Network coding for reliable wireless sensor networks

Wireless sensor networks are used in many applications and are now a key element in the increasingly growing Internet of Things. These networks are composed of small nodes including wireless communication modules, and in most of the cases are able to autonomously con gure themselves into networks, to ensure sensed data delivery. As more and more sensor nodes and networks join the Internet of Things, collaboration between geographically distributed systems are expected. Peer to peer overlay networks can assist in the federation of these systems, for them to collaborate. Since participating peers/proxies contribute to storage and processing, there is no burden on speci c servers and bandwidth bottlenecks are avoided. Network coding can be used to improve the performance of wireless sensor networks. The idea is for data from multiple links to be combined at intermediate encoding nodes, before further transmission. This technique proved to have a lot of potential in a wide range of applications. In the particular case of sensor networks, network coding based protocols and algorithms try to achieve a balance between low packet error rate and energy consumption. For network coding based constrained networks to be federated using peer to peer overlays, it is necessary to enable the storage of encoding vectors and coded data by such distributed storage systems. Packets can arrive to the overlay through any gateway/proxy (peers in the overlay), and lost packets can be recovered by the overlay (or client) using original and coded data that has been stored. The decoding process requires a decoding service at the overlay network. Such architecture, which is the focus of this thesis, will allow constrained networks to reduce packet error rate in an energy e cient way, while bene ting from an e ective distributed storage solution for their federation. This will serve as a basis for the proposal of mathematical models and algorithms that determine the most e ective routing trees, for packet forwarding toward sink/gateway nodes, and best amount and placement of encoding nodes.As redes de sensores sem fios são usadas em muitas aplicações e são hoje consideradas um elemento-chave para o desenvolvimento da Internet das Coisas. Compostas por nós de pequena dimensão que incorporam módulos de comunicação sem fios, grande parte destas redes possuem a capacidade de se configurarem de forma autónoma, formando sistemas em rede para garantir a entrega dos dados recolhidos. (…

Application Layer Multicast Extensions to RELOAD

Native multicast deployment is relatively slow and linked with a number of issues. However, there are a number of native multicast regions. Application Layer Multicast (ALM) can be used in areas of the network where there is no native multicast available. The SAM (Scalable Adaptive Multicast) Research group within the IRTF is investigating hybrid approaches to multicast, involving native deployments were available and ALM in other regions. SAM is using a P2P overlay to connect the nodes. Here we describe a protocol and API extensions to RELOAD for constructing Scalable Adaptive Multicast (SAM) sessions using hybrid combinations of ALM, native multicast, and multicast tunnels. The Automatic Multicast Tunneling (AMT) relay and gateway elements are employed for interoperation between native regions and ALM regions

Data storage solutions for the federation of sensor networks

In the near future, most of our everyday devices will be accessible via some network and uniquely identified for interconnection over the Internet. This new paradigm, called Internet of Things (IoT), is already starting to influence our society and is now driving developments in many areas. There will be thousands, or even millions, of constrained devices that will be connected using standard protocols, such as Constrained Application Protocol (CoAP), that have been developed under certain specifications appropriate for this type of devices. In addition, there will be a need to interconnect networks of constrained devices in a reliable and scalable way, and federations of sensor networks using the Internet as a medium will be formed. To make the federation of geographically distributed CoAP based sensor networks possible, a CoAP Usage for REsource LOcation And Discovery (RELOAD) was recently proposed. RELOAD is a peer-to-peer (P2P) protocol that ensures an abstract storage and messaging service to its clients, and it relies on a set of cooperating peers that form a P2P overlay network for this purpose. This protocol allows to define so-called Usages for applications to work on top of this overlay network. The CoAP Usage for RELOAD is, therefore, a way for CoAP based devices to store their resources in a distributed P2P overlay. Although CoAP Usage for RELOAD is an important step towards the federation of sensor networks, in the particular case of IoT there will be consistency and efficiency problems. This happens because the resources of CoAP devices/Things can be in multiple data objects stored at the overlay network, called P2P resources. Thus, Thing resource updates can end up being consuming, as multiple P2P resources will have to be modified. Mechanisms to ensure consistency become, therefore, necessary. This thesis contributes to advances in the federation of sensor networks by proposing mechanisms for RELOAD/CoAP architectures that will allow consistency to be ensured. An overlay network service, required for such mechanisms to operate, is also proposed.Num futuro próximo, a maioria dos nossos dispositivos do dia-a-dia estarão acessíveis através de uma rede e serão identificados de forma única para poderem interligar-se através da Internet. Este novo paradigma, conhecido hoje por Internet das Coisas (IoT), já está a começar a influenciar a nossa sociedade e está agora a impulsionar desenvolvimentos em inúmeras áreas. Teremos milhares, ou mesmo milhões, de dispositivos restritos que utilizarão protocolos padrão que foram desenvolvidos de forma a cumprir determinadas especificações associadas a este tipo de dispositivos, especificações essas que têm a ver com o facto destes dispositivos terem normalmente restrições de memória, pouca capacidade de processamento e muitos possuirem limitações energéticas. Surgirá ainda a necessidade de interligar, de forma fiável e escalonável, redes de dispositivos restritos.(…

An interoperable and secure architecture for internet-scale decentralized personal communication

Interpersonal network communications, including Voice over IP (VoIP) and Instant Messaging (IM), are increasingly popular communications tools. However, systems to date have generally adopted a client-server model, requiring complex centralized infrastructure, or have not adhered to any VoIP or IM standard. Many deployment scenarios either require no central equipment, or due to unique properties of the deployment, are limited or rendered unattractive by central servers. to address these scenarios, we present a solution based on the Session Initiation Protocol (SIP) standard, utilizing a decentralized Peer-to-Peer (P2P) mechanism to distribute data. Our new approach, P2PSIP, enables users to communicate with minimal or no centralized servers, while providing secure, real-time, authenticated communications comparable in security and performance to centralized solutions.;We present two complete protocol descriptions and system designs. The first, the SOSIMPLE/dSIP protocol, is a P2P-over-SIP solution, utilizing SIP both for the transport of P2P messages and personal communications, yielding an interoperable, single-stack solution for P2P communications. The RELOAD protocol is a binary P2P protocol, designed for use in a SIP-using-P2P architecture where an existing SIP application is modified to use an additional, binary RELOAD stack to distribute user information without need for a central server.;To meet the unique security needs of a fully decentralized communications system, we propose an enrollment-time certificate authority model that provides asserted identity and strong P2P and user-level security. In this model, a centralized server is contacted only at enrollment time. No run-time connections to the servers are required.;Additionally, we show that traditional P2P message routing mechanisms are inappropriate for P2PSIP. The existing mechanisms are generally optimized for file sharing and neglect critical practical elements of the open Internet --- namely link-level security and asymmetric connectivity caused by Network Address Translators (NATs). In response to these shortcomings, we introduce a new message routing paradigm, Adaptive Routing (AR), and using both analytical models and simulation show that AR significantly improves message routing performance for P2PSIP systems.;Our work has led to the creation of a new research topic within the P2P and interpersonal communications communities, P2PSIP. Our seminal publications have provided the impetus for subsequent P2PSIP publications, for the listing of P2PSIP as a topic in conference calls for papers, and for the formation of a new working group in the Internet Engineering Task Force (IETF), directed to develop an open Internet standard for P2PSIP

Network Address Translator Traversal for the Peer-to-Peer Session Initiation Protocol on Mobile Phones

Osoitteenmuuntajat sallivat useiden isäntäkoneiden jakavan yhden tai useamman IP osoitteen. Päätös käyttää osoitteenmuuntajia yhtenä ratkaisuna IP osoitteiden ehtymiseen, on myöhemmin tuonut mukanaan lisähaasteita; osoitteenmuuntajat ovat erityisen ongelmallisia vertaisyhteyksille. ICE (Interactive Connectivity Establishment) on osoitteenmuuntajien läpäisymenetelmä, joka auttaa vertaiskoneita luomaan suoran polun osoitteenmuuntajien läsnä ollessa. ICE perustuu suurilta osin STUN (Session Traversal Utilities for NAT) ja TURN (Traversal Using Relays around NAT) -protokolliin. Nykyään vertaissovellukset ovat levinneet matkapuhelimiin, joilla voi myös olla osoitemuutettu osoite. Matkapuhelinten rajoitukset tietäen, on kiinnostavaa tietää osoitteenmuuntajien läpäisymenetelmien soveltuvuus matkapuhelimille P2PSIP:n (Peer-to-Peer Session Initiation Protocol) yhteydessä. SIP:iä käytettiin kommunikointi-istuntojen hallintaan vertaiskoneiden välillä. Toteutimme ICE-prototyypin mitataksemme STUN tai TURN asiakkaana tai palvelimena toimivan matkapuhelimen suorituskykyä huomioiden keskusyksikön kuorman, muistinkäytön, pakettien pudotusmäärän ja akun kulutuksen. Lisäksi työssä tutkittiin ICE:n vaikutusta P2PSIP:n viiveisiin. TURN välityspalvelimen käytön haittapuoli on kasvanut viive ja STUN koteloinnista johtuvat ylimääräiset tavut. Puhelimessa toimivan TURN palvelimen tulee rajoittaa asiakkaiden määrä sekä millaista dataa se voi välittää. Puhelin toimii hyvin STUN palvelimena, etenkin jos yhteyden ylläpitoviestit voidaan jättää huomiotta. Puhelimet voivat toimia osana P2PSIP-verkkoa myös osoitteenmuuntajien läsnä ollessa. On kuitenkin suotavaa, että osoitteenmuuntajat käyttäisivät osoite- ja porttiriippumatonta kuvausta, koska silloin välitystä ei tarvita.Network Address Translators (NATs) allow multiple hosts to share one or more IP addresses. The initial decision to use NATs as one of the solutions to Internet Protocol (IP) address depletion, has later induced further challenges; NATs are specially problematic in connection with peer-to-peer (P2P) communication. Interactive Connectivity Establishment (ICE) is a NAT traversal mechanism that helps peers in creating a direct path in the presence of NATs. ICE largely relies upon utilizing the mechanisms of Session Traversal Utilities for NAT (STUN) and Traversal Using Relays around NAT (TURN) protocols. Nowadays P2P applications are speading to mobile phones that can also have a NATed address. Knowing the constraints of mobile phones, we were interested in the applicability of NAT traversal mechanisms for mobile phones in the context of Peer-to-Peer Session Initiation Protocol (P2PSIP). SIP was used for controlling communication sessions between the peers. We implemented an ICE prototype for measuring CPU load, memory consumption, packet drop rate and battery consumption of a mobile phone acting as a STUN or TURN client or server. Additionally, we measured the impact of ICE on delays in P2PSIP. The downside of relaying messages via a TURN server is the increase in delay and the increased overhead due to STUN encapsulation. A TURN server running on a mobile phone has to limit the number of allocations and the type of data being transmitted through it. A mobile phone works well as STUN server, especially if keepalives can simply be ignored. Mobile phones can act as P2PSIP peers and TURN servers, even in the presence of NATs, however, it is preferable to have NATs using address and port-independent mapping, since then no relaying is needed. [

Security in peer-to-peer communication systems

P2PSIP (Peer-to-Peer Session Initiation Protocol) is a protocol developed by the IETF (Internet Engineering Task Force) for the establishment, completion and modi¿cation of communication sessions that emerges as a complement to SIP (Session Initiation Protocol) in environments where the original SIP protocol may fail for technical, ¿nancial, security, or social reasons. In order to do so, P2PSIP systems replace all the architecture of servers of the original SIP systems used for the registration and location of users, by a structured P2P network that distributes these functions among all the user agents that are part of the system. This new architecture, as with any emerging system, presents a completely new security problematic which analysis, subject of this thesis, is of crucial importance for its secure development and future standardization. Starting with a study of the state of the art in network security and continuing with more speci¿c systems such as SIP and P2P, we identify the most important security services within the architecture of a P2PSIP communication system: access control, bootstrap, routing, storage and communication. Once the security services have been identi¿ed, we conduct an analysis of the attacks that can a¿ect each of them, as well as a study of the existing countermeasures that can be used to prevent or mitigate these attacks. Based on the presented attacks and the weaknesses found in the existing measures to prevent them, we design speci¿c solutions to improve the security of P2PSIP communication systems. To this end, we focus on the service that stands as the cornerstone of P2PSIP communication systems¿ security: access control. Among the new designed solutions stand out: a certi¿cation model based on the segregation of the identity of users and nodes, a model for secure access control for on-the-¿y P2PSIP systems and an authorization framework for P2PSIP systems built on the recently published Internet Attribute Certi¿cate Pro¿le for Authorization. Finally, based on the existing measures and the new solutions designed, we de¿ne a set of security recommendations that should be considered for the design, implementation and maintenance of P2PSIP communication systems.Postprint (published version

The design of efficient and secure P2PSIP systems

Doktorgradsavhandling i informasjons- og kommunikasjonsteknologi, Universitetet i Agder, Grimstad, 201

A Common API for Transparent Hybrid Multicast

Group communication services exist in a large variety of flavors and technical implementations at different protocol layers. Multicast data distribution is most efficiently performed on the lowest available layer, but a heterogeneous deployment status of multicast technologies throughout the Internet requires an adaptive service binding at runtime. Today, it is difficult to write an application that runs everywhere and at the same time makes use of the most efficient multicast service available in the network. Facing robustness requirements, developers are frequently forced to use a stable upper-layer protocol provided by the application itself. This document describes a common multicast API that is suitable for transparent communication in underlay and overlay and that grants access to the different flavors of multicast. It proposes an abstract naming scheme that uses multicast URIs, and it discusses mapping mechanisms between different namespaces and distribution technologies. Additionally, this document describes the application of this API for building gateways that interconnect current Multicast Domains throughout the Internet. It reports on an implementation of the programming Interface, including service middleware. This document is a product of the Scalable Adaptive Multicast (SAM) Research Group