SDN-DMM for intelligent mobility management in heterogeneous mobile IP networks

[EN] Mobility management applied to the traditional architecture of the Internet has become a great challenge because of the exponential growth in the number of devices that can connect to the network. This article proposes a Software-Defined Networking (SDN)-based architecture, called SDN-DMM (SDN-Distributed Mobility Management), that deals with the distributed mode of mobility management in heterogeneous access networks in a simplified and efficient way, ensuring mainly the continuity of IP sessions. Intent-based mobility management with an IP mapping schema for mobile node identification offers optimized routing without tunneling techniques, hence, an efficient use of the network infrastructure. The simplified mobility control API reduces both signaling and handover latency costs and provides a better scalability and performance in comparison with traditional and SDN-based DMM approaches. An analytical evaluation of such costs demonstrated the better performance of SDN-DMM, and a proof of concept of the proposal was implemented in a real environment.CAPES (Coordenacao de Aperfeicoamento de Pessoal de Nivel Superior) - Brasil; Secretaria de Estado de Investigacion, Desarrollo e Innovacion, Grant/Award Number: TIN2017-84802-C2-1-P; "Convocatoria 2017 - Proyectos I+D+I Programa Estatal de Investigacion, Desarrollo e Innovacion, convocatoria excelencia", Grant/Award Number: TIN2017-84802-C2-1-P; FAP-DF ("Fundacao de Apoio a Pesquisa do Distrito Federal")-BrazilTorres Cordova, R.; Gondim, PRL.; Llerena, YP.; Lloret, J. (2019). SDN-DMM for intelligent mobility management in heterogeneous mobile IP networks. International Journal of Communication Systems. 32(17):1-31. https://doi.org/10.1002/dac.4140131321

Performance assessment & synergic operation of algorithmic solutions enabling opportunistic networks– D4.2

Deliverable D4.2 del projecte europeu OneFITPeer ReviewedPostprint (updated version

A wireless multicast delivery architecture for mobile terminals

Content delivery over the Internet to a large number of mobile users offers interesting business opportunities for content providers, intermediaries, and access network operators. A user could receive, for example, music or a digital newspaper directly to a mobile device over wireless networks. Currently, content delivery over the Internet is held back by a number of reasons. Existing network technologies, such as GPRS, have a very limited capacity to transfer large files, such as those required for good-quality pictures in a newspaper. Another problem is security. Content received over the Internet is very vulnerable to being forged. A user who cannot be certain about the source and consistency of the received stock quotes is unlikely to pay for the information. Furthermore, content providers are unwilling to distribute their valuable information over the Internet due to their fear of copyright infringements. Traditionally, content has been considered consumed as soon as it has been downloaded. Content providers have been keen on preventing their content from being transferred over peer-to-peer networks because they consider the delivery itself to be a copyright infringement. In this dissertation, content delivery is separated from content consumption by encrypting the content before delivery. When the users wishes to consume the content, a license which includes the decryption key is provided. The architecture allows content to be delivered to users' devices even before the user commits to consume the content. The user can choose to receive content whenever downloading it is the most convenient and affordable. Thus, the content providers are able to maintain control over the use of their information even after the data has been transferred to the users' terminals. In addition, content received by users can be strongly source authenticated. The architecture allows secure, efficient and reliable delivery of content to a large group of receivers. The architecture does not commit itself to any specific delivery technique, and the content can be delivered using any delivery technique including multicast, broadcast, unicast, and peer-to-peer. This dissertation focuses mostly on multicast as the delivery technique. The efficiency of the multicast delivery over unreliable heterogenous wireless access networks is thoroughly analyzed. Mobile terminals can seamlessly switch between access points and access technologies while continuing to receive data reliably from the network. The multicast delivery uses adaptive error correction and retransmissions to deliver the content as efficiently as possible to a very large number of receivers. The simulations show, that the vast majority of receivers are able to receive the content reliably with a small delay even when the radio network suffers from high packet loss probability. Although the architecture is designed to deliver content to mobile terminals, it is also suitable for delivering content to terminals with fixed Internet connectivity.Digitaalisen sisällön siirtäminen liikkuville käyttäjille Internetin yli tarjoaa uusia liiketoimintamahdollisuuksia niin sisällöntuottajille, välittäjille kuin verkko-operaattoreille. Teknikkaa voidaan käyttää esimerkiksi musiikin tai sähköisten lehtien välittämiseen käyttäjille langattoman verkon kautta. Sisällön välittämistä Internetin kautta hankaloittaa yhä usea seikka. Nykyisin laajassa käytössä olevat verkkotekniikat, kuten GPRS, ovat liian hitaita siirtämään hyvin suuria tiedostoja suurelle määrällä vastaanottajia. Lisäksi väärennetyn tiedon välittäminen Internetin kautta on erittäin helppoa. Sisältö, jonka aitoudesta ja alkuperästä ei ole varmuutta, on usein arvotonta käyttäjälle. Sisällöntuottajat puolestaan ovat haluttomia käyttämään sisältönsä levittämiseen Internetiä mikäli digitaalisesti levitettävän sisällön kopioiminen ja oikeudeton kuluttaminen on liian helppoa. Perinteisesti sisältö ajatellaankin kulutetuksi jo sillä hetkellä, kun se on siirretty käyttäjän laitteeseen. Sen vuoksi sisällön tuottajat ovatkin käyttäneet paljon resursejaan estääkseen sisältönsä välittämisen vertaisverkoissa, koska jo pelkkää sisällön siirtämistä pidetään tekijänoikeusrikkomuksena. Tässä työssä erotetaan sisällön siirtäminen sisällön kuluttamisesta suojaamalla sisältö salauksella ennen sen siirtämistä käyttäjille ja sallimalla vapaa salatun sisällön jakelu. Arkkitehtuuri mahdollistaa sisällön siirtämisen käyttäjien laitteille silloin kun sisällön siirtäminen on edullisinta ja tehokkainta. Vasta käyttäjän halutessa kuluttaa aiemmin lataamaansa sisältöä, tarkistetaan oikeis sisällön käyttöön. Arkkitehtuuri mahdollistaa myös ladatun sisällön alkuperän ja eheyden vahvan tarkistamisen. Arkkitehtuuri mahdollistaa turvallisen, tehokkaan ja luotettavan sisällön siirtämisen suurelle määrälle vastaanottajia. Arkkitehtuuri ei pakota sisällön jakelua käyttämään mitään tiettyä siirtomenetelmää vaan sisältö voidaan siirtää käyttäen esimerkiksi ryhmälähetystä (multicast), joukkolähetystä (broadcast), täsmälähetystä (unicast) tai vertaisverkkoja (peer-to-peer). Tässä työssä on keskitytty analysoimaan ryhmälähetyksen soveltuvuutta tiedon siirtomenetelmänä. Ryhmälähetysmenetelmän tehokkuutta on analysoitu siirrettäessä sisältöä heterogeenisen langattoman liityntäverkon yli. Liikkuvat päätelaitteet voivat siirtyä saumattomasti liityntäverkosta toiseen samalla kun ne vastaanottavat sisältöä. Ryhmälähetys hyödyntää adaptiivista virheenkorjausta ja uudelleenlähetyksiä siirtääkseen sisällönmahdollisimman tehokkaasti suurelle joukolle vastaanottajia. Simulaatiot osoittavat, että erittäin suuri osa vastaanottajista saa sisällön luotettavasti ja pienellä viiveellä vaikka liityntäverkossa pakettien virhetodennäköisyys olisi suuri. Arkkitehtuuri on suunniteltu siirtämään sisältöä liikkuville laitteille, mutta sitä voidaan käyttää yhtä hyvin myös kiinteään verkkoon liitettyjen laitteiden kanssa.reviewe

The Road Ahead for Networking: A Survey on ICN-IP Coexistence Solutions

In recent years, the current Internet has experienced an unexpected paradigm shift in the usage model, which has pushed researchers towards the design of the Information-Centric Networking (ICN) paradigm as a possible replacement of the existing architecture. Even though both Academia and Industry have investigated the feasibility and effectiveness of ICN, achieving the complete replacement of the Internet Protocol (IP) is a challenging task. Some research groups have already addressed the coexistence by designing their own architectures, but none of those is the final solution to move towards the future Internet considering the unaltered state of the networking. To design such architecture, the research community needs now a comprehensive overview of the existing solutions that have so far addressed the coexistence. The purpose of this paper is to reach this goal by providing the first comprehensive survey and classification of the coexistence architectures according to their features (i.e., deployment approach, deployment scenarios, addressed coexistence requirements and architecture or technology used) and evaluation parameters (i.e., challenges emerging during the deployment and the runtime behaviour of an architecture). We believe that this paper will finally fill the gap required for moving towards the design of the final coexistence architecture.Comment: 23 pages, 16 figures, 3 table

Fast and seamless mobility management in IPV6-based next-generation wireless networks

Introduction -- Access router tunnelling protocol (ARTP) -- Proposed integrated architecture for next generation wireless networks -- Proposed seamless handoff schemes in next generation wireless networks -- Proposed fast mac layer handoff scheme for MIPV6/WLANs

Efficient Passive Clustering and Gateways selection MANETs

Passive clustering does not employ control packets to collect topological information in ad hoc networks. In our proposal, we avoid making frequent changes in cluster architecture due to repeated election and re-election of cluster heads and gateways. Our primary objective has been to make Passive Clustering more practical by employing optimal number of gateways and reduce the number of rebroadcast packets

Mobility management in 5G heterogeneous networks

In recent years, mobile data traffic has increased exponentially as a result of widespread popularity and uptake of portable devices, such as smartphones, tablets and laptops. This growth has placed enormous stress on network service providers who are committed to offering the best quality of service to consumer groups. Consequently, telecommunication engineers are investigating innovative solutions to accommodate the additional load offered by growing numbers of mobile users. The fifth generation (5G) of wireless communication standard is expected to provide numerous innovative solutions to meet the growing demand of consumer groups. Accordingly the ultimate goal is to achieve several key technological milestones including up to 1000 times higher wireless area capacity and a significant cut in power consumption. Massive deployment of small cells is likely to be a key innovation in 5G, which enables frequent frequency reuse and higher data rates. Small cells, however, present a major challenge for nodes moving at vehicular speeds. This is because the smaller coverage areas of small cells result in frequent handover, which leads to lower throughput and longer delay. In this thesis, a new mobility management technique is introduced that reduces the number of handovers in a 5G heterogeneous network. This research also investigates techniques to accommodate low latency applications in nodes moving at vehicular speeds

Flexible Application-Layer Multicast in Heterogeneous Networks

This work develops a set of peer-to-peer-based protocols and extensions in order to provide Internet-wide group communication. The focus is put to the question how different access technologies can be integrated in order to face the growing traffic load problem. Thereby, protocols are developed that allow autonomous adaptation to the current network situation on the one hand and the integration of WiFi domains where applicable on the other hand

Security technologies for wireless access to local area networks

In today’s world, computers and networks are connected to all life aspects and professions. The amount of information, personal and organizational, spread over the network is increasing exponentially. Simultaneously, malicious attacks are being developed at the same speed, which makes having a secure network system a crucial factor on every level and in any organization. Achieving a high protection level has been the goal of many organizations, such as the Wi-Fi Alliance R , and many standards and protocols have been developed over time. This work addresses the historical development of WLAN security technologies, starting from the oldest standard, WEP, and reaching the newly released standard WPA3, passing through the several versions in between,WPA, WPS, WPA2, and EAP. Along with WPA3, this work addresses two newer certificates, Enhanced OpenTM and Easy ConnectTM. Furthermore, a comparative analysis of the previous standards is also presented, detailing their security mechanisms, flaws, attacks, and the measures they have adopted to prevent these attacks. Focusing on the new released WPA3, this work presents a deep study on both WPA3 and EAP-pwd. The development of WPA3 had the objective of providing strong protection, even if the network’s password is considered weak. However, this objective was not fully accomplished and some recent research work discovered design flaws in this new standard. Along with the above studies, this master thesis’ work builds also a network for penetration testing using a set of new devices that support the new standard. A group of possible attacks onWi-Fi latest security standards was implemented on the network, testing the response against each of them, discussing the reason behind the success or the failure of the attack, and providing a set of countermeasures applicable against these attacks. Obtained results show that WPA3 has overcome many of WPA2’s issues, however, it is still unable to overcome some major Wi-Fi vulnerabilities.No mundo de hoje, os computadores e as redes estão conectados praticamente a todos os aspectos da nossa vida pessoal e profissional. A quantidade de informações, pessoais e organizacionais, espalhadas pela rede está a aumentar exponencialmente. Simultaneamente, também os ataques maliciosos estão a aumentar à mesma velocidade, o que faz com que um sistema de rede seguro seja um fator crucial a todos os níveis e em qualquer organização. Alcançar altos níveis de proteção tem sido o objetivo de trabalho de muitas organizações, como a Wi-Fi Alliance R , tendo muitos standards e protocolos sido desenvolvidos ao longo do tempo. Este trabalho aborda o desenvolvimento histórico das tecnologias de segurança para WLANs, começando pelo standard mais antigo, WEP, e acabando no recém-chegado WPA3, passando pelas várias versões intermedias, WPA, WPS, WPA2 e EAP. Juntamente com o WPA3, este trabalho aborda os dois certificados mais recentes, Enhanced OpenTM e Easy ConnectTM. Além disso, também é apresentada uma análise comparativa dos standards anteriores, detalhando os seus principais mecanismos de segurança, falhas, ataques a que são susceptíveis e medidas adotadas para evitar esses ataques. Quanto ao novo WPA3 e EAP-pwd, este trabalho apresenta um estudo aprofundado sobre os seus modos "Personal" e "Enterprise". O desenvolvimento do WPA3 teve por objetivo fornecer proteção forte, mesmo que a password de rede seja considerada fraca. No entanto, esse objetivo não foi totalmente alcançado e alguma investigação realizada recentemente detectou falhas de desenho nesse novo padrão. Juntamente com os estudo dos standards acima referidos, o trabalho realizado para esta tese de mestrado também constrói uma rede para testes de penetração usando um conjunto de novos dispositivos que já suportam o novo standard. São aplicados vários ataques aos mais recentes padrões de segurança Wi-Fi, é testada a sua resposta contra cada um deles, é discutindo o motivo que justifica o sucesso ou a falha do ataque, e são indicadas contramedidas aplicáveis a esses ataques. Os resultados obtidos mostram que o WPA3 superou muitos dos problemas do WPA2 mas que, no entanto, ainda é incapaz de superar algumas das vulnerabilidades presentes nas redes Wi-Fi.First, I would like to express my deepest appreciation to those who gave me the possibility to complete my study and get my Master degree, the Aga Khan Foundation, who has supported me financiall