De-ossifying the Internet Transport Layer : A Survey and Future Perspectives

ACKNOWLEDGMENT The authors would like to thank the anonymous reviewers for their useful suggestions and comments.Peer reviewedPublisher PD

A Survey on Handover Management in Mobility Architectures

This work presents a comprehensive and structured taxonomy of available techniques for managing the handover process in mobility architectures. Representative works from the existing literature have been divided into appropriate categories, based on their ability to support horizontal handovers, vertical handovers and multihoming. We describe approaches designed to work on the current Internet (i.e. IPv4-based networks), as well as those that have been devised for the "future" Internet (e.g. IPv6-based networks and extensions). Quantitative measures and qualitative indicators are also presented and used to evaluate and compare the examined approaches. This critical review provides some valuable guidelines and suggestions for designing and developing mobility architectures, including some practical expedients (e.g. those required in the current Internet environment), aimed to cope with the presence of NAT/firewalls and to provide support to legacy systems and several communication protocols working at the application layer

Heterogeneous Access: Survey and Design Considerations

As voice, multimedia, and data services are converging to IP, there is a need for a new networking architecture to support future innovations and applications. Users are consuming Internet services from multiple devices that have multiple network interfaces such as Wi-Fi, LTE, Bluetooth, and possibly wired LAN. Such diverse network connectivity can be used to increase both reliability and performance by running applications over multiple links, sequentially for seamless user experience, or in parallel for bandwidth and performance enhancements. The existing networking stack, however, offers almost no support for intelligently exploiting such network, device, and location diversity. In this work, we survey recently proposed protocols and architectures that enable heterogeneous networking support. Upon evaluation, we abstract common design patterns and propose a unified networking architecture that makes better use of a heterogeneous dynamic environment, both in terms of networks and devices. The architecture enables mobile nodes to make intelligent decisions about how and when to use each or a combination of networks, based on access policies. With this new architecture, we envision a shift from current applications, which support a single network, location, and device at a time to applications that can support multiple networks, multiple locations, and multiple devices

Bootstrapping Real-world Deployment of Future Internet Architectures

The past decade has seen many proposals for future Internet architectures. Most of these proposals require substantial changes to the current networking infrastructure and end-user devices, resulting in a failure to move from theory to real-world deployment. This paper describes one possible strategy for bootstrapping the initial deployment of future Internet architectures by focusing on providing high availability as an incentive for early adopters. Through large-scale simulation and real-world implementation, we show that with only a small number of adopting ISPs, customers can obtain high availability guarantees. We discuss design, implementation, and evaluation of an availability device that allows customers to bridge into the future Internet architecture without modifications to their existing infrastructure

Traversing NAT: A Problem

This quasi-experimental before-and-after study measured and analyzed the impacts of adding security to a new bi-directional Network Address Translation (NAT). Literature revolves around various types of NAT, their advantages and disadvantages, their security models, and networking technologies’ adoption. The study of the newly created secure bi-directional model of NAT showed statistically significant changes in the variables than another model using port forwarding. Future research of how data will traverse networks is crucial in an ever-changing world of technology

State-of-the-Art Multihoming Protocols and Support for Android

Il traguardo più importante per la connettività wireless del futuro sarà sfruttare appieno le potenzialità offerte da tutte le interfacce di rete dei dispositivi mobili. Per questo motivo con ogni probabilità il multihoming sarà un requisito obbligatorio per quelle applicazioni che puntano a fornire la migliore esperienza utente nel loro utilizzo. Sinteticamente è possibile definire il multihoming come quel processo complesso per cui un end-host o un end-site ha molteplici punti di aggancio alla rete. Nella pratica, tuttavia, il multihoming si è rivelato difficile da implementare e ancor di più da ottimizzare. Ad oggi infatti, il multihoming è lontano dall’essere considerato una feature standard nel network deployment nonostante anni di ricerche e di sviluppo nel settore, poiché il relativo supporto da parte dei protocolli è quasi sempre del tutto inadeguato. Naturalmente anche per Android in quanto piattaforma mobile più usata al mondo, è di fondamentale importanza supportare il multihoming per ampliare lo spettro delle funzionalità offerte ai propri utenti. Dunque alla luce di ciò, in questa tesi espongo lo stato dell’arte del supporto al multihoming in Android mettendo a confronto diversi protocolli di rete e testando la soluzione che sembra essere in assoluto la più promettente: LISP. Esaminato lo stato dell’arte dei protocolli con supporto al multihoming e l’architettura software di LISPmob per Android, l’obiettivo operativo principale di questa ricerca è duplice: a) testare il roaming seamless tra le varie interfacce di rete di un dispositivo Android, il che è appunto uno degli obiettivi del multihoming, attraverso LISPmob; e b) effettuare un ampio numero di test al fine di ottenere attraverso dati sperimentali alcuni importanti parametri relativi alle performance di LISP per capire quanto è realistica la possibilità da parte dell’utente finale di usarlo come efficace soluzione multihoming

Security Policy Management for a Cooperative Firewall

Increasing popularity of the Internet service and increased number of connected devices along with the introduction of IoT are making the society ever more dependent on the Internet services availability. Therefore, we need to ensure the minimum level of security and reliability of services. Ultra-Reliable Communication (URC) refers to the availability of life and business critical services nearly 100 percent of the time. These requirements are an integral part of upcoming 5th generation (5G) mobile networks. 5G is the future mobile network, which at the same time is part of the future Internet. As an extension to the conventional communication architecture, 5G needs to provide ultra-high reliability of services where; it needs to perform better than the currently available solutions in terms of security, confidentiality, integrity and reliability and it should mitigate the risks of Internet attack and malicious activities. To achieve such requirements, Customer Edge Switching (CES) architecture is presented. It proposes that the Internet user’s agent in the network provider needs to have prior information about the expected traffic of users to mitigate maximum attacks and only allow expected communication between hosts. CES executes communication security policies of each user or device acting as the user’s agent. The policy describes with fine granularity what traffic is expected by the device. The policies are sourced as automatically as possible but can also be modified by the user. Stored policies will follow the mobile user and will be executed at the network edge node executing Customer Edge Switch functions to stop all unexpected traffic from entering the mobile network. State-of-the-art in mobile network architectures utilizes the Quality of Service (QoS) policies of users. This thesis motivates the extension of current architecture to accommodate security and communication policy of end-users. The thesis presents an experimental implementation of a policy management system which is termed as Security Policy Management (SPM) to handle above-mentioned policies of users. We describe the architecture, implementation and integration of SPM with the Customer Edge Switching. Additionally, SPM has been evaluated in terms of performance, scalability, reliability and security offered via 5G customer edge nodes. Finally, the system has been analyzed for feasibility in the 5G architecture

Host Identity Protocol-based Network Address Translator traversal in peer-to-peer environments

Osoitteenmuuntajat aiheuttavat ongelmia vertaisverkkojen yhteyksien luomiselle. Myös koneen identiteetti protokolla (HIP) kärsii osoitteenmuuntajien aiheuttamista ongelmista, mutta sopivilla laajennuksilla sitä voidaan käyttää yleisenä osoitteenmuuntajien läpäisymenetelmänä. Interaktiivinen yhteyden luominen (ICE) on tehokas osoitteenmuuntajien läpäisymenetelmä, joka toimii monissa erilaisissa tilanteissa. Tämän diplomityön tavoitteena on mahdollistaa HIP-pohjainen osoitteenmuuntajien läpäisy käyttämällä ICE-menetelmää, ja arvioida menetelmän toimivuutta implementoinnin ja mittausten avulla. Implementoimme ICE-prototyypin ja testasimme sitä eri tyyppisten osoitteenmuuntajien kanssa. Käytimme mittauksissa verkkoa, jossa kaksi isäntäkonetta olivat eri aliverkoissa, ja suoritimme ICE-yhteystestejä näiden koneiden välillä. Mittasimme testeissä lähetettyjen viestien ja tavujen määrän sekä käytetyn ajan. Mittaustulosten perusteella laskimme myös arvion ICE:n ja HIP:in aiheuttamalle ylimääräisten viestien ja ajankäytön määrälle. ICE onnistui luomaan yhteyden kaikissa testaamissamme tilanteissa, mutta käytti välillä enemmän viestejä ja aikaa kuin olisi tarpeen. Selvitimme työssä syyt ylimääräisille viesteille ja esitimme keinoja viestien määrän vähentämiselle. Saimme myös selville, että suuressa osassa tilanteista 4-5 yhteystestiviestiä riittää yhteyden luomiseksi, mutta tietynlaista osoitteenmuunnosta käyttävät osoitteenmuuntajat voivat helposti tuplata viestien määrän. Joka tapauksessa, yhteystestien luomat liikennemäärät ovat vähäisiä, ja käyttämällä lyhyempiä ajastinaikoja kuin mitä ICE spesifikaatio ehdottaa, voidaan ICE:n tehokkuutta kasvattaa merkittävästi. Käyttämällä HIP:iä ICE:n kanssa vertaisverkko-ohjelmat voivat saada käyttöönsä tehokkaan osoitteenmuuntajien läpäisymenetelmän, joka tukee myös yhteyden turvaominaisuuksia, mobiliteettia, sekä useita yhtäaikaisia verkkoliitäntöjä.Network Address Translators (NATs) cause problems when peer-to-peer (P2P) connections are created between hosts. Also the Host Identity Protocol (HIP) has problems traversing NATs but, with suitable extensions, it can be used as a generic NAT traversal solution. The Interactive Connectivity Establishment (ICE) is a robust NAT traversal mechanism that can enable connectivity in various NAT scenarios. The goal of this thesis is to enable HIP-based NAT traversal using ICE and to evaluate the applicability of the approach by implementation and measurements. We implemented an ICE prototype and tested it with different types of NATs. We used a network where two hosts were in different subnets and run ICE connectivity checks between them. The amount of messages and bytes sent during the process, and also how long the process took, was measured and analyzed. Based on the measurements, we calculated the overhead of using HIP with ICE for NAT traversal. ICE was able to create a connection in all the scenarios, but sometimes using more messages and longer time than expected or necessary. We found reasons why too many messages are exchanged and presented solutions on how some of these redundant messages could be avoided. We also found out that while 4-5 connectivity check messages are enough in many scenarios, NATs with specific address mapping behavior can easily double the amount of needed checks. Still, the generated traffic bitrate is modest, and using shorter timeout values than what the ICE specification suggests can have a significant positive impact on performance. By using HIP with ICE, P2P programs can get an efficient NAT traversal solution that additionally supports security, mobility and multihoming