Abstract: A method, non-transitory computer readable medium and local storage node computing device that establishes a first connection between a first endpoint in a kernel of an operating system and a second endpoint. A proxy application in a user space is invoked and a second connection is established from the operating system kernel to the proxy application. The proxy application is linked to a secure protocol implementation. Handshake messages are proxied between the second endpoint and the proxy application using the first and second connections. Security parameters for the first connection and determined from the handshake messages are sent from the proxy application to the operating system kernel via the second connection. Data is exchanged between the first endpoint in the operating system kernel and the second endpoint using the first connection and the security parameters.

Abstract: Described embodiments provide systems and apparatuses for enhanced quality of service, steering and policy enforcement for https traffic via intelligent in-line path discovery of a TLS terminating node. The system may include a first network device having a secure connection traversing through the first network device, and in communication with a second network device. The first network device and the second network device may be intermediary to a client device and a server. The first network device may determine that the second network device terminates the secure connection. The first network device may receive key generation information of the secure connection from the second network device following determining the second network device terminates the secure connection.

Abstract: A novel method for stateful packet classification that uses hardware resources for performing stateless lookups and software resources for performing stateful connection flow handshaking is provided. To classify an incoming packet from a network, some embodiments perform stateless look up operations for the incoming packet in hardware and forward the result of the stateless look up to the software. The software in turn uses the result of the stateless look up to perform the stateful connection flow handshaking and to determine the result of the stateful packet classification.

Abstract: Among other things, this document describes systems, devices, and methods for executing rules in an application layer firewall, including in particular a web application firewall (WAF). An application layer firewall engine employs symbolic execution techniques that result in improved performance and efficiency. In preferred embodiments, an arbitrary firewall rule can be pre-processed to discover and define a set of one or more properties that an input must have in order for the input to have the potential to trigger the rule. By quickly examining an input for these properties, then application layer firewall can conclude that the input cannot trigger and therefore skip full execution of the rule against the input. This can be repeated for many if not all rules in a firewall ruleset. When a high proportion of the inputs have the required properties for rule-skipping, performance can be dramatically improved.

Abstract: Described embodiments provide systems and methods for policy-based authentication, where the policy may designate locations and/or forms of proof of locations, for use in authentication. Some embodiments include or utilize a database storing authentication policies. In an example system, an authentication server in communication with the database is configured to receive a request from a device needing authentication. The request may include a credential. The authentication server is configured to retrieve, from the database storing authentication policies, an authentication policy corresponding to the device, the retrieved authentication policy specifying a location parameter. The authentication server is configured to receive location data from the device and resolve the authentication request using the credential and the received location data pursuant to the retrieved authentication policy.

Abstract: A method and an apparatus for installing a profile in a terminal including a universal integrated circuit card (UICC) corresponding to a smart card security module, which is inserted into a mobile communication terminal and then used are provided. More particularly, a method and an apparatus for remotely installing or removing mobile communication subscriber information in/from a profile of a terminal are provided. The terminal can remotely download the profile from a network server (subscription manager data preparation (SM-DP) or subscription manager secure routing (SM-SR)) without any change in a mobile network operator information technology (IT) system interface rather than downloading the profile of the terminal by the network server.

Abstract: A client computer includes a web browser connected to a local web server that is coupled with a local utility. Upon loading a web page, the web browser sends, to the local web server, a first open-ended message that does not require a return message from the local web server. In response to and upon receiving a response to the first open-ended message, the web browser maintains communication with the local web server by sending a second open-ended message that does not require a return message to the local web server. The local web server receives the first open-ended message, waits until the local utility determines that there is information to be provided to the web browser, and in response to determining that there is information to be provided to the web browser, sends a first return message including the information to the web browser.

Abstract: Among other things, this document describes systems, devices, and methods for using TLS session resumption tickets to store and manage information about objects that a server or a set of servers has previously delivered to a client and therefore that the client is likely to have in client-side cache. When communicated to a server later, this information can be used to drive server decisions about whether to push an object to a client, e.g., using an HTTP/2 server push function or the like, or whether to send an early hint to the client about anobject.

Abstract: A Secure Hash Algorithm 256 (SHA-256) expander operates over multiple cycles to convert 16 message words, M(t), into 64 working values, W(t), for input into a SHA-256 compressor. As the expander operates to produce W(t), it computes partial values of W(t) as soon as the necessary data operands are available in cycle time. Once computed, the partial values are retained and shifted and any unneeded original shift source values are discarded. When the shift register outputs finally arrive at the output, W(t) is already computed. The expander allows for one-write-port, one-read-port register files to be used in some integrated circuit embodiments. The expander also leads to improvements in adder delays, energy consumption, and area consumption when implemented as an integrated circuit.

Abstract: A data transmission method and an apparatus used in a virtual switch technology are provided. An IO request of a virtual machine VM for accessing a file or a disk is received. When the IO request is to be sent to a physical NIC by using a user mode Open vSwitch (OVS), the IO request is converted into an Internet Small Computer Systems Interface (iSCSI) command in a user mode The iSCSI command is then sent to the user mode OVS. The user mode OVS sends the iSCSI command to the physical NIC.

Abstract: A method includes: setting up, by a first network device, a MACSec channel to a second network device according to the MACSec protocol; and sending, by the first network device, an ACP packet to the second network device by using the MACSec channel, where the ACP packet is carried in a MACSec frame, and a frame header of the MACSec frame carries identification information used to identify the ACP packet. By means of the packet transmission method, a MACSec channel is set up between adjacent nodes in a self-organizing network according to the MACSec protocol, and an ACP packet is transmitted between the adjacent nodes by using the MACSec channel and processed.

Abstract: A secure layer extensions unit identifies a secure layer extension identifier associated with a communication protocol supported by a client device; receives, from a secure sockets layer (SSL) engine, a handshake communication in view of the communication protocol, wherein the handshake communication excludes the secure layer extension identifier; generates a modified handshake communication for the client device that includes the secure layer extension identifier in view of the communication protocol; and forwards the modified handshake communication to the client device.

Abstract: An enforcement module operating on a server or on a network midpoint device obtains a management instruction controlling communications of a target workload. The enforcement module configures a firewall of a network midpoint device upstream from the target workload to enforce the management instruction. The configuration mechanism may be dependent on the particular capabilities and characteristics of the network midpoint device.

Abstract: A controller and an accessory controllable by the controller can communicate using secure read and write procedures. The procedures can include encrypting identifiers of accessory characteristics targeted by a read or write operation as well as any data being read or written. The procedures can also include the accessory returning a cryptographically signed response verifying receipt and execution of the read or write instruction. In some instances, a write procedure can be implemented as a timed write in which a first instruction containing the write data is sent separately from a second instruction to execute the write operation; the accessory can disregard the write data if the second instruction is not received within a timeout period after receiving the first instruction.

Abstract: Example techniques relate to re-establishing connectivity of playback devices. In an example implementation, a first playback device determines that a first access point has been replaced with a second access point, wherein the first playback device previously established a valid network connection over the first WLAN using first network parameters. The first playback device connects to the second access point, the second access point providing a second WLAN. The first playback device requests, via the wireless network interface from the second access point, an IP address in a second subnet, the second subnet covering a different range of IP addresses than the first subnet and establishes a network connection over the second WLAN using second network parameters stored in the data storage of the first playback device.

Abstract: Methods and apparatus for securely storing, using and/or updating credential information, e.g., passwords and user IDs for a user who subscribes to one or more services, e.g., video stream services or other services available through a communications network such as the Internet, are described.

Abstract: A process for authenticating a communication device may include receiving an authentication request including an access credential having a timestamp generated by the communication device may be received by the server. A determination can be made as to whether the communication device had successfully executed a predetermined shutdown sequence by determining whether the access credential has reliable timestamp information. The communication device can be authenticated when the timestamp has a non-reset value indicating that the communication device had successfully executed the predetermined shutdown sequence, and that the access credential has not expired. Step-up authentication for the communication device can be requested when the access credential has unreliable timestamp information indicating that the communication device did not successfully execute the predetermined shutdown sequence.

Abstract: Cryptographic keys can include logging properties that enable those keys to be used only if the properties can be enforced by the cryptographic system requested to perform one or more actions using the keys. The logging property can specify how to log use of a respective key. A key can also include a mutability property for specifying whether the logging property can be changed, and if so under what circumstances or in which way(s). The ability to specify and automatically enforce logging can be important for environments where audit logs are essential. These can include, for example, public certificate authorities that must provide accurate and complete audit trails. In cases where the data is not to be provided outside a determined secure environment, the key can be generated with a property indicating not to log any of the usage.

Abstract: A reader device may generate a first identifier. The reader device may transmit the first identifier to a mobile device. The reader device may receive encrypted data and unencrypted data from the mobile device in which the encrypted data includes a second identifier. The reader device may evaluate whether the first identifier and the second identifier correspond to one another.

Abstract: Techniques are presented herein for engagement and disengagement of Transport Layer Security proxy services with encrypted handshaking. In one embodiment, a first initial message of a first encrypted handshaking procedure for a first secure communication session between a first device and a second device is intercepted at a proxy device. The first initial message includes first key exchange information for encrypting the first encrypted handshaking procedure. A copy of the first initial message is stored at the proxy device. A second initial message of a second encrypted handshaking procedure for a second secure communication session between the proxy device and the second device is sent from the proxy device to the second device. The second initial message includes second key exchange information for encrypting the second encrypted handshaking procedure. The proxy device determines, based on the second encrypted handshaking procedure, whether to remain engaged or to disengage.

Abstract: A network security platform (NSP) device and interaction method are disclosed. The interaction method provides network packet analysis for secure transmission protocols using ephemeral keys or keys that are negotiated dynamically. The NSP may be part of an Intrusion Protection System, or firewall. The disclosed approach does not use man-in-the-middle proxy. Instead, it includes monitoring connections ends: client and/or server, to intercept the required data or negotiated (or changed) encryption keys. Decrypted data may be sent to an NSP sensor in a secure manner for analysis. Alternatively, intercepted keys used for the encrypt/decrypt operations may be sent to an NSP sensor in a secure manner every time they are changed. The NSP sensor may then use the obtained keys to decrypt traffic prior to providing it to the inspection engines. Embodiments focused on inbound traffic to a web server may coordinate between a web server and an NSP.

Abstract: Provided is a process for managing offers includes: presenting, on a mobile device, offer-creation interfaces by which a merchant specifies an offer, the offer parameters including data indicative of an amount of instances of the offer to be reserved by consumers; obtaining, with the mobile device, the offer parameters; obtaining, with the mobile device, based on wireless signals received by the mobile device indicative of location of the mobile device, a geographic location where consumers are to be alerted to the offer; and sending a request to an affiliate network to distribute the offer to a plurality of publishers within the affiliate network and limit use of the offer according to the specified amount of instances of the offer to be reserved by consumers, wherein the publishers each send a plurality of offers to consumers and wherein the affiliate network tracks redemptions of the offers with merchants.

Abstract: A target transceiver transfers target instructions to a control server that associates a data source with contact information, conditions, and tokens. The target transceiver transfers the contact tokens to a source transceiver for the data source. The source transceiver encrypts and transfers a data target ID and the token to the control server. The control server receives and decrypts the data target ID and the token and identifies the data source, the data target, and the conditions. The control server processes the conditions to select a portion of the contact information and transfers the selected portion of the contact information to the source transceiver. The source transceiver transfers the user data to the target transceiver based on the selected contact information.

Abstract: An approach for a first host to establish communication with a second host comprising receiving an signal from a client that the client is in enrolled in a first communication group with the first host and enrolled in a second communication group with the second host, sending a first host-specific certificate and a pairing request message, receiving a second host-specific certificate and a first value, verifying the second host-specific certificate, verifying the first value, sending a second value, receiving a third value and an encrypted message, determining a fourth value equals the third value, deriving a temporary key, decrypting the encrypted message using the temporary key, obtaining a group key for the second communication group from the decrypted message, sending a group key for the first communication group, and receiving a verification message from the second host indicating successful establishment of communication.

Abstract: Apparatuses, methods and storage medium associated with single pass parallel encryption are disclosed herein. In embodiments, an apparatus for computing may comprise an encryption engine to encrypt a video stream. The encryption engine may comprise a plurality of encryption pipelines to respectively encrypt a plurality of video sub-streams partitioned from the video stream in parallel in a single pass as the video sub-streams are being generated. The plurality of encryption pipelines may use a corresponding plurality of multi-part encryption counters to encrypt the corresponding video sub-streams as the video sub-streams are being generated. Each of the multi-part encryption counters used by one of the encryption pipelines may comprise a sub-portion that remains constant while encoding the corresponding video sub-stream, but the sub-key is unique for the one encryption pipeline, and differs from corresponding sub-portions of the multi-part encryption counters used by the other encryption pipelines.

Abstract: The present invention provides systems and methods for supporting encrypted communications with a medical device, such as an implantable device, through a relay device to a remote server, and may employ cloud computing technologies. An implantable medical device is generally constrained to employ a low power transceiver, which supports short distance digital communications. A relay device, such as a smartphone or WiFi access point, acts as a conduit for the communications to the internet or other network, which need not be private or secure. The medical device supports encrypted secure communications, such as a virtual private network technology. The medical device negotiates a secure channel through a smartphone or router, for example, which provides application support for the communication, but may be isolated from the content.

Abstract: The present application describes a method, system, and non-transitory computer-readable medium for exchanging encrypted communications using hybrid encryption. According to the present disclosure, a first device receives an encrypted communication from a second device. The encrypted communication includes a first encrypted secret, a second encrypted secret, a first signature, and a second signature. The first device verifies the first signature and the second signature, and, when the first and second signatures are valid, decrypts the first encrypted secret using a first encryption algorithm and the second encrypted secret using a second encryption algorithm. The first device combines the first decrypted secret and the second decrypted secret to recover a first communication and provides the first communication to a user of the first device.

Abstract: Various embodiments described herein disclose an endpoint modeling and grouping management system that can collect data from endpoint computer devices in a network. In some embodiments, agents installed on the endpoints can collect real-time information at the kernel level providing the system with deep visibility. In some embodiments, the endpoint modeling and grouping management system can identify similarities in behavior in response to assessing the data collected by the agents. In some embodiments, the endpoint modeling and grouping management system can dynamically model groups such as logical groups, and cluster endpoints based on the similarities and/or differences in behavior of the endpoints. In some embodiments, the endpoint modeling and grouping management system transmits the behavioral models to the agents to allow the agents to identify anomalies and/or security threats autonomously.

Abstract: Aspects of the present disclosure are related to provisioning of wireless devices. In an embodiment, a wireless device (sought to be provisioned) receives values for provisioning parameters from an external user device, and attempts to join a wireless local network according to the received values for the provisioning parameters. The wireless device sends a response to the external user device indicating whether or not the joining was successful. The external user device may display the result indicating whether or not provisioning was successful. The wireless device may operate in a time division multiplexed manner as an access point (for securing the credentials) and as a station (once provisioning is complete).

Abstract: Cipher suites and/or other parameters for cryptographic protection of communications are dynamically selected to more closely match the intended uses of the sessions. A client indicates a planned use of a session to a server. The client's indication of the planned use may be explicit or implicit. The server selects an appropriate set of parameters for cryptographic protection of communications based at least in part on the indicated planned use and the client and server complete a handshake process to establish a cryptographically protected communications session to use the selected set of parameters.

Abstract: A system facilitates secure communication between an authorized user device and two or more servers via two or more channels that are associated with the respective servers. For each communication channel, the system receives a device identifier for the authorized user device and links the device identifiers together via another identifier, thereby allowing the system to recognize that the different device identifiers identify the same authorized user device. The system can identify an unauthorized device masquerading as the authorized user device by determining that a communication from the unauthorized device does not include another identifier linking the two or more device identifiers and/or by determining that a device identifier computed during the registration process is different from a linked identifier.

Abstract: A server receives a certificate signing request and onboarding information for an applicant device, and identifies a customer associated with the applicant device based on an applicant device identifier and a database identifiers associated with customers. The device determines a registered device associated with the customer is a trusted device, a location trust value for the applicant device based on a geolocation proximity between the applicant device and the trusted device, and an environment trust value for the applicant device based on a proximity in a network topology between the applicant device and the trusted device. The device further determines a trust score for the applicant device based on the location trust value and the environment trust value, and sends a signed certificate to the applicant device over the network when the trust score for the applicant device exceeds a threshold.

Abstract: The invention relates generally to monitoring and managing network components, such as monitoring the network components to determine the vulnerabilities of network components, implementing remediation plans for the vulnerabilities, instituting remediation suppression for acceptable uses, instituting network component exceptions and rolling exceptions to other network components automatically, and taking consequence actions for the vulnerabilities. A network component exception may be implemented for a network component when the network component data meets custom criteria. When the custom criteria is met, the network component is automatically rolled into the network component exception process to automatically associate network component exceptions with network components that have data that meets the custom criteria. The network component exceptions prevent vulnerability actions from being taken with respect to the associated network components.

Abstract: A query graph, which includes vertices and edges, represents a query on graph-structured data. The query graph is decomposed into query subgraphs. A network analysis tool performs continuous subgraph matching queries to facilitate analysis of computer network traffic, social media events, or other streams of data represented as a dynamic data graph (graph-structured data). This can help identify emerging trends in the data. Some features of the network analysis tool enhance performance by effectively utilizing distributed computing resources (including processing cores and memory at different nodes of a cluster) to speed up the process of updating the dynamic data graph and detecting matches of query subgraphs. Features of a query graph building tool enhance usability by providing intuitive ways to specify query graphs and their subgraphs. Features of a results visualization tool enhance usability by providing an intuitive way to present the results of continuous subgraph matching queries.

Abstract: Described herein are a communication method, a security node network element, and a terminal. The method includes receiving, by a security node network element, a first data packet carrying first user plane data or first control signaling from a terminal, the first data packet is transmitted via a first security connection or a second security connection, the first security connection is used to transmit the first data packet carrying the first user plane data, and the second security connection is used to transmit the first data packet carrying the first control signaling; and sending the first control signaling to a control plane (CP) function entity if the first data packet is transmitted via the second security connection.

Abstract: Methods in a cloud object store facilitate strong data encryption, customer-management of object (encryption) keys, reductions in latency, globally-distributed object storage, and handling of streamed uploads. A method for encrypting objects stored in a cloud includes encrypting each object with a unique encryption (object) key. The plaintext object keys are generated in advance of uploads. The plaintext object keys can be stored in an object database in the cloud. Alternatively, the plaintext object keys can be provided to a customer's HSM, encrypted, and returned to the cloud, such that encrypted object keys, encrypted by the customer, are stored in the cloud. The cloud can alternatively encrypt the customer's object keys with a master key for the customer, which is then encrypted by the customer's HSM before being stored in the cloud. Proxies are also deployed for efficiently communicating with customer security modules.

Abstract: Methods, systems, and computer-readable storage media for central management of multiple landscapes using a central management platform that is absent user management functionality.

Abstract: A communication network encrypts a first portion of a transaction associated with point-to-point communications using a point-to-point encryption key. A second portion of the transaction associated with end-to-end communications is encrypted using an end-to-end encryption key.

Abstract: Methods in a cloud object store facilitate strong data encryption, customer-management of object (encryption) keys, reductions in latency, globally-distributed object storage, and handling of streamed uploads. A method for encrypting objects stored in a cloud includes encrypting each object with a unique encryption (object) key. The plaintext object keys are generated in advance of uploads. The plaintext object keys can be stored in an object database in the cloud. Alternatively, the plaintext object keys can be provided to a customer's HSM, encrypted, and returned to the cloud, such that encrypted object keys, encrypted by the customer, are stored in the cloud. The cloud can alternatively encrypt the customer's object keys with a master key for the customer, which is then encrypted by the customer's HSM before being stored in the cloud. Proxies are also deployed for efficiently communicating with customer security modules.

Abstract: A method in a computer network in which a user equipment (UE) connects to multiple packet cores, wherein each of said multiple packet cores assigns the UE a corresponding network address, the method comprising: (A) a virtual gateway associating a first network address with said UE and providing the UE with a second network address for communicating with and/or through said virtual gateway, said first network address and said second network address being distinct from the network addresses assigned to the UE by the packet cores; and (B) said virtual gateway communicating with said UE via one or more of said multiple packet cores, wherein the virtual gateway and the UE communicate using the first network address and the second network address, and wherein the virtual gateway acts as a gateway for the UE.

Abstract: A system for hardware offloading programs a network interface card with a mapping between (i) a connection identification (CID) for one or more Quick User Datagram Protocol Internet Connections (QUIC) data packets and (ii) a symmetric key and a crypto algorithm. When one or more data packets are received over a network, the one or more data packets are parsed to identify the one or more data packets as QUIC data packets and then obtain the CID for the QUIC data packets. The CID is sent to the network interface card that identifies the symmetric key and the crypto algorithm based on the CID to perform a crypto decrypt operation on the QUIC data packets, and reassembles the QUIC data packets, and an encrypt and large send offload (LSO) on transmit. A software control complexity and processing burden is thereby reduced.

Abstract: The present disclosure provides a system, a method, and a device for displaying a content item. The system includes: a video playing terminal, configured to obtain a video and play the video; a content item displaying client, configured to send a content item obtaining request for requesting to obtain a content item related to the video being played by the video playing terminal; and a content item preparation platform, configured to determine a current playing moment of the video played by the video playing terminal, select, from one or more content items corresponding to the video, a content item with a marking moment nearest to the current playing moment, and push the selected content item to the content item displaying client, where the content item displaying client is further configured to display the received content item.

Abstract: Methods and systems for pairing devices are disclosed. A user device may be used to navigate to a resource locator using. In response to a determination that an identifier associated with the user device matches at least one identifier associated with one or more devices accessing a first network, a paired communication may be established between the user device and a display device to facilitate control of one or more features of display device.

Abstract: A method, a system and computer program products for securely enabling in-network functionality over encrypted data sessions, the method involving establishing an encrypted data session between a client communication application (100) and a server communication application (200) over a communication network; receiving and/or transmitting, by the client communication application (100), in the established encrypted data session, at least one encrypted communication data (D) from/to the server communication application (200) through a computing network element (M); and performing, by the computing network element (M), different actions other than data packet forwarding from one communication application to the other on the encrypted communication data (D). The encrypted communication data (D) has a plurality of data portions, or contexts, (CTX), each encrypted by a context key, and the different actions being specific for the computing network element (M) and for one or more of the contexts (CTX_X).

Abstract: The public enclave key of each enclave in an enclave pool may be registered in an enclave pool registry, and the registry updated each time there is an enclave pool membership change. A shared enclave pool key may be derived from the public enclave key of each enclave of the enclave pool. The shared enclave pool key may be stored, in a shared key ledger, as a first version of the shared enclave key, and an updated version of the shared key may be generated and stored as another version each time there is an enclave pool membership change. The output of a cryptlet that executed in multiple enclaves may be signed with the enclave private key of each enclave in which the cryptlet executed. Each enclave signature may be compared against each version of the of the shared enclave pool key in the shared key ledger.

Abstract: A system performs hierarchical navigation through network flow data. A user interface is configured to display network flow data and allow hierarchical navigation across the network flow data. The user interface comprises a plurality of axes and lines connecting data points between axes. Data points along an axis represent values of an attribute aggregated along a set of dimensions. The system receives requests for expanding data points along a particular dimension or collapsing the data points along the particular dimension. The system reconfigures the user interface according to the received request and sends the reconfigured user interface for display via the client device. The user interface provides better visibility into the network flow data, thereby allowing security analysts to spot communication patterns associated with security issues and navigate through various dimensions to further analyze a suspect communication pattern.

Abstract: The state of a system is determined in which data sets are generated that include a plurality of data instances representing states of one or more components of a computer system. The data instances generated by one or more data set sources that are configured to output a data instance in response to a trigger associated with the one or more components. The data instances are normalized by the application of one or more rules. The data instances from individual data set sources are separately collated to generate groups of time-specific collated data instances. State types may be assigned to each of the collated data instance groups. Distributions of state-types across the groups may be determined and a list of infrequent state-types may be generated based on the determined distributions of state-types across the groups.

Abstract: Systems, apparatuses, and methods for secure enablement of platform features without user intervention are disclosed. In one embodiment, a system includes at least a motherboard and a processor. The motherboard includes at least a socket and an authentication component. The authentication component can be a chipset, expansion I/O device, or other component. The processor is installed in the socket on the motherboard. During a boot sequence, the processor retrieves a key value from the authentication component and then authenticates the key value. Next, the processor determines which one or more features to enable based on the key value. Then, the processor programs one or more feature control registers to enable the one or more features specified by the key value. Accordingly, during normal operation of the system, the one or more features will be enabled.

Abstract: A runtime attack can be detected on a big data system while processes are executed on various computing devices. A behavior profile can be maintained for tasks or processes running on different computing devices. The existence of a call variance in one of the traces for one of the behavior profiles can be determined. A memory variance can also be detected in one of the behavior profiles. A runtime attack has occurred when both the memory variance and the call variance are determined to exist.

Abstract: An approach is disclosed for detecting source network address translation in internet protocol (IP) tunneling flows and using learned source IP addresses and source ports from such detection to create new tunnels. In one embodiment, a NAT detection application determines whether source IP addresses and source ports associated with new traffic flows destined to a local Foo-over-UDP (FOU) tunnel endpoint match the source IP address and source port of a previously configured FOU tunnel. Lack of such a match is indicative of source network address translation, and in such a case the NAT detection application creates a new FOU tunnel toward the detected source IP address and source port. In addition, the NAT detection application authenticates the remote endpoint of the newly created FOU tunnel and configures the FOU tunnel for use if the remote endpoint is successfully authenticated.