8 research outputs found
Inter-Domain Authentication for Seamless Roaming in Heterogeneous Wireless Networks
The convergence of diverse but complementary wireless access technologies and inter-operation among administrative domains have been envisioned as crucial for the next generation wireless networks that will provide support for end-user devices to seamlessly roam across domain boundaries. The integration of existing and emerging heterogeneous wireless networks to provide such seamless roaming requires the design of a handover scheme that provides uninterrupted service continuity while facilitating the establishment of authenticity of the entities involved. The existing protocols for supporting re-authentication of a mobile node during a handover across administrative domains typically involve several round trips to the home domain, and hence introduce long latencies. Furthermore, the existing methods for negotiating roaming agreements to establish inter-domain trust rely on a lengthy manual process, thus, impeding seamless roaming across multiple domains in a truly heterogeneous wireless network. In this thesis, we present a new proof-token based authentication protocol that supports quick re-authentication of a mobile node as it moves to a new foreign domain without involving communication with the home domain. The proposed proof-token based protocol can also support establishment of spontaneous roaming agreements between a pair of domains that do not already have a direct roaming agreement, thus allowing flexible business models to be supported. We describe details of the new authentication architecture, the proposed protocol, which is based on EAP-TLS and compare the proposed protocol with existing protocols
Fast and seamless mobility management in IPV6-based next-generation wireless networks
Introduction -- Access router tunnelling protocol (ARTP) -- Proposed integrated architecture for next generation wireless networks -- Proposed seamless handoff schemes in next generation wireless networks -- Proposed fast mac layer handoff scheme for MIPV6/WLANs
Mobility management across converged IP-based heterogeneous access networks
This thesis was submitted for the degree of Doctor of Philosophy and awarded by Brunel University, 8/2/2010.In order to satisfy customer demand for a high performance “global” mobility service, network operators (ISPs, carriers, mobile operators, etc.) are facing the need to evolve to a converged “all-IP” centric heterogeneous access infrastructure. However, the integration of such heterogeneous access networks (e.g. 802.11, 802.16e, UMTS etc) brings major mobility issues. This thesis tackles issues plaguing existing mobility management solutions in converged IP-based heterogeneous networks. In order to do so, the thesis firstly proposes a cross-layer mechanism using the upcoming IEEE802.21 MIH services to make intelligent and optimized handovers. In this respect, FMIPv6 is integrated with the IEEE802.21 mechanism to provide seamless mobility during the overall handover process. The proposed solution is then applied in a simulated vehicular environment to optimize the NEMO handover process. It is shown through analysis and simulations of the signalling process that the overall expected handover (both L2 and L3) latency in FMIPv6 can be reduced by the proposed mechanism by 69%. Secondly, it is expected that the operator of a Next Generation Network will provide mobility as a service that will generate significant revenues. As a result, dynamic service bootstrapping and authorization mechanisms must be in place to efficiently deploy a mobility service (without static provisioning), which will allow only legitimate users to access the service. A GNU Linux based test-bed has been implemented to demonstrate this. The experiments presented show the handover performance of the secured FMIPv6 over the implemented test-bed compared to plain FMIPv6 and MIPv6 by providing quantitative measurements and results on the quality of experience perceived by the users of IPv6 multimedia applications. The results show the inclusion of the additional signalling of the proposed architecture for the purpose of authorization and bootstrapping (i.e. key distribution using HOKEY) has no adverse effect on the overall handover process. Also, using a formal security analysis tool, it is shown that the proposed mechanism is safe/secure from the induced security threats. Lastly, a novel IEEE802.21 assisted EAP based re-authentication scheme over a service authorization and bootstrapping framework is presented. AAA based authentication mechanisms like EAP incur signalling overheads due to large RTTs. As a result, overall handover latency also increases. Therefore, a fast re-authentication scheme is presented which utilizes IEEE802.21 MIH services to minimize the EAP authentication process delays and as a result reduce the overall handover latency. Analysis of the signalling process based on analytical results shows that the overall handover latency for mobility protocols will be approximately reduced by 70% by the proposed scheme
Mobility management across converged IP-based heterogeneous access networks
In order to satisfy customer demand for a high performance “global” mobility service, network operators (ISPs, carriers, mobile operators, etc.) are facing the need to evolve to a converged “all-IP” centric heterogeneous access infrastructure. However, the integration of such heterogeneous access networks (e.g. 802.11, 802.16e, UMTS etc) brings major mobility issues. This thesis tackles issues plaguing existing mobility management solutions in converged IP-based heterogeneous networks. In order to do so, the thesis firstly proposes a cross-layer mechanism using the upcoming IEEE802.21 MIH services to make intelligent and optimized handovers. In this respect, FMIPv6 is integrated with the IEEE802.21 mechanism to provide seamless mobility during the overall handover process. The proposed solution is then applied in a simulated vehicular environment to optimize the NEMO handover process. It is shown through analysis and simulations of the signalling process that the overall expected handover (both L2 and L3) latency in FMIPv6 can be reduced by the proposed mechanism by 69%. Secondly, it is expected that the operator of a Next Generation Network will provide mobility as a service that will generate significant revenues. As a result, dynamic service bootstrapping and authorization mechanisms must be in place to efficiently deploy a mobility service (without static provisioning), which will allow only legitimate users to access the service. A GNU Linux based test-bed has been implemented to demonstrate this. The experiments presented show the handover performance of the secured FMIPv6 over the implemented test-bed compared to plain FMIPv6 and MIPv6 by providing quantitative measurements and results on the quality of experience perceived by the users of IPv6 multimedia applications. The results show the inclusion of the additional signalling of the proposed architecture for the purpose of authorization and bootstrapping (i.e. key distribution using HOKEY) has no adverse effect on the overall handover process. Also, using a formal security analysis tool, it is shown that the proposed mechanism is safe/secure from the induced security threats. Lastly, a novel IEEE802.21 assisted EAP based re-authentication scheme over a service authorization and bootstrapping framework is presented. AAA based authentication mechanisms like EAP incur signalling overheads due to large RTTs. As a result, overall handover latency also increases. Therefore, a fast re-authentication scheme is presented which utilizes IEEE802.21 MIH services to minimize the EAP authentication process delays and as a result reduce the overall handover latency. Analysis of the signalling process based on analytical results shows that the overall handover latency for mobility protocols will be approximately reduced by 70% by the proposed scheme.EThOS - Electronic Theses Online ServiceGBUnited Kingdo
Mobility management across converged IP-based heterogeneous access networks
In order to satisfy customer demand for a high performance “global” mobility service, network operators (ISPs, carriers, mobile operators, etc.) are facing the need to evolve to a converged “all-IP” centric heterogeneous access infrastructure. However, the integration of such heterogeneous access networks (e.g. 802.11, 802.16e, UMTS etc) brings major mobility issues. This thesis tackles issues plaguing existing mobility management solutions in converged IP-based heterogeneous networks. In order to do so, the thesis firstly proposes a cross-layer mechanism using the upcoming IEEE802.21 MIH services to make intelligent and optimized handovers. In this respect, FMIPv6 is integrated with the IEEE802.21 mechanism to provide seamless mobility during the overall handover process. The proposed solution is then applied in a simulated vehicular environment to optimize the NEMO handover process. It is shown through analysis and simulations of the signalling process that the overall expected handover (both L2 and L3) latency in FMIPv6 can be reduced by the proposed mechanism by 69%. Secondly, it is expected that the operator of a Next Generation Network will provide mobility as a service that will generate significant revenues. As a result, dynamic service bootstrapping and authorization mechanisms must be in place to efficiently deploy a mobility service (without static provisioning), which will allow only legitimate users to access the service. A GNU Linux based test-bed has been implemented to demonstrate this. The experiments presented show the handover performance of the secured FMIPv6 over the implemented test-bed compared to plain FMIPv6 and MIPv6 by providing quantitative measurements and results on the quality of experience perceived by the users of IPv6 multimedia applications. The results show the inclusion of the additional signalling of the proposed architecture for the purpose of authorization and bootstrapping (i.e. key distribution using HOKEY) has no adverse effect on the overall handover process. Also, using a formal security analysis tool, it is shown that the proposed mechanism is safe/secure from the induced security threats. Lastly, a novel IEEE802.21 assisted EAP based re-authentication scheme over a service authorization and bootstrapping framework is presented. AAA based authentication mechanisms like EAP incur signalling overheads due to large RTTs. As a result, overall handover latency also increases. Therefore, a fast re-authentication scheme is presented which utilizes IEEE802.21 MIH services to minimize the EAP authentication process delays and as a result reduce the overall handover latency. Analysis of the signalling process based on analytical results shows that the overall handover latency for mobility protocols will be approximately reduced by 70% by the proposed scheme.EThOS - Electronic Theses Online ServiceGBUnited Kingdo
Privacidade em redes de próxima geração
Doutoramento em Engenharia InformáticaIn the modern society, communications and digital transactions are becoming
the norm rather than the exception. As we allow networked computing devices
into our every-day actions, we build a digital lifestyle where networks and
devices enrich our interactions. However, as we move our information towards
a connected digital environment, privacy becomes extremely important as most
of our personal information can be found in the network. This is especially
relevant as we design and adopt next generation networks that provide
ubiquitous access to services and content, increasing the impact and pervasiveness
of existing networks.
The environments that provide widespread connectivity and services usually
rely on network protocols that have few privacy considerations, compromising
user privacy. The presented work focuses on the network aspects of privacy,
considering how network protocols threaten user privacy, especially on next
generation networks scenarios. We target the identifiers that are present in
each network protocol and support its designed function. By studying how the
network identifiers can compromise user privacy, we explore how these threats
can stem from the identifier itself and from relationships established between
several protocol identifiers.
Following the study focused on identifiers, we show that privacy in the network
can be explored along two dimensions: a vertical dimension that establishes
privacy relationships across several layers and protocols, reaching the user,
and a horizontal dimension that highlights the threats exposed by individual
protocols, usually confined to a single layer. With these concepts, we outline an
integrated perspective on privacy in the network, embracing both vertical and
horizontal interactions of privacy. This approach enables the discussion of several
mechanisms to address privacy threats on individual layers, leading to
architectural instantiations focused on user privacy. We also show how the
different dimensions of privacy can provide insight into the relationships that
exist in a layered network stack, providing a potential path towards designing
and implementing future privacy-aware network architectures.Na sociedade moderna, as comunicações e transacções digitais estão a
tornar-se a regra e não a excepção. À medida que permitimos a intromissão de
dispositivos electrĂłnicos de rede no nosso quotidiano, vamos construĂndo um
estilo de vida digital onde redes e dispositivos enrirquecem as nossas interacções.
Contudo, ao caminharmos para um ambiente digital em rede, a nossa
privacidade vai-se revestindo de maior importãncia, pois a nossa informação
pessoal passa a encontrar-se cada vez mais na rede. Isto torna-se particularmente
relevante ao adoptarmos redes de próxima geração, que permitem
acesso ubĂquo a redes, serviços e conteĂşdos, aumentando o impacte e
pervasividade das redes actuais.
Os ambientes onde a conectividade e os serviços se tornam uma constante,
assentam em protocolos de rede que normalmente contemplam poucas
considerações sobre privacidade, comprometendo desta forma o utlizador. O
presente trabalho centra-se nos aspectos de privacidade que dizem respeito Ă
rede devido Ă forma como os protocolos sĂŁo utilizados nas diferentes camadas,
e que resultando em ameaças à privacidade do utilizador. Abordamos especificamente
os identificadores presentes nos protocolos de rede, e que sĂŁo
essenciais à sua função. Neste contexto exploramos a possibilidade destes
identificadores comprometerem a privacidade do utilizador através da
informação neles contida, bem como das relações que podem ser estabelecidas
entre identificadores de diferentes protocolos.
ApĂłs este estudo centrado nos identificadores, mostramos como a privacidade
em redes pode ser explorada ao longo de duas dimensões: uma dimensão que
acentua as relações verticais de privacidade, cruzando vários protocolos até
chegar ao utilizador, e uma dimensão horizontal que destaca as ameaças
causadas por cada protocolo, de forma individual, normalmente limitadas a
uma única camada. Através destes conceitos, mostramos uma visão integrada
de privacidade em redes, abrangendo tanto as interacçoes de privacidade
verticais como as horizontais. Esta visão permite discutir vários mecanismos
para mitigar ameaças especĂficas a cada camada de rede, resultando em
instânciações arquitecturais orientadas à privacidade do utilizador. Finalmente,
mostramos como as diferentes dimensões de privacidade podem fornecer uma
visão diferente sobre as relações estabelecidas na pilha protocolar que
assenta em camadas, mostrando um caminho possĂvel para o desenvolvimento
de futuras arquitecturas de rede com suporte para privacidade
Proceedings of the Third Edition of the Annual Conference on Wireless On-demand Network Systems and Services (WONS 2006)
Ce fichier regroupe en un seul documents l'ensemble des articles accéptés pour la conférences WONS2006/http://citi.insa-lyon.fr/wons2006/index.htmlThis year, 56 papers were submitted. From the Open Call submissions we accepted 16 papers as full papers (up to 12 pages) and 8 papers as short papers (up to 6 pages). All the accepted papers will be presented orally in the Workshop sessions. More precisely, the selected papers have been organized in 7 session: Channel access and scheduling, Energy-aware Protocols, QoS in Mobile Ad-Hoc networks, Multihop Performance Issues, Wireless Internet, Applications and finally Security Issues. The papers (and authors) come from all parts of the world, confirming the international stature of this Workshop. The majority of the contributions are from Europe (France, Germany, Greece, Italy, Netherlands, Norway, Switzerland, UK). However, a significant number is from Australia, Brazil, Canada, Iran, Korea and USA. The proceedings also include two invited papers. We take this opportunity to thank all the authors who submitted their papers to WONS 2006. You helped make this event again a success