Security and Privacy of IP-ICN Coexistence: A Comprehensive Survey

Internet usage has changed from its first design. Hence, the current Internet must cope with some limitations, including performance degradation, availability of IP addresses, and multiple security and privacy issues. Nevertheless, to unsettle the current Internet's network layer i.e., Internet Protocol with ICN is a challenging, expensive task. It also requires worldwide coordination among Internet Service Providers , backbone, and Autonomous Services. Additionally, history showed that technology changes e.g., from 3G to 4G, from IPv4 to IPv6 are not immediate, and usually, the replacement includes a long coexistence period between the old and new technology. Similarly, we believe that the process of replacement of the current Internet will surely transition through the coexistence of IP and ICN. Although the tremendous amount of security and privacy issues of the current Internet taught us the importance of securely designing the architectures, only a few of the proposed architectures place the security-by-design. Therefore, this article aims to provide the first comprehensive Security and Privacy analysis of the state-of-the-art coexistence architectures. Additionally, it yields a horizontal comparison of security and privacy among three deployment approaches of IP and ICN protocol i.e., overlay, underlay, and hybrid and a vertical comparison among ten considered security and privacy features. As a result of our analysis, emerges that most of the architectures utterly fail to provide several SP features including data and traffic flow confidentiality, availability and communication anonymity. We believe this article draws a picture of the secure combination of current and future protocol stacks during the coexistence phase that the Internet will definitely walk across

The Road to BOFUSS: The Basic OpenFlow User-space Software Switch

Software switches are pivotal in the Software-Defined Networking (SDN) paradigm, particularly in the early phases of development, deployment and testing. Currently, the most popular one is Open vSwitch (OVS), leveraged in many production-based environments. However, due to its kernel-based nature, OVS is typically complex to modify when additional features or adaptation is required. To this regard, a simpler user-space is key to perform these modifications. In this article, we present a rich overview of BOFUSS, the basic OpenFlow user-space software switch. BOFUSS has been widely used in the research community for diverse reasons, but it lacked a proper reference document. For this purpose, we describe the switch, its history, architecture, uses cases and evaluation, together with a survey of works that leverage this switch. The main goal is to provide a comprehensive overview of the switch and its characteristics. Although the original BOFUSS is not expected to surpass the high performance of OVS, it is a useful complementary artifact that provides some OpenFlow features missing in OVS and it can be easily modified for extended functionality. Moreover, enhancements provided by the BEBA project brought the performance from BOFUSS close to OVS. In any case, this paper sheds light to researchers looking for the trade-offs between performance and customization of BOFUSS.Comment: 24 pages, 7 figures; submitted to Telecommunications Systems journa

Interoperabilidade e mobilidade na internet do futuro

Research on Future Internet has been gaining traction in recent years, with both evolutionary (e.g., Software Defined Networking (SDN)- based architectures) and clean-slate network architectures (e.g., Information Centric Networking (ICN) architectures) being proposed. With each network architectural proposal aiming to provide better solutions for specific Internet utilization requirements, an heterogeneous Future Internet composed by several architectures can be expected, each targeting and optimizing different use case scenarios. Moreover, the increasing number of mobile devices, with increasing capabilities and supporting different connectivity technologies, are changing the patterns of traffic exchanged in the Internet. As such, this thesis focuses on the study of interoperability and mobility in Future Internet architectures, two key requirements that need to be addressed for the widely adoption of these network architectures. The first contribution of this thesis is an interoperability framework that, by enabling resources to be shared among different network architectures, avoids resources to be restricted to a given network architecture and, at the same time, promotes the initial roll out of new network architectures. The second contribution of this thesis consists on the development of enhancements for SDN-based and ICN network architectures through IEEE 802.21 mechanisms to facilitate and optimize the handover procedures on those architectures. The last contribution of this thesis is the definition of an inter-network architecture mobility framework that enables MNs to move across access network supporting different network architectures without losing the reachability to resources being accessed. All the proposed solutions were evaluated with results highlighting the feasibility of such solutions and the impact on the overall communication.A Internet do Futuro tem sido alvo de vários estudos nos últimos anos, com a proposta de arquitecturas de rede seguindo quer abordagens evolutionárias (por exemplo, Redes Definidas por Software (SDN)) quer abordagens disruptivas (por exemplo, Redes Centradas na Informação (ICN)). Cada uma destas arquitecturas de rede visa providenciar melhores soluções relativamente a determinados requisitos de utilização da Internet e, portanto, uma Internet do Futuro heterogénea composta por diversas arquitecturas de rede torna-se uma possibilidade, onde cada uma delas é usada para optimizar diferentes casos de utilização. Para além disso, o aumento do número de dispositivos móveis, com especificações acrescidas e com suporte para diferentes tecnologias de conectividade, está a mudar os padrões do tráfego na Internet. Assim, esta tese foca-se no estudo de aspectos de interoperabilidade e mobilidade em arquitecturas de rede da Internet do Futuro, dois importantes requisitos que necessitam de ser satisfeitos para que a adopção destas arquitecturas de rede seja considerada. A primeira contribuição desta tese é uma solução de interoperabilidade que, uma vez que permite que recursos possam ser partilhados por diferentes arquitecturas de rede, evita que os recursos estejam restringidos a uma determinada arquitectura de rede e, ao mesmo tempo, promove a adopção de novas arquitecturas de rede. A segunda contribuição desta tese consiste no desenvolvimento de extensões para arquitecturas de rede baseadas em SDN ou ICN através dos mecanismos propostos na norma IEEE 802.21 com o objectivo de facilitar e optimizar os processos de mobilidade nessas arquitecturas de rede. Finalmente, a terceira contribuição desta tese é a definição de uma solução de mobilidade envolvendo diferentes arquitecturas de rede que permite a mobilidade de dispositivos móveis entre redes de acesso que suportam diferentes arquitecturas de rede sem que estes percam o acesso aos recursos que estão a ser acedidos. Todas as soluções propostas foram avaliadas com os resultados a demonstrar a viabilidade de cada uma das soluções e o impacto que têm na comunicação.Programa Doutoral em Informátic

Generalized Virtual Networking: an enabler for Service Centric Networking and Network Function Virtualization

In this paper we introduce the Generalized Virtual Networking (GVN) concept. GVN provides a framework to influence the routing of packets based on service level information that is carried in the packets. It is based on a protocol header inserted between the Network and Transport layers, therefore it can be seen as a layer 3.5 solution. Technically, GVN is proposed as a new transport layer protocol in the TCP/IP protocol suite. An IP router that is not GVN capable will simply process the IP destination address as usual. Similar concepts have been proposed in other works, and referred to as Service Oriented Networking, Service Centric Networking, Application Delivery Networking, but they are now generalized in the proposed GVN framework. In this respect, the GVN header is a generic container that can be adapted to serve the needs of arbitrary service level routing solutions. The GVN header can be managed by GVN capable end-hosts and applications or can be pushed/popped at the edge of a GVN capable network (like a VLAN tag). In this position paper, we show that Generalized Virtual Networking is a powerful enabler for SCN (Service Centric Networking) and NFV (Network Function Virtualization) and how it couples with the SDN (Software Defined Networking) paradigm

Coexistence of ICN and IP networks: an NFV as a service approach

International audienceIn contrast to the current host-centric architecture, Information-Centric Networking (ICN) adopts content naming instead of host address and in-network caching to enhance the content delivery, improve the data distribution, and satisfy users' requirements. As ICN is being incrementally deployed in different real-world scenarios, it will exist with IP-based services in a hybrid network setting. Full deployment of ICN and total replacement of IP protocol is not feasible at the current stage since IP is dominating the Internet. On the other hand, redesigning TCP/IP applications from ICN perspective is a time-consuming task and requires a careful investigation from both business and technical point of view. Thus, the coexistence of ICN and IP is one of the suitable solutions. Towards this end, we propose a simple yet efficient coexistence solution based on Network Function Virtualization (NFV) technology. We define a set of communication regions and control virtual functions. A gateway node is used as an intermediate entity to fetch and deliver content over regions. The simulation results show that the proposed approach is valid and allow content fetching and delivering from different ICN and/to IP regions in an efficient manner

Quality of Service improvements for real time multimedia applications using next generation network architectures and blockchain in Internet Service Provider cooperative scenario

Real time communications are becoming part of our daily life, requiring constrained requisites with the purpose of being enjoyed in harmony by end users. The factors ruling these requisites are Quality of Service parameters of the users' Internet connections. Achieving a satisfactory QoS level for real time communications depends on parameters that are strongly influenced by the quality of the network connections among the Internet Service Providers, which are located in the path between final users and Over The Top service providers that are supplying them with real time services. Final users can be: business people having real time videoconferences, or adopting crytpocurrencies in their exchanges, videogamers playing online games together with others residing in other countries, migrants talking with their relatives or watching their children growing up in their home countries, people with disabilities adopting tecnologies to help them, doctors performing remote surgeries, manufacturers adopting augmented reality devices to perform dangerous tasks. Each of them performing their daily activities are requiring specific QoS parameters to their ISPs, that nowadays seem to be unable to provide them with a satisfactory QoS level for these kinds of real time services. Through the adoption of next generation networks, such as the Information Centric Networking, it would be possible to overcome the QoS problems that nowadays are experienced. By adopting Blockchain technologies, in several use cases, it would be possible to improve those security aspects related to the non-temperability of information and privacy. I started this thesis analyzing next generation architectures enabling real time multimedia communications. In Software Defined Networking, Named Data Networking and Community Information Centric Networking, I highlighted potential approaches to solve QoS problems that are affecting real time multimedia applications. During my experiments I found that applications able to transmit high quality videos, such as 4k or 8k videos, or to directly interact with devices AR/VR enabled are missing for both ICN approaches. Then I proposed a REST interface for the enforcing of a specific QoS parameter, the round trip time (RTT) taking into consideration the specific use case of a game company that connects with the same telecommunication company of the final user. Supposing that the proposed REST APIs have been deployed in the game company and in the ISP, when one or more users are experiencing lag, the game company will try to ask the ISP to reduce the RTT for that specific user or that group of users. This request can be done by performing a call to a method where IP address(es) and the maximum RTT desired are passed. I also proposed other methods, through which it would be possible to retrieve information about the QoS parameters, and exchange, if necessary, an exceeding parameter in change of another one. The proposed REST APIs can also be used in more complex scenarios, where ISPs along the path are chained together, in order to improve the end to end QoS among Over The Top service provider and final users. To store the information exchanged by using the proposed REST APIs, I proposed to adopt a permissioned blockchain, analizying the ISPs cooperative use case with Hyperledger Fabric, where I proposed the adoption of the Proof of Authority consensus algorithm, to increase the throughput in terms of transactions per second. In a specific case that I examined, I am proposing a combination of Information Centric Networking and Blockchain, in an architecture where ISPs are exchanging valuable information regarding final Users, to improve their QoS parameters. I also proposed my smart contract for the gaming delay use case, that can be used to rule the communication among those ISPs that are along the path among OTT and final users. An extension of this work can be done, by defining billing costs for the QoS improvements

Software Defined Networks based Smart Grid Communication: A Comprehensive Survey

The current power grid is no longer a feasible solution due to ever-increasing user demand of electricity, old infrastructure, and reliability issues and thus require transformation to a better grid a.k.a., smart grid (SG). The key features that distinguish SG from the conventional electrical power grid are its capability to perform two-way communication, demand side management, and real time pricing. Despite all these advantages that SG will bring, there are certain issues which are specific to SG communication system. For instance, network management of current SG systems is complex, time consuming, and done manually. Moreover, SG communication (SGC) system is built on different vendor specific devices and protocols. Therefore, the current SG systems are not protocol independent, thus leading to interoperability issue. Software defined network (SDN) has been proposed to monitor and manage the communication networks globally. This article serves as a comprehensive survey on SDN-based SGC. In this article, we first discuss taxonomy of advantages of SDNbased SGC.We then discuss SDN-based SGC architectures, along with case studies. Our article provides an in-depth discussion on routing schemes for SDN-based SGC. We also provide detailed survey of security and privacy schemes applied to SDN-based SGC. We furthermore present challenges, open issues, and future research directions related to SDN-based SGC.Comment: Accepte

The road to BOFUSS: The basic OpenFlow userspace software switch

Software switches are pivotal in the Software-Defined Networking (SDN) paradigm, particularly in the early phases of development, deployment and testing. Currently, the most popular one is Open vSwitch (OVS), leveraged in many production-based environments. However, due to its kernel-based nature, OVS is typically complex to modify when additional features or adaptation is required. To this regard, a simpler user-space is key to perform these modifications. In this article, we present a rich overview of BOFUSS, the basic OpenFlow user-space software switch. BOFUSS has been widely used in the research community for diverse reasons, but it lacked a proper reference document. For this purpose, we describe the switch, its history, architecture, uses cases and evaluation, together with a survey of works that leverage this switch. The main goal is to provide a comprehensive overview of the switch and its characteristics. Although the original BOFUSS is not expected to surpass the high performance of OVS, it is a useful complementary artefact that provides some OpenFlow features missing in OVS and it can be easily modified for extended functionality. Moreover, enhancements provided by the BEBA project brought the performance from BOFUSS close to OVS. In any case, this paper sheds light to researchers looking for the trade-offs between performance and customization of BOFUSS