NDNSD: Service Publishing and Discovery in NDN

Service discovery is one of the crucial components of modern applications. With the advent of several new systems such as IoT, edge, cloud, etc the world is connected more than ever and smart devices are creeping towards every nook and corner of our surroundings. Not only the new systems are emerging but also the communication pattern is evolving i.e. from one-to-one (host-host) to many-to-many (distributed application, IoT). The definition of service has also changed over time. Unlike their meaning in the past as programs running on some machines, services today can be sensor devices collecting data, mobile devices offering computing service, or it can even be a piece of data generated by some system. To satisfy the changing dynamics and heterogeneity of the services and the demand of these evolving architectures several new protocols are developed on top of the TCP/IP stack. Nonetheless, the fundamental weakness of host-centric TCP/IP to support the need for distributed application (IoT, edge) and many-to-many communication (e.g. publisher-subscriber) have induced several weaknesses in the system and have made it more fragile. Named Data Networking (NDN) is an information-centric networking architecture that does the communication over signed, named content objects. Its pub-sub style of communication, data-centric security at the network layer, in-network caching, etc provides numerous benefits to modern systems and tries to overcome the shortcoming of TCP/IP. In this thesis, we propose NDNSD – a fully distributed, scalable, and general-purpose, service discovery protocol for information-centric architecture/NDN. It is developed on top of the synchronization protocol (sync) and offers publisher-subscriber API for service publishing and discovery. We present several design features of NDNSD and also establish how it is best suited for modern systems. We also introduce the concept of service-info and how it can be combined with sync and NDN hierarchical names to make service discovery generic. Finally, To substantiate our argument, we design, implement, and evaluate our protocol, and also provide some use-cases (e.g. Building Management System) to show how service discovery can be beneficial

Major requirements for building Smart Homes in Smart Cities based on Internet of Things technologies

The recent boom in the Internet of Things (IoT) will turn Smart Cities and Smart Homes (SH) from hype to reality. SH is the major building block for Smart Cities and have long been a dream for decades, hobbyists in the late 1970s made Home Automation (HA) possible when personal computers started invading home spaces. While SH can share most of the IoT technologies, there are unique characteristics that make SH special. From the result of a recent research survey on SH and IoT technologies, this paper defines the major requirements for building SH. Seven unique requirement recommendations are defined and classified according to the specific quality of the SH building blocks

On the Edge of Secure Connectivity via Software-Defined Networking

Securing communication in computer networks has been an essential feature ever since the Internet, as we know it today, was started. One of the best known and most common methods for secure communication is to use a Virtual Private Network (VPN) solution, mainly operating with an IP security (IPsec) protocol suite originally published in 1995 (RFC1825). It is clear that the Internet, and networks in general, have changed dramatically since then. In particular, the onset of the Cloud and the Internet-of-Things (IoT) have placed new demands on secure networking. Even though the IPsec suite has been updated over the years, it is starting to reach the limits of its capabilities in its present form. Recent advances in networking have thrown up Software-Defined Networking (SDN), which decouples the control and data planes, and thus centralizes the network control. SDN provides arbitrary network topologies and elastic packet forwarding that have enabled useful innovations at the network level. This thesis studies SDN-powered VPN networking and explains the benefits of this combination. Even though the main context is the Cloud, the approaches described here are also valid for non-Cloud operation and are thus suitable for a variety of other use cases for both SMEs and large corporations. In addition to IPsec, open source TLS-based VPN (e.g. OpenVPN) solutions are often used to establish secure tunnels. Research shows that a full-mesh VPN network between multiple sites can be provided using OpenVPN and it can be utilized by SDN to create a seamless, resilient layer-2 overlay for multiple purposes, including the Cloud. However, such a VPN tunnel suffers from resiliency problems and cannot meet the increasing availability requirements. The network setup proposed here is similar to Software-Defined WAN (SD-WAN) solutions and is extremely useful for applications with strict requirements for resiliency and security, even if best-effort ISP is used. IPsec is still preferred over OpenVPN for some use cases, especially by smaller enterprises. Therefore, this research also examines the possibilities for high availability, load balancing, and faster operational speeds for IPsec. We present a novel approach involving the separation of the Internet Key Exchange (IKE) and the Encapsulation Security Payload (ESP) in SDN fashion to operate from separate devices. This allows central management for the IKE while several separate ESP devices can concentrate on the heavy processing. Initially, our research relied on software solutions for ESP processing. Despite the ingenuity of the architectural concept, and although it provided high availability and good load balancing, there was no anti-replay protection. Since anti-replay protection is vital for secure communication, another approach was required. It thus became clear that the ideal solution for such large IPsec tunneling would be to have a pool of fast ESP devices, but to confine the IKE operation to a single centralized device. This would obviate the need for load balancing but still allow high availability via the device pool. The focus of this research thus turned to the study of pure hardware solutions on an FPGA, and their feasibility and production readiness for application in the Cloud context. Our research shows that FPGA works fluently in an SDN network as a standalone IPsec accelerator for ESP packets. The proposed architecture has 10 Gbps throughput, yet the latency is less than 10 µs, meaning that this architecture is especially efficient for data center use and offers increased performance and latency requirements. The high demands of the network packet processing can be met using several different approaches, so this approach is not just limited to the topics presented in this thesis. Global network traffic is growing all the time, so the development of more efficient methods and devices is inevitable. The increasing number of IoT devices will result in a lot of network traffic utilising the Cloud infrastructures in the near future. Based on the latest research, once SDN and hardware acceleration have become fully integrated into the Cloud, the future for secure networking looks promising. SDN technology will open up a wide range of new possibilities for data forwarding, while hardware acceleration will satisfy the increased performance requirements. Although it still remains to be seen whether SDN can answer all the requirements for performance, high availability and resiliency, this thesis shows that it is a very competent technology, even though we have explored only a minor fraction of its capabilities

Lightweight novel trust based framework for IoT enabled wireless network communications

For IoT enabled networks, the security and privacy is one of the important research challenge due to open nature of wireless communications, especially for the networks like Vehicular Ad hoc Networks (VANETs). The characteristics like heterogeneity, constrained resources, scalability requirements, uncontrolled environment etc. makes the problems of security and privacy even more challenging. Additionally, the high degree of availability needs of IoT networks may compromise the integrity and confidentially of communication data. The security threats mainly performed during the operations of data routing, hence designing the secure routing protocol main research challenge for IoT networks. In this paper, to design the lightweight security algorithm the use of Named Data Networking (NDN) which provides the benefits applicable for IoT applications like built-in data provenance assurance, stateful forwarding etc. Therefore the novel security framework NDN based Cross-layer Attack Resistant Protocol (NCARP) proposed in this paper. In NCARP, we designed the cross-layer security technique to identify the malicious attackers in network to overcome the problems like routing overhead of cryptography and trust based techniques. The parameters from the physical layer, Median Access Control (MAC) layer, and routing/network layer used to compute and averages the trust score of each highly mobility nodes while detecting the attackers and establishing the communication links. The simulation results of NCARP is measured and compared in terms of precision, recall, throughput, packets dropped, and overhead rate with state-of-art solutions

On the application of contextual IoT service discovery in Information Centric Networks

The continuous flow of technological developments in communications and electronic industries has led to the growing expansion of the Internet of Things (IoT). By leveraging the capabilities of smart networked devices and integrating them into existing industrial, leisure and communication applications, the IoT is expected to positively impact both economy and society, reducing the gap between the physical and digital worlds. Therefore, several efforts have been dedicated to the development of networking solutions addressing the diversity of challenges associated with such a vision. In this context, the integration of Information Centric Networking (ICN) concepts into the core of IoT is a research area gaining momentum and involving both research and industry actors. The massive amount of heterogeneous devices, as well as the data they produce, is a significant challenge for a wide-scale adoption of the IoT. In this paper we propose a service discovery mechanism, based on Named Data Networking (NDN), that leverages the use of a semantic matching mechanism for achieving a flexible discovery process. The development of appropriate service discovery mechanisms enriched with semantic capabilities for understanding and processing context information is a key feature for turning raw data into useful knowledge and ensuring the interoperability among different devices and applications. We assessed the performance of our solution through the implementation and deployment of a proof-of-concept prototype. Obtained results illustrate the potential of integrating semantic and ICN mechanisms to enable a flexible service discovery in IoT scenarios