Proceedings of Seminar on Network Protocols in Operating Systems

The Linux networking stack tends to evolve rapidly, and while there are some excellent documentation written in the past, most of the past documentation gotten (at least partially) outdated over time. The seminar on Network Protocols in Operating Systems was arranged in Aalto University, fall 2012, Department of Communications and Networking to gain a better understanding of the current status of the networking implementation in the Linux kernel. The seminar had 10 participants and each participant was assigned a module from the Linux networking implementation, on which a short paper was to be written. This publications contain the final output of this work. The papers included in the publication are: Kurnikov, Arseny: Linux kernel application interface. Jaakkola, Antti: Implementation of transmission control protocol in Linux. Arianfar, Somaya: TCP’s congestion control implementation in Linux kernel. Budigere, Karthik: Linux implementation study of stream control transmission protocol. Khattak, Fida Ullah: The IPv4 implementation of Linux kernel stack. Boye, Magnus: Netfilter connection tracking and NAT implementation. Korhonen, Jouni: Mobile IPv6 Linux kernel and user space. Soininen, Jonne: Device agnostic network interface. Kalliola, Aapo: Network device drivers in Linux. Varis, Nuutti: Anatomy of a Linux bridge

IEEE 1588 -protokollan soveltuvuus TETRA -tukiaseman aikasynkronointiin

Wireless communications networks often require accurate time synchronisation between base stations. This is a difficult problem because the base stations are geographically distributed. What makes time synchronisation even more challenging is that the base stations are moving to packet switched networks for their network connectivity, which increases the data transmission delay uncertainties. In this thesis three time synchronisation protocols (IEEE 1588 PTP, NTP and SyncE) are examined and IEEE 1588 is chosen for the purpose of synchronisation of the EADS TETRA base station TB3. The IEEE 1588 is a synchronisation protocol based on two-way time data communication between clock master and slave. As packet based synchronisation protocols are sensitive to packet delay variation and asymmetricity of a communications path, these characteristics of potential communications networks are examined. It is found that the delay variation and asymmetricity present a serious challenge to IEEE 1588 implementation in the relevant network environment. A minimal IEEE 1588 protocol is implemented and evaluated with a commercial clock master and slave. The results are compared to the TETRA standard requirements and found to be borderline acceptable. The TETRA requirements would not, however, he reached in a network with more significant packet delay variation or uncontrolled asymmetry. The conclusion is that IEEE 1588 is potentially usable for base station synchronisation, but with serious reservations. The network delay must he completely symmetric between master and slave clocks, and the delay variation must he low. As such IEEE 1588 is most likely not consistently usable before the protocol is supported by network elements on the communication path.Langattomat viestintäverkot vaativat usein tukiasemien aikasynkronointia. Tämä on hankalaa, sillä tukiasemat sijaitsevat etäällä toisistaan. Lisäksi tuki- asemien verkkoyhteydet ovat siirtymässä pakettikytkentäisten tekniikoiden käyttöön, mikä lisää verkon tietoliikenteen viiveitä ja viiveiden vaihteluita. Tässä diplomityössä tutkitaan kolmea aikasynkronointiprotokollaa (IEEE 1588, NTP ja SyncE), ja IEEE 1588 todetaan EADS:n TETRA TB3- tukiaseman synkronointiin parhaiten sopivaksi. IEEE 1588 on synkronointiprotokolla, joka perustuu kaksisuuntaiseen tiedonsiirtoon kelloisännän ja -orjan välillä. Pakettipohjaiset synkronointiprotokollat ovat herkkiä verkon pakettiviiveen vaihtelulle ja epäsymmetrisyydelle, minkä vuoksi näitä verkon ominaisuuksia tarkastellaan. Pakettiviiveen vaihtelun ja epäsymmetrisyyden todetaan olevan merkittävä ongelma IEEE 1588 -protokollan toteuttamiselle tyypillisessä verkkoympäristössä. Pelkistetty IEEE 1588 -protokolla toteutetaan ja sen suorituskyky arvioidaan kaupallisten isäntä- ja orjalaitteiden kanssa. Tuloksia verrataan TETRA-standardin vaatimuksiin. Saavutetun tarkkuuden todetaan olevan niukasti riittävä. TETRA-standardin vaatimukset eivät kuitenkaan täyttyisi verkossa, jonka pakettiviiveiden vaihtelu tai epäsymmetrisyys olisi suurempaa kuin testitapauksissa. Johtopäätelmänä todetaan IEEE 1588 -protokollan olevan mahdollisesti käyttökelpoinen TB3-tukiaseman aikasynkronointiin, mutta vain suurin varauksin. Isäntä- ja orjalaitteen välisen verkon pakettiviiveiden täytyy olla melko pieniä, ja viiveiden täytyy olla symmetrisiä. Tämän vuoksi IEEE 1588 ei todennäköisesti ole käyttökelpoinen laajassa mittakaavassa ennen kuin viestintäväylällä olevat verkkolaitteet tukevat protokollaa

Secure keying scheme for network slicing in 5G architecture

Abstract Network slicing is one of the key enabling technologies of evolving fifth generation (5G) mobile communication that fulfills multitudes of service demands of 5G networks. Although the concept of network slicing, its deployment scenarios and some security aspects like slice isolation are discussed in detail, key management for network slicing based applications is still not a well-investigated research area. In this paper, we propose a secure keying scheme that is suitable for network slicing architecture when the slices are accessed by the third party applications. Since the secure keying scheme is designed using a multi-party computation mechanism, it ensures the consent of monitored use cases or devices which the data is acquired. We discuss the performance, scalability and security properties of the keying scheme to demonstrate its appropriateness under evolving 5G paradigm

Data Anonymization as a Vector Quantization Problem: Control Over Privacy for Health Data

Part 2: Special Session on Privacy Aware Machine Learning for Health Data Science (PAML 2016)International audienceThis paper tackles the topic of data anonymization from a vector quantization point of view. The admitted goal in this work is to provide means of performing data anonymization to avoid single individual or group re-identification from a data set, while maintaining as much as possible (and in a very specific sense) data integrity and structure. The structure of the data is first captured by clustering (with a vector quantization approach), and we propose to use the properties of this vector quantization to anonymize the data. Under some assumptions over possible computations to be performed on the data, we give a framework for identifying and “pushing back outliers in the crowd”, in this clustering sense, as well as anonymizing cluster members while preserving cluster-level statistics and structure as defined by the assumptions (density, pairwise distances, cluster shape and members...)