Management of Digital Video Broadcasting Services in Open Delivery Platforms

The future of Digital Video Broadcasting (DVB) is moving towards solutions offering an efficient way of carrying interactive IP multimedia services over digital terrestrial broadcasting networks to handheld terminals. One of the most promising technologies is Digital Video Broadcasting-Handheld (DVB-H), at present under standardisation. Services deployed via this type of DVB technologies should enjoy reliability comparable to TV services and high quality standards. However, the market at present does not provide effective and economical solutions for the deployment of such services over multi-domain IP networks, due to their high level of unreliability. This paper focuses on service management, service level agreement (SLA) and network performance requirements of DVB-H services. Experimental results are presented concerning QoS sensitivity to network performance of DVB-H services delivered over a multi-domain IP network. Moreover, a solution for efficient and cost effective service management via QoS monitoring and control and network SLA design is proposed. The solution gives DVB-H operators the possibility of fully managing service QoS without being tied to third party operators

Performance evaluation of HIP-based network security solutions

Abstract. Host Identity Protocol (HIP) is a networking technology that systematically separates the identifier and locator roles of IP addresses and introduces a Host Identity (HI) name space based on a public key security infrastructure. This modification offers a series of benefits such as mobility, multi-homing, end-to-end security, signaling, control/data plane separation, firewall security, e.t.c. Although HIP has not yet been sufficiently applied in mainstream communication networks, industry experts foresee its potential as an integral part of next generation networks. HIP can be used in various HIP-aware applications as well as in traditional IP-address-based applications and networking technologies, taking middle boxes into account. One of such applications is in Virtual Private LAN Service (VPLS), VPLS is a widely used method of providing Ethernet-based Virtual Private Network that supports the connection of geographically separated sites into a single bridged domain over an IP/MPLS network. The popularity of VPLS among commercial and defense organizations underscores the need for robust security features to protect both data and control information. After investigating the different approaches to HIP, a real world testbed is implemented. Two experiment scenarios were evaluated, one is performed on two open source Linux-based HIP implementations (HIPL and OpenHIP) and the other on two sets of enterprise equipment from two different companies (Tempered Networks and Byres Security). To account for a heterogeneous mix of network types, the Open source HIP implementations were evaluated on different network environments, namely Local Area Network (LAN), Wireless LAN (WLAN), and Wide Area Network (WAN). Each scenario is tested and evaluated for performance in terms of throughput, latency, and jitter. The measurement results confirmed the assumption that no single solution is optimal in all considered aspects and scenarios. For instance, in the open source implementations, the performance penalty of security on TCP throughput for WLAN scenario is less in HIPL than in OpenHIP, while for WAN scenario the reverse is the case. A similar outcome is observed for the UDP throughput. However, on latency, HIPL showed lower latency for all three network test scenarios. For the legacy equipment experiment, the penalty of security on TCP throughput is about 19% compared with the non-secure scenario while latency is increased by about 87%. This work therefore provides viable information for researchers and decision makers on the optimal solution to securing their VPNs based on the application scenarios and the potential performance penalties that come with each approach.HIP-pohjaisten tietoliikenneverkkojen turvallisuusratkaisujen suorituskyvyn arviointi. Tiivistelmä. Koneen identiteettiprotokolla (HIP, Host Identity Protocol) on tietoliikenneverkkoteknologia, joka käyttää erillistä kerrosta kuljetusprotokollan ja Internet-protokollan (IP) välissä TCP/IP-protokollapinossa. HIP erottaa systemaattisesti IP-osoitteen verkko- ja laite-osat, sekä käyttää koneen identiteetti (HI) -osaa perustuen julkisen avainnuksen turvallisuusrakenteeseen. Tämän hyötyjä ovat esimerkiksi mobiliteetti, moniliittyminen, päästä päähän (end-to-end) turvallisuus, kontrolli-informaation ja datan erottelu, kohtaaminen, osoitteenmuutos sekä palomuurin turvallisuus. Teollisuudessa HIP-protokolla nähdään osana seuraavan sukupolven tietoliikenneverkkoja, vaikka se ei vielä olekaan yleistynyt laajaan kaupalliseen käyttöön. HIP–protokollaa voidaan käyttää paitsi erilaisissa HIP-tietoisissa, myös perinteisissä IP-osoitteeseen perustuvissa sovelluksissa ja verkkoteknologioissa. Eräs tällainen sovellus on virtuaalinen LAN-erillisverkko (VPLS), joka on laajasti käytössä oleva menetelmä Ethernet-pohjaisen, erillisten yksikköjen ja yhden sillan välistä yhteyttä tukevan, virtuaalisen erillisverkon luomiseen IP/MPLS-verkon yli. VPLS:n yleisyys sekä kaupallisissa- että puolustusorganisaatioissa korostaa vastustuskykyisten turvallisuusominaisuuksien tarpeellisuutta tiedon ja kontrolliinformaation suojauksessa. Tässä työssä tutkitaan aluksi HIP-protokollan erilaisia lähestymistapoja. Teoreettisen tarkastelun jälkeen käytännön testejä suoritetaan itse rakennetulla testipenkillä. Tarkasteltavat skenaariot ovat verrata Linux-pohjaisia avoimen lähdekoodin HIP-implementaatioita (HIPL ja OpenHIP) sekä verrata kahden eri valmistajan laitteita (Tempered Networks ja Byres Security). HIP-implementaatiot arvioidaan eri verkkoympäristöissä, jota ovat LAN, WLAN sekä WAN. Kaikki testatut tapaukset arvioidaan tiedonsiirtonopeuden, sen vaihtelun (jitter) sekä latenssin perusteella. Mittaustulokset osoittavat, että sama ratkaisu ei ole optimaalinen kaikissa tarkastelluissa tapauksissa. Esimerkiksi WLAN-verkkoa käytettäessä turvallisuuden aiheuttama häviö tiedonsiirtonopeudessa on HIPL:n tapauksessa OpenHIP:iä pirnempi, kun taas WAN-verkon tapauksessa tilanne on toisinpäin. Samanlaista käyttäytymistä havaitaan myös UDP-tiedonsiirtonopeudessa. HIPL antaa kuitenkin pienimmän latenssin kaikissa testiskenaarioissa. Eri valmistajien laitteita vertailtaessa huomataan, että TCP-tiedonsiirtonopeus huononee 19 ja latenssi 87 prosenttia verrattuna tapaukseen, jossa turvallisuusratkaisua ei käytetä. Näin ollen tämän työn tuottama tärkeä tieto voi auttaa alan toimijoita optimaalisen verkkoturvallisuusratkaisun löytämisessä VPN-pohjaisiin sovelluksiin

A Study on Security Attributes of Software-Defined Wide Area Network

For organizations to communicate important data across various branches, a reliable Wide Area Network (WAN) is important. With the increase of several factors such as usage of cloud services, WAN bandwidth demand, cost of leased lines, complexity in building/managing WAN and changing business needs led to need of next generation WAN. Software-defined wide area network (SD- WAN) is an emerging trend in today’s networking world as it simplifies management of network and provides seamless integration with the cloud. Compared to Multiprotocol Label Switching (MPLS) majorly used in traditional WAN architecture, SD-WAN incurs less cost, highly secure and offers great performance. This paper will mainly focus to investigate this next-generation WAN’s security attributes as security plays a crucial role in SD-WAN implementation. The goal of the paper is to analyze SD-WAN security by applying principles of CIA triad principle. Comparison of SD-WAN products offered by three different vendors in SD-WAN market with respect to its security is another important area that will be covered in this paper

MobiHealth-Innovative 2.5/3G mobile services and applications for health care

MobiHealth aims at introducing new mobile value added services in the area of healthcare, based on 2.5 (GPRS) and 3G (UMTS) technologies, thus promoting the use and deployment of GPRS and UMTS. This will be achieved by the integration of sensors and actuators to a Wireless Body Area Network (BAN). These sensors and actuators will continuously measure and transmit vital constants along with audio and video to health service providers and brokers, improving on one side the life of patients and allowing on the other side the introduction of new value-added services in the areas of disease prevention and diagnostic, remote assistance, para-health services, physical state monitoring (sports) and even clinical research. Furthermore, the MobiHealth BAN system will support the fast and reliable application of remote assistance in case of accidents by allowing the paramedics to send reliable vital constants data as well as audio and video directly from the accident site

An Experimental Framework for 5G Wireless System Integration into Industry 4.0 Applications

The fourth industrial revolution, or Industry 4.0 (I4.0), makes use of wireless technologies together with other industrial Internet-of-Things (IIoT) technologies, cyber–physical systems (CPS), and edge computing to enable the optimization and the faster re-configuration of industrial production processes. As I4.0 deployments are ramping up, the practical integration of 5G wireless systems with existing industrial applications is being explored in both Industry and Academia, in order to find optimized strategies and to develop guidelines oriented towards ensuring the success of the industrial wireless digitalization process. This paper explores the challenges arisen from such integration between industrial systems and 5G wireless, and presents a framework applicable to achieve a structured and successful integration. The paper aims at describing the different aspects of the framework such as the application operational flow and its associated tools, developed based on analytical and experimental applied research methodologies. The applicability of the framework is illustrated by addressing the integration of 5G technology into a specific industrial use case: the control of autonomous mobile robots. The results indicate that 5G technology can be used for reliable fleet management control of autonomous mobile robots in industrial scenarios, and that 5G can support the migration of the on-board path planning intelligence to the edge-cloud

CERN openlab Whitepaper on Future IT Challenges in Scientific Research

This whitepaper describes the major IT challenges in scientific research at CERN and several other European and international research laboratories and projects. Each challenge is exemplified through a set of concrete use cases drawn from the requirements of large-scale scientific programs. The paper is based on contributions from many researchers and IT experts of the participating laboratories and also input from the existing CERN openlab industrial sponsors. The views expressed in this document are those of the individual contributors and do not necessarily reflect the view of their organisations and/or affiliates

WI-FI ALLIANCE HOTSPOT 2.0 SPECIFICATION BASED NETWORK DISCOVERY, SELECTION, AUTHENTICATION, DEPLOYMENT AND FUNCTIONALITY TESTS.

The demand for high mobile data transmission has been dramatically enlarged since there is a significant increase at the number of mobile communication devices that capable of providing high data rates. It is clearly observed that even the next generation cellular networks are not able to respond to this demand to provide the required level of mobile data transmission capacity. Although, WLAN responses to this demand by providing upwards of 600 Mbps data rates it is not convenient in terms of cellular like mobility and requires user intervention anytime of reconnection to a hotspot. Therefore, the need for a new technology took place and IEEE has introduced a new amendment to IEEE 802.11 standards family which is called as IEEE 802.11u. Based on IEEE 802.11u amendment, WFA developed WFA Hotspot 2.0 Specification and started to certify the Wi-Fi devices under Passpoint certification program. This new technology developed to provide Wi-Fi capable devices simply identify, select and associate to a Hotspot without any user intervention in a highly secure manner. As Hotspot 2.0 Specification is quite new in the market it has been a challenging work to reach some academic papers; however, IEEE 802.11u standard, Internet sources, white papers published by different companies/organizations and discussions with telecommunication experts have made this master thesis to achieve its goals. This thesis work provides a great resource for the network operators to have a great understanding of the Hotspot 2.0 Specification in terms of theory, network element requirements and deployment by providing a good understanding of the system functionality. In this paper, a comprehensive theoretical background that addresses to WLAN technology, Passpoint elements, and IEEE 802.11u based network discovery, selection and authentication is provided. Besides, Hotspot 2.0 network deployment scenarios with network core element requirements are designed and Passpoint functionality tests are performed under different scenarios by describing a comprehensive setup for the testing.fi=Opinnäytetyö kokotekstinä PDF-muodossa.|en=Thesis fulltext in PDF format.|sv=Lärdomsprov tillgängligt som fulltext i PDF-format

Using GRASP and GA to design resilient and cost-effective IP/MPLS networks

The main objective of this thesis is to find good quality solutions for representative instances of the problem of designing a resilient and low cost IP/MPLS network, to be deployed over an existing optical transport network. This research is motivated by two complementary real-world application cases, which comprise the most important commercial and academic networks of Uruguay. To achieve this goal, we performed an exhaustive analysis of existing models and technologies. From all of them we took elements that were contrasted with the particular requirements of our counterparts. We highlight among these requirements, the need of getting solutions transparently implementable over a heterogeneous network environment, which limit us to use widely standardized features of related technologies. We decided to create new models more suitable to fit these needs. These models are intrinsically hard to solve (NP-Hard). Thus we developed metaheuristic based algorithms to find solutions to these real-world instances. Evolutionary Algorithms and Greedy Randomized Adaptive Search Procedures obtained the best results. As it usually happens, real-world planning problems are surrounded by uncertainty. Therefore, we have worked closely with our counterparts to reduce the fuzziness upon data to a set of representative cases. They were combined with different strategies of design to get to scenarios, which were translated into instances of these problems. Finally, the algorithms were fed with this information, and from their outcome we derived our results and conclusions

Mobility management across converged IP-based heterogeneous access networks

This thesis was submitted for the degree of Doctor of Philosophy and awarded by Brunel University, 8/2/2010.In order to satisfy customer demand for a high performance “global” mobility service, network operators (ISPs, carriers, mobile operators, etc.) are facing the need to evolve to a converged “all-IP” centric heterogeneous access infrastructure. However, the integration of such heterogeneous access networks (e.g. 802.11, 802.16e, UMTS etc) brings major mobility issues. This thesis tackles issues plaguing existing mobility management solutions in converged IP-based heterogeneous networks. In order to do so, the thesis firstly proposes a cross-layer mechanism using the upcoming IEEE802.21 MIH services to make intelligent and optimized handovers. In this respect, FMIPv6 is integrated with the IEEE802.21 mechanism to provide seamless mobility during the overall handover process. The proposed solution is then applied in a simulated vehicular environment to optimize the NEMO handover process. It is shown through analysis and simulations of the signalling process that the overall expected handover (both L2 and L3) latency in FMIPv6 can be reduced by the proposed mechanism by 69%. Secondly, it is expected that the operator of a Next Generation Network will provide mobility as a service that will generate significant revenues. As a result, dynamic service bootstrapping and authorization mechanisms must be in place to efficiently deploy a mobility service (without static provisioning), which will allow only legitimate users to access the service. A GNU Linux based test-bed has been implemented to demonstrate this. The experiments presented show the handover performance of the secured FMIPv6 over the implemented test-bed compared to plain FMIPv6 and MIPv6 by providing quantitative measurements and results on the quality of experience perceived by the users of IPv6 multimedia applications. The results show the inclusion of the additional signalling of the proposed architecture for the purpose of authorization and bootstrapping (i.e. key distribution using HOKEY) has no adverse effect on the overall handover process. Also, using a formal security analysis tool, it is shown that the proposed mechanism is safe/secure from the induced security threats. Lastly, a novel IEEE802.21 assisted EAP based re-authentication scheme over a service authorization and bootstrapping framework is presented. AAA based authentication mechanisms like EAP incur signalling overheads due to large RTTs. As a result, overall handover latency also increases. Therefore, a fast re-authentication scheme is presented which utilizes IEEE802.21 MIH services to minimize the EAP authentication process delays and as a result reduce the overall handover latency. Analysis of the signalling process based on analytical results shows that the overall handover latency for mobility protocols will be approximately reduced by 70% by the proposed scheme