Advanced Signaling Support for IP-based Networks

This work develops a set of advanced signaling concepts for IP-based networks. It proposes a design for secure and authentic signaling and provides QoS signaling support for mobile users. Furthermore, this work develops methods which allow for scalable QoS signaling by realizing QoS-based group communication mechanisms and through aggregation of resource reservations

Design Quality of Security Service Negotiation Protocol

With future network equipment the security service becomes a critical and serious problem. Especially in the network, users do not want to expose their message to others or to be forged by others. They make extensive use of cryptography and integrity algorithms to achieve security. The sender can achieve the high quality of security service (high security level), only if the receivers and routers along path to receivers can support or satisfy the quality of security service requested by the sender. Therefore, this paper proposes a protocol to provide the needed mechanism for quality of security service, to dynamically negotiate the quality of security service among the senders and receivers of multicasts in the network. It provides different quality of security service resolutions to different receiver nodes with different security service needs and includes six different negotiation styles

Impact of denial of service solutions on network quality of service

The Internet has become a universal communication network tool. It has evolved from a platform that supports best-effort traffic to one that now carries different traffic types including those involving continuous media with quality of service (QoS) requirements. As more services are delivered over the Internet, we face increasing risk to their availability given that malicious attacks on those Internet services continue to increase. Several networks have witnessed denial of service (DoS) and distributed denial of service (DDoS) attacks over the past few years which have disrupted QoS of network services, thereby violating the Service Level Agreement (SLA) between the client and the Internet Service Provider (ISP). Hence DoS or DDoS attacks are major threats to network QoS. In this paper we survey techniques and solutions that have been deployed to thwart DoS and DDoS attacks and we evaluate them in terms of their impact on network QoS for Internet services. We also present vulnerabilities that can be exploited for QoS protocols and also affect QoS if exploited. In addition, we also highlight challenges that still need to be addressed to achieve end-to-end QoS with recently proposed DoS/DDoS solutions

A novel approach to quality-of-service provisioning in trusted relay Quantum Key Distribution networks

In recent years, noticeable progress has been made in the development of quantum equipment, reflected through the number of successful demonstrations of Quantum Key Distribution (QKD) technology. Although they showcase the great achievements of QKD, many practical difficulties still need to be resolved. Inspired by the significant similarity between mobile ad-hoc networks and QKD technology, we propose a novel quality of service (QoS) model including new metrics for determining the states of public and quantum channels as well as a comprehensive metric of the QKD link. We also propose a novel routing protocol to achieve high-level scalability and minimize consumption of cryptographic keys. Given the limited mobility of nodes in QKD networks, our routing protocol uses the geographical distance and calculated link states to determine the optimal route. It also benefits from a caching mechanism and detection of returning loops to provide effective forwarding while minimizing key consumption and achieving the desired utilization of network links. Simulation results are presented to demonstrate the validity and accuracy of the proposed solutions.Web of Science28118116

IP-based virtual private networks and proportional quality of service differentiation

IP-based virtual private networks (VPNs) have the potential of delivering cost-effective, secure, and private network-like services. Having surveyed current enabling techniques, an overall picture of IP VPN implementations is presented. In order to provision the equivalent quality of service (QoS) of legacy connection-oriented layer 2 VPNs (e.g., Frame Relay and ATM), IP VPNs have to overcome the intrinsically best effort characteristics of the Internet. Subsequently, a hierarchical QoS guarantee framework for IP VPNs is proposed, stitching together development progresses from recent research and engineering work. To differentiate IP VPN QoS, the proportional QoS differentiation model, whose QoS specification granularity compromises that of IntServ and Diffserv, emerges as a potential solution. The investigation of its claimed capability of providing the predictable and controllable QoS differentiation is then conducted. With respect to the loss rate differentiation, the packet shortage phenomenon shown in two classical proportional loss rate (PLR) dropping schemes is studied. On the pursuit of a feasible solution, the potential of compromising the system resource, that is, the buffer, is ruled out; instead, an enhanced debt-aware mechanism is suggested to relieve the negative effects of packet shortage. Simulation results show that debt-aware partially curbs the biased loss rate ratios, and improves the queueing delay performance as well. With respect to the delay differentiation, the dynamic behavior of the average delay difference between successive classes is first analyzed, aiming to gain insights of system dynamics. Then, two classical delay differentiation mechanisms, that is,proportional average delay (PAD) and waiting time priority (WTP), are simulated and discussed. Based on observations on their differentiation performances over both short and long time periods, a combined delay differentiation (CDD) scheme is introduced. Simulations are utilized to validate this method. Both loss and delay differentiations are based on a series of differentiation parameters. Though previous work on the selection of delay differentiation parameters has been presented, that of loss differentiation parameters mostly relied on network operators\u27 experience. A quantitative guideline, based on the principles of queueing and optimization, is then proposed to compute loss differentiation parameters. Aside from analysis, the new approach is substantiated by numerical results

Quality of Service (QoS) security in mobile ad hoc networks

With the rapid proliferation of wireless networks and mobile computing applications, Quality of Service (QoS) for mobile ad hoc networks (MANETs) has received increased attention. Security is a critical aspect of QoS provisioning in the MANET environment. Without protection from a security mechanism, attacks on QoS signaling system could result in QoS routing malfunction, interference of resource reservation, or even failure of QoS provision. Due to the characteristics of the MANETs, such as rapid topology change and limited communication and computation capacity, the conventional security measures cannot be applied and new security techniques are necessary. However, little research has been done on this topic. In this dissertation, the security issues will be addressed for MANET QoS systems. The major contributions of this research are: (a) design of an authentication mechanism for ad hoc networks; (b) design of a security mechanism to prevent and detect attacks on the QoS signaling system; (c) design of an intrusion detection mechanism for bandwidth reservation to detect QoS attacks and Denial of Service (DoS) attacks. These three mechanisms are evaluated through simulation

Multi Protocol Label Switching: Quality of Service, Traffic Engineering application, and Virtual Private Network application

This thesis discusses the QoS feature, Traffic Engineering (TE) application, and Virtual Private Network (VPN) application of the Multi Protocol Label Switching (MPLS) protocol. This thesis concentrates on comparing MPLS with other prominent technologies such as Internet Protocol (IP), Asynchronous Transfer Mode (ATM), and Frame Relay (FR). MPLS combines the flexibility of Internet Protocol (IP) with the connection oriented approach of Asynchronous Transfer Mode (ATM) or Frame Relay (FR). Section 1 lists several advantages MPLS brings over other technologies. Section 2 covers architecture and a brief description of the key components of MPLS. The information provided in Section 2 builds a background to compare MPLS with the other technologies in the rest of the sections. Since it is anticipate that MPLS will be a main core network technology, MPLS is required to work with two currently available QoS architectures: Integrated Service (IntServ) architecture and Differentiated Service (DiffServ) architecture. Even though the MPLS does not introduce a new QoS architecture or enhance the existing QoS architectures, it works seamlessly with both QoS architectures and provides proper QoS support to the customer. Section 3 provides the details of how MPLS supports various functions of the IntServ and DiffServ architectures. TE helps Internet Service Provider (ISP) optimize the use of available resources, minimize the operational costs, and maximize the revenues. MPLS provides efficient TE functions which prove to be superior to IP and ATM/FR. Section 4 discusses how MPLS supports the TE functionality and what makes MPLS superior to other competitive technologies. ATM and FR are still required as a backbone technology in some areas where converting the backbone to IP or MPLS does not make sense or customer demands simply require ATM or FR. In this case, it is important for MPLS to work with ATM and FR. Section 5 highlights the interoperability issues and solutions for MPLS while working in conjunction with ATM and FR. In section 6, various VPN tunnel types are discussed and compared with the MPLS VPN tunnel type. The MPLS VPN tunnel type is concluded as an optimal tunnel approach because it provides security, multiplexing, and the other important features that are reburied by the VPN customer and the ISP. Various MPLS layer 2 and layer 3 VPN solutions are also briefly discussed. In section 7 I conclude with the details of an actual implementation of a layer 3 MPLS VPN solution that works in conjunction with Border Gateway Protocol (BGP)