End-to-end security in active networks

Active network solutions have been proposed to many of the problems caused by the increasing heterogeneity of the Internet. These ystems allow nodes within the network to process data passing through in several ways. Allowing code from various sources to run on routers introduces numerous security concerns that have been addressed by research into safe languages, restricted execution environments, and other related areas. But little attention has been paid to an even more critical question: the effect on end-to-end security of active flow manipulation. This thesis first examines the threat model implicit in active networks. It develops a framework of security protocols in use at various layers of the networking stack, and their utility to multimedia transport and flow processing, and asks if it is reasonable to give active routers access to the plaintext of these flows. After considering the various security problem introduced, such as vulnerability to attacks on intermediaries or coercion, it concludes not. We then ask if active network systems can be built that maintain end-to-end security without seriously degrading the functionality they provide. We describe the design and analysis of three such protocols: a distributed packet filtering system that can be used to adjust multimedia bandwidth requirements and defend against denial-of-service attacks; an efficient composition of link and transport-layer reliability mechanisms that increases the performance of TCP over lossy wireless links; and a distributed watermarking servicethat can efficiently deliver media flows marked with the identity of their recipients. In all three cases, similar functionality is provided to designs that do not maintain end-to-end security. Finally, we reconsider traditional end-to-end arguments in both networking and security, and show that they have continuing importance for Internet design. Our watermarking work adds the concept of splitting trust throughout a network to that model; we suggest further applications of this idea

Advanced information processing system: The Army fault tolerant architecture conceptual study. Volume 2: Army fault tolerant architecture design and analysis

Described here is the Army Fault Tolerant Architecture (AFTA) hardware architecture and components and the operating system. The architectural and operational theory of the AFTA Fault Tolerant Data Bus is discussed. The test and maintenance strategy developed for use in fielded AFTA installations is presented. An approach to be used in reducing the probability of AFTA failure due to common mode faults is described. Analytical models for AFTA performance, reliability, availability, life cycle cost, weight, power, and volume are developed. An approach is presented for using VHSIC Hardware Description Language (VHDL) to describe and design AFTA's developmental hardware. A plan is described for verifying and validating key AFTA concepts during the Dem/Val phase. Analytical models and partial mission requirements are used to generate AFTA configurations for the TF/TA/NOE and Ground Vehicle missions

On Cloud-based multisource Reliable Multicast Transport in Broadband Multimedia Satellite Networks

Multimedia synchronization, Software Over the Air, Personal Information Management on Cloud networks require new reliable protocols, which reduce the traffic load in the core and edge network. This work shows via simulations the performance of an efficient multicast file delivery, which advantage of the distributed file storage in Cloud computing. The performance evaluation focuses on the case of a personal satellite equipment with error prone channels

Evaluation of unidirectional background push content download services for the delivery of television programs

Este trabajo de tesis presenta los servicios de descarga de contenido en modo push como un mecanismo eficiente para el envío de contenido de televisión pre-producido sobre redes de difusión. Hoy en día, los operadores de red dedican una cantidad considerable de recursos de red a la entrega en vivo de contenido televisivo, tanto sobre redes de difusión como sobre conexiones unidireccionales. Esta oferta de servicios responde únicamente a requisitos comerciales: disponer de los contenidos televisivos en cualquier momento y lugar. Sin embargo, desde un punto de vista estrictamente académico, el envío en vivo es únicamente un requerimiento para el contenido en vivo, no para contenidos que ya han sido producidos con anterioridad a su emisión. Más aún, la difusión es solo eficiente cuando el contenido es suficientemente popular. Los servicios bajo estudio en esta tesis utilizan capacidad residual en redes de difusión para enviar contenido pre-producido para que se almacene en los equipos de usuario. La propuesta se justifica únicamente por su eficiencia. Por un lado, genera valor de recursos de red que no se aprovecharían de otra manera. Por otro lado, realiza la entrega de contenidos pre-producidos y populares de la manera más eficiente: sobre servicios de descarga de contenidos en difusión. Los resultados incluyen modelos para la popularidad y la duración de contenidos, valiosos para cualquier trabajo de investigación basados en la entrega de contenidos televisivos. Además, la tesis evalúa la capacidad residual disponible en redes de difusión, por medio de estudios empíricos. Después, estos resultados son utilizados en simulaciones que evalúan las prestaciones de los servicios propuestos en escenarios diferentes y para aplicaciones diferentes. La evaluación demuestra que este tipo de servicios son un recurso muy útil para la entrega de contenido televisivo.This thesis dissertation presents background push Content Download Services as an efficient mechanism to deliver pre-produced television content through existing broadcast networks. Nowadays, network operators dedicate a considerable amount of network resources to live streaming live, through both broadcast and unicast connections. This service offering responds solely to commercial requirements: Content must be available anytime and anywhere. However, from a strictly academic point of view, live streaming is only a requirement for live content and not for pre-produced content. Moreover, broadcasting is only efficient when the content is sufficiently popular. The services under study in this thesis use residual capacity in broadcast networks to push popular, pre-produced content to storage capacity in customer premises equipment. The proposal responds only to efficiency requirements. On one hand, it creates value from network resources otherwise unused. On the other hand, it delivers popular pre-produced content in the most efficient way: through broadcast download services. The results include models for the popularity and the duration of television content, valuable for any research work dealing with file-based delivery of television content. Later, the thesis evaluates the residual capacity available in broadcast networks through empirical studies. These results are used in simulations to evaluate the performance of background push content download services in different scenarios and for different applications. The evaluation proves that this kind of services can become a great asset for the delivery of television contentFraile Gil, F. (2013). Evaluation of unidirectional background push content download services for the delivery of television programs [Tesis doctoral no publicada]. Universitat Politècnica de València. https://doi.org/10.4995/Thesis/10251/31656TESI

Scalable reliable on-demand media streaming protocols

This thesis considers the problem of delivering streaming media, on-demand, to potentially large numbers of concurrent clients. The problem has motivated the development in prior work of scalable protocols based on multicast or broadcast. However, previous protocols do not allow clients to efficiently: 1) recover from packet loss; 2) share bandwidth fairly with competing flows; or 3) maximize the playback quality at the client for any given client reception rate characteristics. In this work, new protocols, namely Reliable Periodic Broadcast (RPB) and Reliable Bandwidth Skimming (RBS), are developed that efficiently recover from packet loss and achieve close to the best possible server bandwidth scalability for a given set of client characteristics. To share bandwidth fairly with competing traffic such as TCP, these protocols can employ the Vegas Multicast Rate Control (VMRC) protocol proposed in this work. The VMRC protocol exhibits TCP Vegas-like behavior. In comparison to prior rate control protocols, VMRC provides less oscillatory reception rates to clients, and operates without inducing packet loss when the bottleneck link is lightly loaded. The VMRC protocol incorporates a new technique for dynamically adjusting the TCP Vegas threshold parameters based on measured characteristics of the network. This technique implements fair sharing of network resources with other types of competing flows, including widely deployed versions of TCP such as TCP Reno. This fair sharing is not possible with the previously defined static Vegas threshold parameters. The RPB protocol is extended to efficiently support quality adaptation. The Optimized Heterogeneous Periodic Broadcast (HPB) is designed to support a range of client reception rates and efficiently support static quality adaptation by allowing clients to work-ahead before beginning playback to receive a media file of the desired quality. A dynamic quality adaptation technique is developed and evaluated which allows clients to achieve more uniform playback quality given time-varying client reception rates

Content-Aware Multimedia Communications

The demands for fast, economic and reliable dissemination of multimedia information are steadily growing within our society. While people and economy increasingly rely on communication technologies, engineers still struggle with their growing complexity. Complexity in multimedia communication originates from several sources. The most prominent is the unreliability of packet networks like the Internet. Recent advances in scheduling and error control mechanisms for streaming protocols have shown that the quality and robustness of multimedia delivery can be improved significantly when protocols are aware of the content they deliver. However, the proposed mechanisms require close cooperation between transport systems and application layers which increases the overall system complexity. Current approaches also require expensive metrics and focus on special encoding formats only. A general and efficient model is missing so far. This thesis presents efficient and format-independent solutions to support cross-layer coordination in system architectures. In particular, the first contribution of this work is a generic dependency model that enables transport layers to access content-specific properties of media streams, such as dependencies between data units and their importance. The second contribution is the design of a programming model for streaming communication and its implementation as a middleware architecture. The programming model hides the complexity of protocol stacks behind simple programming abstractions, but exposes cross-layer control and monitoring options to application programmers. For example, our interfaces allow programmers to choose appropriate failure semantics at design time while they can refine error protection and visibility of low-level errors at run-time. Based on some examples we show how our middleware simplifies the integration of stream-based communication into large-scale application architectures. An important result of this work is that despite cross-layer cooperation, neither application nor transport protocol designers experience an increase in complexity. Application programmers can even reuse existing streaming protocols which effectively increases system robustness.Der Bedarf unsere Gesellschaft nach kostengünstiger und zuverlässiger Kommunikation wächst stetig. Während wir uns selbst immer mehr von modernen Kommunikationstechnologien abhängig machen, müssen die Ingenieure dieser Technologien sowohl den Bedarf nach schneller Einführung neuer Produkte befriedigen als auch die wachsende Komplexität der Systeme beherrschen. Gerade die Übertragung multimedialer Inhalte wie Video und Audiodaten ist nicht trivial. Einer der prominentesten Gründe dafür ist die Unzuverlässigkeit heutiger Netzwerke, wie z.B.~dem Internet. Paketverluste und schwankende Laufzeiten können die Darstellungsqualität massiv beeinträchtigen. Wie jüngste Entwicklungen im Bereich der Streaming-Protokolle zeigen, sind jedoch Qualität und Robustheit der Übertragung effizient kontrollierbar, wenn Streamingprotokolle Informationen über den Inhalt der transportierten Daten ausnutzen. Existierende Ansätze, die den Inhalt von Multimediadatenströmen beschreiben, sind allerdings meist auf einzelne Kompressionsverfahren spezialisiert und verwenden berechnungsintensive Metriken. Das reduziert ihren praktischen Nutzen deutlich. Außerdem erfordert der Informationsaustausch eine enge Kooperation zwischen Applikationen und Transportschichten. Da allerdings die Schnittstellen aktueller Systemarchitekturen nicht darauf vorbereitet sind, müssen entweder die Schnittstellen erweitert oder alternative Architekturkonzepte geschaffen werden. Die Gefahr beider Varianten ist jedoch, dass sich die Komplexität eines Systems dadurch weiter erhöhen kann. Das zentrale Ziel dieser Dissertation ist es deshalb, schichtenübergreifende Koordination bei gleichzeitiger Reduzierung der Komplexität zu erreichen. Hier leistet die Arbeit zwei Beträge zum aktuellen Stand der Forschung. Erstens definiert sie ein universelles Modell zur Beschreibung von Inhaltsattributen, wie Wichtigkeiten und Abhängigkeitsbeziehungen innerhalb eines Datenstroms. Transportschichten können dieses Wissen zur effizienten Fehlerkontrolle verwenden. Zweitens beschreibt die Arbeit das Noja Programmiermodell für multimediale Middleware. Noja definiert Abstraktionen zur Übertragung und Kontrolle multimedialer Ströme, die die Koordination von Streamingprotokollen mit Applikationen ermöglichen. Zum Beispiel können Programmierer geeignete Fehlersemantiken und Kommunikationstopologien auswählen und den konkreten Fehlerschutz dann zur Laufzeit verfeinern und kontrolliere

An Event System Architecture for Scaling Scale-Resistant Services

Large organizations are deploying ever-increasing numbers of networked compute devices, from utilities installing smart controllers on electricity distribution cables, to the military giving PDAs to soldiers, to corporations putting PCs on the desks of employees. These computers are often far more capable than is needed to accomplish their primary task, whether it be guarding a circuit breaker, displaying a map, or running a word processor. These devices would be far more useful if they had some awareness of the world around them: a controller that resists tripping a switch, knowing that it would set off a cascade failure, a PDA that warns its owner of imminent danger, a PC that exchanges reports of suspicious network activity to its peers to identify stealthy computer crackers. In order to provide these higher-level services, the devices need a model of their environment. The controller needs a model of the distribution grid, the PDA needs a model of the battlespace, and the PC needs a model of the network and of normal network and user behavior. Unfortunately, not only might models such as these require substantial computational resources, but generating and updating them is even more demanding. Modelbuilding algorithms tend to be bad in three ways: requiring large amounts of CPU and memory to run, needing large amounts of data from the outside to stay up to date, and running so slowly that can't keep up with any fast changes in the environment that might occur. We can solve these problems by reducing the scope of the model to the immediate locale of the device, since reducing the size of the model makes the problem of model generation much more tractable. But such models are also much less useful, having no knowledge of the wider system. This thesis proposes a better solution to this problem called Level of Detail, after the computer graphics technique of the same name. Instead of simplifying the representation of distant objects, however, we simplify less-important data. Compute devices in the system receive streams of data that is a mixture of detailed data from devices that directly affect them and data summaries (aggregated data) from less directly influential devices. The degree to which the data is aggregated (i.e., how much it is reduced) is determined by calculating an influence metric between the target device and the remote device. The smart controller thus receives a continuous stream of raw data from the adjacent transformer, but only an occasional small status report summarizing all the equipment in a neighborhood in another part of the city. This thesis describes the data distribution system, the aggregation functions, and the influence metrics that can be used to implement such a system. I also describe my current towards establishing a test environment and validating the concepts, and describe the next steps in the research plan

Point-to-Multipoint Services on Fifth-Generation Mobile Networks

[ES] Esta disertación cubre el estado del arte en LTE eMBMS Release 14, también conocido como Enhanced Television Services (ENTV). ENTV trajo un conjunto de mejoras, tanto a nivel radio como a nivel de núcleo, que transformó a eMBMS en un estándar de televisión terrestre completo. La última versión de esta tecnología se denomina LTE-based 5G Broadcast; pero no usa New Radio ni el núcleo 5G. Para proveer una solución nativa 5G de servicios punto-a-multipunto, hubo investigación en entornos acad\'emicos y colaboraciones público-privada. La iniciativa más notable en este aspecto fue el proyecto del Horizon 2020 5G-Xcast, que transcurrió de 2017 a 2019. 5G-Xcast produjo varias soluciones a nivel de arquitectura, desde la perspectiva de provisión de contenidos, nuevas funciones de red interoperables con el núcleo 5G, hasta modificaciones a la interfaz aire basada en New Radio. Los hallazgos del proyecto están descritos en esta tesis. La tesis incluye dos ejemplos de eMBMS aplicados a verticales diferentes, una para el uso de eMBMS en entornos industriales, y otra presentando eMBMS como un sistema SAP. Incluir servicios punto-a-multipunto como un modo adicional celular trae algunos desafíos, como ya mostró la estandarización de eMBMS: las redes de radiodifusión terrestre y las redes celulares son muy distintas entre ellas. Encontrar una forma de onda viable para ambas infraestructuras es complejo. Esta tesis ofrece un punto de vista distinto al problema: un escenario de colaboración entre cadenas televisivas y operadores móviles, donde la infraestructura de radiodifusión y móvil son compartidas. Este concepto se ha definido como Convergence of Terrestrial and Mobile Networks. Las tecnologías elegidas para converger son ATSC 3.0 y 5G, usando el Advanced Traffic Steering, Switching and Splitting (ATSSS). ATSSS está compuesto de una serie de procedimientos, interfaces, funciones de red, para permitir el uso compartido de un acceso 3GPP con uno non-3GPP, como Wi-Fi. Sin embargo, el uso de ATSSS para juntar radiodifusión y celular no es trivial, ya que ATSSS no fue dise\~{n}ado para enlaces radio unidireccionales como ATSC 3.0. Estas limitaciones son descritas en detalle, y una propuesta para solventarlas tambi\'en está incluida. La solución se basa en Quick UDP Internet Connections (QUIC), y se usa como ejemplo para la provisión de Convergent Services (File Repair y Video Offloading). La tesis concluye con una descripción de Release 17 5MBS, con los nuevos conceptos introducidos. 5MBS es capaz de cambiar entre unicast, multicast y broadcast; dependiendo del servicio, la ubicación geográfica de los usuarios, y las capacidades de la infraestructura móvil involucradas. Para evaluar 5MBS, se ha realizado un estudio de prestaciones, basado en comunicaciones multicast dentro del núcleo de red 5G. Este prototipo 5MBS forma parte del laboratorio VLC Campus 5G, y utiliza el software comercial Open5GCore como base del desarrollo. El modelo de sistema para la experimentación esta formado por un servidor de vídeo, que se conecta al Open5GCore y a las funciones de red mejoradas con funcionalidades 5MBS. Estas funciones de red envían el contenido mediante punto-a-multipunto a un entorno radio y terminales simulados. Los resultados obtenidos resaltan el objetivo principal de la tesis: las comunicaciones punto-a-multipunto son una solución escalable para el envío de contenido multimedia en directo.[CA] Aquesta dissertació cobreix capdavanter en LTE eMBMS Release 14, també conegut com Enhanced Television Services (ENTV). ENTV va portar un conjunt de millores, tant a nivell de ràdio com a nivell de nucli, que va transformar el eMBMS en un estàndard de televisió terrestre complet. La última versió d'aquesta tecnologia es denomina LTE-based 5G Broadcast; però no fa servir New Ràdio ni el nucli 5G. Per a proveir una solució nativa 5G de serveis punt-a-multipunt, va haver-hi investigació en entorns acadèmics i col·laboracions pública i privada. La iniciativa més notable en aquest aspecte va ser el projecte del Horizon 2020 5G-Xcast, que va transcórrer del 2017 a 2019. 5G-Xcast va produir diverses solucions a nivell d'arquitectura, des de la perspectiva de provisió de continguts, noves funcions de xarxa interoperables amb el nucli 5G, fins a modificacions a la interfície aire basada en New Radio. Les troballes del projecte estan descrits en aquesta tesi. La tesi inclou dos exemples de eMBMS aplicats a verticals diferents, una per a l'ús de eMBMS en entorns industrials, i una altra presentant eMBMS com un sistema SAP. Incloure serveis punt-a-multipunt com una manera addicional cel·lular duu alguns desafiaments, com ja va mostrar l'estandardització de eMBMS: les xarxes de radiodifusió terrestre i les xarxes cel·lulars són molt diferents entre elles. Trobar una forma d'ona viable per a totes dues infraestructures és complex. Aquesta tesi ofereix un punt de vista diferent al problema: un escenari de col·laboració entre cadenes televisives i operadors mòbils, on la infraestructura de radiodifusió i mòbil són compartides. Aquest concepte s'ha definit com Convergence of Terrestrial and Mobile Networks. Les tecnologies triades per a convergir són ATSC 3.0 i 5G, usant el Advanced Traffic Steering, Switching and Splitting (ATSSS). ATSSS està compost d'una sèrie de procediments, interfícies, funcions de xarxa, per a permetre l'ús compartit d'un accés 3GPP amb un non-3GPP, com a Wi-Fi. No obstant això, l'ús de ATSSS per a adjuntar radiodifusió i cel·lular no és trivial, ja que ATSSS no va ser dissenyada per a per a enllaços ràdio unidireccionals com ATSC 3.0. Aquestes limitacions són descrites detalladament, i una proposta per a solucionar-les també està inclosa. La solució es basa en Quick UDP Internet Connections (QUIC), i s'usa com a exemple per a la provisió de Convergent Services (File Repair i Vídeo Offloading). La tesi conclou amb una descripció de Release 17 5MBS, amb els nous conceptes introduïts. 5MBS és capaç de canviar entre unicast, multicast i broadcast; depenent del servei, la ubicació geogràfica dels usuaris, i les capacitats de la infraestructura mòbil involucrades. Per a avaluar 5MBS, s'ha realitzat un estudi de prestacions, basat en comunicacions multicast dins del nucli de xarxa 5G. Aquest prototip 5MBS forma part del laboratori VLC Campus 5G, i utilitza el programari comercial Open5GCore com a base del desenvolupament. El model de sistema per a l'experimentació està format per un servidor de vídeo, que es connecta al Open5GCore i a les funcions de xarxa millorades amb funcionalitats 5MBS. Aquestes funcions de xarxa envien el contingut mitjançant punt-a-multipunt a un entorn ràdio i terminals simulats. Els resultats obtinguts ressalten l'objectiu principal de la tesi: les comunicacions punt-a-multipunt són una solució escalable per a l'enviament de contingut multimèdia en directe.[EN] This dissertation covers the state-of-the-art in LTE eMBMS Release 14, also known as Enhanced Television Services (ENTV). ENTV provided a suite of radio and core enhancements that made eMBMS into a viable terrestrial broadcast standard. The latest iteration of this technology is known as LTE-based 5G Broadcast; even though it is not New Radio or 5G Core based. To bridge this gap, research efforts by academia, public and private enterprises evaluated how to provide a 5G-based solution for point-to-multipoint services. The most notable effort in this regard is the Horizon 2020 project 5G-Xcast, which ran from 2017 to 2019. 5G-Xcast provided several architectural solutions, from the content delivery perspective down to air interface specifics; providing new waveforms based on New Radio and Network Functions interoperable with a Release 15 5G Core. The findings are summarized in this thesis. Two examples of eMBMS applied to different verticals are included in the thesis, one for the use of eMBMS in industrial environments, and the other using eMBMS as a PWS technology. Providing point-to-multipoint services as another cellular service poses some problems, as the standardization process of eMBMS showed: the broadcast infrastructure is different than the cellular one. Having a waveform that is suited for both scenarios is a difficult endeavour. The thesis provides a new perspective into this problem: Having existing Terrestrial Broadcast standards and infrastructure be the point-to-multipoint solution of 5G, where mobile operators and broadcasters collaborate together. This is defined in the dissertation as Convergence of Terrestrial and Mobile Networks. The technologies chosen to be converged together were ATSC 3.0 and 5G; using the existing Release 16 framework known as Advanced Traffic Steering, Switching and Splitting (ATSSS). ATSSS is a series of procedures, interfaces, new Network Functions, to allow the joint use of a 3GPP Access Network alongside a non-3GPP one, like Wi-Fi. However, the use of ATSSS for cellular plus broadcast brings challenges, as the ATSSS technology was not designed to be used with a unidirectional access network like ATSC 3.0. These limitations are described in detail, and an architectural proposal that overcomes the limitations is proposed. This solution is based on Quick UDP Internet Connections (QUIC), and how to provide Convergent Services (i.e File Repair and Video Offloading) is shown. The thesis concludes with a description of Release 17 5MBS, including the new concepts introduced. 5MBS features the capacity of switching between unicast, multicast and broadcast; depending on the service addressed, the geographical location of the users, and the capability of the RAN infrastructure targeted. In order to evaluate 5MBS, a performance study of the use of multicast inside the 5G Core has been carried out. The 5MBS prototype was developed as part of the VLC Campus 5G laboratory, using the commercial software Open5GCore which provides the libraries and Network Functions to deploy your own 5G Private Network in testing environments. The system model of the experiment is formed by a video server, connected to the Open5GCore and the 5MBS enhanced functions; which will deliver the content to an emulated RAN environment hosting virtual gNBs and devices. The results obtained reinforce the objective of the thesis, positioning point-to-multipoint as a scalable way to deliver live content.Research projects: 5G-Xcast: Broadcast and Multicast Communication Enablers for the Fifth-Generation of Wireless Systems (H2020 No 761498); 5G-TOURS: SmarT mObility, media and e-health for toURists and citizenS (H2020 No 856950); FUDGE-5G: FUlly DisinteGrated private nEtworks for 5G verticals (H2020 No 957242).Barjau Estevan, CS. (2022). Point-to-Multipoint Services on Fifth-Generation Mobile Networks [Tesis doctoral]. Universitat Politècnica de València. https://doi.org/10.4995/Thesis/10251/19140