Study and analysis of mobility, security, and caching issues in CCN

Existing architecture of Internet is IP-centric, having capability to cope with the needs of the Internet users. Due to the recent advancements and emerging technologies, a need to have ubiquitous connectivity has become the primary focus. Increasing demands for location-independent content raised the requirement of a new architecture and hence it became a research challenge. Content Centric Networking (CCN) paradigm emerges as an alternative to IP-centric model and is based on name-based forwarding and in-network data caching. It is likely to address certain challenges that have not been solved by IP-based protocols in wireless networks. Three important factors that require significant research related to CCN are mobility, security, and caching. While a number of studies have been conducted on CCN and its proposed technologies, none of the studies target all three significant research directions in a single article, to the best of our knowledge. This paper is an attempt to discuss the three factors together within context of each other. In this paper, we discuss and analyze basics of CCN principles with distributed properties of caching, mobility, and secure access control. Different comparisons are made to examine the strengths and weaknesses of each aforementioned aspect in detail. The final discussion aims to identify the open research challenges and some future trends for CCN deployment on a large scale

Detection of encrypted traffic generated by peer-to-peer live streaming applications using deep packet inspection

The number of applications using the peer-to-peer (P2P) networking paradigm and their popularity has substantially grown over the last decade. They evolved from the le-sharing applications to media streaming ones. Nowadays these applications commonly encrypt the communication contents or employ protocol obfuscation techniques. In this dissertation, it was conducted an investigation to identify encrypted traf c ows generated by three of the most popular P2P live streaming applications: TVUPlayer, Livestation and GoalBit. For this work, a test-bed that could simulate a near real scenario was created, and traf c was captured from a great variety of applications. The method proposed resort to Deep Packet Inspection (DPI), so we needed to analyse the payload of the packets in order to nd repeated patterns, that later were used to create a set of SNORT rules that can be used to detect key network packets generated by these applications. The method was evaluated experimentally on the test-bed created for that purpose, being shown that its accuracy is of 97% for GoalBit.A popularidade e o número de aplicações que usam o paradigma de redes par-a-par (P2P) têm crescido substancialmente na última década. Estas aplicações deixaram de serem usadas simplesmente para partilha de ficheiros e são agora usadas também para distribuir conteúdo multimédia. Hoje em dia, estas aplicações têm meios de cifrar o conteúdo da comunicação ou empregar técnicas de ofuscação directamente no protocolo. Nesta dissertação, foi realizada uma investigação para identificar fluxos de tráfego encriptados, que foram gerados por três aplicações populares de distribuição de conteúdo multimédia em redes P2P: TVUPlayer, Livestation e GoalBit. Para este trabalho, foi criada uma plataforma de testes que pretendia simular um cenário quase real, e o tráfego que foi capturado, continha uma grande variedade de aplicações. O método proposto nesta dissertação recorre à técnica de Inspecção Profunda de Pacotes (DPI), e por isso, foi necessário 21nalisar o conteúdo dos pacotes a fim de encontrar padrões que se repetissem, e que iriam mais tarde ser usados para criar um conjunto de regras SNORT para detecção de pacotes chave· na rede, gerados por estas aplicações, afim de se poder correctamente classificar os fluxos de tráfego. Após descobrir que a aplicação Livestation deixou de funcionar com P2P, apenas as duas regras criadas até esse momento foram usadas. Quanto à aplicação TVUPlayer, foram criadas várias regras a partir do tráfego gerado por ela mesma e que tiveram uma boa taxa de precisão. Várias regras foram também criadas para a aplicação GoalBit em que foram usados quatro cenários: com e sem encriptação usando a opção de transmissão tracker, e com e sem encriptação usando a opção de transmissão sem necessidade de tracker (aqui foi usado o protocolo Kademlia). O método foi avaliado experimentalmente na plataforma de testes criada para o efeito, sendo demonstrado que a precisão do conjunto de regras para a aplicação GoallBit é de 97%.Fundação para a Ciência e a Tecnologia (FCT

Intrusion Prevention and Detection in Wireless Sensor Networks

The broadcast nature of the transmission medium in wireless sensor networks makes information more vulnerable than in wired applications. In this dissertation we first propose a distributed, deterministic key management protocol designed to satisfy authentication and confidentiality, without the need of a key distribution center. Next we propose Scatter, a secure code authentication scheme for efficient reprogramming sensor networks. Scatter avoids the use of Elliptic Key Cryptography and manages to surpass all previous attempts for secure code dissemination in terms of energy consumption and time efficiency. Next we introduce the problem of intrusion detection in sensor networks. We define the problem formally based on a generic system model and we prove a necessary and sufficient condition for successful detection of the attacker. Finally we present the architecture and implementation of an intrusion detection system which is based on a distributed architecture and it is lightweight enough to run on the nodes

Scalable and interference aware wi-fi mesh networks using cots devices

A crescente tendencia no acesso móvel tem sido potenciada pela tecnologia IEEE 802.11. Contudo, estas redes têm alcance rádio limitado. Para a extensão da sua cobertura é possível recorrer a redes emalhadas sem fios baseadas na tecnologia IEEE 802.11, com vantagem do ponto de vista do custo e da flexibilidade de instalação, face a soluções cabladas. Redes emalhadas sem fios constituídas por nós com apenas uma interface têm escalabilidade reduzida. A principal razão dessa limitação deve-se ao uso do mecanismo de acesso ao meio partilhado Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA) em topologias multi-hop. Especificamente, o CSMA/CA não evita o problema do nó escondido levando ao aumento do número de colisões e correspondente degradação de desempenho com impacto direto no throughput e na latência. Com a redução da tecnologia rádio torna-se viável a utilização de múltiplos rádios por nó, sem com isso aumentar significativamente o custo da solução final de comunicações. A utilização de mais do que um rádio por nó de comuniações permite superar os problemas de desempenho inerentes ás redes formadas por nós com apenas um rádio. O objetivo desta tese, passa por desenvolver uma nova solução para redes emalhadas multi-cana, duar-radio, utilizando para isso novos mecanismos que complementam os mecanismos definidos no IEEE 802.11 para o estabelecimento de um Basic Service Set (BSS). A solução é baseada na solução WiFIX, um protocolo de routing para redes emalhadas de interface única e reutiliza os mecanismos já implementados nas redes IEEE 802.11 para difundir métricas que permitam à rede escalar de forma eficaz minimizando o impacto na performance. A rede multi-hop é formada por nós equipados com duas interfaces, organizados numa topologia hierárquica sobre múltiplas relações Access Point (AP) – Station (STA). Os resultados experimentais obtidos mostram a eficácia e o bom desempenho da solução proposta face à solução WiFIX original.The increasing trend on mobile access has been mainly potentied for IEEE 802.11 technology. However these networks suffer from reduced radio range. The extension of coverage can be potentiated by mesh deployments since they provide an ease, robust, flexible and cost effective solution for this problem. These networks are built upon nodes scattered in a mesh topology that form the backbone of an extended basic service set. Single radio Wireless Mesh Networks (WMN) however suffer from reduced scalability. The main reason to such limitation is the use of Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA) in the multi-hop topology. Specifically, CSMA/CA fails to prevent the hidden and exposed node occurrence, which respectively, lead to an increase on the number of collisions and flow retentions. The direct impact on throughput and latency reduces the overall network performance to values that no longer match user increasing demands. As radio technology becomes cheaper, it became possible to equip nodes with multiple interfaces and operate them in multiple channels in order the reduce interference from links operating on a common channel. Therefore the goal of this thesis is to develop a new WMN Multi-Radio Multi-Channel (MRMC) solution addressing new mechanisms not yet covered in state of art. The proposed solution, is based on WiFIX, a Single Radio (SR) WMN routing protocol and reuses the mechanisms already implemented in IEEE 802.11 networks to broadcast metrics that enable the network to auto-configure efficiently and to scale with minimum overhead. The multi-hop backbone is formed by nodes equipped with two interfaces disposed in a hierarchical topology, under multiple Access Point (AP) - Station (STA) relations. The results obtained from an experimental testbed clearly show the effectiveness of the solution compared with the original WiFIX and its capability to scale resulting from the overhead control and co-channel interference reduction

Data transmissions through HFC return channels

Master'sMASTER OF ENGINEERIN

Making computers keep secrets.

Massachusetts Institute of Technology. Dept. of Electrical Engineering. Thesis. 1973. Ph.D.MICROFICHE COPY ALSO AVAILABLE IN BARKER ENGINEERING LIBRARY.Vita.Bibliography: leaves 338-341.Ph.D

Second year technical report on-board processing for future satellite communications systems

Advanced baseband and microwave switching techniques for large domestic communications satellites operating in the 30/20 GHz frequency bands are discussed. The nominal baseband processor throughput is one million packets per second (1.6 Gb/s) from one thousand T1 carrier rate customer premises terminals. A frequency reuse factor of sixteen is assumed by using 16 spot antenna beams with the same 100 MHz bandwidth per beam and a modulation with a one b/s per Hz bandwidth efficiency. Eight of the beams are fixed on major metropolitan areas and eight are scanning beams which periodically cover the remainder of the U.S. under dynamic control. User signals are regenerated (demodulated/remodulated) and message packages are reformatted on board. Frequency division multiple access and time division multiplex are employed on the uplinks and downlinks, respectively, for terminals within the coverage area and dwell interval of a scanning beam. Link establishment and packet routing protocols are defined. Also described is a detailed design of a separate 100 x 100 microwave switch capable of handling nonregenerated signals occupying the remaining 2.4 GHz bandwidth with 60 dB of isolation, at an estimated weight and power consumption of approximately 400 kg and 100 W, respectively

Convergencia de tecnologías ópticas y Ethernet en LAN, MAN y SAN: nuevas arquitecturas, análisis de prestaciones y eficiencia energética

Mención Internacional en el título de doctorThe development of Information Technologies in the last decades, especially the last two, together with the introduction of computing devices to the mainstream consumer market, has had the logical consequence of the generalisation of the Internet access. The explosive development of the smartphone market has brought ubiquity to that generalisation, to the point that social interaction, content sharing and content production happens all the time. Social networks have all but increased that trend, maximising the diffusion of multimedia content: images, audio and video, which require high network capacities to be enjoyed quickly. This need for endless bandwidth and speed in information sharing brings challenges that affect mainly optical Metropolitan Area Networks (MANs) and Wide Area Networks (WANs). Furthermore, the wide spreading of Ethernet technologies has also brought the possibility to achieve economies of scale by either extending the reach of Ethernet Local Area Networks (LANs) to the MAN and WAN environment or even integrating them with Storage Area Networks (SANs). Finally, this generalisation of telecommunication technologies in every day life has as a consequence an important rise in energy consumption as well. Because of this, providing energy efficient strategies in networking is key to ensure the scalability of the whole Internet. In this thesis, the main technologies in all the fields mentioned above are reviewed, its core challenges identified and several contributions beyond the state of the art are suggested to improve today’s MANs andWANs. In the first contribution of this thesism, the integration between Metro Ethernet and Wavelength Division Multiplexion (WDM) optical transparent rings is explored by proposing an adaptation architecture to provide efficient broadcast and multicast. The second contribution explores the fusion between transparent WDM and OCDMA architectures to simplify medium access in a ring. Regarding SANs, the third contribution explores the challenges in SANs through the problems of Fibre Channel over Ethernet due to buffer design issues. In this contribution, analysis, design and validation with FCoE traces and simulation is provided to calculate buffer overflow probabilities in the absence of flow control mechanisms taking into account the bursty nature of SAN traffic. Finally, the fourth and last contribution addresses the problems of energy efficiency in Plastic Optical Fibres (POF), a new kind of optical fibre more suitable for transmission in vehicles and for home networking. This contribution suggests two packet coalescing strategies to further improve the energy effiency mechanisms in POFs.El desarrollo de las Tecnologías de la Información en las últimas décadas, especialmente las últimas dos, junto con la introducción de dispositivos informáticos al mercado de masas, ha tenido como consecuencia lógica la generalización del acceso a Internet. El explosivo desarrollo del mercado de teléfonos inteligentes ha añadido un factor de ubicuidad a tal generalización, al extremo de que la interacción social, la compartición y producción de contenidos sucede a cada instante. Las redes sociales no han hecho sino incrementar tal tendencia, maximizando la difusión de contenido multimedia: imágenes, audio y vídeo, los cuales requieren gran capacidad en las redes para poder obtenerse con rapidez. Esta necesidad de ancho de banda ilimitado y velocidad en la compartición de información trae consigo retos que afectan principalmente a las Redes de Área Metropolitana (Metropolitan Area Networks, MANs) y Redes de Área Extensa (Wide Area Networks, WANs). Además, la gran difusión de las tecnologías Ethernet ha traído la posibilidad de alcanzar economías de escala bien extendiendo el alcance de Ethernet más allá de las Redes de Área Local (Local Area Networks, LANs) al entorno de las MAN y las WAN o incluso integrándolas con Redes de Almacenamiento (Storage Area Networks, SANs). Finalmente, esta generalización de las tecnologías de la comunicación en la vida cotidiana tiene también como consecuencia un importante aumento en el consumo de energía. Por tanto, desarrollar estrategias de transmisión en red eficientes energéticamente es clave para asegurar la escalabilidad de Internet. En esta tesis, las principales tecnologías de todos los campos mencionados arriba serán estudiadas, sus más importantes retos identificados y se sugieren varias contribuciones más allá del actual estado del arte para mejorar las actuales MANs y WANs. En la primera contribución de esta tesis, se explora la integración entre Metro Ethernet y anillos ópticos transparentes por Multiplexión en Longitud de Onda (Wavelength Division Multiplex, WDM) mediante la proposición de una arquitectura de adaptación para permitir la difusión y multidifusión eficiente. La segunda contribución explora la fusión entre las arquitecturas transparentes WDM y arquitecturas por Accesso Dividido Múltiple por Códigos Ópticos (OCDMA) para simplificar el acceso en una red en anillo. En lo referente a las SANs, la tercera contribución explora los retos en SANs a través de los problemas de Fibre Channel sobre Ethernet debido a los problemas en el diseño de búferes. En esta contribución, se provee un análisis, diseño y validación con trazas FCoE para calcular las probabilidades de desbordamiento de buffer en ausencia de mecanismos de control de flujo teniendo en cuenta la naturaleza rafagosa del tráfico de SAN. Finalmente, la cuarta y última contribución aborda los problemas de eficiencia energética en Fibras Ópticas Plásticas (POF), una nueva variedad de fibra óptica más adecuada para la transmisión en vehículos y para entornos de red caseros. Esta contribución sugiere dos estrategias de agrupamiento de paquetes para mejorar los mecanismos de eficiencia energética en POFs.Programa Oficial de Posgrado en Ingeniería TelemáticaPresidente: Luca Valcarenghi.- Secretario: Ignacio Soto Campos.- Vocal: Bas Huiszoo

Holistic security 4.0

The future computer climate will represent an ever more aligned world of integrating technologies, affecting consumer, business and industry sectors. The vision was first outlined in the Industry 4.0 conception. The elements which comprise smart systems or embedded devices have been investigated to determine the technological climate. The emerging technologies revolve around core concepts, and specifically in this project, the uses of Internet of Things (IoT), Industrial Internet of Things (IIoT) and Internet of Everything (IoE). The application of bare metal and logical technology qualities are put under the microscope to provide an effective blue print of the technological field. The systems and governance surrounding smart systems are also examined. Such an approach helps to explain the beneficial or negative elements of smart devices. Consequently, this ensures a comprehensive review of standards, laws, policy and guidance to enable security and cybersecurity of the 4.0 systems

Security protocols for linear network coding

Network coding, as the next generation of data routing protocols, enables each intermediate node in a network to process and encode its received data before forwarding it to the next nodes. Hence, the core idea in network coding is to allow a network to encode the data that is being transmitted through it. This revolutionary idea of data routing results in dynamic change in the content of each data packet. That is, in a network coding setting, the original data symbols that are generated at the source nodes evolve hop-by-hop as they travel through the intermediate nodes. This property is clearly in stark contrast with the methods that are used in traditional data routing protocols, where every intermediate node acts as a plain relay. In other words, in the conventional data routing algorithms, every intermediate node solely replicates its incoming data on one or more of its outgoing channels. The criteria and the policies based on which an intermediate node makes decisions about the proper outgoing channels corresponding to each incoming packet depend on the employed routing protocol. Usually, each intermediate node utilizes a set of routing information (such as a routing table) in order to find the most cost effective path or paths to the final destinations. The cost criterion may be defined based on various parameters, but what is fixed is that the general goal is always to find the most optimum route that starts from the node and reaches the final destination at the lowest cost. Upon finding the best output channels, the intermediate node simply copies the pertinent data packet on the optimum channels without inflicting any change in the data payload. This common method of data routing in conventional routing protocols is indeed considered as a very special case in network coding theory. The fact that in network coding every node processes (encodes) its input data to create its outgoing symbols implies that the encoding operation at a given network node can be expressed as a multi-input multi-output function which intakes the node's incoming data symbols as its input arguments and generates the outgoing data symbols departing the node as its outputs. Since each node in the network has its own function, they are called "local encoding function". This way of looking at the network coding operation enables us to simply define linear and nonlinear network coding as the network codes with linear and nonlinear local encoding functions, respectively. Hence, in linear network coding, every node (including the source and the sink nodes) executes a linear function on its incoming data symbols in order to generate its output symbols, while in nonlinear network coding this function is nonlinear. The linearity indicates that every output symbol of a local encoding function can be stated as a unique linear combination of its input symbols. Therefore, in linear network coding, the encoding operations at the intermediate nodes can be stated as matrix multiplications. If linear network coding is applied then each individual network node will have a matrix with known entries and fixed dimensions that represents the network coding operation at that particular node. These matrices will be called "local encoding matrix" in this work, where linear network coding is considered as the employed data routing protocol. The main focus of this thesis is to thoroughly study the security aspects of linear network coding, and propose new ideas and superior solutions for various security challenges that are faced in this class of data routing protocols. In a broad sense, security attacks can be categorized into two major classes: passive attacks and active attacks. In passive attacks (also known as wiretapping or eavesdropping attacks), the attacker threatens the confidentiality aspect of the data; meaning his goal is to obtain illicit access to the content of the data symbols while he is unable or not interested to change (manipulate) the content of the original data symbols. On the other hand, in active attacks (also known as pollution or Byzantine attacks), the attacker threatens the integrity and authenticity of data. That is, while the content of each original data packet is open and visible to everyone (including the attacker), his goal is to change or corrupt the content of data symbols or interrupt the data transmission process by jamming and blocking the flow of data stream in the network. Under assumption of linear network coding being the applied data routing scheme, both of these two attack classes are comprehensively studied in this thesis. Since in linear network coding each and every node in the network mixes up its incoming data to generate its outputs, observing the content of a symbol flowing on a channel usually does not reveal useful information about the original data symbols. This means network coding (and more specifically, linear network coding in our case) offers the network users an inherent and intrinsic level of security which is normally not an option when traditional store-and-forward data routing protocols are employed. In some cases and for some basic applications, this inherent security is enough; however, for many security-aware and sensitive applications that demand tighter security provisions, additional modifications to the base coding scheme are necessary in order to provide higher levels of security. In Chapter 2, six innovative security protocols that are tailored to effectively and efficiently counteract passive attackers in linear network coding are proposed. The solutions proposed in this chapter may be categorized in three main groups. Two protocols (A and B) are designed solely based on the intrinsic security feature of linear network coding. Protocol (A) requires each global encoding vector that is assigned to one of the network channels to have more than one nonzero entry. This stipulation is shown to be satisfied probabilistically with a probability that drastically approaches "1" as the code field, network capacity, or attacker's limitations increase. Protocol (B) is based on re-ordering the original message vector before sending it through the network. The re-ordering process is designed to elaborately scramble the message vector content in such a way that no additional function is required, yet by sending the scrambled message vector, the eavesdropper will not be able to obtain any information about any of the original data symbols. The sink nodes are the only nodes that are able to de-scramble the data and recover the original message vector. Both of these two protocols are extremely light-weight with no throughput reduction. The second group of our security solutions includes two protocols (C and E), each of which utilizes a hash function and a noisy symbol at the source node in order to generate the required random symbols (masking symbols) that are used to conceal the data symbols in the secured message vector. These protocols reduce the data rate by only one unit while they assume very lax conditions on the attacker's ability in accessing the independent network channels. The offered independency between the number of attacked channels and the secure data rate, and also enabling the source node to independently create its own keys and to change them as often as it generates new data packets are two of the remarkable properties of these protocols. The two remaining protocols (D and F) constituting the third group are in fact two variations of the second group protocols. That is, in order to alleviate the computational complexity burden of the algorithms in the second group, the hash functions are substituted by simple light-weight bijective functions in these protocols. Hence, in addition to all the benefits of the algorithms in the second group, these two protocols are also very fast and easy to implement. The fact that in (linear) network coding data symbols are constantly mixed up and intermingled as they travel through the network is indeed a double-edged sword. That is, as mixing and combining the data symbols provides some degree of security against snooping attackers (and this is besides the other advantages of network coding), if a malicious node injects some bogus or invalid data into the main data stream, then the inflicted pollution propagates throughout the network at an enormously great rate and causes the final destination nodes to be unable to recover the original data symbols. This class of attacks in linear network coding (i.e., pollution attacks) is studied in Chapter 3, where we propose a very efficient hierarchical scheme that is able to accurately pinpoint any number of polluting nodes in the network with any locational distribution. Our protocol is also capable of isolating and disconnecting the violating nodes from the rest of the network and therefore fixing the pollution problem in a more fundamental way