Case Study - IPv6 based building automation solution integration into an IPv4 Network Service Provider infrastructure

The case study presents a case study describing an Internet Protocol (IP) version 6 (v6) introduction to an IPv4 Internet Service Provider (ISP) network infrastructure. The case study driver is an ISP willing to introduce a new “killer” service related to Internet of Things (IoT) style building automation. The provider and cooperation of third party companies specialized in building automation will provide the service. The ISP has to deliver the network access layer and to accommodate the building automation solution traffic throughout its network infrastructure. The third party companies are system integrators and building automation solution vendors. IPv6 is suitable for such solutions due to the following reasons. The operator can’t accommodate large number of IPv4 embedded devices in its current network due to the lack of address space and the fact that many of those will need clear 2 way IP communication channel. The Authors propose a strategy for IPv6 introduction into operator infrastructure based on the current network architecture present service portfolio and several transition mechanisms. The strategy has been applied in laboratory with setup close enough to the current operator’s network. The criterion for a successful experiment is full two-way IPv6 application layer connectivity between the IPv6 server and the IPv6 Internet of Things (IoT) cloud

Network and service monitoring in heterogeneous home networks

Home networks are becoming dynamic and technologically heterogeneous. They consist of an increasing number of devices which offer several functionalities and can be used for many different services. In the home, these devices are interconnected using a mixture of networking technologies (for example, Ethernet, Wifi, coaxial cable, or power-line). However, interconnecting these devices is often not easy. The increasing heterogeneity has led to significant device- and service-management complexity. In addition, home networks provide a critical "last meters" access to the public telecom and Internet infrastructure and have a dramatic impact on to the end-to-end reliability and performance of services from these networks. This challenges service providers not only to maintain a satisfactory quality of service level in such heterogeneous home networks, but also to remotely monitor and troubleshoot them. The present thesis work contributes research and several solutions in the field of network and service monitoring in home networks, mainly in three areas: (1) providing automatic device- and service-discovery and configuration, (2) remote management, and (3) providing quality of service (QoS). With regard to the first area, current service discovery technology is designed to relieve the increasing human role in network and service administration. However, the relevant Service Discovery Protocols (SDPs) are lacking crucial features namely: (1) they are not platform- and network-independent, and (2) they do not provide sufficient mechanisms for (device) resource reservation. Consequently, devices implementing different SDPs cannot communicate with each other and share their functionalities and resources in a managed way, especially when they use different network technologies. As a solution to the first problem, we propose a new proxy server architecture that enables IP-based devices and services to be discovered on non-IP based network and vice versa. We implemented the proxy architecture using UPnP respectively Bluetooth SDP as IP- and non-IP-based SDPs. The proxy allows Bluetooth devices and UPnP control points to discover, access, and utilize services located on the other network. Validation experiments with the proxy prototype showed that seamless inter-working can be achieved keeping all proxy functionalities on a single device, thus not requiring modification of currently existing UPnP and Bluetooth end devices. Although the proxy itself taxes the end-to-end performance of the service, it is shown to be still acceptable for an end user. For mitigating resource conflicts in SDPs, we propose a generic resource reservation scheme with properties derived from common SDP operation. Performance studies with a prototype showed that this reservation scheme significantly improves the scalability and sustainability of service access in SDPs, at a minor computational cost. With regard to the second area, it is known that the end-to-end quality of Internet services depends crucially on the performance of the home network. Consequently, service providers require the ability to monitor and configure devices in the home network, behind the home gateway (HG). However, they can only put limited requirements to these off-the-shelf devices, as the consumer electronics market is largely outside their span of control. Therefore they have to make intelligent use of the given device control and management protocols. In this work, we propose an architecture for remote discovery and management of devices in a highly heterogeneous home network. A proof-of-concept is developed for the remote management of UPnP devices in the home with a TR-069/UPnP proxy on the HG. Although this architecture is protocol specific, it can be easily adapted to other web-services based protocols. Service providers are also asking for diagnostic tools with which they can remotely troubleshoot the home networks. One of these tools should be able to gather information about the topology of the home network. Although topology discovery protocols already exist, nothing is known yet about their performance. In this work we propose a set of key performance indicators for home network topology discovery architectures, and how they should be measured. We applied them to the Link-Layer Topology Discovery (LLTD) protocol and the Link-Layer Discovery Protocol (LLDP). Our performance measurement results show that these protocols do not fulfill all the requirements as formulated by the service providers. With regard to the third area, current QoS solutions are mostly based on traffic classification. Because they need to be supported by all devices in the network, they are relatively expensive for home networks. Furthermore, they are not interoperable between different networking technologies. Alternative QoS provision techniques have been proposed in the literature. These techniques require end-user services to pragmatically adapt their properties to the actual condition of the network. For this, the condition of the home network in terms of its available bandwidth, delay, jitter, etc., needs to be known in real time. Appropriate tools for determining the available home network resources do not yet exist. In this work we propose a new method to probe the path capacity and available bandwidth between a server and a client in a home network. The main features of this method are: (a) it does not require adaptation of existing end devices, (b) it does not require pre-knowledge of the link-layer network topology, and (c) it is accurate enough to make reliable QoS predictions for the most relevant home applications. To use these predictions for effective service- or content-adaptation or admission control, one should also know how the state of the home network is expected to change immediately after the current state has been probed. However, not much is known about the stochastic properties of traffic in home networks. Based on a relatively small set of traffic observations in several home networks in the Netherlands, we were able to build a preliminary model for home network traffic dynamics

Development and standardization of an embedded Linux based triple-play IP settop box

Thesis (Master)--Izmir Institute of Technology, Electronics and Communication Engineering, Izmir, 2007Includes bibliographical references (leaves: 46-48)Text in English; Abstract: Turkish and Englishix, 57 leavesWith the recent enhancements to the delivery of IP services and of the video codecs such as h.264, transmission of television through IP-based communication systems has been a viable option. An IP settop box (IPSTB) constructs a bridge between a television set and a broadband IP network such as DSL, cable modem, powerline or wireless broadband. IPSTB brings new challenges for the system designers, especially in the areas of inherently organized home networking systems, protocols, and architectures. Future IPSTB products are candidate to converge the information and entertainment technologies. This thesis suggests newly developed device and service discovery methods for the design of an IPSTB software structure that is compatible with the Universal Plug and Play (UPnP) audio video (AV) device descriptions. At the design process, it suggests optimized communication schemes between the servers that are in the control of service providers, and the consumer IPSTBs. As a newly developed technology, since there is not any standardization for most parts of the overall IPTV system, this thesis takes proven mechanisms as basis and adapts them to the overall design that consists of the hardware drivers, middleware, and the additional programs which helps the middleware to handle the external components of the system connected via USB or serial interfaces. Being an innovative idea, we have used a control system called Virtual Bus Manager so as to communicate between the aforementioned system components. Some system components such as web browser is based on the X Windows architecture, so cross compiling the X system for the embedded platform has also been a challenge for the feasibility of the final design. Being the second part of the Triple-Play system, Voice over IP application has also been included and based on the compilation of open source software for the corresponding embedded system. Finally, the web browser itself has been based on the popular Gecko web-core that is derived from Firefox

Kotiverkon palvelunlaatu

Tietoliikenneverkkojen palvelunlaadulta vaaditaan jatkuvasti enemmän ääni- ja videosovellusten kasvattaessa suosiotaan. Suurin osa vaatimuksista johtuu multimediasovellusten reaaliaikaisuudesta. Reaaliaikaisuuden täyttämiseksi verkko-operaattorilta vaaditaan palvelunlaatuun liittyviä toimia, jotta kuluttaja tuntisi saavansa toimivaa palvelua. Pienimmätkin viiveet ääniliikenteessä saattaa antaa käyttäjälle toimimattomuuden kuvan. Työn tarkoitus on tutkia palveluntarjoajan tekemiä tietoliikenteen priorisointiasetuksia viiveherkille sovelluksille ja saada selville toteutuuko palvelunlaatu kuluttajan näkökulmasta. Opinnäytetyöraporttini käy läpi keskeisimmiltä osilta IP-verkoissa eri tekniikoilla toteutettua multimedialiikennettä ja sen tarvitsemaa kaistanleveyttä. Tutkitaan myös operaattorin tarjoaman palvelunlaadun priorisointitekniikoita ja niiden toteutumista. Lisäksi käydään läpi asiakaslinjan tietoliikenteen nopeuteen vaikuttavia tekijöitä, tutkitaan kotiverkosta mitattuna toteutuneita tuloksia sekä tarkastetaan kotiverkon kaapeleiden kuntoa. Verkon data-analyysit on suoritettu Wireshark-ohjelmalla. Wireshark-ohjelmalla saaduista tuloksista havaitaan selvästi, mitä dataa operaattori on priorisoinut. Mittaustulokset antavat kuvan välimatkan vaikutuksesta yhteysnopeuteen sekä kaapeleiden kunnon tärkeydestä yhteyden toimimiseksi.Increasing voice and video applications require constantly more and more Quality of Service in data networks. Most of the requirements are due to the real-time multimedia applications. Network operator is required Quality of Service activities to fill the requirements of real-time services, so that customers would feel to receive effective service. Even the slightest delay in voice can give an image of inaction for the user. The purpose of this bachelor thesis is to research the service provider’s data prioritizing to delay-sensitive applications and find out if Quality of Service been realized at customers perspective. This thesis presents the main parts of different multimedia technologies and bandwidth requirements in the Internet Protocol networks at the same time re-searching network operator’s prioritizing techniques of Quality of Service and ef-fects to the implementations to customers. This thesis explains also things that affect to bandwidth of telecommunications in customer line, presents the research of the actual bandwidth measuring results, as well as introducing the condition of the home network cables examination. The network data analyses are made by Wireshark software. From the Wireshark’s results can be seen clearly which data is prioritized by the network operator. The results of the research verify the effect of the distance to the bandwidth as well as the importance of the cables good condition

IoT-MQTT based denial of service attack modelling and detection

Internet of Things (IoT) is poised to transform the quality of life and provide new business opportunities with its wide range of applications. However, the bene_ts of this emerging paradigm are coupled with serious cyber security issues. The lack of strong cyber security measures in protecting IoT systems can result in cyber attacks targeting all the layers of IoT architecture which includes the IoT devices, the IoT communication protocols and the services accessing the IoT data. Various IoT malware such as Mirai, BASHLITE and BrickBot show an already rising IoT device based attacks as well as the usage of infected IoT devices to launch other cyber attacks. However, as sustained IoT deployment and functionality are heavily reliant on the use of e_ective data communication protocols, the attacks on other layers of IoT architecture are anticipated to increase. In the IoT landscape, the publish/- subscribe based Message Queuing Telemetry Transport (MQTT) protocol is widely popular. Hence, cyber security threats against the MQTT protocol are projected to rise at par with its increasing use by IoT manufacturers. In particular, the Internet exposed MQTT brokers are vulnerable to protocolbased Application Layer Denial of Service (DoS) attacks, which have been known to cause wide spread service disruptions in legacy systems. In this thesis, we propose Application Layer based DoS attacks that target the authentication and authorisation mechanism of the the MQTT protocol. In addition, we also propose an MQTT protocol attack detection framework based on machine learning. Through extensive experiments, we demonstrate the impact of authentication and authorisation DoS attacks on three opensource MQTT brokers. Based on the proposed DoS attack scenarios, an IoT-MQTT attack dataset was generated to evaluate the e_ectiveness of the proposed framework to detect these malicious attacks. The DoS attack evaluation results obtained indicate that such attacks can overwhelm the MQTT brokers resources even when legitimate access to it was denied and resources were restricted. The evaluations also indicate that the proposed DoS attack scenarios can signi_cantly increase the MQTT message delay, especially in QoS2 messages causing heavy tail latencies. In addition, the proposed MQTT features showed high attack detection accuracy compared to simply using TCP based features to detect MQTT based attacks. It was also observed that the protocol _eld size and length based features drastically reduced the false positive rates and hence, are suitable for detecting IoT based attacks