Deploying ITS Scenarios Providing Security and Mobility Services Based on IEEE 802.11p Technology

Botany & plant science

IPv6 Network Mobility

Network Authentication, Authorization, and Accounting has been used since before the days of the Internet as we know it today. Authentication asks the question, “Who or what are you?” Authorization asks, “What are you allowed to do?” And fi nally, accounting wants to know, “What did you do?” These fundamental security building blocks are being used in expanded ways today. The fi rst part of this two-part series focused on the overall concepts of AAA, the elements involved in AAA communications, and highlevel approaches to achieving specifi c AAA goals. It was published in IPJ Volume 10, No. 1[0]. This second part of the series discusses the protocols involved, specifi c applications of AAA, and considerations for the future of AAA

Connection Robustness for Wireless Moving Networks Using Transport Layer Multi-homing

Given any form of mobility management through wireless communication, one useful enhancement is improving the reliability and robustness of transport-layer connections in a heterogeneous mobile environment. This is particularly true in the case of mobile networks with multiple vertical handovers. In this thesis, issues and challenges in mobility management for mobile terminals in such a scenario are addressed, and a number of techniques to facilitate and improve efficiency and the QoS for such a handover are proposed and investigated. These are initially considered in an end-to-end context and all protocols and changes happened in the middleware of the connection where the network is involved with handover issues and end user transparency is satisfied. This thesis begins by investigating mobility management solutions particularly the transport layer models, also making significant observation pertinent to multi-homing for moving networks in general. A new scheme for transport layer tunnelling based on SCTP is proposed. Consequently a novel protocol to handle seamless network mobility in heterogeneous mobile networks, named nSCTP, is proposed. Efficiency of this protocol in relation to QoS for handover parameters in an end-to-end connection while wired and wireless networks are available is considered. Analytically and experimentally it has been proved that this new scheme can significantly increase the throughput, particularly when the mobile networks roam frequently. The detailed plan for the future improvements and expansion is also provided

Algorithmes d'adressage et routage pour des réseaux fortement mobiles à grande échelle

After successfully connecting machines and people later (world wide web), the new era of In-ternet is about connecting things. Due to increasing demands in terms of addresses, mobility, scalability, security and other new unattended challenges, the evolution of current Internet archi-tecture is subject to major debate worldwide. The Internet Architecture Board (IAB) workshop on Routing and Addressing report described the serious scalability problems faced by large backbone operators in terms of routing and addressing, illustrated by the unsustainable growth of the Default Free Zone (DFZ) routing tables. Some proposals tackled the scalability and IP semantics overload issues with two different approaches: evolutionary approach (backward com-patibility) or a revolutionary approach. Several design objectives (technical or high-level) guided researchers in their proposals. Mobility is definitely one of the main challenges.Inter-Vehicle Communication (IVC) attracts considerable attention from the research com-munity and the industry for its potential in providing Intelligent Transportation Systems (ITS) and passengers services. Vehicular Ad-Hoc Networks (VANETs) are emerging as a class of wire-less network, formed between moving vehicles equipped with wireless interfaces (cellular and WiFi) employing heterogeneous communication systems. A VANET is a form of mobile ad-hoc network that provides IVC among nearby vehicles and may involve the use of a nearby fixed equipment on the roadside. The impact of Internet-based vehicular services (infotainment) are quickly developing. Some of these applications, driver assistance services or traffic reports, have been there for a while. But market-enabling applications may also be an argument in favor of a more convenient journey. Such use cases are viewed as a motivation to further adoption of the ITS standards developed within IEEE, ETSI, and ISO.This thesis focuses on applying Future Internet paradigm to vehicle-to-Internet communica-tions in an attempt to define the solution space of Future Vehicular Internet. We first introduce two possible vehicle-to-Internet use cases and great enablers for IP based services : eHealth and Fully-electric Vehicles. We show how to integrate those use cases into IPv6 enabled networks. We further focus on the mobility architectures and determine the fundamental components of a mobility architecture. We then classify those approaches into centralized and distributed to show the current trends in terms of network mobility extension, an essential component to vehicular networking. We eventually analyze the performance of these proposals. In order to define an identifier namespace for vehicular communications, we introduce the Vehicle Identification Numbers are possible candidates. We then propose a conversion algorithm that preserves the VIN characteristics while mapping it onto usable IPv6 networking objects (ad-dresses, prefixes, and Mobile Node Identifiers). We make use of this result to extend LISP-MN protocol with the support of our VIN6 addressing architecture. We also apply those results to group IP-based communications, when the cluster head is in charge of a group of followers.Cette thèse a pour objectif de faire avancer l'état de l'art des communications basée sur Internet Protocol version 6 (IPv6) dans le domaine des réseaux véhiculaires, et ce dans le cadre des évolutions récentes de IP, notamment l'avènement du Future Internet. Le Future Internet (F.I.) définit un ensemble d'approches pour faire évoluer l'Internet actuel , en particulier l'émergence d'un Internet mobile exigeant en ressources. Les acteurs de ce domaine définissent les contraintes inhérentes aux approches utilisées historiquement dans l'évolution de l'architecture d'Internet et tentent d'y remédier soit de manière évolutive soit par une rupture technologique (révolutionnaire). Un des problèmes au centre de cette nouvelle évolution d'Internet est la question du nommage et de l'adressage dans le réseau. Nous avons entrepris dans cette thèse l'étude de ce problème, dans le cadre restreint des communications véhiculaires Internet.Dans ce contexte, l'état de l'art du Future Internet a mis en avant les distinctions des approches révolutionnaires comparées aux propositions évolutives basées sur IPv6. Les réseaux véhiculaires étant d'ores-et-déjà dotés de piles protocolaires comprenant une extension IPv6, nous avons entamé une approche évolutive visant à intégrer les réseaux véhiculaires au Future Internet. Une première proposition a été de convertir un identifiant présent dans le monde automobile (VIN, Numéro d'Identification de Véhicule) en un lot d'adresses réseau propres à chaque véhicule (qui est donc propriétaire de son adressage issu de son identifiant). Cette proposition étant centrée sur le véhicule, nous avons ensuite intégré ces communications basés dans une architecture globale Future Internet basée sur IPv6 (protocole LISP). En particulier, et avec l'adressage VIN, nous avons défini un espace d'adressage indépendant des fournisseurs d'accès à Internet où le constructeur automobile devient acteur économique fournissant des services IPv6 à sa flotte de véhicules conjointement avec les opérateurs réseau dont il dépend pour transporter son trafic IP. Nous nous sommes ensuite intéressés à l'entourage proche du véhicule afin de définir un nouveau mode de communication inter-véhiculaire à Internet: le V2V2I (Angl. Vehicle-to-Vehicle-to-Infrastructure). Jusqu'à présent, les modes de transmission de données à Internet dans le monde du véhicule consistaient en des topologies V2I, à savoir véhicule à Internet, où le véhicule accède à l'infrastructure directement sans intermédiaire. Dans le cadre des communications véhiculaires à Internet, nous proposons une taxonomie des méthodes existantes dans l'état de l'art. Les techniques du Future Internet étant récentes, nous avons étendu notre taxonomie par une nouvelle approche basée sur la séparation de l'adressage topologique dans le cluster de celui de l'infrastructure. Le leader du cluster s'occupe d'affecter les adresses (de son VIN) et de gérer le routage à l'intérieur de son cluster. La dernière contribution consiste en la comparaison des performances des protocoles de gestion de mobilité, notamment pour les réseaux de véhicules et des communications de type vehicule-à-Internet. Dans ce cadre, nous avons proposé une classification des protocoles de gestion de mobilité selon leur déploiement: centralisé (basé réseau ou host) et distribué. Nous avons ensuite évalué les performances en modélisant les durées de configurations et de reconfigurations des différents protocoles concernés

Analysis, design and experimental evaluation of connectivity management in heterogeneous wireless environments

Mención Internacional en el título de doctorThe future of network communications is mobile as many more users demand for ubiquitous connectivity. Wireless has become the primary access technology or even the only one, leading to an explosion in traffic demand. This challenges network providers to manage and configure new requirements without incrementing costs in the same amount. In addition to the growth in the use of mobile devices, there is a need to operate simultaneously different access technologies. As well, the great diversity of applications and the capabilities of mobile terminals makes possible for us to live in a hyper-connected world and offers new scenarios. This heterogeneity poses great challenges that need to be addressed to offer better performance and seamless experience to the final user. We need to orchestrate solutions to increase flexibility and empower interoperability. Connectivity management is handled from different angles. In the network stack, mobility is more easily handled by IP mobility protocols, since IP is the common layer between the different access technologies and the application diversity. From the end-user perspective, the connection manager is in charge of handling connectivity issues in mobile devices, but it is an unstandardized entity so its performance is heavily implementation-dependent. In this thesis we explore connectivity management from different angles. We study mobility protocols as they are part of our proposed solutions. In most of the cases we include an experimental evaluation of performance with 3G and IEEE 802.11 as the main technologies. We consider heterogeneous scenarios, with several access technologies where mobile devices have also several network interfaces. We evaluate how connectivity is handled as well as its influence in a handover. Based on the analysis of real traces from a cellular network, we confirm the suitability of more efficient mobility management. Moreover, we propose and evaluate three different solutions for providing mobility support in three different heterogeneous scenarios. We perform an experimental evaluation of a vehicular route optimization for network mobility, reporting on the challenges and lessons learned in such a complicated networking environment. We propose an architecture for supporting mobility and enhance handover in a passive optical network deployment. In addition, we design and deploy a mechanism for mobility management based on software-defined networking.Programa Oficial de Doctorado en Ingeniería TelemáticaPresidente: Arturo Azcorra Saloña.- Secretario: Ramón Agüero Calvo.- Vocal: Daniel Nunes Coruj

Connection robustness for wireless moving networks using transport layer multi-homing

Given any form of mobility management through wireless communication, one useful enhancement is improving the reliability and robustness of transport-layer connections in a heterogeneous mobile environment. This is particularly true in the case of mobile networks with multiple vertical handovers. In this thesis, issues and challenges in mobility management for mobile terminals in such a scenario are addressed, and a number of techniques to facilitate and improve efficiency and the QoS for such a handover are proposed and investigated. These are initially considered in an end-to-end context and all protocols and changes happened in the middleware of the connection where the network is involved with handover issues and end user transparency is satisfied. This thesis begins by investigating mobility management solutions particularly the transport layer models, also making significant observation pertinent to multi-homing for moving networks in general. A new scheme for transport layer tunnelling based on SCTP is proposed. Consequently a novel protocol to handle seamless network mobility in heterogeneous mobile networks, named nSCTP, is proposed. Efficiency of this protocol in relation to QoS for handover parameters in an end-to-end connection while wired and wireless networks are available is considered. Analytically and experimentally it has been proved that this new scheme can significantly increase the throughput, particularly when the mobile networks roam frequently. The detailed plan for the future improvements and expansion is also provided.EThOS - Electronic Theses Online ServiceGBUnited Kingdo

Emulation of a Private Network Enabled by SDN in Open RAN

Although in the world the focus is on the Fifth Generation (5G) and other future generations, the industry needs to focus separately on the coverage of the Fourth Generation (4G) first. One of the reasons why the Long-Term Evolution mobile technology will continue to evolve is that, in general, the average user does not need 5G technology because its benefits are not substantial for consumer applications. The number of subscribers for the LTE technology will, therefore, continue to increase. Open RAN is able to deploy both LTE and NR mobile technologies. The deployment of Open Radio Access Networks translates in costs reduction, as well as increasing flexibility, scalability and reliability. The O-RAN Alliance has promised to open a new ecosystem that is centralized on the software and where the hardware becomes a white box. This new software-centered ecosystem allows to obtain systems in which most, or all, of the RAN MAC and PHY layers are implemented via software. Many mobile network operators (MNOs) throughout the world are, therefore, now testing and deploying Open RAN. Moreover, the approaches of Software-Defined Networking (SDN), such as virtualization and vendor neutrality, offer new and efficient ways to manage the mobile network which are extremely relevant for Open RAN. Open RAN, ergo, is part of the transformation in deploying SDN. SDN brings flexibility to Open RANs, allowing MNOs to simply evolve their deployed private LTE network into a private NR network. For all the reasons mentioned so far, the goal of this thesis is to emulate a Private LTE mobile Network. The emulated private network will be deployed in Open Radio Access Network and it will be enabled by Software-Defined Networking

Survivability, Scalability and Security of Mobility Protocols

Today mobile computing has become a necessity and we are witnessing explosive growth in the number of mobile devices accessing the Internet. To facilitate continuous Internet connectivity for nodes and networks in motion, mobility protocols are required and they exchange various signaling messages with the mobility infrastructure for protocol operation. Proliferation in mobile computing has raised several research issues for the mobility protocols. First, it is essential to perform cost and scalability analysis of mobility protocols to find out their resource requirement to cope with future expansion. Secondly, mobility protocols have survivability issues and are vulnerable to security threats, since wireless communication media can be easily accessible to intruders. The third challenge in mobile computing is the protection ofsignaling messages against losses due to high bandwidth requirementof multimedia in mobile environments. However, there is lack of existing works that focus on the quantitative analysis of cost, scalability, survivability and security of mobility protocols.In this dissertation, we have performed comprehensive evaluation ofmobility protocols. We have presented tools and methodologies required for the cost, scalability, survivability and security analysis of mobilityprotocols. We have proposed a dynamic scheduling algorithm to protect mobility signaling message against losses due to increased multimedia traffic in mobile environments and have also proposed a mobile networkarchitecture that aims at maximizing bandwidth utilization. The analysis presented in this work can help network engineers compare different mobility protocols quantitatively, thereby choose one that is reliable, secure, survivable and scalable

Routing and Mobility on IPv6 over LoWPAN

The IoT means a world-wide network of interconnected objects based on standard communication protocols. An object in this context is a quotidian physical device augmented with sensing/actuating, processing, storing and communication capabilities. These objects must be able to interact with the surrounding environment where they are placed and to cooperate with neighbouring objects in order to accomplish a common objective. The IoT objects have also the capabilities of converting the sensed data into automated instructions and communicating them to other objects through the communication networks, avoiding the human intervention in several tasks. Most of IoT deployments are based on small devices with restricted computational resources and energy constraints. For this reason, initially the scientific community did not consider the use of IP protocol suite in this scenarios because there was the perception that it was too heavy to the available resources on such devices. Meanwhile, the scientific community and the industry started to rethink about the use of IP protocol suite in all IoT devices and now it is considered as the solution to provide connectivity between the IoT devices, independently of the Layer 2 protocol in use, and to connect them to the Internet. Despite the use of IP suite protocol in all devices and the amount of solutions proposed, many open issues remain unsolved in order to reach a seamless integration between the IoT and the Internet and to provide the conditions to IoT service widespread. This thesis addressed the challenges associated with the interconnectivity between the Internet and the IoT devices and with the security aspects of the IoT. In the interconnectivity between the IoT devices and the Internet the problem is how to provide valuable information to the Internet connected devices, independently of the supported IP protocol version, without being necessary accessed directly to the IoT nodes. In order to solve this problem, solutions based on Representational state transfer (REST) web services and IPv4 to IPv6 dual stack transition mechanism were proposed and evaluated. The REST web service and the transition mechanism runs only at the border router without penalizing the IoT constrained devices. The mitigation of the effects of internal and external security attacks minimizing the overhead imposed on the IoT devices is the security challenge addressed in this thesis. Three different solutions were proposed. The first is a mechanism to prevent remotely initiated transport level Denial of Service attacks that avoids the use of inefficient and hard to manage traditional firewalls. It is based on filtering at the border router the traffic received from the Internet and destined to the IoT network according to the conditions announced by each IoT device. The second is a network access security framework that can be used to control the nodes that have access to the network, based on administrative approval, and to enforce security compliance to the authorized nodes. The third is a network admission control framework that prevents IoT unauthorized nodes to communicate with IoT authorized nodes or with the Internet, which drastically reduces the number of possible security attacks. The network admission control was also exploited as a management mechanism as it can be used to manage the network size in terms of number of nodes, making the network more manageable, increasing its reliability and extending its lifetime.A IoT (Internet of Things) tem suscitado o interesse tanto da comunidade académica como da indústria, uma vez que os campos de aplicação são inúmeros assim como os potenciais ganhos que podem ser obtidos através do uso deste tipo de tecnologia. A IoT significa uma rede global de objetos ligados entre si através de uma rede de comunicações baseada em protocolos standard. Neste contexto, um objeto é um objeto físico do dia a dia ao qual foi adicionada a capacidade de medir e de atuar sobre variáveis físicas, de processar e armazenar dados e de comunicar. Estes objetos têm a capacidade de interagir com o meio ambiente envolvente e de cooperar com outros objetos vizinhos de forma a atingirem um objetivo comum. Estes objetos também têm a capacidade de converter os dados lidos em instruções e de as comunicar a outros objetos através da rede de comunicações, evitando desta forma a intervenção humana em diversas tarefas. A maior parte das concretizações de sistemas IoT são baseados em pequenos dispositivos autónomos com restrições ao nível dos recursos computacionais e de retenção de energia. Por esta razão, inicialmente a comunidade científica não considerou adequado o uso da pilha protocolar IP neste tipo de dispositivos, uma vez que havia a perceção de que era muito pesada para os recursos computacionais disponíveis. Entretanto, a comunidade científica e a indústria retomaram a discussão acerca dos benefícios do uso da pilha protocolar em todos os dispositivos da IoT e atualmente é considerada a solução para estabelecer a conetividade entre os dispositivos IoT independentemente do protocolo da camada dois em uso e para os ligar à Internet. Apesar do uso da pilha protocolar IP em todos os dispositivos e da quantidade de soluções propostas, são vários os problemas por resolver no que concerne à integração contínua e sem interrupções da IoT na Internet e de criar as condições para a adoção generalizada deste tipo de tecnologias. Esta tese versa sobre os desafios associados à integração da IoT na Internet e dos aspetos de segurança da IoT. Relativamente à integração da IoT na Internet o problema é como fornecer informação válida aos dispositivos ligados à Internet, independentemente da versão do protocolo IP em uso, evitando o acesso direto aos dispositivos IoT. Para a resolução deste problema foram propostas e avaliadas soluções baseadas em web services REST e em mecanismos de transição IPv4 para IPv6 do tipo pilha dupla (dual stack). O web service e o mecanismo de transição são suportados apenas no router de fronteira, sem penalizar os dispositivos IoT. No que concerne à segurança, o problema é mitigar os efeitos dos ataques de segurança internos e externos iniciados local e remotamente. Foram propostas três soluções diferentes, a primeira é um mecanismo que minimiza os efeitos dos ataques de negação de serviço com origem na Internet e que evita o uso de mecanismos de firewalls ineficientes e de gestão complexa. Este mecanismo filtra no router de fronteira o tráfego com origem na Internet é destinado à IoT de acordo com as condições anunciadas por cada um dos dispositivos IoT da rede. A segunda solução, é uma framework de network admission control que controla quais os dispositivos que podem aceder à rede com base na autorização administrativa e que aplica políticas de conformidade relativas à segurança aos dispositivos autorizados. A terceira é um mecanismo de network admission control para redes 6LoWPAN que evita que dispositivos não autorizados comuniquem com outros dispositivos legítimos e com a Internet o que reduz drasticamente o número de ataques à segurança. Este mecanismo também foi explorado como um mecanismo de gestão uma vez que pode ser utilizado a dimensão da rede quanto ao número de dispositivos, tornando-a mais fácil de gerir e aumentando a sua fiabilidade e o seu tempo de vida

MP-CFM: MPTCP-Based communication functional module for next generation ERTMS

184 p. El contenido de los capítulos 4,5,6,7,8 y 9 está sujeto a confidencialidadEl Sistema Europeo de Gestión del Tráfico Ferroviario (ERTMS, por sus siglasen inglés), fue originalmente diseñado para los ferrocarriles europeos. Sinembargo, a lo largo de las dos últimas décadas, este sistema se ha convertidoen el estándar de-facto para los servicios de Alta Velocidad en la mayoría depaíses desarrollados.El sistema ERTMS se compone de tres subsistemas principales: 1) el Sistemade Control Ferroviario Europeo (ETCS, por sus siglas en inglés), que actúacomo aplicación de señalización; 2) el sistema Euroradio, que a su vez estádividido en dos subsistemas, el Módulo de Seguridad Funcional (SFM, porsus siglas en inglés), y el Módulo de Comunicación Funcional (CFM, porsus siglas en inglés); y 3) el sistema de comunicaciones subyacente, GSM-R,que transporta la información intercambiada entre el sistema embarcado enel tren (OBU, por sus siglas en inglés) y el Centro de Bloqueo por Radio(RBC, por sus siglas en inglés). El sistema de señalización ETCS soporta tresniveles dependiendo del nivel de prestaciones soportadas. En el nivel 3 seintroduce la posibilidad de trabajar con bloques móviles en lugar de bloquesfijos definidos en la vía. Esto implica que la distancia de avance entre dos trenesconsecutivos puede ser reducida a una distancia mínima en la que se garanticela seguridad del servicio, aumentando por tanto la capacidad del corredorferroviario. Esta distancia de seguridad viene determinada por la combinaciónde la distancia de frenado del tren y el retraso de las comunicaciones deseñalización. Por lo tanto, se puede afirmar que existe una relación directaentre los retrasos y la confiabilidad de las transmisiones de las aplicaciones deseñalización y la capacidad operacional de un corredor ferroviario. Así pues,el estudio y mejora de los sistemas de comunicaciones utilizados en ERTMSjuegan un papel clave en la evolución del sistema ERTMS. Asimismo, unaoperatividad segura en ERTMS, desde el punto de vista de las comunicacionesimplicadas en la misma, viene determinada por la confiabilidad de lascomunicaciones, la disponibilidad de sus canales de comunicación, el retrasode las comunicaciones y la seguridad de sus mensajes.Unido este hecho, la industria ferroviaria ha venido trabajando en ladigitalización y la transición al protocolo IP de la mayor parte de los sistemasde señalización. Alineado con esta tendencia, el consorcio industrial UNISIGha publicado recientemente un nuevo modelo de comunicaciones para ERTMSque incluye la posibilidad, no solo de operar con el sistema tradicional,basado en tecnología de conmutación de circuitos, sino también con un nuevosistema basado en IP. Esta tesis está alineada con el contexto de migraciónactual y pretende contribuir a mejorar la disponibilidad, confiabilidad yseguridad de las comunicaciones, tomando como eje fundamental los tiemposde transmisión de los mensajes, con el horizonte puesto en la definición deuna próxima generación de ERTMS, definida en esta tesis como NGERTMS.En este contexto, se han detectado tres retos principales para reforzar laresiliencia de la arquitectura de comunicaciones del NGERTMS: 1) mejorarla supervivencia de las comunicaciones ante disrupciones; 2) superar laslimitaciones actuales de ERTMS para enviar mensajes de alta prioridad sobretecnología de conmutación de paquetes, dotando a estos mensajes de un mayorgrado de resiliencia y menor latencia respecto a los mensajes ordinarios; y3) el aumento de la seguridad de las comunicaciones y el incremento de ladisponibilidad sin que esto conlleve un incremento en la latencia.Considerando los desafíos previamente descritos, en esta tesis se proponeuna arquitectura de comunicaciones basada en el protocolo MPTCP, llamadaMP-CFM, que permite superar dichos desafíos, a la par que mantener laretrocompatibilidad con el sistema de comunicaciones basado en conmutaciónde paquetes recientemente propuesto por UNISIG. Hasta el momento, esta esla primera vez que se propone una arquitectura de comunicaciones completacapaz de abordar los desafíos mencionados anteriormente. Esta arquitecturaimplementa cuatro tipos de clase de servicio, los cuales son utilizados porlos paquetes ordinarios y de alta prioridad para dos escenarios distintos; unescenario en el que ambos extremos, el sistema embarcado o OBU y el RBC,disponen de múltiples interfaces de red; y otro escenario transicional en el cualel RBC sí tiene múltiples interfaces de red pero el OBU solo dispone de unaúnica interfaz. La arquitectura de comunicaciones propuesta para el entornoferroviario ha sido validada mediante un entorno de simulación desarrolladopara tal efecto. Es más, dichas simulaciones demuestran que la arquitecturapropuesta, ante disrupciones de canal, supera con creces en términos derobustez el sistema diseñado por UNISIG. Como conclusión, se puede afirmarque en esta tesis se demuestra que una arquitectura de comunicaciones basadade MPTCP cumple con los exigentes requisitos establecidos para el NGERTMSy por tanto dicha propuesta supone un avance en la evolución del sistema deseñalización ferroviario europeo