Application level active network (alan) server management architecture

This paper presents the details of the policy-based security and resource management architecture for Application Level Active Network (alan) servers.alan is an active network architecture which enables deployment of user-customised processes (proxylets), which enhance the existing services or introduce new services to the end-user, on the select group of servers in anip network. The issues of security and resource management in this scenario are of crucial importance so as to efficiently facilitate and control the resource consumption of user-specified processes on the active servers, as well as to protect the server platforms from unauthorised proxylet deployment or malevolent behaviour. The architecture allowing efficient resource and security control is presented in this paper, including detaileduml diagrams capturing the management functionality, as well as a set of concrete management policies for thealan scenario. The examplexml policies are also given, and the deployment of this architecture in real-life trials is described. This development forms a part of a larger management architecture foralan-enabled networks developed in the context of theist projectandroid (Active Network DistRibuted Open Infrastructure Development).     

A MC-CDMA system analysis in a software radio context

This paper presents a Multi-Carrier Code Division Multiple Access (Mc-Cdma) system analysis in a software radio context. Based on a combination of multi-carrier modulation and code division multiple access,Mc-Cdma benefits from the main advantages from both schemes: high spectral efficiency, high flexibility, multiple access capabilities, etc. It is firstly shown why, nowadays,Mc-Cdma is undoubtedly a high potential candidate for the air interface of the 4G cellular networks. TheMc-Cdma concept and the block-diagrams of the transmitter and the receiver are presented first. Afterwards, the technical issues concerning the processing devices for the implementation ofMc-Cdma systems in a software radio context are analysed. The advantages and disadvantages of Digital Signal Processors (Dsps) and Field Programmable Gate Arrays (Fgpas) components are discussed. The implementation ofMc-Cdma systems and the integration of signal processing algorithms as Fast Hadamard Transform (Fht) and Inverse Fast Fourier Transform (Ifft) are considered and analysed for the first time. Finally, implementation results with a mixed prototyping board are presented. Then, it is shown that a new combination of the flow graphs ofFht andIfft leads to interesting computation savings and that hardware structures asFgpas are more adapted thanDsps to those intensive computation functions. Finally, for the completeMc-Cdma modem implementation, the necessity of a Co-Design methodology is highlighted in order to obtain the best matching between algorithms and architecture.     

Securing communications overAtm networks: the remoteAtm private networks interconnection example

When remoteAtm sites communicate through anAtm public network, a number of security problems arise, such as hacking, eavesdropping and traffic tampering. This paper proposes three contributions to these security problems. Firstly, risks due toAtm technology usage are detailed. Secondly, a survey of existing techniques aiming at securingAtm communications is presented with emphasis on theAtm Forum’s security specifications. Thirdly, a new solution called Safe (which stands for Solution for anAtm Frequent communications Environment) developed in the Démostène project is described. Safe realizes both firewall’s filtering functions and communications protection over theAtm network. The main idea of Safe is to use signaling (Uni 3.1) as a means to exchange security information over the network. This idea has been implemented and introduced to theAtm Forum.     

Network management integrating SNMP/CMIP protocol implementations

In this paper, a new approach to integratingSNMP andCMIP protocols in a network management system is introduced. It is based on the use of proxy systems allowing to integrate SNMP network management agents in a general network management framework based onCMIP. The system architecture for marrying the protocols is first presented. Then the key features of a new protocol gateway implementing the proxy function are described, with emphasis on the explanation of theSNMP/CMIP mapping algorithm and the threshold/event reporting functions.     

nOBS: an ns2 based simulation tool for performance evaluation of TCP traffic in OBS networks

Performance evaluation of tcp traffic in obs networks has been under intensive study, since tcp constitutes the majority of Internet traffic. As a reliable and publicly available simulator, ns2 has been widely used for studying tcp/ip networks; however ns2 lacks many of the components for simulating optical burst switching networks. In this paper, an ns2 based obs simulation tool (nobs), which is built for studying burst assembly, scheduling and contention resolution algorithms in obs networks is presented. The node and link objects in obs are extended in nobs for developing optical nodes and optical links. The ingress, core and egress node functionalities are combined into a common optical node architecture, which comprises agents responsible for burstification, routing and scheduling. The effects of burstification parameters, e.g., burstification timeout, burst size and number of burstification buffers per egress node, on tcp performance are investigated using nobs for different tcp versions and different network topologies.     

Network-controlled mobility within radio access networks based onWLAN technologies

This article presents a network-controlled approach of user terminal mobility within anIP based WirelessLAN Access Network. In a first part, this article makes a review of the mobility support, on the subject of emergingWLAN technologies asHIPERLAN/2 andIEEE 802.11, on the one hand, and, regardingIP networks as currently studied withinIETF, on the other hand. Both types ofIP mobility protocols are presented, either global mobility protocols such as MobileIP, or local mobility management protocols (micro mobility). In the next part, the overall principles of our mobility management approach are explained; this approach is based on the implementation of a new network entity dedicated to the control of user terminal mobility. The last part details a practical implementation of this approach. The implementation is carried out on the basis of Hierarchical MobileIPv6 (HMIPv6). The experimental results confirm the importance to carefully plan and control the user terminal mobility within largeIP based Access Networks, as this brings benefit to the user as well as to the operator.     

Les outils du commerce électronique

Electronic commerce (ec) is a combination of practices, strategies, processes, applications and technologies, enabling business transactions. This paper focuses on software and technologies forec. In the first part, the different categories of applications forec are reviewed. A fully integrated solution does not seem to be the major trend. However, the “best of breed” approach implies an integration problem. The second part of the paper includes modeling languages andec applications core technologies. Theuml appears to be used at different levels in the development of anec solution. Web technologies are continually evolving:XML could be the language of the future for information exchanges between heterogeneous applications. The third part deals with component and application integration. In spite of converging standards for languages as well as for models, system interoperability is a major problem, when informations are to be shared and processes to be jointed. Two major trends can be identified: Web services andEDI approaches.     

TMN implementation strategy based on OSI management standards

In order to facilitate the implementations ofTMN interface protocols/services studied inITU-T, it is very important to define profiles for supportingTMN management service. This paper proposes a concrete method for achieving this based on osi management standards as a promisingTMN implementation method. It proposes an idea of structuring theTMN ISP’S based on the structure of the osi managementISP’S. The paper discusses aTMN based on the osi managementISP’S. Finally the implementation as software is discussed and a software architecture for efficient application development is proposed.     

Strong and privacy-friendly management of federated identities for service provision over UMTS

Mobile subscribers who wish to mutually authenticate to service providers on the Internet utilize existing identity management mechanisms, such as Microsoft .net passport, overlooking the existing trust relationship between the subscriber and the 3G mobile operator and increasing network resources consumption, in an environment that requires security mechanisms that are as lightweight as possible. Furthermore, knowledge as well as the possession of an item, does not distinguish a person uniquely, revealing an inherent security weakness of pin authentication mechanisms. This paper proposes a protocol (3GbioId) for implementing strong identity management for Internet applications over 3G mobile networks. 3GBioId introduces biometrics, as well as the principles of the Liberty Alliance, into the 3G mobile security architecture, targeting to a more effective, secure and lightweight identity management alternative to the existing protocols. The results of a security, privacy, performance, usability and complexity evaluation indicate 3GbioId’s benefits and limits.     

LicenseScript: a logical language for digital rights management

We propose LicenseScript, a language for digital rights management (Drm) based on multiset rewriting and logic programming. LicenseScript enjoys a precise syntax and semantics, and it is rich enough to embed other rights expression languages (Rel). We show that LicenseScript is expressive and flexible by exploring several application domains representing different aspects ofDrm. We present an implementation. Finally, we extend the core of the language to account for multiple devices in authorized domains.     

AIMD-based online MPLS traffic engineering for TCP flows via distributed multi-path routing

With this paper, we propose a distributed online traffic engineering architecture formpls networks. In this architecture, a primary and secondarympls lsp are established from an ingresslsr to every other egresslsr. We propose to split thetcp traffic between the primary and secondary paths using a distributed mechanism based onecn marking andaimd-based rate control. Inspired by the random early detection mechanism for active queue management, we propose a random early reroute scheme to adaptively control the delay difference between the primary and secondarylsps. Considering the adverse effect of packet reordering ontcp performance for packet-based load balancing schemes, we propose that thetcp splitting mechanism operates on a per-flow basis. Using flow-based models developed for Internet traffic and simulations, we show that flow-based distributed multi-path traffic engineering outperforms on a consistent basis the case of a single path in terms of per-flow goodputs. Due to the elimination of out-of-order packet arrivals, flow-based splitting also enhancestcp performance with respect to packet-based splitting especially for longtcp flows that are hit hard by packet reordering. We also compare and contrast two queuing architectures for differential treatment of data packets routed over primary and secondarylsps in thempls data plane, namely first-in-first-out and strict priority queuing. We show through simulations that strict priority queuing is more effective and relatively more robust with respect to the changes in the traffic demand matrix than first-in-first-out queuing in the context of distributed multi-path routing.     

Optimisation de la quantification vectorielle codée par treillis: application au codage des paramètres LSF

Speech coders operating at low bit rates necessitate efficient encoding of the linear predictive coding (Lpc) coefficients. Line spectral Frequencies (Lsf) parameters are currently one of the most efficient choices of transmission parameters for theLpc coefficients. In this paper, an optimized trellis coded vector quantization (Tcvq) scheme for encoding theLsf parameters is presented. When the selection of a proper distortion measure is the most important issue in the design and operation of the encoder, an appropriate weighted distance measure has been used during theTcvq construction process. We further applied the optimizedTcvq system for encoding theLsf parameters of the us Federal Standard (Fs1016) 4.8 kbps speech coder. At lower bit rates, objective and subjective evaluation results show that the incorporatedLsf tcvq encoder performs better than the 34 bits/frameLsf scalar quantizer used originally in the fs1016 coder. The subjective tests reveal also that the 27 bit/frame scheme produces equivalent perceptual quality to that when theLsf parameters are unquantized.     

An evaluation oftcp with explicit congestion notification

We study the effect of Explicit Congestion Notification (ecn) ontcp for relatively large but finite file transfers inip networks, and compare it to other congestion avoidance mechanisms, namely Drop Tail (dt) and Random Early Detection (red). We use simulation to measuretcp performance for transfers initiated by a varying number of end hosts. In contrast to previous work, we focus on situations in which all nodes in the network operate uniformly under the same mechanism (dt orred orecn). Our results show that under such uniform conditionsecn does not necessarily lead to significant improvement intcp goodput, although in no case does it lead to an actual degradation in performance. Our results also show that, withecn, tcp flows benefit from lower overhead for unsuccessful transmissions. Furthermore, lockouts are largely avoided. In other words, in an all-ecn network resources are shared more fairly. Finally, we show that global synchronization is no longer an issue, and argue that currenttcp versions have essentially solved the problem, regardless of the queue management scheme employed.     

Optimizing IP networks in a hybrid IGP/MPLS environment

In this paper, we consider a traffic engineering (te) approach toip networks in a hybridigp/mpls environment. Thoughigp (Interior Gateway Protocol) routing has proven its scalability and reliability, effective traffic engineering has been difficult to achieve in public IP networks because of the limited functional capabilities of conventionalip technologies.mpls (Multi-Protocol Label Switching) on the one hand enhances the possibility to engineer traffic onip networks by allowing explicit routes. But on the other hand it suffers from the scalability (n-square) problem. Hybridigp/mpls approaches rely onip native routing as much as possible and usempls only if necessary. In this work we propose a novel hybrid traffic engineering method based on genetic algorithms, which can be considered as an offlinete approach to handle long or medium-term traffic variations in the range days, weeks or months. In our approach the maximum number of hops anlsp (Label Switched Path) may take and the number oflsps which are applied solely to improve the routing performance, are treated as constraints due to delay considerations and the complexity of management. We apply our method to the German scientific network (b-win) for which a traffic matrix is available and also to some other networks with a simple demand model. We will show results comparing this hybridigp/mpls routing scenario with the result of pureigp routing and that of a full meshmpls with and without traffic splitting.     

Business opportunities throughUMTS-WLAN networks

This article outlines the economic feasibility of mobile operators that combine nationwide mobility with 3G networks and hot spot coverage withWLANS, WLANS are based onHIPERLAN/2 architecture and theUMTS network exploitswCDMA/FDD technology. The evaluated business scenarios are focused on two different deployment areas, in terms of demographic characteristics and mobile penetration: a large and a small European country. The business case spans 2002 to 2011 withUMTS’ roll-out year in 2002 andWLAN’s in 2004, covering indoor hot-spot areas (stations, airports, stadiums, etc.) where demand is high. The demand for thisUMTS-WLAN roaming case is evaluated based on observations from Europe’s current mobile market and its evolution. Usage scenarios of different service packages corresponding to both residential and business markets have been taken into account. Direct investments and operational costs as well as revenue streams from traffic have been calculated. The methodology and the tool developed inACTS-TERA [1] andIST-TONIC [2] projects have been utilized for this case study. Economic conclusions have been derived, presented and discussed using key profitability factors. Profitability for all scenarios and business profiles has been calculated, presented and discussed. It includes a sensitivity analysis in order to identify the major opportunities and threats, for specific service sets as well as critical parameters and uncertainties. A wide audience from mobile operators and service providers to retail companies interested in entering the 3G market, can exploit this information.     

Robust time-frequency distributions based on the robust short time fourier transform

Design of time-frequency distributions (Tfds) that are robust to the impulse noise influence is considered. The robustTfds based on the robust short-time Fourier transform (Stft) are proposed. An efficient procedure to evaluate the robustStft is given. RobustTfds based on the robustStft have better energy concentration around the signal instantaneous frequency (If) than the robustStft itself. Also, theseTfds are more resistant to higher impulse noise than the robustTfds obtained using the local autocorrelation function (Laf) based minimization problem.     

LDPC-based space-time coded OFDM systems: Turbo-EM receiver design with channel state information guessing algorithms

In this paper we study some turbo receiver architectures employing low-density parity check (Ldpc) codes together with orthogonal frequency division multiplexing (Ofdm) for high data rate wireless transmissions. Different demodulation schemes based on expectation-maximization (Em) algorithm are studied along with the channel impulse response (Em) algorithms. We studied differentCir guessing algorithms including the EM-based algorithms such as a space-alternating generalized expectation-maximization algorithm (Sage). It is shown that the proposed turbo-Em receiver employing a soft maximum a posteriori (Map)Em demodulator and a belief propagationLdpc decoder can perform within 1 dB from the ergodic capacity of the studiedMimo ofdm channels. Besides, we find that a suboptimum structure based on a soft interference cancellationMmse filtering demodulator exhibits negligible loss in non-correlated fadingMimo channels but suffer extra performance loss in highly correlatedMimo channels.     

Iterative successive interference cancellation for multi-user DS/CDMA detectors in multipath channels

This paper deals with uplink Direct-Sequence Code Division Multiple Access (DS-CDMA) transmissions over mobile radio channels. A new interference cancellation scheme for multiuser detection, calledSIC/RAKE, is presented. It is based on a modified multistage Successive Interference Cancellation (sic) structure that enables efficient detection in multipath propagation environments, thanks to a single userRAKE receiver incorporated in each unit of thesic structure. Furthermore, a modified version of thesic structure, calledSIC/MMSE, that ensures convergence to theMMSE detector rather than to the decorrelating detector has been suggested. The convergence of theSIC/RAKE andSIC/MMSE methods is proved. Simulation results for the Universal Mobile Telecommunication System (UMTS) have been carried out for flat fading Rayleigh multipath channels, showing that the proposed detector is resistant to the near-far effect and that low performance loss is obtained compared to the single-user bound.     

Architecture d’un réseau actif à base de services Web

This paper presents a novel active architecture for building and deploying network services:aswa, Web Services based Active network Architecture. At the architectural level,aswa defines an active node whose functionalities are divided into the Node Operating System, the Execution Environment, and the Active Applications. At the implementation level,aswa is a Web Services based platform where new components could be added and deployed, in order to dynamically modify network nodes behavior. Applications can be developed with any language and communicate across heterogeneous environments, and across Internet and Intranet structures. At the deployment levelaswa uses an active node approach, and offers a controlled deployment mode. In terms of security, Authentication of deployed code and protection of the nodes is achieved by the use ofhttps and the header extensions of thesoap envelope. Finally to validate this architecture,aswa defines a Firewall as an Active Application to secure the code deployment.     

Rogue-base station detection in WiMax/802.16 wireless access networks

We address the problem of detecting a rogue base station (Bs) in WiMax/802.16 wireless access networks. A rogueBs is a malicious station that impersonates a legitimate access point (Ap). The rogueBs attack represents a major denial-of-service threat against wireless networks. Our approach is based on the observation that inconsistencies in the signal strength reports received by the mobile stations (Mss) can be seen if a rogueBs is present in a network. These reports can be assessed by the legitimate base stations, for instance, when a mobile station undertakes a handover towards anotherBs. Novel algorithms for detecting violations of received signal strength reports consistency are described in this paper. These algorithms can be used by an intrusion detection system localized on the legitimateBss or on a global network management system operating theBss.