Integrated Management of Interface Power (IMIP) Framework

La présence importante de plusieurs réseaux sans-fils de différentes portées a encouragée le développement d’une nouvelle génération d’équipements portables sans-fils avec plusieurs interfaces radio. Ainsi, les utilisateurs peuvent bénéficier d’une large possibilité de connectivité aux réseaux sans-fils (e.g. Wi-Fi [1], WiMAX [2], 3G [3]) disponibles autour. Cependant, la batterie d’un nœud mobile à plusieurs interfaces sera rapidement épuisée et le temps d’utilisation de l’équipement sera réduit aussi. Pour prolonger l’utilisation du mobile les standards, des réseaux sans-fils, on définie (individuellement) plusieurs états (émission, réception, sleep, idle, etc.); quand une interface radio n’est pas en mode émission/réception il est en mode sleep/idle où la consommation est très faible, comparée aux modes émission/réception. Pourtant, en cas d’équipement portable à multi-interfaces radio, l’énergie totale consommée par les interfaces en mode idle est très importante. Autrement, un équipement portable équipé de plusieurs interfaces radio augmente sa capacité de connectivité mais réduit sa longévité d’utilisation. Pour surpasser cet inconvénient on propose une plate-forme, qu'on appelle IMIP (Integrated Management of Interface Power), basée sur l’extension du standard MIH (Media Independent Handover) IEEE 802.21 [4]. IMIP permet une meilleure gestion d’énergie des interfaces radio, d’un équipement mobile à multi-radio, lorsque celles-ci entrent en mode idle. Les expérimentations que nous avons exécutées montrent que l’utilisation de IMIP permet d'économiser jusqu'a 80% de l'énergie consommée en comparaison avec les standards existants. En effet, IMIP permet de prolonger la durée d'utilisation d'équipements à plusieurs interfaces grâce à sa gestion efficace de l'énergie.The large availability of wireless networks of different ranges, has contributed to the development of new generation of handheld devices with multi-radio interfaces. Thus, the end-users are able to achieve ubiquitous and seamless connectivity across heterogeneous wireless networks (e.g., Wi-Fi [1], WiMAX [2] and 3G_LTE [3]). However, a mobile node with multi-radio interfaces has its battery energy consumed rapidly, which reduces the operation/usage time of the device. To improve battery usage, wireless network standards have defined (individually) different interface states (transmit, receive, idle, sleep, etc.); when an interface is not transmitting or receiving, it goes to sleep/idle state where energy consumption is very low compared to transmit and receive states. However, in the case of multi-radio handheld devices, the total energy consumed by the interfaces in sleep/idle state is significant. Thus, equipping a mobile device with multiple interfaces increases its seamless connectivity but reduces its operation/usage longevity. To overcome this inconvenient, we proposed a framework, called IMIP (Integrated Management of Interface Power) that consists of an extension of MIH (Media Independent Handover) IEEE 802.21 standard [4]. IMIP allows a better power management of radio interfaces of a multi-radio mobile node; indeed, it reduces considerably energy consumption. The basic idea behind IMIP is to shut down any interface in idle mode and use a proxy that emulates the interface; the proxy wakes up the interface when it receives a connection request directed to this interface. IMIP requires at least one interface in active mode. Experiments show that using IMIP enables a saving of up to 80% of power consumption compared with existing power management standards. Thus, IMIP allows longer usage of multiple interface devices thanks to its effective energy management

Firewall monitoring using intrusion detection systems

Thesis (Master)--Izmir Institute of Technology, Computer Engineering, Izmir, 2005Includes bibliographical references (leaves: 79-81)Text in English Abstract: Turkish and Englishviii,79 leavesMost organizations have intranet, they know the benefits of connecting their private LAN to the Internet. However, Internet is inherently an insecure network. That makes the security of the computer systems an imported problem. The first step of network security is firewalls. Firewalls are used to protect internal networks from external attacks through restricting network access according to the rules. The firewall must apply previously defined rules to each packet reaching to its network interface. If the application of rules are prohibited due to malfunction or hacking, internal network may be open to attacks and this situation should be recovered as fast as possible. In order to be sure about the firewall working properly, we proposed to use Intrusion Detection Systems (IDS)to monitor firewall operation. The architecture of our experimental environment is composed of a firewall and two IDSs. One IDS is between external network and firewall, while the other is between firewall and private network. Those two IDSs are invisible to the both networks and they send their information to a monitoring server, which decides, based on two observations, whether the firewall is working properly or not

Green Buildings and Ambient Intelligence: case study for N.A.S.A. Sustainability Base and future Smart Infrastructures

Con la diffusione delle smart infrastructures, espressione con cui ci si riferisce collettivamente ai concetti di smart cities e smart grid, i sistemi di building automation vedono il proprio ruolo espandersi oltre i tradizionali limiti degli ambienti isolati che sono progettati per gestire, supervisionare ed ottimizzare. Da sistemi isolati all’interno di edifici residenziali o commerciali, stanno iniziando ad ottenere un ruolo importante su scala più ampia nell’ambito di scenari più complessi a livello urbano o a livello di infrastruttura. Esempi di questa tendenza possono essere le attuali sperimentazioni in varie città del mondo per automatizzare l’illuminazione pubblica, complessi residenziali diffusi (spesso denominati smart connected comunities) e microgrid locali generate dalla federazione di varie unità residenziali a formare cosidette virtual power plants. A causa di questo processo, ci sono aspettative crescenti circa il potenziale delle reti di automazione di introdurre funzionalità sofisticate da un parte ed efficienza energetica dall’altra, ed entrambi gli aspetti su vasta scala. Sfortunatamente questi due obiettivi sono per diversi motivi in conflitto ed è dunque inevitabile individuare un ragionevole compromesso di progettazione. Questa ricerca realizza una caratterizzazione delle attuali tecnologie di automazione per identificare i termini di tale compromesso, con un’attenzione maggiormente polarizzata sugli aspetti di efficienza energetica, analizzata seguendo un approccio olistico, affrontando diversi aspetti del problema. Indubbiamente, data la complessità del vasto scenario tecnologico delle future smart infrastructures, non c’è una finalità sistematica nel lavoro. Piuttosto si intende fornire un contributo alla conoscenza, dando priorità ad alcune sfide di ricerca che sono altresì spesso sottovalutate. Il Green networking, ovvero l’efficienza energetica nel funzionamento di rete, è una di tali sfide. L’attuale infrastruttura IT globale è costruita su attrezzature che collettivamente consumano 21.4 TWh/anno (Global e-Sustainability Initiative, 2010). Questo è dovuto alla scarsa consapevolezza del fatto che le specifiche dei protocolli di comunicazione hanno varie implicazioni sull’efficienza energetica e alla generale tendenza ad una progettazione ridondante e sovra-dimensionata per il caso peggiore. Questo problema potrebbe essere riscontrato anche nelle reti di automazione, specialmente data la tendenza di cui si discuteva sopra, e in tal caso, queste potrebbero introdurre un ulteriore carbon footprint, in aggiunta a quello della rete internet. In questa ricerca si intende dimensionare tale problema e proporre approcci alternativi agli attuali modelli di hardware e protocollo tipici delle tecnologie di automazione in commercio. Spostandosi dalla rete di controllo all’ambiente fisico, altro obiettivo di questo lavoro è la caratterizzazione di sistemi di gestione automatica dei plug loads, carichi elettrici altrimenti non gestiti da alcun impianto di building automation. Per tali sistemi verranno mostrati i limiti e le potenzialità, identificando potenziali problematiche di design e proponendo un approccio integrato di tali sistemi all’interno di sistemi più ampi di gestione dell’energia. Infine, il meccanismo introdotto nella parte di green networking è potenzialmente in grado di fornire informazioni in tempo reale circa il contesto controllato. Si tratta di un potenziale sfruttabile per sviluppare soluzioni di Demand Side Management, allo scopo di effettuare previsioni di picco e di carico. Questa analisi è attualmente in corso, attraverso una partnership con Enel Distribuzione. With the advent of smart infrastructures, collective expression used here to refer to novel concepts such as smart cities and smart grid, building automation and control networks are having their role expanded beyond the traditional boundaries of the isolated environments they are designed to manage, supervise and optimize. From being confined within residential or commercial buildings as islanded, self-contained systems, they are starting to gain an important role on a wider scale for more complex scenarios at urban or infrastructure level. Example of this ongoing process are current experimental setups in cities worldwide to automate urban street lighting, diffused residential facilities (also often addressed to as smart connected communities) and local micro-grids generated by the federation of several residential units into so-called virtual power plants. Given this underlying process, expectations are dramatically increasing about the potential of control networks to introduce sophisticated features on one side and energy efficiency on the other, and both on a wide scale. Unfortunately, these two objectives are, in several ways, conflicting, and impose to settle for reasonable trade-offs. This research work performs an assessment of current control and automation technologies to identify the terms of this trade-off with a stronger focus on energy efficiency which is analyzed following a holistic approach covering several aspects of the problem. Nevertheless, given the complexity of the wide technology scenario of future smart infrastructure, there isn’t a systematic intention in the work. Rather, this research will aim at providing valuable contribution to the knowledge in the field, prioritizing challenges within the whole picture that are often neglected. Green networking, that is energy efficiency of the very network operation, is one of these challenges. The current worldwide IT infrastructure is built upon networking equipment that collectively consume 21.4 TWh/year (Global e-Sustainability Initiative, 2010). This is the result of an overall unawareness of energy efficiency implications of communication protocols specifications and a tendency toward over-provisioning and redundancy in architecture design. As automation and control networks become global, they may be subject to the same issue and introduce an additional carbon footprint along with that of the internet. This research work performs an assessment of the dimension of this problem and proposes an alternative approach to current hardware and protocol design found in commercial building automation technologies. Shifting from the control network to the physical environment, another objective of this work is related to plug load management systems, which will be characterized as to their performance and limitations, highlighting potential design pitfalls and proposing an approach toward integrating these systems into more general energy management systems. Finally, the mechanism introduced above to increase networking energy efficiency also demonstrated a potential to provide real-time awareness about the context being managed. This potential is currently under investigation for its implications in performing basic load/peak forecasting to support demand side management architectures for the smart grid, through a partnership with the Italian electric utility

Analysis of intrusion prevention methods

Thesis (Master)--Izmir Institute of Technology, Computer Engineering, Izmir, 2004Includes bibliographical references (leaves: 105-108)Text in English; Abstract: Turkish and Englishviii, 108 leavesToday, the pace of the technological development and improvements has compelled the development of new and more complex applications. The obligatory of application development in a short time to rapidly changing requirements causes skipping of some stages, mostly the testing stage, in the software development cycle thus, leads to the production of applications with defects. These defects are, later, discovered by intruders to be used to penetrate into computer systems. Current security technologies, such as firewalls, intrusion detection systems, honeypots, network-based antivirus systems, are insufficient to protect systems against those, continuously increasing and rapid-spreading attacks. Intrusion Prevention System (IPS) is a new technology developed to block today.s application-specific, data-driven attacks that spread in the speed of communication. IPS is the evolved and integrated state of the existing technologies; it is not a new approach to network security. In this thesis, IPS products of various computer security appliance developer companies have been analyzed in details. At the end of these analyses, the requirements of network-based IPSs have been identified and an architecture that fits those requirements has been proposed. Also, a sample network-based IPS has been developed by modifying the open source application Snort

Managing Access Control in Virtual Private Networks

Virtual Private Network technology allows remote network users to benefit from resources on a private network as if their host machines actually resided on the network. However, each resource on a network may also have its own access control policies, which may be completely unrelated to network access. Thus users� access to a network (even by VPN technology) does not guarantee their access to the sought resources. With the introduction of more complicated access privileges, such as delegated access, it is conceivable for a scenario to arise where a user can access a network remotely (because of direct permissions from the network administrator or by delegated permission) but cannot access any resources on the network. There is, therefore, a need for a network access control mechanism that understands the privileges of each remote network user on one hand, and the access control policies of various network resources on the other hand, and so can aid a remote user in accessing these resources based on the user\u27s privileges. This research presents a software solution in the form of a centralized access control framework called an Access Control Service (ACS), that can grant remote users network presence and simultaneously aid them in accessing various network resources with varying access control policies. At the same time, the ACS provides a centralized framework for administrators to manage access to their resources. The ACS achieves these objectives using VPN technology, network address translation and by proxying various authentication protocols on behalf of remote users

CoAP-Observe feature implementation on ThinkIP software

Implementazione della funzionalità Observe nel protocollo CoAP di ThinkIP. CoAP è un protocollo che si basa sui servizi RESTSful che permette una comunicazione efficiente tra dispositivi di basse risorse (computazione, memoria, batteria, ecc.). Observe è un servizio aggiuntivo di questo protocollo che permette ai clienti di ricevere continue risposte dal server con una richiesta sol