength converter technology, this switch structure is designed and works between the optical line terminal (OLT) and optical network units (ONUs) in the WDM-PON system. Moreover, the wavelength assignment of upstream/downstream can be realized and direct communication between ONUs is also allowed by privite wavelength channel. Simulation results show that the proposed TWC and AWG based switching structure is able to achieve OVPN function and to gain better performances in terms of bite error rate (BER) and time delay.
