CC BY
12
Секция «Информационнаябезопасность»
УДК 004.056.52
СПОСОБЫ ПОВЫШЕНИЯ ПРОИЗВОДИТЕЛЬНОСТИ СТЕКА ПРОТОКОЛОВ ЗАЩИЩЕННОГО ОБМЕНА ДАННЫМИ НА ОСНОВЕ ПЛАВАЮЩЕЙ ТОПОЛОГИИ
Е. А. Кушко
Сибирский государственный университет науки и технологий имени академика М. Ф. Решетнева
Российская Федерация, 660037, г. Красноярск, просп. им. газ. «Красноярский рабочий», 31
E-mail: evgeny.kushko@gmail.com
Приведены способы повышения производительности стека протоколов защищенного обмена данными на основе плавающей топологии. Стек протоколов защищенного обмена данными на основе плавающей топологии - это новый подход к обеспечению безопасности данных, передаваемых по сети, отличающийся от существующих методом сокрытия сторон сетевого взаимодействия.
Ключевые слова: перехват данных, защищенный обмен данными, безопасность сетей, программно-определяемая сеть, динамическая сеть.
WAYS TO IMPROVE THE PERFORMANCE OF SECURE DATA COMMUNICATION PROTOCOLS STACK BASED ON THE DYNAMIC NETWORK TOPOLOGY
E. A. Kushko
Reshetnev Siberian State University of Science and Technology 31, Krasnoyarsky Rabochy Av., Krasnoyarsk, 660037, Russian Federation E-mail: evgeny.kushko@gmail.com
The paper presents ways of improving the performance of secure data communication protocols stack based on the dynamic network topology. The stack of secure data communication protocols based on the dynamic network topology is a new approach to ensuring the security of data transmitted over the network. It differs from the existing approaches with the method of hiding the sides of network interaction.
Keywords: local network, secure data communication, data interception, encryption, moving-target defense, dynamic topology.
There are two main groups of methods used to prevent unauthorized interception of network traffic: classical (standard) and non-standard. The classical methods include:
1) building a switched infrastructure;
2) traffic encryption;
3) intrusion prevention/detection systems.
The main disadvantages of classical approaches are no concealment of data transmission fact and no concealment of a communication channel, the availability of proven ways to bypass security tools, in addition, you must be constantly ready for a potential attack. In order to correct these disadvantages, scientists and researchers developed non-standard methods:
1) moving target technology;
2) network steganography;
3) dynamic network.
The main disadvantages of non-standard approaches include the complexity of using, the presence of a central configuration node, non-guaranteed channel width and quality of communication.
As a result, we developed the stack of secure data communication protocols based on the dynamic network topology, which considers the above disadvantages of classical and non-standard approaches to
Актуальные проблемы авиации и космонавтики - 2019. Том 2
counter the interception of network traffic. The paper [1] covers the description of the protocols. The paper [2] describes the software implementation. The paper [3] shows the performance parameters.
The data encryption ensures the data concealment, and the lack of direct addressing between nodes and avalanche routing conceals the communication channels. Integration with the existing network infrastructure is possible, because the modern network equipment supports used technologies. The software solution runs on the client device and does not require any special hardware. The configuration of the protocol stack is decentralized.
In addition, data transfer over the secure communication protocols stack involves multiple delivery paths. After each network reconfiguration change, new paths appear, so that multiple delivery paths exist. The stack of secure data communication protocols guarantees the delivery of packets by a method of flooding and method of handshaking.
However, the current performance characteristics do not allow to transfer large amount of data. One way to improve performance is to increase the speed of data packets processing by the relay node, as during the measuring data transfer performance experiment we found that the number of information flows passing the repeater node impacts performance. The more information flows, the lower the performance.
It is possible to increase the data packets processing speed by the relay node by parallel processing of data packets. The current implementation performs single-threaded packets processing. In order to assess the possible effect of multithreaded packet processing, we developed a simulation model in the GPSS environment. Processing is carried out by 4 threads. Table 1 shows the average values of the experimental results (from 2 to 1000 information flows). If the number of threads is small (2-3 flows), the processing speed increases by 5-10 %, but if the number of flows reaches 10, the processing speed increases by 2 times.
Experimental result
Processing mode Single-threaded Multithreaded
min max avg min max avg
Utilization factor (core) 0,7 1 0,816 0,2 0.99 0,569
Average processing time (ms) 5,05 5,04 5,05 5,05 5 5,012
Average request queue time (ms) 24,8 9982 2225,39 20 2532 577,73
Average response queue time (ms) 8 7474 1657,49 6,2 1269 287,71
Average requests queue length 1,7 1000 222,32 0,8 500 111,03
Average response queue length 0,6 749 165,8 0,3 251 55,66
As a result of multithreaded packet processing, the packet processing speed of the relay node increases. Accordingly, performance characteristics of the stack of secure data communication protocols based on dynamic network topology also increased.
Other potential ways to increase performance is to use more efficient cryptographic transformations, modification of the method of guaranteed delivery, as well as the formation of the multicast group of secure communication to achieve efficient data transmission.
Библиографические ссылки
1. Kushko E.A., Parotkin N. Yu. The research of technologies for secure data communication in dynamic networks // IEEE Xplore Digital Library. Dynamics of Systems, Mechanisms and Machines (Dynamics). 2017.
2. Кушко Е.А. Метод обеспечения защиты передаваемых данных на основе плавающей топологии сети // Решетневские чтения : материалы XXII Междунар. науч. конф. (12-16 ноября 2018, г. Красноярск) : в 2 ч. / под общ. ред. Ю. Ю. Логинова ; СибГУ им. М.Ф. Решетнева, 2018. Ч. 2. С. 337-338.
3. Разработка и экспериментальное исследование протокола динамического адресного пространства на основе мультикаст-групп / Паротькин Н.Ю., Панфилов И.А., Золотарев В.В и др. // Сибирский журнал науки и технологий. 2017. Т. 18. №4. С. 779-787.
© Кушко Е. А., 2019
