End hopping is an active and effective technology for defending against adversaries in the network warfare.Synchronization is a key technology of end hopping.However,the common synchronization methods are insufficient...End hopping is an active and effective technology for defending against adversaries in the network warfare.Synchronization is a key technology of end hopping.However,the common synchronization methods are insufficient for end hopping.Based on timestamp synchronization,this paper proposes a novel method of Distributed Timestamp Synchronization(DTS)to improve the capacity of synchronization.DTS uses a list of timestamp servers which are located all over the Internet to synchronize timestamp,and a list of clock offsets to adjust the synchronized timestamp.DTS can overcome the main deficiencies(request overwhelming and boundary failure)of timestamp synchronization.Experiments show that DTS is a feasible synchronization technology for end hopping.展开更多
End hopping is one of the good methods to defend against network attack,but has problems with network address translation(NAT) because packets sent from an unknown endpoint would be dropped by NAT.To avoid the dropp...End hopping is one of the good methods to defend against network attack,but has problems with network address translation(NAT) because packets sent from an unknown endpoint would be dropped by NAT.To avoid the dropping of packets,we propose a punching scheme:a client sends a punching packet to create mapping rules in NAT,so that the packets from the server would be able to pass through effectively with such rules.In this paper,some preliminaries and definitions are provided for building the model of end hopping.Then we discuss the main reason of such packet dropping and specify all the failure situations based on the model.What's more,we analyze how the punching scheme helps end hopping cross NAT.Finally,we validate the feasibility of this scheme with empirical results:if the client is behind a NAT and with punching scheme,the service rate increases to 100%.Therefore,our proposed scheme can greatly improve the performance of crossing NAT in end hopping with little security and computational overhead.展开更多
基金National Natural Science Foundation of China under Grant No. 60973141Natural Science Foundation of Tianjin under Grant No. 09JCYBJ00300Specialized Research Fund for the Doctoral Program of Higher Education of China under Grant No. 20100031110030
文摘End hopping is an active and effective technology for defending against adversaries in the network warfare.Synchronization is a key technology of end hopping.However,the common synchronization methods are insufficient for end hopping.Based on timestamp synchronization,this paper proposes a novel method of Distributed Timestamp Synchronization(DTS)to improve the capacity of synchronization.DTS uses a list of timestamp servers which are located all over the Internet to synchronize timestamp,and a list of clock offsets to adjust the synchronized timestamp.DTS can overcome the main deficiencies(request overwhelming and boundary failure)of timestamp synchronization.Experiments show that DTS is a feasible synchronization technology for end hopping.
基金Supported by the National Natural Science Foundation of China (60973141,61272423)the Specialized Research Fund for the Doctoral Program of Higher Education of China (20100031110030)the Funds of Key Lab of Fujian Province University Network Security and Cryptology (2011004)
文摘End hopping is one of the good methods to defend against network attack,but has problems with network address translation(NAT) because packets sent from an unknown endpoint would be dropped by NAT.To avoid the dropping of packets,we propose a punching scheme:a client sends a punching packet to create mapping rules in NAT,so that the packets from the server would be able to pass through effectively with such rules.In this paper,some preliminaries and definitions are provided for building the model of end hopping.Then we discuss the main reason of such packet dropping and specify all the failure situations based on the model.What's more,we analyze how the punching scheme helps end hopping cross NAT.Finally,we validate the feasibility of this scheme with empirical results:if the client is behind a NAT and with punching scheme,the service rate increases to 100%.Therefore,our proposed scheme can greatly improve the performance of crossing NAT in end hopping with little security and computational overhead.
