Use of locator/identifier separation to improve the future internet routing system

The Internet evolved from its early days of being a small research network to become a critical infrastructure many organizations and individuals rely on. One dimension of this evolution is the continuous growth of the number of participants in the network, far beyond what the initial designers had in mind. While it does work today, it is widely believed that the current design of the global routing system cannot scale to accommodate future challenges. In 2006 an Internet Architecture Board (IAB) workshop was held to develop a shared understanding of the Internet routing system scalability issues faced by the large backbone operators. The participants documented in RFC 4984 their belief that "routing scalability is the most important problem facing the Internet today and must be solved." A potential solution to the routing scalability problem is ending the semantic overloading of Internet addresses, by separating node location from identity. Several proposals exist to apply this idea to current Internet addressing, among which the Locator/Identifier Separation Protocol (LISP) is the only one already being shipped in production routers. Separating locators from identifiers results in another level of indirection, and introduces a new problem: how to determine location, when the identity is known. The first part of our work analyzes existing proposals for systems that map identifiers to locators and proposes an alternative system, within the LISP ecosystem. We created a large-scale Internet topology simulator and used it to compare the performance of three mapping systems: LISP-DHT, LISP+ALT and the proposed LISP-TREE. We analyzed and contrasted their architectural properties as well. The monitoring projects that supplied Internet routing table growth data over a large timespan inspired us to create LISPmon, a monitoring platform aimed at collecting, storing and presenting data gathered from the LISP pilot network, early in the deployment of the LISP protocol. The project web site and collected data is publicly available and will assist researchers in studying the evolution of the LISP mapping system. We also document how the newly introduced LISP network elements fit into the current Internet, advantages and disadvantages of different deployment options, and how the proposed transition mechanism scenarios could affect the evolution of the global routing system. This work is currently available as an active Internet Engineering Task Force (IETF) Internet Draft. The second part looks at the problem of efficient one-to-many communications, assuming a routing system that implements the above mentioned locator/identifier split paradigm. We propose a network layer protocol for efficient live streaming. It is incrementally deployable, with changes required only in the same border routers that should be upgraded to support locator/identifier separation. Our proof-of-concept Linux kernel implementation shows the feasibility of the protocol, and our comparison to popular peer-to-peer live streaming systems indicates important savings in inter-domain traffic. We believe LISP has considerable potential of getting adopted, and an important aspect of this work is how it might contribute towards a better mapping system design, by showing the weaknesses of current favorites and proposing alternatives. The presented results are an important step forward in addressing the routing scalability problem described in RFC 4984, and improving the delivery of live streaming video over the Internet

Multihoming with ILNP in FreeBSD

Multihoming allows nodes to be multiply connected to the network. It forms the basis of features which can improve network responsiveness and robustness; e.g. load balancing and fail-over, which can be considered as a choice between network locations. However, IP today assumes that IP addresses specify both network location and node identity. Therefore, these features must be implemented at routers. This dissertation considers an alternative based on the multihoming approach of the Identifier Locator Network Protocol (ILNP). ILNP is one of many proposals for a split between network location and node identity. However, unlike other proposals, ILNP removes the use of IP addresses as they are used today. To date, ILNP has not been implemented within an operating system stack. I produce the first implementation of ILNP in FreeBSD, based on a superset of IPv6 – ILNPv6 – and demonstrate a key feature of ILNP: multihoming as a first class function of the operating system, rather than being implemented as a routing function as it is today. To evaluate the multihoming capability, I demonstrate one important application of multihoming – load distribution – at three levels of network hierarchy including individual hosts, a singleton Site Border Router (SBR), and a novel, dynamically instantiated, distributed SBR (dSBR). For each level, I present empirical results from a hardware testbed; metrics include latency, throughput, loss and reordering. I compare performance with unmodified IPv6 and NPTv6. Finally, I evaluate the feasibility of dSBR-ILNPv6 as an alternative to existing multihoming approaches, based on measurements of the dSBR’s responsiveness to changes in site connectivity. We find that multihoming can be implemented by individual hosts and/or SBRs, without requiring additional routing state as is the case today, and without any significant additional load or overhead compared to unicast IPv6

Address spreading in future Internet supporting both the unlinkability of communication relations and the filtering of non legitimate traffic

The rotation of identifiers is a common security mechanism to protect telecommunication; one example is the frequency hopping in wireless communication, used against interception, radio jamming and interferences. In this thesis, we extend this rotation concept to the Internet. We use the large IPv6 address space to build pseudo-random sequences of IPv6 addresses, known only by senders and receivers. The sequences are used to periodically generate new identifiers, each of them being ephemeral. It provides a new solution to identify a flow of data, packets not following the sequence of addresses will be rejected. We called this technique “address spreading”. Since the attackers cannot guess the next addresses, it is no longer possible to inject packets. The real IPv6 addresses are obfuscated, protecting against targeted attacks and against identification of the computer sending a flow of data. We have not modified the routing part of IPv6 addresses, so the spreading can be easily deployed on the Internet. The “address spreading” needs a synchronization between devices, and it has to take care of latency in the network. Otherwise, the identification will reject the packets (false positive detection). We evaluate this risk with a theoretical estimation of packet loss and by running tests on the Internet. We propose a solution to provide a synchronization between devices. Since the address spreading cannot be deployed without cooperation of end networks, we propose to use ephemeral addresses. Such addresses have a lifetime limited to the communication lifetime between two devices. The ephemeral addresses are based on a cooperation between end devices, they add a tag to each flow of packets, and an intermediate device on the path of the communication, which obfuscates the real address of data flows. The tagging is based on the Flow Label field of IPv6 packets. We propose an evaluation of the current implementations on common operating systems. We fixed on the Linux Kernel behaviours not following the current standards, and bugs on the TCP stack for flow labels. We also provide new features like reading the incoming flow labels and reflecting the flow labels on a socket

Blind packet forwarding: a clean-slate security approach for future networks

Meanwhile, there exist a wealth of approaches for a Future Network Architecture (FNA). Although these approaches differ in their orientation, they all suggest that a network should be service-oriented and flexibly orchestrated from atomic smart in-network services. In order to utilise the complete functionality of the orchestrated network, the in-network services require access to various control data that is exchanged in different ways. Hence, the communication endpoints have to expose more and more information about themselves. However, the in-network services as well as third parties are able to sniff information while it is transferred in cleartext. Beside these considerations, end-to-end encryption is the de facto method applied to provide information confidentiality for two communicating endpoints. But if the communicating endpoints perform end-to-end encryption, in-network services cannot accomplish their tasks anymore, since they cannot access the encrypted control data. Thus, it becomes impossible to fully utilise the benefits of FNA approaches. These issues indicate that it is only possible to realise one of the two goals – information confidentiality and smart in-network services – at once. But we demonstrate the feasibility to simultaneously establish smart in-network services and to provide information confidentiality by redesigning the packet forwarding service to make it operate blindly, which we call Blind Packet Forwarding (BPF). We choose this in-network service as an example because packet forwarding is one of the basic services required for most network architectures. Moreover, packet addresses act as the basis for operations performed by further in-network services. Furthermore, it was not possible so far to transfer packet addresses in end-to-end encrypted form. BPF provides confidentiality for packet addresses during transmission as well as during processing by network nodes

Development and evaluation of smartphone-based ITS applications for vehicular networks

[ES] Una de las áreas de investigación que está recibiendo más atención recientemente es la de vehículos autónomos. Los investigadores están en este momento centrados en el tercer de los cinco niveles de autonomía, los cuales son: asistencia en la conducción, automatización parcial, automatización condicional, alta automatización y automatización completa. A pesar de los rápidos progresos que están habiendo en este campo, la adopción de estas soluciones llevará tiempo no sólo debido a cuestiones legales, sino también por el hecho de que los avances tecnológicos se enfrentan a un lento respaldo por parte de los fabricantes. Además, la baja tasa de renovación de vehículos de carretera, dificulta el despliegue de tecnologías innovadoras, como es el caso de la red vehicular. Ocho años después de la introducción de la norma 802.11p para la comunicación vehicular del Instituto de Ingenieros Eléctricos y Electrónicos (IIEE), los vehículos que se usan a diario todavía carecen de la capacidad de comunicarse entre sí. Este hecho impide el uso de las muchas aplicaciones de seguridad del Sistema de Inteligencia de Transporte (SIT) que aprovecha la red vehicular para el intercambio de datos. La forma obvia de manejar este problema es poner las tecnologías disponibles a la disposición de los usuarios comunes para desarrollar soluciones que se puedan implementar fácilmente y, además, económicas. Por esta razón, trasladamos nuestra atención a los dispositivos inteligentes, especialmente a los teléfonos inteligentes, los cuales han recorrido un largo camino desde la primera introducción de teléfonos móviles a finales del siglo XX. Hoy en día casi todos llevan uno en su bolsillo a donde sea que vayan, permitiéndoles no sólo hacer llamadas, sino también medir y controlar diferentes parámetros con la ayuda de los muchos sensores integrados que están disponibles para estos dispositivos compactos pero potentes. Nuestro objetivo es estudiar los efectos de la integración de los teléfonos inteligentes a la red vehicular para desarrollar aplicaciones de seguridad del SIT. La elección de los teléfonos inteligentes aquí no solo está justificada por su amplia disponibilidad y uso, sino también porque están evolucionando hacia terminales de alto rendimiento con microprocesadores de múltiples núcleos cargados dotados de un grupo suficientemente diverso de sensores. En esta tesis proponemos tres diferentes aplicaciones de seguridad SIT para teléfonos inteligentes, diseñados para aprovechar el entorno de red vehicular: una aplicación de generación de advertencia llamada Messiah que alerta a los conductores de la presencia de vehículos de emergencia en las cercanías; una aplicación de Advertencia de Colisión Frontal (ACF) que advierte a los conductores si no se mantiene la distancia de seguridad mínima entre el vehículo que va delante y el que lo sigue; y, por último, una aplicación que tiene como objetivo ayudar a los conductores con asistencia visual durante el adelantamiento, llamada EYES. Todas estas aplicaciones han sido desarrolladas para la plataforma Android, y dependen de la transmisión de datos entre vehículos. Dado que los vehículos que utilizamos día a día no admiten la posibilidad de comunicarse entre sí, también diseñamos GRCBox, que es una unidad integrada de bajo coste que permite la comunicación del Vehículo a Todo (V2X). A partir de nuestro estudio de aplicaciones para dispositivos móviles diseñados para redes vehiculares, descubrimos que el uso de teléfonos inteligentes proporciona una nueva dirección para la investigación relacionada con SIT y redes vehiculares al permitir la adopción rápida de las soluciones existentes, donde los usuarios pueden descargar y usar las aplicaciones con sólo un clic a un botón. Al mismo tiempo, la portabilidad y compacidad de los dispositivos los hace limitados en términos de velocidad, potencia de procesamiento y precisi[CA] Una de les àrees d'investigació que està rebent més atenció recentment és la de vehicles autònoms. Els investigadores estan en este moment centrats en el tercer dels cinc nivells d'autonomia, els quals són: assistència en la conducció, automatització parcial, automatització condicional, alta automatització i automatització completa. Malgrat els ràpids progressos que s'estan donant en este camp, l'adopció d'estes solucions portarà temps no sols degut a qüestions legals, sinó també pel fet que els avanços tecnològics s'enfronten a un lent recolzament per part dels fabricants. A més a més, la baixa taxa de renovació de vehicles de carretera, dificulta el desplegament de tecnologies innovadores com és el cas de la xarxa vehicular. Huit anys després de la introducció de la norma 802.11p per a la comunicació vehicular de l'Institut d'Enginyers Elèctrics i Electrònics (IEEE), els vehicles que s'utilitzen a diari encara manquen de la capacitat de comunicar-se entre sí. Este fet impedeix l'ús de les moltes aplicacions de seguretat del Sistema d'Intel·ligència de Transport (SIT) que aprofita la xarxa vehicular per a l'intercanvi de dades. La forma òbvia de tractar aquest problema és posar les tecnologies disponibles a la disposició dels usuaris comuns per a desenvolupar solucions que es puguen implementar fàcilment, còmodes d'adoptar i, a més a més, econòmiques. Per aquesta raó, traslladem la nostra atenció als dispositius intel·ligents, especialment als telèfons intel·ligents, els quals han recorregut un llarg camí des de la primera introducció de telèfons mòbils a finals del segle XX. Hui en dia quasi tots porten un en la butxaca on siga que vagen, permetent-los no sols fer cridades, sinó també mesurar i controlar diferents paràmetres amb l'ajuda dels molts sensors integrats que estan disponibles per a estos dispositius compactes però potents. El nostre objectiu és estudiar els efectes de la integració dels telèfons intel·ligents a la xarxa vehicular per a desenvolupar aplicacions de seguretat del SIT. L'elecció dels telèfons intel·ligents ací no està sols justificada per la seua àmplia disponibilitat i ús, sinó també perquè estan evolucionant cap a terminals d'alt rendiment amb microprocessadors de múltiples nuclis dotats amb un grup suficientment divers de sensors. En esta tesi proposem tres diferents aplicacions de seguretat SIT per a telèfons intel·ligents, dissenyats per a aprofitar l'entorn de xarxa vehicular: una aplicació de generació d'advertència anomenada Messiah que alerta els conductors de la presència de vehicles d'emergència en les proximitats; una aplicació Advertència de Col·lisió Frontal (ACF) que adverteix els conductors si no mantenen la distància de seguretat mínima entre el vehicle que va davant i el que el segueix; i, per últim, una aplicació que té com objectiu ajudar els conductors amb assistència visual durant l'avançament, anomenat EYES. Totes aquestes aplicacions han sigut desenvolupades per a la plataforma Android, i depenen de la transmissió de dades entre vehicles. Donat que els vehicles que utilitzem a diari no admeten la possibilitat de comunicar-se entre sí, també dissenyem GRCBox, que és una unitat integrada de baix cost que permet la comunicació de Vechicle a Tot (V2X). A partir del nostre estudi d'aplicacions per a dispositius mòbils dissenyats per a xarxes vehiculars, descobrim que l'ús de telèfons intel·ligents proporciona una nova direcció per a la investigació relacionada amb SIT i xarxes vehiculars al permetre l'adopció ràpida de les solucions existents, on els usuaris poden descarregar i utilitzar les aplicacions amb un sol clic a un botó. Però al mateix temps, la portabilitat i la compacitat dels dispositius els fa limitats en termes de velocitat, potència de processament i precisió del sensor integrat, cosa que afecta al rendiment de les aplicacions.[EN] One of the research areas that is receiving a lot of attention recently is autonomous vehicles. Researchers are currently focused on the third level of autonomy out of the five levels, which are: drive assistance, partial automation, conditional automation, high automation, and full automation. Even though rapid progress is being made in this field, the adoption of these solutions will take time not only due to legal issues, but also due to the fact that technological improvements face slow endorsement by manufacturers. Also, the slow renewal rate of vehicles on road hinders the deployment of novel technologies, as is the case of Vehicular Networks (VNs). Eight years after the introduction of the IEEE 802.11p standard for vehicular communication, vehicles used on a daily basis still lack the capability of communicating with one other. This fact impedes the use of the many ITS safety applications that take advantage of VNs for data exchange. The obvious way to handle this problem is to use the available technologies at the disposal of common users to develop solutions that are easily deployable, effortless to adopt, and moreover, cost effective. For this reason we shift our attention to smart devices, specially smartphones, which have come a long way since the first introduction of mobile phones in the late 20th century. Nowadays, nearly everyone carries one in their pocket anywhere they go, allowing them to not only make calls, but also to measure and monitor different parameters with the help of the many on-board sensors that are available to these compact yet powerful devices. Our objective is to study the effects of integrating smartphones to vehicular networks, to develop ITS safety applications. The choice of smartphones here is not only justified by their wide availability and use, but also because they are evolving towards high performance terminals with multi-core microprocessors packed with a sufficiently diverse group of sensors. In this thesis we propose three different ITS safety applications for smartphones, designed to take advantage of the vehicular network environment: a warning generation application called Messiah that alerts drivers of the presence of emergency vehicles in close proximity; a FCW application which warns drivers if a minimum safe distance is not maintained between the vehicle ahead and the one following it; and lastly an application that aims to aid drivers with visual assistance while overtaking, named EYES. All these applications have been developed for the Android platform, and are dependent on the data transmission among vehicles. Since vehicles we use on a day to day basis still do not accommodate the possibility to communicate with one another, we also designed the GRCBox, which is a low cost on-board unit that supports V2X communication. From our study of applications for mobile devices designed for VNs, we found that the use of smartphones provides a new direction to research related to ITS and VNs by allowing a quick adoption of the existing solutions, where users are able to download and use applications just by one click of a button. But at the same time, the portability and compactness of the devices makes them limited in terms of speed, processing power, and accuracy of the on-board sensor, thus affecting the performance of the applications. In our case, the simpler Messiah application performed very well, while the EYES application that is dependent on GPS data, and the FCW application which required heavy processing and use of the camera due to its dependence on plate recognition, were affected by the hardware limitations of the smartphones.Patra, S. (2019). Development and evaluation of smartphone-based ITS applications for vehicular networks [Tesis doctoral no publicada]. Universitat Politècnica de València. https://doi.org/10.4995/Thesis/10251/124058TESI

Operator interfaces for the lifecycle support of component based automation systems

Current manufacturing automation systems (specifically the powertrain sector) have been facing challenges with constant pressures of globalisation, environmental concerns and ICT (Information and Communication Technology) innovations. These challenges instigate new demands for shorter product lifecycles and require customised products to be manufactured as efficiently as possible. Manufacturing systems must therefore be agile to remain competitive by supporting frequent reconfigurations involving distributed engineering activities. [Continues.

Proceedings of the 4th International Conference on Principles and Practices of Programming in Java

This book contains the proceedings of the 4th international conference on principles and practices of programming in Java. The conference focuses on the different aspects of the Java programming language and its applications

Service architecting and dynamic composition in pervasive smart ecosystems for the Internet of things based on sensor network technology

Why pervasive awareness and Ambient Intelligence are perceived by a great part of the academia and industry as a massive revolution in the short-term? In our best knowledge, a cornerstone of this thought is based on the fact that the ultimate nature of the smart environment paradigm is not in the technology itself, but on a people-centered approach. Perhaps, is in this apparently simple conception where precisely lies the boldness of this promising vision, which has been consolidated in recent years with the emerging proliferation of mobile, personal, portable, wearable and sensory computing: to reach everyone and everywhere. On the one hand, it touches our daily lives in a close manner, minimizing the required attention from the users, anticipating to their needs with the main intention of redefining our idea of Quality of Experience. On the other hand, this new wave impacts everywhere at both global and personal scales allowing expanded connectivity between devices and smart objects, in a dynamic and ubiquitous manner, as a natural extension of the physical world around us. According to the above, this doctoral dissertation focuses on contributing to the integration of software and networking engineering advances in the field of pervasive smart spaces and environment using sensor networks. This is founded on the convergence of some information technology and computer science paradigms, such as service and agent orientation, semantic technologies and knowledge management in the framework of pervasive computing and the Internet of Things. To this end, the nSOM (nano Service-Oriented Middleware) and nSOL (nano Semantics-Oriented Language) approaches are presented. Firstly, the nSOM proposal defines a service-oriented platform for the implementation, deployment and exposure of agent-based in-network services to the Internet cloud on heterogeneous sensor devices. Secondly, the nSOL solution enables an abstraction for supporting ubiquitous service composition based on semantic knowledge management. The integration of both contributions leads to the formal modelling and practical development of adaptive virtual sensor services for pervasive Ambient Intelligence ecosystems. This work includes also the related performance characterization of the resulting prototype according to several metrics such as code size, volatile memory footprint, CPU overhead, service time delay and battery lifetime. Main foundations and outcomes presented in this essay are contextualized in the following European Research Projects: μSWN (FP6 code: IST-034642), DiYSE (ITEA2 code: 08005) and LifeWear (ITEA2 code: 09026). --------------------¿Por qué la sensibilidad ubicua y la inteligencia ambiental son percibidas por una gran parte de las comunidades académica e industrial como una revolución masiva en el corto plazo? En nuestra opinión, una piedra angular de este pensamiento es el hecho de que la naturaleza última del paradigma de entornos inteligentes no reside en la tecnología en sí misma, sino en una aproximación centrada en las personas. Y es quizá en esta aparente simple concepción donde se halla precisamente el atrevimiento de esta prometedora visión, consolidada en los últimos años con la emergente proliferación de la computación móvil, personal, portable, llevable y sensorial: llegar a todos y a todas partes. Por un lado, esta alcanza nuestras vidas de una manera cercana, minimizando la atención requerida por los usuarios, anticipándose a sus necesidades con el objetivo de redefinir nuestra idea de calidad de experiencia. Por otro lado, esta impacta en todas partes tanto a escala global como personal, con una conectividad expandida entre dispositivos y objetos inteligentes, de un modo ubicuo y dinámico, como una extensión natural del mundo que nos rodea. Conforme a lo anterior, esta tesis doctoral se centra en contribuir en la integración de los avances de ingeniería de redes y software en el ámbito de los espacios y entornos inteligentes ubicuos basados en redes de sensores. Esto se fundamenta en la convergencia de diversos paradigmas de las tecnologías de la información y ciencia de la computación, tales como orientación a servicios y agentes, tecnologías semánticas y de gestión del conocimiento en el contento de la computación ubicua en la Internet de las Cosas. Para este fin, se presentan las aproximaciones nSOM (nano Service-Oriented Middleware) y nSOL (nano Semantics-Oriented Language). En primer lugar, nSOM define una plataforma orientada a servicios para la implementación, despliegue y exposición a la nube de servicios basados en agentes e implementados en red sobre dispositivos heterogéneos de sensores. En segundo lugar, nSOL habilita una abstracción para proporcionar composición ubicua de servicios basada en gestión semántica del conocimiento. La integración de ambas contribuciones conduce a un modelado formal y de implementación práctica de servicios de sensor virtual adaptativos para ecosistemas de inteligencia ambiental. Este trabajo incluye la caracterización del rendimiento del prototipo resultante, basándonos para ello en métricas tales como tamaño de código, tamaño de memoria volátil, sobrecarga de procesamiento, retardo en tiempo de servicio y autonomía de baterías. Los principales fundamentos y resultados discutidos en este ensayo están contextualizados en los siguientes Proyectos de Investigación Europeos: μSWN (FP6 código: IST-034642), DiYSE (ITEA2 código: 08005) y LifeWear (ITEA2 código: 09026).Presidente: Juan Ramón Velasco Pérez; Vocal: Juan Carlos Dueñas; Secretario: Mario Muñoz Organer