Leveraging synergy of SDWN and multi-layer resource management for 5G networks

Fifth-generation (5G) networks are envisioned to predispose service-oriented and flexible edge-to-core infrastructure to offer diverse applications. Convergence of software-defined networking (SDN), software-defined radio (SDR), and virtualization on the concept of software-defined wireless networking (SDWN) is a promising approach to support such dynamic networks. The principal technique behind the 5G-SDWN framework is the separation of control and data planes, from deep core entities to edge wireless access points. This separation allows the abstraction of resources as transmission parameters of users. In such user-centric and service-oriented environment, resource management plays a critical role to achieve efficiency and reliability. In this paper, we introduce a converged multi-layer resource management (CML-RM) framework for SDWN-enabled 5G networks, that involves a functional model and an optimization framework. In such framework, the key questions are if 5G-SDWN can be leveraged to enable CML-RM over the portfolio of resources, and reciprocally, if CML-RM can effectively provide performance enhancement and reliability for 5G-SDWN. In this paper, we tackle these questions by proposing a flexible protocol structure for 5G-SDWN, which can handle all the required functionalities in a more cross-layer manner. Based on this, we demonstrate how the proposed general framework of CML-RM can control the end-user quality of experience. Moreover, for two scenarios of 5G-SDWN, we investigate the effects of joint user-association and resource allocation via CML-RM to improve performance in virtualized networks

Slicing in WiFi networks through airtime-based resource allocation

Network slicing is one of the key enabling technologies for 5G networks. It allows infrastructure owners to assign resources to service providers (tenants), which will afterwards use them to satisfy their end-user demands. This paradigm, which changes the way networks have been traditionally managed, was initially proposed in the wired realm (core networks). More recently, the scientific community has paid attention to the integration of network slicing in wireless cellular technologies (LTE). However, there are not many works addressing the challenges that appear when trying to exploit slicing techniques over WiFi networks, in spite of their growing relevance. In this paper we propose a novel method of proportionally distributing resources in WiFi networks, by means of the airtime. We develop an analytical model, which shed light on how such resources could be split. The validity of the proposed model is assessed by means of simulation-based evaluation over the ns-3 framework.This work has been supported in part by the European Commission and the Spanish Government (Fondo Europeo de desarrollo Regional, FEDER) by means of the EU H2020 NECOS (777067) and ADVICE (TEC2015-71329) projects, respectively

SLICING-BASED RESOURCE ALLOCATION AND MOBILITY MANAGEMENT FOR EMERGING WIRELESS NETWORKS

The proliferation of smart mobile devices and user applications has continued to contribute to the tremendous volume of data traffic in cellular networks. Moreover, with the feature of heterogeneous connectivity interfaces of these smart devices, it becomes more complex for managing the traffic volume in the context of mobility. To surmount this challenge, service and resource providers are looking for alternative mechanisms that can successfully facilitate managing network resources and mobility in a more dynamic, predictive and distributed manner. New concepts of network architectures such as Software-Defined Network (SDN) and Network Function Virtualization (NFV) have paved the way to move from static to flexible networks. They make networks more flexible (i.e., network providers capable of on-demand provisioning), easily customizable and cost effective. In this regard, network slicing is emerging as a new technology built on the concepts of SDN and NFV. It splits a network infrastructure into isolated virtual networks and allows them to manage network resources based on their requirements and characteristics. Most of the existing solutions for network slicing are facing challenges in terms of resource and mobility management. Regarding resource management, it creates challenges in terms of provisioning network throughput, end-to-end delay, and fairness resources allocation for each slice, whereas, in the case of mobility management, due to the rapid change of user mobility the network slice operator would like to hold the mobility controlling over its clients across different access networks, rather than the network operator, to ensure better services and user experience. In this thesis, we propose two novel architectural solutions to solve the challenges identified above. The first proposed solution introduces a Network Slicing Resource Management (NSRM) mechanism that assigns the required resources for each slice, taking into consideration resource isolation between different slices. The second proposed v solution provides a Mobility Management architecture-based Network Slicing (MMNS) where each slice manages its users across heterogeneous radio access technologies such as WiFi, LTE and 5G networks. In MMNS architecture, each slice has different mobility demands (e.g,. latency, speed and interference) and these demands are governed by a network slice configuration and service characteristics. In addition, NSRM ensures isolating, customizing and fair sharing of distributed bandwidths between various network slices and users belonging to the same slice depending on different requirements of each one. Whereas, MMNS is a logical platform that unifies different Radio Access Technologies (RATs) and allows all slices to share them in order to satisfy different slice mobility demands. We considered two software simulations, namely OPNET Modeler and OMNET++, to validate the performance evaluation of the thesis contributions. The simulation results for both proposed architectures show that, in case of NSRM, the resource blocking is approximately 35% less compared to the legacy LTE network, which it allows to accommodate more users. The NSRM also successfully maintains the isolation for both the inter and intra network slices. Moreover, the results show that the NSRM is able to run different scheduling mechanisms where each network slice guarantee perform its own scheduling mechanism and simultaneously with other slices. Regarding the MMNS, the results show the advantages of the proposed architecture that are the reduction of the tunnelling overhead and the minimization of the handover latency. The MMNS results show the packets delivery cost is optimal by reducing the number of hops that the packets transit between a source node and destination. Additionally, seamless session continues of a user IP-flow between different access networks interfaces has been successfully achieved

ANVIA ENTERPRISE WIRELESS LOCAL AREA NETWORK MARKET ANALYZES AND BUSINESS MODEL ENHANCEMENTS.

For almost 15 years, since it has been released, Wi-Fi has been one of the dominant technologies in telecommunication world. However, because of its weaknesses related to security, interference and weak quality of service it has not been accepted as a viable business. Furthermore, it also operates in unlicensed spectrum bands which magnify these issues. On the other hand, technological innovations through new improvements in the world of Wi-Fi have made it one of the most popular indoor communication solutions for enterprises as well as in outdoor common meeting points. Therefore, it has become imperative to study this subject due to its popularity and several issues associated with this technology to create a viable business model for Anvia Oyj. In an attempt to contribute towards this field, present thesis provides a comprehensive theoretical framework that addresses WLAN technology from different aspects including Wi-Fi roaming as well as the description of business model segments. In order to strengthen enterprise WLAN business models, a comprehensive data was collected through different resources. First, an internal interview in Anvia Oyj based on its current enterprise WLAN business model was conducted. Secondly, two surveys were conducted in different enterprise WLAN customer segments; 32 interviews with small office home office (SOHO) enterprises and 10 interviews with SMEs/LEs and municipalities. Thirdly, a global enterprise WLAN market analysis was conducted through Internet resources. Based on these, analyzes, recommendations and business model enhancements are suggested in this thesis. The findings of this research will help Anvia Oyj to achieve better performance in enterprise WLAN business segment.fi=Opinnäytetyö kokotekstinä PDF-muodossa.|en=Thesis fulltext in PDF format.|sv=Lärdomsprov tillgängligt som fulltext i PDF-format

Planning and realization of a WiFi 6 network to replace wired connections in an enterprise environment

WiFi (Wireless Fidelity) is a popular wireless LAN technology. It provides broadband wireless connectivity to all the users in the unlicensed 2.4 GHz and 5 GHz frequency bands. Given the fact that the WiFi technology is much easier and cost-efficient to deploy, it is rapidly gaining acceptance as an alternative to a wired local area network. Nowadays the Wireless access to data is a necessity for everyone in the daily life. Considering the last 30 years, the unlimited access to information has transformed entire industries, fueling growth, productivity and profits.The WiFi technology, which is governed by the IEEE 802.11 standards body, has played a key role in this transformation. In fact, thanks to WiFi, users can benefit of low cost access to high data rate wireless connectivity. The first version of the IEEE 802.11 protocol was released in 1997. IEEE 802.11 has been improved with different versions in order to enhance the throughput and support new technologies. WiFi networks are now experiencing the bandwidth-demanding media content as well as multiple WiFi devices for each user. As a consequence of this, WiFi 6, which is based on the IEEE 802.11ax standard, is focused on improving the efficiency of the radio link. However, there is a relatively modest increase in peak data rate too. In this thesis we have planned and realized a WiFi 6 network to replace wired connections in an enterprise environment. To do this the optimal access point placement problem has been taken into account, resulting in an improvement of the coverage. Subsequently, after the configuration from the controller, the performance of the new network has been tested in order to study if WiFi 6 can be used instead of wired connections.WiFi (Wireless Fidelity) is a popular wireless LAN technology. It provides broadband wireless connectivity to all the users in the unlicensed 2.4 GHz and 5 GHz frequency bands. Given the fact that the WiFi technology is much easier and cost-efficient to deploy, it is rapidly gaining acceptance as an alternative to a wired local area network. Nowadays the Wireless access to data is a necessity for everyone in the daily life. Considering the last 30 years, the unlimited access to information has transformed entire industries, fueling growth, productivity and profits.The WiFi technology, which is governed by the IEEE 802.11 standards body, has played a key role in this transformation. In fact, thanks to WiFi, users can benefit of low cost access to high data rate wireless connectivity. The first version of the IEEE 802.11 protocol was released in 1997. IEEE 802.11 has been improved with different versions in order to enhance the throughput and support new technologies. WiFi networks are now experiencing the bandwidth-demanding media content as well as multiple WiFi devices for each user. As a consequence of this, WiFi 6, which is based on the IEEE 802.11ax standard, is focused on improving the efficiency of the radio link. However, there is a relatively modest increase in peak data rate too. In this thesis we have planned and realized a WiFi 6 network to replace wired connections in an enterprise environment. To do this the optimal access point placement problem has been taken into account, resulting in an improvement of the coverage. Subsequently, after the configuration from the controller, the performance of the new network has been tested in order to study if WiFi 6 can be used instead of wired connections

Novel architectures and strategies for security offloading

Internet has become an indispensable and powerful tool in our modern society. Its ubiquitousness, pervasiveness and applicability have fostered paradigm changes around many aspects of our lives. This phenomena has positioned the network and its services as fundamental assets over which we rely and trust. However, Internet is far from being perfect. It has considerable security issues and vulnerabilities that jeopardize its main core functionalities with negative impact over its players. Furthermore, these vulnerabilities¿ complexities have been amplified along with the evolution of Internet user mobility. In general, Internet security includes both security for the correct network operation and security for the network users and endpoint devices. The former involves the challenges around the Internet core control and management vulnerabilities, while the latter encompasses security vulnerabilities over end users and endpoint devices. Similarly, Internet mobility poses major security challenges ranging from routing complications, connectivity disruptions and lack of global authentication and authorization. The purpose of this thesis is to present the design of novel architectures and strategies for improving Internet security in a non-disruptive manner. Our novel security proposals follow a protection offloading approach. The motives behind this paradigm target the further enhancement of the security protection while minimizing the intrusiveness and disturbance over the Internet routing protocols, its players and users. To accomplish such level of transparency, the envisioned solutions leverage on well-known technologies, namely, Software Defined Networks, Network Function Virtualization and Fog Computing. From the Internet core building blocks, we focus on the vulnerabilities of two key routing protocols that play a fundamental role in the present and the future of the Internet, i.e., the Border Gateway Protocol (BGP) and the Locator-Identifier Split Protocol (LISP). To this purpose, we first investigate current BGP vulnerabilities and countermeasures with emphasis in an unresolved security issue defined as Route Leaks. Therein, we discuss the reasons why different BGP security proposals have failed to be adopted, and the necessity to propose innovative solutions that minimize the impact over the already deployed routing solution. To this end, we propose pragmatic security methodologies to offload the protection with the following advantages: no changes to the BGP protocol, neither dependency on third party information nor on third party security infrastructure, and self-beneficial. Similarly, we research the current LISP vulnerabilities with emphasis on its control plane and mobility support. We leverage its by-design separation of control and data planes to propose an enhanced location-identifier registration process of end point identifiers. This proposal improves the mobility of end users with regards on securing a dynamic traffic steering over the Internet. On the other hand, from the end user and devices perspective we research new paradigms and architectures with the aim of enhancing their protection in a more controllable and consolidated manner. To this end, we propose a new paradigm which shifts the device-centric protection paradigm toward a user-centric protection. Our proposal focus on the decoupling or extending of the security protection from the end devices toward the network edge. It seeks the homogenization of the enforced protection per user independently of the device utilized. We further investigate this paradigm in a mobility user scenario. Similarly, we extend this proposed paradigm to the IoT realm and its intrinsic security challenges. Therein, we propose an alternative to protect both the things, and the services that leverage from them by consolidating the security at the network edge. We validate our proposal by providing experimental results from prof-of-concepts implementations.Internet se ha convertido en una poderosa e indispensable herramienta para nuestra sociedad moderna. Su omnipresencia y aplicabilidad han promovido grandes cambios en diferentes aspectos de nuestras vidas. Este fenómeno ha posicionado a la red y sus servicios como activos fundamentales sobre los que contamos y confiamos. Sin embargo, Internet está lejos de ser perfecto. Tiene considerables problemas de seguridad y vulnerabilidades que ponen en peligro sus principales funcionalidades. Además, las complejidades de estas vulnerabilidades se han ampliado junto con la evolución de la movilidad de usuarios de Internet y su limitado soporte. La seguridad de Internet incluye tanto la seguridad para el correcto funcionamiento de la red como la seguridad para los usuarios y sus dispositivos. El primero implica los desafíos relacionados con las vulnerabilidades de control y gestión de la infraestructura central de Internet, mientras que el segundo abarca las vulnerabilidades de seguridad sobre los usuarios finales y sus dispositivos. Del mismo modo, la movilidad en Internet plantea importantes desafíos de seguridad que van desde las complicaciones de enrutamiento, interrupciones de la conectividad y falta de autenticación y autorización globales. El propósito de esta tesis es presentar el diseño de nuevas arquitecturas y estrategias para mejorar la seguridad de Internet de una manera no perturbadora. Nuestras propuestas de seguridad siguen un enfoque de desacople de la protección. Los motivos detrás de este paradigma apuntan a la mejora adicional de la seguridad mientras que minimizan la intrusividad y la perturbación sobre los protocolos de enrutamiento de Internet, sus actores y usuarios. Para lograr este nivel de transparencia, las soluciones previstas aprovechan nuevas tecnologías, como redes definidas por software (SDN), virtualización de funciones de red (VNF) y computación en niebla. Desde la perspectiva central de Internet, nos centramos en las vulnerabilidades de dos protocolos de enrutamiento clave que desempeñan un papel fundamental en el presente y el futuro de Internet, el Protocolo de Puerta de Enlace Fronterizo (BGP) y el Protocolo de Separación Identificador/Localizador (LISP ). Para ello, primero investigamos las vulnerabilidades y medidas para contrarrestar un problema no resuelto en BGP definido como Route Leaks. Proponemos metodologías pragmáticas de seguridad para desacoplar la protección con las siguientes ventajas: no cambios en el protocolo BGP, cero dependencia en la información de terceros, ni de infraestructura de seguridad de terceros, y de beneficio propio. Del mismo modo, investigamos las vulnerabilidades actuales sobre LISP con énfasis en su plano de control y soporte de movilidad. Aprovechamos la separacçón de sus planos de control y de datos para proponer un proceso mejorado de registro de identificadores de ubicación y punto final, validando de forma segura sus respectivas autorizaciones. Esta propuesta mejora la movilidad de los usuarios finales con respecto a segurar un enrutamiento dinámico del tráfico a través de Internet. En paralelo, desde el punto de vista de usuarios finales y dispositivos investigamos nuevos paradigmas y arquitecturas con el objetivo de mejorar su protección de forma controlable y consolidada. Con este fin, proponemos un nuevo paradigma hacia una protección centrada en el usuario. Nuestra propuesta se centra en el desacoplamiento o ampliación de la protección de seguridad de los dispositivos finales hacia el borde de la red. La misma busca la homogeneización de la protección del usuario independientemente del dispositivo utilizado. Además, investigamos este paradigma en un escenario con movilidad. Validamos nuestra propuesta proporcionando resultados experimentales obtenidos de diferentes experimentos y pruebas de concepto implementados

Novel architectures and strategies for security offloading

Internet has become an indispensable and powerful tool in our modern society. Its ubiquitousness, pervasiveness and applicability have fostered paradigm changes around many aspects of our lives. This phenomena has positioned the network and its services as fundamental assets over which we rely and trust. However, Internet is far from being perfect. It has considerable security issues and vulnerabilities that jeopardize its main core functionalities with negative impact over its players. Furthermore, these vulnerabilities¿ complexities have been amplified along with the evolution of Internet user mobility. In general, Internet security includes both security for the correct network operation and security for the network users and endpoint devices. The former involves the challenges around the Internet core control and management vulnerabilities, while the latter encompasses security vulnerabilities over end users and endpoint devices. Similarly, Internet mobility poses major security challenges ranging from routing complications, connectivity disruptions and lack of global authentication and authorization. The purpose of this thesis is to present the design of novel architectures and strategies for improving Internet security in a non-disruptive manner. Our novel security proposals follow a protection offloading approach. The motives behind this paradigm target the further enhancement of the security protection while minimizing the intrusiveness and disturbance over the Internet routing protocols, its players and users. To accomplish such level of transparency, the envisioned solutions leverage on well-known technologies, namely, Software Defined Networks, Network Function Virtualization and Fog Computing. From the Internet core building blocks, we focus on the vulnerabilities of two key routing protocols that play a fundamental role in the present and the future of the Internet, i.e., the Border Gateway Protocol (BGP) and the Locator-Identifier Split Protocol (LISP). To this purpose, we first investigate current BGP vulnerabilities and countermeasures with emphasis in an unresolved security issue defined as Route Leaks. Therein, we discuss the reasons why different BGP security proposals have failed to be adopted, and the necessity to propose innovative solutions that minimize the impact over the already deployed routing solution. To this end, we propose pragmatic security methodologies to offload the protection with the following advantages: no changes to the BGP protocol, neither dependency on third party information nor on third party security infrastructure, and self-beneficial. Similarly, we research the current LISP vulnerabilities with emphasis on its control plane and mobility support. We leverage its by-design separation of control and data planes to propose an enhanced location-identifier registration process of end point identifiers. This proposal improves the mobility of end users with regards on securing a dynamic traffic steering over the Internet. On the other hand, from the end user and devices perspective we research new paradigms and architectures with the aim of enhancing their protection in a more controllable and consolidated manner. To this end, we propose a new paradigm which shifts the device-centric protection paradigm toward a user-centric protection. Our proposal focus on the decoupling or extending of the security protection from the end devices toward the network edge. It seeks the homogenization of the enforced protection per user independently of the device utilized. We further investigate this paradigm in a mobility user scenario. Similarly, we extend this proposed paradigm to the IoT realm and its intrinsic security challenges. Therein, we propose an alternative to protect both the things, and the services that leverage from them by consolidating the security at the network edge. We validate our proposal by providing experimental results from prof-of-concepts implementations.Internet se ha convertido en una poderosa e indispensable herramienta para nuestra sociedad moderna. Su omnipresencia y aplicabilidad han promovido grandes cambios en diferentes aspectos de nuestras vidas. Este fenómeno ha posicionado a la red y sus servicios como activos fundamentales sobre los que contamos y confiamos. Sin embargo, Internet está lejos de ser perfecto. Tiene considerables problemas de seguridad y vulnerabilidades que ponen en peligro sus principales funcionalidades. Además, las complejidades de estas vulnerabilidades se han ampliado junto con la evolución de la movilidad de usuarios de Internet y su limitado soporte. La seguridad de Internet incluye tanto la seguridad para el correcto funcionamiento de la red como la seguridad para los usuarios y sus dispositivos. El primero implica los desafíos relacionados con las vulnerabilidades de control y gestión de la infraestructura central de Internet, mientras que el segundo abarca las vulnerabilidades de seguridad sobre los usuarios finales y sus dispositivos. Del mismo modo, la movilidad en Internet plantea importantes desafíos de seguridad que van desde las complicaciones de enrutamiento, interrupciones de la conectividad y falta de autenticación y autorización globales. El propósito de esta tesis es presentar el diseño de nuevas arquitecturas y estrategias para mejorar la seguridad de Internet de una manera no perturbadora. Nuestras propuestas de seguridad siguen un enfoque de desacople de la protección. Los motivos detrás de este paradigma apuntan a la mejora adicional de la seguridad mientras que minimizan la intrusividad y la perturbación sobre los protocolos de enrutamiento de Internet, sus actores y usuarios. Para lograr este nivel de transparencia, las soluciones previstas aprovechan nuevas tecnologías, como redes definidas por software (SDN), virtualización de funciones de red (VNF) y computación en niebla. Desde la perspectiva central de Internet, nos centramos en las vulnerabilidades de dos protocolos de enrutamiento clave que desempeñan un papel fundamental en el presente y el futuro de Internet, el Protocolo de Puerta de Enlace Fronterizo (BGP) y el Protocolo de Separación Identificador/Localizador (LISP ). Para ello, primero investigamos las vulnerabilidades y medidas para contrarrestar un problema no resuelto en BGP definido como Route Leaks. Proponemos metodologías pragmáticas de seguridad para desacoplar la protección con las siguientes ventajas: no cambios en el protocolo BGP, cero dependencia en la información de terceros, ni de infraestructura de seguridad de terceros, y de beneficio propio. Del mismo modo, investigamos las vulnerabilidades actuales sobre LISP con énfasis en su plano de control y soporte de movilidad. Aprovechamos la separacçón de sus planos de control y de datos para proponer un proceso mejorado de registro de identificadores de ubicación y punto final, validando de forma segura sus respectivas autorizaciones. Esta propuesta mejora la movilidad de los usuarios finales con respecto a segurar un enrutamiento dinámico del tráfico a través de Internet. En paralelo, desde el punto de vista de usuarios finales y dispositivos investigamos nuevos paradigmas y arquitecturas con el objetivo de mejorar su protección de forma controlable y consolidada. Con este fin, proponemos un nuevo paradigma hacia una protección centrada en el usuario. Nuestra propuesta se centra en el desacoplamiento o ampliación de la protección de seguridad de los dispositivos finales hacia el borde de la red. La misma busca la homogeneización de la protección del usuario independientemente del dispositivo utilizado. Además, investigamos este paradigma en un escenario con movilidad. Validamos nuestra propuesta proporcionando resultados experimentales obtenidos de diferentes experimentos y pruebas de concepto implementados.Postprint (published version

Exploring Computing Continuum in IoT Systems: Sensing, Communicating and Processing at the Network Edge

As Internet of Things (IoT), originally comprising of only a few simple sensing devices, reaches 34 billion units by the end of 2020, they cannot be defined as merely monitoring sensors anymore. IoT capabilities have been improved in recent years as relatively large internal computation and storage capacity are becoming a commodity. In the early days of IoT, processing and storage were typically performed in cloud. New IoT architectures are able to perform complex tasks directly on-device, thus enabling the concept of an extended computational continuum. Real-time critical scenarios e.g. autonomous vehicles sensing, area surveying or disaster rescue and recovery require all the actors involved to be coordinated and collaborate without human interaction to a common goal, sharing data and resources, even in intermittent networks covered areas. This poses new problems in distributed systems, resource management, device orchestration,as well as data processing. This work proposes a new orchestration and communication framework, namely CContinuum, designed to manage resources in heterogeneous IoT architectures across multiple application scenarios. This work focuses on two key sustainability macroscenarios: (a) environmental sensing and awareness, and (b) electric mobility support. In the first case a mechanism to measure air quality over a long period of time for different applications at global scale (3 continents 4 countries) is introduced. The system has been developed in-house from the sensor design to the mist-computing operations performed by the nodes. In the second scenario, a technique to transmit large amounts of fine-time granularity battery data from a moving vehicle to a control center is proposed jointly with the ability of allocating tasks on demand within the computing continuum