Mahmoud T. El-Hadidi

Implementation of a hybrid encryption scheme for Ethernet

A software-based implementation of a hybrid encryption scheme for Ethernet LAN is given. It uses a DES-type symmetric key for information exchange between communicating users. In addition, a Diffie-Hellman method is adopted for key distribution which incorporates an RSA-type public key scheme for securing the exchange of the symmetric key components. To facilitate distribution of public keys and to guarantee authenticity, a separate network entity called security management facility (SMF) is deployed. A brief description of the software components for the proposed hybrid encryption scheme is given, and a Petri net representation of the software operation is provided. In addition, evaluation of the proposed scheme is carried out on a prototype network, and the numerical values for the encryption time and the message transfer time are obtained to illustrate the feasibility of the new scheme.

Performance analysis and estimation of call admission control parameters in wireless integrated voice and data networks

We propose an admission control policy for wireless multimedia networks that is based on the well known threshold-based guard channel method. The new scheme deals with two different types of traffic classes; namely: voice and data. We assume two different thresholds, one for each traffic class. In addition. we propose to buffer the handoff data calls if no free channels are available rather than rejecting them. For handoff voice calls, we propose two methods. namely: a blocking method and a preemptive method. For the blockins method, we reject the handoff voice calls it no channels are available. For the precmptive method, an ongoing data call can be buffered and its channel allocated to the handoff voice call. We study the effect of the thresholds. buffer size and the application of the proposed methods on call blocking probabilities. It is shown that the new call blocking probabilities are only affected by the threshold values. Meanwhile, the data handoff blocking probability exhibited grcat improvement. For handoff voice calls, when the blocking method is applied. the blocking probability value increases slightly with the increase of buffer size. Meanwhile. for the preemptive method, the handoff voice call blocking probability significantly decreases as the buffer size increases. Based on these results. we develop an algorithm that uses the proposed policy to estimate the appropriate thresholds and buffer six which meet the required call blocking probabilities for each traffic type.

Performance evaluation of resource reservation and call admission policies for deterministic services in PGPS-based packet networks

We address the issue of reserving resources at packet switches along the path of calls requiring a deterministic bound on end-to-end delay. The switches are assumed to schedule outgoing packets using the packet-by-packet generalized processor sharing scheduling discipline. We propose an algorithm for call admission control and a number of resource reservation policies that are used to map the end-to-end delay requirement into a local rate to be reserved at each switch. The proposed reservation policies are the uniform reservation (EVEN) policy, the capacity proportional policy, and the remaining capacity proportional policy. We present extensive simulation results to evaluate the performance of these resource allocation policies for various topologies and traffic characteristics. We also propose a resource-based routing algorithm and show the performance gain when it is used.

Performance analysis of the Kerberos protocol in a distributed environment

A computer network employing multiple Kerberos servers in a client-server environment, is considered. By using appropriate queueing models for the various network entities, namely, the client the server the Kerberos server and the physical network, formulas for the average transfer time are derived. The effect of exchanging one or more messages for each access to the Kerberos server is considered. Plots of performance curves for a typical distributed environment have shown that the system can be either encryption-limited or network-limited. It is concluded that improved throughput and delay characteristics can be achieved by using efficient implementations of the Kerberos protocol, together with multiple sessions for each access to the Kerberos server.

Fuzzy-based Adaptive Cross layer Routing Protocol for Delay Sensitive Applications in MANET

In order for Mobile Ad hoc Networks (MANET) to support service requirements of multimedia and real-time applications, the underlying routing protocol must provide Quality of Service (QoS) in terms of average End-to-End Delay (ETED). Towards this end, we investigate a number of conventional routing protocols, such as AODV (reactive routing) and DSDV (proactive routing), under different traffic and mobility conditions to obtain the lowest average ETED. Then, we develop a new routing protocol that enables each mobile node to separately switch between reactive routing mode and proactive routing mode based on the current node status. It utilizes a fuzzy-based routing mode selector whose inputs are the number of link breaks (LB), the interface queue (IFQ) length, and the type of application for each node (whether Delay-Tolerant “DT” or Delay-Sensitive “DS”). In this paper, applications of interest are delay-sensitive and, therefore, the type of application of each node is set to be Delay-Sensitive (“DS”). Since the selection of the routing protocol (which belongs to Layer 3) is determined based on Layer 1 information (LB), Layer 2 information (IFQ Length) and Layer 7 information (type of application), it is called Adaptive Cross-layer Routing Protocol (ACRP). Using ns-2 network simulation package, it has been shown that the new adaptive routing protocol outperforms AODV by up to 95.3% in average ETED, and up to 84.5% in Route Discovery Latency. Likewise, it outperforms DSDV by up to 95.5% in average ETED, and up to 85.7% in Route Discovery Latency. Moreover, when compared to other QoS-MANET routing protocols, the new protocol achieves improvement in average ETED of up to 83.8% (in case of AMDR), up to 75% (in case of NQoS AODV) and up to 32% improvement in Packet Delivery Ratio (PDR) (in case of NQoS AODV).

Quantifying the ICT Needs of Academic Institutes Using the Service Category-Stakeholder Matrix Approach

Information and communication technology (ICT) is playing an ever-increasing role in the services provided by academic institutions of today. With the rapid advent in technology and the breadth of tools made available, academic institutions are finding it more challenging to quantify their needs and optimize their ICT investments. Moreover, the pressing demands that academic institutions should meet international accreditation criteria, dictate that wise deployment of ICT should be given adequate consideration. In this paper, we review recent efforts carried out by the ICTP S&Q Committee - an offspring of the ICTP project of the HEEP initiative in Egypt - in order to quantify the ICT needs of academic institutions. A systematic approach for determining such needs is proposed, which invokes the concept of the service category-stakeholder matrix.

Performance evaluation of a new hybrid encryption protocol for authentication and key distribution

Performance evaluation of a new hybrid encryption protocol for authentication and key distribution is considered. The new protocol uses a hybrid of public and symmetric key cryptography to distribute Diffie-Hellman components. Queueing analysis is undertaken to numerically compare the new protocol and two other protocols used for authentication and key distribution: the Kerberos protocol and the authenticated Diffie-Hellman protocol. The results show that the new protocol has a fast response that far exceeds the authenticated Diffie-Hellman, and which can approach the response of the Kerberos protocol. At the same time, the new protocol is more secure than the Kerberos protocol.

GALS-Based LPSP: Implementation of a Novel Architecture for Low Power High Performance Security Processors

Current architectures for processors that run security applications are optimized for either high-performance or low energy consumption. We propose an implementation for an architecture that not only provides high performance and low energy consumption but also mitigates security attacks on the cryptographic algorithms which are running on it. The security is taken as a new dimension in the design process of this new processor architecture, the Globally-Asynchronous Locally-Synchronous-based Low Power Security Processor (GALS-based LPSP). GALS-based LPSP inherits the scheduling freedom and high performance from the dataflow architectures and the low energy consumption and flexibility from the GALS systems. In this paper a prototype of the GALS-based LPSP is implemented as a soft core on the Virtex-5 (xc5-vlx155t) FPGA. The architectural features that allow the processor to mitigate Side-Channel attacks are explained in detail and tested on the current encryption standard, the AES. The performance analysis reveals that the GALS-based LPSP achieves two times higher throughput with one and a half times less energy consumption than the currently used embedded processors.

A Modified Secure Remote Password (SRP) Protocol for Key Initialization and Exchange in Bluetooth Systems

This paper presents a novel solution to previously published weaknesses identified within the Bluetooth initialization key generation process. The current initialization key generating protocol will be replaced by a more robust technique, the Secure Remote Password protocol (SRP); the proposed algorithm is adapted to Bluetooth’s constrained environment by replacing the exponentiation operations with elliptic curve multiplications. This is followed by an analytical performance evaluation for the new protocol. The analysis suggests the suitability of the proposed BT-EC-SRP solution for the constrained environment of Bluetooth devices.

Fuzzy-based adaptive cross layer routing protocol for mobile ad hoc networks

The performance of mobile ad hoc networks depends on the adaptability of its underlying routing protocol to current network conditions. Mobility, traffic load, and traffic type (Delay-Sensitive application or Delay-Tolerant application) are factors affecting the performance of routing protocols in mobile network environment. We carry out an extensive simulation study to investigate the traffic and mobility conditions required to get the paramount performance of popular routing protocols belonging to reactive and proactive routing. Then, we develop a routing protocol that enables each mobile node to switches between reactive routing mode and proactive routing mode based on the current node status. It utilizes a fuzzy-based routing mode selector whose inputs are the number of link breaks (LB), the interface queue length (IFQL), and the type of application for each node (whether Delay-Tolerant ”DT” or Delay-Sensitive ”DS”). Since the suggested routing protocol (which belongs to Layer 3) is determined based on Layer 1 information (LB), Layer 2 information (IFQL) and Layer 7 information (type of application), it is called Adaptive Cross-layer Routing Protocol (ACRP). Using the well-known network simulation package ns-2, it has been shown that the newly proposed ACRP protocol outperforms conventional mobile ad hoc network routing protocols such as AODV (pure reactive), DSDV (pure proactive), and IRA (mixed proactive and reactive). Numerical results indicate up to 19.5% improvement in packet-delivery ratio (PDR), up to 78.5% improvement in average end-to-end delay (ETED), up to 78.5% improvement in route-discovery latency, and up to 22.8% improvement in average discovery path length.