An empirical evaluation of a Shim6 implementation

Several solutions are proposed to enable scalable multihom- ing over IPv6. One of these proposals is Shim6, a host-based multihoming solution based on the modification of the Internet Protocol stack of the host. This modification adds a layer below the transport protocols but above the forwarding layer. As this approach makes the modifications to the network stack transparent, existing applications automatically ben- efit from Shim6 functionality. In this paper we investigated aspects of the performance of the LinShim6 implementation from Universit ́e Catholique de Louvain. We also outline our modifications of the LinShim6 implementation to allow external soft- ware to control the locators used between hosts

Design of interface selection protocols for multi-homed wireless networks

This thesis was submitted for the degree of Doctor of Philosophy and was awarded by Brunel University on 10 December 2010.The IEEE 802.11/802.16 standards conformant wireless communication stations have multi-homing transmission capability. To achieve greater communication efficiency, multi-homing capable stations use handover mechanism to select appropriate transmission channel according to variations in the channel quality. This thesis presents three internal-linked handover schemes, (1) Interface Selection Protocol (ISP), belonging to Wireless Local Area Network (WLAN)- Worldwide Interoperability for Microwave Access (WiMAX) environment (2) Fast Channel Scanning (FCS) and (3) Traffic Manager (TM), (2) and (3) belonging to WiMAX Environment. The proposed schemes in this thesis use a novel mechanism of providing a reliable communication route. This solution is based on a cross-layer communication framework, where the interface selection module uses various network related parameters from Medium Access Control (MAC) sub-layer/Physical Layer (PHY) across the protocol suite for decision making at the Network layer. The proposed solutions are highly responsive when compared with existing multi-homed schemes; responsiveness is one of the key factors in the design of such protocols. Selected route under these schemes is based on the most up to date link-layer information. Therefore, such a route is not only reliable in terms of route optimization but it also fulfils the application demands in terms of throughput and delay. Design of ISP protocol use probing frames during the route discovery process. The 802.11 mandates the use of different rates for data transmission frames. The ISP-metric can be incorporated into various routing aspects and its applicability is determined by the possibility of provision of MAC dependent parameters that are used to determine the best path metric values. In many cases, higher device density, interference and mobility cause variable medium access delays. It causes creation of ‘unreachable zones’, where destination is marked as unreachable. However, by use of the best path metric, the destination has been made reachable, anytime and anywhere, because of the intelligent use of the probing frames and interface selection algorithm implemented. The IEEE 802.16e introduces several MAC level queues for different access categories, maintaining service requirement within these queues; which imply that frames from a higher priority queue, i.e. video frames, are serviced more frequently than those belonging to lower priority queues. Such an enhancement at the MAC sub-layer introduces uneven queuing delays. Conventional routing protocols are unaware of such MAC specific constraints and as a result, these factors are not considered which result in channel performance degradation. To meet such challenges, the thesis presents FCS and TM schemes for WiMAX. For FCS, Its solution is to improve the mobile WiMAX handover and address the scanning latency. Since minimum scanning time is the most important issue in the handover process. This handover scheme aims to utilize the channel efficiently and apply such a procedure to reduce the time it takes to scan the neighboring access stations. TM uses MAC and physical layer (PHY) specific information in the interface metric and maintains a separate path to destination by applying an alternative interface operation. Simulation tests and comparisons with existing multi-homed protocols and handover schemes demonstrate the effectiveness of incorporating the medium dependent parameters. Moreover, show that suggested schemes, have shown better performance in terms of end-to-end delay and throughput, with efficiency up to 40% in specific test scenarios

Control plane handoff analysis for IP mobility

Seamless host mobility is vital to future network mobility, and has been an active research area for a long time. Much research focuses on the performance of the data plane. In this paper, we present comprehensive analyses on the control (signalling) plane in the IETF Mobile IPv6, and compare it with the IRTF Identifier-Locator Network Protocol (ILNP). The control plane behaviour is important in order to assess the robustness and scalability of the mobility protocol. ILNP has a different mobility model from Mobile IPv6: it isa host-based, end-to-end architecture and does not require additional network-layer entities. Hence, the control signals are exchanged only between the end systems. We provide model-based analyses for handoff signalling, and show that ILNP is more efficient than MIPv6 in terms of robustness and scalability. The analytical models we present could also be adapted for other mobility solutions, for comparative assessment.Postprin

End-to-end mobility for the internet using ILNP

This work was partially funded by the Government of Thailand through a PhD scholarship for Dr Phoomikiattisak.As the use of mobile devices and methods of wireless connectivity continue to increase, seamless mobility becomes more desirable and important. The current IETF Mobile IP standard relies on additional network entities for mobility management, can have poor performance, and has seen little deployment in real networks. We present a host-based mobility solution with a true end-to-end architecture using the Identifier-Locator Network Protocol (ILNP). We show how the TCP code in the Linux kernel can be extended allowing legacy TCP applications that use the standard C sockets API to operate over ILNP without requiring changes or recompilation. Our direct testbed performance comparison shows that ILNP provides better host mobility support than Mobile IPv6 in terms of session continuity, packet loss, and handoff delay for TCP.Publisher PDFPeer reviewe

Address spreading in future Internet supporting both the unlinkability of communication relations and the filtering of non legitimate traffic

The rotation of identifiers is a common security mechanism to protect telecommunication; one example is the frequency hopping in wireless communication, used against interception, radio jamming and interferences. In this thesis, we extend this rotation concept to the Internet. We use the large IPv6 address space to build pseudo-random sequences of IPv6 addresses, known only by senders and receivers. The sequences are used to periodically generate new identifiers, each of them being ephemeral. It provides a new solution to identify a flow of data, packets not following the sequence of addresses will be rejected. We called this technique “address spreading”. Since the attackers cannot guess the next addresses, it is no longer possible to inject packets. The real IPv6 addresses are obfuscated, protecting against targeted attacks and against identification of the computer sending a flow of data. We have not modified the routing part of IPv6 addresses, so the spreading can be easily deployed on the Internet. The “address spreading” needs a synchronization between devices, and it has to take care of latency in the network. Otherwise, the identification will reject the packets (false positive detection). We evaluate this risk with a theoretical estimation of packet loss and by running tests on the Internet. We propose a solution to provide a synchronization between devices. Since the address spreading cannot be deployed without cooperation of end networks, we propose to use ephemeral addresses. Such addresses have a lifetime limited to the communication lifetime between two devices. The ephemeral addresses are based on a cooperation between end devices, they add a tag to each flow of packets, and an intermediate device on the path of the communication, which obfuscates the real address of data flows. The tagging is based on the Flow Label field of IPv6 packets. We propose an evaluation of the current implementations on common operating systems. We fixed on the Linux Kernel behaviours not following the current standards, and bugs on the TCP stack for flow labels. We also provide new features like reading the incoming flow labels and reflecting the flow labels on a socket

Evaluating IP security and mobility on lightweight hardware

This work presents an empirical evaluation of applicability of selected existing IP security and mobility mechanisms to lightweight mobile devices and network components with limited resources and capabilities. In particular, we consider the Host Identity Protocol (HIP), recently specified by the IETF for achieving authentication, secure mobility and multihoming, data protection and prevention of several types of attacks. HIP uses the Diffie-Hellman protocol to establish a shared secret for two hosts, digital signatures to provide integrity of control plane and IPsec ESP encryption to protect user data. These computationally expensive operations might easily stress CPU, memory and battery resources of a lightweight client, as well as negatively affect data throughput and latency.We describe our porting experience with HIP on an embedded Linux PDA, a Symbian-based smartphone and two OpenWrt Wi-Fi access routers, thereby contributing to the protocol deployment. We present a set of measurement results of different HIP operations on these devices and evaluate the impact of public-key cryptography on the processor load, memory usage and battery lifetime, as well as the influence of the IPsec encryption on Round-Trip Time and TCP throughput. In addition, we assess how the lightweight hardware of a mobile handheld or a Wi-Fi access router in turn affects the duration of certain protocol operations including HIP base exchange, HIP mobility update, puzzle solving procedure and generation of an asymmetric key pair. After analyzing the empirical results we make conclusions and recommendations on applicability of unmodified HIP and IPsec to resource-constrained mobile devices. We also survey related work and draw parallels with our own research results

Design of interface selection protocols for multi-homed wireless networks

The IEEE 802.11/802.16 standards conformant wireless communication stations have multi-homing transmission capability. To achieve greater communication efficiency, multi-homing capable stations use handover mechanism to select appropriate transmission channel according to variations in the channel quality. This thesis presents three internal-linked handover schemes, (1) Interface Selection Protocol (ISP), belonging to Wireless Local Area Network (WLAN)- Worldwide Interoperability for Microwave Access (WiMAX) environment (2) Fast Channel Scanning (FCS) and (3) Traffic Manager (TM), (2) and (3) belonging to WiMAX Environment. The proposed schemes in this thesis use a novel mechanism of providing a reliable communication route. This solution is based on a cross-layer communication framework, where the interface selection module uses various network related parameters from Medium Access Control (MAC) sub-layer/Physical Layer (PHY) across the protocol suite for decision making at the Network layer. The proposed solutions are highly responsive when compared with existing multi-homed schemes; responsiveness is one of the key factors in the design of such protocols. Selected route under these schemes is based on the most up to date link-layer information. Therefore, such a route is not only reliable in terms of route optimization but it also fulfils the application demands in terms of throughput and delay. Design of ISP protocol use probing frames during the route discovery process. The 802.11 mandates the use of different rates for data transmission frames. The ISP-metric can be incorporated into various routing aspects and its applicability is determined by the possibility of provision of MAC dependent parameters that are used to determine the best path metric values. In many cases, higher device density, interference and mobility cause variable medium access delays. It causes creation of ‘unreachable zones’, where destination is marked as unreachable. However, by use of the best path metric, the destination has been made reachable, anytime and anywhere, because of the intelligent use of the probing frames and interface selection algorithm implemented. The IEEE 802.16e introduces several MAC level queues for different access categories, maintaining service requirement within these queues; which imply that frames from a higher priority queue, i.e. video frames, are serviced more frequently than those belonging to lower priority queues. Such an enhancement at the MAC sub-layer introduces uneven queuing delays. Conventional routing protocols are unaware of such MAC specific constraints and as a result, these factors are not considered which result in channel performance degradation. To meet such challenges, the thesis presents FCS and TM schemes for WiMAX. For FCS, Its solution is to improve the mobile WiMAX handover and address the scanning latency. Since minimum scanning time is the most important issue in the handover process. This handover scheme aims to utilize the channel efficiently and apply such a procedure to reduce the time it takes to scan the neighboring access stations. TM uses MAC and physical layer (PHY) specific information in the interface metric and maintains a separate path to destination by applying an alternative interface operation. Simulation tests and comparisons with existing multi-homed protocols and handover schemes demonstrate the effectiveness of incorporating the medium dependent parameters. Moreover, show that suggested schemes, have shown better performance in terms of end-to-end delay and throughput, with efficiency up to 40% in specific test scenarios.EThOS - Electronic Theses Online ServiceGBUnited Kingdo

Control mechanisms for mobile terminals in heterogeneous access technology environments

Internet is evolving to become mobile and ubiquitous. As a consequence, there is a trend towards a diversification of the access technologies, as it can be seen with the recent appearance of wireless technologies such as WiFi or UMTS and the future deployment of WiMAX. Following these new opportunities, multi-technology terminals able to connect to the Internet through different technologies are appearing in the market. In this scenario, users start to demand new solutions able to use these new technologies in a transparent way from the user point of view. Foreseeing this demand, the IEEE started developing the specification IEEE 802.21, which enables multi-technology terminals to handover from one technology to another in a transparent way for the user. This specification has not yet being finished, and its deployment requires from the research community to analyze how to integrate it in current networks, how to achieve maximum benefit from its possibilities, and how to configure its parameters. In this thesis we propose control mechanisms for IP terminals to i) support efficient handovers in multi-technology environments applying the 802.21 framework and ii) allow the use of several interfaces and/or multiple providers by the terminals to improve the failure robustness of their communications. These mechanisms are focused in the terminal, although we also provide details on how to integrate IEEE 802.21 into nowadays operator's networks. The contributions of this thesis are threefold. In the first place the integration of 802.21 into terminals has been studied, focusing on the configuration of the parameters required to decide when to perform a handover in the case when the handover is initiated by the terminal. This analysis has also been done taking into account variables such as the terminal speed and the delay of the links. In the second place, we have studied how to introduce the Network Controlled Handover concept, using 802.21, into the network, including the possibility of the handover being initiated by the network. We have analyzed which are the main benefits of this approach and proposed and validated an implementation of this concept in 802.21. In third place we have analyzed a protocol, REAP, under development in the IETF, which allows terminals to detect and recover from failures in the links used in their communications. We have focused in the analytical characterization of the time required to detect a failure, since this parameter is crucial for the application's behavior. The applications should be able to cope with a failure without being disrupted by it. Through the analytical study performed, the REAP protocol can be properly configured to achieve a target recovery time. All the proposed mechanisms have been validated through simulation, using several tools such as OPNET, OMNET++ and MatlabLas tecnologías de acceso están evolucionando hacia un perfil móvil y ubicuo. Así mismo se está produciendo una diversificación en las tecnologías de acceso disponibles, con la proliferación de tecnologías inalámbricas como WiFi o UMTS y el despliegue próximo de WiMAX. Con la diversificación en el acceso aparecen también los primeros terminales multi-tecnología, capaces de utilizar diferentes redes simultáneamente. En este escenario, los usuarios empiezan a demandar soluciones y servicios capaces de utilizar estas tecnologías de forma transparente al usuario. Anticipándose a esta demanda, el IEEE comenzó la estandarización de la especificación 802.21 que permitirá a terminales multi-tecnología la posibilidad de realizar traspasos transparentes entre diferentes redes de acceso. Dicha especificación todavía no ha sido completada y su despliegue requiere la investigación de cómo integrarla en las redes actuales, cómo obtener el máximo beneficio de las posibilidades que presenta, así como de la configuración de sus parámetros. En la presente Tesis Doctoral proponemos una arquitectura que dota a terminales IP de mecanismos de control para i) soportar movilidad eficiente en entornos multi-tecnología en el marco de 802.21 y ii) permitir el uso de múltiples interfaces y/o proveedores con el objetivo de mejorar la robustez ante fallos en las comunicaciones. Dicha arquitectura se centra en el terminal aunque también se aportan detalles de cómo introducir las modificaciones requeridas por IEEE 802.21 en las redes de los operadores. Las contribuciones realizadas son varias. En primer lugar se ha estudiado la integración de IEEE 802.21 en un terminal, centrándonos en la configuración de los parámetros utilizados para determinar el momento del traspaso cuando éste es iniciado por el terminal. En segundo lugar se estudió cómo introducir, usando IEEE 802.21, el concepto de traspaso controlado por la red incluyendo la posibilidad de que la propia red sea la iniciadora del traspaso, analizando sus beneficios y aportando una propuesta de implementación dentro de IEEE 802.21. En tercer lugar analizamos un protocolo, REAP, que se está desarrollando dentro del IETF para permitir, desde los terminales, la detección y recuperación frente a fallos en los enlaces usados en sus comunicaciones. Dentro de este bloque nos centramos en la caracterización analítica del tiempo requerido para detectar un fallo ya que este parámetro es de vital importancia para el funcionamiento de las aplicaciones, que deben poder sobrevivir a un fallo sin verse completamente interrumpidas por él. Con el estudio analítico realizado es posible configurar REAP para alcanzar un tiempo determinado de recuperación ante fallo. Todos los mecanismos propuestos han sido validados mediante simulación empleando diversas herramientas como OPNET, OMNET++ y Matla

Multihoming with ILNP in FreeBSD

Multihoming allows nodes to be multiply connected to the network. It forms the basis of features which can improve network responsiveness and robustness; e.g. load balancing and fail-over, which can be considered as a choice between network locations. However, IP today assumes that IP addresses specify both network location and node identity. Therefore, these features must be implemented at routers. This dissertation considers an alternative based on the multihoming approach of the Identifier Locator Network Protocol (ILNP). ILNP is one of many proposals for a split between network location and node identity. However, unlike other proposals, ILNP removes the use of IP addresses as they are used today. To date, ILNP has not been implemented within an operating system stack. I produce the first implementation of ILNP in FreeBSD, based on a superset of IPv6 – ILNPv6 – and demonstrate a key feature of ILNP: multihoming as a first class function of the operating system, rather than being implemented as a routing function as it is today. To evaluate the multihoming capability, I demonstrate one important application of multihoming – load distribution – at three levels of network hierarchy including individual hosts, a singleton Site Border Router (SBR), and a novel, dynamically instantiated, distributed SBR (dSBR). For each level, I present empirical results from a hardware testbed; metrics include latency, throughput, loss and reordering. I compare performance with unmodified IPv6 and NPTv6. Finally, I evaluate the feasibility of dSBR-ILNPv6 as an alternative to existing multihoming approaches, based on measurements of the dSBR’s responsiveness to changes in site connectivity. We find that multihoming can be implemented by individual hosts and/or SBRs, without requiring additional routing state as is the case today, and without any significant additional load or overhead compared to unicast IPv6

Secure Connectivity With Persistent Identities

In the current Internet the Internet Protocol address is burdened with two roles. It serves as the identifier and the locator for the host. As the host moves its identity changes with its locator. The research community thinks that the Future Internet will include identifier-locator split in some form. Identifier-locator split is seen as the solution to multiple problems. However, identifier-locator split introduces multiple new problems to the Internet. In this dissertation we concentrate on: the feasibility of using identifier-locator split with legacy applications, securing the resolution steps, using the persistent identity for access control, improving mobility in environments using multiple address families and so improving the disruption tolerance for connectivity. The proposed methods achieve theoretical and practical improvements over the earlier state of the art. To raise the overall awareness, our results have been published in interdisciplinary forums.Nykypäivän Internetissä IP-osoite on kuormitettu kahdella eri roolilla. IP toimii päätelaitteen osoitteena, mutta myös usein sen identiteetinä. Tällöin laitteen identiteetti muuttuu laitteen liikkuessa, koska laitteen osoite vaihtuu. Tutkimusyhteisön mielestä paikan ja identiteetin erottaminen on välttämätöntä tulevaisuuden Internetissä. Paikan ja identiteetin erottaminen tuo kuitenkin esiin joukon uusia ongelmia. Tässä väitöskirjassa keskitytään selvittämään paikan ja identiteetin erottamisen vaikutusta olemassa oleviin verkkoa käyttäviin sovelluksiin, turvaamaan nimien muuntaminen osoitteiksi, helpottamaan pitkäikäisten identiteettien käyttöä pääsyvalvonnassa ja parantamaan yhteyksien mahdollisuuksia selviytyä liikkumisesta usean osoiteperheen ympäristöissä. Väitöskirjassa ehdotetut menetelmät saavuttavat sekä teoreettisia että käytännön etuja verrattuna aiempiin kirjallisuudessa esitettyihin menetelmiin. Saavutetut tulokset on julkaistu eri osa-alojen foorumeilla