HUC-HISF: A Hybrid Intelligent Security Framework for Human-centric Ubiquitous Computing

制度:新 ; 報告番号:乙2336号 ; 学位の種類:博士(人間科学) ; 授与年月日:2012/1/18 ; 早大学位記番号:新584

End-to-end security in active networks

Active network solutions have been proposed to many of the problems caused by the increasing heterogeneity of the Internet. These ystems allow nodes within the network to process data passing through in several ways. Allowing code from various sources to run on routers introduces numerous security concerns that have been addressed by research into safe languages, restricted execution environments, and other related areas. But little attention has been paid to an even more critical question: the effect on end-to-end security of active flow manipulation. This thesis first examines the threat model implicit in active networks. It develops a framework of security protocols in use at various layers of the networking stack, and their utility to multimedia transport and flow processing, and asks if it is reasonable to give active routers access to the plaintext of these flows. After considering the various security problem introduced, such as vulnerability to attacks on intermediaries or coercion, it concludes not. We then ask if active network systems can be built that maintain end-to-end security without seriously degrading the functionality they provide. We describe the design and analysis of three such protocols: a distributed packet filtering system that can be used to adjust multimedia bandwidth requirements and defend against denial-of-service attacks; an efficient composition of link and transport-layer reliability mechanisms that increases the performance of TCP over lossy wireless links; and a distributed watermarking servicethat can efficiently deliver media flows marked with the identity of their recipients. In all three cases, similar functionality is provided to designs that do not maintain end-to-end security. Finally, we reconsider traditional end-to-end arguments in both networking and security, and show that they have continuing importance for Internet design. Our watermarking work adds the concept of splitting trust throughout a network to that model; we suggest further applications of this idea

IP Mobility in Wireless Operator Networks

Wireless network access is gaining increased heterogeneity in terms of the types of IP capable access technologies. The access network heterogeneity is an outcome of incremental and evolutionary approach of building new infrastructure. The recent success of multi-radio terminals drives both building a new infrastructure and implicit deployment of heterogeneous access networks. Typically there is no economical reason to replace the existing infrastructure when building a new one. The gradual migration phase usually takes several years. IP-based mobility across different access networks may involve both horizontal and vertical handovers. Depending on the networking environment, the mobile terminal may be attached to the network through multiple access technologies. Consequently, the terminal may send and receive packets through multiple networks simultaneously. This dissertation addresses the introduction of IP Mobility paradigm into the existing mobile operator network infrastructure that have not originally been designed for multi-access and IP Mobility. We propose a model for the future wireless networking and roaming architecture that does not require revolutionary technology changes and can be deployed without unnecessary complexity. The model proposes a clear separation of operator roles: (i) access operator, (ii) service operator, and (iii) inter-connection and roaming provider. The separation allows each type of an operator to have their own development path and business models without artificial bindings with each other. We also propose minimum requirements for the new model. We present the state of the art of IP Mobility. We also present results of standardization efforts in IP-based wireless architectures. Finally, we present experimentation results of IP-level mobility in various wireless operator deployments.Erilaiset langattomat verkkoyhteydet lisääntyvät Internet-kykyisten teknologioiden muodossa. Lukuisten eri teknologioiden päällekkäinen käyttö johtuu vähitellen ja tarpeen mukaan rakennetusta verkkoinfrastruktuurista. Useita radioteknologioita (kuten WLAN, GSM ja UMTS) sisältävien päätelaitteiden (kuten älypuhelimet ja kannettavat tietokoneet) viimeaikainen kaupallinen menestys edesauttaa uuden verkkoinfrastruktuurin rakentamista, sekä mahdollisesti johtaa verkkoteknologioiden kirjon lisääntymiseen. Olemassa olevaa verkkoinfrastruktuuria ei kaupallisista syistä kannata korvata uudella teknologialla yhdellä kertaa, vaan vaiheittainen siirtymävaihe kestää tyypillisesti useita vuosia. Internet-kykyiset päätelaitteet voivat liikkua joko saman verkkoteknologian sisällä tai eri verkkoteknologioiden välillä. Verkkoympäristöstä riippuen liikkuvat päätelaitteet voivat liittyä verkkoon useiden verkkoyhteyksien kautta. Näin ollen päätelaite voi lähettää ja vastaanottaa tietoliikennepaketteja yhtäaikaisesti lukuisia verkkoja pitkin. Tämä väitöskirja käsittelee Internet-teknologioiden liikkuvuutta ja näiden teknologioiden tuomista olemassa oleviin langattomien verkko-operaattorien verkkoinfrastruktuureihin. Käsiteltäviä verkkoinfrastruktuureita ei alun perin ole suunniteltu Internet-teknologian liikkuvuuden ja monien yhtäaikaisten yhteyksien ehdoilla. Tässä työssä ehdotetaan tulevaisuuden langattomien verkkojen arkkitehtuurimallia ja ratkaisuja verkkovierailujen toteuttamiseksi. Ehdotettu arkkitehtuuri voidaan toteuttaa ilman mittavia teknologisia mullistuksia. Mallin mukaisessa ehdotuksessa verkko-operaattorin roolit jaetaan selkeästi (i) verkko-operaattoriin, (ii) palveluoperaattoriin ja (iii) yhteys- sekä verkkovierailuoperaattoriin. Roolijako mahdollistaa sen, että kukin operaattorityyppi voi kehittyä itsenäisesti, ja että teennäiset verkkoteknologiasidonnaisuudet poistuvat palveluiden tuottamisessa. Työssä esitetään myös alustava vaatimuslista ehdotetulle mallille, esimerkiksi yhteysoperaattorien laatuvaatimukset. Väitöskirja esittelee myös liikkuvien Internet-teknologioiden viimeisimmän kehityksen. Työssä näytetään lisäksi standardointituloksia Internet-kykyisissä langattomissa arkkitehtuureissa

Supporting group mobility in mission-critical wireless networks for SIP-based applications

Diplomityössä tarkastellaan viiveherkkien SIP-sovellusten verkkoalueiden välistä ryhmäliikkuvuutta langattomissa, IEEE 802.11x -pohjaisissa IPv4/IPv6 verkkoympäristöissä. Nykyaikaisissa kriisinhallintatehtävissä reaaliaikaisen viestinnän merkitys on viime vuosina vahvasti korostunut. Tähän tarkoitukseen käytetyt viestintäjärjestelmät ovat olleet tavallisesti erittäin kalliita. Langattomien teknologioiden nopea kehitys on kuitenkin suunnannut mielenkiinnon edullisiin, kaupallisiin siviilipuolen valmisratkaisuihin. Pitkät yhteydensiirtoviiveet ovat tärkeä ongelma reaaliaikaliikenteen yhteydensiirron kannalta. VoIP-pohjaisen puheliikenteen on todettu kestävän enimmillään suuruusluokkaa 100 ms olevia viiveaikoja palvelunlaadun ratkaisevasti kärsimättä. Linkkitason yhteydensiirron ohella duplikaattiosoitteiden tarkistuksella DHCP-osoitteenhaun aikana ja SIP-yhteyden uudelleenmuodostuksella on saumattoman yhteydensiirron kannalta olennainen merkitys. Ryhmäliikkuvuus on saanut osakseen paljon huomiota ad hoc -verkkojen tutkimuksessa. Työssä tutkitaan mandollisesti saavutettavia hyötyjä, joita ryhmäliikkuvuusmalli pystyisi perinteiseen yhteydensiirtotapaan nähden tuomaan hierarkkisissa infrastruktuurisissa SIP-verkoissa. Sovellustason liikkuvuutta ja signaloinnin tehokkuutta tarkastellaan kaistankäytön ja tietoturvallisuuden näkökulmasta. Kokeellisessa osiossa pyritään mallintamaan ryhmäyhteydensiirtoja yksinkertaisessa, simuloidussa ympäristössä. Päätelmien tueksi yhteydensiirtojen suorituskykyä arvioidaan lisäksi numeerisella analyysilla.This thesis studies the provision of group mobility during inter-domain hand-offs for delay-sensitive SIP applications over wireless IPv4/IPv6 network environment, based on the IEEE 802.11x platform. In contemporary disaster relief operations, the role of real-time communications has been strongly escalating over the recent years. The communication systems used for these ends have been conventionally very expensive. The rapid evolution of wireless technologies has brought the focus of interest to the affordable Common-Off-the-Shelf civilian applications. Long latencies during hand-offs for real-time traffic are a very important problem. As the studies have pointed out, the VoIP-based voice traffic can withstand maximum approximate disruption times of 100 ms, without too high degradation in the quality of service. Along with the link-layer hand-off, the duplicate address detection procedure during DHCP address acquisition and the SIP connection re-establishment both have a major impact on the hand-off latency. The group mobility has gained high attention in the research of ad-hoc networks. The work studies the benefits that this scheme could possibly bring over the conventional hand-offs in hierarchical infrastructured SIP networks. Different approaches to application-level mobility and the signaling efficiency are examined from the viewpoint of bandwidth usage and network security. In the experimental part, group hand-offs are modeled in a simple, simulated environment. In addition, a numerical analysis is used to assess the hand-off performance to support the made conclusions

Internet of Things Applications - From Research and Innovation to Market Deployment

The book aims to provide a broad overview of various topics of Internet of Things from the research, innovation and development priorities to enabling technologies, nanoelectronics, cyber physical systems, architecture, interoperability and industrial applications. It is intended to be a standalone book in a series that covers the Internet of Things activities of the IERC – Internet of Things European Research Cluster from technology to international cooperation and the global "state of play".The book builds on the ideas put forward by the European research Cluster on the Internet of Things Strategic Research Agenda and presents global views and state of the art results on the challenges facing the research, development and deployment of IoT at the global level. Internet of Things is creating a revolutionary new paradigm, with opportunities in every industry from Health Care, Pharmaceuticals, Food and Beverage, Agriculture, Computer, Electronics Telecommunications, Automotive, Aeronautics, Transportation Energy and Retail to apply the massive potential of the IoT to achieving real-world solutions. The beneficiaries will include as well semiconductor companies, device and product companies, infrastructure software companies, application software companies, consulting companies, telecommunication and cloud service providers. IoT will create new revenues annually for these stakeholders, and potentially create substantial market share shakeups due to increased technology competition. The IoT will fuel technology innovation by creating the means for machines to communicate many different types of information with one another while contributing in the increased value of information created by the number of interconnections among things and the transformation of the processed information into knowledge shared into the Internet of Everything. The success of IoT depends strongly on enabling technology development, market acceptance and standardization, which provides interoperability, compatibility, reliability, and effective operations on a global scale. The connected devices are part of ecosystems connecting people, processes, data, and things which are communicating in the cloud using the increased storage and computing power and pushing for standardization of communication and metadata. In this context security, privacy, safety, trust have to be address by the product manufacturers through the life cycle of their products from design to the support processes. The IoT developments address the whole IoT spectrum - from devices at the edge to cloud and datacentres on the backend and everything in between, through ecosystems are created by industry, research and application stakeholders that enable real-world use cases to accelerate the Internet of Things and establish open interoperability standards and common architectures for IoT solutions. Enabling technologies such as nanoelectronics, sensors/actuators, cyber-physical systems, intelligent device management, smart gateways, telematics, smart network infrastructure, cloud computing and software technologies will create new products, new services, new interfaces by creating smart environments and smart spaces with applications ranging from Smart Cities, smart transport, buildings, energy, grid, to smart health and life. Technical topics discussed in the book include: • Introduction• Internet of Things Strategic Research and Innovation Agenda• Internet of Things in the industrial context: Time for deployment.• Integration of heterogeneous smart objects, applications and services• Evolution from device to semantic and business interoperability• Software define and virtualization of network resources• Innovation through interoperability and standardisation when everything is connected anytime at anyplace• Dynamic context-aware scalable and trust-based IoT Security, Privacy framework• Federated Cloud service management and the Internet of Things• Internet of Things Application

Creation of value with open source software in the telecommunications field

Tese de doutoramento. Engenharia Electrotécnica e de Computadores. Faculdade de Engenharia. Universidade do Porto. 200

The Retention and Processing of Communications Data for Law Enforcement: A Challenge for Privacy

Law enforcement agencies are dominant end users of information communication technologies. These technologies are not necessarily created for pursuing criminal justice objectives. They are mechanisms that are built, administered, and maintained by private actors for their own purposes and later incorporated into law enforcement processes. They serve an effective role in the investigation, detection, and prosecution of crime, particularly through their collection and processing of relevant data. For the purposes of this thesis, the data at issue concerns the who, where, when, and how of a communication. Broadly classed as 'communications data' this information is readily and consistently available due to technological developments which result in blanket collection and retention, enable easier access, and create opportunities to derive greater meaning from the information through data analysis. The thesis examines the challenges of reconciling privacy with the use of this data in policing by conducting a critical analysis of 'how, and to what extent, do the current legal and policy frameworks governing the retention of, access to, and analysis of communications data by law enforcement, constitute a violation of privacy which requires substantive changes to the legal regime?'. Employing the approach of Thomas P. Hughes for examining socio-technical systems, the thesis argues that technology and privacy are co-constructed. This is evidenced though the evolution of the technology and the relevant legal and policy factors which contributed to the information communication system's development and acceptance as a policing tool. Three key areas, namely data retention, access to data, and data analysis are used to explore how communications data intersects with law enforcement objectives. Each element of the system is critiqued to assess significant changes in actors and roles, information types, and transmission principles. Utilising Helen Nissenbaum's theory of contextual integrity, it is argued that changes in each of the three key areas represent a prima facie violation of informational norms. Where a violation of these norms is identified, it is then evaluated against the perceived benefits of the technology to determine the impact on privacy. The impact on privacy is weighed against the existing legal safeguards in the investigatory powers mechanisms. Examining the privacy interest in a contextual manner allows for the specifics of the technology system to be incorporated into the assessment of the privacy violations. The thesis concludes that it is insufficient to apply traditional interpretations of privacy to technologies which have fundamentally altered social expectations through the scale/scope of data, the deconstruction of traditional boundaries, the limitation of ephemerality, and changes in technologically mediated presence. Applying a legal framework which does not acknowledge this impact fails to guarantee fundamental privacy rights. A number of recommendations are advanced for reform of the investigatory powers mechanisms to ensure privacy is protected when communications data is utilised by law enforcement

Acesso banda larga sem fios em ambientes heterogéneos de próxima geração

Doutoramento em Engenharia InformáticaO acesso ubíquo à Internet é um dos principais desafios para os operadores de telecomunicações na próxima década. O número de utilizadores da Internet está a crescer exponencialmente e o paradigma de acesso "always connected, anytime, anywhere" é um requisito fundamental para as redes móveis de próxima geração. A tecnologia WiMAX, juntamente com o LTE, foi recentemente reconhecida pelo ITU como uma das tecnologias de acesso compatíveis com os requisitos do 4G. Ainda assim, esta tecnologia de acesso não está completamente preparada para ambientes de próxima geração, principalmente devido à falta de mecanismos de cross-layer para integração de QoS e mobilidade. Adicionalmente, para além das tecnologias WiMAX e LTE, as tecnologias de acesso rádio UMTS/HSPA e Wi-Fi continuarão a ter um impacto significativo nas comunicações móveis durante os próximos anos. Deste modo, é fundamental garantir a coexistência das várias tecnologias de acesso rádio em termos de QoS e mobilidade, permitindo assim a entrega de serviços multimédia de tempo real em redes móveis. Para garantir a entrega de serviços multimédia a utilizadores WiMAX, esta Tese propõe um gestor cross-layer WiMAX integrado com uma arquitectura de QoS fim-a-fim. A arquitectura apresentada permite o controlo de QoS e a comunicação bidireccional entre o sistema WiMAX e as entidades das camadas superiores. Para além disso, o gestor de cross-layer proposto é estendido com eventos e comandos genéricos e independentes da tecnologia para optimizar os procedimentos de mobilidade em ambientes WiMAX. Foram realizados testes para avaliar o desempenho dos procedimentos de QoS e mobilidade da arquitectura WiMAX definida, demonstrando que esta é perfeitamente capaz de entregar serviços de tempo real sem introduzir custos excessivos na rede. No seguimento das extensões de QoS e mobilidade apresentadas para a tecnologia WiMAX, o âmbito desta Tese foi alargado para ambientes de acesso sem-fios heterogéneos. Neste sentido, é proposta uma arquitectura de mobilidade transparente com suporte de QoS para redes de acesso multitecnologia. A arquitectura apresentada integra uma versão estendida do IEEE 802.21 com suporte de QoS, bem como um gestor de mobilidade avançado integrado com os protocolos de gestão de mobilidade do nível IP. Finalmente, para completar o trabalho desenvolvido no âmbito desta Tese, é proposta uma extensão aos procedimentos de decisão de mobilidade em ambientes heterogéneos para incorporar a informação de contexto da rede e do terminal. Para validar e avaliar as optimizações propostas, foram desenvolvidos testes de desempenho num demonstrador inter-tecnologia, composta pelas redes de acesso WiMAX, Wi-Fi e UMTS/HSPA.Ubiquitous Internet access is one of the main challenges for the telecommunications industry in the next decade. The number of users accessing the Internet is growing exponentially and the network access paradigm of “always connected, anytime, anywhere” is a central requirement for the so-called Next Generation Mobile Networks (NGMN). WiMAX, together with LTE, was recently recognized by ITU as one of the compliant access technologies for 4G. Nevertheless, WiMAX is not yet fully prepared for next generation environments, mainly due to the lack of QoS and mobility crosslayer procedures to support real-time multimedia services delivery. Furthermore, besides the 4G compliant WiMAX and LTE radio access technologies, UMTS/HSPA and Wi-Fi will also have a significant impact in the mobile communications during the next years. Therefore, it is fundamental to ensure the coexistence of multiple radio access technologies in what QoS and mobility procedures are concerned, thereby allowing the delivery of real-time services in mobile networks. In order to provide the WiMAX mobile users with the demanded multimedia services, it is proposed in this Thesis a WiMAX cross-layer manager integrated in an end-to-end all-IP QoS enabled architecture. The presented framework enables the QoS control and bidirectional communication between WiMAX and the upper layer network entities. Furthermore, the proposed cross-layer framework is extended with media independent events and commands to optimize the mobility procedures in WiMAX environments. Tests were made to evaluate the QoS and mobility performance of the defined architecture, demonstrating that it is perfectly capable of handling and supporting real time services without introducing an excessive cost in the network. Following the QoS and mobility extensions provided for WiMAX, the scope of this Thesis is broaden and a seamless mobility architecture with QoS support in heterogeneous wireless access environments is proposed. The presented architecture integrates an extended version of the IEEE 802.21 framework with QoS support, as well as an advanced mobility manager integrated with the IP level mobility management protocols. Finally, to complete the work within the framework of this Thesis, it is proposed an extension to the handover decisionmaking processes in heterogeneous access environments through the integration of context information from both the network entities and the enduser. Performance tests were developed in a real testbed to validate the proposed optimizations in an inter-technology handover scenario involving WiMAX, Wi-Fi and UMTS/HSPA

Progressive introduction of network softwarization in operational telecom networks: advances at architectural, service and transport levels

Technological paradigms such as Software Defined Networking, Network Function Virtualization and Network Slicing are altogether offering new ways of providing services. This process is widely known as Network Softwarization, where traditional operational networks adopt capabilities and mechanisms inherit form the computing world, such as programmability, virtualization and multi-tenancy. This adoption brings a number of challenges, both from the technological and operational perspectives. On the other hand, they provide an unprecedented flexibility opening opportunities to developing new services and new ways of exploiting and consuming telecom networks. This Thesis first overviews the implications of the progressive introduction of network softwarization in operational networks for later on detail some advances at different levels, namely architectural, service and transport levels. It is done through specific exemplary use cases and evolution scenarios, with the goal of illustrating both new possibilities and existing gaps for the ongoing transition towards an advanced future mode of operation. This is performed from the perspective of a telecom operator, paying special attention on how to integrate all these paradigms into operational networks for assisting on their evolution targeting new, more sophisticated service demands.Programa de Doctorado en Ingeniería Telemática por la Universidad Carlos III de MadridPresidente: Eduardo Juan Jacob Taquet.- Secretario: Francisco Valera Pintor.- Vocal: Jorge López Vizcaín