A Fast FPGA Implementation for Triple DES Encryption Scheme

In cryptography, the Triple DES (3DES, TDES or officially TDEA) is a symmetric-key block cipher which applies the Data Encryption Standard (DES) cipher algorithm three times to each data block. Electronic payment systems are known to use the TDES scheme for the encryption/decryption of data, and hence faster implementations are of great significance. Field Programmable Gate Arrays (FPGAs) offer a new solution for optimizing the performance of applications meanwhile the Triple Data Encryption Standard (TDES) offers a mean to secure information. In this paper we present a pipelined implementation in VHDL, in Electronic Code Book (EBC) mode, of this commonly used cryptography scheme with aim to improve performance. We achieve a 48-stage pipeline depth by implementing a TDES key buffer and right rotations in the DES decryption key scheduler. Using the Altera Cyclone II FPGA as our platform, we design and verify the implementation with the EDA tools provided by Altera. We gather cost and throughput information from the synthesis and timing results and compare the performance of our design to common implementations presented in other literatures. Our design achieves a throughput of 3.2 Gbps with a 50 MHz clock;a performance increase of up to 16 times.

Apple’s Lion vs Microsoft’s Windows 7: Comparing Built-In Protection against ICMP Flood Attacks

With the increase in the number of computers connected to Internet, the number of Distributed Denial of Service (DDoS) attacks has also been increasing. A DDoS attack consumes the computing resources of a computer or a server, by degrading its computing performance or by preventing legitimate users from accessing its services. Recently, Operating Systems (OS) are increasingly deploying embedded DDoS prevention schemes to prevent computing exhaustion caused by such attacks. In this paper, we compare the effectiveness of two popular operating systems, namely the Apple’s Lion and Microsoft’s Windows 7, against DDoS attacks. We compare the computing performance of these operating systems under two ICMP based DDoS attacks. Since the role of the OS is to manage the computer or servers resources as efficiently as possible, in this paper we investigate which OS manages its computing resources more efficiently. In this paper, we evaluate and compare the built-in security of these two operating systems by using an iMac computer which is capable of running both Windows 7 and Lion. The DDoS attacks that are simulated for this paper are the ICMP Ping and Land Attack. For this experiment, we measure the exhaustion of the processors and the number of Echo Request and Echo Reply messages that were generated under varying attack loads for both the Ping and Land Attack. From our experiments, we found that both operating systems were able to survive the attacks however they reacted a bit differently under attack. The Operating System Lion was handling both the Ping and Land attack in the exactly the same way, whereas Windows 7 handled the two attacks a bit differently, resulting in different processor consumptions by two different operating systems.

Conflict Resolution Strategy in Handover Management for 4G and 5G Networks

Fifth-generation(5G)cellular networks offer high transmission rates in dense urban environments.However,a massive deployment of small cells will be required to provide wide-area coverage,which leads to an increase in the number of handovers(HOs).Mobility management is an important issue that requires considerable attention in heterogeneous networks,where 5G ultra-dense small cells coexist with current fourth-generation(4G)networks.Although mobility robustness optimization(MRO)and load balancing optimization(LBO)functions have been introduced in the 3GPP standard to address HO problems,non-robust and nonoptimal algorithms for selecting appropriate HO control parameters(HCPs)still exist,and an optimal solution is subjected to compromise between LBO and MRO functions.Thus,HO decision algorithms become inefficient.This paper proposes a conflict resolution technique to address the contradiction between MRO and LBO functions.The proposed technique exploits received signal reference power(RSRP),cell load and user speed to adapt HO margin(HM)and time to trigger(TTT).Estimated HM and TTT depend on a weighting function and HO type which is represented by user status during mobility.The proposed technique is validated with other existing algorithms from the literature.Simulation results demonstrate that the proposed technique outperforms existing algorithms overall performance metrics.The proposed technique reduces the overall average HO ping-pong probability,HO failure rate and interruption time by more than 90%,46%and 58%,respectively,compared with the other schemes overall speed scenarios and simulation time.

Mean Opinion Score Estimation for Mobile Broadband Networks Using Bayesian Networks

Mobile broadband(MBB)networks are expanding rapidly to deliver higher data speeds.The fifth-generation cellular network promises enhanced-MBB with high-speed data rates,low power connectivity,and ultralow latency video streaming.However,existing cellular networks are unable to perform well due to high latency and low bandwidth,which degrades the performance of various applications.As a result,monitoring and evaluation of the performance of these network-supported services is critical.Mobile network providers optimize and monitor their network performance to ensure the highest quality of service to their end-users.This paper proposes a Bayesian model to estimate the minimum opinion score(MOS)of video streaming services for any particular cellular network.The MOS is the most commonly used metric to assess the quality of experience.The proposed Bayesian model consists of several input data,namely,round-trip time,stalling load,and bite rates.It was examined and evaluated using several test data sizes with various performance metrics.Simulation results show the proposed Bayesian network achieved higher accuracy overall test data sizes than a neural network.The proposed Bayesian network obtained a remarkable overall accuracy of 90.36%and outperformed the neural network.

Experimental Evaluation of Cisco ASA-5510 Intrusion Prevention System against Denial of Service Attacks

Cyber attacks are continuing to hamper working of Internet services despite increase in the use of network security systems such as, firewalls and Intrusion protection systems (IPS). Recent Denial of Service (DoS) attack on Independence Day weekend, on July 4th, 2009 launched to debilitate the US and South Korean governments’ websites is indicative of the fact that the security systems may not have been adequately deployed to counteract such attacks. IPS is a vital security device which is commonly used as a front line defense mechanism to defend against such DoS attacks. Before deploying a firewall or an IPS device for network protection, in many deployments, the performance of firewalls is seldom evaluated for their effectiveness. Many times, these IPS’s can become bottleneck to the network performance and they may not be effective in stopping DoS attacks. In this paper, we intend to drive the point that deploying IPS may not always be effective in stopping harmful effects of DoS attacks. It is important to evaluate the capability of IPS before they are deployed to protect a network or a server against DoS attacks. In this paper, we evaluate performance of a commercial grade IPS Cisco ASA-5510 IPS to measure its effectiveness in stopping a DoS attacks namely TCP-SYN, UDP Flood, Ping Flood and ICMP Land Attacks. This IPS comes with features to counteract and provide security against these attacks. Performance of the IPS is measured under these attacks protection and compared with its performance when these protection features were not available (i.e. disabled). It was found that the IPS was unable to provide satisfactory protection despite the availability of the protection features against these flooding attacks. It is important for the network managers to measure the actual capabilities of an IPS system before its deployment to protect critical information infrastructure.