Multidomain Network Based on Programmable Networks: Security Architecture

This paper proposes a generic security architecture designed for a multidomain and multiservice network based on programmable networks. The multiservice network allows users of an IP network to run programmable services using programmable nodes located in the architecture of the network. The programmable nodes execute codes to process active packets, which can carry user data and control information. The multiservice network model defined here considers the more pragmatic trends in programmable networks. In this scenario, new security risks that do not appear in traditional IP networks become visible. These new risks are as a result of the execution of code in the programmable nodes and the processing of the active packets. The proposed security architecture is based on symmetric cryptography in the critical process, combined with an efficient manner of distributing the symmetric keys. Another important contribution has been to scale the security architecture to a multidomain scenario in a single and efficient way.Publicad

Scalable QoS-aware Mobility for Future Mobile Operators

Telecom operators and Internet service providers are heading for a new shift in communications paradigms. The forthcoming convergence of cellular and wireless data networks is often manifested in an “all IP approach” in which all communications are based on an end-to-end IP protocol framework. The approach to network design becomes user and service-centered, so that continuous reachability of mobile users and sustained communication capabilities are default requirements for a prospective architecture. In this article, we describe a network architecture which is able to provide seamless communication mobility, triggered either by the user or by the network, across multiple technologies. The architecture allows for media independent handovers and supports optimized mobility and resource management functions. The main focus of the article is on major technical highlights of mobility and quality-of-service (QoS) management subsystems for converged networks.Publicad

IPv6 Network Mobility

Network Authentication, Authorization, and Accounting has been used since before the days of the Internet as we know it today. Authentication asks the question, “Who or what are you?” Authorization asks, “What are you allowed to do?” And fi nally, accounting wants to know, “What did you do?” These fundamental security building blocks are being used in expanded ways today. The fi rst part of this two-part series focused on the overall concepts of AAA, the elements involved in AAA communications, and highlevel approaches to achieving specifi c AAA goals. It was published in IPJ Volume 10, No. 1[0]. This second part of the series discusses the protocols involved, specifi c applications of AAA, and considerations for the future of AAA

Unificación de los protocolos de multipunto fiable optimizando la escalabilidad y el retardo

Las aplicaciones distribuidas que precisan de un servicio multipunto fiable son muy numerosas, y entre otras es posible citar las siguientes: bases de datos distribuidas, sistemas operativos distribuidos, sistemas de simulación interactiva distribuida y aplicaciones de distribución de software, publicaciones o noticias. Aunque en sus orígenes el dominio de aplicación de tales sistemas distribuidos estaba reducido a una única subred (por ejemplo una Red de Área Local) posteriormente ha surgido la necesidad de ampliar su aplicabilidad a interredes. La aproximación tradicional al problema del multipunto fiable en interredes se ha basado principalmente en los dos siguientes puntos: (1) proporcionar en un mismo protocolo muchas garantías de servicio (por ejemplo fiabilidad, atomicidad y ordenación) y a su vez algunas de éstas en distintos grados, sin tener en cuenta que muchas aplicaciones multipunto que precisan fiabilidad no necesitan otras garantías; y (2) extender al entorno multipunto las soluciones ya adoptadas en el entorno punto a punto sin considerar las características diferenciadoras; y de aquí, que se haya tratado de resolver el problema de la fiabilidad multipunto con protocolos extremo a extremo (protocolos de transporte) y utilizando esquemas de recuperación de errores, centralizados (las retransmisiones se hacen desde un único punto, normalmente la fuente) y globales (los paquetes solicitados se vuelven a enviar al grupo completo). En general, estos planteamientos han dado como resultado protocolos que son ineficientes en tiempo de ejecución, tienen problemas de escalabilidad, no hacen un uso óptimo de los recursos de red y no son adecuados para aplicaciones sensibles al retardo. En esta Tesis se investiga el problema de la fiabilidad multipunto en interredes operando en modo datagrama y se presenta una forma novedosa de enfocar el problema: es más óptimo resolver el problema de la fiabilidad multipunto a nivel de red y separar la fiabilidad de otras garantías de servicio, que pueden ser proporcionadas por un protocolo de nivel superior o por la propia aplicación. Siguiendo este nuevo enfoque se ha diseñado un protocolo multipunto fiable que opera a nivel de red (denominado RMNP). Las características más representativas del RMNP son las siguientes; (1) sigue una aproximación orientada al emisor, lo cual permite lograr un grado muy alto de fiabilidad; (2) plantea un esquema de recuperación de errores distribuido (las retransmisiones se hacen desde ciertos encaminadores intermedios que siempre estarán más cercanos a los miembros que la propia fuente) y de ámbito restringido (el alcance de las retransmisiones está restringido a un cierto número de miembros). Este esquema hace posible optimizar el retardo medio de distribución y disminuir la sobrecarga introducida por las retransmisiones; (3) incorpora en ciertos encaminadores funciones de agregación y filtrado de paquetes de control, que evitan problemas de implosión y reducen el tráfico que fluye hacia la fuente. Con el fin de evaluar el comportamiento del protocolo diseñado, se han realizado pruebas de simulación obteniéndose como principales conclusiones que, el RMNP escala correctamente con el tamaño del grupo, hace un uso óptimo de los recursos de red y es adecuado para aplicaciones sensibles al retardo.---ABSTRACT---There are many distributed applications that require a reliable multicast service, including: distributed databases, distributed operating systems, distributed interactive simulation systems and distribution applications of software, publications or news. Although the application domain of distributed systems of this type was originally confíned to a single subnetwork (for example, a Local Área Network), it later became necessary extend their applicability to internetworks. The traditional approach to the reliable multicast problem in internetworks is based mainly on the following two points: (1) provide a lot of service guarantees in one and the same protocol (for example, reliability, atomicity and ordering) and different levéis of guarantee in some cases, without taking into account that many multicast applications that require reliability do not need other guarantees, and (2) extend solutions adopted in the unicast environment to the multicast environment without taking into account their distinctive characteristics. So, the attempted solutions to the multicast reliability problem were end-to-end protocols (transport protocols) and centralized error recovery schemata (retransmissions made from a single point, normally the source) and global error retrieval schemata (the requested packets are retransmitted to the whole group). Generally, these approaches have resulted in protocols that are inefficient in execution time, have scaling problems, do not make optimum use of network resources and are not suitable for delay-sensitive applications. Here, the multicast reliability problem is investigated in internetworks operating in datagram mode and a new way of approaching the problem is presented: it is better to solve to the multicast reliability problem at network level and sepárate reliability from other service guarantees that can be supplied by a higher protocol or the application itself. A reliable multicast protocol that operates at network level (called RMNP) has been designed on the basis of this new approach. The most representative characteristics of the RMNP are as follows: (1) it takes a transmitter-oriented approach, which provides for a very high reliability level; (2) it provides for an error retrieval schema that is distributed (the retransmissions are made from given intermedíate routers that will always be closer to the members than the source itself) and of restricted scope (the scope of the retransmissions is confined to a given number of members), and this schema makes it possible to optimize the mean distribution delay and reduce the overload caused by retransmissions; (3) some routers include control packet aggregation and filtering functions that prevent implosión problems and reduce the traffic flowing towards the source. Simulation test have been performed in order to evalúate the behaviour of the protocol designed. The main conclusions are that the RMNP scales correctly with group size, makes optimum use of network resources and is suitable for delay-sensitive applications

Practical Evaluation of a Network Mobility Solution

IFIP International Workshop on Networked Applications, Colmenarejo, Madrid/Spain, 6–8 July, 2005As the demand of ubiquitous Internet access and the current trend of all-IP communications keep growing, the necessity of a protocol that provides mobility management increases. The IETF has specified protocols to provide mobility support to individual nodes and networks. The Network Mobility (NEMO) Basic Support protocol is designed for providing mobility at IP level to complete networks, allowing a Mobile Network to change its point of attachment to the Internet, while maintaining ongoing sessions of the nodes of the network. All the mobility management is done by the mobile router whilst the nodes of the network are not even aware of the mobility. The main aim of this article is evaluating the performance of the NEMO Basic Support protocol by using our implementation. We also discuss the design of an implementation of the NEMO Basic Support protocol.Publicad

Caracterización de los enlaces de Internet utilizando tecnología de redes activas

This paper presents the design, implementation and trials of a-clink, which is a hop-by-hop performance estimation tool based on active networks. The paper begins by analyzing different alternatives of hop-by-hop performance estimation tools: pathchar, clink, pchar and nettimer. Based on this analysis, several deficiencies are identified on the different tools. In order to improve the efficiency and accuracy of the estimations, one of the tools is selected, clink, to design an extension based active network technology. This extension, a-clink, has been implemented over the public domain active network platform SARA. The implementation of a-clink has been trialed on a simple active network prototype spanning two universities connected through public Internet, and its results compared with those obtained by the original clink. The paper concludes describing the advantages of the active version of clink over the conventional passive performance estimation tool.Publicad

A practical approach to network-based processing

The usage of general-purpose processors externally attached to routers to play virtually the role of active coprocessors seems a safe and cost-effective approach to add active network capabilities to existing routers. This paper reviews this router-assistant way of making active nodes, addresses the benefits and limitations of this technique, and describes a new platform based on it using an enhanced commercial router. The features new to this type of architecture are transparency, IPv4 and IPv6 support, and full control over layer 3 and above. A practical experience with two applications for path characterization and a transport gateway managing multi-QoS is described.Most of this work has been funded by the IST project GCAP (Global Communication Architecture and Protocols for new QoS services over IPv6 networks) IST-1999-10 504. Further development and application to practical scenarios is being supported by IST project Opium (Open Platform for Integration of UMTS Middleware) IST-2001-36063 and the Spanish MCYT under projects TEL99-0988-C02-01 and AURAS TIC2001-1650-C02-01.Publicad

ABEONA monitored traffic: VANET-assisted cooperative traffic congestion forecasting

The existing mechanisms to monitor vehicular traffic, such as the use of induction loops and cameras, are expensive to deploy and maintain. Vehicular communications opens up a new world of optimization opportunities as each vehicle can be used as a sensor to measure the fundamental variables defining the traffic state (flow, density, and speed). In this article, we propose ABEONA, a beacon-based traffic congestion algorithm and also the name of the Roman goddess of journey, which captures the current and recent-past traffic trends to forecast the near-future road conditions. Compared to the existing monitoring approaches, ABEONA allows for the estimation of the vehicular density and reduces installation and maintenance costs. ABEONA's algorithm incurs low overhead and enables drivers to use forecast traffic congestion events to replan their route accordingly.Publicad

Mecanismos de seguridad en redes activas sobre arquitectura SARA

Active network technology enables fast deployment of new network services tailored to the specific needs of end users, among others features. Nevertheless security issues still are a main concern when considering the industrial adoption of this technology. In this article we describe SARA (Simple Active Router-Assistant) architecture, an active network platform deployed in the context of the IST-GCAP project, and then consider security requirements detected in this architecture, concerning confidentiality, integrity, authentication, no repudiation and retransmission. Later, we present the security protocol proposed which intents to cover all imposed requirements, and finally we will address implementation perspectives using available technologies such as IPSec and SSL

PMIPv6: a network-based localized mobility management solution

European Community's Seventh Framework ProgramPublicad