MUSeS: Mobile User Secured Session

International audienceMobility and security are very important services for both current and future network infrastructures. However, the integration of mobility in traditional virtual private networks is difficult due to the costs of re-establishing broken secure tunnels and restarting broken application connections. In order to address this issue, we propose a new communication system called Mobile User Secured Session. Based upon a peer-to-peer overlay network, it provides security services to the application layer connections of mobile users. The secure and resilient sessions allow user connections to survive network failures as opposed to regular transport layer secured connections. We have implemented a prototype and have assessed its proper functioning by running experimentations upon a simple virtual dynamic network

Semos a middleware for providing secure and mobility aware sessions over a p2p overlay network

International audience; Mobility and security are major features for both current and future network infrastructures. Nevertheless, the integration of mobility in traditional virtual private networks is difficult due to the costs of re-establishing broken secure tunnels and restarting broken connections. Besides session recovery costs, renegotiation steps also present inherent vulnerabilities. In order to address these issues, we propose a new distributed mobile VPN system called SEcured MObile Session (SEMOS). Based upon our CLOAK peer-to-peer overlay architecture, SEMOS provides security services to the application layer connections of mobile users. Secure and resilient sessions allow user connections to survive network failures as opposed to regular transport layer secured connections used by traditional VPN protocols. Document type: Part of book or chapter of boo

Wireless backhaul in future cellular communication

Abstract. In 5G technology, huge number of connected devices are needed to be considered where the expected throughput is also very ambitious. Capacity is needed and thus used frequencies are expected to get higher (above 6 GHz even up to 80 GHz), the Cell size getting smaller and number of cells arising significantly. Therefore, it is expected that wireless backhaul will be one option for Network operators to deliver capacity and coverage for high subscriber density areas with reduced cost. Wireless backhaul optimization, performance and scalability will be on the critical path on such cellular system. This master’s thesis work includes connecting a base station by using the wireless backhaul by introducing a VPN in the proposed network. We find the bottleneck and its solution. The network is using 3.5 GHz wireless link instead of LAN wire for backhaul link between the EnodeB and the core network (OpenEPC). LTE TDD band 42 acting as a Wireless Backhaul (Link between EnodeB and Band 42 CPE Router). The status and attachment procedure are observed from different nodes of the openEPC and from the VPN machine. Step by step we have established a tunnel between the CPE device and the VPN server using PPTP and L2TP with IPSec tunneling protocol. The progression towards the final implementation brings in step by step all difficulties and bottlenecks are documented in the study

MobiVPN: Towards a Reliable and Efficient Mobile VPN

abstract: A Virtual Private Network (VPN) is the traditional approach for an end-to-end secure connection between two endpoints. Most existing VPN solutions are intended for wired networks with reliable connections. In a mobile environment, network connections are less reliable and devices experience intermittent network disconnections due to either switching from one network to another or experiencing a gap in coverage during roaming. These disruptive events affects traditional VPN performance, resulting in possible termination of applications, data loss, and reduced productivity. Mobile VPNs bridge the gap between what users and applications expect from a wired network and the realities of mobile computing. In this dissertation, MobiVPN, which was built by modifying the widely-used OpenVPN so that the requirements of a mobile VPN were met, was designed and developed. The aim in MobiVPN was for it to be a reliable and efficient VPN for mobile environments. In order to achieve these objectives, MobiVPN introduces the following features: 1) Fast and lightweight VPN session resumption, where MobiVPN is able decrease the time it takes to resume a VPN tunnel after a mobility event by an average of 97.19\% compared to that of OpenVPN. 2) Persistence of TCP sessions of the tunneled applications allowing them to survive VPN tunnel disruptions due to a gap in network coverage no matter how long the coverage gap is. MobiVPN also has mechanisms to suspend and resume TCP flows during and after a network disconnection with a packet buffering option to maintain the TCP sending rate. MobiVPN was able to provide fast resumption of TCP flows after reconnection with improved TCP performance when multiple disconnections occur with an average of 30.08\% increase in throughput in the experiments where buffering was used, and an average of 20.93\% of increased throughput for flows that were not buffered. 3) A fine-grained, flow-based adaptive compression which allows MobiVPN to treat each tunneled flow independently so that compression can be turned on for compressible flows, and turned off for incompressible ones. The experiments showed that the flow-based adaptive compression outperformed OpenVPN's compression options in terms of effective throughput, data reduction, and lesser compression operations.Dissertation/ThesisDoctoral Dissertation Computer Science 201

IP Mobility in Wireless Operator Networks

Wireless network access is gaining increased heterogeneity in terms of the types of IP capable access technologies. The access network heterogeneity is an outcome of incremental and evolutionary approach of building new infrastructure. The recent success of multi-radio terminals drives both building a new infrastructure and implicit deployment of heterogeneous access networks. Typically there is no economical reason to replace the existing infrastructure when building a new one. The gradual migration phase usually takes several years. IP-based mobility across different access networks may involve both horizontal and vertical handovers. Depending on the networking environment, the mobile terminal may be attached to the network through multiple access technologies. Consequently, the terminal may send and receive packets through multiple networks simultaneously. This dissertation addresses the introduction of IP Mobility paradigm into the existing mobile operator network infrastructure that have not originally been designed for multi-access and IP Mobility. We propose a model for the future wireless networking and roaming architecture that does not require revolutionary technology changes and can be deployed without unnecessary complexity. The model proposes a clear separation of operator roles: (i) access operator, (ii) service operator, and (iii) inter-connection and roaming provider. The separation allows each type of an operator to have their own development path and business models without artificial bindings with each other. We also propose minimum requirements for the new model. We present the state of the art of IP Mobility. We also present results of standardization efforts in IP-based wireless architectures. Finally, we present experimentation results of IP-level mobility in various wireless operator deployments.Erilaiset langattomat verkkoyhteydet lisääntyvät Internet-kykyisten teknologioiden muodossa. Lukuisten eri teknologioiden päällekkäinen käyttö johtuu vähitellen ja tarpeen mukaan rakennetusta verkkoinfrastruktuurista. Useita radioteknologioita (kuten WLAN, GSM ja UMTS) sisältävien päätelaitteiden (kuten älypuhelimet ja kannettavat tietokoneet) viimeaikainen kaupallinen menestys edesauttaa uuden verkkoinfrastruktuurin rakentamista, sekä mahdollisesti johtaa verkkoteknologioiden kirjon lisääntymiseen. Olemassa olevaa verkkoinfrastruktuuria ei kaupallisista syistä kannata korvata uudella teknologialla yhdellä kertaa, vaan vaiheittainen siirtymävaihe kestää tyypillisesti useita vuosia. Internet-kykyiset päätelaitteet voivat liikkua joko saman verkkoteknologian sisällä tai eri verkkoteknologioiden välillä. Verkkoympäristöstä riippuen liikkuvat päätelaitteet voivat liittyä verkkoon useiden verkkoyhteyksien kautta. Näin ollen päätelaite voi lähettää ja vastaanottaa tietoliikennepaketteja yhtäaikaisesti lukuisia verkkoja pitkin. Tämä väitöskirja käsittelee Internet-teknologioiden liikkuvuutta ja näiden teknologioiden tuomista olemassa oleviin langattomien verkko-operaattorien verkkoinfrastruktuureihin. Käsiteltäviä verkkoinfrastruktuureita ei alun perin ole suunniteltu Internet-teknologian liikkuvuuden ja monien yhtäaikaisten yhteyksien ehdoilla. Tässä työssä ehdotetaan tulevaisuuden langattomien verkkojen arkkitehtuurimallia ja ratkaisuja verkkovierailujen toteuttamiseksi. Ehdotettu arkkitehtuuri voidaan toteuttaa ilman mittavia teknologisia mullistuksia. Mallin mukaisessa ehdotuksessa verkko-operaattorin roolit jaetaan selkeästi (i) verkko-operaattoriin, (ii) palveluoperaattoriin ja (iii) yhteys- sekä verkkovierailuoperaattoriin. Roolijako mahdollistaa sen, että kukin operaattorityyppi voi kehittyä itsenäisesti, ja että teennäiset verkkoteknologiasidonnaisuudet poistuvat palveluiden tuottamisessa. Työssä esitetään myös alustava vaatimuslista ehdotetulle mallille, esimerkiksi yhteysoperaattorien laatuvaatimukset. Väitöskirja esittelee myös liikkuvien Internet-teknologioiden viimeisimmän kehityksen. Työssä näytetään lisäksi standardointituloksia Internet-kykyisissä langattomissa arkkitehtuureissa

Performance Evaluation of Network Security Protocols on Open Source and Microsoft Windows Platforms

Internet is increasingly being used to support collaborative applications such as voice and video-conferencing, replicated servers and databases of different types. Since most communication over the Internet involves the traversal of insecure open networks, basic security services such as data privacy, integrity and authentication are necessary. One of the levels of computer security is operating system security. This paper analyzes the limitations and behavioral patterns of security protocols across different platform. It compared the performance of security protocols in terms of authentication, encryption algorithm, cryptographic methods etc.; in order to determine which platform provides better support for security protocols. Network simulator tool was used to simulate different scenarios to show the performance of security protocols across two Operating System Platforms (Linux and Windows). Analysis of the simulation values of selected performance metrics of the security protocols, across both platforms, were evaluated. Results obtained showed comparable differences in the values of the performance parameters considered. For instance, IP processing delay of the Windows Client node was initially high (about 0.0125 milliseconds), but later decreases to about 0.0115 milliseconds, while the Linux Client node is constant at about 0.0115 milliseconds. Variations in the values of the performance parameters for both platforms, in both network scenarios are not significant enough to reflect a noticeable difference in the impacts of the network security protocols on the performance of the operating system platforms. Keywords: Open Source, IP Security, SSL, OPNET, Security Protocol, Operating System

Junos OS Security Configuration Guide

This preface provides the following guidelines for using the Junos OS Security Configuration Guide: • J Series and SRX Series Documentation and Release Notes on page xli • Objectives on page xlii • Audience on page xlii • Supported Routing Platforms on page xlii • Document Conventions on page xlii • Documentation Feedback on page xliv • Requesting Technical Support on page xliv Juniper Networks supports a technical book program to publish books by Juniper Networks engineers and subject matter experts with book publishers around the world. These books go beyond the technical documentation to explore the nuances of network architecture, deployment, and administration using the Junos operating system (Junos OS) and Juniper Networks devices. In addition, the Juniper Networks Technical Library, published in conjunction with O'Reilly Media, explores improving network security, reliability, and availability using Junos OS configuration techniques. All the books are for sale at technical bookstores and book outlets around the world. The current list can be viewed at http://www.juniper.net/books .Junos OS for SRX Series Services Gateways integrates the world-class network security and routing capabilities of Juniper Networks. Junos OS includes a wide range of packet-based filtering, class-of-service (CoS) classifiers, and traffic-shaping features as well as a rich, extensive set of flow-based security features including policies, screens, network address translation (NAT), and other flow-based services. Traffic that enters and exits services gateway is processed according to features you configure, such as packet filters, security policies, and screens. For example, the software can determine: • Whether the packet is allowed into the device • Which firewall screens to apply to the packet • The route the packet takes to reach its destination • Which CoS to apply to the packet, if any • Whether to apply NAT to translate the packet’s IP address • Whether the packet requires an Application Layer Gateway (ALG

Network virtualization as an integrated solution for emergency communication

In this paper the Virtual Private Ad Hoc Networking (VPAN) platform is introduced as an integrated networking solution for many applications that require secure transparent continuous connectivity using heterogeneous devices and network technologies. This is done by creating a virtual logical self-organizing network on top of existing network technologies reducing complexity and maintaining session continuity right from the start. One of the most interesting applications relies in the field of emergency communication with its specific needs which will be discussed in this paper and matched in detail against the architecture and features of the VPAN platform. The concept and dynamics are demonstrated and evaluated with measurements done on real hardware

Estudio de la movilidad en redes de siguiente generación

El continuo avance de las redes de telecomunicaciones nos proporciona cada vez más facilidades en todos los ámbitos de nuestra vida. En este caso, nos hemos centrado en el estudio de la movilidad en Redes de Siguiente Generación. Una parte del presente proyecto se ha realizado en colaboración con Deutsche Telekom AG, durante una estancia de seis meses trabajando como colaboradora en sus laboratorios con emplazamiento en Berlín. El principal objetivo de este proyecto ha sido realizar un estudio sobre los diferentes estándares y tecnologías que facilitan la movilidad en Redes de Siguiente Generación. Por ello, en la primera parte se han estudiado los diferentes grupos de trabajo centrados en este aspecto, así como se ha recabado información sobre productos y soluciones disponibles en el mercado, para obtener una visión global de la situación actual. Como se puede comprobar más adelante, esta primera parte es la más extensa de todo el documento. Esto se debe a que es, probablemente, la parte más importante del trabajo, ya que contiene el estudio de los mecanismos que más tarde nos servirán para dar una solución teórica a los distintos escenarios que se plantean. En la segunda parte del proyecto, nos hemos centrado en desarrollar varios escenarios de interés en sistemas de Redes de Siguiente Generación y aportar, de forma posterior, posibles soluciones teóricas. Para finalizar, se han expuesto las conclusiones extraídas como resultado del trabajo y los aspectos que se podrán tratar sobre el mismo en un futuro próximo.Ingeniería de Telecomunicació