Virtual private networks (VPN) offer a secure data exchange over public networks. Despite being cheaper than leased lines, growing sizes and dynamic behavior of VPN nodes, e.g., for mobility or reasons of denial-of-service-attacks, make a manual configuration of large, dynamic VPN expensive.Consequently, a number of different VPN auto-configuration approaches have been invented and partially deployed over the last decade. This article identifies a comprehensive set of objectives to be fulfilled by IP-based VPN auto-configuration, explains and groups mechanisms, and analyzes their strengths and weaknesses with regards to the objectives. Finally, it identifies potential future directions of autonomous VPN deployment.
Abstract-Current systems for automatic identification of goods presume a single administrative domain. However, in supply chain management systems temporary cooperations of multiple companies exist, and the usage of one identification device, such as a radio-frequency identification (RFID) tag, per company is infeasible for reasons of costs, space requirements, traceability, and higher collision rate. This article analyzes the security requirements resulting from the usage of a single tag for multiple companies and proposes a novel system architecture and accompanying cryptographic protocols that address the security objectives entity authentication, controlled access, data confidentiality and integrity, as well as untraceability of RFID tags. The architecture is designed to provide high availability and graceful degradation in case of compromise of system parts. The results of an implementation and simulation study give insights on appropriate data structures for realizing key functionality, and demonstrate that the approach can be deployed with commercial off-the-shelf hardware.
Recently, finding the geographic whereabouts of nodes became a key service for many distributed applications, e.g., online games or localizing delivered content. However, an exact localization may be impossible because of GPS signals being unavailable, receivers too expensive, or energy too scarce. Hence,alternatives emerged that typically rely on central databases, which in turn are often found to be inaccurate, though. Facing that problem, we study a complementary idea: By constructing a delay-weighted spring-mass embedding of nodes and augmenting the system with geographic hints, e.g., those of traditional location databases, we efficiently estimate geographic positions of nodes by multilateration and solely distributed means. We will show that peer positions can be estimated with an accuracy of a few hundred kilometers in the average case. The proposed system is evaluated by simulations that are based on real-world PlanetLab latency data.
Abstract-This article introduces the novel concept of Spatiotemporal Multicast (STM), which is the issue of sending a message to mobile devices that have been residing at a specific area during a certain time span in the past. A wide variety of applications can be envisioned for this concept, including crime investigation, disease control, and social applications. An important aspect of these applications is the need to protect the privacy of its users. In this article, we present an extensive overview of applications and objectives to be fulfilled by an STM service. Furthermore, we propose a first Cluster-based Spatiotemporal Multicast (CSTM) approach and provide a detailed discussion of its privacy features. Finally, we evaluate the performance of our scheme in a large-scale simulation setup.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.