Security for 5G Mobile Wireless Networks

The advanced features of 5G mobile wireless network systems yield new security requirements and challenges. This paper presents a comprehensive survey on security of 5G wireless network systems compared to the traditional cellular networks. The paper starts with a review on 5G wireless networks particularities as well as on the new requirements and motivations of 5G wireless security. The potential attacks and security services with the consideration of new service requirements and new use cases in 5G wireless networks are then summarized. The recent development and the existing schemes for the 5G wireless security are presented based on the corresponding security services including authentication, availability, data confidentiality, key management and privacy. The paper further discusses the new security features involving different technologies applied to 5G such as heterogeneous networks, device-to-device communications, massive multiple-input multiple-output, software defined networks and Internet of Things. Motivated by these security research and development activities, we propose a new 5G wireless security architecture, based on which the analysis of identity management and flexible authentication is provided. As a case study, we explore a handover procedure as well as a signaling load scheme to show the advantage of the proposed security architecture. The challenges and future directions of 5G wireless security are finally summarized

Satellite Networks: Architectures, Applications, and Technologies

Since global satellite networks are moving to the forefront in enhancing the national and global information infrastructures due to communication satellites' unique networking characteristics, a workshop was organized to assess the progress made to date and chart the future. This workshop provided the forum to assess the current state-of-the-art, identify key issues, and highlight the emerging trends in the next-generation architectures, data protocol development, communication interoperability, and applications. Presentations on overview, state-of-the-art in research, development, deployment and applications and future trends on satellite networks are assembled

Contributions based on cross-layer design for quality-of-service provisioning over DVB-S2/RCS broadband satellite system

Contributions based on cross-layer design for Quality-of-Service provisioning over DVB-S2/RCS Broadband Satellite Systems Nowadays, geostationary (GEO) satellite infrastructure plays a crucial role for the provisioning of IP services. Such infrastructure can provide ubiquity and broadband access, being feasible to reach disperse populations located worldwide within remote areas where terrestrial infrastructure can not be deployed. Nevertheless, due to the expansion of the World Wide Web (WWW), new IP applications such as Voice over IP (VoIP) and multimedia services requires considering different levels of individual packet treatment through the satellite network. This differentiation must include not only the Quality of Service (QoS) parameters to specify packet transmission priorities across the network nodes, but also the required amount of bandwidth assignment to guarantee its transport. In this context, the provisioning of QoS guarantees over GEO satellite systems becomes one of the main research areas of organizations such as the European Space Agency (ESA). Mainly because, their current infrastructures require continuous exploitation, as launching a new communication satellite is associated with excessive costs. Therefore, the support of IP services with QoS guarantees must be developed on the terrestrial segment to enable using the current assets. In this PhD thesis several contributions to improve the QoS provisioning over DVB-S2/RCS Broadband Satellite Systems have been developed. The contributions are based on cross-layer design, following the layered model standardized in the ETSI TR 102 157 and 462. The proposals take into account the drawbacks posed by GEO satellite systems such as delay, losses and bandwidth variations. The first contribution proposes QoSatArt, an architecture defined to improve QoS provisioning among services classes considering the physical layer variations due to the presence of rain events. The design is developed inside the gateway, including the specification of the main functional blocks to provide QoS guarantees and mechanisms to minimize de delay and jitter values experienced at the application layer. Here, a cross-layer design between the physical and the network layer has been proposed, to enforce the QoS specifications based on the available bandwidth. The proposed QoSatArt architecture is evaluated using the NS-2 simulation tool. In addition, the performance analysis of several standard Transmission Control Protocol (TCP) variants is also performed. This is carry out to find the most suitable TCP variant that enhances TCP transmission over a QoS architecture such as the QoSatArt. The second contribution proposes XPLIT, an architecture developed to enhance TCP transmission with QoS for DVB-S2/RCS satellite systems. Complementary to QoSatArt, XPLIT introduces Performance Enhanced Proxies (PEPs), which breaks the end-to-end semantic of TCP connections. However, it considers a cross-layer design between the network layer and the transport layer to enhance TCP transmission while providing them with QoS guarantees. Here, a modified TCP variant called XPLIT-TCP is proposed to send data through the forward and the return channel. XPLIT-TCP uses two control loops (the buffer occupancy and the service rate to provide optimized congestion control functions. The proposed XPLIT architecture is evaluated using the NS-2 simulation tool. Finally, the third contribution of this thesis consists on the development of a unified architecture to provide QoS guarantees based on cross-layer design over broadband satellite systems. It adopts the enhancements proposed by the QoSatArt architecture working at the network layer, in combination with the enhancements proposed by the XPLIT architecture working at the transport layer.Actualmente, los satélites Geoestacionarios (GEO) juegan un papel muy importante en la provisión de servicios IP. Esta infraestructura permite proveer ubicuidad y acceso de banda ancha, haciendo posible alcanzar poblaciones dispersas en zonas remotas donde la infraestructura terrestre es inexistente. Sin embargo, en la provisión de aplicaciones como Voz sobre IP (VoIP) y servicios multimedia, es importante considerar el tratamiento diferenciado de paquetes a través de la red satelital. Esta diferenciación debe considerar no solo los requerimientos de Calidad de Servicio (QoS) que especifican las prioridades de los paquetes a través de los nodos de red, si no también el ancho de banda asignado para garantizar su transporte. En este contexto, la provisión de garantías de QoS sobre satélites GEO es una de las Principales áreas de investigación de organizaciones como la Agencia Espacial Europea (ESA) persiguen. Esto se debe principalmente ya que dichas organizaciones requieren la explotación continua de sus activos, dado que lanzar un nuevo satélite al espacio representa costos excesivos. Como resultado, el soporte de servicios IP con calidad de servicio sobre la infraestructura satelital actual es de vital importancia. En esta tesis doctoral se presentan varias contribuciones para el soporte a la Calidad de Servicio en redes DVB-S2/RCS satelitales de banda ancha. Las contribuciones propuestas se basan principalmente en el diseño ”cross-layer” siguiendo el modelo de capas definido y estandarizado en las especificaciones ETSI TR 102 157 [ETS03] y 462 [10205]. Las contribuciones propuestas consideran las limitaciones presentes de los sistemas satelitales GEO como lo son el retardo de propagación, la perdida de paquetes y las variaciones de ancho de banda causados por eventos atmosféricos. La primera contribución propone QoSatArt, una arquitectura definida para mejorar el soporte a la QoS. Esta arquitectura considera las variaciones en la capa física debido a la presencia de eventos de lluvia para priorizar los niveles de QoS. El diseño se desarrolla en el gateway e incluye las especificaciones de los principales elementos funcionales y mecanismos para garantizar la QoS y minimizar el retardo presente en la capa de aplicación. Aquí, se propone un diseño ”cross-layer” entre la capa física y la capa de red, con el objetivo de reforzar las especificaciones de QoS considerando el ancho de banda disponible. La arquitectura QoSatArt es simulada y evaluada empleando la herramienta de simulación NS-2. Adicionalmente, un análisis de desempeño de diversas variantes de TCP (Transmission Control Protocol) es realizado con el objetivo de encontrar la variante de TCP más adecuada para trabajar en un ambiente con QoS como QoSatArt. La segunda contribución propone XPLIT, una arquitectura desarrollada para mejorar las transmisiones TCP con QoS en un sistema satelital DVB-S2/RCS. Complementario a QoSatArt, XPLIT emplea PEPs (Performance Enhanced Proxies), afectando la semántica end-to-end de las conexiones TCP. Sin embargo, XPLIT considera un diseño ”cross-layer” entre la capa de red y la capa de transporte con el objetivo de mejorar las transmisiones TCP considerando los parámetros de QoS como la ocupación de la cola y la tasa de transmisión (_i, _i). Aquí, se propone el uso de una nueva variante de TCP es propuesta llamada XPLIT-TCP, que usa dos bucles para proveer funciones mejoradas en el control de congestión. La arquitectura XPLIT es simulada y evaluada empleando la herramienta de simulación NS-2. Finalmente, la tercera contribución de esta tesis consiste en el desarrollo de un arquitectura unificada para el soporte a la QoS en redes satelitales de banda ancha basada en técnicas ”cross-layer”. Esta arquitectura adopta las mejoras propuestas por QoSatArt en la capa de red en combinación con las mejoras propuestas por XPLIT en la capa de transporte

Final report on the evaluation of RRM/CRRM algorithms

Deliverable public del projecte EVERESTThis deliverable provides a definition and a complete evaluation of the RRM/CRRM algorithms selected in D11 and D15, and evolved and refined on an iterative process. The evaluation will be carried out by means of simulations using the simulators provided at D07, and D14.Preprin

Major: Electronics and Communication Engineering

Today, information technology is strategically important to the goals and aspirations of the business enterprises, government and high-level education institutions – university. Universities are facing new challenges with the emerging global economy characterized by the importance of providing faster communication services and improving the productivity and effectiveness of individuals. New challenges such as provides an information network that supports the demands and diversification of university issues. A new network architecture, which is a set of design principles for build a network, is one of the pillar bases. It is the cornerstone that enables the university’s faculty, researchers, students, administrators, and staff to discover, learn, reach out, and serve society. This thesis focuses on the network architecture definitions and fundamental components. Three most important characteristics of high-quality architecture are that: it’s open network architecture; it’s service-oriented characteristics and is an IP network based on packets. There are four important components in the architecture, which are: Services and Network Management, Network Control, Core Switching and Edge Access. The theoretical contribution of this study is a reference model Architecture of University Campus Network that can be followed or adapted to build a robust yet flexible network that respond next generation requirements. The results found are relevant to provide an important complete reference guide to the process of building campus network which nowadays play a very important role. Respectively, the research gives university networks a structured modular model that is reliable, robust and can easily grow

Mitigating TCP Degradation over Intermittent Link Failures Using Intermediate Buffers

This thesis addresses the improvement of data transmission performance in a challenged network. It is well known that the popular Transmission Control Protocol degrades in environments where one or more of the links along the route is intermittently available. To avoid this degradation, this thesis proposes placing at least one node along the path of transmission to buffer and retransmit as needed to overcome the intermittent link. In the four-node, three-link testbed under particular conditions, file transmission time was reduced 20 fold in the case of an intermittent second link when the second node strategically buffers for retransmission opportunity

Holistic security 4.0

The future computer climate will represent an ever more aligned world of integrating technologies, affecting consumer, business and industry sectors. The vision was first outlined in the Industry 4.0 conception. The elements which comprise smart systems or embedded devices have been investigated to determine the technological climate. The emerging technologies revolve around core concepts, and specifically in this project, the uses of Internet of Things (IoT), Industrial Internet of Things (IIoT) and Internet of Everything (IoE). The application of bare metal and logical technology qualities are put under the microscope to provide an effective blue print of the technological field. The systems and governance surrounding smart systems are also examined. Such an approach helps to explain the beneficial or negative elements of smart devices. Consequently, this ensures a comprehensive review of standards, laws, policy and guidance to enable security and cybersecurity of the 4.0 systems

Analyse de sécurité et QoS dans les réseaux à contraintes temporelles

Dans le domaine des réseaux, deux précieux objectifs doivent être atteints, à savoir la QoS et la sécurité, plus particulièrement lorsqu’il s’agit des réseaux à caractère critique et à fortes contraintes temporelles. Malheureusement, un conflit existe : tandis que la QoS œuvre à réduire les temps de traitement, les mécanismes de sécurité quant à eux requièrent d’importants temps de traitement et causent, par conséquent, des délais et dégradent la QoS. Par ailleurs, les systèmes temps réel, la QoS et la sécurité ont très souvent été étudiés séparément, par des communautés différentes. Dans le contexte des réseaux avioniques de données, de nombreux domaines et applications, de criticités différentes, échangent mutuellement des informations, souvent à travers des passerelles. Il apparaît clairement que ces informations présentent différents niveaux de sensibilité en termes de sécurité et de QoS. Tenant compte de cela, le but de cette thèse est d’accroître la robustesse des futures générations de réseaux avioniques de données en contrant les menaces de sécurité et évitant les ruptures de trafic de données. A cet effet, nous avons réalisé un état de l’art des mécanismes de sécurité, de la QoS et des applications à contraintes temporelles. Nous avons, ensuite étudié la nouvelle génération des réseaux avioniques de données. Chose qui nous a permis de déterminer correctement les différentes menaces de sécurité. Sur la base de cette étude, nous avons identifié à la fois les exigences de sécurité et de QoS de cette nouvelle génération de réseaux avioniques. Afin de les satisfaire, nous avons proposé une architecture de passerelle de sécurité tenant compte de la QoS pour protéger ces réseaux avioniques et assurer une haute disponibilité en faveur des données critiques. Pour assurer l’intégration des différentes composantes de la passerelle, nous avons développé une table de session intégrée permettant de stocker toutes les informations nécessaires relatives aux sessions et d’accélérer les traitements appliqués aux paquets (filtrage à états, les traductions d’adresses NAT, la classification QoS et le routage). Cela a donc nécessité, en premier lieu, l'étude de la structure existante de la table de session puis, en second lieu, la proposition d'une toute nouvelle structure répondant à nos objectifs. Aussi, avons-nous présenté un algorithme permettant l’accès et l’exploitation de la nouvelle table de session intégrée. En ce qui concerne le composant VPN IPSec, nous avons détecté que le trafic chiffré par le protocole ESP d’IPSec ne peut pas être classé correctement par les routeurs de bordure. Afin de surmonter ce problème, nous avons développé un protocole, Q-ESP, permettant la classification des trafics chiffrés et offrant les services de sécurité fournis par les protocoles AH et ESP combinés. Plusieurs techniques de gestion de bande passante ont été développées en vue d’optimiser la gestion du trafic réseau. Pour évaluer les performances offertes par ces techniques et identifier laquelle serait la plus appropriée dans notre cas, nous avons effectué une comparaison basée sur le critère du délai, par le biais de tests expérimentaux. En dernière étape, nous avons évalué et comparé les performances de la passerelle de sécurité que nous proposons par rapport à trois produits commerciaux offrant les fonctions de passerelle de sécurité logicielle en vue de déterminer les points forts et faibles de notre implémentation pour la développer ultérieurement. Le manuscrit s’organise en deux parties : la première est rédigée en français et représente un résumé détaillé de la deuxième partie qui est, quant à elle, rédigée en anglais. ABSTRACT : QoS and security are two precious objectives for network systems to attain, especially for critical networks with temporal constraints. Unfortunately, they often conflict; while QoS tries to minimize the processing delay, strong security protection requires more processing time and causes traffic delay and QoS degradation. Moreover, real-time systems, QoS and security have often been studied separately and by different communities. In the context of the avionic data network various domains and heterogeneous applications with different levels of criticality cooperate for the mutual exchange of information, often through gateways. It is clear that this information has different levels of sensitivity in terms of security and QoS constraints. Given this context, the major goal of this thesis is then to increase the robustness of the next generation e-enabled avionic data network with respect to security threats and ruptures in traffic characteristics. From this perspective, we surveyed the literature to establish state of the art network security, QoS and applications with time constraints. Then, we studied the next generation e-enabled avionic data network. This allowed us to draw a map of the field, and to understand security threats. Based on this study we identified both security and QoS requirements of the next generation e-enabled avionic data network. In order to satisfy these requirements we proposed the architecture of QoS capable integrated security gateway to protect the next generation e-enabled avionic data network and ensure the availability of critical traffic. To provide for a true integration between the different gateway components we built an integrated session table to store all the needed session information and to speed up the packet processing (firewall stateful inspection, NAT mapping, QoS classification and routing). This necessitates the study of the existing session table structure and the proposition of a new structure to fulfill our objective. Also, we present the necessary processing algorithms to access the new integrated session table. In IPSec VPN component we identified the problem that IPSec ESP encrypted traffic cannot be classified appropriately by QoS edge routers. To overcome this problem, we developed a Q-ESP protocol which allows the classifications of encrypted traffic and combines the security services provided by IPSec ESP and AH. To manage the network traffic wisely, a variety of bandwidth management techniques have been developed. To assess their performance and identify which bandwidth management technique is the most suitable given our context we performed a delay-based comparison using experimental tests. In the final stage, we benchmarked our implemented security gateway against three commercially available software gateways. The goal of this benchmark test is to evaluate performance and identify problems for future research work. This dissertation is divided into two parts: in French and in English respectively. Both parts follow the same structure where the first is an extended summary of the second

Mobile Ad Hoc Networks

Guiding readers through the basics of these rapidly emerging networks to more advanced concepts and future expectations, Mobile Ad hoc Networks: Current Status and Future Trends identifies and examines the most pressing research issues in Mobile Ad hoc Networks (MANETs). Containing the contributions of leading researchers, industry professionals, and academics, this forward-looking reference provides an authoritative perspective of the state of the art in MANETs. The book includes surveys of recent publications that investigate key areas of interest such as limited resources and the mobility of mobile nodes. It considers routing, multicast, energy, security, channel assignment, and ensuring quality of service. Also suitable as a text for graduate students, the book is organized into three sections: Fundamentals of MANET Modeling and Simulation—Describes how MANETs operate and perform through simulations and models Communication Protocols of MANETs—Presents cutting-edge research on key issues, including MAC layer issues and routing in high mobility Future Networks Inspired By MANETs—Tackles open research issues and emerging trends Illustrating the role MANETs are likely to play in future networks, this book supplies the foundation and insight you will need to make your own contributions to the field. It includes coverage of routing protocols, modeling and simulations tools, intelligent optimization techniques to multicriteria routing, security issues in FHAMIPv6, connecting moving smart objects to the Internet, underwater sensor networks, wireless mesh network architecture and protocols, adaptive routing provision using Bayesian inference, and adaptive flow control in transport layer using genetic algorithms