The technique of IP traceback may effectively block DOS (Denial Of Service) and meet the requirement of the computer forensic, but its accuracy depends upon that condition that each node in the Internet must support I...The technique of IP traceback may effectively block DOS (Denial Of Service) and meet the requirement of the computer forensic, but its accuracy depends upon that condition that each node in the Internet must support IP packet marking or detected agents. So far, this requirement is not satisfied. On the basis of traditional traceroute,this paper investigates the efficiency of discovering path methods from aspects of the size and order of detecting packets, and the length of paths.It points out that the size of padding in probed packets has a slight effect on discovering latency, and the latency with the method of bulk sending receiving is much smaller than one with the traditional traceroute. Moreover, the loss rate of packets with the technique of TTL (Time To Live) which increases monotonously is less than that with the technique of TTL which decreases monotonously. Lastly,OS (Operating System) passive fingerprint is used as heuristic to predict the length of the discovered path so as to reduce disturbance in network traffic.展开更多
TCP/IP is a next generation key technology in the wireless communication network where the different characteristics of wireless and wired links result in performance degradation. We can use the proxy and automatic re...TCP/IP is a next generation key technology in the wireless communication network where the different characteristics of wireless and wired links result in performance degradation. We can use the proxy and automatic repeat request (ARQ) schemes to deal with this problem. In this work, we investigate the TCP performance over proxy and ARQ in the wireless network. Our analysis results showed that using the proxy can result in lower transfer latency and higher throughput and that ARQ can decrease the loss rate of wireless link and improve the performance with little additional latency. The analytical results were validated against simulations using the NS-2 with some more realistic parameters.展开更多
IPsec has become an important supplement of IP to provide security protection. However, the heavyweight IPsec has a high transmission overhead and latency, and it cannot provide the address accountability. We propose ...IPsec has become an important supplement of IP to provide security protection. However, the heavyweight IPsec has a high transmission overhead and latency, and it cannot provide the address accountability. We propose the self-trustworthy and secure Internet protocol(T-IP) for authenticated and encrypted network layer communications. T-IP has the following advantages:(1) Self-Trustworthy IP address.(2) Low connection latency and transmission overhead.(3) Reserving the important merit of IP to be stateless.(4) Compatible with the existing TCP/IP architecture. We theoretically prove the security of our shared secret key in T-IP and the resistance to the known session key attack of our security-enhanced shared secret key calculation. Moreover, we analyse the possibility of the application of T-IP, including its resilience against the man-in-the-middle attack and Do S attack. The evaluation shows that T-IP has a much lower transmission overhead and connection latency compared with IPsec.展开更多
With the development of Ethernet systems and the growing capacity of modem silicon technology, embedded communication networks are playing an increasingly important role in embedded and safety critical systems. Hardwa...With the development of Ethernet systems and the growing capacity of modem silicon technology, embedded communication networks are playing an increasingly important role in embedded and safety critical systems. Hardware/software co-design is a methodology for solving design problems in processor based embedded systems. In this work, we implemented a new 1-cycle pipeline microprocessor and a fast Ethemet transceiver and established a low cost, high performance embedded network controller, and designed a TCP/IP stack to access the Intemet. We discussed the hardware/software architecture in the forepart, and then the whole system-on-a-chip on Altera Stratix EP1S25F780C6 device. Using the FPGA environment and SmartBit tester, we tested the system's throughput. Our simulation results showed that the maximum throughput of Ethemet packets is up to 7 Mbps, that of UDP packets is up to 5.8 Mbps, and that of TCP packets is up to 3.4 Mbps, which showed that this embedded system can easily transmit basic voice and video signals through Ethemet, and that using only one chip can realize that many electronic devices access to the Intemet directly and get high performance.展开更多
Many coal enterprises have built the videoconference systems on their LAN (Local Area Network). As the development of these enterprises, their organizations are distributed over our country and even over the world. ...Many coal enterprises have built the videoconference systems on their LAN (Local Area Network). As the development of these enterprises, their organizations are distributed over our country and even over the world. Therefore, the videoconference systems have to run over WAN (Wide Area Network). Normally, the structure of a videoconference system is center_division including MCU (multi control unit)and participants. No QoS and security assurance are available now because all videoconference system is based on TCP/IP. Therefore, the system stability is absolutely depended on the Network. This paper discussed how to anti ARP attacking. The method discussed in this paper is based on TCP/IP.展开更多
The overhead in iSCSI subsystems is analyzed through the model of iSCSI reading and writing requests. An analytic model of iSCSI subsystem overhead is developed. According to the analytic model, the overhead of iSCSI ...The overhead in iSCSI subsystems is analyzed through the model of iSCSI reading and writing requests. An analytic model of iSCSI subsystem overhead is developed. According to the analytic model, the overhead of iSCSI subsystems is measured, which reveals that the main overhead is caused by protocol processing as well as kernel functions for fair allocation of system resources. Several methods have been proposed to optimize iSCSI subsystems, such as small I/O requests adherent that can be merged into a large I/O request. Checksum is found to be a time consuming work and may not be always necessary for applications.展开更多
Today's Internet architecture faces many challenges, from poor support for mobility to security threats. By analyzing the drawbacks of current TCP/IP protocol, we propose a new network architecture model LISNA. LISNA...Today's Internet architecture faces many challenges, from poor support for mobility to security threats. By analyzing the drawbacks of current TCP/IP protocol, we propose a new network architecture model LISNA. LISNA defines a kind of network architecture with mobility and trustworthiness, based upon the decoupling of end-host identity information from location information. This paper makes a brief description of the basic concepts and model structure that support network mobility and security. After introducing the key techniques in LISNA, the paper further illustrates how to promote the mobility handoff and to keep security association.展开更多
文摘The technique of IP traceback may effectively block DOS (Denial Of Service) and meet the requirement of the computer forensic, but its accuracy depends upon that condition that each node in the Internet must support IP packet marking or detected agents. So far, this requirement is not satisfied. On the basis of traditional traceroute,this paper investigates the efficiency of discovering path methods from aspects of the size and order of detecting packets, and the length of paths.It points out that the size of padding in probed packets has a slight effect on discovering latency, and the latency with the method of bulk sending receiving is much smaller than one with the traditional traceroute. Moreover, the loss rate of packets with the technique of TTL (Time To Live) which increases monotonously is less than that with the technique of TTL which decreases monotonously. Lastly,OS (Operating System) passive fingerprint is used as heuristic to predict the length of the discovered path so as to reduce disturbance in network traffic.
文摘TCP/IP is a next generation key technology in the wireless communication network where the different characteristics of wireless and wired links result in performance degradation. We can use the proxy and automatic repeat request (ARQ) schemes to deal with this problem. In this work, we investigate the TCP performance over proxy and ARQ in the wireless network. Our analysis results showed that using the proxy can result in lower transfer latency and higher throughput and that ARQ can decrease the loss rate of wireless link and improve the performance with little additional latency. The analytical results were validated against simulations using the NS-2 with some more realistic parameters.
基金supported by the national key research and development program under grant 2017YFB0802301Guangxi cloud computing and large data Collaborative Innovation Center Project
文摘IPsec has become an important supplement of IP to provide security protection. However, the heavyweight IPsec has a high transmission overhead and latency, and it cannot provide the address accountability. We propose the self-trustworthy and secure Internet protocol(T-IP) for authenticated and encrypted network layer communications. T-IP has the following advantages:(1) Self-Trustworthy IP address.(2) Low connection latency and transmission overhead.(3) Reserving the important merit of IP to be stateless.(4) Compatible with the existing TCP/IP architecture. We theoretically prove the security of our shared secret key in T-IP and the resistance to the known session key attack of our security-enhanced shared secret key calculation. Moreover, we analyse the possibility of the application of T-IP, including its resilience against the man-in-the-middle attack and Do S attack. The evaluation shows that T-IP has a much lower transmission overhead and connection latency compared with IPsec.
文摘With the development of Ethernet systems and the growing capacity of modem silicon technology, embedded communication networks are playing an increasingly important role in embedded and safety critical systems. Hardware/software co-design is a methodology for solving design problems in processor based embedded systems. In this work, we implemented a new 1-cycle pipeline microprocessor and a fast Ethemet transceiver and established a low cost, high performance embedded network controller, and designed a TCP/IP stack to access the Intemet. We discussed the hardware/software architecture in the forepart, and then the whole system-on-a-chip on Altera Stratix EP1S25F780C6 device. Using the FPGA environment and SmartBit tester, we tested the system's throughput. Our simulation results showed that the maximum throughput of Ethemet packets is up to 7 Mbps, that of UDP packets is up to 5.8 Mbps, and that of TCP packets is up to 3.4 Mbps, which showed that this embedded system can easily transmit basic voice and video signals through Ethemet, and that using only one chip can realize that many electronic devices access to the Intemet directly and get high performance.
文摘Many coal enterprises have built the videoconference systems on their LAN (Local Area Network). As the development of these enterprises, their organizations are distributed over our country and even over the world. Therefore, the videoconference systems have to run over WAN (Wide Area Network). Normally, the structure of a videoconference system is center_division including MCU (multi control unit)and participants. No QoS and security assurance are available now because all videoconference system is based on TCP/IP. Therefore, the system stability is absolutely depended on the Network. This paper discussed how to anti ARP attacking. The method discussed in this paper is based on TCP/IP.
基金Funded by National Network and Security Continuous Developing Plan (2004 Research 1-917-021)
文摘The overhead in iSCSI subsystems is analyzed through the model of iSCSI reading and writing requests. An analytic model of iSCSI subsystem overhead is developed. According to the analytic model, the overhead of iSCSI subsystems is measured, which reveals that the main overhead is caused by protocol processing as well as kernel functions for fair allocation of system resources. Several methods have been proposed to optimize iSCSI subsystems, such as small I/O requests adherent that can be merged into a large I/O request. Checksum is found to be a time consuming work and may not be always necessary for applications.
文摘Today's Internet architecture faces many challenges, from poor support for mobility to security threats. By analyzing the drawbacks of current TCP/IP protocol, we propose a new network architecture model LISNA. LISNA defines a kind of network architecture with mobility and trustworthiness, based upon the decoupling of end-host identity information from location information. This paper makes a brief description of the basic concepts and model structure that support network mobility and security. After introducing the key techniques in LISNA, the paper further illustrates how to promote the mobility handoff and to keep security association.
