Wi-Fi Enabled Healthcare

Focusing on its recent proliferation in hospital systems, Wi-Fi Enabled Healthcare explains how Wi-Fi is transforming clinical work flows and infusing new life into the types of mobile devices being implemented in hospitals. Drawing on first-hand experiences from one of the largest healthcare systems in the United States, it covers the key areas associated with wireless network design, security, and support. Reporting on cutting-edge developments and emerging standards in Wi-Fi technologies, the book explores security implications for each device type. It covers real-time location services and emerging trends in cloud-based wireless architecture. It also outlines several options and design consideration for employee wireless coverage, voice over wireless (including smart phones), mobile medical devices, and wireless guest services. This book presents authoritative insight into the challenges that exist in adding Wi-Fi within a healthcare setting. It explores several solutions in each space along with design considerations and pros and cons. It also supplies an in-depth look at voice over wireless, mobile medical devices, and wireless guest services. The authors provide readers with the technical knowhow required to ensure their systems provide the reliable, end-to-end communications necessary to surmount today’s challenges and capitalize on new opportunities. The shared experience and lessons learned provide essential guidance for large and small healthcare organizations in the United States and around the world. This book is an ideal reference for network design engineers and high-level hospital executives that are thinking about adding or improving upon Wi-Fi in their hospitals or hospital systems

Inter-Domain Authentication for Seamless Roaming in Heterogeneous Wireless Networks

The convergence of diverse but complementary wireless access technologies and inter-operation among administrative domains have been envisioned as crucial for the next generation wireless networks that will provide support for end-user devices to seamlessly roam across domain boundaries. The integration of existing and emerging heterogeneous wireless networks to provide such seamless roaming requires the design of a handover scheme that provides uninterrupted service continuity while facilitating the establishment of authenticity of the entities involved. The existing protocols for supporting re-authentication of a mobile node during a handover across administrative domains typically involve several round trips to the home domain, and hence introduce long latencies. Furthermore, the existing methods for negotiating roaming agreements to establish inter-domain trust rely on a lengthy manual process, thus, impeding seamless roaming across multiple domains in a truly heterogeneous wireless network. In this thesis, we present a new proof-token based authentication protocol that supports quick re-authentication of a mobile node as it moves to a new foreign domain without involving communication with the home domain. The proposed proof-token based protocol can also support establishment of spontaneous roaming agreements between a pair of domains that do not already have a direct roaming agreement, thus allowing flexible business models to be supported. We describe details of the new authentication architecture, the proposed protocol, which is based on EAP-TLS and compare the proposed protocol with existing protocols

Deploying ITS Scenarios Providing Security and Mobility Services Based on IEEE 802.11p Technology

Botany & plant science

Gestão de ligações baseada em IEEE 802.21

Mestrado em Engenharia de Computadores e TelemáticaAvanços recentes nas telecomunicações conduziram a uma combinação de várias interfaces de acesso à rede num único dispositivo. Os programas de gestão de ligações atuais lidam com as diferentes tecnologias individualmente, e baseiam a seleção da rede de acesso em parâmetros tais como a potência de sinal, ou taxa de transmissão máxima. Nem sempre estes mecanismos refletem a performance real de uma rede, levando a uma experiência de acesso fraca. Neste trabalho é implementada uma framework de gestão de ligações inovadora, baseada na norma IEEE 802.21. Esta norma disponibiliza mecanismos que facilitam e otimizam handovers entre diferentes tecnologias e a seleção de ligações através da troca de informações entre as entidades da rede e o terminal, incluindo informação de QoS, desempenho ou outras características. Além disso, a norma permite a gestão de dispositivos independentemente da tecnologia, através de uma interface uniformizada ao nível da camada de ligação de dados. Em virtude da extensão desta interface com mecanismos multi-camada, a nova framework possibilita a configuração asbtrata das interfaces de rede, incluindo a associação, configurações de segurança e endereçamento IP. O acesso a informação da rede capacita ainda os gestores de ligações para a realização de melhores decisões, tendo em conta o estado da rede e os requisitos das aplicações do terminal. Esta framework é integrada com as ferramentas e applets de configuração de rede do sistema operativo GNU/Linux, através da substituição transparente da aplicação NetworkManager. Em comparação, a nova framework apresenta overhead insignificante, uma quantidade de código inferior e melhor consumo de bateria, além de mecanismos otimizados para ligação oportunística.Recent advances in telecommunications have lead to the combination of various network access interfaces in a single device. Current network management software handles different technologies individually, and base connection decisions on parameters such as signal strength, or maximum throughput. Often, these network attributes do not reflect the real network perfomance, leading to poor network experience. In this work, a novel network management framework is implemented, based on the IEEE 802.21 standard. This standard provides mechanisms to facilitate and optimize inter-technology handovers and network selection through information exchanges between network and terminal entities, including QoS and other network capability and performance information. Moreover, it enables media independent device management via a common link layer interface. By extending this interface with cross-layer mechanisms, the new framework allows abstract configuration of the network interfaces, including network association, security setup procedures and IP address configuration. The access to network information will additionally empower network managers to perform better decisions that take network state and terminal application requirements into account. This framework is integrated with the existing configuration tools and applets from the GNU/Linux Operating System, by seamlessly replacing the existing NetworkManager application. In doing so, the new framework shows insignificant overhead, a reduced code base and better battery consumption, on top of optimized procedures for opportunistic network attachment

Virtual network function development for NG-PON Access Network Architecture

Dissertação de mestrado em Engenharia de Redes e Serviços TelemáticosThe access to Internet services on a large scale, high throughput and low latency has grown at a very high pace over time, with a growing demand for media content and applications increasingly oriented towards data consumption. This fact about the use of data at the edge of the network requires the Central Offices (CO) of telecommunication providers, to be pre pared to absorb these demands. COs generally offer data from various access methods, such as Passive Optical Network (PON) technologies, mobile networks, copper wired and oth ers. For each of these technologies there may be different manufacturers that support only their respective hardware and software solutions, although they all share different network resources and have management, configuration and monitoring tools (Fault, Configuration, Accounting, Performance, and Security management - FCAPS) similar, but being distinct and isolated from each other, which produces huge investment in Capital Expenditure (CAPEX) and Operational Expenditure (OPEX) and can cause barriers to innovation. Such panora mas forced the development of more flexible, scalable solutions that share platforms and net work architectures that can meet this need and enable the evolution of networks. It is then proposed the architecture of Software-Defined Network (SDN) which has in its proposal to abstract the control plane from the data plane, in addition to the virtualization of several Net work Function Virtualization (NFV). The SDN architecture allows APIs and protocols such as Openflow, NETCONF / YANG, RESTCONF, gRPC and others to be used so that there is communication between the various hardware and software elements that compose the net work and consume network resources, such as services AAA, DHCP, routing, orchestration, management or various applications that may exist in this context. This work then aims at the development of a virtualized network function, namely a VNF in the context of network security to be integrated as a component of an architecture guided by the SDN paradigm applied to broadband networks, and also adherent to the architecture OB-BAA promoted by the Broadband Forum. Such OB-BAA architecture fits into the initia tive to modernize the Information Technology (IT) components of broadband networks, more specifically the Central Offices. With such development, it was intended to explore the con cepts of network security, such as the IEEE 802.1X protocol applied in NG-PON networks for authentication and authorization of new network equipment. To achieve this goal, the development of the applications was based on the Golang language combined with gRPC programmable interfaces for communication between the various elements of the architec ture. Network emulators were initially used, and then the components were ”containerized” and inserted in the Docker and Kubernetes virtualization frameworks. Finally, performance metrics were analyzed in the usage tests, namely computational resource usage metrics (CPU, memory and network I/O), in addition to the execution time of several processes performed by the developed applications.O acesso aos serviços de Internet em larga escala, alto débito e baixa latência têm crescido em um ritmo bastante elevado ao longo dos tempos, com uma demanda crescente por conteúdos de media e aplicações cada vez mais orientadas ao consumo de dados. Tal fato acerca da uti lização de dados na periferia da rede, obriga a que os Central Offices (CO) dos provedores de telecomunicações estejam preparados para absorver estas demandas. Os CO geralmente re cebem dados de diversos métodos de acesso, como tecnologias Passive Optical Network (PON), redes móveis, cabladas em cobre, entre outros. Para cada uma destas tecnologias pode haver diferentes fabricantes que suportam somente suas respetivas soluções de hardware e software, apesar de todas compartilharem diversos recursos de rede e possuírem ferramentas de gestão, configuração e monitoração (Fault-management, Configuration, Accounting, Performance e Segurança - FCAPS) similares, mas serem distintas e isoladas entre si, o que se traduz em um enorme investimento em Capital Expenditure (CAPEX) e Operational Expenditure (OPEX) e pode causar barreiras à inovação. Tais panoramas forçaram o desenvolvimento de soluções mais flexíveis, escaláveis e que compartilhem plataformas e arquiteturas de redes que pos sam suprir tal necessidade e possibilitar a evolução das redes. Propõe-se então a arquitetura de redes definidas por software (Software-Defined Network - SDN) que tem em sua proposta abstrair o plano de controle do plano de dados, além da virtualização de diversas funções de rede (Network Function Virtualization - NFV). A arquitetura SDN possibilita que API’s e pro tocolos como Openflow, NETCONF/YANG, RESTCONF, gRPC e outros, sejam utilizados para que haja comunicação entre os diversos elementos de hardware e software que estejam a compor a rede e a consumir recursos de redes, como serviços de AAA, DHCP, roteamento, orquestração, gestão ou diversas outras aplicações que possam existir neste contexto. Este trabalho visa então o desenvolvimento de uma função de rede virtualizada nomeada mente uma (Virtual Network Function - VNF) no âmbito de segurança de redes a ser integrada como um componente de uma arquitetura orientada pelo paradigma de SDN aplicado a re des de banda larga, e aderente também à arquitetura OB-BAA promovida pelo Broadband Fo rum. Tal arquitetura OB-BAA se enquadra na iniciativa de modernização dos componentes de Tecnologia da Informação (TI) das redes de banda larga, mais especificamente dos Cen tral Offices. Com tal desenvolvimento pretende-se explorar conceitos de segurança de redes, como o protocolo IEEE 802.1X aplicado em redes NG-PON para autenticação e autorização de novos equipamentos de rede. Para atingir tal objetivo, utilizou-se desenvolvimento de aplicações baseadas na linguagem Golang aliado com interfaces programáveis gRPC para comunicação entre os diversos elementos da arquitetura. Para emular tais componentes, utilizou-se inicialmente emuladores de rede, e em um segundo momento os componentes foram ”containerizados” e inseridos nos frameworks de virtualização Docker e Kubernetes.Por fim, foram analisadas métricas de desempenho nos testes executados, nomeadamente métricas de utilização de recursos computacionais (CPU, memória e tráfego de rede), além do tempo de execução de diversos processos desempenhados pelas aplicações desenvolvidas

Security-centric analysis and performance investigation of IEEE 802.16 WiMAX

fi=vertaisarvioitu|en=peerReviewed

Access Control Mechanism for IoT Environments Based on Modelling Communication Procedures as Resources

Internet growth has generated new types of services where the use of sensors and actuators is especially remarkable. These services compose what is known as the Internet of Things (IoT). One of the biggest current challenges is obtaining a safe and easy access control scheme for the data managed in these services. We propose integrating IoT devices in an access control system designed for Web-based services by modelling certain IoT communication elements as resources. This would allow us to obtain a unified access control scheme between heterogeneous devices (IoT devices, Internet-based services, etc.). To achieve this, we have analysed the most relevant communication protocols for these kinds of environments and then we have proposed a methodology which allows the modelling of communication actions as resources. Then, we can protect these resources using access control mechanisms. The validation of our proposal has been carried out by selecting a communication protocol based on message exchange, specifically Message Queuing Telemetry Transport (MQTT). As an access control scheme, we have selected User-Managed Access (UMA), an existing Open Authorization (OAuth) 2.0 profile originally developed for the protection of Internet services. We have performed tests focused on validating the proposed solution in terms of the correctness of the access control system. Finally, we have evaluated the energy consumption overhead when using our proposal.Ministerio de Economía y CompetitividadUniversidad de Alcal

Authentication Mechanism for Ad Hoc Wireless Local Area Network

Wireless networks have grown rapidly over the last decade and they have been deployed in numerous applications due to their advantages over wired networks, specifically for its mobility and convenience. However, due to its wireless nature, some security issues in wireless network need to be addressed, such as unauthorized or rogue wireless devices which are relatively easy to connect to the network because they do not need any physical access. These issues might prevent further acceptance and adoption of wireless network technology. One of the solutions to overcome the wireless network security is the 802.1X specification. It is a mechanism for port-based network access control, which based on Extensible Authentication Protocol (EAP). It is an authentication framework that can support multiple authentication methods. This research is looking into the possibility of using EAP as a generic authentication mechanism in ad hoc wireless local area networks. One promising advantage of using EAP-based authentication mechanism in a network is its interoperability with other types of networks since EAP is already a platform for various authentication mechanisms. This thesis studies and explores the feasibility of using EAP in ad hoc wireless local area network and then proposes a mechanism to implement EAP in ad hoc wireless local area network based on EAP multiplexing model. This thesis also proposes an extension to EAP, a mechanism to select a suitable EAP method out of a set of EAP methods to be used in EAP authentication process in heterogeneous mobile devices environment, where the network consists of different types of nodes I devices with different specifications and capabilities, and each node may support different type of EAP authentication method. Toward the end of this thesis, formal specification and verification of the proposed authentication mechanism are derived and strong final beliefs are obtained. Furthermore, node architecture that can be used in simulation of EAP authentication is designed and the EAP method selection mechanism is simulated