By Topic

Network, IEEE

Issue 6 • Date Nov.-Dec. 1999

Filter Results

Displaying Results 1 - 7 of 7
  • A survey of security issues in multicast communications

    Page(s): 12 - 23
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (1394 KB)  

    The emergence and popularity of group-oriented applications on the World Wide Web has triggered a demand for scalable security solutions for group communication. One such solution, secure multicast is appealing because it leverages the efficiency of multicast data delivery. However, it also presents several research challenges, most notably in a group communication architecture, group key management, and message source authentication. In this survey, we discuss these issues and review proposed solutions to them. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Networking security [Guest Editorial]

    Page(s): 10 - 11
    Save to Project icon | Request Permissions | PDF file iconPDF (175 KB)  
    Freely Available from IEEE
  • X.500 and LDAP security: a comparative overview

    Page(s): 54 - 64
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (1112 KB)  

    We give a comparative overview of the X.500 and LDAPv3 Directory security features. X.500 is a commonly used name for a series of joint ISO/IEC and ITU-T standards specifying a distributed directory service. It assumes the existence of an underlying OSI protocol stack. LDAP is an Internet alternative to the X.500 Directory Access Protocol (X.511 DAP). Since its first version LDAP has undergone significant changes, and many of them concern security. It was originally planned to use LDAP only to access the X.500 directory via an LDAP gateway. In the meantime, LDAP functionality was extended, which enables LDAPv3 to be used for both the server model and the client read and update access protocol View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Secure remote access to an Internet Web server

    Page(s): 31 - 37
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (624 KB)  

    We address the problem of secure remote access to a site's internal Web server from outside the firewall. The goal is to give authorized users access to sensitive information, while protecting the information from others. We implemented our solution using a one-time password scheme for client authentication and secure socket layer (SSL) for confidentiality. Our main design considerations were security, performance, ease of use, availability, and scale. We were further constrained by the desire to leave our firewall and local infrastructure unchanged View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Securing ad hoc networks

    Page(s): 24 - 30
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (584 KB)  

    Ad hoc networks are a new wireless networking paradigm for mobile hosts. Unlike traditional mobile wireless networks, ad hoc networks do not rely on any fixed infrastructure. Instead, hosts rely on each other to keep the network connected. Military tactical and other security-sensitive operations are still the main applications of ad hoc networks, although there is a trend to adopt ad hoc networks for commercial uses due to their unique properties. One main challenge in the design of these networks is their vulnerability to security attacks. In this article, we study the threats on ad hoc network faces and the security goals to be achieved. We identify the new challenges and opportunities posed by this new networking environment and explore new approaches to secure its communication. In particular, we take advantage of the inherent redundancy in ad hoc networks-multiple routes between nodes-to defend routing against denial-of-service attacks. We also use replication and new cryptographic schemes, such as threshold cryptography, to build a highly secure and highly available key management service, which terms the core of our security framework View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • On location-restricted services

    Page(s): 44 - 52
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (716 KB)  

    Monitoring the location of user equipment is an important problem in many industries, including direct broadcasting satellites and others, where the physical location of the user determines the availability of the service or is crucial for the security or operation of the service. In this article we study four schemes for detecting the movement of user equipment, such as a set-top terminal, wireless local loop (fixed wireless) phones, and other “nonmovable” equipment, using existing (or emerging) communication infrastructures. The first two schemes are network-centric, which means that the network infrastructure determines the location. The two other schemes are terminal-centric, which means that they rely on the user's device. We start with the currently used scheme, which is based on the telephone network's caller ID features, and show how it can be undermined. Then we describe three more robust schemes: one that uses the cellular phone's enhanced 911 service, one that uses the Global Positioning System, and one that measures the time-difference-of-arrival of the satellite's broadcast. We discuss the accuracy, features, and vulnerabilities of each scheme. We also present possible attacks on these schemes that allow the attackers to conceal their movement, and evaluate the complexity and cost of the attacks View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • An overview of PKI trust models

    Page(s): 38 - 43
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (440 KB)  

    If Alice and Bob each know their own private key and the other's public key, they can communicate securely, through any number of public key based protocols such as IPSec, PGP, S/MIME, or SSL. However, how do they know each other's public keys? The goal of a public key infrastructure (PKI) is to enable secure, convenient, and efficient discovery of public keys. It should be applicable within as well as between organizations, and scalable to support the Internet. There are various types of PKI that are widely deployed or have been proposed. They differ in the configuration information required, trust rules, and flexibility. There are standards such as X.509 and PKIX, but these are sufficiently flexible so that almost any model of PKI can be supported. We describe several types of PKI and discuss the advantages and disadvantages of each. We argue against several popular and widely deployed models as being insecure, unscalable, or overly inconvenient. We also recommend a particular model View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.

Aims & Scope

IEEE Network covers topics which include: network protocols and architecture; protocol design and validation; communications software; network control, signaling and management; network implementation (LAN, MAN, WAN); and micro-to-host communications.

Full Aims & Scope

Meet Our Editors

Editor-in-Chief
Xuemin (Sherman) Shen, PhD
Engineering University of Waterloo