Key distribution technique for IPTV services with support for admission control and user defined groups

Tese de doutoramento. Engenharia Electrotécnica e de Computadores. Faculdade de Engenharia. Universidade do Porto. 200

Validation of the Security of Participant Control Exchanges in Secure Multicast Content Delivery

In Content Delivery Networks (CDN), as the customer base increases, a point is reached where the capacity of the network and the content server become inadequate. In extreme cases (e.g., world class sporting events), it is impossible to adequately serve the clientele, resulting in extreme customer frustration. In these circumstances, multicast content delivery is an attractive alternative. However, the issue of maintaining control over the customers is difficult. In addition to controlling the access to the network itself, in order to control the access of users to the multicast session, an Authentication, Authorization and Accounting Framework was added to the multicast architecture. A successful authentication of the end user is a prerequisite for authorization and accounting. The Extensible Authentication Protocol (EAP) provides an authentication framework to implement authentication properly, for which more than thirty different available EAP methods exist. While distinguishing the multicast content delivery requirements in terms of functionality and security, we will be able to choose a smaller set of relevant EAP methods accordingly. Given the importance of the role of the ultimate chosen EAP method, we will precisely compare the most likely to be useful methods and eventually pick the Extensible Authentication Protocol - Flexible Authentication via Secure Tunneling (EAP-FAST) framework as the most suitable one. Based on the work on receiver participant controls, we present a validation of the security of the exchanges that are required to ensure adequate control and revenue recovery

Design and Validation of Receiver Access Control in the Automatic Multicast Tunneling Environment

Standard IP multicast offers scalable point-to-multipoint delivery, but no control over who may send and who may receive the data stream. Participant Access Control has been developed by Islam and Atwood, but only for multicast-enabled network regions. Automatic Multicast Tunneling has been developed by the Internet Engineering Task Force. It extends the range of multicast data distribution to unicast-only network regions, but provides no Participant Access Control. We have designed the additional features that AMT must have, so that AMT has the necessary Participant Access Control at the receiver's end in the AMT environment. In addition, we have validated our design model using the AVISPA formal modeling tool, which confirms that the proposed design is secure

Design and Validation of a Secured Tunnel in the Automatic Multicast Tunneling (AMT) Environment

IP multicasting is a communication mechanism in which data are communicated from a server to a set of clients who are interested in receiving those data. Any client can dynamically enter or leave the communication. The main problem of this system is that every client that is interested in receiving the multicast data has to be in a multicast enabled network. The Network Working Group at the Internet Engineering Task Force (IETF) has come up with a solution to this problem. They have developed a protocol named Automatic Multicast Tunneling (AMT). This protocol offers a mechanism to enable the unicast-only clients to join and receive multicast data from a multicast enabled region through an AMT tunnel, which is formed between the two intermediate participants named Gateway and Relay. However, AMT does not provide any Participant Access Control (PAC). Malla has designed an architecture for adding PAC at the receiver’s end in the AMT environment. His work is based on the assumption that the AMT tunnel is secure and the tunnel can recognize and pass the additional message types that his design requires. We have designed the solution to secure the AMT tunnel. We also defined the additional message types. Lastly, we validated our work using the Automated Validation of Internet Security Protocols and Applications (AVISPA) tool to ensure that our design is secure

Performance Evaluation for Secure Internet Group Management Protocol and Group Security Association Management Protocol

Multicast distribution employs the model of many-to-many so that it is a more efficient way of data delivery compared to traditional one-to-one unicast distribution, which can benefit many applications such as media streaming. However, the lack of security features in its nature makes multicast technology much less popular in an open environment such as the Internet. Internet Service Providers (ISPs) take advantage of IP multicast technology’s high efficiency of data delivery to provide Internet Protocol Television (IPTV) to their users. But without the full control on their networks, ISPs can not collect revenue for the services they provide. Secure Internet Group Management Protocol (SIGMP), an extension of Internet Group Management Protocol (IGMP), and Group Security Association Management Protocol (GSAM) have been proposed to enforce receiver access control at the network level of IP multicast. In this thesis, we analyze operational detail and issues of both SIGMP and GSAM. An examination of performance of both protocols is also conducted

Proof-of-Concept Application - Annual Report Year 1

In this document the Cat-COVITE Application for use in the CATNETS Project is introduced and motivated. Furthermore an introduction to the catallactic middleware and Web Services Agreement (WS-Agreement) concepts is given as a basis for the future work. Requirements for the application of Cat-COVITE with in catallactic systems are analysed. Finally the integration of the Cat-COVITE application and the catallactic middleware is described. --Grid Computing

Co-design of Security Aware Power System Distribution Architecture as Cyber Physical System

The modern smart grid would involve deep integration between measurement nodes, communication systems, artificial intelligence, power electronics and distributed resources. On one hand, this type of integration can dramatically improve the grid performance and efficiency, but on the other, it can also introduce new types of vulnerabilities to the grid. To obtain the best performance, while minimizing the risk of vulnerabilities, the physical power system must be designed as a security aware system. In this dissertation, an interoperability and communication framework for microgrid control and Cyber Physical system enhancements is designed and implemented taking into account cyber and physical security aspects. The proposed data-centric interoperability layer provides a common data bus and a resilient control network for seamless integration of distributed energy resources. In addition, a synchronized measurement network and advanced metering infrastructure were developed to provide real-time monitoring for active distribution networks. A hybrid hardware/software testbed environment was developed to represent the smart grid as a cyber-physical system through hardware and software in the loop simulation methods. In addition it provides a flexible interface for remote integration and experimentation of attack scenarios. The work in this dissertation utilizes communication technologies to enhance the performance of the DC microgrids and distribution networks by extending the application of the GPS synchronization to the DC Networks. GPS synchronization allows the operation of distributed DC-DC converters as an interleaved converters system. Along with the GPS synchronization, carrier extraction synchronization technique was developed to improve the system’s security and reliability in the case of GPS signal spoofing or jamming. To improve the integration of the microgrid with the utility system, new synchronization and islanding detection algorithms were developed. The developed algorithms overcome the problem of SCADA and PMU based islanding detection methods such as communication failure and frequency stability. In addition, a real-time energy management system with online optimization was developed to manage the energy resources within the microgrid. The security and privacy were also addressed in both the cyber and physical levels. For the physical design, two techniques were developed to address the physical privacy issues by changing the current and electromagnetic signature. For the cyber level, a security mechanism for IEC 61850 GOOSE messages was developed to address the security shortcomings in the standard

Quality of Service improvements for real time multimedia applications using next generation network architectures and blockchain in Internet Service Provider cooperative scenario

Real time communications are becoming part of our daily life, requiring constrained requisites with the purpose of being enjoyed in harmony by end users. The factors ruling these requisites are Quality of Service parameters of the users' Internet connections. Achieving a satisfactory QoS level for real time communications depends on parameters that are strongly influenced by the quality of the network connections among the Internet Service Providers, which are located in the path between final users and Over The Top service providers that are supplying them with real time services. Final users can be: business people having real time videoconferences, or adopting crytpocurrencies in their exchanges, videogamers playing online games together with others residing in other countries, migrants talking with their relatives or watching their children growing up in their home countries, people with disabilities adopting tecnologies to help them, doctors performing remote surgeries, manufacturers adopting augmented reality devices to perform dangerous tasks. Each of them performing their daily activities are requiring specific QoS parameters to their ISPs, that nowadays seem to be unable to provide them with a satisfactory QoS level for these kinds of real time services. Through the adoption of next generation networks, such as the Information Centric Networking, it would be possible to overcome the QoS problems that nowadays are experienced. By adopting Blockchain technologies, in several use cases, it would be possible to improve those security aspects related to the non-temperability of information and privacy. I started this thesis analyzing next generation architectures enabling real time multimedia communications. In Software Defined Networking, Named Data Networking and Community Information Centric Networking, I highlighted potential approaches to solve QoS problems that are affecting real time multimedia applications. During my experiments I found that applications able to transmit high quality videos, such as 4k or 8k videos, or to directly interact with devices AR/VR enabled are missing for both ICN approaches. Then I proposed a REST interface for the enforcing of a specific QoS parameter, the round trip time (RTT) taking into consideration the specific use case of a game company that connects with the same telecommunication company of the final user. Supposing that the proposed REST APIs have been deployed in the game company and in the ISP, when one or more users are experiencing lag, the game company will try to ask the ISP to reduce the RTT for that specific user or that group of users. This request can be done by performing a call to a method where IP address(es) and the maximum RTT desired are passed. I also proposed other methods, through which it would be possible to retrieve information about the QoS parameters, and exchange, if necessary, an exceeding parameter in change of another one. The proposed REST APIs can also be used in more complex scenarios, where ISPs along the path are chained together, in order to improve the end to end QoS among Over The Top service provider and final users. To store the information exchanged by using the proposed REST APIs, I proposed to adopt a permissioned blockchain, analizying the ISPs cooperative use case with Hyperledger Fabric, where I proposed the adoption of the Proof of Authority consensus algorithm, to increase the throughput in terms of transactions per second. In a specific case that I examined, I am proposing a combination of Information Centric Networking and Blockchain, in an architecture where ISPs are exchanging valuable information regarding final Users, to improve their QoS parameters. I also proposed my smart contract for the gaming delay use case, that can be used to rule the communication among those ISPs that are along the path among OTT and final users. An extension of this work can be done, by defining billing costs for the QoS improvements

Secure and Privacy-Preserving Data Aggregation Protocols for Wireless Sensor Networks

This chapter discusses the need of security and privacy protection mechanisms in aggregation protocols used in wireless sensor networks (WSN). It presents a comprehensive state of the art discussion on the various privacy protection mechanisms used in WSNs and particularly focuses on the CPDA protocols proposed by He et al. (INFOCOM 2007). It identifies a security vulnerability in the CPDA protocol and proposes a mechanism to plug that vulnerability. To demonstrate the need of security in aggregation process, the chapter further presents various threats in WSN aggregation mechanisms. A large number of existing protocols for secure aggregation in WSN are discussed briefly and a protocol is proposed for secure aggregation which can detect false data injected by malicious nodes in a WSN. The performance of the protocol is also presented. The chapter concludes while highlighting some future directions of research in secure data aggregation in WSNs.Comment: 32 pages, 7 figures, 3 table