Congress Passed The Budget Control Act - 1660 Words

On August 2, 2011, Congress passed the Budget Control Act (BCA) of 2011 which cut $487 billion from projected defense spending over the next 10 years.1 The act also established a system of sequestration, which would cut an additional $495 billion from the defense budget.2 Altogether, the BCA would cut almost $1 trillion dollars from the Department of Defense (DoD). The passing of the BCA and the subsequent loss of funding mark an end to a 13-year period of robust budget allocations to support the global war on terrorism. From 2001 to 2013 over $1.6 trillion has been allocated to the DoD to support preparations for and execution of operations in various overseas areas.3 Within this $1.6 trillion, 94% of the funding was allocated to support operations in Iraq and Afghanistan.4 This robust amount of funding cultivated a culture within the DoD that there would always be funding available to cover costs at home and abroad. This culture is deeply entrenched within the United States Army du e to large budgets provided to the Army over the past 13 years. In today’s environment of shrinking budgets, this culture can no longer stand true and must be changed. Establishing a cost-conscious culture (CCC) within the Army is critical to our ability to sustain the current Army force structure and make the needed modernization investments to ensure our capability to fight and win our nations wars. Our world continues to remain a violent, uncertain, complex, and ambiguous environment.Show MoreRelatedFiscal Year 2012 Essay766 Words   |  4 PagesIn 2011, the House of Representatives clashed with President Barack Obama over the federal budget for Fiscal Year 2012. While Obama opted for a budget that reduced deficits through careful spending cuts and increased tax revenue, House Republicans Eric Cantor and Paul Ryan, along with eighty-seven new House Republicans, hoped to pass a budget that was more fiscally conservative. Ryan’s budget plan, The Path to Prosperity, cut $6 trillion in spending by repealing Obamacare and aided the wealthy byRead MoreThe Evolution of the Federal Budget Process989 Words   |  4 Pagesis why a budget is needed, however, there is no actual process mentioned in the Constitution that explains how Congress should do this. The Constitution states: No Money shall be drawn from the Treasury, but in Consequence of Appropriations made by Law; and a regular Statement and Account of Receipts and Expenditures of all public Money shall be published from time to time. (U.S. Constitution, Article 1, Section 9). This statement only says that the power has been designated to Congress. It doesRead MoreThe United State Of America1252 Words   |  6 PagesThe 113th Congress has been considered as the worst congress in the history of the United States. The highly polarized institution showed its inefficiency when dealing with the fiscal budget. By failing to pass a new budget, the American government shutdown for a couple of weeks. One of the leading causes of disagreement between the two parties was the extension of the debt ceiling limitation. The government is accruing more and more debt every year, and not passing a budget could eventually leadRead MoreEssay On The Federal Budget856 Words   |  4 Pagesfederal budget. As tax payers, the American people always wishes to know where their tax dollars are going. The problem is that very few people actually know who sets the federal budget, and how much power this branch of government really has. The governmental branch that controls the federal budget is the legislative branch, also known as Congress. An instance when Congress really stretched its muscles in terms of the federal budget was the Congressional Budget and Impoundment Control Act of 1974Read MoreWas Obama An Imperial President?. . . . . Emma Hopkins.1650 Words   |  7 Pagescan be stopped and then be prevented. Obama is an imperial president because he has violated the Constitution in many ways and has done so multiple times, such as missing multiple budget deadlines, making appointments while the Congress is not in recess, and changing the Affordable Care Act without permission from Congress, making him uncontrollable and exceeding the powers given to him as president from the constitution. Being an imperial president includes making unconstitutional decisions. An imperialRead MoreIssue of Fiscal Cliff and the Economic Validity of Sequestering1708 Words   |  7 Pagesreport by CNBC News sequestration is a fiscal policy procedure adopted by Congress to deal with the federal budget deficit. In simple terms, its a way of forcing cutbacks in spending on government programs and then using that money to pay down the deficit. (Koba, 2013, p.1) The deficit is the difference in a year between what the government receives and what it spends. (Koba, 2013, paraphrased) As of January 2013, Congress was not able to reach an agreement on cuts to spending and the sequestrationRead MoreNo Taxation Without Representation On Future Americans1327 Words   |  6 Pagesburden on to future generations, and they will be the ones required to pay for today’s spending. Without a say in this fiscal burden being passed to them, the lack of a balanced budget is in effect, taxation without representation on future Americans. My proposed amendment to the United States Constitution would create a requirement for a balanced national budget each year. This is the most fundamental solution to our nation’s unsustainable debt. There are many reasons for the necessity of this amendmentRead MoreObama Financial Crisis Summary1578 Words   |  7 Pageslevels in 60 years.[46] The Obama administration would later argue that the stimulus saved the United States from a double-dip recession.[47] Obama asked for a second major stimulus package in December 2009,[48] but no major second stimulus bill passed. Obama also launched a second bailout of US automakers, possibly saving General Motors and Chrysler from bankruptcy at the cost of $9.3 billion.[49] For homeowners in danger of defaulting on their mortgage due to the subprime mortgage crisis, ObamaRead MoreFederal Budgetary Function, And The Oversight Function Essay1109 Words   |  5 Pagespowers of Congress are The Budgeta ry Function, The Law Making Function, and The Oversight Function. 1. The Budgetary Function – Congress solidified their role in the budgetary process by passing the Congressional Budget Act of 1974. The Act modified the role of Congress in the federal budgetary process. It created standing budget committees in both the House and the Senate, established the Congressional Budget Office, and moved the beginning of the fiscal year from July 1 to October 1. The Act had twoRead MoreThe Legislative Branch Of Government1585 Words   |  7 PagesLegislative Control of Bureaucracy It is fair to say that the Constitution makes the legislative branch of government, also interchangeably referred to as Congress, the source or author of federal administration (Willoughby 1927; 1934). Establishing, empowering, structuring, staffing, and funding federal agencies all rest on the legislative branch. Article I, section 9, clause 7 is clear in that â€Å"No Money shall be drawn from the Treasury, but in Consequence of Appropriations made by Law.† Article

Hybrid Network Security Free Essays

ACCEPTED FROM OPEN CALL SECURITY ISSUES IN HYBRID NETWORKS WITH A SATELLITE COMPONENT AYAN ROY-CHOWDHURY, JOHN S. BARAS, MICHAEL HADJITHEODOSIOU, AND SPYRO PAPADEMETRIOU, UNIVERSITY OF MARYLAND AT COLLEGE PARK ABSTRACT Satellites are expected to play an increasingly important role in providing broadband Internet services over long distances in an efficient manner. Most future networks will be hybrid in nature — having terrestrial nodes interconnected by satellite links. We will write a custom essay sample on Hybrid Network Security or any similar topic only for you Order Now Security is an imporSSSL tant concern in such networks, since the session 2 Proxy satellite segment is susceptible to a host of attacks, including eavesdropping, session hijacking and data corruption. In this article we address the issue of securing communication in satellite networks. We discuss various security attacks that are possible in hybrid SSSL session 1 SSSL handshaking and satellite translation at client proxy (RPA) networks, and survey the different solutions proposed to secure data communications in these networks. We look at the perforMost future networks mance problems arising in hybrid networks due to security additions like Internet Security Prowill be hybrid in tocol (IPSec) or Secure Socket Layer (SSL), and suggest solutions to performance-related nature — having problems. We also point out important drawbacks in the proposed solutions, and suggest a terrestrial nodes hierarchical key-management approach for interconnected by adding data security to group communication in hybrid networks. satellite links. Security is an important concern in such networks, since the satellite segment is susceptible to a host of attacks, including eavesdropping, session hijacking and data corruption. INTRODUCTION With the rapid growth of the Internet, satellite networks are increasingly being used to deliver Internet services to large numbers of geographically dispersed users. The primary advantage of satellite networks is their wide broadcast reach — a satellite can reach users in remote areas where terrestrial connectivity is not available. Satellite networks are also easily and quickly deployed, and can be a more cost-effective solution in areas where laying ground fiber networks would be too expensive. Although satellite networks offer great potential, they also present significant challenges that need to be addressed. Security is becoming an increasingly important aspect of all network. In this article we focus on the challenges that need to be addressed in order to make satellite networks more secure while maintaining seamless interoperability with terrestrial networks. These security-related challenges include the following considerations: †¢ Satellite channels are wireless broadcast media, which makes it possible for an unauthorized user to receive the signal and eavesdrop on the communication, if it is not encrypted. †¢ Without proper security mechanisms, any sufficiently well-equipped adversary can send spurious commands to the satellite and jam or disrupt the communication. †¢ Satellite channels can occasionally have high bursty errors (for example, during heavy rain) that result in packet loss. Satellite networks also suffer from long propagation delays (for example, 0. 5 seconds for geostationary satellites). Therefore, security systems should add minimal delays to the communication and have mechanisms to recover from loss in security information. Incorporating security solutions originally designed for terrestrial networks, such as Internet Security Protocol (IPSec) or Secure Socket Layer (SSL), into satellite networks can cause severe performance penalties. In this article we consider some of these issues. We focus on data security for IP-based commercial networks, and discuss the performance problems that arise due to the encryption of the Transmission Control Protocol (TCP) header and payload when popular unicast security protocols like IPSec or SSL, originally designed for terrestrial connections, are applied to satellite networks without incorporating changes necessitated by the unique characteristics of satellite networks. We also look at the protocols proposed for secure group communication in hybrid satellite networks, and describe a hierarchical approach to group key management that is robust, scalable, and suitable for the characteristic topology of hybrid networks. The rest of the article is organized as follows. We describe the hybrid satellite-network topology and features that make it different from terrestrial networks. We discuss security needs for the hybrid network. We discuss the current approach to provide end-to-end unicast security in hybrid networks, and describe the performance problems arising as a result. We survey 50 1536-1284/05/$20. 00  © 2005 IEEE IEEE Wireless Communications †¢ December 2005 NOC Internet Gateway Proxy Client Proxy NOC (a) Internet Web server Web server (b) n Figure 1. Commercial direct-to-home network topology: a) case 1; b) case 2. the proposals for key management for secure group communication in satellite networks. We describe a possible solution to secure unicast communication without sacrificing performance and highlight our key-management approach to security for group communication in satellite networks. We conclude the article by pointing to future research directions. highly susceptible to the delay-bandwidth product and exhibits very poor performance in satellite channels. Satellite TCP connections need large transmit windows to fully utilize the available bandwidth. However, due to the TCP slowstart algorithm and large propagation delay in the satellite channel, it takes much longer for satellite TCP connections to reach the target window size, in comparison to terrestrial TCP connections. Also, the window is very vulnerable to congestion due to the multiplicative decrease strategy of TCP. The problem is compounded by the fact that TCP misinterprets link-layer corruption (which is the prevalent source of loss in satellite links) as congestion (which is rare) and consequently reduces the window. The PEP provides an efficient solution to the above problem. In satellite networks, a PEP agent is installed at the satellite gateway between the satellite network and the Internet. The PEP agent inspects every TCP packet that flows through the network. For data packets, the PEP sends back premature acknowledgments to the TCP senders, without waiting for the TCP segments to be actually delivered to the receivers. These premature acknowledgments are specially formatted to be indistinguishable from real acknowledgments and they considerably shorten the perceived round-trip delay. Studies have shown that this technique is critical for the performance improvement of satellite networks [2–4]. Hence, TCP PEPs have been widely deployed in satellite networks today. Commercial networks also employ HTTP proxy servers to improve the speed of responses to Web-browser requests. When a user browses through content on the Internet, the application layer protocol in use is HTTP. A typical HTTP exchange involves a request by the browser for a Web page (â€Å"GET†), and a response from the Web server, which contains the hypertext markup language (HTML) text of the requested Web page. A typical HTML page would also contain multiple embedded â€Å"objects† such as images, embedded media or scripts, and so forth. Each embedded object has to be retrieved with a separate HTTP request-and-response exchange. Therefore, a Web page that contains n – 1 embedded objects takes n * RTT time to load fully, where RTT is one round-trip time. This can be extremely costly in a satellite network, where the RTT is usually high. COMMERCIAL HYBRID SATELLITE NETWORK ARCHITECTURE The network topologies we consider are illustrated in Fig. 1. In both topologies, we assume that there is one geostationary satellite with multiple spot-beams covering a large geographical area. Each spot-beam covers a subset of the total user set. We assume that future satellites will have an IP stack, be capable of onboard processing, and switch the data between supported spotbeams. The satellite therefore acts as an IP router-in-thesky. The Network Operations/Control Center (commonly known as NOC or NCC) connects to the satellite through the hub satellite gateway. The NOC is also connected to the Internet through high-speed terrestrial links. Terrestrial users can be either standalone machines (Fig. 1a), or a cluster of machines at each location, such as a local area network (LAN) (Fig. 1b). Terrestrial LANs can be either wired or wireless. Each user or LAN is connected to a local satellite terminal. The users receive traffic from the satellite via the forward channel (satellite downlink). The users can also communicate with the satellite via the return channel (uplink). There is no terrestrial connectivity between the users or the LANs. Usually, in commercial satellite networks that transfer Internet traffic, a split-connection Transmission Control Protocol (TCP) Performance Enhancing Proxy (PEP) is implemented to reduce the negative effects of the satellite link on the Internet connection [1]. Satellite channels provide large bandwidth (which can be as high as 90 Mb/s in the downlink), but also suffer from long propagation delay in comparison to terrestrial links. The delay can be as high as 500 ms (round-trip) for a geostationary satellite link. The propagation delay can have a severe adverse impact on the delivery of Internet traffic. Most of the Internet traffic uses the TCP, which is IEEE Wireless Communications †¢ December 2005 51 SSSL encryption New IP header ESP Original TCP header IP header header TCP payload (SSL record) IPSEC encryption ESP trailer proxy (user side). There is a hub proxy server located at the NOC with the hub satellite gateway — this proxy server represents the gateway proxy for both TCP and HTTP performance enhancements. SECURITY THREATS Similar security attacks can be launched against different hybrid satellite network topologies, but the impact of attacks would differ depending on the type of network and the applications supported by the network scenario. In the following, we list some of the important security threats in the hybrid network described above, and highlight the importance of the threats for the different network scenarios. Confidentiality of information: For networks that require information privacy, a primary threat is unauthorized access to confidential data or eavesdropping. Since the satellite is a broadcast medium, any entity on the ground with the right equipment can receive the satellite transmission. If the data is broadcast in the clear, then adversaries can be privy to the information that is flowing in the network. Data confidentiality can be achieved by message encryption. This requires that the senders and receivers are concurrently aware of the correct cryptographic keys used in the encryption/ decryption operations. This is a twofold problem: the problem of selecting suitable cryptographic algorithms for doing encryption so that overall network performance is not affected, and the problem of coordinating keys between users, that is, key management. Sending spurious commands: An adversary with the right equipment can send spurious control and command messages to the spacecraft, thus making the spacecraft perform operations different from their intended use. This can disrupt legitimate operations and communication in the network. This attack can be prevented if the sources of the messages are properly authenticated by every receiver. This would require suitable mechanisms for authentication, such as digital signatures [5]. The level of security required would dictate the authentication policy, for example, whether only the end users should authenticate each other, or whether authentication should happen on a per-hop basis. The latter might be necessary for scenarios where the satellite should not broadcast spurious information. If the satellite authenticates the source of every message it receives, it will transmit only those messages for which source authentication occurs correctly. Message modification attack: When the traffic goes over open networks, an adversary who is listening on the path can intercept both control and data messages. The adversary can modify the messages and send them to the destination, which can be the spacecraft, the ground terminals, or the end users. When the message reaches the intended destination, it would think that the corrupt message is coming from the true source, but the message content might be different from that expected or required for normal network operation. Message modification can be prevented by SSL record HTML page n Figure 2. IPSec and SSL encryption on a packet. The HTTP proxy server (also known by various other names, depending on the vendor) is implemented in satellite networks to overcome this problem. In a typical implementation, this requires a local Web proxy server at each user location, and a remote proxy server at the central hub facility of the satellite network (i. e. , the NOC). The Web browser at the user location should be able to recognize the local proxy (which can be either software on the client machine, or a separate hardware connected inbetween the client machine and the local satellite terminal). When the browser makes a request for a Web page, the HTTP GET request is sent to the local Web proxy, which forwards the request to the destination Web server. The Web server responds with the requested base HTML page. This page is intercepted by the proxy server at the network hub facility. The hub proxy server reads the base HTML page and sends multiple GET requests to the destination Web server for all the embedded objects in the base HTML page. This exchange occurs over a high-speed terrestrial connection between the hub and the Internet, thereby saving the time each request would have needed for a round trip over the satellite link. As the objects of the Web page are retrieved by the hub, they are immediately forwarded to the proxy at the user location. As the user browser receives the base HTML documents, it generates appropriate GET requests to fetch the objects corresponding to the links embedded in the document. The browser GET requests are terminated at the Web proxy server, which forwards the prefetched documents to the user browser immediately. The net result is that only a single â€Å"GET† request from the user browser traverses the satellite link, while a set of rapid responses quickly deliver the requested Web page and associated elements to the browser. The need for satellite capacity is also reduced, which is the most costly element of a satellite network. In terms of the user’s experience, the user sees a brief pause after the original Web-page request (corresponding to the round-trip time it takes for the request to the forwarded to the destination server, and the response to be received by the browser, over the satellite link), followed by near-instantaneous delivery of all content residing on the requested page. The trade-off is additional hardware at the user location and the central-hub facility. In Fig. 1a, the proxy server at the user represents both the PEP (user side) and the HTTP 2 IEEE Wireless Communications †¢ December 2005 appending message-integrity check mechanisms to every message, for example, message authentication codes (MACs) [6] or digital signatures. Security requirements and policies can dictate whether message authentication should happen only at the communication end points, or whether interme diate nodes should also verify the integrity of every message. Denial-of-service attack: Some attacks on security can be facilitated if strong security mechanisms are put in place for performing message-integrity checks or authenticating users. Consider the case where the satellite does authentication and integrity checks on all messages before broadcasting. An adversary can send a large number of spurious messages to the satellite, thus making the satellite spend significant computational cycles processing the spurious messages, which could be better spent broadcasting legitimate messages. Since the satellite has limited processing power, such an attack can be very effective, especially if strong cryptographic mechanisms like digital signatures are used for authentication and message integrity. This is a denial-of-service (DOS) attack. Although this DOS attack can be launched against any node in a network, a satellite network can be particularly susceptible to such an attack, since the satellite is a single point of failure and can be easily overwhelmed if made to perform too much computation. New IP header ESP Original IP TCP header header header TCP payload ESP trailer Encryption with K1 Original IPSEC ESP tunnel mode encryption New IP header ESP Original IP TCP header header header TCP payload ESP trailer Encryption with K2 Encryption with K1 Layered IPSEC ESP tunnel mode incryption n Figure 3. IPSec and layered IPSec encryption. Key K1 is shared between endpoints only. Key K2 is shared between endpoints and TCP PEPs. 1 embedded objects takes n * RTT to be loaded, an increase in delay by a factor of n. IPSEC FOR SECURITY AT THE NETWORK LAYER Several proposals for data confidentiality and authentication in satellite networks call for use of IPSec, which has been widely adopted by the Internet Engineering Task Force (IETF) for security at the network layer. IPSec and SSL are used independently of each other. IPSec creates an end-to-end tunnel at the network layer for the secure transfer of traffic. The two end-points in the communication negotiate security parameters known as the security association (SA) before traffic can be encrypted. Once the SA has been established in the handshake phase, the IP packets are encrypted using the algorithms and the keys specified in the SA. This is done when the IP-encrypted security payload (IPSec ESP) [9] is used. The IPSec ESP provides for both data encryption and authentication. IPSec provides strong security for data confidentiality and authentication, but it has a heavy byte overhead — in the ESP mode, IPSec adds 10 bytes of overhead to the header and trailer. In addition, if authentication is used, ESP adds 16 bytes or more for the integrity check value, and another 8 bytes or more of initialization vector (IV) if the encryption algorithm uses an IV. Also, IPSec has been designed primarily to secure point-to-point communication; it s not well suited for group communication, due to the lack of the dynamic key-establishment procedure necessary to for secure communication in groups where the membership changes with time. In addition, IPSec does not allow for authentication at intermediate nodes, but this might be useful in some security situations. A widely researched problem when using IPSec in satellite networks is its inability to coexist with PEPs. The keys used for encryption in the IPSec ESP are known only to the two endpoints and therefore any intermediate node in the network cannot decrypt the traffic. IPSec ESP has two modes of operation — tunnel mode and transport mode. In tunnel mode, the entire IP packet is encrypted and a new IP header and ESP header are generated and attached to the encrypted packet (Fig. 3), which adds an extra SECURING END-TO-END UNICAST COMMUNICATION USING IPSEC OR SSL Research on satellite security has focused on using the existing standardized technology, originally designed for terrestrial networks, to fix well-known security holes in satellite networks. Two such protocols that are widely used for secure unicast communication are IPSec [7] and SSL [8]. Figure 2 illustrates the encryption regions of SSL and IPSec. SECURE SOCKET LAYER FOR SECURE WEB TRAFFIC The SSL protocol secures the Web-browsing connection on an as-needed basis. When the client requests a secure connection or the server demands one, SSL is activated to secure the HTTP connection. The resulting connection is popularly known as secure HTTP (or HTTPS) and it encrypts the application-layer HTTP data end-to-end between the client and the server. In the protocol stack, the SSL layer sits between the application and the transport layers. Therefore, SSL encryption hides the TCP payload from all nodes in the network, except the client and the server. SSL encryption does not allow the HTTP proxy to function correctly. The HTML Web page encrypted into the SSL records is readable only by the client and the server who have the decryption keys. The keys are not available to the proxy, and therefore the proxy cannot read the HTML Web page. Consequently, the hub proxy server cannot send requests to the Web server for the embedded objects in the page and, therefore, HTML object prefetching cannot take place. The net result is that a Web page with n – IEEE Wireless Communications †¢ December 2005 53 The HTTP proxy also cannot function when the IPSec ESP is used. Since the HTML page is encrypted end-toend, the HTTP proxy cannot read the Web page in order to prefetch the embedded objects. Therefore, use of IPSec leads to a severe degradation in performance for both the TCP PEP and HTTP proxy. SSSL translation at hub proxy (HPA) SSSL session 2 SSL session 3 Proxy Client Internet Gateway NOC SSSL session 1 SSSL handshaking and translation at client proxy (RPA) Proxy Web server Figure 4. The SSL Internet Page Accelerator concept for efficient HTTPS over satellite. 20 bytes of overhead in addition to the overhead mentioned above. Encrypting the original IP header provides very strong security by disabling attacks (such as traffic analysis, etc. ). In transport mode, the payload portion of the IP packet is encrypted and a new ESP header is attached to the packet after the original IP header, which is in the clear. In either mode, the IP packet payload, which includes the TCP header, is encrypted with keys known only to the end points. Therefore, a TCP PEP, which is an intermediate node in the communication path, cannot read or modify the TCP header, since the PEP does not know the keys. Consequently, the PEP cannot function, thus leading to degradation in the performance of the TCP protocol. The HTTP proxy also cannot function when the IPSec ESP is used. Since the HTML page is encrypted end-to-end, the HTTP proxy cannot read the Web page in order to prefetch the embedded objects. Therefore, use of IPSec leads to a severe degradation in performance for both the TCP PEP and HTTP proxy. It is important to note that the problems that arise from the use of the SSL protocol or the IPSec ESP are independent of one another. It is conceivable that both protocols are used simultaneously, for example, when a secure Web page is accessed via a secure VPN tunnel. However, in such cases the performance issues do not change and the effect would be equivalent to using the IPSec ESP alone. On the other hand, if SSL alone is used, then the performance would be better, since the TCP PEP can function correctly in this scenario. [10] and layered IPSec [11], the idea is to encrypt different regions of the IP packet using different keys (Fig. ). The TCP payload is encrypted with key K1, which is shared only between the endpoints. The original IP header and the TCP header are encrypted with key K2, which is shared between the end points and also with intermediate authorized nodes such as the TCP PEP. Therefore, the TCP PEP can decrypt the header portion of the ESP packet with K2 and read the TCP header to do its performance optimizations. But the PEP cannot read the TCP payload and thus cannot access the actual data, since it does not posses the key K1. The layered IPSec approach allows TCP PEPs to function effectively. However, the method does not solve the problem of HTTP proxy servers. The HTML page is encrypted with key K1 as part of the TCP payload, and K1 is not shared with any intermediate node. Therefore, the Web page is not accessible to the HTTP proxy and no object prefetching can be accomplished. Olechna et al. [12] have suggested two solutions to the IPSec problem. In the first approach, the paper proposes moving the TCP PEP gateways to the endpoints. The TCP optimizations are done on the traffic in the clear, and then the traffic is encrypted using IPSec. There is no TCP PEP at the satellite hub. This approach improves the performance, but when a packet is lost or received in error TCP goes into congestionavoidance phase and the transmission is reduced by half. The second proposed approach, which deals effectively with this problem, is to split the secure connection into two at the satellite gateway. One connection is between the client and the gateway, and the second connection is between the gateway and the Internet server. This allows the gateway to decrypt the IPSec packet and read the headers and thereby do performance optimizations. This requires trust in the satellite gateway, which can now read all the traffic. This might be unacceptable to users who require strong end-to-end security. Several modified TCP protocols have been proposed that perform better than the original specification in the event of channel errors or delay, or when IPSec is used. A discussion of PROPOSED SOLUTIONS TO MITIGATE PERFORMANCE PROBLEMS WITH SSL OR IPSEC Several proposals have been made in academia and industry to deal with performance problems that arise from using IPSec and SSL in satellite networks. The concept of breaking up IPSec encryption into multiple encryption regions or zones on a single packet has been proposed independently in [10, 11]. Although the finer details in the two approaches are different, the basic idea is the same. Known as multilayer IPSec (ML-IPSec) 54 IEEE Wireless Communications †¢ December 2005 Group keys (TEK) K1,8 Internal keys (KEK) K1,4 K5,8 Path of keys for M8 K1,2 K3,4 K5,6 K7,8 Leaf keys Members Group key K2 K1,12 Group key K1 K1,8 K9,12 K1 K2 K3 K4 K5 K6 K7 K8 M1 M2 M3 M4 M5 M6 M7 M8 (a) K1K2 K3 K4K5 K6 K7K8 K9 K10K11K12 M1M2M3M4M5M6M7M8 G1 G2 G3 G4 Members Gateways (b) Figure 5. Logical key hierarchy and its extension to satellite networks: a) with eight members; b) ML-IPSec integrated LKH tree with users and gateways. these TCP enhancements can be found in [13]. The problem of HTTP proxy performance when SSL is used has been addressed within the industry by breaking up the end-to-end single SSL connection between client and server into m ultiple SSL connections [14]. In this solution, the client browser creates a secure HTTP connection with the remote page accelerator (RPA) at the client satellite terminal, a second connection is created between the RPA and the hub page accelerator (HPA), and a third connection is between the HPA and the server (Fig. 4). The RPA performs all necessary handshaking with the client browser. The HPA can decrypt the SSL traffic from the server and perform the desired object prefetching. Taken together, this allows delivery of secure Web content with little performance degradation and with little change to the standard protocols. The major drawback to this scheme is that it requires a high level of trust in the intermediate nodes. The HPA, which is a third-party entity, can read all the sensitive Web traffic that passes between the client and the server. This might be unacceptable when absolute end-to-end security is desired. is O(logN) (where N is the number of members in the group), which is less than the O(N) keys required if the GC arranged the members in a flat topology. To allow PEPs to function correctly when network-layer security is used, [15] proposes the use of ML-IPSec. The paper proposes using a single LKH tree to manage the group key K2, used to encrypt the transport layer header (known to end users and trusted gateways), and the group key K1, known only to the end users and used for encrypting the transport layer data. As shown in Fig. b, users M 1 †¦M 8 are leaf nodes in a subtree of degree three, and gateways G 1 †¦G 4 are leaf nodes in a subtree of degree two. The root key of the member node subtree, K 1,8 , is used to encrypt the transport payload. The root of the overall key tree, K1,12, is used to encrypt the transport header. All member nodes know both K1,8 and K1,12, but the gateways know K 1,12 only (apart from the internal keys in the gateway subtree). How the LKH tree would be managed is not stated in [15]. This is important, since the users and the gateways might not be in the same administrative or security domain. The paper also considers all users and gateways as a â€Å"flat† network for key distribution purposes, rather than taking into account the hierarchical nature of the network topology. The use of LKH for key management in satellite links has also been proposed in [18], which suggests algorithms for dynamically managing the LKH tree in case of member joins and leaves. Duquerroy et al. [19] proposed â€Å"SatIPSec,† for key distribution and secure communication for both unicast and multicast in a satellite network. The solution is based on IPSec, with the addition of flat multicast key exchange (FMKE) to support key management for secure group communication. Management of SAs for both unicast and multicast communication is integrated into the FMKE protocol. FMKE also incorporates reliability mechanisms so as to guarantee reliable key distribution in the lossy satellite setting. However, FMKE manages SAs between the satellite terminals or gateways only and does not extend to the end users. Therefore, end-to-end security is not provided when using SatIPSec. The RPA performs all necessary handshaking with the client browser. The HPA can decrypt the SSL traffic from the server and perform the desired object prefetching. Taken together, this allows delivery of secure Web content with little performance degradation and with little change to the standard protocols. KEY MANAGEMENT PROPOSALS FOR SECURE GROUP COMMUNICATION IN HYBRID NETWORKS Some research has been done with individual algorithms that serve as tools in building keymanagement protocols in order to facilitate secure group communication in hybrid satellite networks. Howarth et al. [15] have proposed the use of logical key hierarchy (LKH) [16, 17] for efficient key management for multicast groups in a satellite network. LKH makes use of a centralized key manager or group controller (GC), which constructs a logical key tree with the group members as the leaves of the tree (Fig. 5a). The internal nodes of the tree are the key encrypting keys (KEK), which are used to securely transport key updates to the group. The root of the tree is the session key or traffic-encrypting key (TEK), which is used to encrypt the session traffic. The number of keys that need to be updated when a member node joins or leaves the group IEEE Wireless Communications †¢ December 2005 55 New IP header ESP Original TCP HTML header IP header header object links Base HTML page Encryption with K2 ESP trailer Encryption with K1 n Figure 6. Layered IPSec with modifications for HTTP optimization. Also, FMKE treats all the satellite terminals it services (which are called SatIPSec clients) in a â€Å"flat† topology, and establishes separate secure channels to all SatIPSec clients. This will not scale when there are a large number of clients. Also, SatIPSec does not consider the dynamic joins and leaves of members in the group communication setting; a client needs to be preauthorized for all the groups it wants to take part in. The protocol also requires complete trust in the group controller and key server (GCKS), which is a third party that is responsible for managing the SAs between the clients. All clients need to have preshared secrets with the GCKS. IPSEC AND SSL IN HYBRID NETWORKS: OUR APPROACH We look at separate solutions to the performance problem arising out of using SSL and IPSec in hybrid networks, and also consider how the two approaches can be combined. HTTP OVER IPSEC TUNNEL One viable method is to break up the end-to-end IPSec tunnel into multiple connections. This is similar to the solution proposed in [12]. But while their approach looks at only the TCP enhancements, we add the use of the HTTP proxy as well. In our approach, the IPSec connection from the client is terminated at the client proxy. The proxy creates its own IPSec connection to the gateway TCP proxy. A third IPSec connection is created from the gateway TCP proxy to the Web server. Schematically, this is similar to Fig. , with IPSec connections replacing the SSL connections in the figure. The IPSec handshaking between the client and the server is spoofed by the client proxy on the client end, and by the TCP hub proxy on the server end. In this model, the Web traffic can be read completely by the client proxy and the hub proxy. The two proxies are able to perform the TCP enhancements because they can read the TCP header. In addition, the hub HTTP proxy can perform HTM L object prefetching from the server because it can read the base HTML page as it is returned to the client on a HTTP request. When the client browser generates staggered requests for the embedded objects upon receiving the base HTML page, the client proxy is responsible for returning local acknowledgments to the requests, and sending all the objects to the client browser at one time. The design is therefore fully able to maintain the functionality of the TCP and HTTP proxies. It also encrypts the traffic so that it can be seen only by the client, the server, and the two intermediate proxy servers. The design also makes minimal changes to existing standard protocols. However, the design also requires that there be full trust in the proxy servers. Also, there is additional overhead in setting up three IPSec connections, as opposed to one (as in the end-to-end case). The overhead in encryption/decryption also increases by a factor of three for every IP packet, since the intermediate proxies need to decrypt the TCP header and the HTML content. When the security requirement is that the traffic be unreadable to intermediate nodes, the above approach will not work. In this situation, we propose extending the layered IPSec approach in order to allow portions of the HTML content to be also accessible to the proxy servers. Assume for layered IPSec that the keys are K1 and K2. K1 is known only to the client and the server, while K2 is known to the client, the Web server, and the intermediate proxy servers at the client and the gateway. When the client makes HTTP requests, the requests are encrypted using K2, so that the client proxy server can read the requests and send local acknowledgments. Additional software at the Web server parses the requested HTML page so as to obtain all the embedded object links. These object links are collated into a new HTML page that contains only the object links, and this new page is encrypted with K2. The base HTML page that contains all the information and the object links is encrypted with K1. Both the encrypted base HTML page and the encrypted object links HTML page are sent in reply. Therefore, the encrypted ESP packet looks as it is depicted in Fig. 6. Upon receiving the IPSec packet from the Web server, the hub proxy is able to read the object links (since it has K2) and therefore do prefetching for the embedded links. In addition, the hub proxy can also read the TCP header and perform TCP enhancements. However, the HTML base-page data cannot be read by the hub proxy, since it does not have K1. The encrypted base HTML page can only be read by the client when the IPSec packet reaches the destination. This design allows the TCP and HTTP proxies to perform effectively while maintaining a high level of end-to-end security. However, the security is not as strong as in traditional IPSec, since the intermediate proxies do get some information insofar as they can read the links of the embedded objects, even though they cannot read the application data. This is the major trade-off necessary to achieve acceptable performance in this design. In addition, the model requires changes to be made to the IPSec protocol so that layered IPSec is supported with the HTTP performance additions. A major issue in the above model is the handshaking mechanism required to set up the layered IPSec connection. To maintain a high level of security, we propose that the connection be set up primarily between the client and the server, who negotiate both K1 and K2, apart from other parameters of the security association. The handshaking mechanism then provides K2 securely to both the client and the hub proxy servers. The client and the hub proxy servers are required to authenticate themselves correctly before they can receive the secondary key or access the IPSec traffic. 56 IEEE Wireless Communications †¢ December 2005 DSSL main mode (K1) DSSL main mode (K2) Internet Gateway Proxy (K2) Client (K1, K2) NOC DSSL primary and secondary modes Original TCP IP header header Proxy SSL record Primary SSL record Proxy (K2) Web server (K1,K2) Encryption with K2 Encryption with K1 IP packet format for DSSL n Figure 7. Dual-mode SSL for HTTP optimization. HTTP OVER SSL When the HTTP traffic is secured using SSL only, and there is no IPSec tunnel in use, several approaches are possible to ensure acceptable performance. If the security requirement of the client and the Web server allow for trusted intermediate nodes, then the SSL accelerator concept of [14] can be a viable solution. This would require no change to the protocols at the expense of higher overhead in order to set up multiple SSL connections between the client, proxy, and Web server. When the security policy does not allow for trusted third parties, a different approach is needed. We propose the use of a modified SSL protocol, which we term dual-mode SSL (DSSL). As shown in Fig. 7, the secure connection in DSSL has two modes — an end-to-end main mode connection between the client and the Web server, and a secondary mode connection that has the hub HTTP proxy as an intermediate node. When secure HTTP traffic is requested, the DSSL main mode connection is first negotiated between the client and the server. As part of the handshake for the main mode, the client and the Web server also negotiate the parameters for the secondary mode. Let K1 be the encryption key for the main mode, and K2 be the encryption key for the secondary mode. The client transfers the parameters of the secondary mode to the client and hub HTTP proxy servers only after the proxy servers authenticate themselves to the client. When the client makes an HTTP request, the client proxy sends local replies to the client browser, as discussed previously. The Web server, on receiving the request, parses the requested HTML page to obtain the embedded object links, which are collated into a new HTML page. The object links HTML page is then encrypted by DSSL using K2 to create the proxy SSL record. DSSL encrypts the base HTML page using K1 to create the primary SSL record. The two records are appended together and sent to the client in an IP packet (Fig. 7). The hub proxy intercepts the IP packet, extracts the object links from the proxy SSL record using K2, and prefetches the embedded objects. The Web server always encrypts the actual objects using K1, so that the hub proxy cannot read the base HTML page data. The hub proxy transfers all the embedded objects together to the client at one time. Therefore, the HTTP proxy functionality is preserved in DSSL while maintaining the end-to-end security of the HTML page contents. However, the security is less than in the end-to-end SSL connection case, since the HTTP proxy can read the object links. In standard SSL, the proxy servers can read no part of the base HTML page, not even the object links. We believe this slight reduction in security is acceptable, given the considerable improvement in performance using this method. The DSSL design is more complex in comparison to SSL since it requires the creation of an additional connection, and therefore involves a higher overhead. There is also the added overhead of multiple encryptions and decryptions with two different keys, and the complexity of parsing the HTML page for the object links. All these require changes to the base SSL protocol. The DSSL concept is similar to the multiplechannel SSL concept proposed in [20]. However, the authors do not differentiate encryption in primary and secondary SSL records but instead suggest that HTTP traffic with lower security requirements be encrypted entirely with keys known to intermediate nodes. For our security requirements, that approach would not be acceptable. Differential Encryption in Single SSL Record — The use of a proxy SSL record is not necessary if various parts of the HTML page can be encrypted with The DSSL design is more complex in comparison to SSL since it requires the creation of an additional connection, and therefore involves a higher overhead. There is also the added overhead of multiple encryptions and decryptions with two different keys. IEEE Wireless Communications †¢ December 2005 57 Secondary SSL encryption Primary SSL encryption New IP header ESP Original TCP Proxy SSL header IP header header record Secondary IPSec encryption Primary SSL record ESP trailer Primary IPSec encryption n Figure 8. Packet format for dual-mode SSL with IPSec. different keys. In that case, the Web server can encrypt the object links in the HTML page with key K2 and the rest of the HTML page contents with key K1, thus creating a single SSL record with different encryption. The hub proxy server can parse the SSL record and decrypt only the object links with key K2, before forwarding the IP packet to the client proxy. We assume that the primary and secondary encryption keys K1 and K2 have been set up and distributed as described in the previous sections, with K1 known to the client and the Web server only, while K2 is known to the client, the Web server, and the intermediate proxy servers. A similar technique can be applied when IPSec encryption is used instead of SSL encryption. The advantage here is that the size of the packet does not increase, although there is the overhead of distributing key K2 to the proxy servers to be considered. HTTPS OVER IPSEC For the sake of completeness, we consider the situation where a secure Web page is requested over an IPSec tunnel. This method involves redundancy of resources, since use of SSL when IPSec is being used does not provide any substantially added security. However, our approach can take care of the performance in this scenario as well. In this situation, we propose integrating DSSL with layered IPSec. Then the secondary keys for both the layered IPSec connection and the DSSL connection are shared with the proxy servers. The secondary key for layered IPSec is shared with both the TCP proxy and the HTTP proxy. When layered IPSec encrypts the packet, the secondary key encryption extends up to the proxy SSL record. The TCP proxy servers can therefore decrypt the TCP header of the ESP packet, and the HTTP proxy server can decrypt the proxy SSL record. Consequently, performance optimizations for both TCP and HTTP are allowed without letting the intermediate servers read the HTML page. A schematic of the IPSec packet in this setting is shown in Fig. 8. A HIERARCHICAL APPROACH TO KEY MANAGEMENT FOR DATA SECURITY IN HYBRID NETWORKS In [21], we have proposed a key-management framework for distributing cryptographic keys securely and in a scalable manner to users taking part in group communication in a hybrid satellite network. The objective is to ensure data confidentiality, by encrypting the data traffic with group keys known to all the group members. The key-management framework is built on top of the multicast routing architecture. We have considered the hybrid network topology shown in Fig. 1b and designed a multicast routing architecture to allow users to communicate seamlessly between multiple terrestrial LANs (also referred to as subnetworks) [22]. Our routing design makes specific use of asynchronous transfer mode (ATM) point-to-multipoint routing [23] over the satellite links, and Protocol-Independent Multicast Sparse-Mode (PIM-SM) multicast routing [24] in terrestrial LANs. We have extended PIM-SM to allow multiple rendezvous points (RPs) in each multicast group. The satellite gateway in each LAN acts as the local RP for the LAN and creates the local multicast trees for group members within the LAN. The local multicast trees are connected together over the satellite links by using the ATM point-to-multipoint virtual connection, thereby creating one end-to-end multicast tree for each group, encompassing all the LANs with group members in them. The multicast routing architecture is thus adapted closely to the hierarchical network topology, and allows for building efficient multicast trees with low control and data overhead. The design of the key-management protocol is independent of the routing algorithm, although it is based on the same underlying principle, that is, a hierarchical breakup of the network based on the topology. We divide the network into two levels — the lower level, comprised of terrestrial LANs where the users are located, and a higher level consisting of the satellite, the NOC, and the satellite gateways or RPs in each LAN, which together form an overlay (Fig. 9a) interconnecting terrestrial LANs. The RPs act as the â€Å"bridge† between the two levels. Key management is done separately in the two levels. In each LAN we introduce a local group controller (called the â€Å"subnetwork key controller† or SKC) to manage the keys for all groups active in the LAN. The SKC is responsible for access control of all members of all groups that are active in its LAN, generating the group keys for all local groups, and updating the keys on group-member joins and leaves when a group is active. The keys managed by an SKC are entirely local to its LAN, and do not affect the key management in any other LAN in the network. The SKC uses the LKH algorithm to manage keys in its LAN, creating a logical key tree that we term the SN Tree. Each group active in a LAN has its own SN Tree. The leaves of the SN Tree for a group correspond to the longterm shared secrets between the SKC and the local users in the LAN who are active as sources and/or receivers in the group. The root of the SN Tree corresponds to the session key that is used for encrypting the group traffic within the LAN at any particular instant. On member joins and leaves, the session key, and all the keys on the path from the root to the leaf node corresponding to the member joining/leaving, are updated, while all other keys in the SN Tree remain unchanged. The overlay has its own key management, 58 IEEE Wireless Communications †¢ December 2005 Overlay RP tree root key Level-1 Satellite Overlay network NOC Gateway Gateway Gateway SN tree SKC RP (root) RP (leaf) SKC RP tree RP (leaf) Gateway Level-0 SKC Subnet n Subnet 1 Subnet 2 (a) Subnet 3 Subnetwork Subnetwork (b) Subnetwork n Figure 9. A hierarchical approach to key management in hybrid networks: a) hierarchy in the hybrid network; b) tiered tree key management. also based on the LKH algorithm. At the overlay level, the key management for a particular group is controlled by the satellite gateway/RP (known as the root RP for that group) of the LAN that has group sources active for the longest continuous period in the group. The logical key tree for any group thus formed at the overlay is termed the RP Tree. The root RP is responsible for generating keys for the RPs of the LANs who subscribe to the particular group, that is, have sources and/or receivers active in the LAN. Each group has its own RP Tree. The design ensures that the NOC cannot receive/transmit data to any active group, unless it explicitly subscribes to the group as a member node. However, LANs joining any particular group initially register with the NOC, which maintains a group membership table for all active groups, so that at all times the NOC is aware of the LANs which are participating in all active groups. The NOC is also responsible for selecting the root RP of the RP Tree for each group, which it does based on the earliest-to-join policy. The root RP also might be different for different groups, since the LAN with the longest continuously active sources might be different for different groups. Our algorithm has the provision to allow the root RP for any group to change — this happens if the currently active root RP leaves the group, when all sources/receivers within its local LAN cease to participate in the group. Our algorithm therefore builds a hierarchy of logical key trees that closely follow the hierarchy in the network topology, as shown in Fig. 9b. We term this framework Tiered Tree-based Key Management. In this hierarchy of key trees, the gateway RPs are responsible for performing key translation on all the multicast group traffic as it transmits the data from local sources to receivers in remote LANs, or when it receives group traffic from remote sources for local receivers. This translation is necessary since the data traffic is encrypted with the RP Tree session key in the overlay, and with the SN Tree session ey within the local LAN, with the two session keys being independent of one another. The detailed design of Tiered Tree-based Key Management, analysis of its security, and experimental results can be found in [25]. The primary objective in our design is to minimize the amount of key-management control traffic n Figure 10. Tiered tree framework: total key management traffic vs. RP tree traffic for three groups (Y-axis shows the traffic in bytes per second; X-axis is the simulation duration in minutes). hat flows over the satellite links, due to the long delay involved as well as susceptibility to channel errors. We have attempted to ensure that the security of the data traffic does not add any overhead in terms of delay other than that absolutely unavoidable, and that the security protocol does not contribute to deadlocks in group-data dissemination where some group members in certain LANs cannot read the data due to having wrong keys. From the simulation results, Fig. 10 shows the reduction in key-control traffic over the satellite links using our tiered-tree approach. The graph compares the total key-management IEEE Wireless Communications †¢ December 2005 59 Our solution is a generic solution aimed specifically at multicast key management and does not deal with an end-to-end security solution for secure communication or give any implementation specifics. information sent in the network for three simultaneous groups (i. e. , sent over the RP trees, sent over the satellite links, and all SN trees limited to local LANs), to the total key information sent on the RP trees (satellite links) only. As the graph shows, the resource savings on the satellite links is substantial when the tiered-tree scheme is used. Even though the group dynamics are high, the amount of message exchanges are very few in the RP tree, that is, over the satellite links. If a flat key-management hierarchy had been used instead, the total key-management traffic would have been sent over the satellite links, thus leading to increased delay and increasing the possibility that the correct keys do not reach all the members at the same time. Our solution is therefore very scalable. It also acknowledges the fact that the group members might be located in different security domains and, therefore, a single network-wide security management might not be possible. This is a more realistic scenario, since terrestrial LANs might be individual company domains, while the satellite overlay infrastructure is usually owned by a separate entity that provides network connectivity to the LANs, and is not responsible for generating the network traffic. This framework addresses the problem that all users might not be visible to a single, centralized security authority, and the dynamics of user joins or leaves in one LAN should not create an overhead to users in other LANs. Also, in widearea satellite networks we consider that the satellite channel conditions at a given point in time might be different in different sections of the network. There might be loss in information due to bad channel conditions in some network segments; however, this should not disrupt communication in network segments where the channel conditions are better. Solutions which treat all users in a single tree will not be able to perform as robustly under such conditions. Our solution is also similar to the ML-IPSec concept in that the satellite terminals are only partially trusted; they are allowed to do partial decryption/encryption of the IP packets for efficient routing. However, it is a generic solution aimed specifically at multicast key management and does not deal with an end-to-end security solution for secure communication or give any implementation specifics. approaches for typical topologies and validating the proposed designs by simulation. Lastly, we have described our hierarchical approach of key management for providing data security in hybrid networks. We are continuing our research in this area and examining designs to integrate our keymanagement protocol with the unicast case. A considerable amount of work needs to be done with regard to secure protocols for hybrid networks, specifically for the case where users are mobile. Here we have touched upon only a small subset of the problems. None of the proposed solutions, including our own, address the question of user authentication or message integrity for group communication. However, we believe the security problems discussed here will receive further treatment from the research community, and this work will be a useful contribution to the field. ACKNOWLEDGMENT The authors would like to thank the anonymous reviewers for their valuable comments and suggestions. The research reported here is supported by the National Aeronautics and Space Administration (NASA) Marshall Space Flight Center under award no. NCC8-235. The views expressed in this article are solely the responsibility of the authors and do not reflect the views or position of NASA or any of its components. REFERENCES [1] J. Border et al. , â€Å"Performance Enhancing Proxies Intended to Mitigate Link-Related Degradations,† IETF RFC 3135, June 2001. [2] V. Arora et al. , â€Å"Effective Extensions of Internet in Hybrid Satellite-Terrestrial Networks,† University of Maryland, College Park, Tech. Rep. CSHCN TR 96-2, 1996. [3] V. Bharadwaj, â€Å"Improving TCP Performance over HighBandwidth Geostationary Satellite Links,† University of Maryland, College Park, Tech. Rep. ISR TR MS-99-12, 1999. [4] N. Ehsan, M. Liu, and R. Ragland, â€Å"Evaluation of Performance Enhancing Proxies in Internet over Satellite,† Wiley Int’l. J. Commun. Sys. , vol. 16, Aug. 2003, pp. 513–34. [5] NIST, â€Å"Digital Signature Standard (DSS),† May 19, 1994. [6] H. Krawczyk, M. Bellare, and R. Canetti, â€Å"HMAC: KeyedHashing for Message Authentication,† IETF RFC 2104, Feb. 1997. [7] R. Atkinson and S. Kent, â€Å"Security Architecture for the Internet Protocol,† IETF RFC 2401, Nov. 1998. [8] IETF Transport Layer Security Working Group, â€Å"The SSL Protocol Version 3. 0,† Nov. 1996, available at http://wp. netscape. com/eng/ssl3/draft302. txt [9] R. Atkinson and S. Kent, â€Å"IP Encapsulating Security Payload (ESP),† IETF RFC 2406, Nov. 998. [10] Y. Zhang, â€Å"A Multilayer IP Security Protocol for TCP Performance Enhancement in Wireless Networks,† IEEE JSAC, vol. 22, no. 4, 2004, pp. 767–76. [11] M. Karir and J. Baras, â€Å"LES: Layered Encryption Security,† Proc. ICN’04, Guadeloupe (French Caribbean), Mar. 2004. [12] E. Olechna, P. Feighery, and S. Hryckiewicz, â€Å"Virtual Private Network Issues Using Satellite Based Networks,† MILCOM 2001, vol. 2, 2001, pp. 785–89. [13] P. Chitre, M. Karir, and M. Hadjitheodosiou, â€Å"TCP in the IPSec Environment,† AIAA ICSSC 2004, Monterey, CA, May 2004. 14] SSL Accelerator, Spacenet Inc. , available at http://www. spacenet. com/technology/advantages/ssl. ht ml [15] M. P. Howarth et al. , â€Å"Dynamics of Key Management in Secure Satellite Multicast,† IEEE JSAC, vol. 22, no. 2, 2004, pp. 308–19. [16] C. Wong, M. Gouda, and S. S. Lam, â€Å"Secure Group Communications Using Key Graphs,† IEEE/ACM Trans. Net. , vol. 8, 2000, pp. 16–30. CONCLUSION Security is a critical component in hybrid IPbased satellite networks. In this article we have focused on some of the challenges that lie ahead. We have discussed the unique characteristics of hybrid satellite networks that make the problem of ensuring secure communication different from that of purely terrestrial networks. We have presented a survey of the various security solutions that have been proposed, and discussed their advantages and disadvantages. We have proposed several approaches to solve the performance problems of TCP and HTTP in satellite networks arising from secure communication. However, a lot of further work needs to be done to validate our approaches, and we are in the process of developing specific detailed security 0 IEEE Wireless Communications †¢ December 2005 [17] D. Wallner, E. Harder, and R. Agee, â€Å"Key Management for Multicast: Issues and Architectures,† IETF RFC 2627, June 1999, available at http://www. apps. ietf. org/rfc/ rfc2627. html [18] G. Noubir and L. von Allmen, â€Å"Security Issues in Internet Protocols over Satellite Links,† Proc. IEEE VTC ‘99, Amsterdam, The Netherlands, 1999. [19] L. Duquerroy et al. , â€Å"SatIPSec: An Optimized Solution for Securing Multicast and Unicast Satellite Transmissions,† 22nd AIAA Int’l. Commun. Sat. Sys. Conf. and Exhibit, Monterey, CA, May 2004. [20] Y. Song, V. Leung, and K. Beznosov, â€Å"Supporting Endto-End Security across Proxies with Multiple-Channel SSL,† Proc. 19th IFIP Info. Sec. Conf. , Toulouse, France, Aug. 2004, pp. 323–37. [21] A. Roy-Chowdhury and J. Baras, â€Å"Key Management for Secure Multicast in Hybrid Satellite Networks,† 19th IFIP Info. Sec. Conf. , Toulouse, France, Aug. 2004. [22] A. Roy-Chowdhury and J. Baras, â€Å"Framework for IP Multicast in Satellite ATM Networks,† AIAA ICSSC 2004, Monterey, CA, May 2004. [23] G. Armitage, â€Å"Support for Multicast over UNI 3. 0/3. 1 Based ATM Networks,† Internet RFC 2022, Nov. 1996. [24] S. Deering et al. , â€Å"The PIM Architecture for Wide-Area Multicast Routing,† IEEE/ACM Trans. Net. , vol. 4, no. 2, 1996, pp. 153–62. [25] A. Roy-Chowdhury, â€Å"IP Routing and Key Management for Secure Multicast in Satellite ATM Networks,† Master’s thesis, University of Maryland, College Park, 2003, available at http://techreports. isr. umd. edu/reports/2004/ MS2004-1. pdf Paper Award, 2004 WiSe Conference. He holds three patents. His research interests include wireless networks and MANET, wireless network security and information assurance, integration of logic programming and nonlinear programming for trade-off analysis, multicriteria optimization, noncooperative and cooperative dynamic games, robust control of nonlinear systems and hybrid automata, mathematical and statistical physics algorithms for control and communication systems, distributed asynchronous control and communication systems, object-oriented modeling of complex engineering systems, satellite and hybrid communication networks, network management, fast Internet services over hybrid wireless networks, stochastic systems, planning and optimization, intelligent control and learning, biologically inspired algorithms for signal processing, and sensor networks. MICHAEL HADJITHEODOSIOU [M] received an M. A. (honours) in electrical and information sciences from the University of Cambridge, United Kingdom, in 1989, an M. S. in electrical and computer engineering from the University of California, Irvine in 1992, and a Ph. D. n engineering (specializing in satellite communications) from the Centre for Satellite Engineering Research (CSER) at the University of Surrey, United Kingdom, in 1995. Among his awards are a scholarship award for studies at the University of Cambridge from the Cambridge Commonwealth Trust (1984–1986); a Fulbright Scholarship for post-graduate work in the United States (1989–1991); a Research Fellowship from the U. K. Engineering and Physical Sciences Research Council (EPSRC) (1992); and the Canadian National Science and Engineering Research Council (NSERC) post-doctoral fellowship award (1995). He worked as a research fellow in the Communication Systems group of CSER (1991–1995) and spent a year as a visiting fellow at the Canadian Government Communications Research Center (CRC) (1995–1996). In November 1996 he joined the Center for Satellite and Hybrid Communication Networks (CSHCN) at the Institute for Systems Research, University of Maryland, College Park, where he is currently an assistant research scientist. He is an expert on space communications and satellite networks. His research interests include performance optimization of wireless and hybrid networks, security and protocol support issues for satellite systems, and design optimization of next-generation broadband satellite networks and applications. He is currently working on supporting the communication needs of NASA enterprises and the communication architecture enabling space exploration. He is currently serving as secretary of the IEEE Satellite and Space Communications Technical Committee. SPYRO PAPADEMETRIOU received his B. S. in computer science from George Mason University, Fairfax, Virginia. Since then he has been actively involved in Internet research and development within both industry and academia. He was the principal Internet researcher at Synectics Corp. , where he developed network and database software. He worked as a researcher at the University of Maryland’s Institute for Systems Research, where he designed and developed their first networking laboratory, which is part of the CSHCN. At Inktomi Corp. he spearheaded client acceleration research and was a member the content-distribution network design team. These resulted in several patent filings, of which he holds one. The latter also resulted in American Online’s Web client accelerator product. Currently he is with Orbital Data Corp. working on network and application optimization. His research interests include network optimization, application optimization, satellite and terrestrial wireless networking, delay-tolerant networks, sensor networks, distributed systems, and network software architecture. We have touched upon only a small subset of the problems. None of the proposed solutions, including our own, address the question of user authentication or message integrity for group communication. BIOGRAPHIES AYAN ROY-CHOWDHURY (ayan@isr. umd. edu) received his B. E. in electronics and telecommunications engineering in 1998 from Jadavapur University, India, and his M. S. in electrical engineering in 2003 from the University of Maryland, College Park, where he is currently a Ph. D. student. Between 1998 and 2000 he worked as a senior software engineer at Wipro Technologies, India. His research focuses on the design of protocols and frameworks for secure communication in hybrid networks. He is working on secure protocols for unicast and multicast routing in networks that have wired and wireless terrestrial components interconnected by satellite links. He is also looking into key management techniques for secure data transmission for these network architectures, and efficient user-authentication mechanisms for the same. As part of these topics, he is also investigating performance problems for network communication in satellite networks when security is involved. J OHN S. B ARAS [F] received a B. S. in electrical engineering from National Technical University of Athens, Greece, in 1970, and M. S. and Ph. D. degrees in applied mathematics from Harvard University in 1971 and 1973, respectively. He was founding director of the Institute for Systems Research (one of the first six NSF Engineering Research Centers) from 1985 to 1991. Since August 1973 he has been with the Electrical and Computer Engineering Department and Applied Mathematics Faculty at the University of Maryland, College Park. In 1990 he was appointed to the Lockheed Martin Chair in Systems Engineering. Since 1991 he has been director of the Center for Hybrid and Satellite Communication Networks (a NASA Research Partnership Center). Among his awards are the 1980 Outstanding Paper A How to cite Hybrid Network Security, Papers

Accounting & Financial Management for Analysis- myassignmenthelp

Question: Discuss about theAccounting Financial Management for Vertical Analysis. Answer: Recommendation From the above analysis of the financial statements through the horizontal and vertical analysis and the ratio analysis, various inferences can be drawn and following are the recommendations for both the companies in this regard: The revenue base for both the banks ANZ and the commonwealth bank has fairly remained constant for all the 3 years however, the gross profit percentage has increased for both, commonwealth bank being on the slightly higher side. In order the bank targets to improve the gross margin, it needs to increase its top line(Goldmann, 2016). The return of equity has dropped substantially for ANZ whereas for commonwealth bank, it has remained fairly constant. This is mainly because in ANZ bank, the net profit attributable to the shareholders has declined by huge margin. For this, the company needs to increase its topline and decrease the indirect and the direct expenses(Gerlach, Mora, Uysal, 2018). Debt being on higher side in commonwealth bank, the gearing ratio is way too high as compared to the ANZ bank. This is risky from the shareholders perspective and the company should thus try to reduce the proportion of debt in the capital structure. ANZ is just above the industry ratio and thus, it should also try to lower it down. In terms of horizontal analysis, it can be seen that the profit of commonwealth bank has decerased mainly on account of decrease in revenue and increase in operating expenses therefore the same should be controlled and within the budget to make the industry margin. In terms of cash flow statement, there is a lot of variation in the cash flow from operating activities in commonwealth bank and it has decreased by 270% in 2016 and 78% in 2017, which is an indicator that the company is facing cash flow issues. In sharp contract, the cash flow from operating activities in ANZ banks is fairly stable which shows the continuous flow of cash in the company and hence CWB has to drive its cash flow in a much more planned way going forward. Furthermore, the commonwealth bank has been issuing debt or loan capital on a continuous basis throughout the 3 years due to which the debt equity ratio ha increased beyond the industry average. The ANZ bank has been stable in this regard and had issued equity shares only in 2015. Therefore CWB bank needs to repay the loan capital soon(Alexander, 2016). From the vertical analsysis, it can be seen that for ANZ bank, the proportion of expenses as a % of revenue has not varied much in the last 3 years whereas for CWB bank, the interest expenses have declined considerably from 60% to 56% to 53%, other parameters remaining almost constant. Therefore, ANZ bank needs to decrease its interest expenses in order to remain competitive in the industry. In ANZ banks balance sheet analysis, it can be seen that the current tax assets and the deferred tax assets has undergone major changes in the last 3 years, other components being almost constant whereas in CWB bank, the proportion of loan capital has increased year on year and hence ANZ and CWB bank needs to stabilise its tax and debt respectively to give more security to the shareholders(Heminway, 2017). Conclusion From the above in depth analysis and the recommmendations on the financial statements, it can be concluded that the though commonwealth banks income and profit has increased over the past 3 years but the status of the balnce sheet reflects that there is a lot of risk in terms of the cash flow and reh increase in the debt capital year on year. On the other hand, ANZ has been fairly stable in all the respects, be it revenue or the profit or the balance sheet status. It can therefore, be said that the company has not been growing in the last 3 year and it needs to take strong steps in order to increase revenue and profitability. References Alexander, F. (2016). The Changing Face of Accountability. The Journal of Higher Education, 71(4), 411-431. Gerlach, J., Mora, N., Uysal, P. (2018). Bank funding costs in a rising interest rate environment. Journal of Banking and Finance, 87, 164-186. Goldmann, K. (2016). Financial Liquidity and Profitability Management in Practice of Polish Business. Financial Environment and Business Development, 4, 103-112. Retrieved from https://doi.org/10.1007/978-3-319-39919-5_9 Heminway, J. (2017). Shareholder Wealth Maximization as a Function of Statutes, Decisional Law, and Organic Documents. SSRN, 1-35.

Why World War Ii Was a Watershed Event free essay sample

Some countries of Europe continued to live under a regime of a free democracy. But in others, the power came to the communists that were under strict control of the USSR. Due to this, World War II was a watershed event. Several changes occurred of a social aspect. The roles of women dramatically increased. After the war, there occurred lots of questions about genders and their roles. During World War II due to the fact that lots of men went to war and had to be at the fronts, women took their places at factories, and other aspects of everyday life. After the war ended, women continued to work there because of decrease of the population of men. This called for a revision of the theoretical standpoint of a woman’s role in society. Women started actively engaging in all aspects of everyday life. Their role each year increased. Nowadays, women take place in almost all the jobs that men are allowed to do such as in economics or politics, but even today they are fighting for their full rights and to be as equal as men. We will write a custom essay sample on Why World War Ii Was a Watershed Event or any similar topic specifically for you Do Not WasteYour Time HIRE WRITER Only 13.90 / page In 1945 the Manhattan project was finished and the nuclear bomb was created. Churchill wrote a note to Stalin saying that a new, powerful weapon was created. Stalin had a neutral reaction to this news but secretly to himself, he knew what Churchill was talking about. The nuclear bomb was created. He ordered the construction of his nuclear weapons to speed up. On August 6, 1945 a nuclear bomb was dropped on Hiroshima and on the ninth a nuclear bomb was dropped on Nagasaki from the USA. The results of these two bombs were awful. The Soviet Union then created a nuclear bomb. The first testing of this newly created bomb was tested in Kazakhstan on August 29, 1949. On September 3, 1949 a US plane came to check if the air in the area was contaminated in the area of Kamchatka. Based on these tests, the US found out that the Soviet Union had also created a nuclear weapon. Due to this, a new time in humanity occurred. Of course the creation of the nuclear bomb was a watershed event of World War II in which more that 60 million people died. The United States thought that with the creation of the bomb and having such a weapon, they would no longer have to get involved in wars and would have peace. But the creations of the nuclear weapon led to other results. Nuclear power stations were being created that were able to give cheap energy and allowed progress. But, nuclear power stations were also very dangerous. In 1986 in the USSR, there was an accident at the Chernobyl nuclear power station. Due to this accident, a lot of people became sick from the radiation and that radiation was very bad for the environment and everything living around that area. But even due to the dangers, people cannot let go of nuclear energy. Finally, lots of geopolitical changes occurred after the end of World War II. Still during the time of the war in 1945, there was a conference that was held in Yalta (USSR). The people that participated in this conference were Winston Churchill from England, Stalin from the USSR, and Roosevelt from the USA. They were discussing new geographical borders of Europe and peace among countries. As a result of this conference, part of Germany was given to France and part to Poland. The territories of Czechoslovakia, Hungary and other countries of eastern Europe were also changing. Furthermore after the conference took place , Berlin was divided into 4 sections of occupation between Great Britain, USA, the Soviet Union and France. Furthermore in 1949, the German Democratic Republic was formed . The communist party ruled there under the control of the USSR. This was Eastern Germany and part of Berlin. In August 1961, the Berlin wall was built to divide the east and west of Berlin. People living on either side of the wall were not allowed to cross to the other side without being killed or returned to their side of the wall. This wall existed till 1990. At this time, the parts of Germany were reunited again. In conclusion, World War II was known as a watershed event because of all the changes it brought upon the world. World War II gave women rights and allowed them to become more equal to men. Moreover during World War II, the nuclear bomb was created. It was a weapon of destruction leaving people in constant fear of their homes being destroyed and their lives at stake. Finally during World War II lots of geopolitical changes occurred. Different countries were at peace and others recovering from the great war. So World War II was known as a watershed event.

How to Style Titles of Print and Online Publications

How to Style Titles of Print and Online Publications How to Style Titles of Print and Online Publications How to Style Titles of Print and Online Publications By Mark Nichol The rules for formatting titles of compositions and their constituent parts may seem complicated, but they follow a fairly straightforward set of guidelines, outlined below. Capitalization Titles of compositions are generally formatted in headline, or title style. In this system, the first letters of the following words are capitalized: The first and last word of the title, regardless of part of speech Nouns, pronouns, verbs, adjectives, adverbs, and subordinating conjunctions (such as although, because, and than) In titles, the following words are lowercased: Prepositions (except when they are used adjectivally or adverbially (in such phrases as â€Å"off day† and â€Å"come down†) To when it is part of an infinitive (for example, â€Å"to exercise†) All articles, prepositions, and coordinating conjunctions (such as and, but, and or) Emphasis Italics are used for titles of books, periodicals, films, television specials and series, and both series titles and episode titles for anthology programs like Masterpiece Theatre, though episodes of regular series, as well as titles of book chapters and magazine, newspaper, and online articles, are enclosed in quotation marks. Some publications, including most newspapers and some magazines, use quotation marks for titles of all compositions as well as parts of compositions, but italics are almost always employed for this purpose in books, and I highly recommend maintaining this distinction in periodicals and online. Titles of many nonfiction books include a subtitle following a colon, and except in informal usage, the full title should be used on first reference; the title alone the part preceding the colon can be used thereafter. Note that magazine and similar descriptive words should be capitalized and italicized only if they are part of a publication title: refer to â€Å"the New York Times Magazine,† for example, but â€Å"Time magazine†; in the former case, magazine is officially part of the publication’s name. (In a context in which it is obvious that Time, for example, refers to the publication with that title, the word magazine can be omitted.) Also, as shown in this example, do not capitalize or italicize the before a publication name, whether or not it is part of the title. Various publications differ in self-identification, even when their titles share a word for example, the New York Times bills itself as â€Å"The New York Times,† while the Los Angeles Times omits the article and this rule is designed to save writers the trouble of having to check individual publications for specific usage. Titles of plays and of poems long enough to be published in book form are italicized; titles of poems short enough to be included in a collection in a book are formatted, like chapter titles, in quotation marks. To determine how to treat titles of websites and their components, compare them to print equivalents: A website that sells products and/or services, even if it features content related to those offerings, is an online store, and the site name should not be formatted as a composition title. But titles of sites that emulate books and periodicals, and their articles and essays, should be treated like them; the same standard applies to blogs and blog posts. What about titles of videos posted online? Many such videos, especially those posted to video-sharing sites such as YouTube, don’t have titles or lack well-thought-out titles so they can just be referred to generically (â€Å"See Smith’s video about wombats†), with a link. For those with traditionally composed titles, however, use either italics or, especially for short videos, quotation marks. Want to improve your English in five minutes a day? Get a subscription and start receiving our writing tips and exercises daily! Keep learning! Browse the Style category, check our popular posts, or choose a related post below:Using "a" and "an" Before WordsTaser or Tazer? Tazing or Tasering?Comment, Suggestion, and Feedback

Anita Roddick The Body Shop Commerce Essay

Anita Roddick The Body Shop Commerce Essay Moore and Buttner defined female entrepreneurs as those who use their knowledge and resources to develop or create new business opportunities, who are actively involved in managing their businesses, and own at least 50 percent of the business have been in operation for longer than a year†. In this 21st century, women had a dramatically changing over the year and year. Women breakthrough from the traditional position that as an internal housewife to a working woman in several fields. Nowadays, more and more women try to get rid of work as an office woman and get fixed salary every month but they are tries to set up and develop their own business. Since women’s level of education has increasing compare to 20 century, they create their own business based on their high knowledge, skills and interest in several field. There Women not only successful in business field but also other field including political, medical, economic, cosmetic, IT technology, oil and gas, software, food and beverage and so on. This is because there is more support for women entrepreneurs than ever before. However, women entrepreneur are facing constraints and there are solutions for them to improve themselves. Successful Woman Entrepreneurs There are a lot of successful women entrepreneurs who start their business by themselves. They have their own strategies and uniqueness of their products and also management skills that enable their business went for globally. Anita Roddick- The Body Shop anita roddick.jpg body shop.jpg Anita Roddick the founder of The Body Shop. She was born in England in 1942 and married with Gordon Roddick in year 1970 and had 4 children. Anita Roddick started her business in year 1976 where her shop allocated at a back street in Brighton, England. Without much of financing, she only able decorated her shop with green garden lattice to cover the ugly unpainted walls. Anita Roddick got her inspire of her products is when she travel to around the world. Sh e saw local women of Tahiti use cocoa butter to plastering their body and women in Morocco washing hair in mud. After that, Anita Roddick tried to make her own products by using all natural raw materials from fruits and vegetables at home and sales her products in her first shop. She had packaging her products in very simple packaging and inexpensive price for all natural cosmetics and herbal creams and shampoos. She only sold 15 different cosmetic products in her first shop. The first strategy that used by Anita Roddick is differentiate her products with other cosmetic products where her products is all made from natural raw materials such as from fruits and vegetables. This is because of her awareness of most women fear of use artificial chemicals cosmetic products to put on their skin and hair. She had got natural raw materials most from Africa and these natural raw materials made her products unique compared to others. Through this, she built her product brand name which The Bod y Shop sales all natural cosmetic products. The second strategy used by Anita Roddick is CSR (Corporate Social Responsibility). According to ISO Strategic Advisory Group defined CSR as â€Å"is taken to mean a balanced approach for organizations to address economic, social and environmental issues in a way that aims to benefit people, communities and society†. Anita Roddick used CSR strategies as a way to make advertising indirectly to community. She joined Fair Trade Community where she got her natural raw materials from Africa and paid them in a fair price to help them have extra fund to build their facilities such as school and others. Furthermore, she also prevents to use animals tested for her products. Moreover, she join society communities to raise the concern about environmental friendly, protect animals and against animal testing and defend for human rights. Through CSR, she had successful to build good reputation for her shop.

Why I want to be a nurse Essay Example | Topics and Well Written Essays - 500 words

Why I want to be a nurse - Essay Example Nurses were looked down upon but with the development of the human mind, it has been realized that it is a very noble profession where a person lives with a cause and purpose of serving other people. It is for this reason that I have actually been influenced by the fact that I should opt for this career and work towards improving the health status of the world by becoming an integral part of the healthcare system. I have always been interested in this field, particularly after my exposure to the hospitals when I came across nurses and realized the fact that how important they are for the field of medicine. My exposure to this field has made me aware of the fact that I would truly want to devote my life for the purpose of providing the best health for the patients. The example of Florence Nightingale serves as an inspiration to me. She was a woman who was devoted to her work despite of the difficulties that she had to face and the criticism that she received. She worked day and night to save precious human lives and worked in very difficult conditions. Seeing her example, I have realized that I would also want to dedicate my life to help people who will actually be able to live in a better way because of my work. The aim of this field is itself very inspiring to me.

Marriott Hotel Essay Example | Topics and Well Written Essays - 2500 words

Marriott Hotel - Essay Example On travel and tourism competitive index for 2013, UK stands on the leading 5th rank among 140 countries (Blanke and Chiesa, 2013). All these provide opportunity to Marriott to continuously grow and expand in UK. . ECONOMICAL Recession in the UK economy had affected the purchasing power of people and it had a negative impact on the tourism industry as well. The recovery has started but customers are still on hold due to the inflationary pressures unemployment due to Euro zone crises (Ernst & Young, 2012). The Travel and Tourism index of 140 countries rank UK on 10th position for business environment while natural resources availability that is critical for this industry is immensely attractive and ranks on third place (Blanke and Chiesa, 2013). Hence, the revival of the economy holds attractive opportunity for Marriot. SOCIO-CULTURE The consumer behaviour is changing continuously and the trends are modifying all across the world. Human and cultural resources for the hospitality indust ry are in abundance in the UK and country ranks on sixth and third respectively on the competitive index for Travel and Tourism (Blanke and Chiesa, 2013). The tech-savvy element has taken dominant place in culture and hotel are steering strategies to adopt changes all across value chain (Ernst & Young, 2013). Marriot is consistently accounting this element of change in social trends such as Marriot took initiative and went digital on wine (Incentive Travel, 2013). TECHNOLOGICAL Technological advancement is at its peak everywhere. Conventional ways are converting in to digital ways. The online existence of the firms is now looking necessary (Mcindoe, 2013). Technological advancement has also affected the... Identifying the role of environment for the business, this report is aimed to analyse the impact business environment on the performance of the organisation. The environmental assessment explores the impact of political, economic, social, technological, environmental and legal factors in the business. For the last two decades the impact of technology has changed the structure of every industry either it is service industry or product industry. The technology is now considered as one of the basic driver of growth. Among various industries, hospitality industry has also received a great impact of technological advancement in the last decade. Nowadays, customer convenience and satisfaction is considered as a one of the most effective tool in the service industry to get the competitive advantage. Marriot always focused on adapting the emerging and latest trends to stay competitive in the market. Competitive strategies that are followed by Marriott and its rivals are highly similar and hence each one is trying to gain the edge by loyalty programs and other technological adoptions. All the competitors and Marriot is continuously making efforts to sustain its position in the market. The environmental analysis has conducted to understand the impact of internal and external forces on the organisation. Since, technological advancement has had a great impact on almost every business in the world and so hospitality industry is affected significantly. Therefore, efforts to employ technological advancements by Marriot to remain competitive have been discussed with insight recommendations. Some media sources are mentioned in the repo rt to analyse the evolving behavior of the organisation. In all that Marriot is competing successfully in UK hospitality industry. However, it needs to make a consistent research on understanding the changing consumer needs and preferences. It is worth mentioning that recovery in UK economy is creating the opportunity of business expansions. Marriott should focus on this phase and increase its marketing efforts to attract new customers initially in this phase.

Virtual Police Department Case Study Essay Example for Free

Virtual Police Department Case Study Essay Introduction This paper will consist of an overview of the Virtual Police Department, the history of that department and where it is today. I will analyse the different issues within the department and set a constructive path for the department so that it may benefit fully from all the resources that it has available. The Virtual Police Department is a medium sized department with 155 sworn officers. The department has a long history of hiring from a â€Å"good ole boy† system. The criteria for being hired at this particular department is minimal and their turnover rate for personnel is often and all at once. The current department leadership has been around for no more than 15 years and most of the staff have been hired within the last 5 years. Because of the turnover rate, experience is lacking. All of the seasoned officers have â€Å"phased out† and promotions were required, however, not necessarily earned or deserved. I have identified several areas that I would recommend immediate attention to. However, I have highlighted four of these for the purpose of this case study. Firstly, I would look at the hiring process within this department and make some much needed changes. Next, I would revisit the budget. Then, I would restructure the four organizations into functioning efficient groups. Lastly, I would establish connections within the community and neighbouring police departments and community agencies to ensure a close knit, positive, supported network. I recommend that this department begin with a change to its hiring process. Many of the employees have no more than a high school diploma. I feel there should be a set standard of education and experience to become the Chief of Police. Not just family relations or friends. The community of VPD are losing faith and confidence in their police department and one way to begin the change is to start from the inside. Once the Chief of Police is in  office with a Bachelor or higher, then they may start enforcing their own officers to at least fulfil an associate’s degree in Criminal Justice. I understand that in the past, looking for personnel who had a Bachelor’s degree rendered many from w ithin the department ineligible, however, maybe this is a beginning to the change. The department needs to start looking outside of their town for personnel to police the area. According to the department demographics chart, the department has never had the full authorized members. From 2009-2012, the average number of actual sworn employees was 140. The authorized number rose in 2011 to 145. The current year, there are 155 sworn officers which is 10 over authorization. The history of the making of this police department has seriously perpetuated the situation the VPD is facing today. From the initial hiring in 1950, the Mayor and City Council hired their friends as the initial department members. In the beginning, this had no effect on the department and it actually solidified a great relationship within the community. However, as times have changed, the department itself has grown, the community has grown as well, this kind of hiring process has taken its toll on the department, authority, and the community. The department has a significant repetitive issue which is the consistent bulk hiring and retiring of its officers. There really isn’t a phase out process in place whereby rookie police officers train and learn from the more experienced ones before they retire. It seems a common theme within this department is a lot of running from fire to fire. It appears the department spends more time playing defence as opposed to offense. Instead of the department spacing its personnel who are looking at retirement out, they all seem to retire at the same time. This is yet another impact of the hiring of friends and family. Although it worked well in the 1950’s, the city and its inhabitants are far different than they were in the 1950s. There also appears to be a significant amount of complaints from both internal and external sources; as well as decreasing percentage of crimes solved and/or successfully prosecuted. Based on these issues, I would phase the retirement and hiring proc ess. It may initially create a few headaches, however, I believe those will be fewer than the continual spiral out of control the department is currently facing. I believe that if some of those that are close to retirement were promoted to other positions within the force, they would stay around a little longer.  Eventually, there will be a good mix of longevity within the police department. Ensuring that junior officers receive proper training from the more seasoned officers is extremely important. According to the crime statistics provided by the scenario, there appears to be a lot of burglary, robbery, and theft in the Part 1 Offences. Personnel should be dedicated to these areas to ensure the crime is attacked BEFORE it occurs. The Broken Windows theory is epic when considering the transformation of a community. Showing the community that the police want to be proactive as opposed to reactive is certainly a good start. In the proactive article titled â€Å"Broken Windows: The Polic e and Neighborhood Safety,† James Q. Wilson and George L. Kelling argued that policing should work more on â€Å"little problems† such as maintaining order, providing services to those in need, and adopting strategies to reduce the fear of crime (1982:29). Their assumptions were based on three reasons: Areas with street people, youth gangs, prostitution, and drunks are high-crime areas. Neighborhood disorder creates fear. (1982:30) Another issue with the current hiring process is there is no hiring board or public announcements made. The police department likes to hire from within and have kept to hiring friends and family to, â€Å"keep all the undesirables off the police force.† I would announce any upcoming vacancies state wide and set up a hiring process based on qualifications. The hiring would not be concurrent with the Mayoral elections and the police department will break from the political tie it currently has. As the police department and the mayoral council run so tightly together, it is impossible for the VPD, state police, and county sheriff to communicate with each other. Communication between police departments is crucial for the VPD to survive. The process of socialization seems to be missing from the Virtual Pol ice Department. Although they are close because of the internal hiring, it does not lend credence to learning the ropes by doing as much as by the rule-book. As the experienced officers phase out, there is not a lot left for the younger inexperienced officers to learn the valuable on-the-job lessons with. George, C., Smith, C. (2004). With the changes to the hiring and retiring process, the budget obviously needs to be revisited. The first thing I would do is look at the average starting salary for the police and drop it to $32,000 $35,000 annual. Starting rookie police officers out at $45,000 doesn’t give room for promotion with pay increase, time on  department increases, and doesn’t encourage members within the department to further their education or strive for a better position. Pay should increase as positions and responsibility increase. If 75 of the 155 police officers are within their first 5 years on the force, their pay should be $35,000 annual. The budget would need to be met to cover the cost of each police officer with a buffer of 15% for over time. If the starting salary for the VPD force was $32,000, the total for the rookie officers would be $2,400,000 annual. That would be a savings of $975,000 a year. Police departments should have a program and promotion rate for their officers to strive toward. According to George Cole and Christopher Smith, â€Å"The average starting salary in 2001 was more than $32,000†. (2004:173). Pay increase should come with responsibility and job knowledge and time on the force. I also think the police department needs to compare the pay of their officers and commanders to other neighbouring departments and base the starting pay on those. An extremely important aspect has been overlooked within this department due to budget cuts. Training has obviously suffered greatly. I do not believe that training should ever be jeopardized for the sake of saving a few pennies. Train the trainer programs are a great way to maximize training the cheapest way. Sending one or two individuals to receive training that will certify them to conduct the training within their department is gold. Once the rapport is established with the other departments within the area, then the trainer can also train those departments. Essentially, each department would send someone to receive specialized training and share that training throughout the departments. This way, each department will save money and not have to forego the training. Another area that is concerning is firearm qualification training. This is a major mistake to allow officers to continue to carry their firearms when they are not qualified. If they had to use their weapon and during the course of the investigation, it is determined that they were not qualified, the repercussions would be immense, not just for the department, but for the other departments, the city, and the state. Also of great importance in the training area is ET not keeping up with law updates, changes, and recent court rulings. Training can be conducted on the job and any additional training can be completed during one of the 8 hour shifts if the s chedule can be made to allow a training day. That way, the officer  isn’t on the road, isn’t side-tracked, isn’t in court, or isn’t unavailable. If training day was a â€Å"duty day† then training can be maintained. â€Å"Recruits need formal training in order to gain an understanding of legal rules, weapons use, and other aspects of the job.† (2004:179). A positive approach to establishing a budget within the jurisdiction would be to evaluate the cost of crime. According to Mark Cohen, â€Å"taking a â€Å"bottom-up† approach to crime aids in breaking them down.† (2005: 84). Breaking the crimes down on a per-crime basis will give the planners assistance when looking at the statistics of their community crimes. In doing this, it would be beneficial for the courts to readdress the cost of fines paid, fees and offence times, etc. The courts would essentially be assisting the police department in policing their community. Possibly, stiffer sentences, stiffer fines, and attention to the crimes will be a significant deterrent. Let those who choose to break the law pay the price for it. The best way to reasonably ensure that training is being conducted is to organize the department a bit better. The department does seem to be organized well. It has the typical four separate commands; Patrol, Investigations, Special Operations, and Support Services. Each of these departments has a commander. The departments are organized by talents, friendships, and skills. The department seems to be extremely mismanaged as they currently have 155 sworn officers, however they are only authorized 145 by 2012. Along with the sworn officers, they are also extremely overstaffed with civilian employees as well. According to the table, they are authorized 17, however, they currently employ 70. On top of the overstaffing issue, the department has a history of hiring predominately Caucasian male police officers (70%), and only 11% Caucasian female officers; which has held pretty steady over the last four years. According to Wilson and Kelling, â€Å"For most of the nation’s history, almost all police officers were white men.† (2004:174). The Civilian Personnel demographics are not much different. The department has a high number of Caucasian men and women employees. The African-American male employees estimate at 10% of the police force ov er the last four years. The African-American female police officers sat at 3.7% estimated over the last four years. As the community has grown in size, it appears the police department has maintained a consistent employee demographic base. The last recorded census was from 2000. Based on that census, the population  consisted of the following; 50.9% male, 49.1% female, 60.1% Caucasian, 16.7% black or African American, 11.4% Hispanic, 7.0% Asian, Other 0.2%, some other race 1.7%, two or more races 2.9% and foreign born 16.2%. The median age was 37.9 years of age. Not only has the ethnic population changed, but the median income average has as well. The median has dropped by 13% which should alert the surrounding agencies that their citizens are not as wealthy as they once were and most of the time, this also incites criminal activity. The demographic differences in the community and police department is wide. It may have been the same demographics at one time, however, the police department hasn’t seemed to change much since the 1930s in that aspect. As the department still chooses to hire friends and family, this is not expected to change anytime soon. I would argue that the change needs to happen immediately. I think a new census should be taken or at least have patrols identify areas within the community that have changed drastically with ethnicity. A new census would also assist the budget and the jurisdiction boundary and also allow the bigger picture to be evident to the Mayor. Most cities have a natural cultural divide. It is important for the police department to recognize this and adjust their manning accordingly. If there is an increase of crimes against women, it would be important for the department to look at hiring more women onto the force who can deal with the more sensitive areas. If there are race issues within the community, it wouldn’t be a good decision to send a police officer into that area knowing it could potentially escalate a situation. The department should have more diversity amongst the officers. To start this, I will go back to my earlier statement on hiring outside of the police force family. Try and appeal to the other ethnic backgrounds that the community can relate to and hopefully start to trust. Next, I would re-evaluate the shift work. If the area of responsibility has grown, and the number of citizens within the community has grown, it is imperative that the police are able to respond and react to calls appropriately. Because police work doesn’t end at the scene, officers must have time to go back to the station and complete their required paperwork. Twelve hour shifts make it virtually impossible to complete paperwork and get enough rest before the next shift. I would break the shifts up into 8 hour shifts and apply the greater amount of officers to the busiest time of the day or night. Taking a look at the criminal statistics, I initially notice that due to the unplanned city demographic changes, the department is currently suffering a set back with a larger than projected area of responsibility and more citizens within their jurisdiction. The number of lower income families has risen, and the average age of the community dropped to 34.7 which means more children are attending the local schools. Looking at the Statistics of Crime in VPD area, there has been a significant increase in Part 1 and Part II Offenses. Part II Offences have seen the most increase over the last four years with drugs, disorderly conduct, and burglary topping the list. It is scary to note that although crimes in almost every offense is up, arrests are down significantly from 2009-2011 and 2012. Over the last four years, the city has seen a steady increase in crime and antisocial activity. Also, Use of Force, conduct, and performance complaints have drastically increased against the police, hi ghlighting a possible stressed, stretched thin police department, and frustrated community. It also appears that the adult offences are higher than the youth offenses. This could be as a result of the closure of the neighbouring city’s high rise public and subsidized housing causing its residents to relocate. Due to this, a 10% increase in low income residents are now a part of the VPD community. Larry Bennett, Janet Smith, and Patricia Wright wrote about Paul Fischer of Lake Forest College. In a 2003 study, â€Å"most families relocated from CHA housing are re-segregated into other very low-income, majority African-American neighborhoods where housing conditions are not appreciably better than those they left.† (2006: 219). Along the lines of changing 12 hour shifts into 8 hour shifts, I would also start communicating with the surrounding police departments. I would establish a rapport – even if it is to my departments sacrifice at first. I would be interested in any training opportunities, their demographics for their area, any areas that may â€Å"overlap† with jurisdictions, and I would start an interagency database so the surrounding areas demographics may be included in it. One thing that would have assisted the VPD before the buildings were torn down in the neighbouring areas would have been the communication between departments. Having a good working relationship with them would have potentially avoided all the chaos that was created by the influx of lower income families. I would also have my  Patrol Commander to establish a Community Oriented Policing task force to get out into the community and get some insight to what the citizens would like to see. If the department takes a step in the right direction and shows the community that they know there is a problem and they want the community’s help to fix it then it may generate a lot of interest. I am sure that if the community pulls together to start paying attention to vandalism, prostitution, drugs and disorderly conduct, then hopefully the homicides, rapes, burglaries, motor vehicle thefts and aggravated assaults would decrease. I would also incorporate an operation similar to â€Å"Operation Condor† which was highlighted by Howard Safir and Ellis Whitman. According to Safir and Whitman, Condor was an extension of the Broken Windows effec t. This operation had significant impact on homicide and crime rates and eliminated signs of lawlessness. (2005: 198). Based on the positive outcome of Operation Condor, VPD may benefit significantly with something like this. The police department has a bad reputation responding to calls. In 2012, there were 163,433 calls for police service and units were dispatched to only 131,548. That means that 31,885 calls for assistance were unanswered. This is not acceptable. According to James Q. Wilson and George L. Kelling, â€Å"Untended disorderly behavior is a signal that the community does not care. This leads to worse disorder and crime. If police are to deal with disorder to reduce fear and crime, they need the community for assistance.† (1984:29) The new acceptable standard of bending the rules and the code of silence is inexcusable. The VPD has had a longstanding reputation for integrity. However, over the last several years, it has become accepted to bend the rules and violatio ns, and is overlooked by supervisors. The Virtual Police Department is in great need of a complete overhaul. Unfortunately, the department does not have its priorities correct. In my attempt to fix the VPD, I would call in Police Officer Standards and Training Commissions POST Commissions to evaluate and train the department on the critical issues of police officer standards. As this is a state function, the county, Mayor, and others will not be able to influence the training or decision making. According to Sullivan and Simonetti Rosen, â€Å"These state-level commissions provide law enforcement agencies with guidelines, established by administrative regulations or law, and require compliance by all municipal, county, and state law enforcement agencies, to maintain a baseline for  police officer standards and training.† (2006: 350-351). I honestly feel an â€Å"audit† would benefit the department on so many levels. Finally, I would appoint a Human Resource Manager to ensure that the needs of the personnel are met and a Safety Officer to ensure that regulations are being followed appropriately. The hiring process, budget, structure of the department, and community relations are what I see to be the weakest areas within this department. Fortunately, they feed off of each other and adjustments in one area will affect the others. It will be a process, but a greatly needed process none-the-less. References Cohen, M. (2005). The Costs of Crime and Justice. New York: Routledge. George, C., Smith, C. (2004). The American System of Criminal Justice (10 ed.). Belmont: Thompson Learning, Inc. Howard, S., Whitman, E. (2003). Security: Policing your Homeland, your State, Your City (1 ed.). New York: St Martins Press. Larry, B., Smith, J., Wright, P. (2006). Where are poor people to live?. Armonk: M.E. Sharpe, Inc. Larry, S., Simonetti Rosen, M. (2005). Encyclopedia of Law Enforcement (Vol. 1). Thousand Oaks: Sage Publications, Inc. Virtual Police Department Case Study Paper