Methods of information protection in telecommunication systems

The manual covers the basics of information security in ITS. Examples of practical implementation of modern methods and means of providing security in local networks are given. Each example is designed as a laboratory work. Laboratory work contains basic information about methods of information protection in local networks, methodical instructions on the procedure for its implementation and requirements for the formulation of conclusions. The material is aimed at a wide range of researchers and pedagogical staff who deal with information security and ITS safety issues, as well as graduate students and undergraduates of higher education institutions who study the specialty "Information and Communication Systems Security" in specialty 125 "Cybersecurity" in the field of knowledge " Information Technology"

Middleware services for distributed virtual environments

PhD ThesisDistributed Virtual Environments (DVEs) are virtual environments which allow dispersed users to interact with each other and the virtual world through the underlying network. Scalability is a major challenge in building a successful DVE, which is directly affected by the volume of message exchange. Different techniques have been deployed to reduce the volume of message exchange in order to support large numbers of simultaneous participants in a DVE. Interest management is a popular technique for filtering unnecessary message exchange between users. The rationale behind interest management is to resolve the "interests" of users and decide whether messages should be exchanged between them. There are three basic interest management approaches: region-based, aura-based and hybrid approaches. However, if the time taken for an interest management approach to determine interests is greater than the duration of the interaction, it is not possible to guarantee interactions will occur correctly or at all. This is termed the Missed Interaction Problem, which all existing interest management approaches are susceptible to. This thesis provides a new aura-based interest management approach, termed Predictive Interest management (PIM), to alleviate the missed interaction problem. PIM uses an enlarged aura to detect potential aura-intersections and iii initiate message exchange. It utilises variable message exchange frequencies, proportional to the intersection degree of the objects' expanded auras, to restrict bandwidth usage. This thesis provides an experimental system, the PIM system, which couples predictive interest management with the de-centralised server communication model. It utilises the Common Object Request Broker Architecture (CORBA) middleware standard to provide an interoperable middleware for DVEs. Experimental results are provided to demonstrate that PIM provides a scalable interest management approach which alleviates the missed interaction problem

Middleware services for distributed virtual environments

PhD ThesisDistributed Virtual Environments (DVEs) are virtual environments which allow dispersed users to interact with each other and the virtual world through the underlying network. Scalability is a major challenge in building a successful DVE, which is directly affected by the volume of message exchange. Different techniques have been deployed to reduce the volume of message exchange in order to support large numbers of simultaneous participants in a DVE. Interest management is a popular technique for filtering unnecessary message exchange between users. The rationale behind interest management is to resolve the "interests" of users and decide whether messages should be exchanged between them. There are three basic interest management approaches: region-based, aura-based and hybrid approaches. However, if the time taken for an interest management approach to determine interests is greater than the duration of the interaction, it is not possible to guarantee interactions will occur correctly or at all. This is termed the Missed Interaction Problem, which all existing interest management approaches are susceptible to. This thesis provides a new aura-based interest management approach, termed Predictive Interest management (PIM), to alleviate the missed interaction problem. PIM uses an enlarged aura to detect potential aura-intersections and iii initiate message exchange. It utilises variable message exchange frequencies, proportional to the intersection degree of the objects' expanded auras, to restrict bandwidth usage. This thesis provides an experimental system, the PIM system, which couples predictive interest management with the de-centralised server communication model. It utilises the Common Object Request Broker Architecture (CORBA) middleware standard to provide an interoperable middleware for DVEs. Experimental results are provided to demonstrate that PIM provides a scalable interest management approach which alleviates the missed interaction problem

Optimization of the interoperability and dynamic spectrum management in mobile communications systems beyond 3G

The future wireless ecosystem will heterogeneously integrate a number of overlapped Radio Access Technologies (RATs) through a common platform. A major challenge arising from the heterogeneous network is the Radio Resource Management (RRM) strategy. A Common RRM (CRRM) module is needed in order to provide a step toward network convergence. This work aims at implementing HSDPA and IEEE 802.11e CRRM evaluation tools. Innovative enhancements to IEEE 802.11e have been pursued on the application of cross-layer signaling to improve Quality of Service (QoS) delivery, and provide more efficient usage of radio resources by adapting such parameters as arbitrary interframe spacing, a differentiated backoff procedure and transmission opportunities, as well as acknowledgment policies (where the most advised block size was found to be 12). Besides, the proposed cross-layer algorithm dynamically changes the size of the Arbitration Interframe Space (AIFS) and the Contention Window (CW) duration according to a periodically obtained fairness measure based on the Signal to Interference-plus-Noise Ratio (SINR) and transmission time, a delay constraint and the collision rate of a given machine. The throughput was increased in 2 Mb/s for all the values of the load that have been tested whilst satisfying more users than with the original standard. For the ad hoc mode an analytical model was proposed that allows for investigating collision free communications in a distributed environment. The addition of extra frequency spectrum bands and an integrated CRRM that enables spectrum aggregation was also addressed. RAT selection algorithms allow for determining the gains obtained by using WiFi as a backup network for HSDPA. The proposed RAT selection algorithm is based on the load of each system, without the need for a complex management system. Simulation results show that, in such scenario, for high system loads, exploiting localization while applying load suitability optimization based algorithm, can provide a marginal gain of up to 450 kb/s in the goodput. HSDPA was also studied in the context of cognitive radio, by considering two co-located BSs operating at different frequencies (in the 2 and 5 GHz bands) in the same cell. The system automatically chooses the frequency to serve each user with an optimal General Multi-Band Scheduling (GMBS) algorithm. It was shown that enabling the access to a secondary band, by using the proposed Integrated CRRM (iCRRM), an almost constant gain near 30 % was obtained in the throughput with the proposed optimal solution, compared to a system where users are first allocated in one of the two bands and later not able to handover between the bands. In this context, future cognitive radio scenarios where IEEE 802.11e ad hoc modes will be essential for giving access to the mobile users have been proposed

IP-based virtual private networks and proportional quality of service differentiation

IP-based virtual private networks (VPNs) have the potential of delivering cost-effective, secure, and private network-like services. Having surveyed current enabling techniques, an overall picture of IP VPN implementations is presented. In order to provision the equivalent quality of service (QoS) of legacy connection-oriented layer 2 VPNs (e.g., Frame Relay and ATM), IP VPNs have to overcome the intrinsically best effort characteristics of the Internet. Subsequently, a hierarchical QoS guarantee framework for IP VPNs is proposed, stitching together development progresses from recent research and engineering work. To differentiate IP VPN QoS, the proportional QoS differentiation model, whose QoS specification granularity compromises that of IntServ and Diffserv, emerges as a potential solution. The investigation of its claimed capability of providing the predictable and controllable QoS differentiation is then conducted. With respect to the loss rate differentiation, the packet shortage phenomenon shown in two classical proportional loss rate (PLR) dropping schemes is studied. On the pursuit of a feasible solution, the potential of compromising the system resource, that is, the buffer, is ruled out; instead, an enhanced debt-aware mechanism is suggested to relieve the negative effects of packet shortage. Simulation results show that debt-aware partially curbs the biased loss rate ratios, and improves the queueing delay performance as well. With respect to the delay differentiation, the dynamic behavior of the average delay difference between successive classes is first analyzed, aiming to gain insights of system dynamics. Then, two classical delay differentiation mechanisms, that is,proportional average delay (PAD) and waiting time priority (WTP), are simulated and discussed. Based on observations on their differentiation performances over both short and long time periods, a combined delay differentiation (CDD) scheme is introduced. Simulations are utilized to validate this method. Both loss and delay differentiations are based on a series of differentiation parameters. Though previous work on the selection of delay differentiation parameters has been presented, that of loss differentiation parameters mostly relied on network operators\u27 experience. A quantitative guideline, based on the principles of queueing and optimization, is then proposed to compute loss differentiation parameters. Aside from analysis, the new approach is substantiated by numerical results

Final report on the evaluation of RRM/CRRM algorithms

Deliverable public del projecte EVERESTThis deliverable provides a definition and a complete evaluation of the RRM/CRRM algorithms selected in D11 and D15, and evolved and refined on an iterative process. The evaluation will be carried out by means of simulations using the simulators provided at D07, and D14.Preprin

OmniSwitch 7700/7800 OmniSwitch 8800 Network Configuration Guide

This configuration guide includes information about configuring the following features: • VLANs, VLAN router ports, mobile ports, and VLAN rules. • Basic Layer 2 functions, such as Ethernet port parameters, source learning, Spanning Tree, and Alcatel interswitch protocols (AMAP and GMAP). • Advanced Layer 2 functions, such as 802.1Q tagging, Link Aggregation, IP Multicast Switching, andServer Load Balancing. • Basic routing protocols and functions, such as static IP routes, RIP, DHCP Relay, Virtual Router Redundancy Protocol (VRRP), and IPX. • Security features, such as switch access control, Authenticated VLANs (AVLANs), authentication servers, and policy management. • Quality of Service (QoS) and Access Control Lists (ACLs) features, such as policy rules for prioritizingand filtering traffic, remapping packet headers, and network address translation. • Diagnostic tools, such as RMON, port mirroring, and switch logging.This OmniSwitch 7700/7800/8800 Network Configuration Guide describes how to set up and monitor software features that will allow your switch to operate in a live network environment. The software features described in this manual are shipped standard with your OmniSwitch 7700, 7800, or 8800. These features are used when setting up your OmniSwitch in a network of switches and routers

Greenpass Client Tools for Delegated Authorization in Wireless Networks

Dartmouth\u27s Greenpass project seeks to provide strong access control to a wireless network while simultaneously providing flexible guest access; to do so, it augments the Wi-Fi Alliance\u27s existing WPA standard, which offers sufficiently strong user authentication and access control, with authorization based on SPKI certificates. SPKI allows certain local users to delegate network access to guests by issuing certificates that state, in essence, he should get access because I said it\u27s okay. The Greenpass RADIUS server described in Kim\u27s thesis [55] performs an authorization check based on such statements so that guests can obtain network access without requiring a busy network administrator to set up new accounts in a centralized database. To our knowledge, Greenpass is the first working delegation-based solution to Wi-Fi access control. My thesis describes the Greenpass client tools, which allow a guest to introduce himself to a delegator and allow the delegator to issue a new SPKI certificate to the guest. The guest does not need custom client software to introduce himself or to connect to the Wi-Fi network. The guest and delegator communicate using a set of Web applications. The guest obtains a temporary key pair and X.509 certificate if needed, then sends his public key value to a Web server we provide. The delegator looks up her guest\u27s public key and runs a Java applet that lets her verify her guests\u27 identity using visual hashing and issue a new SPKI certificate to him. The guest\u27s new certificate chain is stored as an HTTP cookie to enable him to push it to an authorization server at a later time. I also describe how Greenpass can be extended to control access to a virtual private network (VPN) and suggest several interesting future research and development directions that could build on this work.My thesis describes the Greenpass client tools, which allow a guest to introduce himself to a delegator and allow the delegator to issue a new SPKI certificate to the guest. The guest does not need custom client software to introduce himself or to connect to the Wi-Fi network. The guest and delegator communicate using a set of Web applications. The guest obtains a temporary key pair and X.509 certificate if needed, then sends his public key value to a Web server we provide. The delegator looks up her guest\u27s public key and runs a Java applet that lets her verify her guests\u27 identity using visual hashing and issue a new SPKI certificate to him. The guest\u27s new certificate chain is stored as an HTTP cookie to enable him to push it to an authorization server at a later time. I also describe how Greenpass can be extended to control access to a virtual private network (VPN) and suggest several interesting future research and development directions that could build on this work