AN ENHANCED BINDING UPDATE SCHEME FOR NEXT GENERATION INTERNET PROTOCOL MOBILITY

In recent years, the usage of mobile devices has become essential for people, both for business and for their daily activities. The mobile devices can get services directly from their home network and from other correspondent devices regardless of their position without using any intermediate agent. It is achieved by using mobility based Internet Protocol version 6, called as next generation internet protocol mobility. Since network mobility uses open air interface as a communication medium, it is possible for many security threats and attacks that might attempt to get unauthorized access from the participating entities. Consequently, the protection of network mobility from threats is one of the most demanding tasks as it must be considered without increasing the complexity while enhancing security. Hence, the paper proposes an enhanced location update scheme by incorporating the optimal asymmetric encryption method based on the random oracle model for providing security and efficiency. It emphasizes the security goals such as authentication, integrity, and confidentiality from the security analysis. In addition, it addresses the attack prevention analysis for the attacks such as rerun, man-in-the-middle and false location update. The proposed scheme is simulated and verified for security properties using a security validation tool - Automated Validation of Internet Security Protocols and Applications. Finally, the simulation studies show that the latency of the proposed scheme is reduced significantly when compared the other location update schemes

Using Graphic Turing Tests To Counter Automated DDoS Attacks Against Web Servers

We present WebSOS, a novel overlay-based architecture that provides guaranteed access to a web server that is targeted by a denial of service (DoS) attack. Our approach exploits two key characteristics of the web environment: its design around a human-centric interface, and the extensibility inherent in many browsers through downloadable "applets." We guarantee access to a web server for a large number of previously unknown users, without requiring pre-existing trust relationships between users and the system.Our prototype requires no modifications to either servers or browsers, and makes use of graphical Turing tests, web proxies, and client authentication using the SSL/TLS protocol, all readily supported by modern browsers. We use the WebSOS prototype to conduct a performance evaluation over the Internet using PlanetLab, a testbed for experimentation with network overlays. We determine the end-to-end latency using both a Chord-based approach and our shortcut extension. Our evaluation shows the latency increase by a factor of 7 and 2 respectively, confirming our simulation results

Location Management in a Transport Layer Mobility Architecture

Mobility architectures that place complexity in end nodes rather than in the network interior have many advantageous properties and are becoming popular research topics. Such architectures typically push mobility support into higher layers of the protocol stack than network layer approaches like Mobile IP. The literature is ripe with proposals to provide mobility services in the transport, session, and application layers. In this paper, we focus on a mobility architecture that makes the most significant changes to the transport layer. A common problem amongst all mobility protocols at various layers is location management, which entails translating some form of static identifier into a mobile node's dynamic location. Location management is required for mobile nodes to be able to provide globally-reachable services on-demand to other hosts. In this paper, we describe the challenges of location management in a transport layer mobility architecture, and discuss the advantages and disadvantages of various solutions proposed in the literature. Our conclusion is that, in principle, secure dynamic DNS is most desirable, although it may have current operational limitations. We note that this topic has room for further exploration, and we present this paper largely as a starting point for comparing possible solutions

Support des applications multimédia dans les réseaux de prochaine génération

RÉSUMÉ Les applications multimédia sont devenues tellement populaires que certaines d’entre elles sont utilisées quotidiennement par les usagers. Cette popularité peut être attribuée à plusieurs facteurs, tels que la diversification du contenu et des services offerts, l’accès en tout temps grâce à la mobilité et à la nomadicité, ainsi qu’aux avancées au niveau des architectures et des protocoles utilisés, afin de supporter les requis plus exigeants de ces applications. Par exemple, ce qui était jadis un simple appel téléphonique, se transforme désormais en une vidéoconférence, permettant à un nombre dynamique d’usagers d’y participer. Un autre exemple d’application multimédia, qui connait également un essor fulgurant, est IP TeleVision (IPTV), soit la technologie permettant la transmission de la télévision, en direct et sur demande, sur des réseaux IP. On retrouve également sa version mobile, soit Mobile IP TeleVision (MobileTV). Du côté des opérateurs, le focus est mis sur le déploiement des réseaux de prochaine génération. Les opérateurs sans-fil se tournent vers les technologies cellulaires de quatrième génération, telles que 3GPP Long Term Evolution (LTE), alors que ceux qui offrent les services filaires regardent plutôt vers les réseaux basés sur la fibre optique, tels que Fiber to the Home (FTTH). Ces réseaux promettent d’augmenter le débit offert, ainsi que de réduire la latence, soit deux critères importants pour le déploiement des applications multimédia à grande échelle. Malgré ces avancées technologiques, il existe encore plusieurs obstacles au bon fonctionnement des applications multimédia. Dans cette optique, cette thèse se penche sur trois problématiques importantes dans les réseaux de prochaine génération, chacune faisant l’objet d’un article scientifique. Les deux premiers volets s’attardent sur la convergence des réseaux fixes et mobiles, ou Fixed-Mobile Convergence (FMC). Cette convergence vient brouiller la distinction entre les réseaux mobiles et les réseaux fixes. Entre autre, elle permet à un usager d’avoir accès à ses services, autant sur le réseau cellulaire (LTE, par exemple) que sur un réseau local (Wireless Fidelity (WiFi), par exemple). Pour s’y faire, l’usager est généralement muni d’un terminal pouvant se connecter sur les deux réseaux. La première problématique soulevée dans cette thèse est au niveau de la prise de décision de la relève. En effet, les deux protocoles de mobilité les plus populaires, soit Mobile IP (MIP) et Proxy Mobile IP (PMIP), adoptent deux approches diamétralement opposées. Avec le premier protocole, ce sont l’usager et son terminal qui prennent entièrement en charge la relève. Même si cette approche permet la FMC, les opérateurs préfèrent plutôt garder le contrôle sur la prise de décision, afin de pouvoir optimiser leur réseau. En effet, avec MIP, beaucoup de messages de signalisation sont envoyés, ce qui gaspille des ressources réseaux, surtout au niveau de l’accès radio, la partie la plus précieuse du réseau. De plus, en ne sollicitant pas le réseau, le terminal ne prend pas nécessairement les meilleures décisions. Il peut donc basculer vers un réseau qui est plus chargé et qui ne garantit pas nécessairement ses exigences au niveau de la qualité de service. De ce fait, le protocole PMIP a été proposé. Son approche est exactement à l’opposé de celle de MIP, soit la mobilité qui est entièrement gérée par le réseau. De ce fait, la mobilité est masquée au niveau du terminal, qui pense toujours se trouver dans son réseau mère. Grâce à l’ajout de nouveaux nœuds dans le réseau, qui gèrent la mobilité à la place du terminal, on élimine la signalisation sur l’accès radio. De plus, les informations supplémentaires que le réseau détient lui permettront de prendre une meilleure décision. Par contre, le problème avec ce protocole est que, sans l’intervention du terminal, il lui est impossible de détecter toutes les situations de relèves. Dans plusieurs cas, le réseau fixe de l’opérateur est masqué par un réseau interne, par exemple un réseau WiFi, et la détection de ce réseau n’est possible que grâce à l’intervention du terminal. Ainsi, PMIP n’est pas un protocole qui se prête bien au déploiement de FMC. Le premier article, qui s’intitule « Client-Based Network-Assisted Mobile IPv6 », s’attaque donc à ce problème, en proposant un nouveau protocole, basé sur Mobile IP v6 (MIPv6), et qui introduit l’implication du réseau. Le résultat obtenu est un protocole hybride qui combine les avantages de MIPv6 et de Proxy Mobile IP v6 (PMIPv6). Pour s’y faire, deux étapes ont été nécessaires. La première consiste en une refonte du protocole MIPv6 qui, dans son état actuel, était difficile à modifier, à cause de ses spécifications qui sont lourdes. Le résultat de cette étape est un protocole beaucoup plus léger et offrant uniquement les fonctionnalités de base. Les autres fonctionnalités, telles que les mécanismes de sécurité, ont été séparées dans des modules. En deuxième lieu, un nouveau module a été proposé, qui introduit un nouveau nœud dans le réseau, capable de gérer la mobilité du terminal. Ainsi, la collaboration entre le terminal et ce nœud permet de réduire les messages de signalisation et d’optimiser les décisions au niveau des relèves, tout en offrant le support pour FMC. La deuxième problématique, sur laquelle la thèse porte, se trouve au niveau de la transparence de la relève entre les deux réseaux. On parle d’une relève qui est transparente si cette dernière n’engendre aucune interruption des services de l’usager. Par exemple, un appel en cours, qui est démarré sur le réseau cellulaire, ne doit pas être interrompu lorsque la connexion bascule sur le réseau local, et vice-versa. Les applications visées, par notre travail, sont les applications multimédia en temps réél, notamment IPTV et MobileTV (en mode télévision en direct). Ces applications emploient des protocoles de multidiffusion permettant l’envoi optimisé de données à partir d’une ou de plusieurs sources vers plusieurs destinataires, avec un nombre minimal de paquets. Le problème avec ces applications est que, lorsqu’une relève verticale survient (dans le cadre de FMC par exemple), la connexion est rompue et doit être réétablie. Ceci est dû au fait que le terminal change son adresse IP, ce qui le force à rejoindre ses services à partir de la nouvelle adresse. Cette déconnexion résulte en une perte de paquets, se traduisant par une interruption de l’application de l’usager. Le second article, qui s’intitule « Seamless handover for multicast Mobile IPv6 traffic », propose une solution à ce problème. Cette solution consiste en l’ajout d’un nouveau nœud, dans le réseau, dont le rôle est de mettre en tampon les paquets perdus, lors de la relève du terminal. Ainsi, lorsque ce dernier recouvre sa connectivité, il est en mesure de récupérer ces paquets auprès de ce nœud. L’application de l’usager se déroule alors sans interruption. La troisième problématique abordée dans cette thèse porte sur la planification des réseaux d’accès, afin de supporter les requis des applications multimédia au niveau du débit. Pour que la FMC soit réussie, il faut que le réseau local puisse supporter les débits nécessaires de l’application. Le réseau WiFi interne n’étant généralement pas un problème, la limitation se trouve plutôt au niveau de l’accès filaire. Afin d’augmenter les débits offerts, les opérateurs ont introduit la fibre optique dans leurs réseaux, complémentant ainsi les méthodes traditionnelles, tels les paires de cuivre torsadées et le câble coaxial. Ainsi, de nouvelles technologies optiques hybrides ont été proposées. Dans un contexte o`u une infrastructure est déjà existante, le choix d’une technologie hybride est très attrayant, car l’opérateur peut rentabiliser son investissement précédent, minimisant ainsi le coût de la mise à jour. Par contre, dans un environnement vierge, il n’existe pas d’infrastructure à réutiliser. Le consensus, dans un tel scénario, est que la meilleure technologie à déployer est celle qui n’emploie que des liens en fibre optique, car elle offre les meilleurs débits ainsi que la plus grande flexibilité au niveau de l’évolutivité. La différence, au niveau du coût, devient moins grande et n’est plus nécessairement le critère principal au niveau du choix de la technologie à déployer. Une des difficultés, qui compliquent la planification, est que ces réseaux sont souvent déployés par les opérateurs, en phases. La planification doit être alors dynamique et prendre en considération la nature évolutive de la demande des clients. Le troisième article, qui s’intitule « Dynamic Greenfield Fiber to the Home Planning », propose donc une modélisation dynamique du problème de planification des réseaux d’accès en fibre optique. Le résultat est un modèle mathématique linéaire, en nombres entiers, qui prend en entrée des paramètres, tels que les demandes des clients, et qui produit la planification minimisant le coût total du réseau et ce, sur plusieurs phases. Les résultats numériques obtenus en simulant notre modèle montrent sa supériorité par rapport aux méthodes séquentielles existantes.--------- ABSTRACT Multimedia applications have been gaining momentum and are finding their way into everyday life. Their popularity can be attributed to several factors, such as the diversification of content and services, ubiquitous access thanks to the mobility and nomadicity, as well as advances in architectures and protocols used to support their most demanding requirements. For example, what was once a simple phone call has morphed nowadays into a videoconference, allowing a dynamic number of users to participate. Another example of a multimedia application that gained popularity is IP TeleVision (IPTV), which is the technology that allows the transmission of live and on demand television, on IP networks. There also exists a mobile version, called Mobile IP TeleVision (MobileTV). From the operators’ point of view, the focus is put on the deployment of next generation networks. Wireless operators are therefore deploying fourth generation cellular technologies, such as 3GPP Long Term Evolution (LTE), while those offering wired connectivity are looking into fiber optical based networks, such as Fiber to the Home (FTTH). These new networks increase the rate offered, as well as reduce latency, which are two important criteria for the deployment of large-scale multimedia applications. However, despite these advances, there still exist several obstacles hindering the proper operation of multimedia applications. This thesis therefore focuses on three important issues in next generation networks, each of these subjects leading to a scientific article. The first two works deal with the issues of the Fixed-Mobile Convergence (FMC). This convergence is blurring the distinction between mobile and fixed networks. Among other things, it allows a user to have access to its services, both on the cellular network (LTE, for example) as well as on a local network (Wireless Fidelity (WiFi), for example). This is usually accomplished by equipping the user with a device with that can connect to both networks. The first issue raised in this thesis is about the decision of when to execute a handover. The two most popular mobility protocols, Mobile IP (MIP) and Proxy Mobile IP (PMIP), approach this problem with diametrically opposed views. With the first protocol, the decision is made by the user and his device. Although this approach allows for FMC, operators would much rather have complete control over the decision-making, in order to optimize their network. Indeed, with MIP, many signaling messages are sent, wasting valuable network resources, especially at the radio access, which is the most precious part of the network. Furthermore, by not involving the network, the decision taken by the device will not be necessarily optimal. It might request to switch to a more overloaded network, that cannot meet its demands of Quality of Service (QoS). For these reasons, the PMIP protocol was proposed. Its approach is the opposite of that of MIP, the mobility being managed entirely by the network. By doing so, the device is actually shielded from any aspect of the mobility, and is fooled into thinking that its always in its home network. This is possible by introducing new nodes in the networks that act on its behalf, which eliminates all signaling on the radio link. In addition, since the network is usually better suited to make the right decision, because of the additional information it holds, the mobility is optimized. However, the big issue that arises is that, without the intervention of the terminal, it is impossible to detect all the handover possibilities. In many cases, the operator’s fixed network is hidden by an internal network, usually a WiFi network, and the detection of the network is only possible with the help of the terminal. Thus, PMIP is not a protocol that is well suited to deploy FMC. The first article, entitled “Client-Based Network-Assisted Mobile IPv6”, therefore addresses this problem by proposing a new protocol based on Mobile IP v6 (MIPv6), in which we introduce the involvement of the network. The result is a hybrid protocol that draws upon the strength of MIPv6 and Proxy Mobile IP v6 (PMIPv6). To accomplish this, two steps were required. The first consisted of a complete overhaul of the MIPv6 protocol, as in its current state, it was near impossible to make any modifications, because of the complexity and heaviness of its specifications. The result is a much more lightweight protocol which provides only basic functionality. Other features, such as security mechanisms, were separated into modules. In the second step, we proposed a new module, which introduces a new node in the network that can handle the terminal mobility. Thus, the collaboration of the terminal and the new node reduces the signaling messages and optimizes the decisions for handing over, while still offering support for FMC. The second issue that this thesis tackles is the seamlessness of a handover between two networks. A handover is deemed seamless if it does not cause any disruption to the user’s services. For example, a call that is in progress on the cellular network should not be interrupted when the connection switches to a local network, and the same goes for the other way around. The applications targeted by our work are multimedia applications operating in real-time , such as IPTV and MobileTV (in live television mode). These applications employ multicast protocols that are optimized for the transmission of data from one or more sources to multiple receivers, while using the minimum number of packets required. The problem, however, with these applications is that when a vertical handover occurs (in the case of FMC, for example), the connection is lost and must be re-established. This is because the terminal changes its IP address, which forces it to rejoin the services from the new address. This disconnection results in a packet loss, which entails an interruption of the user application. The second article, entitled “Seamless handover for multicast Mobile IPv6 traffic”, proposes a solution to this problem. This is accomplished by introducing a new node in the network, whose role is to buffer the lost packets while the handover is occurring. Thus, when the device reconnects, it is able to recover these packets. The user application is therefore able to proceed without interruption. The third issue addressed in this thesis focuses on the planning of access networks, to support the high bandwidth required by multimedia applications. For the FMC to be successful, it is necessary that the local network supports the bandwidth requirements. The internal WiFi network is generally not an issue, the limitation rather lies in the wired network. To increase the offered rates, operators have started introducing fiber optic links in their networks, complementing the traditional links, such as twisted pair copper and coaxial cable. Thus, new hybrid optical technologies have been proposed. In a context where an infrastructure already exists, the choice of a hybrid technology is very attractive, because the operator can leverage its previous investment and minimize the cost of the upgrade. However, in a new environment, there is no infrastructure to reuse. Therefore, the consensus in such a scenario is that the best technology to deploy is the one that only uses fiber optic links, as it offers the best rates and the greatest scalability. The cost difference is smaller and therefore no longer the main criterion for selecting the technology to deploy. One of the difficulties of network planning is that these networks are often deployed by operators in phases. Therefore, the planning must be dynamic and take into account the changing nature of customer demands. The third article, entitled “Dynamic Greenfield Fiber to the Home Planning”, proposes a dynamic model for the network planning problem of fiber optic networks. The result is a linear integer mathematical model, which takes input parameters, such as customer demands, and produces a planning that minimizes the total cost of the network, over all of the phases. The numerical results obtained when simulating our solution show its superiority compared to existing sequential methods

5G SA and NSA Solutions

This paper explains in detail the 5G packet core gateway solution. It also gives an overview of the 5G Architecture, the platform and the hardware details of this solution. 5G is the next generation of Third-Generation Partnership Program (3GPP) technology, after 4G/LTE, being defined for wireless mobile data communication. Starting with 3GPP Release 15 onward, this technology defines standards for 5G. As part of 3GPP Release 15, new 5G Radio and Packet Core evolution is being defined to cater to the needs of 5G networks. The two solutions that will be talked about in this paper are 5G Non-Standalone (NSA) and 5G Standalone (SA) both of which will coexist for some time together. As you might have understood by just looking at the names of these solutions, 5G Non-Standalone stands for the existing LTE radio access and core network (EPC) to be used as an anchor for mobility management and coverage to add the 5G carrier. This solution enables operators to provide 5G services with shorter time and lesser cost, and as for the 5G Standalone an all new 5G Packet Core will be introduced with several new capabilities built inherently into it. The SA architecture comprises of 5G New Radio (5G NR) and 5G Core Network (5GC)

Proposal of C4MS and inherent technical challenges – D3.1

Deliverable D3.1 del projecte Europeu OneFIT (ICT-2009-257385)The scope of OneFIT is on Opportunistic etworks and Cognitive Management Systems for Efficient Application Provision in the uture Internet. This document contains a proposal of Control Channels for Coordination of Cognitive Management Systems (C4MS) which enables delivery of guidance/assistance information from infrastructure towards the Opportunistic Networks and provides means for the management of Opportunistic Networks. This document defines first messages and elementary procedures for the C4MS as well as it identifies a preliminary set of information which is to be conveyed over C4MS. The document introduces also the inherent technical challenges related to the C4MS proposal.Postprint (published version

Discovery and Group Communication for Constrained Internet of Things Devices using the Constrained Application Protocol

The ubiquitous Internet is rapidly spreading to new domains. This expansion of the Internet is comparable in scale to the spread of the Internet in the ’90s. The resulting Internet is now commonly referred to as the Internet of Things (IoT) and is expected to connect about 50 billion devices by the year 2020. This means that in just five years from the time of writing this PhD the number of interconnected devices will exceed the number of humans by sevenfold. It is further expected that the majority of these IoT devices will be resource constrained embedded devices such as sensors and actuators. Sensors collect information about the physical world and inject this information into the virtual world. Next processing and reasoning can occur and decisions can be taken to enact upon the physical world by injecting feedback to actuators. The integration of embedded devices into the Internet introduces new challenges, since many of the existing Internet technologies and protocols were not designed for this class of constrained devices. These devices are typically optimized for low cost and power consumption and thus have very limited power, memory, and processing resources and have long sleep periods. The networks formed by these embedded devices are also constrained and have different characteristics than those typical in todays Internet. These constrained networks have high packet loss, low throughput, frequent topology changes and small useful payload sizes. They are referred to as LLN. Therefore, it is in most cases unfeasible to run standard Internet protocols on this class of constrained devices and/or LLNs. New or adapted protocols that take into consideration the capabilities of the constrained devices and the characteristics of LLNs, are required. In the past few years, there were many efforts to enable the extension of the Internet technologies to constrained devices. Initially, most of these efforts were focusing on the networking layer. However, the expansion of the Internet in the 90s was not due to introducing new or better networking protocols. It was a result of introducing the World Wide Web (WWW), which made it easy to integrate services and applications. One of the essential technologies underpinning the WWW was the Hypertext Transfer Protocol (HTTP). Today, HTTP has become a key protocol in the realization of scalable web services building around the Representational State Transfer (REST) paradigm. The REST architectural style enables the realization of scalable and well-performing services using uniform and simple interfaces. The availability of an embedded counterpart of HTTP and the REST architecture could boost the uptake of the IoT. Therefore, more recently, work started to allow the integration of constrained devices in the Internet at the service level. The Internet Engineering Task Force (IETF) Constrained RESTful Environments (CoRE) working group has realized the REST architecture in a suitable form for the most constrained nodes and networks. To that end the Constrained Application Protocol (CoAP) was introduced, a specialized RESTful web transfer protocol for use with constrained networks and nodes. CoAP realizes a subset of the REST mechanisms offered by HTTP, but is optimized for Machine-to-Machine (M2M) applications. This PhD research builds upon CoAP to enable a better integration of constrained devices in the IoT and examines proposed CoAP solutions theoretically and experimentally proposing alternatives when appropriate. The first part of this PhD proposes a mechanism that facilitates the deployment of sensor networks and enables the discovery, end-to-end connectivity and service usage of newly deployed sensor nodes. The proposed approach makes use of CoAP and combines it with Domain Name System (DNS) in order to enable the use of userfriendly Fully Qualified Domain Names (FQDNs) for addressing sensor nodes. It includes the automatic discovery of sensors and sensor gateways and the translation of HTTP to CoAP, thus making the sensor resources globally discoverable and accessible from any Internet-connected client using either IPv6 addresses or DNS names both via HTTP or CoAP. As such, the proposed approach provides a feasible and flexible solution to achieve hierarchical self-organization with a minimum of pre-configuration. By doing so we minimize costly human interventions and eliminate the need for introducing new protocols dedicated for the discovery and organization of resources. This reduces both cost and the implementation footprint on the constrained devices. The second, larger, part of this PhD focuses on using CoAP to realize communication with groups of resources. In many IoT application domains, sensors or actuators need to be addressed as groups rather than individually, since individual resources might not be sufficient or useful. A simple example is that all lights in a room should go on or off as a result of the user toggling the light switch. As not all IoT applications may need group communication, the CoRE working group did not include it in the base CoAP specification. This way the base protocol is kept as efficient and as simple as possible so it would run on even the most constrained devices. Group communication and other features that might not be needed by all devices are standardized in a set of optional separate extensions. We first examined the proposed CoAP extension for group communication, which utilizes Internet Protocol version 6 (IPv6) multicasts. We highlight its strengths and weaknesses and propose our own complementary solution that uses unicast to realize group communication. Our solution offers capabilities beyond simple group communication. For example, we provide a validation mechanism that performs several checks on the group members, to make sure that combining them together is possible. We also allow the client to request that results of the individual members are processed before they are sent to the client. For example, the client can request to obtain only the maximum value of all individual members. Another important optional extension to CoAP allows clients to continuously observe resources by registering their interest in receiving notifications from CoAP servers once there are changes to the values of the observed resources. By using this publish/subscribe mechanism the client does not need to continuously poll the resource to find out whether it has changed its value. This typically leads to more efficient communication patterns that preserve valuable device and LLN resources. Unfortunately CoAP observe does not work together with the CoAP group communication extension, since the observe extension assumes unicast communication while the group communication extension only support multicast communication. In this PhD we propose to extend our own group communication solution to offer group observation capabilities. By combining group observation with group processing features, it becomes possible to notify the client only about certain changes to the observed group (e.g., the maximum value of all group members has changed). Acknowledging that the use of multicast as well as unicast has strengths and weaknesses we propose to extend our unicast based solution with certain multicast features. By doing so we try to combine the strengths of both approaches to obtain a better overall group communication that is flexible and that can be tailored according to the use case needs. Together, the proposed mechanisms represent a powerful and comprehensive solution to the challenging problem of group communication with constrained devices. We have evaluated the solutions proposed in this PhD extensively and in a variety of forms. Where possible, we have derived theoretical models and have conducted numerous simulations to validate them. We have also experimentally evaluated those solutions and compared them with other proposed solutions using a small demo box and later on two large scale wireless sensor testbeds and under different test conditions. The first testbed is located in a large, shielded room, which allows testing under controlled environments. The second testbed is located inside an operational office building and thus allows testing under normal operation conditions. Those tests revealed performance issues and some other problems. We have provided some solutions and suggestions for tackling those problems. Apart from the main contributions, two other relevant outcomes of this PhD are described in the appendices. In the first appendix we review the most important IETF standardization efforts related to the IoT and show that with the introduction of CoAP a complete set of standard protocols has become available to cover the complete networking stack and thus making the step from the IoT into the Web of Things (WoT). Using only standard protocols makes it possible to integrate devices from various vendors into one bigWoT accessible to humans and machines alike. In the second appendix, we provide an alternative solution for grouping constrained devices by using virtualization techniques. Our approach focuses on the objects, both resource-constrained and non-constrained, that need to cooperate by integrating them into a secured virtual network, named an Internet of Things Virtual Network or IoT-VN. Inside this IoT-VN full end-to-end communication can take place through the use of protocols that take the limitations of the most resource-constrained devices into account. We describe how this concept maps to several generic use cases and, as such, can constitute a valid alternative approach for supporting selected applications

Mobility management across converged IP-based heterogeneous access networks

This thesis was submitted for the degree of Doctor of Philosophy and awarded by Brunel University, 8/2/2010.In order to satisfy customer demand for a high performance “global” mobility service, network operators (ISPs, carriers, mobile operators, etc.) are facing the need to evolve to a converged “all-IP” centric heterogeneous access infrastructure. However, the integration of such heterogeneous access networks (e.g. 802.11, 802.16e, UMTS etc) brings major mobility issues. This thesis tackles issues plaguing existing mobility management solutions in converged IP-based heterogeneous networks. In order to do so, the thesis firstly proposes a cross-layer mechanism using the upcoming IEEE802.21 MIH services to make intelligent and optimized handovers. In this respect, FMIPv6 is integrated with the IEEE802.21 mechanism to provide seamless mobility during the overall handover process. The proposed solution is then applied in a simulated vehicular environment to optimize the NEMO handover process. It is shown through analysis and simulations of the signalling process that the overall expected handover (both L2 and L3) latency in FMIPv6 can be reduced by the proposed mechanism by 69%. Secondly, it is expected that the operator of a Next Generation Network will provide mobility as a service that will generate significant revenues. As a result, dynamic service bootstrapping and authorization mechanisms must be in place to efficiently deploy a mobility service (without static provisioning), which will allow only legitimate users to access the service. A GNU Linux based test-bed has been implemented to demonstrate this. The experiments presented show the handover performance of the secured FMIPv6 over the implemented test-bed compared to plain FMIPv6 and MIPv6 by providing quantitative measurements and results on the quality of experience perceived by the users of IPv6 multimedia applications. The results show the inclusion of the additional signalling of the proposed architecture for the purpose of authorization and bootstrapping (i.e. key distribution using HOKEY) has no adverse effect on the overall handover process. Also, using a formal security analysis tool, it is shown that the proposed mechanism is safe/secure from the induced security threats. Lastly, a novel IEEE802.21 assisted EAP based re-authentication scheme over a service authorization and bootstrapping framework is presented. AAA based authentication mechanisms like EAP incur signalling overheads due to large RTTs. As a result, overall handover latency also increases. Therefore, a fast re-authentication scheme is presented which utilizes IEEE802.21 MIH services to minimize the EAP authentication process delays and as a result reduce the overall handover latency. Analysis of the signalling process based on analytical results shows that the overall handover latency for mobility protocols will be approximately reduced by 70% by the proposed scheme

Software Defined Application Delivery Networking

In this thesis we present the architecture, design, and prototype implementation details of AppFabric. AppFabric is a next generation application delivery platform for easily creating, managing and controlling massively distributed and very dynamic application deployments that may span multiple datacenters. Over the last few years, the need for more flexibility, finer control, and automatic management of large (and messy) datacenters has stimulated technologies for virtualizing the infrastructure components and placing them under software-based management and control; generically called Software-defined Infrastructure (SDI). However, current applications are not designed to leverage this dynamism and flexibility offered by SDI and they mostly depend on a mix of different techniques including manual configuration, specialized appliances (middleboxes), and (mostly) proprietary middleware solutions together with a team of extremely conscientious and talented system engineers to get their applications deployed and running. AppFabric, 1) automates the whole control and management stack of application deployment and delivery, 2) allows application architects to define logical workflows consisting of application servers, message-level middleboxes, packet-level middleboxes and network services (both, local and wide-area) composed over application-level routing policies, and 3) provides the abstraction of an application cloud that allows the application to dynamically (and automatically) expand and shrink its distributed footprint across multiple geographically distributed datacenters operated by different cloud providers. The architecture consists of a hierarchical control plane system called Lighthouse and a fully distributed data plane design (with no special hardware components such as service orchestrators, load balancers, message brokers, etc.) called OpenADN . The current implementation (under active development) consists of ~10000 lines of python and C code. AppFabric will allow applications to fully leverage the opportunities provided by modern virtualized Software-Defined Infrastructures. It will serve as the platform for deploying massively distributed, and extremely dynamic next generation application use-cases, including: Internet-of-Things/Cyber-Physical Systems: Through support for managing distributed gather-aggregate topologies common to most Internet-of-Things(IoT) and Cyber-Physical Systems(CPS) use-cases. By their very nature, IoT and CPS use cases are massively distributed and have different levels of computation and storage requirements at different locations. Also, they have variable latency requirements for their different distributed sites. Some services, such as device controllers, in an Iot/CPS application workflow may need to gather, process and forward data under near-real time constraints and hence need to be as close to the device as possible. Other services may need more computation to process aggregated data to drive long term business intelligence functions. AppFabric has been designed to provide support for such very dynamic, highly diversified and massively distributed application use-cases. Network Function Virtualization: Through support for heterogeneous workflows, application-aware networking, and network-aware application deployments, AppFabric will enable new partnerships between Application Service Providers (ASPs) and Network Service Providers (NSPs). An application workflow in AppFabric may comprise of application services, packet and message-level middleboxes, and network transport services chained together over an application-level routing substrate. The Application-level routing substrate allows policy-based service chaining where the application may specify policies for routing their application traffic over different services based on application-level content or context. Virtual worlds/multiplayer games: Through support for creating, managing and controlling dynamic and distributed application clouds needed by these applications. AppFabric allows the application to easily specify policies to dynamically grow and shrink the application\u27s footprint over different geographical sites, on-demand. Mobile Apps: Through support for extremely diversified and very dynamic application contexts typical of such applications. Also, AppFabric provides support for automatically managing massively distributed service deployment and controlling application traffic based on application-level policies. This allows mobile applications to provide the best Quality-of-Experience to its users without This thesis is the first to handle and provide a complete solution for such a complex and relevant architectural problem that is expected to touch each of our lives by enabling exciting new application use-cases that are not possible today. Also, AppFabric is a non-proprietary platform that is expected to spawn lots of innovations both in the design of the platform itself and the features it provides to applications. AppFabric still needs many iterations, both in terms of design and implementation maturity. This thesis is not the end of journey for AppFabric but rather just the beginning