Security and Privacy of IP-ICN Coexistence: A Comprehensive Survey

Internet usage has changed from its first design. Hence, the current Internet must cope with some limitations, including performance degradation, availability of IP addresses, and multiple security and privacy issues. Nevertheless, to unsettle the current Internet's network layer i.e., Internet Protocol with ICN is a challenging, expensive task. It also requires worldwide coordination among Internet Service Providers , backbone, and Autonomous Services. Additionally, history showed that technology changes e.g., from 3G to 4G, from IPv4 to IPv6 are not immediate, and usually, the replacement includes a long coexistence period between the old and new technology. Similarly, we believe that the process of replacement of the current Internet will surely transition through the coexistence of IP and ICN. Although the tremendous amount of security and privacy issues of the current Internet taught us the importance of securely designing the architectures, only a few of the proposed architectures place the security-by-design. Therefore, this article aims to provide the first comprehensive Security and Privacy analysis of the state-of-the-art coexistence architectures. Additionally, it yields a horizontal comparison of security and privacy among three deployment approaches of IP and ICN protocol i.e., overlay, underlay, and hybrid and a vertical comparison among ten considered security and privacy features. As a result of our analysis, emerges that most of the architectures utterly fail to provide several SP features including data and traffic flow confidentiality, availability and communication anonymity. We believe this article draws a picture of the secure combination of current and future protocol stacks during the coexistence phase that the Internet will definitely walk across

Contributions to Securing Software Updates in IoT

The Internet of Things (IoT) is a large network of connected devices. In IoT, devices can communicate with each other or back-end systems to transfer data or perform assigned tasks. Communication protocols used in IoT depend on target applications but usually require low bandwidth. On the other hand, IoT devices are constrained, having limited resources, including memory, power, and computational resources. Considering these limitations in IoT environments, it is difficult to implement best security practices. Consequently, network attacks can threaten devices or the data they transfer. Thus it is crucial to react quickly to emerging vulnerabilities. These vulnerabilities should be mitigated by firmware updates or other necessary updates securely. Since IoT devices usually connect to the network wirelessly, such updates can be performed Over-The-Air (OTA). This dissertation presents contributions to enable secure OTA software updates in IoT. In order to perform secure updates, vulnerabilities must first be identified and assessed. In this dissertation, first, we present our contribution to designing a maturity model for vulnerability handling. Next, we analyze and compare common communication protocols and security practices regarding energy consumption. Finally, we describe our designed lightweight protocol for OTA updates targeting constrained IoT devices. IoT devices and back-end systems often use incompatible protocols that are unable to interoperate securely. This dissertation also includes our contribution to designing a secure protocol translator for IoT. This translation is performed inside a Trusted Execution Environment (TEE) with TLS interception. This dissertation also contains our contribution to key management and key distribution in IoT networks. In performing secure software updates, the IoT devices can be grouped since the updates target a large number of devices. Thus, prior to deploying updates, a group key needs to be established among group members. In this dissertation, we present our designed secure group key establishment scheme. Symmetric key cryptography can help to save IoT device resources at the cost of increased key management complexity. This trade-off can be improved by integrating IoT networks with cloud computing and Software Defined Networking (SDN).In this dissertation, we use SDN in cloud networks to provision symmetric keys efficiently and securely. These pieces together help software developers and maintainers identify vulnerabilities, provision secret keys, and perform lightweight secure OTA updates. Furthermore, they help devices and systems with incompatible protocols to be able to interoperate

Interoperabilidade e mobilidade na internet do futuro

Research on Future Internet has been gaining traction in recent years, with both evolutionary (e.g., Software Defined Networking (SDN)- based architectures) and clean-slate network architectures (e.g., Information Centric Networking (ICN) architectures) being proposed. With each network architectural proposal aiming to provide better solutions for specific Internet utilization requirements, an heterogeneous Future Internet composed by several architectures can be expected, each targeting and optimizing different use case scenarios. Moreover, the increasing number of mobile devices, with increasing capabilities and supporting different connectivity technologies, are changing the patterns of traffic exchanged in the Internet. As such, this thesis focuses on the study of interoperability and mobility in Future Internet architectures, two key requirements that need to be addressed for the widely adoption of these network architectures. The first contribution of this thesis is an interoperability framework that, by enabling resources to be shared among different network architectures, avoids resources to be restricted to a given network architecture and, at the same time, promotes the initial roll out of new network architectures. The second contribution of this thesis consists on the development of enhancements for SDN-based and ICN network architectures through IEEE 802.21 mechanisms to facilitate and optimize the handover procedures on those architectures. The last contribution of this thesis is the definition of an inter-network architecture mobility framework that enables MNs to move across access network supporting different network architectures without losing the reachability to resources being accessed. All the proposed solutions were evaluated with results highlighting the feasibility of such solutions and the impact on the overall communication.A Internet do Futuro tem sido alvo de vários estudos nos últimos anos, com a proposta de arquitecturas de rede seguindo quer abordagens evolutionárias (por exemplo, Redes Definidas por Software (SDN)) quer abordagens disruptivas (por exemplo, Redes Centradas na Informação (ICN)). Cada uma destas arquitecturas de rede visa providenciar melhores soluções relativamente a determinados requisitos de utilização da Internet e, portanto, uma Internet do Futuro heterogénea composta por diversas arquitecturas de rede torna-se uma possibilidade, onde cada uma delas é usada para optimizar diferentes casos de utilização. Para além disso, o aumento do número de dispositivos móveis, com especificações acrescidas e com suporte para diferentes tecnologias de conectividade, está a mudar os padrões do tráfego na Internet. Assim, esta tese foca-se no estudo de aspectos de interoperabilidade e mobilidade em arquitecturas de rede da Internet do Futuro, dois importantes requisitos que necessitam de ser satisfeitos para que a adopção destas arquitecturas de rede seja considerada. A primeira contribuição desta tese é uma solução de interoperabilidade que, uma vez que permite que recursos possam ser partilhados por diferentes arquitecturas de rede, evita que os recursos estejam restringidos a uma determinada arquitectura de rede e, ao mesmo tempo, promove a adopção de novas arquitecturas de rede. A segunda contribuição desta tese consiste no desenvolvimento de extensões para arquitecturas de rede baseadas em SDN ou ICN através dos mecanismos propostos na norma IEEE 802.21 com o objectivo de facilitar e optimizar os processos de mobilidade nessas arquitecturas de rede. Finalmente, a terceira contribuição desta tese é a definição de uma solução de mobilidade envolvendo diferentes arquitecturas de rede que permite a mobilidade de dispositivos móveis entre redes de acesso que suportam diferentes arquitecturas de rede sem que estes percam o acesso aos recursos que estão a ser acedidos. Todas as soluções propostas foram avaliadas com os resultados a demonstrar a viabilidade de cada uma das soluções e o impacto que têm na comunicação.Programa Doutoral em Informátic

Otimização de distribuição de conteúdos multimédia utilizando software-defined networking

The general use of Internet access and user equipments, such as smartphones, tablets and personal computers, is creating a new wave of video content consumption. In the past two decades, the Television broadcasting industry went through several evolutions and changes, evolving from analog to digital distribution, standard definition to high definition TV-channels, form the IPTV method of distribution to the latest set of technologies in content distribution, OTT. The IPTV technology introduced features that changed the passive role of the client to an active one, revolutionizing the way users consume TV content. Thus, the clients’ habits started to shape the services offered, leading to an anywhere and anytime offer of video content. OTT video delivery is a reflection of those habits, meeting the users’ desire, introducing several benefits discussed in this work over the previous technologies. However, the OTT type of delivery poses several challenges in terms of scalability and threatens the Telecommunications Operators business model, because OTT companies use the Telcos infrastructure for free. Consequently, Telecommunications Operators must prepare their infrastructure for future demand while offering new services to stay competitive. This dissertation aims to contribute with insights on what infrastructure changes a Telecommunications Operator must perform with a proposed bandwidth forecasting model. The results obtained from the forecast model paved the way to the proposed video content delivery method, which aims to improve users’ perceived Quality-of-Experience while optimizing load balancing decisions. The overall results show an improvement of users’ experience using the proposed method.A generalização do acesso à Internet e equipamentos pessoais como smartphones, tablets e computadores pessoais, está a criar uma nova onda de consumo de conteúdos multimedia. Nas ultimas duas décadas, a indústria de transmissão de Televisão atravessou várias evoluções e alterações, evoluindo da distribuição analógica para a digital, de canais de Televisão de definição padrão para alta definição, do método de distribuição IPTV, até ao último conjunto de tecnologias na distribuição de conteúdos, OTT. A tecnologia IPTV introduziu novas funcionalidades que mudaram o papel passivo do cliente para um papel activo, revolucionando a forma como os utilizadores consumem conteúdos televisivos. Assim, os hábitos dos clientes começaram a moldar os serviços oferecidos, levando à oferta de consumo de conteúdos em qualquer lugar e em qualquer altura. A entrega de vídeo OTT é um reflexo destes hábitos, indo ao encontro dos desejos dos utilizadores, que introduz inúmeras vantagens sobre outras tecnologias discutidas neste trabalho. No entanto, a entrega de conteúdos OTT cria diversos problemas de escalabilidade e ameaça o modelo de negócio das Operadoras de Telecomunicações, porque os fornecedores de serviço OTT usam a infraestrutura das mesmas sem quaisquer custos. Consequentemente, os Operadores de Telecomunicações devem preparar a sua infraestrutura para o consumo futuro ao mesmo tempo que oferecem novos serviços para se manterem competitivos. Esta dissertação visa contribuir com conhecimento sobre quais alterações uma Operadora de Telecomunicações deve executar com o modelo de previsão de largura de banda proposto. Os resultados obtidos abriram caminho para o método de entrega de conteúdos multimedia proposto, que visa ao melhoramento da qualidade de experiência do utilizador ao mesmo tempo que se optimiza o processo de balanceamento de carga. No geral os testes confirmam uma melhoria na qualidade de experiência do utilizador usando o método proposto.Mestrado em Engenharia de Computadores e Telemátic

Smart Virtualization for Packet Forwarding in 5G and Beyond Communication Networks

This thesis was submitted for the award of Doctor of Philosophy and was awarded by Brunel University LondonIn this thesis, novel ideas have been proposed to tackle the delay and connection continuity, which are caused by different factors related to wired and wireless communication system networks. The vast majority, if we do not say all of these systems adopt packet switch schemes to transfer the data amongst network devices. Moreover, all these systems aim to deliver the data from the source to the destination according to particular Identifiers (IDs) of these devices. The most well-known IDs that are used to distinguish devices are IP address, MAC address, and Subscriber National Number. By virtualizing the servers of communication systems, new concepts of communication networks have emerged. For instance, a mobile operator’s core network function servers could be virtualized, installed, and run by Virtual Machines (VMs) to execute these functions. Also, routers, switches, firewalls, and other network devices could be virtualized by using SDN, NFV, and new- generation protocols such as OpenFlow to create a high performance of the virtualized communication network. From this point of view, we proposed novel concepts such as SVeNB which mimicked the functions of the base station and the core network of a mobile operator network. The SVeNB performance exceeded the C-RAN with 68% in user profiles treatment. Also, the SVeNB reduced the End-to-End delay to 62%. Other advantages of the virtualization are ease of separating the functions and control layer of the networks. This approach urged researchers to suggest a new communication network topologies and innovative designing of flexible and programmable routing protocols. As a result of these approaches, emerging the SDN networks to carry packet forwarding schemes on the communication networks. Based on the facts mentioned above, we designed a novel idea to generate a tag as a mobile node’s ID from E.164 standard numbering and MAC address to handle the packets inside the networks. The results showed that the packet loss rate decreased to 4% of that were lost during the handover delay time or while packets re-direction mechanism. At the same time, the MN could receive 96.4% of the data that was lost during the handover process. Mobility management is a vital issue in wireless communication, due to the necessity of changing the ID of the wireless attached Access Points (APs) by a moving target which connects to that APs. The biggest obstacle of mobility is that the addresses resolution should be made in real time. More difficulty is added when the motion of moving targets is very speedy, for example, such as High-Speed Trains. A novel proactive scheme has been presented by chapter 4 for directing the packet flows among the APs, with support of the trigger signal to activate layer 2 handover. By using the triggering signal, the performance of the suggested network surpassed the performance results that were not supported by the triggering signal. The average control delay time was reduced by nearly 45% and the retrieved data were roughly 90% of packet loss when adopting the triggering signal system.Ministry of Higher Education and Scientific Research (MOHESR) / Iraq, Iraqi Cultural Attach

Resilient and Scalable Forwarding for Software-Defined Networks with P4-Programmable Switches

Traditional networking devices support only fixed features and limited configurability. Network softwarization leverages programmable software and hardware platforms to remove those limitations. In this context the concept of programmable data planes allows directly to program the packet processing pipeline of networking devices and create custom control plane algorithms. This flexibility enables the design of novel networking mechanisms where the status quo struggles to meet high demands of next-generation networks like 5G, Internet of Things, cloud computing, and industry 4.0. P4 is the most popular technology to implement programmable data planes. However, programmable data planes, and in particular, the P4 technology, emerged only recently. Thus, P4 support for some well-established networking concepts is still lacking and several issues remain unsolved due to the different characteristics of programmable data planes in comparison to traditional networking. The research of this thesis focuses on two open issues of programmable data planes. First, it develops resilient and efficient forwarding mechanisms for the P4 data plane as there are no satisfying state of the art best practices yet. Second, it enables BIER in high-performance P4 data planes. BIER is a novel, scalable, and efficient transport mechanism for IP multicast traffic which has only very limited support of high-performance forwarding platforms yet. The main results of this thesis are published as 8 peer-reviewed and one post-publication peer-reviewed publication. The results cover the development of suitable resilience mechanisms for P4 data planes, the development and implementation of resilient BIER forwarding in P4, and the extensive evaluations of all developed and implemented mechanisms. Furthermore, the results contain a comprehensive P4 literature study. Two more peer-reviewed papers contain additional content that is not directly related to the main results. They implement congestion avoidance mechanisms in P4 and develop a scheduling concept to find cost-optimized load schedules based on day-ahead forecasts

Protecting Against Compromised Controllers in Software Defined Networks Using an Efficient Byzantine Fault Preventing Control Plane

Software Defined Networking (SDN) is a modern approach to computer networks that involves the separation of the control and forwarding planes. Using this approach, control is achieved through the use of an SDN controller, which enables the delivery of far more intelligent, efficient and resilient networks. Whilst the use of an SDN controller offers many potential benefits, the centralisation of network control introduces a single point of failure - if the SDN controller develops a fault, or is under attack, then the network can be severely disrupted. From a security perspective, the SDN controller represents a tempting target for an attacker - if the attacker can gain control over the controller then they can act as a malicious insider, gaining control over the operation of the whole network. The actions of a compromised SDN controller can be seen as an occurrence of byzantine (or arbitrary) faults. By introducing a byzantine fault tolerant (BFT) element to the control plane, insider attacks can be prevented. This thesis explores the impact of a compromised SDN controller, and provides a defence called SDBFT: Software Defined Byzantine Fault prevenTing control. I reduce fault tolerance to fault preventing, which means fault detecting with recovery. SDBFT prevents a compromised SDN controller from performing malicious actions in a network. Within this thesis, I first analyse and demonstrate a number of attacks that can be performed from a compromised controller, including an exploration of the impact of such attacks on a real-world scenario involving Industrial Control Systems (ICS). I then propose, implement and evaluate the SDBFT system, using novel algorithms that are able to protect against faulty controllers. I demonstrate through extensive experimentation that the SDBFT system far outperforms approaches built upon a traditional BFT model, and only represents a modest reduction in controller performance compared to the traditional SDN architecture

Data Communications and Network Technologies

This open access book is written according to the examination outline for Huawei HCIA-Routing Switching V2.5 certification, aiming to help readers master the basics of network communications and use Huawei network devices to set up enterprise LANs and WANs, wired networks, and wireless networks, ensure network security for enterprises, and grasp cutting-edge computer network technologies. The content of this book includes: network communication fundamentals, TCP/IP protocol, Huawei VRP operating system, IP addresses and subnetting, static and dynamic routing, Ethernet networking technology, ACL and AAA, network address translation, DHCP server, WLAN, IPv6, WAN PPP and PPPoE protocol, typical networking architecture and design cases of campus networks, SNMP protocol used by network management, operation and maintenance, network time protocol NTP, SND and NFV, programming, and automation. As the world’s leading provider of ICT (information and communication technology) infrastructure and smart terminals, Huawei’s products range from digital data communication, cyber security, wireless technology, data storage, cloud-computing, and smart computing to artificial intelligence

Data Communications and Network Technologies

This open access book is written according to the examination outline for Huawei HCIA-Routing Switching V2.5 certification, aiming to help readers master the basics of network communications and use Huawei network devices to set up enterprise LANs and WANs, wired networks, and wireless networks, ensure network security for enterprises, and grasp cutting-edge computer network technologies. The content of this book includes: network communication fundamentals, TCP/IP protocol, Huawei VRP operating system, IP addresses and subnetting, static and dynamic routing, Ethernet networking technology, ACL and AAA, network address translation, DHCP server, WLAN, IPv6, WAN PPP and PPPoE protocol, typical networking architecture and design cases of campus networks, SNMP protocol used by network management, operation and maintenance, network time protocol NTP, SND and NFV, programming, and automation. As the world’s leading provider of ICT (information and communication technology) infrastructure and smart terminals, Huawei’s products range from digital data communication, cyber security, wireless technology, data storage, cloud-computing, and smart computing to artificial intelligence