IPv6 Network Mobility

Network Authentication, Authorization, and Accounting has been used since before the days of the Internet as we know it today. Authentication asks the question, “Who or what are you?” Authorization asks, “What are you allowed to do?” And fi nally, accounting wants to know, “What did you do?” These fundamental security building blocks are being used in expanded ways today. The fi rst part of this two-part series focused on the overall concepts of AAA, the elements involved in AAA communications, and highlevel approaches to achieving specifi c AAA goals. It was published in IPJ Volume 10, No. 1[0]. This second part of the series discusses the protocols involved, specifi c applications of AAA, and considerations for the future of AAA

An eco-friendly hybrid urban computing network combining community-based wireless LAN access and wireless sensor networking

Computer-enhanced smart environments, distributed environmental monitoring, wireless communication, energy conservation and sustainable technologies, ubiquitous access to Internet-located data and services, user mobility and innovation as a tool for service differentiation are all significant contemporary research subjects and societal developments. This position paper presents the design of a hybrid municipal network infrastructure that, to a lesser or greater degree, incorporates aspects from each of these topics by integrating a community-based Wi-Fi access network with Wireless Sensor Network (WSN) functionality. The former component provides free wireless Internet connectivity by harvesting the Internet subscriptions of city inhabitants. To minimize session interruptions for mobile clients, this subsystem incorporates technology that achieves (near-)seamless handover between Wi-Fi access points. The WSN component on the other hand renders it feasible to sense physical properties and to realize the Internet of Things (IoT) paradigm. This in turn scaffolds the development of value-added end-user applications that are consumable through the community-powered access network. The WSN subsystem invests substantially in ecological considerations by means of a green distributed reasoning framework and sensor middleware that collaboratively aim to minimize the network's global energy consumption. Via the discussion of two illustrative applications that are currently being developed as part of a concrete smart city deployment, we offer a taste of the myriad of innovative digital services in an extensive spectrum of application domains that is unlocked by the proposed platform

Location-aware service discovery on IPv6 GeoNetworking for VANET

Conference is technically co-sponsored by IEEE Communications Society and co-organized by the Technical Sub-Committee on Vehicular Networks and Telematics (VNAT)International audienceService discovery is an essential component for applications in vehicular communication systems. While there have been numerous service discovery protocols dedicated to a local network, mobile ad-hoc networks and the Internet, in vehicular communication systems, applications pose additional requirements; They need to discover services according to geo- graphical position. In this paper, we propose a location-aware service discovery mechanism for Vehicular Ad-hoc NETwork (VANET). The proposed mechanism exploits IPv6 multicast on top of IPv6 GeoNetworking specified by the GeoNet project. Thanks to the GeoBroadcast mechanism, it efficiently propagates service discovery messages to a subset of nodes inside a relevant geographical area with encapsulating IPv6 multicast packets. We implemented the mechanism using CarGeo6, an open source implementation of IPv6 GeoNetworking. Our real field evaluation shows the system can discover services with low latency and low bandwidth usage in VANETs

Security Concepts in IPv6 Based Aeronautical Communications

Space scienc

Chapter Security Concepts in IPv6 Based Aeronautical Communications

Space scienc

Deliverable JRA1.1: Evaluation of current network control and management planes for multi-domain network infrastructure

This deliverable includes a compilation and evaluation of available control and management architectures and protocols applicable to a multilayer infrastructure in a multi-domain Virtual Network environment.The scope of this deliverable is mainly focused on the virtualisation of the resources within a network and at processing nodes. The virtualization of the FEDERICA infrastructure allows the provisioning of its available resources to users by means of FEDERICA slices. A slice is seen by the user as a real physical network under his/her domain, however it maps to a logical partition (a virtual instance) of the physical FEDERICA resources. A slice is built to exhibit to the highest degree all the principles applicable to a physical network (isolation, reproducibility, manageability, ...). Currently, there are no standard definitions available for network virtualization or its associated architectures. Therefore, this deliverable proposes the Virtual Network layer architecture and evaluates a set of Management- and Control Planes that can be used for the partitioning and virtualization of the FEDERICA network resources. This evaluation has been performed taking into account an initial set of FEDERICA requirements; a possible extension of the selected tools will be evaluated in future deliverables. The studies described in this deliverable define the virtual architecture of the FEDERICA infrastructure. During this activity, the need has been recognised to establish a new set of basic definitions (taxonomy) for the building blocks that compose the so-called slice, i.e. the virtual network instantiation (which is virtual with regard to the abstracted view made of the building blocks of the FEDERICA infrastructure) and its architectural plane representation. These definitions will be established as a common nomenclature for the FEDERICA project. Other important aspects when defining a new architecture are the user requirements. It is crucial that the resulting architecture fits the demands that users may have. Since this deliverable has been produced at the same time as the contact process with users, made by the project activities related to the Use Case definitions, JRA1 has proposed a set of basic Use Cases to be considered as starting point for its internal studies. When researchers want to experiment with their developments, they need not only network resources on their slices, but also a slice of the processing resources. These processing slice resources are understood as virtual machine instances that users can use to make them behave as software routers or end nodes, on which to download the software protocols or applications they have produced and want to assess in a realistic environment. Hence, this deliverable also studies the APIs of several virtual machine management software products in order to identify which best suits FEDERICA’s needs.Postprint (published version

Support for RADIUS Protocol in SSSD

Moderní trendy ve správě uživatelů ve firemních prostředích směřují k centralizovaným řešením jako je LDAP či Active Directory. Ověřování uživatelů vůči těmto úložištím v Unix-like systémech je dostupné buď přes PAM moduly, nebo nově i přes bezpečnostní démon SSSD. Tato práce analyzuje využití RADIUS protokolu pro ověřování uživatelů a v rámci práce byl vyvinut modul do SSSD umožňující využití tohoto protokolu.Modern trends in user management in enterprise solutions makes use of centralized solutions such as LDAP or Active Directory. User validation against those resources in Unix-like systems is available via PAM modules or via new security daemon SSSD. This work analyses the use of RADIUS protocol for user validation and as a part of this work was developed SSSD module which uses this protocol.

Framework to facilitate smooth handovers between mobile IPv6 networks

Fourth generation (4G) mobile communication networks are characterised by heterogeneous access networks and IP based transport technologies. Different access technologies give users choices to select services such as levels of Quality of Service (QoS) support, business models and service providers. Flexibility of heterogeneous access is compounded by the overhead of scanning to discover accessible services, which added to the handoff latency. This thesis has developed mechanisms for service discovery and service selection, along with a novel proposal for mobility management architectures that reduced handoff latency. The service discovery framework included a service advertisement data repository and a single frequency band access mechanism, which enabled users to explore services offered by various operators with a reduced scanning overhead. The novel hierarchical layout of the repository enabled it to categorise information into various layers and facilitate location based information retrieval. The information made available by the repository included cost, bandwidth, Packet Loss (PL), latency, jitter, Bit Error Rate (BER), location and service connectivity information. The single frequency band access mechanism further enabled users to explore service advertisements in the absence of their main service providers. The single frequency access mechanism broadcasted service advertisements information piggybacked onto a router advertisement packet on a reserved frequency band for advertisements. Results indicated that scanning 13 channels on 802.11 b interface takes 189ms whereas executing a query with maximum permissible search parameters on the service advertisement data repository takes 67ms. A service selection algorithm was developed to make handoff decisions utilising the service advertisements acquired from the service discovery framework; based on a user's preference. The selection algorithm reduced the calculation overhead by eliminating unsuitable networks; based on interface compatibility, service provider location, unacceptable QoS (Quality of service) and unacceptable cost; from the selection process. The selection algorithm utilised cost, bandwidth, PL, latency, jitter, BER and terminal power for computing the most suitable network. Results indicated that the elimination based approach has improved the performance of the algorithm by 35% over non- elimination oriented selection procedures, even after utilising more selection parameters. The service discovery framework and the service selection algorithm are flexible enough to be employed in most mobility management architectures. The thesis recommends Seamless Mobile Internet Protocol (SMIP) as a mobility management scheme based on the simulation results. The SMIP protocol, a combination of Hierarchical Mobile Internet Protocol (HMIP) and Fast Mobile Internet Protocol (FMIP), suffered hand off latency increases when undergoing a global handoff due to HMIP. The proposed modification to the HMIP included the introduction of a coverage area overlap, to reduce the global handoff latency. The introduction of a Home Address (HA) in Wireless Local Area Networks (WLAN) binding table enabled seamless handoffs from WLANs by having a redirection mechanism for the user's packets after handoff. The thesis delivered a new mobility management architecture with mechanisms for service discovery and service selection. The proposed framework enabled user oriented, application centric and terminal based approach for selecting IPv6 networks