Towards a reliable seamless mobility support in heterogeneous IP networks

This thesis was submitted for the degree of Doctor of Philosophy and awarded by Brunel University.Next Generation networks (3G and beyond) are evolving towards all IP based systems with the aim to provide global coverage. For Mobility in IP based networks, Mobile IPv6 is considered as a standard by both industry and research community, but this mobility protocol has some reliability issues. There are a number of elements that can interrupt the communication between Mobile Node (MN) and Corresponding Node (CN), however the scope of this research is limited to the following issues only: • Reliability of Mobility Protocol • Home Agent Management • Handovers • Path failures between MN and CN First entity that can disrupt Mobile IPv6 based communication is the Mobility Anchor point itself, i.e. Home Agent. Reliability of Home Agent is addressed first because if this mobility agent is not reliable there would be no reliability of mobile communication. Next scenario where mobile communication can get disrupted is created by MN itself and it is due to its mobility. When a MN moves around, at some point it will be out of range of its active base station and at the same time it may enter the coverage area of another base station. In such a situation, the MN should perform a handover, which is a very slow process. This handover delay is reduced by introducing a “make before break” style handover in IP network. Another situation in which the Mobile IPv6 based communication can fail is when there is a path failure between MN and CN. This situation can be addressed by utilizing multiple interfaces of MN at the same time. One such protocol which can utilize multiple interfaces is SHIM6 but it was not designed to work on mobile node. It was designed for core networks but after some modification in the protocol , it can be deployed on mobile nodes. In this thesis, these issues related to reliability of IPv6 based mobile communication have been addressed

A network mobility management architecture for a heteregeneous network environment

Network mobility management enables mobility of personal area networks and vehicular networks across heterogeneous access networks using a Mobile Router. This dissertation presents a network mobility management architecture for minimizing the impact of handoffs on the communications of nodes in the mobile network. The architecture addresses mobility in legacy networks without infrastructure support, but can also exploit infrastructure support for improved handoff performance. Further, the proposed architecture increases the efficiency of communications of nodes in the mobile network with counter parts in the fixed network through the use of caching and route optimization. The performance and costs of the proposed architecture are evaluated through empirical and numerical analysis. The analysis shows the feasibility of the architecture in the networks of today and in those of the near future.Verkkojen liikkuuvudenhallinta mahdollistaa henkilökohtaisten ja ajoneuvoihin asennettujen verkkojen liikkuvuuden heterogeenisessä verkkoympäristössä käyttäen liikkuvaa reititintä. Tämä väitöskirja esittää uuden arkkitehtuurin verkkojen liikkuvuudenhallintaan, joka minimoi verkonvaihdon vaikutuksen päätelaitteiden yhteyksiin. Vanhoissa verkoissa, joiden infrastruktuuri ei tue verkkojen liikkuvuutta, verkonvaihdos täytyy hallita liikkuvassa reitittimessa. Standardoitu verkkojen liikkuvuudenhallintaprotokolla NEMO mahdollistaa tämän käyttäen ankkurisolmua kiinteässä verkossa pakettien toimittamiseen päätelaitteiden kommunikaatiokumppaneilta liikkuvalle reitittimelle. NEMO:ssa verkonvaihdos aiheuttaa käynnissä olevien yhteyksien keskeytymisen yli sekunnin mittaiseksi ajaksi, aiheuttaen merkittävää häiriötä viestintäsovelluksille. Esitetyssä arkkitehtuurissa verkonvaihdon vaikutus minimoidaan varustamalla liikkuva reititin kahdella radiolla. Käyttäen kahta radiota liikkuva reititin pystyy suorittamaan verkonvaihdon keskeyttämättä päätelaitteiden yhteyksiä, mikäli verkonvaihtoon on riittävästi aikaa. Käytettävissa oleva aika riippuu liikkuvan reitittimen nopeudesta ja radioverkon rakenteesta. Arkkitehtuuri osaa myös hyödyntää infrastruktuurin tukea saumattomaan verkonvaihtoon. Verkkoinfrastruktuurin tuki nopeuttaa verkonvaihdosprosessia, kasvattaenmaksimaalista verkonvaihdos tahtia. Tällöin liikkuva reitin voi käyttää lyhyen kantaman radioverkkoja, joiden solun säde on yli 80m, ajonopeuksilla 90m/s asti ilman, että verkonvaihdos keskeyttää päätelaitteiden yhteyksiä. Lisäksi ehdotettu arkkitehtuuri tehostaa kommunikaatiota käyttäen cache-palvelimia liikkuvassa ja kiinteässä verkossa ja optimoitua reititystä liikkuvien päätelaitteiden ja kiinteässä verkossa olevien kommunikaatiosolmujen välillä. Cache-palvelinarkkitehtuuri hyödyntää vapaita radioresursseja liikkuvan verkon cache-palvelimen välimuistin päivittämiseen. Heterogeenisessä verkkoympäristossä cache-palvelimen päivitys suoritetaan lyhyen kantaman laajakaistaisia radioverkkoja käyttäen. Liikkuvan reitittimen siirtyessä laajakaistaisen radioverkon peitealueen ulkopuolelle päätelaitteille palvellaan sisältöä, kuten www sivuja tai videota cache-palvelimelta, säästäen laajemman kantaman radioverkon rajoitetumpia resursseja. Arkkitehtuurissa käytetään optimoitua reititystä päätelaitteiden ja niiden kommunikaatiokumppaneiden välillä. Optimoitu reititysmekanismi vähentää liikkuvuudenhallintaan käytettyjen protokollien langattoman verkon resurssien kulutusta. Lisäksi optimoitu reititysmekanismi tehostaa pakettien reititystä käyttäen suorinta reittiä kommunikaatiosolmujen välillä. Esitetyn arkkitehtuurin suorituskyky arvioidaan empiirisen ja numeerisen analyysin avulla. Analyysi arvioi arkkitehtuurin suorituskykyä ja vertaa sitä aikaisemmin ehdotettuihin ratkaisuihin ja osoittaa arkkitehtuurin soveltuvan nykyisiin ja lähitulevaisuuden langattomiin verkkoihin.reviewe

Algorithmes d'adressage et routage pour des réseaux fortement mobiles à grande échelle

After successfully connecting machines and people later (world wide web), the new era of In-ternet is about connecting things. Due to increasing demands in terms of addresses, mobility, scalability, security and other new unattended challenges, the evolution of current Internet archi-tecture is subject to major debate worldwide. The Internet Architecture Board (IAB) workshop on Routing and Addressing report described the serious scalability problems faced by large backbone operators in terms of routing and addressing, illustrated by the unsustainable growth of the Default Free Zone (DFZ) routing tables. Some proposals tackled the scalability and IP semantics overload issues with two different approaches: evolutionary approach (backward com-patibility) or a revolutionary approach. Several design objectives (technical or high-level) guided researchers in their proposals. Mobility is definitely one of the main challenges.Inter-Vehicle Communication (IVC) attracts considerable attention from the research com-munity and the industry for its potential in providing Intelligent Transportation Systems (ITS) and passengers services. Vehicular Ad-Hoc Networks (VANETs) are emerging as a class of wire-less network, formed between moving vehicles equipped with wireless interfaces (cellular and WiFi) employing heterogeneous communication systems. A VANET is a form of mobile ad-hoc network that provides IVC among nearby vehicles and may involve the use of a nearby fixed equipment on the roadside. The impact of Internet-based vehicular services (infotainment) are quickly developing. Some of these applications, driver assistance services or traffic reports, have been there for a while. But market-enabling applications may also be an argument in favor of a more convenient journey. Such use cases are viewed as a motivation to further adoption of the ITS standards developed within IEEE, ETSI, and ISO.This thesis focuses on applying Future Internet paradigm to vehicle-to-Internet communica-tions in an attempt to define the solution space of Future Vehicular Internet. We first introduce two possible vehicle-to-Internet use cases and great enablers for IP based services : eHealth and Fully-electric Vehicles. We show how to integrate those use cases into IPv6 enabled networks. We further focus on the mobility architectures and determine the fundamental components of a mobility architecture. We then classify those approaches into centralized and distributed to show the current trends in terms of network mobility extension, an essential component to vehicular networking. We eventually analyze the performance of these proposals. In order to define an identifier namespace for vehicular communications, we introduce the Vehicle Identification Numbers are possible candidates. We then propose a conversion algorithm that preserves the VIN characteristics while mapping it onto usable IPv6 networking objects (ad-dresses, prefixes, and Mobile Node Identifiers). We make use of this result to extend LISP-MN protocol with the support of our VIN6 addressing architecture. We also apply those results to group IP-based communications, when the cluster head is in charge of a group of followers.Cette thèse a pour objectif de faire avancer l'état de l'art des communications basée sur Internet Protocol version 6 (IPv6) dans le domaine des réseaux véhiculaires, et ce dans le cadre des évolutions récentes de IP, notamment l'avènement du Future Internet. Le Future Internet (F.I.) définit un ensemble d'approches pour faire évoluer l'Internet actuel , en particulier l'émergence d'un Internet mobile exigeant en ressources. Les acteurs de ce domaine définissent les contraintes inhérentes aux approches utilisées historiquement dans l'évolution de l'architecture d'Internet et tentent d'y remédier soit de manière évolutive soit par une rupture technologique (révolutionnaire). Un des problèmes au centre de cette nouvelle évolution d'Internet est la question du nommage et de l'adressage dans le réseau. Nous avons entrepris dans cette thèse l'étude de ce problème, dans le cadre restreint des communications véhiculaires Internet.Dans ce contexte, l'état de l'art du Future Internet a mis en avant les distinctions des approches révolutionnaires comparées aux propositions évolutives basées sur IPv6. Les réseaux véhiculaires étant d'ores-et-déjà dotés de piles protocolaires comprenant une extension IPv6, nous avons entamé une approche évolutive visant à intégrer les réseaux véhiculaires au Future Internet. Une première proposition a été de convertir un identifiant présent dans le monde automobile (VIN, Numéro d'Identification de Véhicule) en un lot d'adresses réseau propres à chaque véhicule (qui est donc propriétaire de son adressage issu de son identifiant). Cette proposition étant centrée sur le véhicule, nous avons ensuite intégré ces communications basés dans une architecture globale Future Internet basée sur IPv6 (protocole LISP). En particulier, et avec l'adressage VIN, nous avons défini un espace d'adressage indépendant des fournisseurs d'accès à Internet où le constructeur automobile devient acteur économique fournissant des services IPv6 à sa flotte de véhicules conjointement avec les opérateurs réseau dont il dépend pour transporter son trafic IP. Nous nous sommes ensuite intéressés à l'entourage proche du véhicule afin de définir un nouveau mode de communication inter-véhiculaire à Internet: le V2V2I (Angl. Vehicle-to-Vehicle-to-Infrastructure). Jusqu'à présent, les modes de transmission de données à Internet dans le monde du véhicule consistaient en des topologies V2I, à savoir véhicule à Internet, où le véhicule accède à l'infrastructure directement sans intermédiaire. Dans le cadre des communications véhiculaires à Internet, nous proposons une taxonomie des méthodes existantes dans l'état de l'art. Les techniques du Future Internet étant récentes, nous avons étendu notre taxonomie par une nouvelle approche basée sur la séparation de l'adressage topologique dans le cluster de celui de l'infrastructure. Le leader du cluster s'occupe d'affecter les adresses (de son VIN) et de gérer le routage à l'intérieur de son cluster. La dernière contribution consiste en la comparaison des performances des protocoles de gestion de mobilité, notamment pour les réseaux de véhicules et des communications de type vehicule-à-Internet. Dans ce cadre, nous avons proposé une classification des protocoles de gestion de mobilité selon leur déploiement: centralisé (basé réseau ou host) et distribué. Nous avons ensuite évalué les performances en modélisant les durées de configurations et de reconfigurations des différents protocoles concernés

A security protocol for authentication of binding updates in Mobile IPv6.

Wireless communication technologies have come along way, improving with every generational leap. As communications evolve so do the system architectures, models and paradigms. Improvements have been seen in the jump from 2G to 3G networks in terms of security. Yet these issues persist and will continue to plague mobile communications into the leap towards 4G networks if not addressed. 4G will be based on the transmission of Internet packets only, using an architecture known as mobile IP. This will feature many advantages, however security is still a fundamental issue to be resolved. One particular security issue involves the route optimisation technique, which deals with binding updates. This allows the corresponding node to by-pass the home agent router to communicate directly with the mobile node. There are a variety of security vulnerabilities with binding updates, which include the interception of data packets, which would allow an attacker to eavesdrop on its contents, breaching the users confidentiality, or to modify transmitted packets for the attackers own malicious purposes. Other possible vulnerabilities with mobile IP include address spoofing, redirection and denial of service attacks. For many of these attacks, all the attacker needs to know is the IPv6 addresses of the mobile’s home agent and the corresponding node. There are a variety of security solutions to prevent these attacks from occurring. Two of the main solutions are cryptography and authentication. Cryptography allows the transmitted data to be scrambled in an undecipherable way resulting in any intercepted packets being illegible to the attacker. Only the party possessing the relevant key will be able to decrypt the message. Authentication is the process of verifying the identity of the user or device one is in communication with. Different authentication architectures exist however many of them rely on a central server to verify the users, resulting in a possible single point of attack. Decentralised authentication mechanisms would be more appropriate for the nature of mobile IP and several protocols are discussed. However they all posses’ flaws, whether they be overly resource intensive or give away vital address data, which can be used to mount an attack. As a result location privacy is investigated in a possible attempt at hiding this sensitive data. Finally, a security solution is proposed to address the security vulnerabilities found in binding updates and attempts to overcome the weaknesses of the examined security solutions. The security protocol proposed in this research involves three new security techniques. The first is a combined solution using Cryptographically Generated Addresses and Return Routability, which are already established solutions, and then introduces a new authentication procedure, to create the Distributed Authentication Protocol to aid with privacy, integrity and authentication. The second is an enhancement to Return Routability called Dual Identity Return Routability, which provides location verification authentication for multiple identities on the same device. The third security technique is called Mobile Home Agents, which provides device and user authentication while introducing location privacy and optimised communication routing. All three security techniques can be used together or individually and each needs to be passed before the binding update is accepted. Cryptographically Generated Addresses asserts the users ownership of the IPv6 address by generating the interface identifier by computing a cryptographic one-way hash function from the users’ public key and auxiliary parameters. The binding between the public key and the address can be verified by recomputing the hash value and by comparing the hash with the interface identifier. This method proves ownership of the address, however it does not prove the address is reachable. After establishing address ownership, Return Routability would then send two security tokens to the mobile node, one directly and one via the home agent. The mobile node would then combine them together to create an encryption key called the binding key allowing the binding update to be sent securely to the correspondent node. This technique provides a validation to the mobile nodes’ location and proves its ownership of the home agent. Return Routability provides a test to verify that the node is reachable. It does not verify that the IPv6 address is owned by the user. This method is combined with Cryptographically Generated Addresses to provide best of both worlds. The third aspect of the first security solution introduces a decentralised authentication mechanism. The correspondent requests the authentication data from both the mobile node and home agent. The mobile sends the data in plain text, which could be encrypted with the binding key and the home agent sends a hash of the data. The correspondent then converts the data so both are hashes and compares them. If they are the same, authentication is successful. This provides device and user authentication which when combined with Cryptographically Generated Addresses and Return Routability create a robust security solution called the Distributed Authentication Protocol. The second new technique was designed to provide an enhancement to a current security solution. Dual Identity Return Routability builds on the concept of Return Routability by providing two Mobile IPv6 addresses on a mobile device, giving the user two separate identities. After establishing address ownership with Cryptographically Generated Addresses, Dual Identity Return Routability would then send security data to both identities, each on a separate network and each having heir own home agents, and the mobile node would then combine them together to create the binding key allowing the binding update to be sent securely to the correspondent node. This technique provides protection against address spoofing as an attacker needs two separate ip addresses, which are linked together. Spoofing only a single address will not pass this security solution. One drawback of the security techniques described, however, is that none of them provide location privacy to hide the users IP address from attackers. An attacker cannot mount a direct attack if the user is invisible. The third new security solution designed is Mobile Home Agents. These are software agents, which provide location privacy to the mobile node by acting as a proxy between it and the network. The Mobile Home Agent resides on the point of attachment and migrates to a new point of attachment at the same time as the mobile node. This provides reduced latency communication and a secure environment for the mobile node. These solutions can be used separately or combined together to form a super security solution, which is demonstrated in this thesis and attempts to provide proof of address ownership, reachability, user and device authentication, location privacy and reduction in communication latency. All these security features are design to protect against one the most devastating attacks in Mobile IPv6, the false binding update, which can allow an attacker to impersonate and deny service to the mobile node by redirecting all data packets to itself. The solutions are all simulated with different scenarios and network configurations and with a variety of attacks, which attempt to send a false binding update to the correspondent node. The results were then collected and analysed to provide conclusive proof that the proposed solutions are effective and robust in protecting against the false binding updates creating a safe and secure network for all

Towards a reliable seamless mobility support in heterogeneous IP networks

Next Generation networks (3G and beyond) are evolving towards all IP based systems with the aim to provide global coverage. For Mobility in IP based networks, Mobile IPv6 is considered as a standard by both industry and research community, but this mobility protocol has some reliability issues. There are a number of elements that can interrupt the communication between Mobile Node (MN) and Corresponding Node (CN), however the scope of this research is limited to the following issues only: • Reliability of Mobility Protocol • Home Agent Management • Handovers • Path failures between MN and CN First entity that can disrupt Mobile IPv6 based communication is the Mobility Anchor point itself, i.e. Home Agent. Reliability of Home Agent is addressed first because if this mobility agent is not reliable there would be no reliability of mobile communication. Next scenario where mobile communication can get disrupted is created by MN itself and it is due to its mobility. When a MN moves around, at some point it will be out of range of its active base station and at the same time it may enter the coverage area of another base station. In such a situation, the MN should perform a handover, which is a very slow process. This handover delay is reduced by introducing a “make before break” style handover in IP network. Another situation in which the Mobile IPv6 based communication can fail is when there is a path failure between MN and CN. This situation can be addressed by utilizing multiple interfaces of MN at the same time. One such protocol which can utilize multiple interfaces is SHIM6 but it was not designed to work on mobile node. It was designed for core networks but after some modification in the protocol , it can be deployed on mobile nodes. In this thesis, these issues related to reliability of IPv6 based mobile communication have been addressed.EThOS - Electronic Theses Online ServiceGBUnited Kingdo

Host mobility management with identifier-locator split protocols in hierarchical and flat networks

Includes abstractIncludes bibliographical references.As the Internet increasingly becomes more mobile focused and overloaded with mobile hosts, mobile users are bound to roam freely and attach to a variety of networks. These different networks converge over an IP-based core to enable ubiquitous network access, anytime and anywhere, to support the provision of services, that is, any service, to mobile users. Therefore, in this thesis, the researcher proposed network-based mobility solutions at different layers to securely support seamless handovers between heterogeneous networks in hierarchical and flat network architectures

An integrated security Protocol communication scheme for Internet of Things using the Locator/ID Separation Protocol Network

Internet of Things communication is mainly based on a machine-to-machine pattern, where devices are globally addressed and identified. However, as the number of connected devices increase, the burdens on the network infrastructure increase as well. The major challenges are the size of the routing tables and the efficiency of the current routing protocols in the Internet backbone. To address these problems, an Internet Engineering Task Force (IETF) working group, along with the research group at Cisco, are still working on the Locator/ID Separation Protocol as a routing architecture that can provide new semantics for the IP addressing, to simplify routing operations and improve scalability in the future of the Internet such as the Internet of Things. Nonetheless, The Locator/ID Separation Protocol is still at an early stage of implementation and the security Protocol e.g. Internet Protocol Security (IPSec), in particular, is still in its infancy. Based on this, three scenarios were considered: Firstly, in the initial stage, each Locator/ID Separation Protocol-capable router needs to register with a Map-Server. This is known as the Registration Stage. Nevertheless, this stage is vulnerable to masquerading and content poisoning attacks. Secondly, the addresses resolving stage, in the Locator/ID Separation Protocol the Map Server (MS) accepts Map-Request from Ingress Tunnel Routers and Egress Tunnel Routers. These routers in trun look up the database and return the requested mapping to the endpoint user. However, this stage lacks data confidentiality and mutual authentication. Furthermore, the Locator/ID Separation Protocol limits the efficiency of the security protocol which works against redirecting the data or acting as fake routers. Thirdly, As a result of the vast increase in the different Internet of Things devices, the interconnected links between these devices increase vastly as well. Thus, the communication between the devices can be easily exposed to disclosures by attackers such as Man in the Middle Attacks (MitM) and Denial of Service Attack (DoS). This research provided a comprehensive study for Communication and Mobility in the Internet of Things as well as the taxonomy of different security protocols. It went on to investigate the security threats and vulnerabilities of Locator/ID Separation Protocol using X.805 framework standard. Then three Security protocols were provided to secure the exchanged transitions of communication in Locator/ID Separation Protocol. The first security protocol had been implemented to secure the Registration stage of Locator/ID separation using ID/Based cryptography method. The second security protocol was implemented to address the Resolving stage in the Locator/ID Separation Protocol between the Ingress Tunnel Router and Egress Tunnel Router using Challenge-Response authentication and Key Agreement technique. Where, the third security protocol had been proposed, analysed and evaluated for the Internet of Things communication devices. This protocol was based on the authentication and the group key agreement via using the El-Gamal concept. The developed protocols set an interface between each level of the phase to achieve security refinement architecture to Internet of Things based on Locator/ID Separation Protocol. These protocols were verified using Automated Validation Internet Security Protocol and Applications (AVISPA) which is a push button tool for the automated validation of security protocols and achieved results demonstrating that they do not have any security flaws. Finally, a performance analysis of security refinement protocol analysis and an evaluation were conducted using Contiki and Cooja simulation tool. The results of the performance analysis showed that the security refinement was highly scalable and the memory was quite efficient as it needed only 72 bytes of memory to store the keys in the Wireless Sensor Network (WSN) device

Secure Connectivity With Persistent Identities

In the current Internet the Internet Protocol address is burdened with two roles. It serves as the identifier and the locator for the host. As the host moves its identity changes with its locator. The research community thinks that the Future Internet will include identifier-locator split in some form. Identifier-locator split is seen as the solution to multiple problems. However, identifier-locator split introduces multiple new problems to the Internet. In this dissertation we concentrate on: the feasibility of using identifier-locator split with legacy applications, securing the resolution steps, using the persistent identity for access control, improving mobility in environments using multiple address families and so improving the disruption tolerance for connectivity. The proposed methods achieve theoretical and practical improvements over the earlier state of the art. To raise the overall awareness, our results have been published in interdisciplinary forums.Nykypäivän Internetissä IP-osoite on kuormitettu kahdella eri roolilla. IP toimii päätelaitteen osoitteena, mutta myös usein sen identiteetinä. Tällöin laitteen identiteetti muuttuu laitteen liikkuessa, koska laitteen osoite vaihtuu. Tutkimusyhteisön mielestä paikan ja identiteetin erottaminen on välttämätöntä tulevaisuuden Internetissä. Paikan ja identiteetin erottaminen tuo kuitenkin esiin joukon uusia ongelmia. Tässä väitöskirjassa keskitytään selvittämään paikan ja identiteetin erottamisen vaikutusta olemassa oleviin verkkoa käyttäviin sovelluksiin, turvaamaan nimien muuntaminen osoitteiksi, helpottamaan pitkäikäisten identiteettien käyttöä pääsyvalvonnassa ja parantamaan yhteyksien mahdollisuuksia selviytyä liikkumisesta usean osoiteperheen ympäristöissä. Väitöskirjassa ehdotetut menetelmät saavuttavat sekä teoreettisia että käytännön etuja verrattuna aiempiin kirjallisuudessa esitettyihin menetelmiin. Saavutetut tulokset on julkaistu eri osa-alojen foorumeilla

Pro-collaborative mobile systems in next generation IP networks

Computing system designs of today take on either the interactive or the proactive form. Motivated by the user’s desire to make his/her computing experience more intelligent and personalised, the progression from interactive (human-centred) to proactive (human-supervised) is evident. It can be observed that current research mainly emphasises the user as the dominant focus of a user-system interaction. Consider a model that we called the opponent-process model. It contains two processes, one representing the user and the other the system, where both processes are capable of dominating each other, though working collaboratively towards a predefined task. We argue the necessity to design computing systems which are balanced in this model, such that the system process, at times, becomes the dominant process. We refer to this as the pro-collaborative design form. We dissect mobility into the notion of a nomadic user and the notion of a nomadic system. The examination into the nomadic user problem space reveals the potential for applying the pro-collaborative approach in optimising handoff management. Significant performance advantages can be obtained with our proposed S-MIP framework, based on the pro-collaborative design, when compared with established handoff latency optimisation schemes. The key differentiator lies in its indicative approach in addressing handoff ambiguity. Instead of passively anticipating through prediction as to when a mobile user might cross network boundaries (user-dominant), the system actively indicates to the user when, where and how to handoff (system-dominant). This eliminates the handoff ambiguity. Regarding the notion of a nomadic system, that is, the ability to move services offered by computing systems to arbitrary points in the Internet, we explore the idea of the dynamic extension of network services to a mobile user on-demand. Based on the pro-collaborative form, we develop the METAMORPHOSE architecture which facilitates such a dynamic service extension. By assuming the proliferation of programmable network switches and computational resources within the Internet, we re-examine how ‘loose’ service agreements between network services providers can be, to achieve such borderless moving-service offerings. The viability of the pro-collaborative form is reflected through our design and implementation of protocols and architectures which address the notion of nomadic user and nomadic system

SIGMA: A mobility architecture for terrestrial and space networks.

Internet Protocol (IP) mobility can be handled at different layers of the protocol stack. Mobile IP has been developed to handle mobility of Internet hosts at the network layer. Mobile IP suffers from a number of drawbacks such as the requirement for infrastructure change, high handover latency, high packet loss rate, and conflict with network security solutions. As an alternative solution, a few transport layer mobility protocols have been proposed in the context of Transmission Control Protocol (TCP), for example, MSOCKS and TCP connection migration. In this dissertation, a S&barbelow; eamless I&barbelow; P-diversity-based G&barbelow; eneralized M&barbelow; obility Architecture (SIGMA) is described. SIGMA works at the transport layer and utilizes IP diversity to achieve seamless handover, and is designed to solve many of the drawbacks of Mobile IP. It can also cooperate with normal IPv4 or IPv6 infrastructure without the support of Mobile IP. The handover performance, signaling cost, and survivability issues of SIGMA are evaluated and compared with those of Mobile IP. A hierarchical location management scheme for SIGMA is developed to reduce the signaling cost of SIGMA, which is also useful to other transport layer mobility solutions. SIGMA is shown to be also applicable to managing satellite handovers in space. Finally, the interoperability between SIGMA and existing Internet security mechanisms is discussed