518 research outputs found

    Resilient and Scalable Forwarding for Software-Defined Networks with P4-Programmable Switches

    Get PDF
    Traditional networking devices support only fixed features and limited configurability. Network softwarization leverages programmable software and hardware platforms to remove those limitations. In this context the concept of programmable data planes allows directly to program the packet processing pipeline of networking devices and create custom control plane algorithms. This flexibility enables the design of novel networking mechanisms where the status quo struggles to meet high demands of next-generation networks like 5G, Internet of Things, cloud computing, and industry 4.0. P4 is the most popular technology to implement programmable data planes. However, programmable data planes, and in particular, the P4 technology, emerged only recently. Thus, P4 support for some well-established networking concepts is still lacking and several issues remain unsolved due to the different characteristics of programmable data planes in comparison to traditional networking. The research of this thesis focuses on two open issues of programmable data planes. First, it develops resilient and efficient forwarding mechanisms for the P4 data plane as there are no satisfying state of the art best practices yet. Second, it enables BIER in high-performance P4 data planes. BIER is a novel, scalable, and efficient transport mechanism for IP multicast traffic which has only very limited support of high-performance forwarding platforms yet. The main results of this thesis are published as 8 peer-reviewed and one post-publication peer-reviewed publication. The results cover the development of suitable resilience mechanisms for P4 data planes, the development and implementation of resilient BIER forwarding in P4, and the extensive evaluations of all developed and implemented mechanisms. Furthermore, the results contain a comprehensive P4 literature study. Two more peer-reviewed papers contain additional content that is not directly related to the main results. They implement congestion avoidance mechanisms in P4 and develop a scheduling concept to find cost-optimized load schedules based on day-ahead forecasts

    Efficient Security Protocols for Constrained Devices

    Get PDF
    During the last decades, more and more devices have been connected to the Internet.Today, there are more devices connected to the Internet than humans.An increasingly more common type of devices are cyber-physical devices.A device that interacts with its environment is called a cyber-physical device.Sensors that measure their environment and actuators that alter the physical environment are both cyber-physical devices.Devices connected to the Internet risk being compromised by threat actors such as hackers.Cyber-physical devices have become a preferred target for threat actors since the consequence of an intrusion disrupting or destroying a cyber-physical system can be severe.Cyber attacks against power and energy infrastructure have caused significant disruptions in recent years.Many cyber-physical devices are categorized as constrained devices.A constrained device is characterized by one or more of the following limitations: limited memory, a less powerful CPU, or a limited communication interface.Many constrained devices are also powered by a battery or energy harvesting, which limits the available energy budget.Devices must be efficient to make the most of the limited resources.Mitigating cyber attacks is a complex task, requiring technical and organizational measures.Constrained cyber-physical devices require efficient security mechanisms to avoid overloading the systems limited resources.In this thesis, we present research on efficient security protocols for constrained cyber-physical devices.We have implemented and evaluated two state-of-the-art protocols, OSCORE and Group OSCORE.These protocols allow end-to-end protection of CoAP messages in the presence of untrusted proxies.Next, we have performed a formal protocol verification of WirelessHART, a protocol for communications in an industrial control systems setting.In our work, we present a novel attack against the protocol.We have developed a novel architecture for industrial control systems utilizing the Digital Twin concept.Using a state synchronization protocol, we propagate state changes between the digital and physical twins.The Digital Twin can then monitor and manage devices.We have also designed a protocol for secure ownership transfer of constrained wireless devices. Our protocol allows the owner of a wireless sensor network to transfer control of the devices to a new owner.With a formal protocol verification, we can guarantee the security of both the old and new owners.Lastly, we have developed an efficient Private Stream Aggregation (PSA) protocol.PSA allows devices to send encrypted measurements to an aggregator.The aggregator can combine the encrypted measurements and calculate the decrypted sum of the measurements.No party will learn the measurement except the device that generated it

    A Cross-layer Approach for MPTCP Path Management in Heterogeneous Vehicular Networks

    Get PDF
    Multipath communication has recently arisen as a promising tool to address reliable communication in vehicular networks. The architecture of Multipath TCP (MPTCP) is designed to facilitate concurrent utilization of multiple network interfaces, thereby enabling the system to optimize network throughput. In the context of vehicular environments, MPTCP offers a promising solution for seamless roaming, as it enables the system to maintain a stable connection by switching between available network interfaces. This paper investigates the suitability of MPTCP to support resilient and efficient Vehicleto-Infrastructure (V2I) communication over heterogeneous networks. First, we identify and discuss several challenges that arise in heterogeneous vehicular networks, including issues such as Head-of-Line (HoL) blocking and service interruptions during handover events. Then, we propose a cross-layer path management scheme for MPTCP, that leverages real-time network information to improve the reliability and efficiency of multipath vehicular communication. Our emulation results demonstrate that the proposed scheme not only achieves seamless mobility across heterogeneous networks but also significantly reduces handover latency, packet loss, and out-of-order packet delivery. These improvements have a direct impact on the quality of experience for vehicular users, as they lead to lower application layer delay and higher throughput

    Enhancing security by using GIFT and ECC encryption method in multi-tenant datacenters

    Get PDF
    Data security and user privacy have become crucial elements in multi-tenant data centers. Various traffic types in the multi-tenant data center in the cloud environment have their characteristics and requirements. In the data center network (DCN), short and long flows are sensitive to low latency and high throughput, respectively. The traditional security processing approaches, however, neglect these characteristics and requirements. This paper proposes a fine-grained security enhancement mechanism (SEM) to solve the problem of heterogeneous traffic and reduce the traffic completion time (FCT) of short flows while ensuring the security of multi-tenant traffic transmission. Specifically, for short flows in DCN, the lightweight GIFT encryption method is utilized. For Intra-DCN long flows and Inter-DCN traffic, the asymmetric elliptic curve encryption algorithm (ECC) is utilized. The NS-3 simulation results demonstrate that SEM dramatically reduces the FCT of short flows by 70% compared to several conventional encryption techniques, effectively enhancing the security and anti-attack of traffic transmission between DCNs in cloud computing environments. Additionally, SEM performs better than other encryption methods under high load and in large-scale cloud environments

    Optimising WLANs Power Saving: Context-Aware Listen Interval

    Get PDF
    Energy is a vital resource in wireless computing systems. Despite the increasing popularity of Wireless Local Area Networks (WLANs), one of the most important outstanding issues remains the power consumption caused by Wireless Network Interface Controller (WNIC). To save this energy and reduce the overall power consumption of wireless devices, a number of power saving approaches have been devised including Static Power Save Mode (SPSM), Adaptive PSM (APSM), and Smart Adaptive PSM (SAPSM). However, the existing literature has highlighted several issues and limitations in regards to their power consumption and performance degradation, warranting the need for further enhancements. This thesis proposes a novel Context-Aware Listen Interval (CALI), in which the wireless network interface, with the aid of a Machine Learning (ML) classification model, sleeps and awakes based on the level of network activity of each application. We focused on the network activity of a single smartphone application while ignoring the network activity of applications running simultaneously. We introduced a context-aware network traffic classification approach based on ML classifiers to classify the network traffic of wireless devices in WLANs. Smartphone applications’ network traffic reflecting a diverse array of network behaviour and interactions were used as contextual inputs for training ML classifiers of output traffic, constructing an ML classification model. A real-world dataset is constructed, based on nine smartphone applications’ network traffic, this is used firstly to evaluate the performance of five ML classifiers using cross-validation, followed by conducting extensive experimentation to assess the generalisation capacity of the selected classifiers on unseen testing data. The experimental results further validated the practical application of the selected ML classifiers and indicated that ML classifiers can be usefully employed for classifying the network traffic of smartphone applications based on different levels of behaviour and interaction. Furthermore, to optimise the sleep and awake cycles of the WNIC in accordance with the smartphone applications’ network activity. Four CALI power saving modes were developed based on the classified output traffic. Hence, the ML classification model classifies the new unseen samples into one of the classes, and the WNIC will be adjusted to operate into one of CALI power saving modes. In addition, the performance of CALI’s power saving modes were evaluated by comparing the levels of energy consumption with existing benchmark power saving approaches using three varied sets of energy parameters. The experimental results show that CALI consumes up to 75% less power when compared to the currently deployed power saving mechanism on the latest generation of smartphones, and up to 14% less energy when compared to SAPSM power saving approach, which also employs an ML classifier

    Applications

    Get PDF
    Volume 3 describes how resource-aware machine learning methods and techniques are used to successfully solve real-world problems. The book provides numerous specific application examples: in health and medicine for risk modelling, diagnosis, and treatment selection for diseases in electronics, steel production and milling for quality control during manufacturing processes in traffic, logistics for smart cities and for mobile communications

    Jornadas Nacionales de Investigación en Ciberseguridad: actas de las VIII Jornadas Nacionales de Investigación en ciberseguridad: Vigo, 21 a 23 de junio de 2023

    Get PDF
    Jornadas Nacionales de Investigación en Ciberseguridad (8ª. 2023. Vigo)atlanTTicAMTEGA: Axencia para a modernización tecnolóxica de GaliciaINCIBE: Instituto Nacional de Cibersegurida

    Codificación adaptativa de red para sistemas inalámbricos IEEE 802.11s en modo infraestructura

    Get PDF
    Las redes inalámbricas malladas IEEE 802.11s en modo infraestructura, denominadas comúnmente como iWMNs (Infrastructure Wireless Mesh Networks), están constituidas por nodos inalámbricos estáticos capaces de trabajar coordinadamente para encaminar paquetes de datos. De esta manera, los nodos colaboran para poder intercambiar información entre sí. Más aún, las iWMNs pueden ser interconectadas con otras tecnologías de red y, de este modo, coadyuvar a extender inalámbricamente la cobertura de estas redes; por ejemplo, las iWMNs se emplean hoy en día para extender la cobertura de redes celulares o de redes cableadas. Gracias a estas características, y también a su bajo costo de infraestructura, las redes iWMNs son consideradas hoy en día como una excelente opción para ofrecer servicios de conectividad inalámbrica a Internet en zonas geográficas donde el uso de otras tecnologías resulta inviable. A pesar de las prometedoras características de las iWMNs; existen estudios y resultados que plantean dudas sobre su desempeño, ya que se ha documentado que el rendimiento de estas redes puede ser afectado por numerosos factores; tales como el uso de TCP para transportar información en entornos inalámbricos, la tasa de errores en el medio inalámbrico, así como la contienda por el acceso al medio entre usuarios de la red. Todos estos factores pueden degradar las prestaciones de las iWMNs y, consecuentemente, afectar la calidad de la experiencia que reciben los usuarios. En esta tesis doctoral se atienden algunos de estos problemas de desempeño mediante la técnica denominada como codificación adaptativa de red. Esta técnica ayuda a que los nodos de una iWMN puedan combinar varios paquetes de datos y de este modo construir un paquete codificado; al transmitir este paquete se transporta la información contenida en los paquetes originales requiriendo únicamente una transmisión inalámbrica, reduciendo de esta manera el uso del medio inalámbrico y, con ello, se incrementa la capacidad de la red. La técnica propuesta, además, busca que el proceso de codificación se adapte a las condiciones de tráfico en la red a través del ajuste dinámico del tiempo de espera de los paquetes en un nodo antes de poder ser combinados; es así como se puede disminuir el retardo de codificación. Con esta propuesta se pretende mejorar sustancialmente el desempeño de las iWMNs, resolviendo algunos problemas que las afectan. La evaluación de la propuesta se realiza empleando simulaciones y evaluaciones numéricas. A través de un minucioso análisis de resultados encontramos que las iWMNs pueden mejorar su rendimiento al emplear la técnica de codificación adaptativa de red, ya que se reduce considerablemente el número de transmisiones inalámbricas en la red, y, por consiguiente: i) se disminuye la contienda por el medio, ii) se reducen las probabilidades de error en el medio y iii) se incrementa la capacidad de la red.IEEE 802.11s INFRASTRUCTURE WIRELESS MESH NETWORKS (commonly known as iWMNs) are integrated by static wireless nodes capable of working in coordination to route data packets. In this way, the nodes collaborate to exchange information with each other. In addition, iWMNs can be interconnected with other network technologies and, in this way, help to wirelessly extend the coverage of these networks; for example, iWMNs are used today to extend the coverage of cellular or wired networks. Thanks to this feature, and also to their low infrastructure cost, iWMNs networks are considered today as an excellent option to offer wireless Internet connectivity services in geographical areas where the use of other network technologies is unfeasible. Despite the promising features of iWMNs, there are studies and results that cast doubt on their performance, since it has been documented that the performance of these networks can be affected by numerous factors; such as the use of TCP to transport information in wireless environments, the transmission errors in the wireless medium, as well as the access contention between network users. All these factors can degrade the performance of iWMNs and, consequently, affect the quality of the experience for the users. In this doctoral thesis, some of these performance problems are addressed through the technique called adaptive network coding. With this technique, the nodes of an iWMN are allowed to combine various data packets and thus build an encoded packet; this packet contains the information from the original packets, requiring only one wireless transmission to transport the original information, reducing the use of the wireless medium and, thereby, increasing the capacity of the network. The proposed technique also seeks to adapt the coding process to the traffic conditions in the network through the dynamic adjustment of the waiting time of the packets in a node before they can be combined. This proposal aims to substantially improve the performance of iWMNs, solving some problems that affect them. The evaluation of the proposal is carried out through simulations and numerical evaluations. After a detailed analysis of the results, we find that iWMNs can improve their performance by using the adaptive network coding technique, since the number of wireless transmissions in the network is considerably reduced, and, consequently, i) the medium access contention decreases, ii) the probability of errors in the medium is reduced, and iii) the capacity of the network increase

    Optimization of 5G Second Phase Heterogeneous Radio Access Networks with Small Cells

    Get PDF
    Due to the exponential increase in high data-demanding applications and their services per coverage area, it is becoming challenging for the existing cellular network to handle the massive sum of users with their demands. It is conceded to network operators that the current wireless network may not be capable to shelter future traffic demands. To overcome the challenges the operators are taking interest in efficiently deploying the heterogeneous network. Currently, 5G is in the commercialization phase. Network evolution with addition of small cells will develop the existing wireless network with its enriched capabilities and innovative features. Presently, the 5G global standardization has introduced the 5G New Radio (NR) under the 3rd Generation Partnership Project (3GPP). It can support a wide range of frequency bands (<6 GHz to 100 GHz). For different trends and verticals, 5G NR encounters, functional splitting and its cost evaluation are well-thought-out. The aspects of network slicing to the assessment of the business opportunities and allied standardization endeavours are illustrated. The study explores the carrier aggregation (Pico cellular) technique for 4G to bring high spectral efficiency with the support of small cell massification while benefiting from statistical multiplexing gain. One has been able to obtain values for the goodput considering CA in LTE-Sim (4G), of 40 Mbps for a cell radius of 500 m and of 29 Mbps for a cell radius of 50 m, which is 3 times higher than without CA scenario (2.6 GHz plus 3.5 GHz frequency bands). Heterogeneous networks have been under investigation for many years. Heterogeneous network can improve users service quality and resource utilization compared to homogeneous networks. Quality of service can be enhanced by putting the small cells (Femtocells or Picocells) inside the Microcells or Macrocells coverage area. Deploying indoor Femtocells for 5G inside the Macro cellular network can reduce the network cost. Some service providers have started their solutions for indoor users but there are still many challenges to be addressed. The 5G air-simulator is updated to deploy indoor Femto-cell with proposed assumptions with uniform distribution. For all the possible combinations of apartments side length and transmitter power, the maximum number of supported numbers surpassed the number of users by more than two times compared to papers mentioned in the literature. Within outdoor environments, this study also proposed small cells optimization by putting the Pico cells within a Macro cell to obtain low latency and high data rate with the statistical multiplexing gain of the associated users. Results are presented 5G NR functional split six and split seven, for three frequency bands (2.6 GHz, 3.5GHz and 5.62 GHz). Based on the analysis for shorter radius values, the best is to select the 2.6 GHz to achieve lower PLR and to support a higher number of users, with better goodput, and higher profit (for cell radius u to 400 m). In 4G, with CA, from the analysis of the economic trade-off with Picocell, the Enhanced multi-band scheduler EMBS provide higher revenue, compared to those without CA. It is clearly shown that the profit of CA is more than 4 times than in the without CA scenario. This means that the slight increase in the cost of CA gives back more than 4-time profit relatively to the ”without” CA scenario.Devido ao aumento exponencial de aplicações/serviços de elevado débito por unidade de área, torna-se bastante exigente, para a rede celular existente, lidar com a enormes quantidades de utilizadores e seus requisitos. É reconhecido que as redes móveis e sem fios atuais podem não conseguir suportar a procura de tráfego junto dos operadores. Para responder a estes desafios, os operadores estão-se a interessar pelo desenvolvimento de redes heterogéneas eficientes. Atualmente, a 5G está na fase de comercialização. A evolução destas redes concretizar-se-á com a introdução de pequenas células com aptidões melhoradas e características inovadoras. No presente, os organismos de normalização da 5G globais introduziram os Novos Rádios (NR) 5G no contexto do 3rd Generation Partnership Project (3GPP). A 5G pode suportar uma gama alargada de bandas de frequência (<6 a 100 GHz). Abordam-se as divisões funcionais e avaliam-se os seus custos para as diferentes tendências e verticais dos NR 5G. Ilustram-se desde os aspetos de particionamento funcional da rede à avaliação das oportunidades de negócio, aliadas aos esforços de normalização. Exploram-se as técnicas de agregação de espetro (do inglês, CA) para pico células, em 4G, a disponibilização de eficiência espetral, com o suporte da massificação de pequenas células, e o ganho de multiplexagem estatística associado. Obtiveram-se valores do débito binário útil, considerando CA no LTE-Sim (4G), de 40 e 29 Mb/s para células de raios 500 e 50 m, respetivamente, três vezes superiores em relação ao caso sem CA (bandas de 2.6 mais 3.5 GHz). Nas redes heterogéneas, alvo de investigação há vários anos, a qualidade de serviço e a utilização de recursos podem ser melhoradas colocando pequenas células (femto- ou pico-células) dentro da área de cobertura de micro- ou macro-células). O desenvolvimento de pequenas células 5G dentro da rede com macro-células pode reduzir os custos da rede. Alguns prestadores de serviços iniciaram as suas soluções para ambientes de interior, mas ainda existem muitos desafios a ser ultrapassados. Atualizou-se o 5G air simulator para representar a implantação de femto-células de interior com os pressupostos propostos e distribuição espacial uniforme. Para todas as combinações possíveis do comprimento lado do apartamento, o número máximo de utilizadores suportado ultrapassou o número de utilizadores suportado (na literatura) em mais de duas vezes. Em ambientes de exterior, propuseram-se pico-células no interior de macro-células, de forma a obter atraso extremo-a-extremo reduzido e taxa de transmissão dados elevada, resultante do ganho de multiplexagem estatística associado. Apresentam-se resultados para as divisões funcionais seis e sete dos NR 5G, para 2.6 GHz, 3.5GHz e 5.62 GHz. Para raios das células curtos, a melhor solução será selecionar a banda dos 2.6 GHz para alcançar PLR (do inglês, PLR) reduzido e suportar um maior número de utilizadores, com débito binário útil e lucro mais elevados (para raios das células até 400 m). Em 4G, com CA, da análise do equilíbrio custos-proveitos com pico-células, o escalonamento multi-banda EMBS (do inglês, Enhanced Multi-band Scheduler) disponibiliza proveitos superiores em comparação com o caso sem CA. Mostra-se claramente que lucro com CA é mais de quatro vezes superior do que no cenário sem CA, o que significa que um aumento ligeiro no custo com CA resulta num aumento de 4-vezes no lucro relativamente ao cenário sem CA
    corecore