Définition D'une Infrastructure De Sécurité Et De Mobilité Pour Les Réseaux Pair-À-Pair Recouvrants

Total Page:16

File Type:pdf, Size:1020Kb

Définition D'une Infrastructure De Sécurité Et De Mobilité Pour Les Réseaux Pair-À-Pair Recouvrants Définition d’une infrastructure de sécurité et de mobilité pour les réseaux pair-à-pair recouvrants Ahmat Mahamat Daouda To cite this version: Ahmat Mahamat Daouda. Définition d’une infrastructure de sécurité et de mobilité pourles réseaux pair-à-pair recouvrants. Informatique. Université de Bordeaux, 2014. Français. NNT : 2014BORD0186. tel-01132381 HAL Id: tel-01132381 https://tel.archives-ouvertes.fr/tel-01132381 Submitted on 17 Mar 2015 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. THÈSE PRÉSENTÉE À UNIVERSITÉ DE BORDEAUX COLLÈGE SCIENCES & TECHNOLOGIES ÉCOLE DOCTORALE DE MATHÉMATIQUES ET D’INFORMATIQUE LABORATOIRE BORDELAIS DE RECHERCHE EN INFORMATIQUE (LaBRI) par DAOUDA AHMAT MAHAMAT POUR OBTENIR LE GRADE DE : DOCTEUR SPÉCIALITÉ : INFORMATIQUE F Définition d’une Infrastructure de Sécurité et de Mobilité pour les Réseaux Pair-à-Pair Recouvrants Soutenue publiquement le : 29 septembre 2014 Après avis des rapporteurs : Anne Fladenmuller, UPMC - LIP6, Maître de Conférences HDR Philippe Owezarski, CNRS - LAAS, Directeur de Recherche HDR Devant la commission d’examen composée de : Présidente du jury : Francine Krief, ENSEIRB - LaBRI, Professeur des Universités Directeur de thèse : Damien Magoni, UB - LaBRI, Professeur des Universités Examinateur : Gwendal Simon, Telecom Bretagne - IRISA, Maître de Conférences ii Abstract — Securing communications in distributed dynamic environments, that lack a central coordination point and whose topology changes constantly, is a major challenge. We tackle this challenge of today’s P2P systems. In this thesis, we propose to define a security infrastructure that is suitable to the constraints and issues of P2P systems. The first part of this document presents the design of SEMOS, our middleware solution for managing and securing mobile sessions. SEMOS ensures that communication sessions are secure and remain active despite the possible disconnections that can occur when network configurations change or a malfunction arises. This roaming capability is implemented via the definition of a new addressing space in order to split up addresses for network entities with their names ; the new naming space is then based on distributed hash tables (DHT). The second part of the document presents a generic and distributed mechanism for a key exchange method befitting to P2P architectures. Building on disjoint paths and end-to-end exchange, the proposed key management protocol consists of a combination of the Diffie-Hellman algorithm and the Shamir’s (k, n) threshold scheme. On the one hand, the use of disjoint paths to route subkeys offsets the absence of the third party’s certified consubstantial to Diffie-Hellman and reduces, at the same time, its vulnerability to interception attacks. On the other hand, the extension of the Diffie-Hellman algorithm by adding the threshold (k, n) scheme substantially increases its robustness, in particular in key splitting and / or in the case of accidental or intentional subkeys routing failures. Finally, we rely on a virtual mobile network to assess the setup of secure mobile sessions. The key management mechanism is then evaluated in an environment with randomly generated P2P topologies. Index terms— P2P, DHT, mobile VPN, disjoint paths, Diffie-Hellman, (k, n) threshold scheme Résumé — La sécurisation inhérente aux échanges dans les environnements dynamiques et distribués, dépourvus d’une coordination centrale et dont la topologie change perpétuel- lement, est un défi majeur. Dans le cadre de cette thèse, on se propose en effet de définir une infrastructure de sécurité adaptée aux contraintes des systèmes P2P actuels. Le premier volet de nos travaux consiste à proposer un intergiciel, appelé SEMOS, qui gère des sessions sécurisées et mobiles. SEMOS permet en effet de maintenir les sessions sécurisées actives et ce, même lorsque la configuration réseau change ou un dysfonctionnement se produit. Cette faculté d’itinérance est rendue possible par la définition d’un nouveau mécanisme de découplage afin de cloisonner l’espace d’adressage de l’espace de nommage ; le nouvel espace de nommage repose alors sur les tables de hachage distribuées (DHT). Le deuxième volet définit un mécanisme distribué et générique d’échange de clés adapté à l’architecture P2P. Basé sur les chemins disjoints et l’échange de bout en bout, le procédé de gestion des clés proposé est constitué d’une combinaison du protocole Diffie-Hellman et du schéma à seuil (k, n) de Shamir. D’une part, l’utilisation des chemins disjoints dans le routage des sous-clés compense l’absence de l’authentification certifiée, par une tierce partie, consubstantielle au protocole Diffie-Hellman et réduit, dans la foulée, sa vulnérabilité aux attaques par interception. D’autre part, l’extension de l’algorithme Diffie-Hellman par ajout du schéma à seuil (k, n) renforce substantiellement sa robustesse notamment dans la segmentation des clés et/ou en cas de défaillances accidentelles ou délibérées dans le routage des sous-clés. Enfin, les sessions sécurisées mobiles sont évaluées dans un réseau virtuel et mobile et la gestion des clés est simulée dans un environnement générant des topologies P2P aléatoires. Mots-clés— P2P, DHT, VPN mobile, chemins disjoints, Diffie-Hellman, schéma à seuil (k, n) iii iv Dédicace Je dédie cette thèse à ma défunte mère Mariam Haroun Moustapha et à mon défunt père Ahmat Mahamat Koulibaly pour l’amour parental qu’ils nous ont procuré et pour les immenses sacrifices qu’ils ont consentis pour l’éducation et la réussite de leurs enfants. Puisse Allah les accueillir en son Paradis Éternel ! Amine. v vi Remerciements Je remercie chaleureusement les rapporteurs, Anne Fladenmuller et Philippe Owezarski, qui ont accepté de relire ma thèse et qui, subséquemment, ont émis un avis favorable au déroulement de ma soutenance. J’adresse également mes remerciements appuyés à Francine Krief et Pierre Simon qui ont aimablement accepté de faire partie du jury. Je tiens à adresser mes vifs remerciements à mon directeur de thèse Damien Magoni avec qui j’ai travaillé sur quatre différents projets depuis 2010. Ces travaux m’ont en effet permis non seulement d’acquérir plus de rigueur mais aussi d’enrichir considérablement mes connaissances techniques et scientifiques ; ce serait un euphémisme de dire que j’ai beaucoup bénéficié de ces encadrements respectifs. Aussi, je ne peux perdre de vue les qualités humaines manifestes de Damien ni faire abstraction de la bonne humeur qu’il répand à profusion au cours de nos différentes entrevues ; nos réunions sont toujours ponctuées par des échanges cordiaux. Le dernier encadrement en date, sous sa direction, se traduit donc par l’aboutissement de cette thèse dont le déroulement s’était inscrit naturellement dans la même dynamique que des projets précédemment encadrés. Je n’aurais jamais fait des études en Informatique sans les conseils affectueux et bienveillants du Dr Mahamat Barka. En effet, mon baccalauréat en poche et alors que je me destinais à des études de Mathématiques ou de Physique pour lesquelles j’avais une certaine prédisposition inhérente à mon cursus scolaire et à ma série, le début de mon parcours universitaire avait soudainement pris une tout autre tournure lorsque j’avais décidé de me placer, volontairement mais irrésistiblement, sous le parrainage du Dr Mahamat Barka. Ce dernier a ainsi eu la perspicacité de m’orienter. Tout au long de mon parcours universitaire, Dr Mahamat Barka n’a eu de cesse de suivre mon évolution avec intérêt et de m’apporter, dans la foulée, un soutien tout aussi ininterrompu que précieux. Je ne vous remercierai jamais assez d’être aussi présent à mes côtés ! Je vous dis seulement merci car parmi les mots qui peuplent mon vocabulaire aucun d’eux ne pourrait exprimer avec exactitude toute ma gratitude pour vous. Aussi, me faudrait-il des pages entières pour décrire tout ce que je vous dois. Mes remerciements s’adressent également à mes frères et sœurs Adoum, Moussa, Adamou, Hissein, Khadidja, Amina, Hadjé Fatimé, Zamzam, Hadjé Mariam et Mahboub (décédé en 2013) pour leur soutien et leurs encouragements qui ne se sont jamais essouflés durant toute la durée de ma thèse. Je n’oublie pas également, dans cette page où le cœur s’exprime, tous les proches, amis et connaissances qui ne se privent pas d’occasion pour m’encourager dans mes études. Je remercie ma fiancée Haoua Brahim pour sa grande patience et son soutien qui l’est tout autant ; elle comprendra un jour que le temps et l’énergie consacrés aux études n’étaient pas vains. Je tiens à remercier Serge Chaumette, Arnaud Casteigts et Colette Johnen de m’avoir adopté dans leur thème MUSE (Mobility Ubiquity SEcurity), en m’associant à leurs différentes activités. Je remercie vivement Sébastien Bindel et Dramane Ouattara avec qui j’échange régulièrement sur nos travaux respectifs et sur divers autres sujets. Comment mettre fin aux remerciements sans pour autant avoir une pensée pour les anciens et actuels membres de l’environnement, appelé la CVT, dans lequel j’avais préparé ma thèse. Je les remercie tous ! Il s’agit, dans un ordre qui ne suit
Recommended publications
  • Digital Safety & Security Lt Cdr Mike Rose RN ©
    RNIOA Article 15 [17/05/2020] characteristics linked to their IP address to enable ‘tracking.’ Where internet-based criminality is Digital Safety & Security involved, the acquisition of banking and credit card Lt Cdr Mike Rose RN © data is often the main objective. Introduction The aim of this article is to help people understand Prior to the introduction of the internet, personal the risks they face and how to attempt to mitigate computers for home use were self-contained in that them. So, whether you’re accessing the internet the operating system was bought and installed by with your mobile phone, PC, tablet or laptop, you’re the supplier/user, and external communications potentially exposed to every hacker, digital thief and using the PC were not yet technically developed. spammer across the globe. Not to mention that The most likely risk therefore was the possibility of viruses, trojan horses, spyware and adware are someone switching on unattended, non-password- always just one click away. You wouldn’t drive protected computers and copying sensitive without insurance, a seat belt and a GPS device, information onto an external memory device. so, similarly, when you “surf the net”, you need to Essentially, users were in control of their computing make sure that you are well “buckled up” and well- equipment and paid real money for the services informed. This article is written as a guide to “safe and software they used to a known vendor. surfing” and is just as important for personal users as it is for large tech companies. Malicious websites Spyware, which is software that steals your sensitive data without consent, lurks in many corners of the internet; often in places where you'd least expect it.
    [Show full text]
  • Tunnel Broker Ipv4/Ipv6 Mediante Openvpn
    Trabajo Fin de Grado Grado en Ingeniería de Tecnologías de Telecomunicación Tunnel Broker IPv4/IPv6 mediante OpenVPN Autor: José Luis Peña Higueras Tutor: Francisco José Fernández Jiménez Equation Chapter 1 Section 1 Dpto. de Telemática Escuela Técnica Superior de Ingeniería Universidad de Sevilla Sevilla, 2019 Trabajo Fin de Grado Grado en Ingeniería de Tecnologías de Telecomunicación Tunnel Broker IPv4/IPv6 mediante OpenVPN Autor: José Luis Peña Higueras Tutor: Francisco José Fernández Jiménez Profesor Colaborador Dpto. de Ingeniería Telemática Escuela Técnica Superior de Ingeniería Universidad de Sevilla Sevilla, 2019 Trabajo Fin de Grado: Tunnel Broker IPv4/IPv6 mediante OpenVPN Autor: José Luis Peña Higueras Tutor: Francisco José Fernández Jiménez El tribunal nombrado para juzgar el Trabajo arriba indicado, compuesto por los siguientes miembros: Presidente: Vocales: Secretario: Acuerdan otorgarle la calificación de: Sevilla, 2019 El Secretario del Tribunal A mi familia A mis maestros Agradecimientos En primer lugar, agradecer a mis padres, José Luis Peña Martínez y Francisca Higueras Ruiz por haberme ayudado durante todos los años de carrera y durante la realización de este proyecto. Ellos han estado en los buenos y malos momentos durante el paso por la carrera y me han proporcionado todo lo necesario para poder impartir estos estudios. Además me gustaría agradecer a mi hermano Francisco Javier por el apoyo durante la realización del proyecto. En segundo lugar, quiero agradecer a todos los profesores que han estado a lo largo de la carrera por darme todo el conocimiento necesario tanto en el ámbito académico como en el ámbito laboral. En especial, me gustaría agradecer a mi profesor Francisco José Fernández Jiménez por toda su ayuda durante todo el proyecto, por haber adaptado su horario a las necesidades que en muchas ocasiones tenía y sobre todo, por la orientación que me ha dado a lo largo de todo el proyecto.
    [Show full text]
  • Comparison of Virtual Networks Solutions for Community Clouds
    KTH Royal Institute of Technology Bachelor Thesis Comparison of Virtual Networks Solutions for Community Clouds Examiner: Vladimir Vlassov Author: Albert Avellana Supervisors: Paris Carbone, Hooman Peiro Information and Communication Technology School February 2014 KTH Royal Institute of Technology Abstract Information and Communication Technology School Bachelor Thesis Comparison of Virtual Networks Solutions for Community Clouds by Albert Avellana Cloud computing has a huge importance and big impact nowadays on the IT world. The idea of community clouds has emerged recently in order to satisfy several user expectations. Clommunity is a European project that aims to provide a design and implementation of a self-configured, fully distributed, decentralized, scalable and robust cloud for a community of users across a commmunity network. One of the aspects to analyze in this design is which kind of Virtual Private Network (VPN) is going to be used to interconnect the nodes of the community members interested in access cloud services. In this thesis we will study, compare and analyze the possibility of using Tinc, IPOP or SDN-based solutions such as OpenFlow to establish such a VPN. Acknowledgements I would like to express my gratitude to all those who gave me the possibility to do this thesis in KTH. Firstly, I would like to thank Vlad for the opportunity he gave me to do this thesis and for his support. Secondly, thanks to my thesis supervisors: Paris Carbone and Hooman Peiro, who guided me through the research, helped me and gave me recommendations during this period. Also, I would like to thank F´elixFreitag and Leandro Navarro from Universitat Polit`ecnica de Catalunya for supporting me from Barcelona and make this stay in Stockholm possi- ble.
    [Show full text]
  • SEMOS: a Middleware for Providing Secure and Mobility-Aware Sessions Over a P2P Overlay Network
    SEMOS: A Middleware for Providing Secure and Mobility-Aware Sessions over a P2P Overlay Network B Daouda Ahmat1,2( ), Mahamat Barka2, and Damien Magoni3 1 Virtual University of Chad, N’Djamena, Chad [email protected] 2 University of N’Djamena, N’Djamena, Chad [email protected] 3 University of Bordeaux – LaBRI, Bordeaux, France [email protected] Abstract. Mobility and security are major features for both current and future network infrastructures. Nevertheless, the integration of mobility in traditional virtual private networks is difficult due to the costs of re-establishing broken secure tunnels and restarting broken connections. Besides session recovery costs, renegotiation steps also present inherent vulnerabilities. In order to address these issues, we propose a new dis- tributed mobile VPN system called SEcured MObile Session (SEMOS). Based upon our CLOAK peer-to-peer overlay architecture, SEMOS pro- vides security services to the application layer connections of mobile users. Secure and resilient sessions allow user connections to survive net- work failures as opposed to regular transport layer secured connections used by traditional VPN protocols. Keywords: Connectivity · Mobility · Overlay · P2P · VPN · Security 1 Introduction Mobile devices and wireless networks have progressively provided increased con- nectivity for users. However, such extended connectivity often comes at the expense of vulnerabilities to attacks such as eavesdropping. Malicious users can infiltrate public open networks and attack legitimate traffic. Virtual Pri- vate Networks (VPN) are offering high security to the network traffic [1]. Tra- ditionally, these systems allow the user to securely and remotely communicate with its Intranet through insecure public networks such as the Internet.
    [Show full text]
  • Free Windows Vpn
    Free windows vpn click here to download Start surfing securely with Betternet VPN for Windows. Download our Windows client software and connect within seconds to our VPN servers and protect yourself. Our VPN client comes with many useful features to protect your online safety. During an active VPN connection the application deletes the default gateway, so it is impossible. Free VPN, free and safe download. Free VPN latest version: Free VPN means secure web surfing. This free VPN is an indispensable tool for general browsing; internet fraud is on the rise, and t. Download VPN Unlimited client for Windows and enjoy high-speed, safe and anonymous VPN connection, no matter where you find yourself. Feel the power of total privacy and protect yourself from the public networks threats. Download a VPN for Windows PC with a single click. Any free VPN for PC in this article will keep your data secure and allow you to unblock content. It is also worth keeping in mind that if you require bigger download limits, the VPNs on our best five VPNs for Windows 7 & Windows 10 have money-back guarantees. That means you can test the free plan as. List of over 10 best free VPN software & service providers for Windows 10/8/7 computers. Browse anonymously & protect your Internet connection at all times. It's simplicity makes BetterNet one of the more popular free VPN services for first-timers. The “free-forever” promise means you can use its VPN for as long as you want with no data caps. No logging policy; “Free-forever” promise – you can use its VPN for as long as you want; No data caps; Available for Mac, Windows.
    [Show full text]
  • Analyzing, Designing & Implementing a Secure, Centralized, Generic
    Analyzing, Designing & Implementing a Secure, Centralized, Generic, Extensible, Input-Sanitizing, Intuitive Configuration Management Station Master’s Thesis, November 2015 E. Ton i <<Page left blank intentionally>> ii Analyzing, Designing & Implementing a Secure, Centralized, Generic, Extensible, Input-Sanitizing, Intuitive Configuration Management Station THESIS Submitted in the partial fulfillment of The requirements for the degree of MASTER OF SCIENCE in COMPUTER SCIENCE TRACK INFORMATION ARCHITECTURE by E. Ton Born in The Hague, the Netherlands Web Information Systems Fox-IT Department of Software Technology Faculty, EEMCS, Delft University of Technology Olof Palmestraat 6 Delft, the Netherlands Delft, the Netherlands http://wis.ewi.tudelft.nl http://www.fox-it.com iii Analyzing, Designing &Implementing a Secure, Centralized, Generic, Extensible, Input-Sanitizing, Intuitive Configuration Management Station Author: E. Ton Student ID: 1344862 Email: [email protected] Abstract This thesis describes the analysis, design and implementation of a management station that is able to support different security network products. It is designed to be centralized so it can support multiple devices from one interface. The management station is generic and extensible, to support a range of different products. As the management station could be used in high assurance organizations, security of the product is taken into account during the whole process. For usability we looked into ways to make the usage more intuitive to users. It also contains a model that improves the quality of configurations used by connected devices by sanitizing user input on correctness. Keywords: security, management station, centralized, genericity, extensibility, input sanitation checking, intuitive, configuration management Future work: extending functionalities of FMS, hardening the device in the network Graduation Committee: Prof.
    [Show full text]
  • SEMOS: a Middleware for Providing Secure and Mobility-Aware Sessions Over a P2P Overlay Network Daouda Ahmat, Mahamat Barka, Damien Magoni
    SEMOS: A Middleware for Providing Secure and Mobility-aware Sessions over a P2P Overlay Network Daouda Ahmat, Mahamat Barka, Damien Magoni To cite this version: Daouda Ahmat, Mahamat Barka, Damien Magoni. SEMOS: A Middleware for Providing Secure and Mobility-aware Sessions over a P2P Overlay Network. 8th EAI International Conference on e-Infrastructure and e-Services for Developing Countries, Dec 2016, Ouagadougou, Burkina Faso. pp.111-121, ฀10.1007/978-3-319-66742-3_11฀. ฀hal-01436602฀ HAL Id: hal-01436602 https://hal.archives-ouvertes.fr/hal-01436602 Submitted on 16 Jan 2017 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. SEMOS: A Middleware for Providing Secure and Mobility-aware Sessions over a P2P Overlay Network Daouda Ahmat1,2, Mahamat Barka2, and Damien Magoni3 1 Virtual University of Chad, Chad [email protected] 2 University of N’Djamena, Chad [email protected] 3 University of Bordeaux – LaBRI, France [email protected] Abstract. Mobility and security are major features for both current and future network infrastructures. Nevertheless, the integration of mo- bility in traditional virtual private networks is difficult due to the costs of re-establishing broken secure tunnels and restarting broken connec- tions.
    [Show full text]
  • Mobile VPN Schemes: Technical Analysis and Experiments Daouda Ahmat, Mahamat Barka, Damien Magoni
    Mobile VPN Schemes: Technical Analysis and Experiments Daouda Ahmat, Mahamat Barka, Damien Magoni To cite this version: Daouda Ahmat, Mahamat Barka, Damien Magoni. Mobile VPN Schemes: Technical Analysis and Experiments. 8th EAI International Conference on e-Infrastructure and e-Services for Developing Countries, Dec 2016, Ouagadougou, Burkina Faso. pp.88-97, 10.1007/978-3-319-66742-3_9. hal- 01436612 HAL Id: hal-01436612 https://hal.archives-ouvertes.fr/hal-01436612 Submitted on 16 Jan 2017 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. Mobile VPN Schemes: Technical Analysis and Experiments Daouda Ahmat1;2, Mahamat Barka2, and Damien Magoni3 1 Virtual University of Chad, Chad [email protected] 2 University of N'Djamena, Chad [email protected] 3 University of Bordeaux { LaBRI, France [email protected] Abstract. A new class of Virtual Private Networks (VPN), which sup- ports both security and mobility, has recently emerged. Called mobile VPN, these systems provide not only secure tunnels but also session con- tinuity mechanisms despite location change or connection disruptions. These mechanisms enable secure sessions to survive in dynamic/mobile environments without requiring a renegotiation of security keys during the session resumption phase.
    [Show full text]
  • Mobile VPN Schemes: Technical Analysis and Experiments
    Mobile VPN Schemes: Technical Analysis and Experiments B Daouda Ahmat1,2( ), Mahamat Barka2, and Damien Magoni3 1 Virtual University of Chad, N’Djamena, Chad [email protected] 2 University of N’Djamena, N’Djamena, Chad [email protected] 3 University of Bordeaux – LaBRI, Bordeaux, France [email protected] Abstract. A new class of Virtual Private Networks (VPN), which sup- ports both security and mobility, has recently emerged. Called mobile VPN, these systems provide not only secure tunnels but also session con- tinuity mechanisms despite location change or connection disruptions. These mechanisms enable secure sessions to survive in dynamic/mobile environments without requiring a renegotiation of security keys during the session resumption phase. In this paper, we compare four open-source mobile VPNs in terms of functionality and performance. Keywords: Mobile VPN · Resilient session · Seamless resumption 1 Introduction A Virtual Private Network (VPN) provides increased security between two remote entities that exchange data through untrusted networks such as the Internet [1]. VPN systems prevent against various attacks such eavesdropping or replay. However, traditional VPNs fail to support the mobility of users. Indeed, network failures automatically break-up secure tunnels and involve a subsequent renegotiation that is then necessary to reestablish broken tunnels. Such a nego- tiation involves expensive computational operations in order to restore tunnels as well as transport and application layers connections. This phase of nego- tiation causes not only significant latency but also presents risks of Man-In- The-Middle attacks. Traditional VPNs can not therefore effectively operate in dynamic and/or mobile environments. Mobile devices and dynamic environments become pervasive in the Internet.
    [Show full text]
  • Bootstrapping P2P VPN
    Network Architectures and Services, Georg Carle Faculty of Informatics Technische Universität München, Germany Bootstrapping P2P VPN Felix Weißl Chair for Network Architectures and Services Department for Computer Science Technische Universität München April 3, 2014 Outline 1 Motivation 2 Network Classification 3 Terms 4 Bootstrapping 1 In unstructured Peer-to-Peer networks 2 In structured Peer-to-Peer-networks 5 Related work 6 Conclusion Felix Weißl: Bootstrapping P2P VPN 2 Motivation Client / Server Peer-to-Peer centralized decentralized server dependent self-organizing single point of failure robust shared resources (bandwidth, CPU) server is bottle-neck scalable secure standard protocols privacy / security issues easy connection establishment bootstrapping problem easy file management network speed usually low source: http://upload.wikimedia.org/wikipedia/commons/f/fb/Server-based-network.svg http://upload.wikimedia.org/wikipedia/commons/3/3f/P2P-network.svg Felix Weißl: Bootstrapping P2P VPN 3 Network Classification Virtual Private Networks Unstructured Structured: Distributed Hash Table e.g. GroupVPN, BitTorrent's distributed tracker Centralized Decentralized e.g. OpenVPN e.g. Tinc Hybrid: Super Nodes e.g. N2N Felix Weißl: Bootstrapping P2P VPN 4 Terms “P2P VPN”: - decentralized virtual private network - popular applications: Hamachi, N2N, P2PVPN, Wippien, freelan Bootstrapping: process of a new peer joining the network Felix Weißl: Bootstrapping P2P VPN 5 Bootstrapping 1. Peer discovery: - discover the network - request one or more
    [Show full text]
  • Open Source Vpn Software Windows
    Open source vpn software windows OpenVPN - The Open Source VPN. Privacy Policy · Terms of Use · About · Jobs · News · Contact · Partners/Clients · Support. © OpenVPN Inc. Why would you trust a closed, proprietary software with your most-sensitive data? Freelan is open-source and completely free. You know everything about its. Without further ado, here are 9 Open Source VPN that can be used with . The VPN server runs on Windows, Linux, FreeBSD, Solaris and Mac. The Shrew Soft VPN Client for Windows is an IPsec Remote Access VPN Client open source VPN gateways that utilize standards compliant software such as. Free open source enterprise distributed VPN server. Virtualize your private networks across datacenters and provide simple remote access in minutes. Unlike enterprise VPN solutions, using a open source VPN software will not It's is an open source GUI for BSD, Windows and Linux operating. Windows 10 incl. certificate support; Import existing configurations. Export encrypted configuration; Service for VPN Connections without. The AnyConnect desktop client runs on Windows, Linux, and Mac OS X, while a OpenVPN is SSL-based open source VPN software. Windows (XP+), OpenVPN Because open source OpenVPN clients require configuration files to be downloaded from a VPN provider and imported into the The two most useful features found in custom VPN clients are. Freelan is a free, open sourced VPN server software that comes with no GUI but great customization features, It lets you abstract LAN network. Tunnelblick | Free open source OpenVPN VPN client server software for Mac OS X and macOS. A VPN based on OpenVPN and operated by activists and hacktivists in defence of net Using our client Eddie - Choose your flavor Open Source, on GitHub.
    [Show full text]
  • A Software-Defined Overlay Virtual Network with Self-Organizing Small-World Topology and Forwarding for Fog Computing
    A SOFTWARE-DEFINED OVERLAY VIRTUAL NETWORK WITH SELF-ORGANIZING SMALL-WORLD TOPOLOGY AND FORWARDING FOR FOG COMPUTING By KENSWORTH C. SUBRATIE A DISSERTATION PRESENTED TO THE GRADUATE SCHOOL OF THE UNIVERSITY OF FLORIDA IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE DEGREE OF DOCTOR OF PHILOSOPHY UNIVERSITY OF FLORIDA 2019 © 2019 Kensworth C. Subratie This dissertation enshrines the memories of your love, aspirations, and selfless sacrifices. Dedicated to Myrtle Doocran. ACKNOWLEDGMENTS I acknowledge and thank the many people who have influenced and contributed to my progress throughout my doctoral studies. Foremost, I thank my advisor Dr. Renato Figueiredo for his ongoing guidance through this journey. Next, I thank Dr. Jose Fortes for presenting the opportunities that have challenged me to grow as a researcher. I also thank the rest of my PhD committee for their valuable comments, feedback and time. To my peers in the ACIS Lab, both its current and graduated members, with whom I worked alongside over the years, I thank you for making my time at UF a very enjoyable experience. I would like to thank Dr. Paul Hansen, Dr. Cayelan Carey and the members of the PRAGMA and CENTRA groups whose collaborations and support have broadened my insight. Additionally, the experience I garnered from internships with the IBM, Intel and NICT research groups has been invaluable and is sincerely appreciated. Finally, I must express my heartfelt gratitude to my family and loved ones for their ongoing patience, encouragement, support and willingness to attempt to understand what I do and why I chose to do it. This material is based upon work supported in part by the National Science Foundation under Grants No.
    [Show full text]