Integration of Internet and telecommunications: an architecture forhybrid services

We propose an architecture for hybrid services, i.e., services that span many network technologies, such as the public switched telephone network (PSTN), cellular networks, and networks based on IP. These services will play an important role in the future because they leverage on the existing infrastructures rather than requiring new and sophisticated mechanisms to be deployed. We explore a few issues related to hybrid services and propose a platform as well as a set of components to facilitate their creation and deployment. The existing infrastructure is only required to generate specific events when requests for hybrid services are detected. We present the design of a service layer, based on Java, that handles the treatment of these special requests. Our service layer is provided with a set of generic components realized according to the JavaBeans model. We illustrate the strength of our architecture by discussing two hybrid-service examples: a calendar service and a call forwarding service     

Management of quality of service enabled VPNs

New emerging IP services based on differentiated services and the IP security architecture offer the level of communication support that corporate Internet applications need nowadays. However, these services add an additional degree of complexity to IP networks which will require sophisticated management support. The management of enhanced IP services for their customers is thus an emerging important task for Internet service providers. This article describes a potential management architecture service providers will need for that task, considering problems such as multiprovider services and service automation. We focus on a quality-enhanced virtual private network service which is particularly useful for corporate internetworking     

Optical networks for local loop applications

Some of the options for optical technology within the local loop environment are examined. In particular, passive shared access networks have been considered in some detail. These networks show great promise for delivering existing telephone services to small to medium business customers (4-30 lines) economically by the early 1990s. Extending fiber to the home will also be possible by virtue of a similar passive network infrastructure for customers requiring new broadband services beyond the single telephone line. For one-line plain old telephone service (POTS) customers, an intermediate approach of terminating the fiber network at the final network distribution point, with copper retained for the final leg, may be used prior to the provision of broadband services. A key feature of the passive optical network architecture is the use of wavelength-division multiplexing (WDM) as an upgrade strategy, allowing graceful upgrading from telephone services to multichannel high-definition television (HDTV) on gigabit/second bearers and full two-way switched broadband services employing wavelength routing across the network     

Security in service-oriented vehicular networks - [Service-oriented broadband wireless network architecture]

Service-oriented vehicular networks support diverse infrastructure-based commercial services including Internet access, real-time traffic concerns, video streaming, and content distribution. The success of service delivery in vehicular networks depends on the underlying communication system to enable the user devices to connect to a large number of communicating peers and even to the Internet. This poses many new research challenges, especially in the aspects of security, user privacy, and billing. In this article we first identify the key requirements of authentication, privacy preservation, and billing for service delivery in vehicular networks. We then review the existing industrial and academic efforts on service- oriented vehicular networks. We also point out two security challenges, minimizing vehicleto- infrastructure authentication latency and distributed public key revocation, which are considered among the most challenging design objectives in service-oriented vehicular networks. A novel fast vehicle-to-infrastructure authentication based on a vehicle mobility prediction scheme and an infrastructure-based short-time certificate management scheme are then proposed to address these two challenges.     

VoIP insecurity

As voice over Internet Protocol (VoIP) moves into the mainstream in the UK, and new IP-based services such as IIPTV become available, there is a serious need to secure these systems. With the public switched telephone network (PSTN), users at all levels have peace of mind that the lines are not only reliable and available, but highly secure. A proactive security strategy which addresses security at multiple levels and understands the unique nature of telecommunication networks is critical to enable organizations and service providers to maximize the true potential of VoIP technology, create cost savings and deliver highly available and reliable services to their customers and employees     

Supplementary services in the H.323 IP telephony network

Traditionally, different networks were developed to handle voice, data, and video. The circuit-switched telephone network carried voice and the packet network carried data. Due to different deployment of these networks, different services were developed, such as voice mail in the telephone network and electronic mail on the Internet. With the revolution of multimedia in the computer industry, voice, video, and data are now being carried on both networks. Supplementary services, such as transfer and forwarding (which were originally developed for private telephone networks and later migrated to public telephone networks) are now being developed for packet networks. The standards for packet networks are being defined in the H.323-based series of ITU-T recommendations. This article provides the H.323 architecture for supplementary services, the differences in deployment of these services between the circuit-switched and packet-switched networks, and interworking of these services across hybrid networks     

一体化标识网络体系及关键技术

现有互联网由于原始设计模式方面的不足,不仅难以满足网络及服务的多元多样性需求,而且在移动性、安全性、可控可管性及服务质量支持方面存在着严重弊端。为解决这些问题,文章提出了一体化标识网络体系,创建了一体化标识网络的＂基础设施层＂和＂普适服务层＂理论及关键技术,建立了原型系统对上述网络体系与关键技术进行验证。实验结果表明,这种新的网络体系在有效地解决现有互联网安全、移动、可控可管等严重弊端的同时,可支持普适服务。     

Interoperability of Security-Enabled Internet of Things

The future Internet will embrace the intelligence of Web 3.0 and the omnipresence of every day connected objects. The later was envisioned as the Internet of Things. Security and interoperability concerns are hindering the service innovations using the Internet of Things. This paper addresses secure access provision to Internet of Things-enabled services and interoperability of security attributes between different administrative domains. In this paper we proposed a layered architecture of Internet of Things framework where a semantically enhanced overlay interlink the other layers and facilitate secure access provision to Internet of Things-enabled services. The main element of semantic overlay is security reasoning through ontologies and semantic rules. Finally the interoperability of security aspect is addressed through ontology and a machine-to-machine platform. This paper provides implementation details of security reasoning and the interoperability aspects and discusses crucial challenges in these areas.     

iSMS: an integration platform for short message service and IPnetworks

This article describes iSMS, a platform that integrates IP networks with the short message service in mobile telephone systems. iSMS provides a generic gateway for creating and hosting wireless data services for mobile stations. Our approach does not require any modification to the mobile telephone system architecture. The iSMS system can be quickly developed and operated by a third party or end user without involvement of mobile equipment manufacturers and telecom operators. Based on the iSMS platform, we illustrate services such as e-mail delivery/forwarding, Web access (e.g., stock and train schedule query) and handset music services. The iSMS platform and the services have been implemented for GSM networks. With iSMS, users are able to use standard GSM handsets to access wireless Internet services, while other approaches like the Wireless Application Protocol and SIM Toolkit services require function-enabled MSs     

Implementing integrated and differentiated services for theInternet with ATM networks: a practical approach

This article reports on design, implementation, and preliminary experimentation of a network architecture that supports quality of service for Internet applications. It gives an overview of the various approaches toward communication networks that support application-specific degrees of QoS. Special emphasis is put on the integrated and differentiated services approaches and on combinations of them. A new architecture is described which aims to bring these concepts closer to practical realization in wide-area networks. The new architecture supports the integrated as well as differentiated services approaches in a smoothly integrated way, and uses the capabilities of an underlying ATM network to realize QoS. The enhancements to the existing network infrastructure are deliberately limited to the integration of a single new type of network element called an edge device. The potential benefits of such an architecture for various stakeholders are explained, and how the new architecture could be introduced smoothly in existing networks by small migration steps, also covering networks based on technologies other than ATM. It is shown that the approach can be scaled up to a very large QoS-aware overlay network for the Internet     

Internet QoS: a big picture

We present a framework for the emerging Internet quality of service (QoS). All the important components of this framework-integrated services, RSVP, differentiated services, multiprotocol label switching (MPLS), and constraint-based routing-are covered. We describe what integrated services and differentiated services are, how they can be implemented, and the problems they have. We then describe why MPLS and constraint-based routing have been introduced into this framework, how they differ from and relate to each other, and where they fit into the differentiated services architecture. Two likely service architectures are presented, and the end-to-end service deliveries in these two architectures are illustrated. We also compare ATM networks to router networks with differentiated services and MPLS. Putting all these together, we give the readers a grasp of the big picture of the emerging Internet QoS     

Roaming and service management in public wireless networks using an innovative policy management architecture

Nowadays, public wireless local area networks (WLANs), commonly called hotspots, are being largely deployed by WISPs (Wireless Internet Service Providers) as a means of offering ubiquitous Internet access to their customers. Although a substantial number of solutions have been proposed to improve security, mobility and quality of service on the wireless area, access network management which is mandatory remains a very significant concern. This paper describes RSM‐WISP, a new management architecture designed for WISPs to facilitate the implementation and management of the services they offer at the access side of the WLAN, and to manage roaming contracts between WISPs. Our architecture is based upon the policy‐based management principles as introduced by the IETF, combined with more intelligence at the network edge. RSM‐WISP adopts an architecture that is composed of two elements: a WISP management center (MC) that deploys policies and monitors all the WLANs, and a programmable access router (CPE) located in each WLAN. The CPE ensures service enforcement, service differentiation (access to different service levels) and guarantee, user access management, and dynamic WLAN adaptation according to the user's SLA (service level agreement). It also permits automatic service updates according to the user's requirements. Concerning roaming management, this is achieved on the CPE through multiple service provider support capabilities. This approach provides WISPs with a simple, flexible and scalable solution that allows easy service deployment and management at the access. This management architecture has been implemented, tested and validated on the 6WINDGate routers. Copyright © 2005 John Wiley & Sons, Ltd.     

An architecture for residential Internet telephony service

A new architecture that can be used for offering an Internet telephony service to residential customers is introduced. The architecture addresses scalability and availability requirements of mass-market deployment of carrier-grade services and supports interconnection with SS7 for Internet telephony calls to the public switched telephone network. The architecture is based on the concept of a gateway decomposition that separates the media transformation function of today's H.323 gateways from the gateway control function of the gateways and centralizes the intelligence in a call agent. The media gateway control protocol is introduced as the protocol between the call agent that assumes the gateway control function and the gateway that provides just the media transformation function. Interworking between the architecture and the public switched telephone network, the session initiation protocol, and H.323 are also discussed     

QoS issues in the converged 3G wireless and wired networks

The Internet evolution delineated through the last years has urged the wireless network community to support the deployment of IP multimedia services with guaranteed quality of service (QoS) in 3G wireless networks. This article copes with the interoperability between 3G wireless networks and wired next-generation IP networks, for the provision of services with an a priori known quality level over both environments. More specifically, the UMTS architecture as well as a prototypical implementation of the next-generation Internet based on DiffServ are considered. The article focuses on the mapping among the traffic classes of the two networks at the point where the networks converge, and discusses the requirements and possible solutions for their proper interworking at the signaling and user levels. Simulations prove that proper mapping among the traffic classes of each world is necessary in order to achieve the desired end-to-end traffic characteristics.     

Programming Internet telephony services

Internet telephony enables a wealth of new service possibilities. Traditional telephony services such as call forwarding, transfer, and 800 number services, can be enhanced by interaction with e-mail, Web, and directory services. Additional media types, like video and interactive chat, can be added as well. One of the challenges in providing these services is how to effectively program them. Programming these services requires decisions regarding where the code executes, how it interfaces with the protocols that deliver the services, and what level of control the code has. In this article we consider this problem in detail. We develop requirements for programming Internet telephony services, and we show that at least two solutions are required-one geared for service creation by trusted users (such as administrators), and one geared for service creation by untrusted users (such as consumers). We review existing techniques for service programmability in the Internet and in the telephone network, and extract the best components of both. The result is a common gateway interface that allows trusted users to develop services, and the call processing language that allows untrusted users to develop services     

SIP security issues: the SIP authentication procedure and its processing load

Session Initiation Protocol (SIP) is currently receiving much attention and seems to be the most promising candidate as a signaling protocol for the current and future IP telephony services, also becoming a real competitor to the plain old telephone service. For the realization of such a scenario, there is an obvious need to provide a certain level of quality and security, comparable to that provided by the traditional telephone systems. While the problem of QoS mostly refers to the network layer, the problem of security is strictly related to the signaling mechanisms and the service provisioning model. For this reason, at present, a very hot topic in the SIP and IP telephony standardization track is security support. In this work, the security model used by SIP is described, and the different open issues are highlighted. We focus, in particular, on the problem of authentication providing a short tutorial on the solution under standardization. The architecture of a possible commercial IP telephony service including user authentication is also described. Finally, we focus on performance issues. By means of a real testbed implementation, we provide an experimental performance analysis of the SIP security mechanisms, based on our open source Java implementation of a SIP proxy server. The performance of the server has been compared with and without security support, under various scenarios.     

Service convergence using MPLS multiservice networks

Enterprises are increasingly using virtual private networks to interconnect remote sites. Traditionally, service providers have used ATM core networks to deliver layer 2 services such as frame relay, ATM, or TDM private lines, which enterprise customers have then used to build their corporate network infrastructure. Such services account for the majority of data service revenues today. However, pressure has increased on service providers to combine increased flexibility with reduced costs in the context of a highly dynamic telecommunications market. Service providers also need to generate new revenues from their IP network infrastructure, through new opportunities such as IP VPNs and virtual private LAN services, while simultaneously achieving operational efficiencies through the convergence of all of their services on a common MPLS backbone. New access and metro network technologies, such as Ethernet, are also emerging that can be used to deliver these new services to enterprise customers alongside ATM and frame relay access. This must be achieved while also supporting existing technologies such as ATM, which continue to deliver highly profitable services. This article discusses the technical challenges in meeting the often conflicting requirements of delivering both traditional layer 2 services and new layer 3 services on a converged MPLS network. We show how both network and service interworking are required, and how these must operate at the user, control, and management planes to enable profitable services to be delivered over the new converged network. The different solutions being defined in the standards bodies are described, and the distinct scenarios they address are explained.     

Internet service monitoring with mobile agents

The Internet Engineering Task Force standardizes new IP technologies such as Differentiated Services and IP security that allow Internet service providers to offer new and enhanced network-level services. There is a need for a measurement infrastructure to monitor services, especially for support of end-to-end services across the Internet. The infrastructure should provide a safe way for customers to monitor the enhanced properties of the services they use. Also, providers should be able to use the infrastructure to ensure provider collaboration. We implemented a mobile-agent-based monitoring infrastructure for new and enhanced IP services     

一种新型的未来互联网体系架构

在当前网络融合、业务融合的发展趋势下,现有的电信网和互联网无法满足安全、可信、可控、可管、泛在等当代通信业务的需求无法满足.本文从未来业务对承载网的需求出发,分析了网络技术的现状,并采用自顶向下的方法提出了一种新的未来网络体系架构.