Remote Access Communications Security: Analysis of User Authentication Roles in Organizations

Remote access is a means of accessing resources outside one’s immediate physical location. This has made employee mobility more effective and productive for most organizations. Remote access can be achieved via various channels of remote communication, the most common being Virtual Private Networks (VPNs). The demand for remote access is on the rise, especially during the Covid-19 pandemic, and will continue to increase as most organizations are re-structuring to make telecommuting a permanent part of their mode of operation. Employee mobility, while presenting organizations with some advantages, comes with the associated risk of exposing corporate cyber assets to attackers. The remote user and the remote connectivity technology present some vulnerabilities which can be exploited by any threat agent to violate the confidentiality, integrity and availability (CIA) dimensions of these cyber assets. So, how are users and remote devices authenticated? To what extent is the established connection secured? With employee mobility on the rise, it is necessary to analyze the user authentication role since the mobile employee is not under the monitoring radar of the organization, and the environment from which the mobile employee connects may be vulnerable. In this study, an experiment was setup to ascertain the user authentication roles. The experiment showed the process of 2FA in user authentication and it proved to be an effective means of improving user authentication during remote access. This was depicted via the use of what the user has (mobile phone/soft-token) as a second factor in addition to what the user knows, i.e. password. This authentication method overcomes the security weaknesses inherent in single-factor user authentication via the use of password only. However, the results also showed that though 2FA user authentication ensures security, the remote devices could exhibit further vulnerabilities and pose serious risks to the organization. Thus, a varied implementation was recommended to further enhance the security of remote access communication with regards to the remote user authentication.

Secure Multifactor Remote Access User Authentication Framework for IoT Networks

The term IoT refers to the interconnection and exchange of data among devices/sensors.IoT devices are often small,low cost,and have limited resources.The IoT issues and challenges are growing increasingly.Security and privacy issues are among the most important concerns in IoT applications,such as smart buildings.Remote cybersecurity attacks are the attacks which do not require physical access to the IoT networks,where the attacker can remotely access and communicate with the IoT devices through a wireless communication channel.Thus,remote cybersecurity attacks are a significant threat.Emerging applications in smart environments such as smart buildings require remote access for both users and resources.Since the user/building communication channel is insecure,a lightweight and secure authentication protocol is required.In this paper,we propose a new secure remote user mutual authentication protocol based on transitory identities and multi-factor authentication for IoT smart building environment.The protocol ensures that only legitimate users can authenticate with smart building controllers in an anonymous,unlinkable,and untraceable manner.The protocol also avoids clock synchronization problem and can resist quantum computing attacks.The security of the protocol is evaluated using two different methods:(1)informal analysis;(2)model check using the automated validation of internet security protocols and applications(AVISPA)toolkit.The communication overhead and computational cost of the proposed are analyzed.The security and performance analysis show that our protocol is secure and efficient.

Analysis of Call Drop Problem for Remote Access Server on Server Side

Call drop is one of the most common problems encountered by ISP with PSTN access. In this pacer several reasons on server side that cause modem disconnection are analyzed. In the last part of this paper, some solutions are Put forward to reduce call drop rate.

Secure Remote Access IPSEC Virtual Private Network to University Network System

With the popularity of the Internet and improvement of information technology,digital information sharing increasingly becomes the trend.More and More universities pay attention to the digital campus,and the construction of digital library has become the focus of digital campus.A set of manageable,authenticated and secure solutions are needed for remote access to make the campus network be a transit point for the outside users.Remote Access IPSEC Virtual Private Network gives the solution of remote access to e-library resources,networks resources and so on very safely through a public network.It establishes a safe and stable tunnel which encrypts the data passing through it with robust secured algorithms.It is to establish a virtual private network in Internet,so that the two long-distance network users can transmit data to each other in a dedicated network channel.Using this technology,multi-network campus can communicate securely in the unreliable public internet.

xCCL:A Survey of Industry-Led Collective Communication Libraries for Deep Learning

Machine learning techniques have become ubiquitous both in industry and academic applications.Increasing model sizes and training data volumes necessitate fast and efficient distributed training approaches.Collective communications greatly simplify inter-and intra-node data transfer and are an essential part of the distributed training process as information such as gradients must be shared between processing nodes.In this paper,we survey the current state-of-the-art collective communication libraries(namely xCCL,including NCCL,oneCCL,RCCL,MSCCL,ACCL,and Gloo),with a focus on the industry-led ones for deep learning workloads.We investigate the design features of these xCCLs,discuss their use cases in the industry deep learning workloads,compare their performance with industry-made benchmarks(i.e.,NCCL Tests and PARAM),and discuss key take-aways and interesting observations.We believe our survey sheds light on potential research directions of future designs for xCCLs.

Dynamic Data Prefetching in Home-Based Software DSMs

A major overhead in software DSM (Distributed Shared Memory) is the cost of remote memory accesses necessitated by the protocol as well as induced by false sharing. This paper introduces a dynamic prefetching method implemented in the JIAJIA software DSM to reduce system overhead caused by remote accesses. The prefetching method records the interleaving string of INV (invalidation) and GETP (getting a remote page) operations for each cached page and analyzes the periodicity of the string when a page is invalidated on a lock or barrier. A prefetching request is issued after the lock or barrier if the periodicity analysis indicates that GETP will be the next operation in the string. Multiple prefetching requests are merged into the same message if they are to the same host. Performance evaluation with eight well-accepted benchmarks in a cluster of sixteen PowerPC workstations shows that the prefetching scheme can significantly reduce the page fault overhead and as a result achieves a performance increase of 15%-20% in three benchmarks and around 8%-10% in another three. The average extra traffic caused by useless prefetches is only 7%-13% in the evaluation.

Analyzing and Optimizing Packet Corruption in RDMA Network

Remote direct memory access (RDMA) has become one of the state-of-the-art high-performance network technologies in datacenters. The reliable transport of RDMA is designed based on a lossless underlying network and cannot endure a high packet loss rate. However, except for switch buffer overflow, there is another kind of packet loss in the RDMA network, i.e., packet corruption, which has not been discussed in depth. The packet corruption incurs long application tail latency by causing timeout retransmissions. The challenges to solving packet corruption in the RDMA network include: 1) packet corruption is inevitable with any remedial mechanisms and 2) RDMA hardware is not programmable. This paper proposes some designs which can guarantee the expected tail latency of applications with the existence of packet corruption. The key idea is controlling the occurring probabilities of timeout events caused by packet corruption through transforming timeout retransmissions into out-of-order retransmissions. We build a probabilistic model to estimate the occurrence probabilities and real effects of the corruption patterns. We implement these two mechanisms with the help of programmable switches and the zero-byte message RDMA feature. We build an ns-3 simulation and implement optimization mechanisms on our testbed. The simulation and testbed experiments show that the optimizations can decrease the flow completion time by several orders of magnitudes with less than 3% bandwidth cost at different packet corruption rates.