Biblio
Firewall is the first defense line for network security. Packet filtering is a basic function in firewall, which filter network packets according to a series of rules called firewall policy. The design of firewall policy is invariably under the instruction of security policy, which is a generic guideline that lists the needs for network access permissions. The design of firewall policy should observe the regulations of security policy. However, even for IPv4 firewall policy, it is extremely difficult to keep the consistency between security policy and firewall policy. Some consistency decision methods of security policy and IPv4 firewall policy were proposed. However, the address space of IPv6 address is a very large, the existing consistency decision methods can not be directly used to deal with IPv6 firewall policy. To resolve the above problem, in this paper, we use a formal technique to decide the consistency between IPv6 firewall policy and security policy effectively and rapidly. We also developed a prototype model and evaluated the effectiveness of the proposed method.
Verifying the identity of nodes within a wireless ad hoc mesh network and the authenticity of their messages in sufficiently secure, yet power-efficient ways is a long-standing challenge. This paper shows how the more recent concepts of self-sovereign identity management can be applied to Internet-of-Things mesh networks, using LoRaWAN as an example and applying Sovrin's decentralized identifiers and verifiable credentials in combination with Schnorr signatures for securing the communication with a focus on simplex and broadcast connections. Besides the concept and system architecture, the paper discusses an ESP32-based implementation using SX1276/SX1278 LoRa chips, adaptations made to the lmic- and MbedTLS-based software stack, and practically evaluates performance aspects in terms of data overhead, time-on-air impact, and power consumption.