1,405 research outputs found
Information Centric Networking in the IoT: Experiments with NDN in the Wild
This paper explores the feasibility, advantages, and challenges of an
ICN-based approach in the Internet of Things. We report on the first NDN
experiments in a life-size IoT deployment, spread over tens of rooms on several
floors of a building. Based on the insights gained with these experiments, the
paper analyses the shortcomings of CCN applied to IoT. Several interoperable
CCN enhancements are then proposed and evaluated. We significantly decreased
control traffic (i.e., interest messages) and leverage data path and caching to
match IoT requirements in terms of energy and bandwidth constraints. Our
optimizations increase content availability in case of IoT nodes with
intermittent activity. This paper also provides the first experimental
comparison of CCN with the common IoT standards 6LoWPAN/RPL/UDP.Comment: 10 pages, 10 figures and tables, ACM ICN-2014 conferenc
Context-Awareness Enhances 5G Multi-Access Edge Computing Reliability
The fifth generation (5G) mobile telecommunication network is expected to
support Multi- Access Edge Computing (MEC), which intends to distribute
computation tasks and services from the central cloud to the edge clouds.
Towards ultra-responsive, ultra-reliable and ultra-low-latency MEC services,
the current mobile network security architecture should enable a more
decentralized approach for authentication and authorization processes. This
paper proposes a novel decentralized authentication architecture that supports
flexible and low-cost local authentication with the awareness of context
information of network elements such as user equipment and virtual network
functions. Based on a Markov model for backhaul link quality, as well as a
random walk mobility model with mixed mobility classes and traffic scenarios,
numerical simulations have demonstrated that the proposed approach is able to
achieve a flexible balance between the network operating cost and the MEC
reliability.Comment: Accepted by IEEE Access on Feb. 02, 201
Efficient signature verification and key revocation using identity based cryptography
Cryptography deals with the development and evaluation of procedures for securing digital information. It is essential whenever multiple entities want to communicate safely. One task of cryptography concerns digital signatures and the verification of a signer’s legitimacy requires trustworthy authentication and authorization. This is achieved by deploying cryptographic keys. When dynamic membership behavior and identity theft come into play, revocation of keys has to be addressed. Additionally, in use cases with limited networking, computational, or storage resources, efficiency is a key requirement for any solution.
In this work we present a solution for signature verification and key revocation in constraned environments, e.g., in the Internet of Things (IoT). Where other mechanisms generate expensive overheads, we achieve revocation through a single multicast message without significant computational or storage overhead. Exploiting Identity Based Cryptography (IBC) complements the approach with efficient creation and verification of signatures.
Our solution offers a framework for transforming a suitable signature scheme to a so-called Key Updatable Signature Scheme (KUSS) in three steps. Each step defines mathematical conditions for transformation and precise security notions. Thereby, the framework allows a novel combination of efficient Identity Based Signature (IBS) schemes with revocation mechanisms originally designed for confidentiality in group communications.
Practical applicability of our framework is demonstrated by transforming four well-established IBS schemes based on Elliptic Curve Cryptography (ECC). The security of the resulting group Identity Based Signature (gIBS) schemes is carefully analyzed with techniques of Provable Security.
We design and implement a testbed for evaluating these kind of cryptographic schemes on different computing- and networking hardware, typical for constrained environments. Measurements on this testbed provide evidence that the transformations are practicable and efficient. The revocation complexity in turn is significantly reduced compared to existing solutions. Some of our new schemes even outperform the signing process of the widely used Elliptic Curve Digital Signature Algorithm (ECDSA).
The presented transformations allow future application on schemes beyond IBS or ECC. This includes use cases dealing with Post-Quantum Cryptography, where the revocation efficiency is similarly relevant. Our work provides the basis for such solutions currently under investigation.Die Kryptographie ist ein Instrument der Informationssicherheit und beschäftigt sich mit der Entwicklung und Evaluierung von Algorithmen zur Sicherung digitaler Werte. Sie ist für die sichere Kommunikation zwischen mehreren Entitäten unerlässlich. Ein Bestandteil sind digitale Signaturen, für deren Erstellung man kryptographische Schlüssel benötigt. Bei der Verifikation muss zusätzlich die Authentizität und die Autorisierung des Unterzeichners gewährleistet werden. Dafür müssen Schlüssel vertrauensvoll verteilt und verwaltet werden. Wenn sie in Kommunikationssystemen mit häufig wechselnden Teilnehmern zum Einsatz kommen, müssen die Schlüssel auch widerruflich sein. In Anwendungsfällen mit eingeschränkter Netz-, Rechen- und Speicherkapazität ist die Effizienz ein wichtiges Kriterium.
Diese Arbeit liefert ein Rahmenwerk, mit dem Schlüssel effizient widerrufen und Signaturen effizient verifiziert werden können. Dabei fokussieren wir uns auf Szenarien aus dem Bereich des Internets der Dinge (IoT, Internet of Things). Im Gegensatz zu anderen Lösungen ermöglicht unser Ansatz den Widerruf von Schlüsseln mit einer einzelnen Nachricht innerhalb einer Kommunikationsgruppe. Dabei fällt nur geringer zusätzlicher Rechen- oder Speicheraufwand an. Ferner vervollständigt die Verwendung von Identitätsbasierter Kryptographie (IBC, Identity Based Cryptography) unsere Lösung mit effizienter Erstellung und Verifikation der Signaturen.
Hierfür liefert die Arbeit eine dreistufige mathematische Transformation von geeigneten Signaturverfahren zu sogenannten Key Updatable Signature Schemes (KUSS). Neben einer präzisen Definition der Sicherheitsziele werden für jeden Schritt mathematische Vorbedingungen zur Transformation festgelegt. Dies ermöglicht die innovative Kombination von Identitätsbasierten Signaturen (IBS, Identity Based Signature) mit effizienten und sicheren Mechanismen zum Schlüsselaustausch, die ursprünglich für vertrauliche Gruppenkommunikation entwickelt wurden. Wir zeigen die erfolgreiche Anwendung der Transformationen auf vier etablierten IBSVerfahren. Die ausschließliche Verwendung von Verfahren auf Basis der Elliptic Curve Cryptography (ECC) erlaubt es, den geringen Kapazitäten der Zielgeräte gerecht zu werden. Eine Analyse aller vier sogenannten group Identity Based Signature (gIBS) Verfahren mit Techniken aus dem Forschungsgebiet der Beweisbaren Sicherheit zeigt, dass die zuvor definierten Sicherheitsziele erreicht werden.
Zur praktischen Evaluierung unserer und ähnlicher kryptographischer Verfahren wird in dieser Arbeit eine Testumgebung entwickelt und mit IoT-typischen Rechen- und Netzmodulen bestückt. Hierdurch zeigt sich sowohl die praktische Anwendbarkeit der Transformationen als auch eine deutliche Reduktion der Komplexität gegenüber anderen Lösungsansätzen. Einige der von uns vorgeschlagenen Verfahren unterbieten gar die Laufzeiten des meistgenutzten Elliptic Curve Digital Signature Algorithm (ECDSA) bei der Erstellung der Signaturen.
Die Systematik der Lösung erlaubt prinzipiell auch die Transformation von Verfahren jenseits von IBS und ECC. Dadurch können auch Anwendungsfälle aus dem Bereich der Post-Quanten-Kryptographie von unseren Ergebnissen profitieren. Die vorliegende Arbeit liefert die nötigen Grundlagen für solche Erweiterungen, die aktuell diskutiert und entwickelt werden
Quantifying Potential Energy Efficiency Gain in Green Cellular Wireless Networks
Conventional cellular wireless networks were designed with the purpose of
providing high throughput for the user and high capacity for the service
provider, without any provisions of energy efficiency. As a result, these
networks have an enormous Carbon footprint. In this paper, we describe the
sources of the inefficiencies in such networks. First we present results of the
studies on how much Carbon footprint such networks generate. We also discuss
how much more mobile traffic is expected to increase so that this Carbon
footprint will even increase tremendously more. We then discuss specific
sources of inefficiency and potential sources of improvement at the physical
layer as well as at higher layers of the communication protocol hierarchy. In
particular, considering that most of the energy inefficiency in cellular
wireless networks is at the base stations, we discuss multi-tier networks and
point to the potential of exploiting mobility patterns in order to use base
station energy judiciously. We then investigate potential methods to reduce
this inefficiency and quantify their individual contributions. By a
consideration of the combination of all potential gains, we conclude that an
improvement in energy consumption in cellular wireless networks by two orders
of magnitude, or even more, is possible.Comment: arXiv admin note: text overlap with arXiv:1210.843
SpiNNaker: Fault tolerance in a power- and area- constrained large-scale neuromimetic architecture
AbstractSpiNNaker is a biologically-inspired massively-parallel computer designed to model up to a billion spiking neurons in real-time. A full-fledged implementation of a SpiNNaker system will comprise more than 105 integrated circuits (half of which are SDRAMs and half multi-core systems-on-chip). Given this scale, it is unavoidable that some components fail and, in consequence, fault-tolerance is a foundation of the system design. Although the target application can tolerate a certain, low level of failures, important efforts have been devoted to incorporate different techniques for fault tolerance. This paper is devoted to discussing how hardware and software mechanisms collaborate to make SpiNNaker operate properly even in the very likely scenario of component failures and how it can tolerate system-degradation levels well above those expected
Datacenter Traffic Control: Understanding Techniques and Trade-offs
Datacenters provide cost-effective and flexible access to scalable compute
and storage resources necessary for today's cloud computing needs. A typical
datacenter is made up of thousands of servers connected with a large network
and usually managed by one operator. To provide quality access to the variety
of applications and services hosted on datacenters and maximize performance, it
deems necessary to use datacenter networks effectively and efficiently.
Datacenter traffic is often a mix of several classes with different priorities
and requirements. This includes user-generated interactive traffic, traffic
with deadlines, and long-running traffic. To this end, custom transport
protocols and traffic management techniques have been developed to improve
datacenter network performance.
In this tutorial paper, we review the general architecture of datacenter
networks, various topologies proposed for them, their traffic properties,
general traffic control challenges in datacenters and general traffic control
objectives. The purpose of this paper is to bring out the important
characteristics of traffic control in datacenters and not to survey all
existing solutions (as it is virtually impossible due to massive body of
existing research). We hope to provide readers with a wide range of options and
factors while considering a variety of traffic control mechanisms. We discuss
various characteristics of datacenter traffic control including management
schemes, transmission control, traffic shaping, prioritization, load balancing,
multipathing, and traffic scheduling. Next, we point to several open challenges
as well as new and interesting networking paradigms. At the end of this paper,
we briefly review inter-datacenter networks that connect geographically
dispersed datacenters which have been receiving increasing attention recently
and pose interesting and novel research problems.Comment: Accepted for Publication in IEEE Communications Surveys and Tutorial
VINEA: a policy-based virtual network embedding architecture
Network virtualization has enabled new business models by allowing infrastructure providers to lease or share their physical network. To concurrently run multiple customized virtual network services, such infrastructure providers need to run a virtual network embedding protocol. The virtual network embedding is the (NP-hard) problem of matching constrained virtual networks onto the physical network.
We present the design and implementation of a policy-based architecture for the virtual network embedding problem. By policy, we mean a variant aspect of any of the (invariant) embedding mechanisms: resource discovery, virtual network mapping, and allocation on the physical infrastructure. Our architecture adapts to different scenarios by instantiating appropriate policies, and has bounds on embedding efficiency and on convergence embedding time, over a single provider, or across multiple federated providers. The performance of representative novel policy configurations are compared over a prototype implementation. We also present an object model as a foundation for a protocol specification, and we release a testbed to enable users to test their own embedding policies, and to run applications within their virtual networks. The testbed uses a Linux system architecture to reserve virtual node and link capacities.National Science Foundation (CNS-0963974
Automotive Ethernet architecture and security: challenges and technologies
Vehicle infrastructure must address the challenges posed by today's advances toward connected and autonomous vehicles. To allow for more flexible architectures, high-bandwidth connections and scalability are needed to connect many sensors and electronic control units (ECUs). At the same time, deterministic and low latency is a critical and significant design requirement to support urgent real-time applications in autonomous vehicles. As a recent solution, the time-sensitive network (TSN) was introduced as Ethernet-based amendments in IEEE 802.1 TSN standards to meet those needs. However, it had hurdle to be overcome before it can be used effectively. This paper discusses the latest studies concerning the automotive Ethernet requirements, including transmission delay studies to improve worst-case end-to-end delay and end-to-end jitter. Also, the paper focuses on the securing Ethernet-based in-vehicle networks (IVNs) by reviewing new encryption and authentication methods and approaches
- …