The Experts below are selected from a list of 45 Experts worldwide ranked by ideXlab platform
Ahmed E. Kamal - One of the best experts on this subject based on the ideXlab platform.
-
implementation of a homomorphic mac scheme in a transparent Hardware Appliance for network coding
International Conference on Computer Engineering and Systems, 2019Co-Authors: Ahmed E. Kamal, Hisham Dahshan, Ashraf D ElbayoumyAbstract:Network coding (NC) can effectively improve data delivery in a noisy network. It allows the nodes to combine multiple packets and deliver them out. The destination can then recover it. However, pollution attacks are the most common threat to NC. As malicious nodes can inject false Ethernet packets into the network to ban the receiver from decoding the packets properly, certain authentication information must be embedded in the packets to enable the receiver to authenticate received packets. In this paper, a new scheme to apply secure Message Authentication Code (MAC) with network coding is proposed. By applying this scheme, malicious packets could be rejected in intermediate nodes without waiting until verified and dropped by the receiving node. This technique is applied with the aid of a separate Hardware device with an Altera Cyclone IV FPGA chip to generate the MAC and append it to the original ethernet packets. The proposed scheme can be integrated in the existing running environments without any changes in the network configuration. The performance of the proposed scheme is evaluated to measure its throughput.
-
Hardware Assisted Homomorphic Encryption in a Real Time VOIP Conference Application
2018 13th International Conference on Computer Engineering and Systems (ICCES), 2018Co-Authors: Ahmed E. Kamal, Hisham Dahshan, Ashraf DiaaAbstract:In this paper, a new scheme to perform a secure Voice over IP (VoIP) teleconferencing between a number of VOIP Clients is proposed. The Teleconference is done between clients regarderless of their "based on" working environment (OS (Windows, Linux, Android,..), HW (Mobile, Desktop, IP Phone, ..), …etc). It is assumed that the SIP Server lies in an untrusted area or administered by untrusted persons. Therefore, it is highly required to prevent those persons from observing all the communications between participants and obtain unencrypted data when they have access to teleconferencing servers. An end-to-end Homomorphic Encryption (HE) is applied with the assistance of a special external Hardware Appliance based on an Altera Cyclone IV 4CE115 FPGA to support the somewhat homomorphic encryption scheme. Further, this external Appliance is used to boost the performance of the Homomorphic operations. Two different approaches for mixing the VOIP data streams required for the teleconference are proposed. In the first approach, the Mixing function for the encrypted VOIP data streams is performed in the SIP Server and the Hardware Appliance will do only the HE operations. In the second approach both the mixing function for the VOIP data streams and the HE operations are performed in the external Appliance.
Hisham Dahshan - One of the best experts on this subject based on the ideXlab platform.
-
implementation of a homomorphic mac scheme in a transparent Hardware Appliance for network coding
International Conference on Computer Engineering and Systems, 2019Co-Authors: Ahmed E. Kamal, Hisham Dahshan, Ashraf D ElbayoumyAbstract:Network coding (NC) can effectively improve data delivery in a noisy network. It allows the nodes to combine multiple packets and deliver them out. The destination can then recover it. However, pollution attacks are the most common threat to NC. As malicious nodes can inject false Ethernet packets into the network to ban the receiver from decoding the packets properly, certain authentication information must be embedded in the packets to enable the receiver to authenticate received packets. In this paper, a new scheme to apply secure Message Authentication Code (MAC) with network coding is proposed. By applying this scheme, malicious packets could be rejected in intermediate nodes without waiting until verified and dropped by the receiving node. This technique is applied with the aid of a separate Hardware device with an Altera Cyclone IV FPGA chip to generate the MAC and append it to the original ethernet packets. The proposed scheme can be integrated in the existing running environments without any changes in the network configuration. The performance of the proposed scheme is evaluated to measure its throughput.
-
Hardware Assisted Homomorphic Encryption in a Real Time VOIP Conference Application
2018 13th International Conference on Computer Engineering and Systems (ICCES), 2018Co-Authors: Ahmed E. Kamal, Hisham Dahshan, Ashraf DiaaAbstract:In this paper, a new scheme to perform a secure Voice over IP (VoIP) teleconferencing between a number of VOIP Clients is proposed. The Teleconference is done between clients regarderless of their "based on" working environment (OS (Windows, Linux, Android,..), HW (Mobile, Desktop, IP Phone, ..), …etc). It is assumed that the SIP Server lies in an untrusted area or administered by untrusted persons. Therefore, it is highly required to prevent those persons from observing all the communications between participants and obtain unencrypted data when they have access to teleconferencing servers. An end-to-end Homomorphic Encryption (HE) is applied with the assistance of a special external Hardware Appliance based on an Altera Cyclone IV 4CE115 FPGA to support the somewhat homomorphic encryption scheme. Further, this external Appliance is used to boost the performance of the Homomorphic operations. Two different approaches for mixing the VOIP data streams required for the teleconference are proposed. In the first approach, the Mixing function for the encrypted VOIP data streams is performed in the SIP Server and the Hardware Appliance will do only the HE operations. In the second approach both the mixing function for the VOIP data streams and the HE operations are performed in the external Appliance.
Alleg Abdelhamid - One of the best experts on this subject based on the ideXlab platform.
-
Service Function Placement and Chaining in Network Function Virtualization Environments
2020Co-Authors: Alleg AbdelhamidAbstract:L'émergence de la technologie de virtualisation des fonctions réseau (NFV) a suscité un vif intérêt autour de la conception, la gestion et le déploiement de services réseau de manière flexible, automatisée et indépendante du fournisseur. La mise en œuvre de la technologie NFV devrait être une solution profitable pour les fournisseurs de services et les clients. Cependant, ce changement de paradigme, amorcé par NFV, nécessite un abandon progressif des services réseau fournis à travers des équipements dédiés. En contrepartie, un environnement totalement ou partiellement virtualisé est proposé pour instancier dynamiquement et à la demande des modules logiciels appelés fonctions de réseau virtuelles (VNF). Cette évolution soulève un ensemble de défis liés au déploiement et à l'exploitation de services, tels que l'orchestration et la gestion, la résilience des services, le contrôle de la qualité de service (QoS), l’approvisionnement des ressources, etc. En outre, la question centrale à résoudre dans le contexte NFV est la suivante : « comment placer et chaîner effacement des fonctions virtuelles d’un service afin de fournir un niveau de qualité demandé par le client tout en optimisant l'utilisation des ressources par le fournisseur de services ? ”.Ainsi, cette thèse étudie la problématique du placement et du chaînage des VNF en tenant compte de certaines exigences de service telles que le délai de bout en bout, la disponibilité du service et la consommation d'énergie, et propose un ensemble d'algorithmes et de mécanismes visant à optimiser le déploiement des services demandés/fournis. Nos contributions dans cette thèse sont triples. Premièrement, nous proposons deux algorithmes de placement et de chaînage de VNF sensibles au délai de bout-en-bout pour des applications temps-réel. Les algorithmes proposés visent à respecter le délai approprié de bout-en-bout qui dépend du service déployé (exemples : VoIP, Streaming, etc.). Deuxièmement, nous présentons une analyse comparative de la disponibilité des services et nous proposons deux mécanismes de placement et de chaînage de VNF pour garantir un niveau prédéfini de disponibilité. L’objectif est de fournir des services résilients en ajustant avec précision les paramètres du schéma de protection (nombre, type, emplacement et taille des instances VNF) nécessaires pour atteindre ce niveau de disponibilité en dépit des défaillances du réseau. Enfin, nous proposons une architecture générale qui explore la possibilité d’étendre le paradigme de la virtualisation à l’Internet des objets (IoT). À cette fin, nous définissons un mécanisme de placement et de chaînage respectant les contraintes énergétiques pour des services IoT. Notre architecture propose de découpler et de virtualiser les fonctionnalités inhérentes à un objet connecté de l’équipement IoT physique. En étendant NFV au domaine IoT, notre solution ouvre de nouvelles perspectives d’application en supportant de nouveaux cas d’usages.The emergence of Network Function Virtualization (NFV) technology has aroused keen interest to design, manage and deploy network services in a flexible, automated and vendor-agnostic manner. Implementing NFV technology is expected to be a win-win solution for both service providers and costumers. However, this paradigm shift, sparked by NFV, calls for a progressive abandon of network services that are provided as Hardware Appliance and rather it proposes a fully or partially virtualized environment that offers software modules called Virtual Network Functions (VNFs). This shift rises a set of challenges related to service deployment and operation such as orchestration and management, service resiliency, Quality of Service (QoS) and resource provisioning among others. Furthermore, the core question that needs to be solved within NFV context is “What is the best way to place and chain VNFs that form a service in order to meet Service Level Agreement requirements (costumer side) while optimizing resource usage (service provider side)?”.This thesis investigates the problem of VNF Placement and Chaining considering service requirements such as end-to-end delay, service availability and energy consumption and proposes a set of algorithms and mechanisms that aim to achieve an optimized deployment of the requested/provided services. Our contributions in this thesis are threefold. First, we propose a delay-aware Placement and Chaining algorithms for delay-sensitive applications over NFV networks. The proposed algorithms aim to meet the appropriate end-to-end delay defined according to the deployed service (VoIP, Streaming, etc.). Second, we provide a comprehensive service availability benchmarking and we propose two availability-aware mechanisms for VNFs chain. The aim is to provide resilient service provisioning by fine-tuning the parameters of the protection scheme (the number, the type, the placement and the size of the spare instances) needed to reach a predefined availability level, despite network failures. Finally, we propose a framework architecture that explores the possibility to extend the virtualization paradigm to Internet of Things (IoT). Toward this end, we define an energy-aware Placement and Chaining for IoT services where inherent IoT functionalities are decoupled from specific dedicated IoT devices and instantiated on-demand. By bringing together NFV and IoT paradigms, this extension opens new perspectives and push toward designing new use cases
-
Placement et Chaînage des Fonctions de Service dans les Environnements de Virtualisation Réseau
2019Co-Authors: Alleg AbdelhamidAbstract:L'émergence de la technologie de virtualisation des fonctions réseau (NFV) a suscité un vif intérêt autour de la conception, la gestion et le déploiement de services réseau de manière flexible, automatisée et indépendante du fournisseur. La mise en œuvre de la technologie NFV devrait être une solution profitable pour les fournisseurs de services et les clients. Cependant, ce changement de paradigme, amorcé par NFV, nécessite un abandon progressif des services réseau fournis à travers des équipements dédiés. En contrepartie, un environnement totalement ou partiellement virtualisé est proposé pour instancier dynamiquement et à la demande des modules logiciels appelés fonctions de réseau virtuelles (VNF). Cette évolution soulève un ensemble de défis liés au déploiement et à l'exploitation de services, tels que l'orchestration et la gestion, la résilience des services, le contrôle de la qualité de service (QoS), l’approvisionnement des ressources, etc. En outre, la question centrale à résoudre dans le contexte NFV est la suivante : « comment placer et chaîner effacement des fonctions virtuelles d’un service afin de fournir un niveau de qualité demandé par le client tout en optimisant l'utilisation des ressources par le fournisseur de services ? ”.Ainsi, cette thèse étudie la problématique du placement et du chaînage des VNF en tenant compte de certaines exigences de service telles que le délai de bout en bout, la disponibilité du service et la consommation d'énergie, et propose un ensemble d'algorithmes et de mécanismes visant à optimiser le déploiement des services demandés/fournis. Nos contributions dans cette thèse sont triples. Premièrement, nous proposons deux algorithmes de placement et de chaînage de VNF sensibles au délai de bout-en-bout pour des applications temps-réel. Les algorithmes proposés visent à respecter le délai approprié de bout-en-bout qui dépend du service déployé (exemples : VoIP, Streaming, etc.). Deuxièmement, nous présentons une analyse comparative de la disponibilité des services et nous proposons deux mécanismes de placement et de chaînage de VNF pour garantir un niveau prédéfini de disponibilité. L’objectif est de fournir des services résilients en ajustant avec précision les paramètres du schéma de protection (nombre, type, emplacement et taille des instances VNF) nécessaires pour atteindre ce niveau de disponibilité en dépit des défaillances du réseau. Enfin, nous proposons une architecture générale qui explore la possibilité d’étendre le paradigme de la virtualisation à l’Internet des objets (IoT). À cette fin, nous définissons un mécanisme de placement et de chaînage respectant les contraintes énergétiques pour des services IoT. Notre architecture propose de découpler et de virtualiser les fonctionnalités inhérentes à un objet connecté de l’équipement IoT physique. En étendant NFV au domaine IoT, notre solution ouvre de nouvelles perspectives d’application en supportant de nouveaux cas d’usages.The emergence of Network Function Virtualization (NFV) technology has aroused keen interest to design, manage and deploy network services in a flexible, automated and vendor-agnostic manner. Implementing NFV technology is expected to be a win-win solution for both service providers and costumers. However, this paradigm shift, sparked by NFV, calls for a progressive abandon of network services that are provided as Hardware Appliance and rather it proposes a fully or partially virtualized environment that offers software modules called Virtual Network Functions (VNFs). This shift rises a set of challenges related to service deployment and operation such as orchestration and management, service resiliency, Quality of Service (QoS) and resource provisioning among others. Furthermore, the core question that needs to be solved within NFV context is “What is the best way to place and chain VNFs that form a service in order to meet Service Level Agreement requirements (costumer side) while optimizing resource usage (service provider side)?”.This thesis investigates the problem of VNF Placement and Chaining considering service requirements such as end-to-end delay, service availability and energy consumption and proposes a set of algorithms and mechanisms that aim to achieve an optimized deployment of the requested/provided services. Our contributions in this thesis are threefold. First, we propose a delay-aware Placement and Chaining algorithms for delay-sensitive applications over NFV networks. The proposed algorithms aim to meet the appropriate end-to-end delay defined according to the deployed service (VoIP, Streaming, etc.). Second, we provide a comprehensive service availability benchmarking and we propose two availability-aware mechanisms for VNFs chain. The aim is to provide resilient service provisioning by fine-tuning the parameters of the protection scheme (the number, the type, the placement and the size of the spare instances) needed to reach a predefined availability level, despite network failures. Finally, we propose a framework architecture that explores the possibility to extend the virtualization paradigm to Internet of Things (IoT). Toward this end, we define an energy-aware Placement and Chaining for IoT services where inherent IoT functionalities are decoupled from specific dedicated IoT devices and instantiated on-demand. By bringing together NFV and IoT paradigms, this extension opens new perspectives and push toward designing new use cases
Ashraf D Elbayoumy - One of the best experts on this subject based on the ideXlab platform.
-
implementation of a homomorphic mac scheme in a transparent Hardware Appliance for network coding
International Conference on Computer Engineering and Systems, 2019Co-Authors: Ahmed E. Kamal, Hisham Dahshan, Ashraf D ElbayoumyAbstract:Network coding (NC) can effectively improve data delivery in a noisy network. It allows the nodes to combine multiple packets and deliver them out. The destination can then recover it. However, pollution attacks are the most common threat to NC. As malicious nodes can inject false Ethernet packets into the network to ban the receiver from decoding the packets properly, certain authentication information must be embedded in the packets to enable the receiver to authenticate received packets. In this paper, a new scheme to apply secure Message Authentication Code (MAC) with network coding is proposed. By applying this scheme, malicious packets could be rejected in intermediate nodes without waiting until verified and dropped by the receiving node. This technique is applied with the aid of a separate Hardware device with an Altera Cyclone IV FPGA chip to generate the MAC and append it to the original ethernet packets. The proposed scheme can be integrated in the existing running environments without any changes in the network configuration. The performance of the proposed scheme is evaluated to measure its throughput.
Charles Edge - One of the best experts on this subject based on the ideXlab platform.
-
Managing the Firewall
Enterprise Mac Security, 2016Co-Authors: Charles Edge, Daniel O’donnellAbstract:Put simply, a firewall is a network traffic moderator. It uses a set of rules to determine what kind of traffic is allowed in and out of your computer or network. The term is a bit ambiguous, because there are many types of firewalls. In Chapter 10, we discussed the importance of using a firewall to act as a gateway into your network, denying and allowing network traffic on a network-wide basis between your computers and the outside world. This is what we refer to as a Hardware Appliance firewall.
-
Setting Up the Mac OS X Firewall
Enterprise Mac Security, 2010Co-Authors: Charles Edge, William Barker, Beau Hunter, Gene SullivanAbstract:Put simply, a firewall is a network traffic moderator. It uses a set of rules to determine what kind of traffic is allowed in and out of your computer or network. The term is a bit ambiguous, because there are many types of firewalls. In Chapter 10, we discussed the importance of using a firewall to act as a gateway into your network, denying and allowing network traffic on a network-wide basis between your computers and the outside world. This is what we refer to as a Hardware Appliance firewall.
