It is difficult to tell which of the originating terminals are communicating to which of the connected target servers, and the dummy messages confuse eavesdroppers' efforts to detect communicating pairs by analyzing traffic. A drawback is that there is a risk that the mix server could be compromised. One way to deal with this risk is to spread the trust among multiple mixes.
If one mix is compromised, the identities of the originating and target terminals may remain concealed. This strategy requires a number of alternative mixes so that the intermediate servers interposed between the originating and target terminals are not determinable except by compromising more than one mix. The strategy wraps the message with multiple layers of encrypted addresses. The first mix in a sequence can decrypt only the outer layer of the message to reveal the next destination mix in sequence.
The second mix can decrypt the message to reveal the next mix and so on. The target server receives the message and, optionally, a multi-layer encrypted payload containing return information to send data back in the same fashion. The only way to defeat such a mix scheme is to collude among mixes. If the packets are all fixed-length and intermixed with dummy packets, there is no way to do any kind of traffic analysis.
The crowd proxies are interposed between originating and target terminals. Each proxy through which the message is sent is randomly chosen by an upstream proxy. Thus, even crowd members cannot determine if a preceding proxy is the originator of the message or if it was simply passed from another proxy.
The user is permitted to control the number of hops. At the final server, traffic is decrypted with an untraceable IP address.
STUDENT RESOURCES, DATA AND COMPUTER COMMUNICATIONS, 10TH EDITION
The technique is called onion-routing. This method can be defeated using traffic analysis. For a simple example, bursts of packets from a user during low-duty periods can reveal the identities of sender and receiver. Firewalls attempt to protect LANs from unauthorized access and hostile exploitation or damage to computers connected to the LAN.
Firewalls provide a server through which all access to the LAN must pass. Firewalls are centralized systems that require administrative overhead to maintain. They instill a false sense of security that leads to security breaches for example by users sending sensitive information to servers outside the firewall or encouraging use of modems to sidestep the firewall security. Firewalls are not useful for distributed systems such as business travelers, extranets, small teams, etc. Each TARP packet's true destination is concealed behind a layer of encryption generated using a link key.
The link key is the encryption key used for encrypted communication between the hops intervening between an originating TARP terminal and a destination TARP terminal. Once the outer layer of encryption is removed, the TARP router determines the final destination. Each TARP packet undergoes a minimum number of hops to help foil traffic analysis. The hops may be chosen at random or by a fixed value. As a result, each TARP packet may make random trips among a number of geographically disparate routers before reaching its destination.
Each trip is highly likely to be different for each packet composing a given message because each trip is independently randomly determined. This feature is called agile routing. The fact that different packets take different routes provides distinct advantages by making it difficult for an interloper to obtain all the packets forming an entire multi-packet message. The associated advantages have to do with the inner layer of encryption discussed below. Agile routing is combined with another feature that furthers this purpose; a feature that ensures that any message is broken into multiple packets.
A separate, unchangeable identifier or address is also defined. The message payload is hidden behind an inner layer of encryption in the TARP packet that can only be unlocked using a session key. The session key is not available to any of the intervening TARP routers. The session key is used to decrypt the payloads of the TARP packets permitting the data stream to be reconstructed.
[PDF.65qk] Computer Networking First-Step
Communication may be made private using link and session keys, which in turn may be shared and used according to any desired method. The payloads of these packets are assembled into a block and chain-block encrypted using the session key. The block is then interleaved and the interleaved encrypted block is broken into a series of payloads, one for each TARP packet to be generated. They should contain a formula or data for deinterleaving the data at the destination TARP terminal, a time-to-live TTL parameter to indicate the number of hops still to be executed, a data type identifier which indicates whether the payload contains, for example, TCP or UDP data, the sender's TARP address, the destination TARP address, and an indicator as to whether the packet contains real or decoy data or a formula for filtering out decoy data if decoy data is spread in some way through the TARP payload data.
Note that although chain-block encryption is discussed here with reference to the session key, any encryption method may be used. Preferably, as in chain block encryption, a method should be used that makes unauthorized decryption difficult without an entire result of the encryption process. Thus, by separating the encrypted block among multiple packets and making it difficult for an interloper to obtain access to all of such packets, the contents of the communications are provided an extra layer of security. Decoy or dummy data can be added to a stream to help foil traffic analysis by reducing the peak-to-average network load.
It may be desirable to provide the TARP process with an ability to respond to the time of day or other criteria to generate more decoy data during low traffic periods so that communication bursts at one point in the Internet cannot be tied to communication bursts at another point to reveal the communicating endpoints. Dummy data also helps to break the data into a larger number of inconspicuously-sized packets permitting the interleave window size to be increased while maintaining a reasonable size for each packet. The packet size can be a single standard size or selected from a fixed range of sizes.
One primary reason for desiring for each message to be broken into multiple packets is apparent if a chain block encryption scheme is used to form the first encryption layer prior to interleaving. A single block encryption may be applied to a portion, or entirety, of a message, and that portion or entirety then interleaved into a number of separate packets.
Considering the agile IP routing of the packets, and the attendant difficulty of reconstructing an entire sequence of packets to form a single block-encrypted message element, decoy packets can significantly increase the difficulty of reconstructing an entire data stream. The above scheme may be implemented entirely by processes operating between the data link layer and the network layer of each server or terminal participating in the TARP system. Because the encryption system described above is insertable between the data link and network layers, the processes involved in supporting the encrypted communication may be completely transparent to processes at the IP network layer and above.
The TARP processes may also be completely transparent to the data link layer processes as well. Thus, no operations at or above the Network layer, or at or below the data link layer, are affected by the insertion of the TARP stack. This provides additional security to all processes at or above the network layer, since the difficulty of unauthorized penetration of the network layer by, for example, a hacker is increased substantially.
About the Book :
Even newly developed servers running at the session layer leave all processes below the session layer vulnerable to attack. Note that in this architecture, security is distributed. That is, notebook computers used by executives on the road, for example, can communicate over the Internet without any compromise in security. The level of immunity from attack is roughly proportional to the rate at which the IP address of the host is changing. As mentioned, IP addresses may be changed in response to attacks. An attack may be revealed, for example, by a regular series of messages indicating that a router is being probed in some way.
In addition, it may create a subprocess that maintains the original IP address and continues interacting with the attacker in some manner. Decoy packets may be generated by each TARP terminal on some basis determined by an algorithm. For example, the algorithm may be a random one which calls for the generation of a packet on a random basis when the terminal is idle.
Alternatively, the algorithm may be responsive to time of day or detection of low traffic to generate more decoy packets during low traffic times. Note that packets are preferably generated in groups, rather than one by one, the groups being sized to simulate real messages. In addition, so that decoy packets may be inserted in normal TARP message streams, the background loop may have a latch that makes it more likely to insert decoy packets when a message stream is being received. Alternatively, if a large number of decoy packets is received along with regular TARP packets, the algorithm may increase the rate of dropping of decoy packets rather than forwarding them.
The result of dropping and generating decoy packets in this way is to make the apparent incoming message size different from the apparent outgoing message size to help foil traffic analysis. In various other embodiments of the invention, a scalable version of the system may be constructed in which a plurality of IP addresses are preassigned to each pair of communicating nodes in the network.
Further improvements described in this continuation-in-part application include: 1 a load balancer that distributes packets across different transmission paths according to transmission path quality; 2 a DNS proxy server that transparently creates a virtual private network in response to a domain name inquiry; 3 a large-to-small link bandwidth management feature that prevents denial-of service attacks at system chokepoints; 4 a traffic limiter that regulates incoming packets by limiting the rate at which a transmitter can be synchronized with a receiver; and 5 a signaling synchronizer that allows a large number of nodes to communicate with a central node by partitioning the communication function between two separate entities.
The present invention provides key technologies for implementing a secure virtual Internet by using a new agile network protocol that is built on top of the existing Internet protocol IP. The secure virtual Internet works over the existing Internet infrastructure, and interfaces with client applications the same way as the existing Internet. According to the invention, the secure domain name service interfaces with existing applications, in addition to providing a way to register and serve domain names and addresses.
The advantages of the present invention are provided by a method for establishing a secure communication link between a first computer and a second computer over a computer network, such as the Internet. In one embodiment, a secure communication mode is enabled at a first computer without a user entering any cryptographic information for establishing the secure communication mode of communication, preferably by merely selecting an icon displayed on the first computer.
Alternatively, the secure communication mode of communication can be enabled by entering a command into the first computer. Then, a secure communication link is established between the first computer and a second computer over a computer network based on the enabled secure communication mode of communication. According to the invention, it is determined whether a secure communication software module is stored on the first computer in response to the step of enabling the secure communication mode of communication. A predetermined computer network address is then accessed for loading the secure communication software module when the software module is not stored on the first computer.
Subsequently, the proxy software module is stored in the first computer. The secure communication link is a virtual private network communication link over the computer network. Preferably, the virtual private network can be based on inserting into each data packet one or more data values that vary according to a pseudo-random sequence. Alternatively, the virtual private network can be based on a computer network address hopping regime that is used to pseudorandomly change computer network addresses or other data values in packets transmitted between the first computer and the second computer, such that the second computer compares the data values in each data packet transmitted between the first computer and the second computer to a moving window of valid values.
Yet another alternative provides that the virtual private network can be based on a comparison between a discriminator field in each data packet to a table of valid discriminator fields maintained for the first computer. According to another aspect of the invention, a command is entered to define a setup parameter associated with the secure communication link mode of communication.
Consequently, the secure communication mode is automatically established when a communication link is established over the computer network. The present invention also provides a computer system having a communication link to a computer network, and a display showing a hyperlink for establishing a virtual private network through the computer network. When the hyperlink for establishing the virtual private network is selected, a virtual private network is established over the computer network.
A non-standard top-level domain name is then sent over the virtual private network communication to a predetermined computer network address, such as a computer network address for a secure domain name service SDNS. The present invention provides a domain name service that provides secure computer network addresses for secure, non-standard top-level domain names. The advantages of the present invention are provided by a secure domain name service for a computer network that includes a portal connected to a computer network, such as the Internet, and a domain name database connected to the computer network through the portal.
According to the invention, the portal authenticates a query for a secure computer network address, and the domain name database stores secure computer network addresses for the computer network. Each secure computer network address is based on a non-standard top-level domain name, such as. The present invention provides a way to encapsulate existing application network traffic at the application layer of a client computer so that the client application can securely communicate with a server protected by an agile network protocol.
The advantages of the present invention are provided by a method for communicating using a private communication link between a client computer and a server computer over a computer network, such as the Internet. According to the invention, an information packet is sent from the client computer to the server computer over the computer network.
The information packet contains data that is inserted into the payload portion of the packet at the application layer of the client computer and is used for forming a virtual private connection between the client computer and the server computer. The modified information packet can be sent through a firewall before being sent over the computer network to the server computer and by working on top of existing protocols i. The information packet is received at a kernel layer of an operating system on the server side. It is then determined at the kernel layer of the operating system on the host computer whether the information packet contains the data that is used for forming the virtual private connection.
The server side replies by sending an information packet to the client computer that has been modified at the kernel layer to containing virtual private connection information in the payload portion of the reply information packet. Preferably, the information packet from the client computer and the reply information packet from the server side are each a UDP protocol information packet.
In accordance with another aspect of the invention, a method executed by a first network device for communicating with a second network device. The method comprises: a sending a request to look up a network address of a second network device based on an identifier associated with the second network device; b receiving an indication that the second network device is available for a secure communications service, the indication including the requested network address of the second network device and provisioning information for a secure communication link; c connecting to the second network device over the secure communication link, using the received network address of the second network device and the provisioning information for the secure communication link; and d communicating at least one of video data and audio data with the second network device using the secure communications service via the secure communication link.
Referring to FIG. Each TARP packet's true destination is concealed behind an outer layer of encryption generated using a link key Each TARP router - , using the link key it uses to communicate with the previous hop in a chain, can use the link key to reveal the true destination of a TARP packet. To identify the link key needed to decrypt the outer layer of encryption of a TARP packet, a receiving TARP or routing terminal may identify the transmitting terminal which may indicate the link key used by the sender field of the clear IP header.
Alternatively, this identity may be hidden behind another layer of encryption in available bits in the clear IP header. Alternatively, TARP packets could be authenticated by attempting to decrypt using the link key and determining if the results are as expected.
- Introduction to Computer Networking | SpringerLink.
- Early Hip Disorders?
- IP Address Management Principles and Practice (IEEE Press Series on Network Management)!
- Human Identification: Case Studies in Forensic Anthropology.
- DCC10e-Student | BOOKS BY WILLIAM STALLINGS?
- Fuel Cell Research Trends.
The former may have computational advantages because it does not involve a decryption process. The system is preferably designed to cause each TARP packet to undergo a minimum number of hops to help foil traffic analysis. Thus, each TARP packet, irrespective of the traditional factors determining traffic in the Internet, makes random trips among a number of geographically disparate routers before reaching its destination and each trip is highly likely to be different for each packet composing a given message because each trip is independently randomly determined as described above.
For reasons that will become clear shortly, the fact that different packets take different routes provides distinct advantages by making it difficult for an interloper to obtain all the packets forming an entire multi-packet message.
29th Street Press Java and the AS Practical Examples Using VisualAge for Java_百度文库
Agile routing is combined with another feature that furthers this purpose, a feature that ensures that any message is broken into multiple packets. While every TARP router receiving a TARP packet has the ability to determine the packet's final destination, the message payload is embedded behind an inner layer of encryption in the TARP packet that can only be unlocked using a session key.
The session key is used to decrypt the payloads of the TARP packets permitting an entire message to be reconstructed. In one embodiment, communication may be made private using link and session keys, which in turn may be shared and used according any desired method. For example, a public key or symmetric keys may be communicated between link or session endpoints using a public key method.
Any of a variety of other mechanisms for securing data to ensure that only authorized computers can have access to the private information in the TARP packets may be used as desired. In the present example, equal-sized segments 1 - 9 are defined and used to construct a set of interleaved data packets A, B, and C. Here it is assumed that the number of interleaved packets A, B, and C formed is three and that the number of IP packets a - c used to form the three interleaved packets A, B, and C is exactly three. Of course, the number of IP packets spread over a group of interleaved packets may be any convenient number as may be the number of interleaved packets over which the incoming data stream is spread.
The latter, the number of interleaved packets over which the data stream is spread, is called the interleave window. To create a packet, the transmitting software interleaves the normal IP packets a et. This payload data is then encrypted using a session key to form a set of session-key-encrypted payload data , each of which, A, B, and C, will form the payload of a TARP packet. In a preferred embodiment, the TARP headers IPT are IP headers with added data providing the following information required for routing and reconstruction of messages, some of which data is ordinarily, or capable of being, contained in normal IP headers:.
Obviously, the packets going into a single interleave window must include only packets with a common destination. Thus, it is assumed in the depicted example that the IP headers of IP packets a - c all contain the same destination address or at least will be received by the same terminal so that they can be deinterleaved. Note that dummy or decoy data or packets can be added to form a larger interleave window than would otherwise be required by the size of a given message. Decoy or dummy data can be added to a stream to help foil traffic analysis by leveling the load on the network.
Thus, it may be desirable to provide the TARP process with an ability to respond to the time of day or other criteria to generate more decoy data during low traffic periods so that communication bursts at one point in the Internet cannot be tied to communication bursts at another point to reveal the communicating endpoints.
A single block encryption may be applied to a portion, or the entirety, of a message, and that portion or entirety then interleaved into a number of separate packets. The payloads of the packets are used to construct a single block for chain block encryption using the session key. The payloads used to form the block are presumed to be destined for the same terminal. The block size may coincide with the interleave window as depicted in the example embodiment of FIG. After encryption, the encrypted block is broken into separate payloads and segments which are interleaved as in the embodiment of FIG.
The remaining process is as shown in, and discussed with reference to, FIG. The first hop TARP router is randomly chosen. Note that the process of constructing the TARP packet does not have to be done in stages as described. The above description is just a useful heuristic for describing the final product, namely, the TARP packet. Note that, TARP header IP T could be a completely custom header configuration with no similarity to a normal IP header except that it contain the information identified above.
This is so since this header is interpreted by only TARP routers. As an example of combining the TARP layer with the data link layer , a program may augment the normal processes running a communications card, for example, an Ethernet card. Alternatively, the TARP layer processes may form part of a dynamically loadable module that is loaded and executed to support communications between the network and data link layers.
Because the encryption system described above can be inserted between the data link and network layers, the processes involved in supporting the encrypted communication may be completely transparent to processes at the IP network layer and above. Thus, no operations at or above the network layer, or at or below the data link layer, are affected by the insertion of the TARP stack. An attack may be revealed, for example, by a regular series of messages indicates that a router is being probed in some way. Since the total number of TARP routers on any given subnet is expected to be relatively small, this process of updating the LUTs should be relatively fast.
Upon detection of an attack, the TARP process may also create a subprocess that maintains the original IP address and continues interacting with the attacker. A history of the communication between the attacker and the abandoned fishbowled IP address can be recorded or transmitted for human analysis or further synthesized for purposes of responding in some way.
As mentioned above, decoy or dummy data or packets can be added to outgoing data streams by TARP terminals or routers. In addition to making it convenient to spread data over a larger number of separate packets, such decoy packets can also help to level the load on inactive portions of the Internet to help foil traffic analysis efforts. Decoy packets may be generated by each TARP terminal , or each router - on some basis determined by an algorithm.
That is, when a series of messages are received, the decoy packet generation rate may be increased. The rate of reception of packets, decoy or otherwise, may be indicated to the decoy packet dropping and generating processes through perishable decoy and regular packet counters. A perishable counter is one that resets or decrements its value in response to time so that it contains a high value when it is incremented in rapid succession and a small value when incremented either slowly or a small number of times in rapid succession.
Note that destination TARP terminal may generate decoy packets equal in number and size to those TARP packets received to make it appear it is merely routing packets and is therefore not the destination terminal. The bandwidth burden added to the networks, for example in ICMP packets, that would be used to update all the TARP routers could overwhelm the Internet for a large scale implementation that approached the scale of the Internet. In other words, the boutique system's scalability is limited. A system can be constructed which trades some of the features of the above embodiments to provide the benefits of IP agility without the additional messaging burden.
This is accomplished by IP address-hopping according to shared algorithms that govern IP addresses used between links participating in communications sessions between nodes such as TARP nodes. Note that the IP hopping technique is also applicable to the boutique embodiment. The IP agility feature discussed with respect to the boutique system can be modified so that it becomes decentralized under this scalable regime and governed by the above-described shared algorithm.
Other features of the boutique system may be combined with this new type of IP-agility. The new embodiment has the advantage of providing IP agility governed by a local algorithm and set of IP addresses exchanged by each communicating pair of nodes. This local governance is session-independent in that it may govern communications between a pair of nodes, irrespective of the session or end points being transferred between the directly communicating pair of nodes.
In the scalable embodiments, blocks of IP addresses are allocated to each node in the network. This scalability will increase in the future, when Internet Protocol addresses are increased to bit fields, vastly increasing the number of distinctly addressable nodes. Each node can thus use any of the IP addresses assigned to that node to communicate with other nodes in the network. Indeed, each pair of communicating nodes can use a plurality of source IP addresses and destination IP addresses for communicating with each other. In other words, the algorithm governs the sequential selection of IP-address pairs, one sender and one receiver IP address, from each netblock.
The send address and the receive address of the IP header of each outgoing packet sent by the client are filled with the send and receive IP addresses generated by the algorithm. The router's receive hopblock is identical to the client's transmit hopblock. The router uses the receive hopblock to predict what the send and receive IP address pair for the next expected packet from that client will be.
Since packets can be received out of order, it is not possible for the router to predict with certainty what IP address pair will be on the next sequential packet. When a packet is received, it is marked in the hop window as such, so that a second packet with the same IP address pair will be discarded. If an out-of-sequence packet does not arrive within a predetermined timeout period, it can be requested for retransmission or simply discarded from the receive table, depending upon the protocol in use for that communications session, or possibly by convention.
When the router receives the client's packet, it compares the send and receive IP addresses of the packet with the next N predicted send and receive IP address pairs and rejects the packet if it is not a member of this set. With the number of possible combinations, even a fairly large window would be hard to fall into at random. If it is a member of this set, the router accepts the packet and processes it further.
If the routing agility feature described in connection with the boutique embodiment is combined with this link-based IP-hopping strategy, the router's next step would be to decrypt the TARP header to determine the destination TARP router for the packet and determine what should be the next hop for the packet. This SYN packet contains the client's authentication token, and may be sent to the router in an encrypted format.
For security purposes, it may be desirable to reject any packets from outside of the local network that are destined for the router's known fixed IP address. Once these packets have been successfully exchanged, the secure communications session is established, and all further secure communications between the client and the TARP router will be conducted via this secure session, as long as synchronization is maintained. If synchronization is lost, then the client and TARP router may re-establish the secure session by the procedure outlined in FIG.
It is important that the sequence of IP pairs in the client's transmit table be identical to those in the TARP router's receive table ; similarly, the sequence of IP pairs in the client's receive table must be identical to those in the router's transmit table This is required for the session synchronization to be maintained.
The client need maintain only one transmit table and one receive table during the course of the secure session. The TARP router will expect each packet arriving from the client to bear the next IP address pair shown in its receive table. Communications from the TARP router to the client are maintained in an identical manner; in particular, the router will select the next IP address pair from its transmit table when constructing a packet to send to the client , and the client will maintain a look-ahead buffer of expected IP pairs on packets that it is receiving.
Each TARP router will maintain separate pairs of transmit and receive tables for each client that is currently engaged in a secure session with or through that TARP router. While clients receive their hopblocks from the first server linking them to the Internet, routers exchange hopblocks. When a router establishes a link-based IP-hopping communication regime with another router, each router of the pair exchanges its transmit hopblock.
The transmit hopblock of each router becomes the receive hopblock of the other router. The communication between routers is governed as described by the example of a client sending a packet to the first router. While the above strategy works fine in the IP milieu, many local networks that are connected to the Internet are Ethernet systems. However, if the link-based IP-hopping strategy is employed, the correlation process would become explosive and burdensome.
An alternative to the link-based IP hopping strategy may be employed within an Ethernet network. The solution is to provide that the node linking the Internet to the Ethernet call it the border node use the link-based IP-hopping communication regime to communicate with nodes outside the Ethernet LAN. The packet is rejected if it does not fall into the set of predicted symbols for example, numerical values or is accepted if it does. Communications from the intra-LAN TARP node to the border node are accomplished in the same manner, though the algorithm will necessarily be different for security reasons.
Thus, each of the communicating nodes will generate transmit and receive tables in a similar manner to that of FIG. The algorithm used for IP address-hopping can be any desired algorithm. For example, the algorithm can be a given pseudo-random number generator that generates numbers of the range covering the allowed IP addresses with a given seed.
Alternatively, the session participants can assume a certain type of algorithm and specify simply a parameter for applying the algorithm. For example the assumed algorithm could be a particular pseudo-random number generator and the session participants could simply exchange seed values. Note that there is no permanent physical distinction between the originating and destination terminal nodes.
Either device at either end point can initiate a synchronization of the pair. As another extension to the stated architecture, multiple physical paths can be used by a client, in order to provide link redundancy and further thwart attempts at denial of service and traffic monitoring. As shown in FIG. As an example, the client can use three different telephone lines , , to connect to the ISPs, or two telephone lines and a cable modem, etc. In this scheme, transmitted packets will be sent in a random fashion among the different physical paths. This architecture provides a high degree of communications redundancy, with improved immunity from denial-of-service attacks and traffic monitoring.
The following describes various extensions to the techniques, systems, and methods described above. As described above, the security of communications occurring between computers in a computer network such as the Internet, an Ethernet, or others can be enhanced by using seemingly random source and destination Internet Protocol IP addresses for data packets transmitted over the network.
This feature prevents eavesdroppers from determining which computers in the network are communicating with each other while permitting the two communicating computers to easily recognize whether a given received data packet is legitimate or not. In one embodiment of the above-described systems, an IP header extension field is used to authenticate incoming packets on an Ethernet.
Any or all of these extensions can be combined with the features described above in any of various ways. Each frame header generally includes a source hardware address A and a destination hardware address B; other well-known fields in frame headers are omitted from FIG. Two hardware nodes communicating over a physical communication channel insert appropriate source and destination hardware addresses to indicate which nodes on the channel or network should receive the frame.
This is especially true in broadcast media, such as Ethernet, where it is necessary to insert into the frame header the hardware address of the machine that generated the frame and the hardware address of the machine to which frame is being sent. This can be a problem for secure communications, especially in cases where the communicants do not want for any third party to be able to identify who is engaging in the information exchange.
One way to address this problem is to push the address-hopping scheme down to the hardware layer.
- VHDL: Programming By Example.
- [PDF.65qk] Computer Networking First-Step!
- Network Protection Source Book by Federal Buyers Guide, inc. - Issuu.
- Web Resources for Computer Networks, 5!
- Radioactive Waste Management.
While the description refers to the exemplary case of an Ethernet environment, the inventive principles are equally applicable to other types of communications media. In the Ethernet case, the MAC address of the sender and receiver are inserted into the Ethernet frame and can be observed by anyone on the LAN who is within the broadcast range for that frame.
For secure communications, it becomes desirable to generate frames with MAC addresses that are not attributable to any specific sender or receiver. Each node executes one or more application programs and that communicate by transmitting packets through communication software and , respectively.
Examples of application programs include video conferencing, e-mail, word processing programs, telephony, and the like. The lowest levels of communication software and communicate with hardware components and respectively, each of which can include one or more registers and that allow the hardware to be reconfigured or controlled in accordance with various communication protocols. The hardware components an Ethernet network interface card, for example communicate with each other over the communication medium. Each hardware component is typically pre-assigned a fixed hardware address or MAC number that identifies the hardware component to other nodes on the network.
One or more interface drivers control the operation of each card and can, for example, be configured to accept or reject packets from certain hardware addresses. One straightforward method of generating non-attributable MAC addresses is an extension of the IP hopping scheme. In this scenario, two machines on the same LAN that desire to communicate in a secure fashion exchange random-number generators and seeds, and create sequences of quasi-random MAC addresses for synchronized hopping.
Devault et. Hluchyj] M. Anderson, "A quantitative comparison of scheduling algorithms for input-queued switch", Computer Networks, volume 30, number 24, Dec, Yeh] Y. Yeh et al. Peros] H. Peros and K. Roberts] J. Roberts, U. Mocci and J. Shiomoto] K. Shiomoto et. Ramakrishnan] K. Kalampoukas] L. Kalampoukas, A. Varma, K. Labrador] Labrador M. Kalyanaraman, R. Floyd] S.
Floyd and V. Jacobson] V. Coffman] K. Betker]Betker, M. Viterbi] A. Walke] B. Bettstetter] C. Bettstetter, H.
Vogel, J. Mouly] M. None of your libraries hold this item. Found at these bookshops Searching - please wait We were unable to find this edition in any bookshop we are able to search. These online bookshops told us they have this item:. Tags What are tags? Add a tag. Public Private login e. Add a tag Cancel Be the first to add a tag for this edition. Lists What are lists? Login to add to list. Be the first to add this to a list. Comments and reviews What are comments? Add a comment.
Queensland University of Technology.