Catálogo de publicaciones - libros

As today’s networks increase in size and complexity and new network services are deployed, the management becomes more complex and error-prone and the configurations can become inconsistent. To enforce the configuration consistence and integrity, it is necessary to enhance the validation capabilities of the management tools. The Meta-CLI Model presented in this paper captures the dependences among the configuration components and the network service properties and translates them into validation rules. It also translates the device configuration information into tree-like models and checks their integrity and consistence using theses rules.

Service Level Agreement (SLA) is used as the comer stone for building service quality management (SQM) systems. SLA and the processes associated with them, establish a two-way accountability for service, which is negotiated and mutually agreed upon, by customer and service provider. It defines a set of service level indicators and their corresponding Service Level Objectives (SLO), which defines a threshold for the indicator value. Service quality assessment can be accomplished in two modes, on-line and offline. Off-line service level evaluation is performed only at the end of the period of service delivery, whereas on-line service evaluation supports continuous supervision of service quality. This paper presents a method for on-line control of SLA that evaluates indicator value each time an event that changes its value occurs. The method also computes the deadline to reach the corresponding SLO, what is important for pro-active control.

In the future IP networks, a wide range of different service classes must be supported in a network node and different classes of customers will pay different prices for their used node resources based on their Service-Level-Agreements. In this paper, we link the resource allocation issue with pricing strategies and explore the problem of maximizing the revenue of service providers in a network node by optimally allocating a given amount of node resources among multiple service classes. Under the linear pricing strategy, the optimal resource allocation scheme is derived for the case that no firm Quality-of-Service (QoS) guarantees are required for all service classes, which can achieve the maximum revenue in a network node; moreover, the suboptimal allocation scheme is proposed for the case that all classes have their firm QoS (mean delay) requirements, which can satisfy those required QoS guarantees while still being able to achieve very high revenue close to the analytic maximum one.

This work addresses the issues related to authentication in wireless LAN environments, with emphasis on the IEEE 802.11 standard. It proposes an authentication architecture for Wireless networks. This architecture called Wireless Kerberos (W-Kerberos), is based on the Kerberos authentication server and the IEEE 802.1X-EAP model, in order to satisfy both security and mobility needs. It then, provides a mean of protecting the network, assuring mutual authentication, thwarts cryptographic attack risks via a key refreshment mechanism and manages fast and secure Handovers between access points. In addition to authentication, Kerberos has also the advantage of secure communications via encryption.

Location and presence information will provide considerable value to information and communication services. Nevertheless, the users are still concerned about revealing their position data especially to un-trusted third party applications. Furthermore, legal restrictions are effective in most countries that regulate processing of personal data and the protection of privacy in electronic communications. In this paper we propose a novel privacy enhancement solution (PRIVES) which is targeted for location and presence services in the 3G service architecture and uses cryptographic techniques well suited to run in small devices with little computing and power resources. Once a user is granted the permission to localize another user, the location server generates a key used to create pseudonyms that are specific for the localized user. Passed from the watcher to the location server via the application, these pseudonyms identify both the watcher and the desired localized user at the location server, but are opaque to the application. The paper presents architecture and protocols of the proposed solution and discusses the performance increase in comparison with current implementations.

The complexity of factors to consider makes increasingly difficult the design of network security policies. Network security management is by nature a distributed function supplied by the coordination of a variety of devices with different capabilities. Formal evaluation techniques should be used to ensure that correct security network strategy are enforced. In this paper, we propose a new formal tool which allows to describe a given network security strategy, a network topology and the security goals required. The tool includes an evaluation method that checks some security properties and provides information to refine the strategy used. We introduce an example of VPN architecture which validates our approach.

The paper aims at devising a control system for dynamic resource allocation in a packet-oriented satellite network. The traffic to be served is represented by TCP long-lived connections (elephants). A Master Station adaptively assigns bandwidth and transmission parameters (bit and coding rate) to TCP buffers at the earth stations, grouping connections characterized by the same source-destination pair. The assignment is effected according to each pair’s traffic load and fading conditions, in order to reach a common goal. The latter may consist of maximizing the overall TCP goodput, of equalizing the connections’ goodput for global fairness, or a combination thereof. Three different allocation strategies are devised, and their respective performance is compared, under a realistic link budget.

A major challenge for organizations and application service providers (ASP) is to provide high quality network services to geographically dispersed consumers at a reasonable cost. Such providers employ content delivery networks (CDNs) and overlay networks to bring content and applications closer to their service consumers with better quality.

Overlay networks architecture should support high-performance and high-scalability at a low cost. For that end, in addition to the traditional unicast communication, multicast methodologies can be used to deliver content from regional servers to end users. Another important architectural problem is the efficient allocation of objects to servers to minimize storage and distribution costs.

In this work, we suggest a novel hybrid multicast/unicast based architecture and address the optimal allocation and replication of objects. Our model network includes application servers which are potential storage points connected in the overlay network and consumers which are served using multicast and/or unicast traffic. General costs are associated with distribution (download) traffic as well as the storage of objects in the servers.

An optimal object allocation algorithm for tree networks is presented with computational complexity of (). The algorithm automatically selects, for each user, between multicast and unicast distribution. An approximation algorithm for general networks is also suggested. The model and algorithms can be easily extended to the cases where content is updated from multiple locations.

This paper explores the possibility to use a communication protocol other than HTTP under real-time auction applications in order to provide best-suited communication services. We specify a distributed communication architecture named AHS (Auction Handling System) based on the IRC architecture to support real-time auctions. While using the suitable services provided by IRC, this architecture provides auction applications with what we define as required communication services. We also specify a communication protocol, called BSA-protocol, to support interactions between auction participants and the auctioneer in a real-time auction process. This protocol uses the services provided by the IRC-client protocol as well as the channel facilities provided by the IRC architecture for group communications. We report on the encapsulation of this protocol within the IRC-client protocol and on the implementation of a prototype. The originality of this architecture lies in the fact that it both frees auction applications from communication issues and is independent from the auction protocol.

WEP has a potential vulnerability that stems from its adaptation of RC4 algorithm. As indicated by prior researches, given a sufficient collection of packets, speculation on shared key is possible by extracting IVs that matched a specific pattern. With the primary protection becomes void, there is a pressing need for new WLAN security measure. However, establishing new security protocol requires considerable time and financial resources. This research proposes an alternative solution to WEP hacking, without modification on present wireless settings, called Interference-Based Prevention Mechanism.