2021 Volume 141 Issue 12 Pages 1241-1249
Network Traversal with Mobility (NTMobile), which provides both IP mobility and connectivity in a mixed IPv4/IPv6 environment, can control whether or not encrypted UDP tunnel communication is allowed per node according to an access control list. However, in the case of NTMobile nodes where communication is allowed, not only authorized application communication but also malware communication can pass through NATs and firewalls. This paper proposes a new mechanism to control the communication per process. With the proposed mechanism, even if an NTMobile node is allowed to communicate, it can identify the relevant application process from the sending and receiving packets, and control the packet passing or dropping in accordance with the rules. As a result of implementing and verifying a prototype of the proposed method, we confirmed that the communication availability can be controlled for each process. We also evaluated the throughput performance and confirmed that the proposed method can achieve the performance without any practical problems by utilizing the cache function.
The transactions of the Institute of Electrical Engineers of Japan.C
The Journal of the Institute of Electrical Engineers of Japan
