Evaluation of policy based admission control mechanisms in NGN

The 3GPP consortium proposed in the release 7 of the IP Multimedia Subsystem (IMS) a Diameter interface for the resource admission communication process replacing the previous COPS solution. Although both academic and industry communities have deeply debate the advantages and disadvantages of each protocol, its impact in NGN may have not been thoroughly quantified. This paper compares both protocols in terms of messages exchanged between network entities, and of bandwidth requirements during the admission control process. Based on general network operator environment characteristics, we present several exploitation scenarios where it is analyzed the scalability and adequacy of each protocol

Plataforma de serviços em redes de próxima geração (IMS)

Mestrado em Engenharia de Computadores e TelemáticaNuma tentativa de atrair novos clientes e manter os actuais, os operadores de telecomunicações procuram novas plataformas e tecnologias que lhes permitam o desenvolvimento rápido e eficiente de novos serviços. A arquitectura IP Multimedia Subsystem (IMS) normalizada pelo Third Generation Partnership Project (3GPP), inclui a capacidade de adicionar, modificar e remover sessões durante uma sessão multimédia, abrindo um novo leque de serviços combinando simultaneamente componentes de voz e dados entre outros componentes de Media. O IMS define uma arquitectura independente da rede de acesso, separando claramente o nível de transporte, o nível de controlo e o nível de serviços. No nível de serviços residem as Plataformas de Serviço (Service Delivery Platforms – (SDPs)), que controlam toda a lógica de execução de serviços. SDPs são uma nova aproximação arquitectural que tem como finalidade garantir o rápido desenvolvimento e execução de novos serviços multimédia, de um modo económico e simples. Tipicamente, as SDPs deverão fornecer um ambiente de criação, execução e gestão de serviços permitindo uma abstracção do ambiente de acesso ao serviço. A indústria das telecomunicações reconheceu a necessidade das SDPs, principalmente se estiverem de acordo com especificações industriais e construídas no topo de arquitecturas normalizadas (como é o caso do IMS). Um dos problemas inerentes às SDPs consiste em perceber como tirar proveito de serviços distribuídos pelas várias plataformas (tradicionais/legadas, SIP/IMS, etc.), de uma forma dinâmica, de modo a construir um serviço composto (Service Bundling) de maior valor para o utilizador final. O trabalho apresentado nesta dissertação de mestrado, foi o resultado de um estudo de toda a envolvente em torno das redes de próxima geração, analisando ainda detalhadamente a camada superior de serviços (plataforma de serviços) que irá, num futuro próximo, ter um papel fundamental na obtenção de receitas por parte do operador, dando ainda destaque aos elementos de taxação da arquitectura IMS. Para demonstrador, foi desenvolvido um Enabler de Charging e um conector Diameter experimentais para tarifar um serviço de Vídeo Portal numa rede IMS e um serviço de chamadas de utilizadores IMS-PSTN com tarifação em tempo real, isto é, elaboração de um serviço pré-pago. ABSTRACT: In an attempt to attract new customers and keeping the current ones, telecommunication operators are now searching new platforms and technologies for enabling fast and efficient new services development. The IP Multimedia Subsystem (IMS) architecture, standardize by Third Generation Partnership Project (3GPP), includes capabilities to add, modify and remove sessions during an ongoing multimedia session, opening the opportunity for creating new services that allow combining voice, data and other media types simultaneously. IMS defines an access independent architecture, composed by three separated layers: the transport layer, the control layer and the service layer. In the service layer we can find the Service Delivery Platforms (SDPs), which contains all the service execution logic. SDPs are a new architectural approach intended to enable the rapid development and deployment of new converged multimedia services. SDPs should typically provide a service creation, execution and management environment, and a network abstraction layer. The telecommunications industry has recognized the need for an SDP, particularly, one that conforms to industry standards and are built on top of a standard architecture (IMS case). The problem lies on how to profit with the different services distributed by different platforms (legacy, SIP/IMS, etc.) in a dynamic way, allowing the creation of value added compose service for the end user. The work here presented on was the result of a detailed study about new next generation networks, in particular the application layer, which in a near future, will produce high revenues for the operators at the 3GPP environment. This will be based on the well defined 3GPP Charging Framework for the IMS architecture. A demonstrator was developed using an experimental Charging Enabler and a Diameter Resource Adaptor to allow charging an IMS Video Portal service and IMS user calls to PSTN – PC2Phone service, allowing online (real time) charging, more concretely pre-paid services

Architectures de réseaux pour la délivrance de services à domicile

Avec l’omniprésence au quotidien du numérique et de l’informatique, de plus en plus d’utilisateurs souhaitent avoir accès à Internet et à leurs applications via n’importe quel périphérique, de n’importe où et n’importe quand. Les appareils domestiques intelligents se développant, les besoins d’échanger des données au domicile même se font de plus en plus sentir. C’est dans ce contexte, celui des services à domicile avec besoin d’interconnexion que se situe notre étude. Ce type de service est qualifié de Home Service (HS) alors que le réseau à domicile est nommé Home Network (HN). La problématique pour les opérateurs est alors de concevoir des architectures appropriées à l’interconnexion des HN de manière sécurisée tout en permettant un déploiement facile et à grande échelle. Dans la première étape, nous considérons la livraison de services sécurisés à travers un réseau de nouvelle génération (NGN) : IMS (IP Multimedia Subsystem). IMS étant l’architecture de référence pour son caractère réseau NGN des opérateurs, diverses architectures peuvent être développées comme support aux HS. Nous avons choisi d'analyser et de mettre en place une architecture P2P centralisée et de le comparer à l’architecture de référence. Plusieurs mécanismes d'authentification sont mis en place autour du P2P centralisé afin de sécuriser la prestation de services. La modélisation et l’évaluation de notre proposition ont permis d’identifier sa relation à l’IMS mais aussi des problèmes inhérents aux solutions centralisées : la protection des données personnelles, l’impact de la taille sur réseau sur les performances, l’existence d’un point de faiblesse unique face aux attaques et la congestion au niveau du serveur centralisé. Par conséquent, nous nous sommes tournés vers les solutions distribuées pour résoudre ces problèmes. Dans la deuxième étape, nous considérons l’architecture P2P non-structurée, qualifiée de pur P2P. La cryptographie basée sur l'identité (IBC) est ajoutée au P2P pur afin d’authentifier les utilisateurs et de protéger leurs communications. Pour chacune des solutions une analyse du coût de signalisation est effectuée révélant une faiblesse en ce qui concerne l’étape de recherche. Dans un déploiement à grande échelle, le coût de cette phase est trop élevé. Aussi, nous examinons le P2P structuré basé sur les Dynamic Hash Tables, une autre solution distribuée. Cette architecture est étudiée par l'IETF en tant qu’une des dernières générations de P2P: REsource LOcation And Discovery (RELOAD) Base Protocol. Nous proposons son utilisation dans le cadre des HSs. Comme preuve du concept, cette solution a été implantée et déployée sur un petit réseau en utilisant TLS/SSL comme mécanisme de sécurité. Cette plateforme nous a permis d’étudier les délais et les coûts de cette solution. Pour terminer, un bilan est établi sur toutes les solutions proposées En outre, nous introduisons d’autres types de HS et leurs possibilités de déploiement futur. ABSTRACT : With digital life enhancement, more users would like to get seamless Internet and information with any devices, at any time and from anywhere. More and more home devices need to exchange data or to control other devices. The type of services is labelled Home Service (HS) and it is deployed though a Home Network (HN). Some users need to use their HS outside their HN, some others need to interconnect other HN. Operators have to provide suitable network architectures to ensure this interconnection and to provide at the same time, scalability, remote access, easy deployment and security. Here is the topic of our work. In the fist step, we consider a practical illustration around the Next-Generation Network (NGN) and the secured services. It is the IMS (IP Multimedia Subsystem) approach for the management of services that is generally supported by the NGN network operators. However, various network operator architectures can be developed to support these services. An alternative way is the P2P architectures. We choose to analyze and implement a centralized P2P and we compare it with the IMS solution. Several authentication mechanisms are introduced to secure the centralized P2P. An evaluation of these architectures is conducted. Since the previous solutions present some issues due to their centralized feature, we consider distributed solutions in a second step. The non-structured P2P, called pure P2P, can also support HS. Identity Based Crytography (IBC) is added to these architectures in order to offer authentication and protection to user communications. The different solutions are compared through their signaling and transmission cost. The study shows that searching step in this architecture is really costly, facing a scalability problem. Thus, we propose to use a structured P2P (called Dynamic Hash Table) for delivering HS between HN. This type of architecture is studied by IETF with the REsource Location And Discovery (RELOAD) Base Protocol. This solution is implanted and deployed here to be a proof of the concept. This test-bed enables the study of delay and security overhead in a real system. Eventually, the presented solutions are recaptured in order to see their advantages/ disadvantages. In addition, we introduce other perspectives in terms of HSs and network interconnection

MOBILITY SUPPORT ARCHITECTURES FOR NEXT-GENERATION WIRELESS NETWORKS

With the convergence of the wireless networks and the Internet and the booming demand for multimedia applications, the next-generation (beyond the third generation, or B3G) wireless systems are expected to be all IP-based and provide real-time and non-real-time mobile services anywhere and anytime. Powerful and efficient mobility support is thus the key enabler to fulfil such an attractive vision by supporting various mobility scenarios. This thesis contributes to this interesting while challenging topic. After a literature review on mobility support architectures and protocols, the thesis starts presenting our contributions with a generic multi-layer mobility support framework, which provides a general approach to meet the challenges of handling comprehensive mobility issues. The cross-layer design methodology is introduced to coordinate the protocol layers for optimised system design. Particularly, a flexible and efficient cross-layer signalling scheme is proposed for interlayer interactions. The proposed generic framework is then narrowed down with several fundamental building blocks identified to be focused on as follows. As widely adopted, we assume that the IP-based access networks are organised into administrative domains, which are inter-connected through a global IP-based wired core network. For a mobile user who roams from one domain to another, macro (inter-domain) mobility management should be in place for global location tracking and effective handoff support for both real-time and non-real-lime applications. Mobile IP (MIP) and the Session Initiation Protocol (SIP) are being adopted as the two dominant standard-based macro-mobility architectures, each of which has mobility entities and messages in its own right. The work explores the joint optimisations and interactions of MIP and SIP when utilising the complementary power of both protocols. Two distinctive integrated MIP-SIP architectures are designed and evaluated, compared with their hybrid alternatives and other approaches. The overall analytical and simulation results shown significant performance improvements in terms of cost-efficiency, among other metrics. Subsequently, for the micro (intra-domain) mobility scenario where a mobile user moves across IP subnets within a domain, a micro mobility management architecture is needed to support fast handoffs and constrain signalling messaging loads incurred by intra-domain movements within the domain. The Hierarchical MIPv6 (HMIPv6) and the Fast Handovers for MIPv6 (FMIPv6) protocols are selected to fulfil the design requirements. The work proposes enhancements to these protocols and combines them in an optimised way. resulting in notably improved performances in contrast to a number of alternative approaches

A new security extension for SCTP

In 2000, the Signaling Transport (SIGTRAN) working group of the IETF defined the Stream Control Transmission Protocol (SCTP) as a new transport protocol. SCTP is a new multi-purpose reliable transport protocol. Due to its various features and easy extensibility it is a valid option not only for already standardised applications but also in many new application scenarios. SCTP has several advantages over TCP and UDP. The analysis of already standardised as well as potential SCTP application scenarios clearly indicates that secure end-to-end transport is one of the crucial requirements for SCTP in the future. Up to now there exist two standardised SCTP security solutions which are called TLS over SCTP [37] and SCTP over IPSec [12]. The goal of this thesis was to evaluate existing SCTP security solutions and find an optimised and efficient security solution. Several drawbacks of the standardised SCTP security solutions identified during the analysis are mainly related to features distinguishing SCTP from TCP and UDP. To avoid these drawbacks a new security solution for SCTP, called Secure SCTP (S-SCTP), is proposed which integrates the cryptographic functions into SCTP. One main requirement was that S-SCTP should be fully compatible with standard SCTP while additionally providing strong security i.e. data confidentiality, integrity and authentication. This also means that all features, options and extensions available for standard SCTP have to be supported. Furthermore, S-SCTP should have advantages with respect to performance over all parameter ranges of SCTP and be user-friendly. To specify the S-SCTP protocol extension several new control messages and new message parameters have been defined. Furthermore, procedures for initialisation, rekeying, and termination of secure sessions have been specified and modelled in SDL. Based on an SCTP implementation available in our group and an open source implementation of TLS, TLS over SCTP and S-SCTP have been implemented. These implementations as well as an SCTP over IPSec configuration were used to do comparative performance studies in a lab testbed. These experiments show that the S-SCTP concept achieves its design goals. It supports all features and current extensions of SCTP. Furthermore, it avoids the inefficiencies of the other solutions over a wide range of application scenarios and protocol parameter settings

Design and implementation aspects of open source next generation networks (NGN) test-bed software toolkits

Informations- und Kommunikationstechnologien bilden seit langem das immer wichtiger werdende Rückgrat der weltweiten Wirtschaft und Telekommunikation, in der speziell Telekommunikationsnetze und -dienste einen elementaren Anteil tragen. Durch die Konvergenz von Telekommunikations- und Internettechnologien hat sich die Telekommunikationslandschaft in der letzten Dekade drastisch verändert. Bislang geschlossene Telekommunikationsumgebungen haben sich imWandel zum sogenannten Next Generation Network (NGN) hinsichtlich unterstützter Zugangsnetztechnologien und angebotener multimedialer Anwendungen sowie der eingesetzten Protokolle und Dienste zu komplexen, hochdynamischen, Multi-Service Infrastrukturen gewandelt. Die Kontrollschicht solcher NGNs ist dabei von übergeordneter Bedeutung, da diese zwischen den Zugangsnetzen und den Anwendungen sitzt. Der Einsatz und die Optimierung des IP-Multimedia Subsystem (IMS) wurde in diesem Kontext Jahrelang erforscht und diskutiert und es repräsentiert heute die weltweit anerkannte Kontrollplattform für feste und mobile Telekommunikationsnetze. Die Forschung an Protokollen und Diensten in diesen NGN Umgebungen ist aufgrund der Konvergenz von Technologien, Anwendungen und Business Modellen sowie der hohen Dynamik aber kurzen Innovationszyklen hochkomplex. Der frühzeitigen Zugang zu herstellerunabhängigen – aber dicht an der Produktwelt angelehnten - Validierungsinfrastrukturen, sogenannten offenen Technologietest-beds, kurz Test-beds, ist daher für Forschungs- und Entwicklungsabteilungen unerlässlich Die vorliegende Dissertation beschreibt die umfangreiche Forschungsarbeit des Autors auf dem Gebiet der offenen NGN Test-beds über die letzten neun Jahre und konzentriert sich dabei auf Entwurf, Entwicklung und Bereitstellung des Open Source IMS Core Projekt, das seit Jahren die Grundlage für eine Vielzahl von NGN Test-beds und zahllose NGN Forschungs- und Entwicklungsprojekte im akademischen als auch Industrienahen Umfeld rund um den Globus darstellt. Dabei wird ein großer Schwerpunkt auf die Anforderungen hinsichtlich Flexibilität, Leistung, Funktionalitätsumfang und Interoperabilität, sowie elementare Designprinzipien von Test-bedwerkzeugen gelegt. Die Arbeit beschreibt und bewertet darüberhinaus den Einsatz von Open Source Prinzipien und veranschaulicht die Vorteile dieses Ansatzes hinsichtlich Einfluss und Nachhaltigkeit der Forschung anhand des Aufbaus einer globalen Open Source IMS Core (OpenIMSCore) Forschungs-Community. Außerdem veranschaulicht die Arbeit zum Ende die Wiederverwendbarkeit der wesentlichen angewendeten Designprinzipien an anderen maßgeblich durch den Autor entwickelten Test-bed Werkzeugen, insbesondere dem Open Evolved Packet Core (OpenEPC) für die nahtlose Integration verschiedener Breitbandnetztechnologien.Information and Communication Technologies provide for a long time already the backbone of telecommunication networks, such that communication services represent an elementary foundation of today’s globally connected economy. The telecommunication landscape has experienced dramatic transformations through the convergence of the Telecom and the Internet worlds. The previously closed telecommunication domain is currently transforming itself through the so-called NGN evolution into a highly dynamic multiservice infrastructure, supporting rich multimedia applications, as well as providing comprehensive support for various access technologies. The control layer of such NGNs is then of paramount importance, as representing the convergent mediator between access and services. The use and the optimization of the IP-Multimedia Subsystem (IMS) was researched and considered in this domain for many years now, such that today it represents the world-wide recognized control platform for fixed and mobile NGNs. Research on protocols and services for such NGN architectures, due to the convergence of technologies, applications and business models, as well as for enabling highly dynamic and short innovation cycles, is highly complex and requires early access to vendor independent - yet close to real life systems - validation environments, the so-called open technology test-beds. The present thesis describes the extensive research of the author over the last nine years in the field of open NGN test-beds. It focuses on the design, development and deployment of the Open Source IMS Core project, which represents since years the foundation of numerous NGN test-beds and countless NGN Research & Development projects in the academia as well as the industry domain around the globe. A major emphasis is given for ensuring flexibility, performance, reference functionality and inter-operability, as well as satisfying elementary design principles of such test-bed toolkits. The study also describes and evaluates the use of Open Source principles, highlighting the advantages of using it in regard to the creation, impact and sustainability of a global OpenIMSCore research community. Moreover, the work documents that the essential design principles and methodology employed can be reused in a generic way to create test-bed toolkits in other technology domains. This is shown by introducing the OpenEPC project, which provides for seamless integration of different mobile broadband technologies