A study into scalable transport networks for IoT deployment

The growth of the internet towards the Internet of Things (IoT) has impacted the way we live. Intelligent (smart) devices which can act autonomously has resulted in new applications for example industrial automation, smart healthcare systems, autonomous transportation to name just a few. These applications have dramatically improved the way we live as citizens. While the internet is continuing to grow at an unprecedented rate, this has also been coupled with the growing demands for new services e.g. machine-to machine (M2M) communications, smart metering etc. Transmission Control Protocol/Internet Protocol (TCP/IP) architecture was developed decades ago and was not prepared nor designed to meet these exponential demands. This has led to the complexity of the internet coupled with its inflexible and a rigid state. The challenges of reliability, scalability, interoperability, inflexibility and vendor lock-in amongst the many challenges still remain a concern over the existing (traditional) networks. In this study, an evolutionary approach into implementing a "Scalable IoT Data Transmission Network" (S-IoT-N) is proposed while leveraging on existing transport networks. Most Importantly, the proposed evolutionary approach attempts to address the above challenges by using open (existing) standards and by leveraging on the (traditional/existing) transport networks. The Proof-of-Concept (PoC) of the proposed S-IoT-N is attempted on a physical network testbed and is demonstrated along with basic network connectivity services over it. Finally, the results are validated by an experimental performance evaluation of the PoC physical network testbed along with the recommendations for improvement and future work

DeviceRadar: Online IoT Device Fingerprinting in ISPs Using Programmable Switches

Device fingerprinting can be used by Internet Service Providers (ISPs) to identify vulnerable IoT devices for early prevention of threats. However, due to the wide deployment of middleboxes in ISP networks, some important data, e.g., 5-tuples and flow statistics, are often obscured, rendering many existing approaches invalid. It is further challenged by the high-speed traffic of hundreds of terabytes per day in ISP networks. This paper proposes DeviceRadar, an online IoT device fingerprinting framework that achieves accurate, real-time processing in ISPs using programmable switches. We innovatively exploit “key packets” as a basis of fingerprints only using packet sizes and directions, which appear periodically while exhibiting differences across different IoT devices. To utilize them, we propose a packet size embedding model to discover the spatial relationships between packets. Meanwhile, we design an algorithm to extract the “key packets” of each device, and propose an approach that jointly considers the spatial relationships and the key packets to produce a neighboring key packet distribution, which can serve as a feature vector for machine learning models for inference. Last, we design a model transformation method and a feature extraction process to deploy the model on a programmable data plane within its constrained arithmetic operations and memory to achieve line-speed processing. Our experiments show that DeviceRadar can achieve state-of-the-art accuracy across 77 IoT devices with 40 Gbps throughput, and requires only 1.3% of the processing time compared to GPU-accelerated approaches

Methods and Techniques for Dynamic Deployability of Software-Defined Security Services

With the recent trend of “network softwarisation”, enabled by emerging technologies such as Software-Defined Networking and Network Function Virtualisation, system administrators of data centres and enterprise networks have started replacing dedicated hardware-based middleboxes with virtualised network functions running on servers and end hosts. This radical change has facilitated the provisioning of advanced and flexible network services, ultimately helping system administrators and network operators to cope with the rapid changes in service requirements and networking workloads. This thesis investigates the challenges of provisioning network security services in “softwarised” networks, where the security of residential and business users can be provided by means of sets of software-based network functions running on high performance servers or on commodity devices. The study is approached from the perspective of the telecom operator, whose goal is to protect the customers from network threats and, at the same time, maximize the number of provisioned services, and thereby revenue. Specifically, the overall aim of the research presented in this thesis is proposing novel techniques for optimising the resource usage of software-based security services, hence for increasing the chances for the operator to accommodate more service requests while respecting the desired level of network security of its customers. In this direction, the contributions of this thesis are the following: (i) a solution for the dynamic provisioning of security services that minimises the utilisation of computing and network resources, and (ii) novel methods based on Deep Learning and Linux kernel technologies for reducing the CPU usage of software-based security network functions, with specific focus on the defence against Distributed Denial of Service (DDoS) attacks. The experimental results reported in this thesis demonstrate that the proposed solutions for service provisioning and DDoS defence require fewer computing resources, compared to similar approaches available in the scientific literature or adopted in production networks

Hybrid SDN Evolution: A Comprehensive Survey of the State-of-the-Art

Software-Defined Networking (SDN) is an evolutionary networking paradigm which has been adopted by large network and cloud providers, among which are Tech Giants. However, embracing a new and futuristic paradigm as an alternative to well-established and mature legacy networking paradigm requires a lot of time along with considerable financial resources and technical expertise. Consequently, many enterprises can not afford it. A compromise solution then is a hybrid networking environment (a.k.a. Hybrid SDN (hSDN)) in which SDN functionalities are leveraged while existing traditional network infrastructures are acknowledged. Recently, hSDN has been seen as a viable networking solution for a diverse range of businesses and organizations. Accordingly, the body of literature on hSDN research has improved remarkably. On this account, we present this paper as a comprehensive state-of-the-art survey which expands upon hSDN from many different perspectives

Segment Routing: a Comprehensive Survey of Research Activities, Standardization Efforts and Implementation Results

Fixed and mobile telecom operators, enterprise network operators and cloud providers strive to face the challenging demands coming from the evolution of IP networks (e.g. huge bandwidth requirements, integration of billions of devices and millions of services in the cloud). Proposed in the early 2010s, Segment Routing (SR) architecture helps face these challenging demands, and it is currently being adopted and deployed. SR architecture is based on the concept of source routing and has interesting scalability properties, as it dramatically reduces the amount of state information to be configured in the core nodes to support complex services. SR architecture was first implemented with the MPLS dataplane and then, quite recently, with the IPv6 dataplane (SRv6). IPv6 SR architecture (SRv6) has been extended from the simple steering of packets across nodes to a general network programming approach, making it very suitable for use cases such as Service Function Chaining and Network Function Virtualization. In this paper we present a tutorial and a comprehensive survey on SR technology, analyzing standardization efforts, patents, research activities and implementation results. We start with an introduction on the motivations for Segment Routing and an overview of its evolution and standardization. Then, we provide a tutorial on Segment Routing technology, with a focus on the novel SRv6 solution. We discuss the standardization efforts and the patents providing details on the most important documents and mentioning other ongoing activities. We then thoroughly analyze research activities according to a taxonomy. We have identified 8 main categories during our analysis of the current state of play: Monitoring, Traffic Engineering, Failure Recovery, Centrally Controlled Architectures, Path Encoding, Network Programming, Performance Evaluation and Miscellaneous...Comment: SUBMITTED TO IEEE COMMUNICATIONS SURVEYS & TUTORIAL

Teollisen Internetin käyttöönotto automaatiolaitteissa

Industrial Internet is a term that is used to describe digitalization of industry. It is a research direction in Finland, where there are already various groups studying it. Despite this, the term Industrial Internet is still relatively vague and there is a lack of concreteness around the topic. The objective of this thesis is to explore the current status of Industrial Internet and study the capabilities of automation devices from an Industrial Internet point of view. I explore Industrial Internet through a literary review where I study various use cases. The use cases of Industrial Internet are divided into two main types: platform centric and machine to machine (M2M) communication centric. The use cases provide a list of characteristics and requirements for Industrial Internet from these two perspectives. General requirements are, for example scalability and flexibility, which are achieved through various IT technologies, such as Service-Oriented-Architecture. This thesis also consists of a practical part where I configured the control logic and data collection for a test bed that simulates drop tests of active magnetic bearings. The control logic consists of a programmable logic controller and corresponding software. The data collection consists of software for collecting and analyzing measurement data and the measuring equipment. After the literary review and practical part, I propose the creation of a cloud based Industrial Internet platform around the active magnetic test bed. The purpose of the platform is to provide a direction for further research. The creation of the platform consists of two phases: first phase includes the creation of the platform so that the test bed achieves current functionality but cloud based. The second phase consists of changing the platform to meet the requirements of the literature review. The end results will be an application independent system solution for Industrial Internet.Teollinen Internet on termi, jolla kuvataan teollisuuden digitalisaatiota. Aihe on kasvavan kiinnostuksen kohde ja esim. Suomessa on useita tahoja, jotka panostavat aiheen tutkimukseen. Siltikin Teollinen Internet on käsitteenä epäselvä ja sitä vaivaa konkretian puute. Tämän työn tarkoituksena on tutustua Teollisen Internetin nykytilaan ja automaatiolaitteiden ominaisuuksiin Teollisen Internetin näkökulmasta. Teollisen Internetin esimerkit jakautuvat pääasiassa kahteen luokkaan: alustalähtöisiin ja koneiden väliseen kommunikaatioon (M2M-kommunikaatio). Esimerkit tarjoavat listan ominaisuuksia ja vaatimuksia Teolliselle Internetille kummastakin näkökulmasta. Yleisiä ominaisuuksia ovat esimerkiksi skaalattavuus ja joustavuus, jotka saavutetaan erilaisilla tietoteknisillä vaatimuksilla, esim. palvelukeskeisellä arkkitehtuurilla. Lisäksi työhön kuuluu käytännön osuus, jossa kirjoitin ohjainlogiikan ja datankeräyksen testilaitteeseen, joka simuloi aktiivimagneettilaakerien pudotuskokeita. Ohjainlogiikka koostui PLC-laitteesta ja siihen liittyvistä ohjelmistoista. Datan keräys koostui mittausdatan keräykseen ja purkamiseen vaadittavista ohjelmistoista sekä laitteistosta. Kirjallisuudesta kerättyjen vaatimusten ja käytännön kokemuksien perusteella esitän pilvipohjaisen, Teolliseen Internetiin suunnatun ohjelmistoalustan kehittämistä testilaitteen ympärille. Ohjelmistoalusta voi toimia yliopistollisen jatkotutkimuksen pohjana. Ohjelmistoalustan toteuttaminen tapahtuu kahdessa vaiheessa: ensimmäisessä vaiheessa kehitetään pilvipohjainen alusta, joka saavuttaa testilaitteiston nykyisen toiminnallisuuden. Toisessa vaiheessa ohjelmistoalusta muutetaan vastaamaan Teollisen Internetin vaatimuksia, jolla saavutetaan sovellusriippumaton järjestelmäratkaisu

Real-Time IoV Task Offloading through Dynamic Assignment of SDN Controllers: Algorithmic Approaches and Performance Evaluation

Task offloading in Internet of Vehicles (IoV) is very crucial. The widespread use of IoT applications frequently interacts with the cloud, thereby increasing the load on centralized cloud controllers. Centralized network management in cloud infrastructure is not feasible for the latest IoT trends. Decentralized and decoupled network management in Software Defined Networks (SDN) can enhance IoV services. SDN and IoV coupling can better handle task offloading in ubiquitous and dynamic IoV environments. However, appropriate SDN controller assignment and allotment strategies play a prominent role in IoV communication. In this study, we developed algorithms for SDN controller assignment and allotment namely 1) Next Fit Allotment and Assignment of SDN Controller in IoV (NFAAC), 2) Dynamic Bin Packing Allotment and Assignment of SDN Controller in IoV (DBPAAC), and 3) Dynamic Focused and Bidding Allotment and Assignment algorithm of SDN Controller in IoV (DFBAAC). These algorithms were simulated using open-flow switch controllers. The controllers were modeled as Road Side Units (RSU) that can allocate bandwidth and resource requirements to vehicles on the road. Our results show that our proposed algorithm works efficiently for SDN controller assignment and allocation, outperforming the existing work by a significant improvement of 13.5%. The working of the proposed algorithms are verified, tested, and analytically presented in this study

A survey of Virtual Private LAN Services (VPLS): Past, present and future

Virtual Private LAN services (VPLS) is a Layer 2 Virtual Private Network (L2VPN) service that has gained immense popularity due to a number of its features, such as protocol independence, multipoint-to-multipoint mesh connectivity, robust security, low operational cost (in terms of optimal resource utilization), and high scalability. In addition to the traditional VPLS architectures, novel VPLS solutions have been designed leveraging new emerging paradigms, such as Software Defined Networking (SDN) and Network Function Virtualization (NFV), to keep up with the increasing demand. These emerging solutions help in enhancing scalability, strengthening security, and optimizing resource utilization. This paper aims to conduct an in-depth survey of various VPLS architectures and highlight different characteristics through insightful comparisons. Moreover, the article discusses numerous technical aspects such as security, scalability, compatibility, tunnel management, operational issues, and complexity, along with the lessons learned. Finally, the paper outlines future research directions related to VPLS. To the best of our knowledge, this paper is the first to furnish a detailed survey of VPLS.University College DublinAcademy of Finlan

A proposal for secured, efficient and scalable layer 2 network virtualisation mechanism

El contenidos de los capítulos 3 y 4 está sujeto a confidencialidad. 291 p.La Internet del Futuro ha emergido como un esfuerzo investigador para superar estas limitaciones identificadas en la actual Internet. Para ello es necesario investigar en arquitecturas y soluciones novedosas (evolutivas o rompedoras), y las plataformas de experimentación surgen para proporcionar un entorno realista para validar estas nuevas propuestas a gran escala.Debido a la necesidad de compartir la misma infraestructura y recursos para testear simultáneamente diversas propuestas de red, la virtualización de red es la clave del éxito. Se propone una nueva taxonomía para poder analizar y comparar las diferentes propuestas. Se identifican tres tipos: el Nodo Virtual (vNode), la Virtualización posibilitada por SDN (SDNeV) y el overlay.Además, se presentan las plataformas experimentales más relevantes, con un foco especial en la forma en la que cada una de ellas permite la investigación en propuestas de red, las cuales no cumplen todos estos requisitos impuestos: aislamiento, seguridad, flexibilidad, escalabilidad, estabilidad, transparencia, soporte para la investigación en propuestas de red. Por lo tanto, una nueva plataforma de experimentación ortogonal a la experimentación es necesaria.Las principales contribuciones de esta tesis, sustentadas sobre tecnología SDN y NFV, son también los elementos clave para construir la plataforma de experimentación: la Virtualización de Red basada en Prefijos de Nivel 2 (Layer 2 Prefix-based Network Virtualisation, L2PNV), un Protocolo para la Configuración de Direcciones MAC (MAC Address Configuration Protocol, MACP), y un sistema de Control de Acceso a Red basado en Flujos (Flow-based Network Access Control, FlowNAC).Como resultado, se ha desplegado en la Universidad del Pais Vasco (UPV/EHU) una nueva plataforma experimental, la Plataforma Activada por OpenFlow de EHU (EHU OpenFlow Enabled Facility, EHU-OEF), para experimentar y validar estas propuestas realizadas

Empowering the Internet of Vehicles with Multi-RAT 5G Network Slicing

Internet of Vehicles (IoV) is a hot research niche exploiting the synergy between Cooperative Intelligent Transportation Systems (C-ITS) and the Internet of Things (IoT), which can greatly benefit of the upcoming development of 5G technologies. The variety of end-devices, applications, and Radio Access Technologies (RATs) in IoV calls for new networking schemes that assure the Quality of Service (QoS) demanded by the users. To this end, network slicing techniques enable traffic differentiation with the aim of ensuring flow isolation, resource assignment, and network scalability. This work fills the gap of 5G network slicing for IoV and validates it in a realistic vehicular scenario. It offers an accurate bandwidth control with a full flow-isolation, which is essential for vehicular critical systems. The development is based on a distributed Multi-Access Edge Computing (MEC) architecture, which provides flexibility for the dynamic placement of the Virtualized Network Functions (VNFs) in charge of managing network traffic. The solution is able to integrate heterogeneous radio technologies such as cellular networks and specific IoT communications with potential in the vehicular sector, creating isolated network slices without risking the Core Network (CN) scalability. The validation results demonstrate the framework capabilities of short and predictable slice-creation time, performance/QoS assurance and service scalability of up to one million connected devices.EC/H2020/825496/EU/5G for cooperative & connected automated MOBIility on X-border corridors/5G-MOBI