Catálogo de publicaciones - libros

With the growth and development of the Internet, understanding the composition and dynamics of network traffic is greatly important for network engineering, planning, design, and attack detection. This paper proposes 10Gbps dynamic flow monitoring and control using IXP2800 network processors with flow dynamic rate-based flow aggregation that ensures scalability of the system. We propose fast and scalable 6-tuple TCAM-based classification, which provides three levels of aggregation and flow control that includes flow metering, marking, queuing and scheduling. Using flow control allows network operators to adjust QoS-level dynamically and restrict malicious activity in the network. The proposed implementation design is based on Radisys ATCA-7010 processing module, containing two IXP2800 network processors and TCAM module for highspeed classifications. Flow information collector can be either implemented on another processing blade, or on external computer. The proposed architecture supports up to 125,000 flows in total.

With constantly increasing complexity of active measurement methods, the issue of processing measurement results becomes important. Similarly to traditional pattern discovery, temporal patterns found in active measurement samples should be provided effective storage and means to compare to other samples. Traditional time series data mining is not applicable to temporal patterns in active measurement time series. This paper proposes a pattern discovery method based on unique features of active measurement results. The method is implemented in form of a database and is used in the paper to verify the proposed method.

Network topology discovery for the large IP networks is a very well studied area of research. Most of the previous work focus on improving the efficiency in terms of time and completeness of network topology discovery algorithms and less attention has been given to the deployment scenarios and user centric view of network topology discovery. In this paper we propose a novel network topology discovery algorithm and a flexible architecture. The silent features of our work are . To the best of our knowledge no existing solution has focused on the above mentioned requirements. After several years of research experience in developing a complete, flexible and scalable solution for network topology discovery we propose to divide it into three loosely coupled components: topology discovery algorithm, topology object generation and persistence, and topology visualization. In this paper we will present our proposed integrated complete network topology discovery solution, discuss the motivation of our proposed architecture, the efficiency and user-friendliness of our work. Our results show that the average accuracy of our algorithm is 92.4% and takes one second to discover 100 network elements.

USN infrastructure means the logical and physical space which consists of all kinds of networks, which provides useful sensing information surrounding human being. It includes wireless sensor network, RFID, Mobile RFID, IP-USN, and wired sensor network. These kinds of network are sensing information providers for human beings and use different technologies to collect information from the environment and provide those information to information consumers. USN middleware provides USN infrastructure abstraction, complicated and integrated sensing information processing, Open Application Interface to the information consumer. The importance of USN middleware security lies in this role of USN middleware. It manages sensor networks and collects sensor data on the behalf of the sensing information consumer. Therefore a malicious consumer can disrupt the sensor networks through USN middleware and collect sensitive sensing information through USN middleware. Or, malicious sensor networks may provide contaminated sensing values to consumers through USN middleware. In this case, all information provided to consumers may be contaminated and destroyed. In this paper, we analyze possible security threats in USN environments. Based on this analysis, possible counter-threat measures can be taken.

There is a growing interest for VoWLAN (Voice over Wireless LAN) services in the advent of network convergence and user mobility. As we design a VoWLAN system capable of handling both intra- and inter-handover real-time data, we should likewise consider its security architecture as compared to WLAN (Wireless LAN) systems. In this paper, we propose a method for VoWLAN that would provide handover and security standards designed to enhance and speed up the authentication process while handover.

The authenticity of the data collected by the sink is pivotal to a lot of WSN applications. But as the monitoring environment and objects are more and more complex, traditional secure protocols are not fit for the false data injection attack. In this paper, EASY, an effective secure routing for false data injection attack is presented. EASY can effectively resolve the contradiction between security requirement and additional load and guarantee to get the required security with the satiable overload.

Secure multi-path routing is a critical issue in security management of WMNs due to its multi-hop nature as each node takes part in routing mechanism making it prone to routing attacks. Security management mechanisms are armed with features such as asymmetric cryptography which are costly in term of computations, transmissions and time delays. In this paper, we propose a security management mechanism for multi-path routing which efficiently uses the characteristics of WMNs, mutual authentication and secrete key cryptography to provide secure multi-path route management. Our management scheme takes less overhead than the available secure multi-path routing mechanisms. Simulation analyses and the performance of the mechanism are presented in support of the proposal.

Conventional network management protocols are insufficient especially in dealing with frequent security attacks. Our research has developed a Mobile Agent Security framework for Autonomic network Management (MASAM) which intends to address the above limitations. In this paper, we aim to evaluate the performance of the MASAM framework when dealing with security attack event management. The evaluation focuses on the traffic cost comparison between the new framework and SNMPv3. Event management traffic models are proposed and utilised to facilitate this evaluation. In order to validate the derived formulas, a corresponding set of simulation experiments have been conducted and the results are analysed. Positive evaluation results have been obtained from three focus points: the entire network, the manager and the managed device. We conclude that the MASAM framework reduces the amount of management traffic generated to respond to security attacks and also scales better than SNMP as a function of network size.

This work design and implement a User-oriented Handoff Control Framework (UHCF) comprising Wireless Sensor Networks, SIP and VoIP. A two-stage strategy is proposed to support user-oriented handoff. The strategy is to detect and collect user’s location information, and determine whether user-oriented is triggered. If a user-oriented handoff is triggered, then a progressive VoIP session is switched smoothly from the old to the new host with the user’s mobility. We also implement User-oriented Handoff Control Framework (UHCF) to a SIP-based VoIP system. Implementation results show that the UHCF with SIP-based VoIP service has deployed successfully by wireless sensor networks, and the system can efficiently assist user-oriented handoff with VoIP service.

The RFID system is a core technology used in building a ubiquitous environment, and is considered an alternative to bar-code identification. The RFID system has become very popular, with various strengths such as fast recognition speed and non-touch detection. However, there are some problems remaining, as the low-cost tag can operate through queries, leading to information exposure and privacy encroachment. Various approaches have been used to increase the security of the system, but the low-cost tag, which has about 5K~10K gates, can only allocate 250~3K gates to security. Therefore, the current study provides a reciprocal authentication solution that can be used with low-cost RFID systems, by splitting 64 bit keys and minimizing calculations. Existing systems divided a 96 bit key into 4 parts. However, the proposed system reduces the key to 32 bits, and reduces communications from 7 down to 5. To increase security, one additional random number is added to the two existing numbers. The previous system only provided XOR calculations, however in the proposed system an additional hash function was added. The added procedure does not increase effectiveness in terms of the XOR calculation, but provides more security to the RFID system, for better use over remote distances.