Future Touch

Career in Information Security/Ethical Hacking

by on Dec.18, 2012, under Security

What is the entry level post?

Network Security Administrator

Application Security Tester

Forensics Tester

Ethical Hacker

Junior Security Auditor

Security Certified Programmer

Security Certified Information User

-What is the starting salary?

In India the starting salaries are of the range Rs 15K-50k depending on qualifications. For e.g- A person who has done B.Tech computer science along withh a security certification like MASE will normally get around Rs 30K as a starting salary and a person who has done diplomas etc with security certification like MASE will get around Rs 15K once he completes the probabation period. Then he moves on to drawing higher salaries with time and experience. Security sector is one of the highest paid sector in the world and for India it will be no different. The salaries go up to infinite range and security experts earn 15 lakh per annum and company’s CISO ( Chief Information Security Officer ) earns around Rs 25 lakhs per annum

-What is the growth curve like starting as a fresher, where can he go?

Network Security administrator -> Network Security Manager -> Security Officer -> Chief Information Security Officer

Ethical Hacker/Penetration Tester -> Security Consultant and Manager -> Chief Information Security Officer

Application Security Tester -> Application Security Developer -> Application Security Manager -> Chief Application Security Officer

Forensics Tester -> Forensics Manager – > Forensics head

Junior Security Auditor -> Security Auditor

Secured Programmer-> Security Project Manager

And many more…

- What is the industry growth rate both india and world ?

over 30% in India and around 21% in the world

What are kinds of DATA THEFT?

Theft of Intellectual Property/Softwares etc stolen -

These thefts occur at 2 levels

a) Ideation and Software design for the software – This means the theft occurs at a stage when the software is not made but thought of and designed. This can occur if any of your employees in the core project team leaves the company during the project and joins the competitor where he presents the same architecture. He can either have the documents of the software design or have the architecture in his mind. The theft can be prevented by implementing laws such as an employee is not allowed to leave a company midway of project, creating laws that abide him to do that ( employee contract) and heavy penalty enforced in case he does it. The theft can also occur technically by hacking into the project team’s individual laptops or computer when they are at home. This can also be prevented by processes and technical security which can be taught to them.

b) Theft of the software program – This is not that easy and is done in following ways

- Project is outsourced to a third party who copies the software and perhaps sell under different brand name

- Software program is stolen from the core team’s computer by hacking when they might take the software home for testing, coding etc

- Individual software uncompiled codes stolen which can be later combined to form the software ( E.g.- An Appin employee shares the security software code with friend from competitor company for checking the code, to prove his/her capability )

These thefts can be done intentially by your own employees for financial gain by using emails, removable devices or captured by hackers by using techniques of social engineering or technical hacking. For preventing these a team should be maintained for technical security, its up gradation comprising of security people, ethical hackers, security managers etc along with enforcement of laws and security processes within an organization. You also need to consult specialists in security, have regular training programs to stay aware about the latest threats and ways adopted. This is information age and you need to understand, implement and upgrade your information security skills, awareness programs on Information Security for everyone in the organization. Information can be leaked at all levels and hence should be secured at all levels

Other kind of data thefts that happen include customers databases, confidential proposals, strategy documents and even board room meeting minutes. Some case have been reported. For e.g – A famous Data Center had some client data copying in the past, A famous gas company’s statistics were stolen, Some other internet based companies are hacked and their data is copied often, even government information has been stolen by hacking into web servers and other attacks done by countries that are against India. I will not name a company because this is classified information. They could sue us for providing this information. Top companies have been hacked like we heard the recent case of airtel.

These can be prevented by taking measures as mentioned above along with special security consulting companies taking care of your information security

India is it equipped?

Though Indian companies has started adopting security but we still have a long way to go till it becomes a part of our psychology. We lock our houses but forget the same about digital information. We need more technical man power, companies should increase their budgets to save their reputation, clients and business secrets. We need to become a security conscious nation else our BPO and IT industry which is reputed in the world will lose its reputation and fall down on growth rates. We have to be more secured than any other nation . We are sure to achieve this if we all work together.

BPO’s

BPO & Data processing facilities are basically classified into different segments with respect to their capabilites, revenues , turnovers .

One is a set of huge BPO’s like Convergys, Genpact, HSBC, Wipro Spectramind etc which are very secured. The problem is still we have seen thefts in

HSBC, Wipro Spectramind in last couple of years.

Then there is another set of BPO’s which are smaller in size and don’t have adequate security processes and infrastructure. It is very easy to copy data, leaque data etc.

The reason is not that they can’t do it. They are just not aware and hence none of the employees are aware too.

Then there are very small BPO’s which are ranging froma head count of 5- 100 people which don’t follow security policies at all.

Thus overall Indian BPO industry needs to raise its standards in Security, take more training programs, consult experts as this is the primary industry of India and hence the reputation and revenue loss is big if a crime occurs

sell surplus wedding goods

Leave a Comment :, , more...

Why do you need computer security?

by on Dec.11, 2012, under Security




Computers are an inseparable part of our lives today, life that has increasingly become technology driven. Besides work, we use computers for communicating, banking, entertainment, research – just to name a few. Besides hardware, security of the new-age machines is threatened by malicious software, viruses, Trojans etc. all designed to cripple a system. Loss of computer security leads to corruption or loss of data, misuse or theft of information, identity theft and unauthorized use of client information, transmission of computer viruses that can affect third parties and can lead to potential liability, services interruptions, security breaches at vital government installations that can threaten national safety. For corporate houses, loss of computer security can make vital difference in acquiring new work and sustaining current projects.

These are strong reasons to computer support the need for installing computer security systems. The first important requirement is licensed Anti-virus software. There are over 50,000 known viruses and 200 new viruses are discovered every month. The easiest method for spreading viruses is by e-mail attachments or instant messaging messages. Viruses can be disguised as greeting cards, funny images, or video and audio file attachments. The computer needs to get updated with latest threats and that is possible only with original computer security software as it gets automatically updated every time the machine goes online.

The next important requirement is Firewall Software. This enhances computer security by controlling communications from it, prevents unwanted accesses and is capable of blocking outgoing and incoming IP addresses.

Often computer security is compromised due to spyware that enters a machine by deceiving the user or through some software loopholes. Sometimes the user is tricked into unknowingly installing it or it piggybacks on desirable software. Hence, spyware removing software is a must in the computer security system.

A pop-up blocker is another important element in securing computers. Malicious attackers are likely to use pop-up windows that are concealed as special offers to set up a malicious code on a computer.

Besides all these installations it is important to ensure correct practises to ensure computer security when accessing the Internet. Never download email attachments from unknown persons, do not share your banking details and passwords with unknown people, do not click on links inside emails, for financial transactions – type in the URL each time on your browser and take care when sharing flash drives. These are just some additional measure to ensure computer security. Always buy licensed, original Operating System Software and Anti Virus Software. While there are cyber laws to help track and punish breaches in computer security, its better to be safe rather than sorry!


vegas wedding favors

Leave a Comment :, , more...

Internet Monitoring Tool

by on Dec.05, 2012, under Security




Internet Monitoring Tool

While many Spysure network version customers make use of internal (as opposed to external or Internet) monitoring tool options such as HP’s OpenView, Ipswitch’s WhatsUp Gold, IBM’s Tivoli, or another monitoring device, a remote Internet monitoring tool really is the only way to be absolutely sure your online services are available to your users at all times. Spysure network version is the most comprehensive external Web monitoring (remote) software available.

To illustrate, let’s say your Web server is on your own internal LAN (Local Area Network), and you have a local monitoring device installed which checks the server for uptime or response time directly from inside your network. By default, this monitoring device will normally take the shortest path through your network to reach the target server, meaning it will not traverse many of the devices that your customers must go through, including routers, firewalls, external DNS servers, and/or your ISP (Internet Service Provider), as an Internet monitoring/remote software tool would.

Internal monitoring devices only inform you that your server is functioning properly, not if your customers can actually reach it or not, or what kind of response times they are experiencing. Spysure network version, an external Internet monitoring tool, will alert you the instant a performance or availability issue is detected in your online infrastructure through its constantly monitoring remote software. Only an Internet monitoring tool can pinpoint weaknesses in the online chain of command.

The Online Chain of Command

The first device most people consider when planning to monitor their Internet connectivity, either internally or via monitoring remote software, is the Web server. There are, however, a number of other crucial devices and commonly deployed services that companies need to track using an Internet monitoring tool as well. Why? – Because the more devices along the Web server chain you monitor, the easier it is to highlight and resolve any connectivity problems that arise. An internal monitoring device cannot help you in this situation. You need to be monitoring with remote software.

For example, in the event of a DNS server failure, Spysure network version would be unable to locate your website. If your website were the only Internet device being monitored, it would take a great deal of investigation to determine the cause of its failure. If, however, both your DNS server and your website were being monitored via remote software, you would have received two alerts: (1) because your DNS server was down and (2) because your website would be inaccessible. In this case, you would be immediately aware that a DNS server failure rendered your website inaccessible, allowing for faster repair. This is not possible using only an internal monitoring device.


candy favors
Leave a Comment :, , more...

Should SpyAxe Be Trusted?

by on Nov.28, 2012, under Security




While SpyAxe promotes itself as a legitimate spyware removal tool, it is actually a rogue security program, or trojan, that is spyware. This application can do many harmful things to your PC, and is not capable of anything it claims to be able to do. You may have an icon or two in your system tray that pop out balloon messages warning you of security threats. If you do, beware. Here is more information on this malicious program to help you determine if you do have it, and what you should do.

Most fake antispyware programs are pretty much the same. They advertise aggressively to the user, warning them of security threats. The next step is to scan your PC with a free scan in order to detect these threats. Once detected, they will supposedly be removed. The fake applications notify you after the scan is performed that in order for these infected files to be removed, you must purchase the product. This is the hacker’s way of making money on something that is totally useless.

SpyAxe cannot detect anything, so the results displayed are false. They are most likely the very same results that are shown to any computer user that downloads the fake scan. This program cannot remove anything, and it won’t restore the security of your computer. It may place more malware on your PC, modify system files, collect private information and perform other devious tasks. You will more than likely notice that your computer has become slow or unstable if you have spyware installed. Pop-up ads, browser redirection and a changed home page are other common symptoms.

Rogue security programs like this one can actually damage your computer, and install without your permission or knowledge. This may happen when you download certain files like music and videos, or by visiting unknown websites with questionable security. You might also get it by clicking on links in spam emails. Spyware is very sneaky — it hides in the background, and runs constantly which uses a large amount of your system resources, which accounts for the slowness of your PC.

If you suspect that SpyAxe has been placed on your computer, it should be removed at once before further damage is done. Manual removal is possible, but not advised because you risk damaging your PC if it isn’t done correctly. To remove spyware, parasites and other infections, you should use a reputable antispyware tool that is guaranteed, and removes 100% of all security threats automatically, completely restoring your PC back to normal.


winter wedding favors
Leave a Comment :, , more...

How Do I Secure My Private Information When Surfing the Internet?

by on Nov.20, 2012, under Internet And Businesses Online



Privacy has become an important concern for many internet users. Whenever you use web browser, all information about the user are transferred via insecure internet connection. Most of the times, your information will not be encrypted, allowing hackers to interrupt the connection and get your personal information. When your identity is stolen, anything undesirable may happen. The problem here is that you don’t know who stole your private information and there is no means to find 1the culprit. Online shopping is now popular enabling the users to buy anything from the comfort of their home. Though the financial transactions are secured, you cannot stop your personal information to be sent to the server.

Threat to privacy

Whenever you open a website in a web browser, your private information including your ip address and geographic location are sent to the web server. All user interactions and user information are logged in the web server. Thousands if not millions of people are monitoring network connections to get unauthorized access to various computers on the network. The server logs are readable making your private information public. Knowing your ip address and other personal information will let them hack your computer without your knowledge. When you enter your credit card number and other personal details in a webpage, you are risking your privacy. Apart from stealing your identity, hackers may misuse your information in several ways.

Need for proxy services

Secure surfing is possible with the use of proxy web services which allow you to surf the internet without revealing your identity. When you use proxies, your geographic location will not be sent to the server preventing hackers from attacking your computer. Good proxy websites help you stay away from spyware and other malicious programs. Apart from ensuring security, proxy websites speed up browsing by caching requested pages. Rather than fetching the pages from the server, proxies fetch the pages from the cache decreasing the fetching time.

Types of proxies

Transparent proxies help you surf the internet faster but none of your information is protected. If you are looking for secure browsing, then these transparent proxies will not serve the purpose. Anonymous proxies allow you to browse the internet without disclosing your ip address and personal information. However, the servers can understand that you are browsing from a proxy website. You can find a list of many anonymous proxies which provide free services. High anonymous proxies provide the exact security you expect. None of your system information will be sent to the web server and nobody can guess that you are surfing with the help of proxy services. Faster and more secure internet access is possible when you use high anonymous proxies.

If you want to hide your ip address and let the servers know that you are using proxies, then free services can be used. But if you are more concerned about your privacy and you want nobody else to guess that you are using proxy services, then you have to go for paid high anonymous services provided by proxy websites.
About the Author:
overstock coupon codes


Leave a Comment :, , more...

Cyber Security Professionals – Necessities In The 21st-Century Computing Environment

by on Nov.11, 2012, under Internet And Businesses Online



The vast network of cyber-space presents – or, can harbor — major threats to the security of personal computers; LAN and WAN networks; and wireless Internet networks. Trained computer networking specialists who are experts in cyber-security are needed to secure networks and computer systems for effective data storage and retrieval. Just as importantly, they are needed to secure the privacy and integrity of personal and corporate identities. These professionals can find work in private firms, in consulting, or at the state and federal government levels. Most individuals complete at least a bachelor’s degree before working in the cyber-security field.

Hackers pose special threats to computer network security. These technology and networking experts use their insider information to grant themselves access to computer networks, without permission. Our modern computing environment is an open one, and individuals with systems and software knowledge – or, even, persons with the gumption to steal data or computing devices – can easily get their hands on very sensitive information.

Much information should be kept private, and serious damage can ensue if this information falls into the hands of hackers. One of the greatest risks to business computer and personal computer users who are working on unsecured networks is identity theft. A cyber-thief can use a personal or company address; financial and credit card information; or even a personal social security number to steal money from individual or corporate accounts. This is a serious crime – one with far-reaching consequences, including ruined credit records — and increasingly easy to commit in today’s open-computing, technology-heavy environment. Cyber-security professionals who are adept at designing secure, hack-proof information systems and networks are needed to win the fight against identity theft.

Spyware and viruses pose another threat to the integrity and security of computer data. Spyware is installed on a computer without the user knowing, and can collect personal data or interfere with computer applications or run-time. Viruses are computer programs that replicate themselves to infect the machines, often damaging files or even hard drives in the process. There now exist several types of anti-virus and anti-spyware software that can be installed on a personal computer or on networked office computers for low or no cost. Security professionals on IT repair teams might be trained in the use of this software. Some professionals might provide security consulting services to businesses and individuals, as well.

Skilled cyber-security professionals also know how to install and maintain firewalls. These pieces of software or computer appliances are security devices that monitor activity between networks – usually, networks with different levels of security and access. Firewalls might restrict permissions to various Internet activities or Web sites. The level of security firewalls provide on large business networks can be changed or altered by security administrators. There exist many types of firewalls, including network layers and proxy servers. Understanding what each type of firewall does, and when it should be applied are main responsibilities of a cyber-security student; typically, he or she will take several classes about firewalls to complete a network security degree.

Design and evaluation of secure computer network systems are special skills, in which cyber-security information systems professionals must be proficient. Secure network architecture is imperative in preventing hacking and threats to information integrity. Some cyber security professionals will be employed as business consultants, routinely evaluating system security software, and creating and testing secure network systems.

Finally, some cyber-security professionals might be employed to work on major projects and contracts where information privacy and integrity is vital. The U.S. Department of Defense or the Office of Management and Budget (OMB) in Washington, D.C., for example, need cyber-security specialists to create networks that will protect highly sensitive or classified data. Similarly, cyber-security specialists are needed in biology and scientific research centers, such as those found in universities and hospitals, to make sure data and findings remain secure. Specific federal regulations outline how these findings should be secured, so specialists can help these research centers stay compliant.

The field of cyber-security is a constantly evolving and important area of information systems science. Individuals pursuing an education in this challenging and lucrative field will be sure to find fascinating work and a lifetime of learning throughout their careers.
About the Author:
bridesmaid gifts


Leave a Comment :, , more...

What to Look For in a Colocation Data Center in Palm Beach County, Miami-Dade County and Broward County

by on Nov.06, 2012, under Networks




A colocation data center is a facility that offers network, server and storage services while allowing interconnection with other network service providers and telecommunications service providers. The services are packaged for simplified processing and are usually given at much lower costs. Network access point facilities like the famous NAP of the Americas usually offer colocation data center services. In industry parlance, this is usually referred to simply as “colo.” But what should you look for in a colocation data center in Palm Beach County, Miami-Dade County and Broward County that also serves Fort Lauderdale, Aventura, Hollywood, Hallandale Beach, Pompano Beach, Lighthouse Point, Boca Raton, Miami, Miramar, Miami Beach, North Miami Beach, Tamarac, Coral Springs, Coconut Creek, Davie, Cooper City, Weston, Sunrise, Palmetto Bay, Kendall and Homestead?

First of all, make sure the colocation data center offers full cloud computing services, providing various business applications that are accessed online while software and data are securely stored in remote virtual servers. Among its services should be the provision of dedicated virtual servers, managed dedicated colocation hosting, private networks, internet network security, data storage and data backup, broadband internet access, and VoIP.

Network security is crucial in a colocation data center. Make sure it qualifies as an SAS70 Data Center which means having passed the Statement on Auditing Standards Article 70. The security requirements for passing this audit are very stringent and include having twenty four hour maximum security.

If you have your own servers and licensed software, make sure the colocation data center can house these in state of the art facilities with a controlled environment equivalent to carrier class, guaranteed uninterrupted power supply, reliable generators, internet access, firewall protection, tape rotation, backup and storage and guaranteed uptime of 99.9% with a Tier 1 Internet foundation. Make sure the colocation data center services and fees are flexible and can be scaled according to your company’s specific needs.

If you have your own professional technicians, make sure the colocation data center will allow them to install your server equipment and software and perform all the necessary maintenance procedures whenever necessary. If you do not have your own staff of technicians, make sure the colocation data center can provide you with the services of professional technicians to install and maintain your server equipment and software.

If you do not have your own server equipment, make sure the colocation data center can lease dedicated virtual servers to you on a monthly or yearly basis, depending on your needs. Make sure the colocation data center allows flexibility in upsizing or downsizing the server capacity you need. Having a virtual server will allow you to have dedicated hosting. If you are reselling managed hosting services, make sure the colocation data center offers you a competitive price that you can pass on to your clients.

When you lease a dedicated virtual server, make sure you have a choice of either managed or unmanaged servers. If you have your own professional technicians, you will appreciate the full control you can have over unmanaged servers that your own technicians will handle. If you do not have your own professional technicians, you will appreciate the full convenience of managed servers for an additional fee.

Check out the services and facilities of the colocation data center you are considering before choosing the best one for your company in Palm Beach County, Miami-Dade County and Broward County wherever you are based in Fort Lauderdale, Aventura, Hollywood, Hallandale Beach, Pompano Beach, Lighthouse Point, Boca Raton, Miami, Miramar, Miami Beach, North Miami Beach, Tamarac, Coral Springs, Coconut Creek, Davie, Cooper City, Weston, Sunrise, Palmetto Bay, Kendall or Homestead.


work at home mom
Leave a Comment :, , more...

The Importance of Web Hosting Security

by on Nov.06, 2012, under Web Hosting




What do you look for in a web host? A low price? Reliability and good support I hope. If you’re anything like today’s ambitious webmaster, you’re on the hunt for the best features. There’s a lot of programs and management tools available to make your site standout but I bet there are some features you pay no mind at all. Often overlooked but one should never forget about critical security features as they will help to keep your web hosting environment protected from an array of threats. Security features are abundant but here some you simply can’t do without:

SFTP



Short for Secure File Transfer Protocol, SFTP is more efficient and secure variation of FTP. In its purest form, FTP only has the ability to transfer files, leaving them vulnerable to a range of security breaches such as eavesdropping, tampering and even interception of the entire file. A web hosting company offering SFTP provides you with the ability to secure your files in transit with SSH (Secure Shell Host), a protocol that protects data with government recommended 128-bit encryption.

SSL



Secure Sockets Layer or SSL, should be incorporated on any website that sells products or services. SSL is a standard encryption protocol designed to keep internet communications secure. If a web hosting company doesn’t support a shared or private SSL certificate, you need to turn in the opposite direction and find yourself another provider.

Data Backups



Data backup and restoration is not only something that should be practiced with the files on your hard drive, but those on the web host’s server as well. All it takes is one technical difficulty or natural disaster for the web hosting company to lose a server and all of your website data. The good thing is that most providers perform redundant backups to ensure that your data can be restored in the event of a failure. To be on the safe side, I recommend looking into a web host that offers a utility that allows you to backup your own data.

Network Security



Aside from protecting your files and website transactions, you also need to keep an eye out for security features that protect the web hosting company’s network. Do a little research to learn how the web host is protecting their infrastructure, keeping in mind that intrusion detection systems, firewalls, DDoS protection, virus and spam filtering are common features. Servers are prime targets of hackers and malicious code writers so if the hardware is breached or goes down, your website will suffer right along with it.

These are just a few of numerous security features a web hosting company should offer to ensure the safety of your website data. Hackers are constantly trying to ***** into web servers while malware writers are releasing new infectious strains everyday. A web host that doesn’t take this into mind is essentially leaving you wide open for exploitation.


godaddy coupon code

Leave a Comment :, , more...

Proxy Templates

by on Nov.05, 2012, under Computers And Technology




Proxies let the users surf the website from blocked location like a school, university library or an organization. They keep you safe and secure by maintaining your privacy. In simple words, the proxy servers hide your identity and access blocked websites on your behalf. On the web network, there are a lot of websites which offer features like file-sharing, instant messaging or leaving comments for the user’s profile, and a lot of schools and organizations have blocked such websites to be accessed from their locations to restrict people from logging in to these websites.

The development of proxy servers has a technological advance over these restrictions. These proxies let you access websites from restricted locations and are a source to bypass secure sites from blocked locations, as they have the ability to bypass the network firewalls and filters. These proxy servers enable the users to surf the internet from blocked servers and are compatible to surf through sites which have audio and video streaming platforms like Youtube.

Another advantage of a proxy server is that the chance of getting virus, spyware and other malicious scripts is reduced, and as a result your computer becomes a safer and reliable machine.
A lot of web sites offer the proxy servers and most of them provide proxy templates as well. Designing a proxy template is not an easy task. Considering this fact, a lot of websites offer pre-designed proxy templates for you. These proxy templates can be downloaded and are simple and easy to use.

The downloaded proxy templates are free of cost, but most of the host websites may require you to back-link to their websites. PHP and CGI proxy templates are also available on such websites. The downloaded files for the proxy templates and themes comprise of the necessary designing and setup files and you can customize your website as per your requirement. Normally, the downloaded files are in zip format and you may need to extract the graphic files, images, fonts, Photoshop files and the script files. To avoid any misuse of the script files, the configuration files are available in the download which lets you customize the template, as you may require, and edit the text files like the Meta keywords, description and titles.

The PHP proxy and the CGI proxy provided are updated versions and are fully up-to date with the required technology. The host websites offering these proxy templates may allow you to put a link to download the templates on your website too based on the condition that the site is linked back to the host website.
unique wedding favors

Leave a Comment :, , more...

Secure Authentication Mechanism in Mobile Internet Protocol Version 6

by on Nov.02, 2012, under Security




Secure Authentication Mechanism in Mobile Internet Protocol Version 6

 

Mojtaba Sadeghi, Hamid Reza Naji, Tawfik Zeki

Department of Computer Engineering

Islamic Azad University

Dubai ,UAE

                                                            June 2009

  

Abstract

This paper  presents a secure authentication method  for Mobile IPv6. As a default IPsec is used for secure signaling messages between the Mobile Node and other agents in Mobile IPv6 networks. Mobile IPv6 message transactions include the Binding Updates and Acknowledgement messages as well. We propose a new mechanism for securing Mobile IPv6 signaling between Mobile Node and other agents.  The proposed method consists a Mobile IPv6 message authentication option and cookie management that can be added to the current protocols for securing IPV6. Also we investigate an architecture to integrate the mobility authentication signaling. This architecture is implemented and evaluated. In Mobile IPV4 protocol and also some authentication protocols of Mobile IPV6, there are some difficulties for satisfying timing requirements. We show the latency can be decrease between the Mobile IPV6 node, Home Agent and Correspondent Node with creating a cookie file keeping the mobile node identification.

 

1.Introduction

The security of a mechanism and protocol depends on the reliability and infrastructure of the Internet routing. The protocol will work between mobile nodes and any other Internet node that have no previous connection or relation with, and also we assume there is not any specific global security infrastructure. When Mobile IPV6 was developed, the built-in technology made it possible for users to change their points of attachment to the Internet while they still using the same IP connections established before. But, authentication and authorization, which are too important functions in wireless networks, were not considered during the design and creation. Therefore, this paper investigates the integration of MIPv6 and Authentication systems and develops integrated architectures as well. The mechanism described in this paper is a simplified version of the actual Mobile IPV6 protocol. We focus on the binding-update messages sent by the mobile node to its correspondents. In fact authentication service is the most important protection and inspection services in wireless networking. Security designing in mobile network is a critical stage in developing and establishing a Network infrastructure system. While a wireless system provides economic, convenience and efficient network , it must also be secured to prevent attack for theft and damage of data and  information . A safe and secure wireless network can ensure that your data transmissions are not intercepted, abuse, misuse by unknown third-party. Unsecured wireless networks are vulnerable to many types of problems, including:

-Theft of information

-Corruption or illegal modification of data

-Interception of interaction ,transaction and communication

-Insider abusing of network data and resources

Establishing a professional and secure wireless network means implementing a framework of authentication, encryption and key management protocols[1]. We focus on authentication with IPV6  in this paper. As a description , authentication is a process of verifying that a device or user that is attempting to log in to the wireless network, should be allowed on the network. Encryption and Key Management are processes and techniques that are make more complex and scramble data so that an unauthorized user or device that receives the data cannot use that.

 

2. IPv6 Review

Based on the recent concerns over the lack of internet addresses and the desire to provide more functionality for modern mobile devices, an upgrade of the old and current version of the Internet   Protocol (IP), called IPv4, has been established. This new version, called IP version 6 (IPv6), resolves  weakness of IPv4 design issues and made a revolution in Internet in recent years. The long of addresses in IPv6 are 128 bits. The first 64 bit are used for the link prefix. Which it  is assigned to every link and gets advertised through routers on that link. The second 64 bit of the address belongs to the interface  identifier .There are different scopes of IPv6 addresses in networking. The different scopes can be     diagnostic by looking at certain bit patterns of the address prefix.  

We can call the most important scopes in IPv6 as below:

- Link local: An address with a scope of link local only can be used to communicate within the node’s link. Packets with this link addresses will not be

routed outside the link. The first 64 bits of this addresses are fixed and look likes this: 1111111010 0 . . – Site local

First 10 bits Proceeding 54 bits. Link local addresses are like unique addresses  inside a site. The size of a site will define by site administrator. It can be a small home network with two or three clients or even the network of a university with hundreds nodes. The first 64 bits of site local addresses look like follows: 1111111011 0 . . . – Subnet ID

The 16 subnet bits are used to differentiate sites and First 10 bits Proceeding 38 bits last 16 bits. Protocol transitions are not easy and the transition from IPv4 to IPv6 is no exception. Protocol transitions are typically deployed by installing and configuring the new protocol on all nodes within the network and verifying that all node and router operations work successfully. Although this might be possible in a small or medium sized organization, the challenge of making a rapid protocol transition in a large organization is very difficult. Additionally, given the scope of the Internet, rapid protocol transition from IPv4 to IPv6 is an impossible issue. The designers of IPv6 recognize that the transition from IPv4 to IPv6 will take years and that there might be organizations or hosts within organizations that will continue to use IPv4 indefinitely[1]. IPv6 solves the network address limitations of  the current IPv4 protocol by replacing IPv4′s  32-bit addresses with 128-bit addresses. Different elements were considered during the design of IPv6. One of this consideration is forecasting about the needs of future markets. We can guess that future of internet markets would rely on more security, high efficiency, and mobility[7]. Another successful issue of IPv6 designing is the way of internet’s transition from IPv4. This kind of transition involves with different software, hardware, protocol and infrastructure problems. Fortunately IPv6 has been developed to work with IPV4 network protocol as well. By creating a tunnel to transfer IPv6 packets or by creating a tunnel for transferring other protocol packets, IPv6 will support without requiring any fundamental changes. When a mobile node is far from it’s home agent, it sends information about its current location to the home agent. Any node that it wants to start interaction and communication with a mobile node will use the home address of the mobile node for this communication and sending packets. The home agent intercepts these packets information, and via using tunnels the packets to the mobile node’s care-of address. In fact Mobile Network IPv6 uses care-of address .But for supporting route optimization for direct connection between Mobile Node and Correspondent Node, the Correspondent node will use IPv6 header than the IP encapsulation. Mobile IPv6 technology allows a Mobile Node to move within the Internet infrastructure without loosing an old established connection. It means for a Mobile Node to be reachable at any time by a Correspondent Node it must have an address that not change. In fact this address belongs to the subnet of home network. In Mobile IPv6 this address is called, Home Address or HoA. If Mobile Node be available in its home network, all packets that want to reach to it, can reach the through the normal routing way. In this situation the Home Agent is topologically correct for the Mobile Node. But if the Mobile Node moves to another subnet, it must to update a Care of Address that topologically this address belongs to the new network. From now Mobile Node  will not be reachable through its HoA as well. Home Agent is responsible to receive all packets that destined to the Mobile Node, whenever Mobile Node is in another visited network. Whenever Home agent receives a packet, it would establish a tunnel it to the Mobile Node’s current Care of Address. It proves the Mobile Node has to update its Home Agent about its current Care of Address regular. It means Home Agent will forward any packets destined to the Mobile Node’s Home Address, to its current Care of Address in visited network. These packets will send through a tunnel to the Mobile Node. It should be considered that the tunnel begins from the Home Agent and will end at the Mobile Node. Mobile IPv6 works like transparent for upper layers like applications. Any time Mobile Node wants to send a packet to the Correspondent Node, it can send it direct to it’s address.

 

3. Security on Mobile IPV6

 3.1. Data Encryption and authentication protocol

One of the solution for making sure that unauthorized users or systems do not access on your wireless and mobile network is to encrypt your data and files. The famous and basic encryption method, WEP (wired equivalent privacy), unfortunately was found to be completely weak and nonstable. WEP works on a shared key technology, or password, to prevent unauthorized access. Anyone who find the WEP key or even stronger key can join and misuse the wireless network. There is no any mechanism or technique in WEP  to automatically change this key, and some tools have produced that can ***** a WEP key very fast , even less that 60 sec! It means it will not take long time for an attacker to access a WEP-encrypted in wireless network. We can say the procedure of  RADIUS server is receiving end user requests, then authenticating the user, and finally providing the NAS plus all of the  information for it to deliver services. This protocol of authentication provides a centralized security system to control access to the network resources. Lightweight Directory Access Protocol or LDAP  is called another authentication protocol which defines organized and accessed information. As we know an authentication protocol is a set of rules for communication between server and clients. By implementing LDAP, Network administrator can control users and clients easier with centralize and secure user information[12]. Also there are other mechanisms for mobile authenticating clients, the combination of  RADIUS, EAP, and LDAP is the most common and available solution in use in business today.  Each component has associated open-source software that is freely available for network administrators to download, configure, and use. Thus, with the hardware in place, installation of an authentication system is inexpensive[15]. 

 

3.2. Hijacking and Spoofing on Mobile IPV6 Networks

The first difficulty of IP networks is that it is difficult to know where information really comes from. An attack called IP spoofing takes advantage of this weakness. Since the source IP address of a packet has no influence to the deliverability, it can easily be changed. The attack – called spoofing – makes a packet coming from one machine appear to come from somewhere else altogether. It’s obvious that IP based address is not trustable at all, because everyone can claims he is the owner of this IP address. Even after authentication step , still everything is not safe against sessions hijacking. It means after identification of a person, we can not make sure he will be the same person during the rest of that session. That’s why all source of data must authenticated during the transmission. Still most of networks in the world are based on Ethernet or cabling LANs. This type of network normally are cheap, globally available, easy understood and fast to expand. But making spying is easy in these networks, because any node is able to read every transmitted packet over the LAN. Formally, each network card only listens and responds to the packets that specifically belongs to it, but it is not difficult to ask these devices to listen all packets during passing on the wire. The first recommendation for all Mobile IP networks is to use encryption and authentication the data. But there are still problems on that. We should consider all encryption keys will be exchanged during communicating parties. It’s a rule that encryption keys use encryption algorithms to encrypt and decrypt data. 

 

3.3. Mobile Node MAC address and Authentication

A sorted care-of address is a care-of address that obtained by mobile node as a local IP address. This IP address will be dynamically acquire, may be through a DHCP server or via a foreign agent. After assigning a routable IP address to MN, the mobile node is now able to establish and communicate directly with it’s home agent, careless of  foreign agent. By implementing of this method, mobility decapsulation has done. Sometimes Mobile Node uses the Mobile Node Identifier option to establish of communication and enable the Home Agent to start using of available authentication infrastructure. One of the most difficult step for an attacker is finding the MAC Address of wireless Lan[7]. Many of systems may trust on a faked MAC address, as an authorized wireless router or client. Attacker can start denial of service attacks by passing access control mechanisms in wireless. MAC addresses have been used as unique layer 2 for network identifier in Mobile IPV6 Networks. As we know MAC address is unique in the world for all network-based devices. Organizationally unique identifiers (OUI) has allocated to all hardware manufacturers specially network products manufacture. Generally the MAC address of a client or mobile node is used as an authentication parameter or a unique identifier for making security in authentication level. When an attacker changes their MAC address they continue to utilize the wireless card for its intended layer 2 transport purpose, transmitting and receiving from the same source MAC. All 802.11 network protocol use their MAC addresses to be changed, with support from the manufacturer[6]. Linux users can change their MAC address with some command or programming with C program. But windows users are able to change  their MAC address by configuring the properties of lan card drivers. We should care that an attacker may choose to change the MAC address for different  reasons[15]. The Mobile IPv6 protocol enables a Mobile Node to move from one network to another network without the need to change its old IPv6 address. Because a Mobile Node is always routable and addressable by its home agent, which is the Mobile Node’s IPv6 address. When a Mobile Node is far from its home network, messages can be routed to it using the Mobile Node’s home address. Normally the movement of a mobile node is completely invisible to transport and other layer protocols. 

 

3.4. Mobile IPV6 Accounting

Mobile IPV6 accounting can be divided to four processes: metering, pricing, charging and billing. Actually the duty of metering process would be measure and collects the resource usage information which is related to a single customer’ service. Also the task of pricing would be the process of determining a cost per unit. Then charging process make compatible the pricing data to the usage of resource to an amount of money that we called charge. This charge has to paid by customer. And billing process obviously  informs customer about the billing information[7]. In fact accounting on Mobile network means the act keeping the records for all user’s usage of the source. The primary aim could be billing for any user but for security reasons we need to know each users logon and logout time, visited websites, amount of download and upload and so on.

 

4. New Mechanism

 4.1.  Mobility Message Authentication with a Cookie File

This section defines a new mechanism in mobility message authentication option that can be use to secure Binding Update and Binding Acknowledgement messages in mobile IPV6 networks. This mechanism is able to used along with IPsec or preferably as an new mechanism to authenticate Mobile node in communication with Home agent or foreign agent to Binding Update and Binding Acknowledgement messages whenever we don’t have IPsec infrastructure in our network. The simulation of the Mobile IPV6 protocols is based on the implementation of Mobile IPV6 in Network Simulator 2 (NS2). Overall implementation is based on home station, correspondent node and mobile agents. In fact base station agent will implement the functionality of home agent and foreign agent. This agent will create the Broadcasting area. This area will re-set every second. Mobile IPV6 agent finds the advertisement and registers with home agent and foreign agent based on protocol. The registration timeout for Mobile IPV6 protocol has set for one second. It means every second updating of registration will happen. For simulation we developed a simulated Mobile IPV6 network that considers to delay and payload.  Also for the simulation of the authentication with a C++ code  home agent will create a cookie file as a identity file. Based on our assumption the Mobile Node has registered with the home agent before leaving it’s subnet. The Mobile Node as a personal computer has some specific details that it can save them in a cookie as a file and then encrypt the file[10]. Home Agent MUST include this option in the BA if it received this option in the corresponding BU and Home Agent has a shared-key-based mobility security association with the Mobile Node[2]. 

 

4.2. New Care-of Address and Binding Update

After detection that a Mobile Node has moved the network, new CoA allowed to access to the network, but it must inform its Home Agent regarding the new location of Mobile Node. It’s a big concern in mobility that whenever a Mobile Node lost it’s connectivity with its last router, until it informs its Home Agent about its new location, all messages that sent to it will lost and also it will not able to send any packet to any of correspondent nodes. Actually a Mobile Node registers its new Care of Address to its HA via sending a binding update message. Then Home agent does acknowledge this update by replying a binding acknowledgement and from that time is able to tunnel the packets from Mobile Node’s home address (HoA) to the Mobile Node’s in new location. In the last step, The Mobile Node informs all of its Correspondent Node, its new location and that it is reachable with this new Care of Address. It means after registering, the Mobile Node sends a BU to all CN to inform them about its new location. By the way, there is an additional procedure for following that BUs are sent to all CNs. This one called Return Routability (RR) test.

  

4.3. WAP Infrastructure with Cookies

WAP protocol is a service enabler that is located between internet and mobile networks in the service layer. The service layer includes of different service enablers for mobile nodes and mobile applications. The WAP protocol works like a secured tunnel from the mobile node to the  service layer. All IP packets from a mobile node will transport via three layers of mobile networks: connectivity layer, control layer, and service layer.  

4.4. Design and Implementation

Mobile IPv6 authentication relies fundamentally on IPv6 protocol functions as a standard protocol and IPv6 neighbour discovery as well[1]. It’s obvious that the latency can significantly affect during following components in IPV6 Mobility[13]:

• Movement detection time (td): The time to detection and establishment for Mobile Node, when it moves to a new location. For example the discovery of a new router.

• IPV6 Care-of-Address configuration time (ta):

The time between the establishment of movement and configuration of a globally routable IPv6 address. Duplicate address detection test is partial of this time[2].

• Context establishment time (tc): The time between establishment of a routable care-of address and the establishment of the suitable context state.

• Binding registration time (tr): The time between the sending of a binding update signal to the Home Agent to the receipt of an acknowledged Binding Update.

• Route optimization time (to): The time from registering of new Care of Address to completing route optimization with Correspondent Nodes. This time includes the return routability procedure time if exist, it must calculate before a Binding Update is sent by Mobile Node to a Correspondent Node[8].

In fact , the total Mobile IPV6 configuration delay (th) can be defined as the sum of these mentioned latency times as follows:

Formula 1: th = td + ta + tc + tr + to

  

4.4.1.  Movement Detection Time

The movement of detection time (td) is the sum of two separate latency time: First, Link of switching delay (Tl2) which is the time delay regarding to re-association of the wireless subnet’s Access Point and Second, Link-local IPv6 address configuration delay (Tll), which is the time between the first time that Mobile Node meets a new link by receiving neighbor advertisement over its all nodes. It means movement detection time can be defined as:

Formula 2 : td = Tl2 + Tll

  

4.4.2. Care of Address Configuration Time

As we mentioned about the CoA configuration time (ta), it’s a starting time from the moment of the receipt of a router advertisement till the Duplicate Address Detection and update of the routing table will complete. For stateless IPv6 address auto-configuration ta  is included of the following delays:

Formula 3: ta = TpreAd + TAddConf + TDAD + TRoutUpdt

Meanwhile TpreAd is defined as:

TrtAd – TrtSol (if the router advertisement is requested)

TrtAdInterval / 2 (if router advertisement is cyclic)

TAddConf is the real time that Mobile Node needs to configure the address, like to Create an unique and globally routable IPv6 address. The time in stateful address auto-configuration, like DHCPv6 for Care of address can be defined as:

Formula 4: TAddConf = TDHCPaddReq + TDHCPaddResp + TRoutUpdat

In fact TDHCPaddReq and TDHCPaddResp  will represent the transmission delay caused by stateful configuration of a care of address via a DHCP server in Mobile IPV6 network[9].

 

4.4.3. Care of Address Registration Time

Care of Address registration time or tr is defined as the transmission delay caused within registration of the Mobile Node Care of Address with its Home Agent.

Formula 5: tr = RTMN-HA + BUproc + BAproc

 

5. Create a Code to Perform MPV6 Authentication

On the File menu, point to New, then Project. Click Visual C++ Projects under Project Types, and then we click Mobile Web Application under Templates.

      “In the next step, we should add the following code to the Web.config file:”

  

     

        

           

        

     

  

  

               

 

  

To add a Mobile IPV6 authentication Web Form we should perform these steps:

First, click Add New Item on the Project Menu, then Click on Mobile Web Form and finally type Login.aspx in the Name box.

We can create the following controls from the Mobile IP Controls section

of the toolbox:Collapse this tableExpand this table

 

Control Type

Control Name

Control Text

Label

Label1

Type User Name

TextBox

txtUserName

 

Label

Label2

Type Password

TextBox

txtPassword

 

Command

cmdLogin

  Log in

Label

Error

 

Now we can click on Log in and open the code-behind page.

Then we should add the following code in the page:

private void cmdLogin_Clk(Obj sender, Event Args)

   {

      if(IsAuthenticated(txtUsername.Text, txtPassword.Text))

      {

MobileIPAuthentication.RedirectFromLogin(txtPassword.Text,true);

      }

      else

      {

         Error.Text = “Check the credentials”;

      }

   }

 

private IsAuthenticated(String user, String password)

{//Or call the cookie file which has been created for authentication/

   if(FormsAuthentication.Authenticate(user, password))

   {

      return true;

   }

   else

   {

      return false;

    }

}

We can add a Label control on the page, and change the text of the Label control to

“Mobile IPV6 Authenticated!”

 

6. Delay Calculation and analyze

6.1.  Authentication Delay Calculation

In this section, we quantitatively calculate and analyze the times of different phases of authentication on the security and system performance in Cookie ID based authentication and IPsec protocol with some assumption, which is the first step of the work for build up a relationship between the security and QoS[3]. Moreover the effect on the mobility security, authentication mechanism also affects on authentication delay, cost, number of message exchange, call dropping and etc[2]. Data encryption/decryption in each router involves some security processing latencies. We consider that an IPSec Mobile Network in each router take the same time. This latency lsec is evaluated with the following equation:

 Formula 7 :  lsec = Dpacket

                                     R

where Spacket is the data packet size (in bit) and R is the router encryption/decryption processing capability (in bit/s). In our assumption R is 1Mbit/Sec like a normal router. The authentication delay time is defined as the time from whenever  a Mobile Node sends out the authentication request till the time that Mobile Node receives the authentication reply. The problem is during this delay,  any data can be transmitted, which may interrupt or even disconnect the connections. Therefore, the call dropping will increased with the increase of authentication delay time[2]. In the other hand authentication cost is defined as the processing and signaling cost for cryptography. The total number of  messages from the Mobile Node, Foreign Node and Home agent could be large if the distance between them is long[14]. It should be considered, the mobility technique and traffic mechanisms will make the authentication frequently in different scenarios because the authentication will start whenever a Mobile Node establish a communication session.

 

Symbol

                                       Description

Ttr

Transmission time for Mobile Node

Tu

Update Binding Time

Ta

Acknowledgment  sending/receiving Time

Ted

Encryption/Decryption Time

Tr

Registration Time

Ts

Authentication request service and waiting time

Th

Home Agent updating time

Table 1

Formula 8 :

 Tsum = Ttr +  Tu + Ta +  Ted + Tr + Ts + Th

 6.2. Latency and Analyze Our Mechanism

Practical of Mobile IPV6 is likely to occur where a private network is deployed over the Internet. It means this situation can hint that Foreign Agent belongs to a another subnet wants to provide mobility services. For any accounting and billing purposes, the Foreign Agent needs to track of the usage of its services by mobile nodes. We simulate the Authentication protocol of Mobile IPV6 Transport Mode. Actually the major reason for simulation is representation with the least expensive computational authentication method.  A cookie based authentication is used between the Mobile Node and Home Agent. The second association will establish between Foreign Agent and Home Agent. With the expansion of mobile security protocols and the growth of internets, all networks are trying to securely extend their wireless networks over the public infra-structre, is called Virtual Private Networks or VPN. Cookie identity authentication’s  functionality consists of two phases: In the first phase, mobile node and home agent involved in communication establishment and in the second phase , the home agent and foreign agent will communicate for send/receive the cookie file which is belong to mobile ipv6 node. The major difference between this two phases is that phase 1 will happen in the same subnet and naturally it’s faster and easier to complete, but phase 2 must establish a communication between two different subnet. In phase 2 we recommend  to establish a tunnel for higher security. The attributes of cookie file which is include Mac address, User name, Password and may extra information defined by the encryption algorithm and authentication mechanism. Based on our assumption the maximum authentication message size would be 4096 bytes or 4KB, the transmission delay is considered 40 milliseconds, and we assume 4 Mbps for our mobile network capacity. Also IP Configuration latency on Local Site is around 20 msec and on different subnets this latency would be around 160-200 msec in Cisco standard. As a average it’s considered 180 msec.

Formula 9 : IPconf-latn-local= 20 Msec,

Formula 10 : IPconf-latn-global = 180 Msec

There is an additional factors should be considered. There are additional bytes added to each packet of data sent to control errors and routing information as well. The actual numbers of these codes depend on the packet size and also protocol used in Mobile network. Generally, a typical packet of data sent will be about 90% and 10% or a bit more belongs to overhead. In order to send 4096 Bytes of data about 4506 bytes would actually need to be transmitted.

In a router with 16 MegaBITs/Sec speed transfer rate is equal to 2MB/Sec. Our Cookie file with 4506 byte would take time about 0.0023 seconds to send, assuming the source can continuously send the file and also the receiver can process it that fast and there no lost packets that need to be resent. In 802.11X protocol, router will advertise every second. It means in the best case a Mobile Node might wait about 0 Sec and in the worst case it might to wait 1 Sec for next advertising of router and join to it. We assume 0.5 Sec for all cases as a average waiting, whenever a Mobile Node wants to find and ask a router to join to the new subnet.

 Formula 11 :           File Size(Kbyte)

 Time Taken = ——————————— + Router delay (Sec)

                         Bandwidth Speed(KB/Sec)

 

                Action

In IPsec     (Sec)

In Cookie ID (Sec)

         Result

1st Exchange

      0

         0

 

For the first inquiry and Second

exchange both are the same

2nd Exchange

  (Formula 11)=

         4506b

2,000,000b/sec

 + 0.5=0.5023sec

                                                  

          

         0.5023

       

           0.5023

Initial to Update binding (Formula 10)+Router Delay

        

         0.6800

 

             —

 

Update Binding is a Must in IPsec

 

Respond to Updating (Formula 10)

       

         0.1800

     

             —

Refer to Home Agent(Router Delays,10)

0.5+0.5+0.18=1.1800

 

 

      

               –

      

         1.1800

 

In Our Mechanism MN refer to HA

Sending Cookie File from HA to CN  (Formula 11)=

         4506b

2,000,000b/sec

 + 0.5=0.5023sec

 

     

               –

       

             0.5023

 

HA will send the created ID cookie file to CN

 

Sending/Receiving Acknowledgment

Formula 11:

0.5+0.5=1 Sec

 

         1.0000

 

             –

 

In IPsec Acknowledgment transaction must updated

 

Encryption/Decryption By Tunneling

Formula7 :

 lsec = Dpacket =

                   R

       4065Byte     = 0.0325Sec

125,000Byte/Sec

 

     

             —

   

           0.0325

 

Cookie file must encrypt and

 decrypt for security reason

Care of Address

Formula 9:

IPconf-latn-local= 20 Msec,

 

        

          0.0200

 

          0.0200

 

Assign new IPV6 address to MN

Updating HA

(Formula 11)=

         4506b

2,000,000b/sec

 + 0.5=0.5023sec

 

        

          0.5023

 

          0.0023

 

HA already had ID from MIPV6,but in IPsec full

 info must updated

Total Time (Formula 8)            2.8846 Sec    2.2394 Sec

Table 2 : Timing calculation

 

Saving time: 2.8846 – 2.2394 = 0.6452 Sec         Efficiency on time saving : % 22

 

7. Conclusion

We have described secured authentication Mobile IPv6 mechanism and used in the standard protocol such as IPSec. In Mobile IP network techniques, some features are unconventional because of globally working of protocols and without any global infrastructure for security challenges. The quantitative analysis and design of Mobile IPV6 authentication with respect to the IPSec create more challenges about the authentication in IPV6 wireless networks. Overall time in IPSec in our assumption with 4KB file amd 2MB/Sec router bandwidth is  2.8846 Sec. But in our mechanism with Cookie ID it decreases to  2.2394Sec . It means saving time would be 0.6452 Sec and the efficiency would be “.

Note that we considered latency time for encryption/decryption via a tunnel from HA to CN, and obviously it takes time and cost for our mechanism[11]. We believe without making strong security, any protocol and mechanism on mobility infrastructure will not get a positive response. As result shows encryption/decryption time for Cookie ID file is  0.0325 Sec, that this time will be higher for bigger files. This time has not calculated and mentioned for IPsec protocol, because although it’s strongly recommended on IPSec, but its not a Must[5]. The only disadvantage of Cookie ID mechanism could be creating cookie files on the storage of authenticator server. We can ignore these small files, because as we mentioned the size of cookie file is 4KB. Also task schedule can be configure for disk cleanup monthly, weekly or daily. It can erase these un-useful files from the storage to prevent of any confusing and conflict.

  

   References:

[1]Li WANG, Mei SONG, Jun-de SONG, An efficient hierarchical authentication scheme in mobile IPv6 networks, School of Electronic Engineering, The Journal of China Universities of Posts and Telecommunications. China, October 2008.

[2] C. Blondia, O. Casals, Ll. Cerdà, N. Van den Wijngaert, G. Willems, P.  De Cleyn,” Performance Comparison of Low Latency Mobile IP , INRIA Engineering Journal, Sophia Antipolis, pp., March 2008.

[3] Huachun Zhou?,†, Hongke Zhang and Yajuan Qin, An authentication method for proxy mobile IPv6 and performance analysis, Institute of Electronic Information Engineering, Beijing Jiaotong University, Sep 2008

[4] P. Calhoun, T. Johansson, C. Perkins, T. Hiller: Diameter Mobile IPv4 Application, IETF RFC 4004, August 2008.

[5] D. Forsberg, Y. Ohba, B. Patil, H. Tschofenig, A. Yegin: Protocol for Carrying Authentication for Network Access , IETF draft, Dec 2007.

[6] M.S. Bargh, R.J. Hulsebosch, E.H. Eertink, A. Prasad: Fast Authentication Methods for Handovers between IEEE 802.11 Wireless LANs, ACM Press, Sep 2004.

[7] S. Glass, T. Hiller, S. Jacobs, and C. Perkins. Mobile IP Authentication, Authorization and Accounting Requirements. RFC2977, October 2000.

[8] T. Narten, E. Nordmark, W. Simpson, “Neighbor Discovery for IP Version 6 (IPv6)”, IETF RFC2461, August 2005.

 [9] K. Chowdhury, A. Yegin: MIP6-bootstrapping via DHCPv6 for the Integrated Scenario, IETF draft, June 2006.

[10] J. Chen and K.J.R. Liu. Joint Source-channel Multi-stream Coding And Optical Network Adapter Design For Video Over IP . IEEE Transactions on Multimedia, 4(1):3–22, March 2002.

[11] Da Wei, Yanheng Liu, Xuegang Yu, Xiaodong Li: Research of Mobile IPv6 Application Based On Diameter Protocol, IEEE Computer Society, 2006.

[12] P. Funk, S. Blake-Wilson: EAP Tunneled TLS Authentication Protocol Version 1, IETF draft, March 2006.

[13] A. Diab, A. Mitschele-Thiel,“ Minimizing Mobile IP Handoff Latency,” 2nd International Working Conference on Performance modeling and Evaluation of Heterogeneous Networks (HET-NET Journal, U.K., July 2006.

[14] C.F. Grecas, S.I. Maniatis, and I.S. Venieris. Towards the Introduction of the Asymmetric Cryptography. In Proceedings. Sixth IEEE Symposium on Computers and Communications, 2001, July 2001.

[15] J. C. Chen, Y. P. Wang: Extensible Authentication Protocol (EAP) and IEEE 802.1X: Tutorial and Empirical Experience, IEEE Radio Communications, Dec 2005.

 


sweet 16 favors
Leave a Comment :, , more...

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!

Blogroll

A few highly recommended websites...