Unified security frameworks for integrated WiMAX and optical broadband access networks

This dissertation proposes the integration of optical and Mobile Worldwide Interoperability for Microwave Access (WiMAX) broadband access networks in order to combine the strengths of optical and wireless technologies and converge them seamlessly. To protect the access network security, this dissertation has developed the design of unified security frameworks for the proposed integrated optical and WiMAX broadband access networks.Ethernet Passive Optical Networks (EPONs) offers a popular broadband access solution, providing high bandwidth and long transmission range to meet users' fast evolving needs. WiMAX provides a wireless broadband solution and it supports mobility. This dissertation proposes a WiMAX over EPON network architecture to provide optical bandwidth for the WiMAX base station (BS). The dissertation also presents a unified security framework for the proposed WiMAX over EPON architecture using public key infrastructure (PKI) and extensible authentication protocol (EAP). The security framework could achieve efficient system management, enhance the system security, and realize unified key management. Furthermore, the dissertation introduces three handover scenarios in the WiMAX over EPON network and describes the corresponding handover schemes based on a pre-authentication method and the communication framework of the ranging step. The proposed handover mechanisms can simplify and accelerate the handover process, compared to the standard WiMAX handover scheme, while keeping the handover procedure secure.Free Space Optics (FSO) provides a relatively flexible optical wireless solution to provide gigabit bandwidth to areas where fiber is costly or hard to deploy. This dissertation also proposes an integrated Mobile WiMAX and FSO broadband access network and presents a unified EAP-based security framework. The dissertation then evaluates and compares the performance of EAP-Transport Layer Security (EAP-TLS) and EAP-Tunneled Transport layer Security (EAP-TTLS) for the FSO-WiMAX network, and also evaluates the impact of the point-to-point FSO link. Measurements show that, compared to EAP-TLS, EAP-TTLS provides a more flexible, efficient, and secure way to protect the integrated FSO-WiMAX access network. Experiments conducted as part of investigation demonstrate that the point-to-point FSO link does not degrade the performance of EAP authentication in the integrated network

Security performance and protocol consideration in optical communication system with optical layer security enabled by optical coding techniques

With the fast development of communication systems, network security issues have more and more impact on daily life. It is essential to construct a high degree of optical layer security to resolve the security problem once and for all. Three different techniques which can provide optical layer security are introduced and compared. Optical chaos can be used for fast random number generation. Quantum cryptography is the most promising technique for key distribution. And the optical coding techniques can be deployed to encrypt the modulated signal in the optical layer. A mathematical equation has been derived from information theory to evaluate the information-theoretic security level of the wiretap channel in optical coding schemes. And the merits and limitation of two coherent optical coding schemes, temporal phase coding and spectral phase coding, have been analysed. The security scheme based on a reconfigurable optical coding device has been introduced, and the corresponding security protocol has been developed. By moving the encryption operation from the electronic layer to the optical layer, the modulated signals become opaque to the unauthorised users. Optical code distribution and authentication is the one of the major challenges for our proposed scheme. In our proposed protocol, both of the operations are covered and defined in detail. As a preliminary draft of the optical code security protocol, it could be a useful guidance for further research

WDM/TDM PON bidirectional networks single-fiber/wavelength RSOA-based ONUs layer 1/2 optimization

This Thesis proposes the design and the optimization of a hybrid WDM/TDM PON at the L1 (PHY) and L2 (MAC) layers, in terms of minimum deployment cost and enhanced performance for Greenfield NGPON. The particular case of RSOA-based ONUs and ODN using a single-fibre/single-wavelength is deeply analysed. In this WDM/TDM PON relevant parameters are optimized. Special attention has been given at the main noise impairment in this type of networks: the Rayleigh Backscattering effect, which cannot be prevented. To understand its behaviour and mitigate its effects, a novel mathematical model for the Rayleigh Backscattering in burst mode transmission is presented for the first time, and it has been used to optimize the WDM/TDM RSOA based PON. Also, a cost-effective, simple design SCM WDM/TDM PON with rSOA-based ONU, was optimized and implemented. This prototype was successfully tested showing high performance, robustness, versatility and reliability. So, the system is able to give coverage up to 1280 users at 2.5 Gb/s / 1.25 Gb/s downstream/upstream, over 20 Km, and being compatible with the GPON ITU-T recommendation. This precedent has enabled the SARDANA network to extend the design, architecture and capabilities of a WDM/TDM PON for a long reach metro-access network (100 km). A proposal for an agile Transmission Convergence sub-layer is presented as another relevant contribution of this work. It is based on the optimization of the standards GPON and XG-PON (for compatibility), but applied to a long reach metro-access TDM/WDM PON rSOA-based network with higher client count. Finally, a proposal of physical implementation for the SARDANA layer 2 and possible configurations for SARDANA internetworking, with the metro network and core transport network, are presented

Telecommunication Systems

This book is based on both industrial and academic research efforts in which a number of recent advancements and rare insights into telecommunication systems are well presented. The volume is organized into four parts: "Telecommunication Protocol, Optimization, and Security Frameworks", "Next-Generation Optical Access Technologies", "Convergence of Wireless-Optical Networks" and "Advanced Relay and Antenna Systems for Smart Networks." Chapters within these parts are self-contained and cross-referenced to facilitate further study

Security protocols suite for machine-to-machine systems

Nowadays, the great diffusion of advanced devices, such as smart-phones, has shown that there is a growing trend to rely on new technologies to generate and/or support progress; the society is clearly ready to trust on next-generation communication systems to face today’s concerns on economic and social fields. The reason for this sociological change is represented by the fact that the technologies have been open to all users, even if the latter do not necessarily have a specific knowledge in this field, and therefore the introduction of new user-friendly applications has now appeared as a business opportunity and a key factor to increase the general cohesion among all citizens. Within the actors of this technological evolution, wireless machine-to-machine (M2M) networks are becoming of great importance. These wireless networks are made up of interconnected low-power devices that are able to provide a great variety of services with little or even no user intervention. Examples of these services can be fleet management, fire detection, utilities consumption (water and energy distribution, etc.) or patients monitoring. However, since any arising technology goes together with its security threats, which have to be faced, further studies are necessary to secure wireless M2M technology. In this context, main threats are those related to attacks to the services availability and to the privacy of both the subscribers’ and the services providers’ data. Taking into account the often limited resources of the M2M devices at the hardware level, ensuring the availability and privacy requirements in the range of M2M applications while minimizing the waste of valuable resources is even more challenging. Based on the above facts, this Ph. D. thesis is aimed at providing efficient security solutions for wireless M2M networks that effectively reduce energy consumption of the network while not affecting the overall security services of the system. With this goal, we first propose a coherent taxonomy of M2M network that allows us to identify which security topics deserve special attention and which entities or specific services are particularly threatened. Second, we define an efficient, secure-data aggregation scheme that is able to increase the network lifetime by optimizing the energy consumption of the devices. Third, we propose a novel physical authenticator or frame checker that minimizes the communication costs in wireless channels and that successfully faces exhaustion attacks. Fourth, we study specific aspects of typical key management schemes to provide a novel protocol which ensures the distribution of secret keys for all the cryptographic methods used in this system. Fifth, we describe the collaboration with the WAVE2M community in order to define a proper frame format actually able to support the necessary security services, including the ones that we have already proposed; WAVE2M was funded to promote the global use of an emerging wireless communication technology for ultra-low and long-range services. And finally sixth, we provide with an accurate analysis of privacy solutions that actually fit M2M-networks services’ requirements. All the analyses along this thesis are corroborated by simulations that confirm significant improvements in terms of efficiency while supporting the necessary security requirements for M2M networks

Měření Triple play služeb v hybridní síti

The master's thesis deals with a project regarding the implementation, design and the quality of IPTV, VoIP and Data services within the Triple Play services. In heterostructural networks made up of GEPON and xDSL technologies. Different lengths of the optical and metallic paths were used for the measurements. The first part of the thesis is theoretically analyzed the development and trend of optical and metallic networks. The second part deals with the measurement of typical optical and metallic parameters on the constructed experimental network, where its integrity was tested. Another part of the thesis is the evaluation of Triple play results, regarding the test where the network was variously tasked/burdened with data traffic and evaluated according to defined standards. The last part is concerned with the Optiwave Software simulation environment.Diplomová práce se zabývá návrhem, realizací a kvalitou služeb IPTV, VoIP a Data v rámci Triple play služeb v heterostrukturní sítí tvořené GEPON a xDSL technologiemi. Pro měření byli využity různé délky optické a metalické trasy. První části diplomové práce je teoreticky rozebrán vývoj a trend optických a metalických sítí. Druhá část se zaměřuje na měření typických optických a metalických parametrů na vybudované experimentální síti, kde byla následně testována její integrita. Dalším bodem práce je vyhodnocení výsledků Triple play, kde síť je různě zatěžována datovým provozem a následně vyhodnocována podle definovaných norem. Závěr práce je věnovaný simulačnímu prostředí Optiwave.440 - Katedra telekomunikační technikyvýborn

The Effect of Voice Packet Size on End-To-End delay in 802.11b Networks

Voice over IP (VoIP) uses the existing data networks to support voice services. It has a broad appeal in that it is currently unregulated and calls can be placed free of cost to any part of the globe. The integration of voice traffic with data traffic opens up opportunities for new revenue stream for Internet Service Providers. However, in mixing data types the constraints on each data type must still be met and unlike regular data, voice networks are chiefly limited by end-to-end delay. In the case of packet switched networks delay becomes a determining factor in the quality of the voice call and therefore the success of VoIP. At the same time, WLANs are becoming widely adopted due to the simplicity in installation and convenience offered. Advancement in technology now enables WLANs to provide most of the facilities provided by their wired counterparts with the added benefit of mobility at a very low cost. The benefits of combining IP telephony and WLANs can be effectively utilized if the control over end-to-end delay can be achieved. In conventional IP telephony the voice packets travel across the wired Internet. We developed a study in which the final hop on each end of the communication channel is a wireless 802.11b network. Results show that with a wireless network at the transmitting end the delay characteristics change considerably

Defense in Depth of Resource-Constrained Devices

The emergent next generation of computing, the so-called Internet of Things (IoT), presents significant challenges to security, privacy, and trust. The devices commonly used in IoT scenarios are often resource-constrained with reduced computational strength, limited power consumption, and stringent availability requirements. Additionally, at least in the consumer arena, time-to-market is often prioritized at the expense of quality assurance and security. An initial lack of standards has compounded the problems arising from this rapid development. However, the explosive growth in the number and types of IoT devices has now created a multitude of competing standards and technology silos resulting in a highly fragmented threat model. Tens of billions of these devices have been deployed in consumers\u27 homes and industrial settings. From smart toasters and personal health monitors to industrial controls in energy delivery networks, these devices wield significant influence on our daily lives. They are privy to highly sensitive, often personal data and responsible for real-world, security-critical, physical processes. As such, these internet-connected things are highly valuable and vulnerable targets for exploitation. Current security measures, such as reactionary policies and ad hoc patching, are not adequate at this scale. This thesis presents a multi-layered, defense in depth, approach to preventing and mitigating a myriad of vulnerabilities associated with the above challenges. To secure the pre-boot environment, we demonstrate a hardware-based secure boot process for devices lacking secure memory. We introduce a novel implementation of remote attestation backed by blockchain technologies to address hardware and software integrity concerns for the long-running, unsupervised, and rarely patched systems found in industrial IoT settings. Moving into the software layer, we present a unique method of intraprocess memory isolation as a barrier to several prevalent classes of software vulnerabilities. Finally, we exhibit work on network analysis and intrusion detection for the low-power, low-latency, and low-bandwidth wireless networks common to IoT applications. By targeting these areas of the hardware-software stack, we seek to establish a trustworthy system that extends from power-on through application runtime

A Survey of Clock Synchronization Over Packet-Switched Networks

Clock synchronization is a prerequisite for the realization of emerging applications in various domains such as industrial automation and the intelligent power grid. This paper surveys the standardized protocols and technologies for providing synchronization of devices connected by packet-switched networks. A review of synchronization impairments and the state-of-the-art mechanisms to improve the synchronization accuracy is then presented. Providing microsecond to sub-microsecond synchronization accuracy under the presence of asymmetric delays in a cost-effective manner is a challenging problem, and still an open issue in many application scenarios. Further, security is of significant importance for systems where timing is critical. The security threats and solutions to protect exchanged synchronization messages are also discussed