Secure communication and data processing challenges in the industrial internet

Abstract The next industrial revolution is foreseen to happen with upcoming Industrial Internet that combines massive data collected by industrial sensors with data analysis for improving the efficiency of operations. Collecting, pre-processing, storing and analyzing such real-time data is a complex task with stringent demands on communication intelligence, QoS and security. In this paper we outline some challenges facing the Industrial Internet, namely integration with 5G wireless networks, Software Defined Machines, ownership and smart processing of digital sensor data. We propose a secure communication architecture for the Industrial Internet based on Smart Spaces and Virtual Private LAN Services. It is a position paper, describing state-of-the-art and a roadmap for future research on the Industrial Internet

Fast transmission mechanism for secure VPLS architectures

Abstract Ethernet based secure VPLS (Virtual Private LAN Services) networks require to establish full mesh of VPLS tunnels between the customer sites. However, the tunnel establishment between geographically distant customer sites introduces a significantly high delay to the user traffic transportation. In this article, we propose a novel fast transmission mechanism for secure VPLS architectures to reduce the waiting time before transmitting the data and the average data transmission delay between geographically distant customer sites. The performance of proposed mechanism is analyzed by using a simulation model and a testbed implementation

Enhancing security, scalability and flexibility of virtual private LAN services

Abstract Ethernet based VPLS (Virtual Private LAN Service) networks are now becoming attractive in many enterprise applications due to simple, protocol-independent and cost efficient operation. However, new VPLS applications demand additional requirements, such as elevated security, enhanced scalability and improved flexibility. This paper summarized the results of a thesis which focused to increase the scalability, flexibility and compatibility of secure VPLS networks. First, we propose a scalable secure flat-VPLS architecture based on Host Identity Protocol (HIP) to increase the forwarding and security plane scalability. Then, a secure hierarchical-VPLS architecture has been proposed by extending the previous proposal to achieve control plane scalability as well. To solve the compatibility issues of Spanning Tree Protocol (STP) in VPLS networks, a novel Distributed STP (DSTP) is proposed. Lastly, we propose a novel SDN (Software Defined Networking) based VPLS (SoftVPLS) architecture to overcome tunnel management limitations in legacy secure VPLS architectures. Simulation models and testbed implementations are used to verify the performance of proposed solutions

Software defined VPLS architectures:opportunities and challenges

Abstract Virtual Private LAN Services (VPLS) is an Ethernet based VPN (Virtual Private Network) service which provides protocol independent and high speed multipoint-to-multipoint connectivity. In this article, we discuss the possibility to use emerging networks concepts such as Software Defined Networking (SDN) and Network Function Virtualization (NFV) to improve the performance, flexibility and adaptability of VPLS networks. SDN and NFV based VPLS (SoftVPLS) architectures offer new features such as centralized control, network programmability and abstraction to improve the performance, flexibility and automation of traffic, security and network management functions for future VPLS networks

Analysis of deployment challenges of Host Identity Protocol

Abstract Host Identity Protocol (HIP), a novel internetworking technology proposes separation of the identity-location roles of the Internet Protocol (IP). HIP has been successful from the technological perspectives for network security and mobility, however, it has very limited deployment. In this paper we assess HIP to find the reasons behind its limited deployment and highlight the challenges faced by HIP for its commercial use. We propose technological development and outline deployment strategies for the wide use of HIP. Furthermore, this paper investigates the use of HIP in Software Defined Networks (SDN) to evaluate its performance in new disruptive networking technologies. In a nutshell, this paper presents revealing challenges for the deployment of innovative networking protocols and a way ahead for successful and large scale deployment

Managing mobile relays for secure E2E connectivity of low-power IoT devices

Abstract The widespread Internet of Things (IoT) ecosystems empower the deployment of various Bluetooth Low Energy (BLE) sensor nodes in many ambient assisted living (AAL) type applications. Regardless of their limitations, these low-power IoT sensor nodes need pervasive and secure connections to transfer the aggregated data to the central servers located in remote clouds which will perform further processing and storing functions. The common practice is to use one or multiple dedicated gateways to assist the communication between the sensor and the cloud. This paper presents a mobile-based relay assistance solution for establishing secure end-to-end (E2E) connectivity between low-power IoT sensors and cloud servers without using a dedicated gateway. za The prototype implementation and the described security features verify the technical readiness of the proposed solution

CHIP:collaborative host identity protocol with efficient key establishment for constrained devices in internet of things

Abstract The Internet of Things (IoT) is the next evolutionary paradigm of networking technologies that interconnects almost all the smart objects and intelligent sensors related to human activities, machineries, and environment. IoT technologies and Internet Protocol connectivity enable wide ranges of network devices to communicate irrespective of their resource capabilities and local networks. In order to provide seamless connectivity and interoperability, it is notable to maintain secure end-to-end (E2E) communication links in IoT. However, device constraints and the dynamic link creations make it challenging to use pre-shared keys for every secure E2E communication scenario in IoT. Variants of Host Identity Protocol (HIP) are adopted for constructing dynamic and secure E2E connections among the heterogeneous network devices with imbalanced resource profiles and less or no previous knowledge about each other. We propose a solution called collaborative HIP (CHIP) with an efficient key establishment component for the high resource-constrained devices in IoT. CHIP delegates the expensive cryptographic operations to the resource rich devices in the local networks. Finally, by providing quantitative performance evaluation and descriptive security analysis, we demonstrate the applicability of the key establishment in CHIP for the constrained IoT devices rather than the existing HIP variants

DEMO:mobile relay architecture for low-power IoT devices

Abstract In this paper, we discuss the security issues revolving around the management of VNFs in 5G optical networks; and present a high-level view of work-in-progress by leveraging a Blockchain-over-optical network to mitigate these issues

Secure communication channel architecture for Software Defined Mobile Networks

Abstract A Software-Defined Mobile Network (SDMN) architecture is proposed to enhance the performance, flexibility, and scalability of today’s telecommunication networks. However, SDMN features such as centralized controlling, network programmability, and virtualization introduce new security challenges to telecommunication networks. In this article, we present security challenges related to SDMN communication channels (i.e., control and data channel) and propose a novel secure communication channel architecture based on Host Identity Protocol (HIP). IPsec tunneling and security gateways are widely utilized in present-day mobile networks to secure backhaul communication channels. However, the utilization of legacy IPsec mechanisms in SDMNs is challenging due to limitations such as distributed control, lack of visibility, and limited scalability. The proposed architecture also utilizes IPsec tunnels to secure the SDMN communication channels by eliminating these limitations. The proposed architecture is implemented in a testbed and we analyzed its security features. The performance penalty of security due to the proposed security mechanisms is measured on both control and data channels