Enhanced Quality of Experience Based on Enriched Network Centric and Access Control Mechanisms

In the digital world service provisioning in user satisfying quality has become the goal of any content or network provider. Besides having satisfied and therefore, loyal users, the creation of sustainable revenue streams is the most important issue for network operators [1], [2], [3]. The motivation of this work is to enhance the quality of experience of users when they connect to the Internet, request application services as well as to maintain full service when these users are on the move in WLAN based access networks. In this context, the aspect of additional revenue creation for network operators is considered as well. The enhancements presented in this work are based on enriched network centric and access control mechanisms which will be achieved in three different areas of networks capabilities, namely the network performance, the network access and the network features themselves. In the area of network performance a novel authentication and authorisation method is introduced which overcomes the drawback of long authentication time in the handover procedure as required by the generic IEEE 802.1X process using the EAP-TLS method. The novel sequential authentication solution reduces the communication interruption time in a WLAN handover process of currently several hundred milliseconds to some milliseconds by combining the WPA2 PSK and the WPA2 EAP-TLS. In the area of usability a new user-friendly hotspot registration and login mechanisms is presented which significantly simplifies how users obtain WLAN hotspot login credentials and logon to a hotspot. This novel barcode initiated hotspot auto-login solution obtains user credentials through a simple SMS and performs an auto-login process that avoids the need to enter user name and password on the login page manually. In the area of network features a new system is proposed which overcomes the drawback that users are not aware of the quality in which a service can be provided prior to starting the service. This novel graceful denial of service solution informs the user about the expected application service quality before the application service is started

Towards a secure service provisioning framework in a Smart city environment

© 2017 Elsevier B.V. Over the past few years the concept of Smart cities has emerged to transform urban areas into connected and well informed spaces. Services that make smart cities “smart” are curated by using data streams of smart cities i.e., inhabitants’ location information, digital engagement, transportation, environment and local government data. Accumulating and processing of these data streams raise security and privacy concerns at individual and community levels. Sizeable attempts have been made to ensure the security and privacy of inhabitants’ data. However, the security and privacy issues of smart cities are not only confined to inhabitants; service providers and local governments have their own reservations — service provider trust, reliability of the sensed data, and data ownership, to name a few. In this research we identified a comprehensive list of stakeholders and modelled their involvement in smart cities by using the Onion Model approach. Based on the model we present a security and privacy-aware framework for service provisioning in smart cities, namely the ‘Smart Secure Service Provisioning’ (SSServProv) Framework. Unlike previous attempts, our framework provides end-to-end security and privacy features for trustable data acquisition, transmission, processing and legitimate service provisioning. The proposed framework ensures inhabitants’ privacy, and also guarantees integrity of services. It also ensures that public data is never misused by malicious service providers. To demonstrate the efficacy of SSServProv we developed and tested core functionalities of authentication, authorisation and lightweight secure communication protocol for data acquisition and service provisioning. For various smart cities service provisioning scenarios we verified these protocols by an automated security verification tool called Scyther

Deliverable JRA1.1: Evaluation of current network control and management planes for multi-domain network infrastructure

This deliverable includes a compilation and evaluation of available control and management architectures and protocols applicable to a multilayer infrastructure in a multi-domain Virtual Network environment.The scope of this deliverable is mainly focused on the virtualisation of the resources within a network and at processing nodes. The virtualization of the FEDERICA infrastructure allows the provisioning of its available resources to users by means of FEDERICA slices. A slice is seen by the user as a real physical network under his/her domain, however it maps to a logical partition (a virtual instance) of the physical FEDERICA resources. A slice is built to exhibit to the highest degree all the principles applicable to a physical network (isolation, reproducibility, manageability, ...). Currently, there are no standard definitions available for network virtualization or its associated architectures. Therefore, this deliverable proposes the Virtual Network layer architecture and evaluates a set of Management- and Control Planes that can be used for the partitioning and virtualization of the FEDERICA network resources. This evaluation has been performed taking into account an initial set of FEDERICA requirements; a possible extension of the selected tools will be evaluated in future deliverables. The studies described in this deliverable define the virtual architecture of the FEDERICA infrastructure. During this activity, the need has been recognised to establish a new set of basic definitions (taxonomy) for the building blocks that compose the so-called slice, i.e. the virtual network instantiation (which is virtual with regard to the abstracted view made of the building blocks of the FEDERICA infrastructure) and its architectural plane representation. These definitions will be established as a common nomenclature for the FEDERICA project. Other important aspects when defining a new architecture are the user requirements. It is crucial that the resulting architecture fits the demands that users may have. Since this deliverable has been produced at the same time as the contact process with users, made by the project activities related to the Use Case definitions, JRA1 has proposed a set of basic Use Cases to be considered as starting point for its internal studies. When researchers want to experiment with their developments, they need not only network resources on their slices, but also a slice of the processing resources. These processing slice resources are understood as virtual machine instances that users can use to make them behave as software routers or end nodes, on which to download the software protocols or applications they have produced and want to assess in a realistic environment. Hence, this deliverable also studies the APIs of several virtual machine management software products in order to identify which best suits FEDERICA’s needs.Postprint (published version

Evaluation and Deployment of a Private Cloud Framework at DI-FCT-NOVA

In today’s technological landscape, there is an ever-increasing demand for computing resources for simulations, machine learning, or other use-cases. This demand can be seen across the business world, with the success of Amazon’s AWS and Microsoft’s Azure offer- ings, which provide a cloud of on-demand computing resources to any paying customer. The necessity for computing resources is no less felt in the academic world, where departments are forced to assign researchers and teachers to time-consuming system administrator roles, to allocate resources to users, leading to delays and wasted potential. Allowing researchers to request computing resources and then get them, on-demand, with minimal input from any administrative staff, is a great boon. Not only does it increase productivity of the administrators themselves, but it also allows users (teachers, researchers and students) to get the resources they need faster, and more securely. This goal is attainable through the use of a cloud management framework to assist in the administration of a department’s computing infrastructure. This dissertation aims to provide a critical evaluation on the adequacy of three cloud management frameworks, evaluating the requirements for a private cloud at the DI- FCT-NOVA, as well as which features of the selected cloud framework may be used in the fulfilment of the department’s needs. The final goal is to architect and deploy the selected framework to DI-FCT-NOVA, which will give the department a maintainable state-of-the-art private cloud deployment, capable of adequately responding to the needs of its users.No cenário tecnológico atual, existe uma necessidade crescente por recursos computaci- onais quer para simulações, aprendizagem automática, ou outros fins. Essa necessidade pode ser vista no mundo dos negócios, traduzindo-se no sucesso da Amazon AWS e a da Microsoft Azure, entre outras, que oferecem clouds de recursos computacionais a qualquer cliente, sujeito a diferentes formas de pagamento. A necessidade de recursos computacionais não é menos sentida no mundo académico, onde departamentos são forçados a atribuir a investigadores e professores tarefas onerosas que desperdiçam o seu potencial, como administração de sistemas computacionais com o fim de alocar recursos quem deles necessita (docentes, investigadores e estudantes). Permitir que se peçam recursos computacionais, e estes sejam alocados com o mínimo de interacção de uma equipa administrativa, é um grande benefício. Isto não só aumenta a produtividade dos próprios administradores, como também permite que se obtenham os recursos mais depressa, e de forma mais segura. Esta meta é alcançável através do uso de uma framework de gestão de cloud, cujo objectivo é assistir na administração da infraestrutura computacional de um departamento. Esta dissertação tem como objectivo fornecer uma avaliação crítica da adequação de três frameworks de gestão de cloud, avaliar os requisitos necessários para uma cloud privada no DI-FCT-NOVA, e identificar que funcionalidades da framework selecionada podem ser utilizadas para a satisfação dos requisitos indicados. O objectivo final é dese- nhar e instalar a framework selecionada no DI-FCT-NOVA, oferecendo assim uma cloud privada de última geração, capaz de responder adequadamente às necessidades dos seus utilizadores - docentes, investigadores e estudantes

Design and Experimental Validation of a Software-Defined Radio Access Network Testbed with Slicing Support

Network slicing is a fundamental feature of 5G systems to partition a single network into a number of segregated logical networks, each optimized for a particular type of service, or dedicated to a particular customer or application. The realization of network slicing is particularly challenging in the Radio Access Network (RAN) part, where multiple slices can be multiplexed over the same radio channel and Radio Resource Management (RRM) functions shall be used to split the cell radio resources and achieve the expected behaviour per slice. In this context, this paper describes the key design and implementation aspects of a Software-Defined RAN (SD-RAN) experimental testbed with slicing support. The testbed has been designed consistently with the slicing capabilities and related management framework established by 3GPP in Release 15. The testbed is used to demonstrate the provisioning of RAN slices (e.g. preparation, commissioning and activation phases) and the operation of the implemented RRM functionality for slice-aware admission control and scheduling

Using SAML and XACML for Complex Resource Provisioning in Grid Based Applications

This paper presents ongoing research and current results on the development of flexible access control infrastructure for complex resource provisioning (CRP) in Grid-based applications. The paper proposes a general CRP model and specifies major requirements to the Authorisation (AuthZ) service infrastructure to support multidomain CRP, focusing on two main issues – policy expression for complex resource models and AuthZ session support. The paper provides suggestions about using XACML and its profiles to describe access control policies to complex resources and briefly describes proposed XML based AuthZ ticket format to support extended AuthZ session context. Additionally, the paper discusses what specific functionality can be added to the gLite Java Authorisation Framework (gJAF), to handle dynamic security context including AuthZ session support. The paper is based on experiences gained from major Grid based and Grid oriented projects such as EGEE