IP Address Management

Anything connected to the Internet needs, at some point, to pick up a globally unique address to identify it among everything else on the Internet. In the case of today's Internet, these addresses are Internet protocol version 4 (IPv4) addresses and they are limited in number. Responsibility for management of this limited resource is delegated from a global level through regional organisations and ultimately to individual Internet service providers. In order to gain maximum use out of the available number of addresses against the background of explosive growth in the size of the Internet, this valuable resource has to be carefully managed to ensure that there is enough to go round. This paper discusses what IP addresses are, the global organisations used to manage IP addresses, and how BT manages its IP addresses.     

RAA: a ring-based address autoconfiguration protocol in mobile ad hoc networks

The problem for dynamic IP address assignment is manifest in mobile ad hoc networks, especially in 4G all-IP-based heterogeneous networks. Existing solutions are mainly riveted to decentralized algorithms, applying a large number of broadcast messages to (1) maintain available IP address pools and (2) ensure no address duplication occurring. In this paper, we propose a ring-based address autoconfiguration protocol to configure node addresses. This work aims at the decentralized ring-based address autoconfiguration (DRAA) protocol, which has the advantage of low latency, low communication overhead and high uninterruptible connection. The DRAA protocol is a low-latency solution because each node independently allocates partial IP addresses and does not need to perform the duplicate addresses detection (DAD) during the node-join operation. Communication overhead is significantly lessened in that DRAA protocol uses the logical ring, thus utilizing fewer control messages solely by means of uni-cast messages to distribute address resources and to retrieve invalid addresses. Furthermore, if duplicate addresses are shown at network merging, the DRAA protocol checks the number of both TCP connections and of nodes to allow duplicate nodes to rejoin the smaller network so that lost connections are fast re-connected. To improve communication overhead and provide the evenness of address resources, the centralized ring-based address autoconfiguration (CRAA) protocol is discussed. The CRAA protocol reduces larger numbers of broadcast messages during network merging. The other contribution is that our CRAA protocol also has an even capability so that address resources can be evenly distributed in each node in networks; this accounts for the reason our solution is suitable for large-scale networks. Finally, the performance analysis illustrates performance achievements of RAA protocols. The simulation result shows that the DRAA protocol has the shortest latency, that the CRAA protocol has the capability to evenly distribute address resources and that both of DRAA and CRAA protocols are the good solutions which achieve low communication overhead and high uninterruptible connection.     

基于口令认证的RFID系统安全协议及其BAN逻辑分析

本文提出一种新的基于口令认证的RFID系统安全协议.该方法充分利用RFID低等级标签提供的有限资源:访问口令(PW)、标签的标识码(ID)和伪随机函数等建立RFID系统读写器和标签双向认证的安全协议,对该协议抵抗各种攻击的安全性进行理论分析并对该协议的认证功能进行BAN逻辑的形式化分析.结果表明该协议能够有效抵御在线和离线字典攻击、伪装攻击、重放攻击以及流量分析和跟踪攻击,因而解决了RFID系统的安全问题.     

Behavior and classification of NAT devices and implications for NAT traversal

For a long time, traditional client-server communication was the predominant communication paradigm of the Internet. Network address translation devices emerged to help with the limited availability of IP addresses and were designed with the hypothesis of asymmetric connection establishment in mind. But with the growing success of peer-to-peer applications, this assumption is no longer true. Consequently network address translation traversal became a field of intensive research and standardization for enabling efficient operation of new services. This article provides a comprehensive overview of NAT and introduces established NAT traversal techniques. A new categorization of applications into four NAT traversal service categories helps to determine applicable techniques for NAT traversal. The interactive connectivity establishment framework is categorized, and a new framework is introduced that addresses scenarios that are not supported by ICE. Current results from a field test on NAT behavior and the success ratio of NAT traversal techniques support the feasibility of this classification.     

SBA: An Efficient Algorithm for Address Assignment in ZigBee Networks

ZigBee Specification defines a distributed address assignment mechanism (DAAM) for assigning addresses to nodes in ZigBee networks. However, some nodes are likely not to get addresses as DAAM limits the number of child nodes of a router in advance. To address this problem with the spare addresses that DAAM does not use, we first derive an upper bound of the probability that DAAM exhausts the 16-bit address space, and then propose a segmentation-based algorithm (SBA) for on-demand scalable address assignment in ZigBee networks. Through segmenting the 16-bit address space according to the maximum address predefined by DAAM, SBA enables a router to use the addresses in new space segments if it has insufficient addresses to accommodate child nodes. In addition, the tree routing protocol is improved to suit extended addresses. Performance analysis and numerical results reveal that SBA outperforms DAAM and its two improvement versions in terms of the success rate of address assignment, communication overhead, and the average time spent to assign an address.     

Fast Duplicate Address Detection for Seamless Inter-Domain Handoff in All-IPv6 Mobile Networks

In All-IP networks, each computer or communication equipment needs an IP address. To supply enough IP addresses, the new Internet protocol IPv6 will be used in next generation mobile communication. Although IPv6 improves the existing Internet protocol (IPv4), Duplicate Address Detection (DAD) mechanism may consume resources and suffer from long delay. DAD is used to make sure whether the IP address is unique or not. When a mobile node performs an inter-domain handoff, it will first generate a new IP and perform a DAD procedure. The DAD procedure not only wastes time but also increases the signaling load on Internet. In this paper, we propose a new DAD mechanism to speed up the DAD procedure. We create a DAD table in access or mobility routers in All-IP networks and record all IP addresses of the area. When a new IP address needs to perform DAD, it can just search in the DAD table to confirm the uniqueness of the address. Furthermore, we propose a new method, Fast Duplicate Address Detection (Fast DAD), to reduce data search time. Simulation results show that our method outperforms the existing DAD methods.     

Automatic and dynamic network establishment for linear WSNs

The deployment of wireless sensor networks (WSNs) in the mostly linear large structures, such as rivers, pipelines, etc, suffers from being the worst case for classical addressing schemes, e.g. distributed address assignment mechanism (DAAM) or stochastic addressing for Zigbee. Using DAAM for physical topologies composed of long lines of nodes connected together wastes addresses and generates orphan nodes. We show in this paper the inherent limitations of classical (DAAM, stochastic) and specialized (usually cluster-orientated) addressing schemes for Linear WSNs. DiscoProto, is an addressing and routing scheme which builds a logical network corresponding to a corresponding physical linear network without any knowledge of physical topology. In this paper, we show thanks to a realistic simulation using Castalia (Omnet based simulator) that DiscoProto avoids waste of addresses and allows a high association ratio. We also propose a dynamic version of our protocol called Dynamic DiscoProto in the second part of the paper. Dynamic DiscoProto allows to add new nodes or new branches in an existing linear network.

     

A CMOS adaptive RF front-end receiver for wireless applications

The performance of signal-processing algorithms implemented in hardware depends on the efficiency of datapath, memory speed and address computation. Pattern of data access in signal-processing applications is complex and it is desirable to execute the innermost loop of a kernel in a single-clock cycle. This necessitates the generation of typically three addresses per clock: two addresses for data sample/coefficient and one for the storage of processed data. Most of the Reconfigurable Processors, designed for multimedia, focus on mapping the multimedia applications written in a high-level language directly on to the reconfigurable fabric, implying the use of same datapath resources for kernel processing and address generation. This results in inconsistent and non-optimal use of finite datapath resources. Presence of a set of dedicated, efficient Address Generator Units (AGUs) helps in better utilisation of the datapath elements by using them only for kernel operations; and will certainly enhance the performance. This article focuses on the design and application-specific integrated circuit implementation of address generators for complex addressing modes required by multimedia signal-processing kernels. A novel algorithm and hardware for AGU is developed for accessing data and coefficients in a bit-reversed order for fast Fourier transform kernel spanning over log?₂ N stages, AGUs for zig-zag-ordered data access for entropy coding after Discrete Cosine Transform (DCT), convolution kernels with stored/streaming data, accessing data for motion estimation using the block-matching technique and other conventional addressing modes. When mapped to hardware, they scale linearly in gate complexity with increase in the size.     

Design and Realization of a Novel Header Compression Scheme for Ad Hoc Networks

IP header compression schemes offer a valuable measure for bandwidth preservation. Such schemes have been practically implemented in infrastructure‐based IP networks for point‐to‐point links. However, minimal research and practical implementation efforts have been conducted in the direction of an IP header compression strategy that can meet the peculiar requirements of multi‐hop ad hoc wireless networks. In this paper, we present a practically implemented multi‐hop IP header compression scheme using the Robust Header Compression (ROHC) protocol suite. The scheme runs on a novel identifier (ID) based networking architecture, known as an ID‐based ad hoc network (IDHOCNET). IDHOCNET additionally solves a number of bottlenecks of pure IP‐based ad hoc networks that have emerged owing to IP address auto‐configuration service, distributed naming and name resolution, and the role of an IP address as an identifier at the application layer. The proposed scheme was tested on a multi‐hop test bed. The results show that the implemented scheme has better gain and requires only O (1) ROHC contexts.     

IPv6

The Internet is changing - as it has to, because IPv4 does not support enough addresses for everyone alive today, let alone proliferating embedded and mobile devices. This paper discusses the advantages of Internet protocol version 6 (IPv6) over IPv4. The main advantage of IPv6 is the increase in the number of addresses available for networked devices, allowing, for example, each mobile phone and mobile electronic device to have its own IP address     

Enhancing Location Privacy in Wireless LAN Through Disposable Interface Identifiers: A Quantitative Analysis

The recent proliferation of wireless local area networks (WLAN) has introduced new location privacy risks. An adversary controlling several access points could triangulate a client’s position. In addition, interface identifiers uniquely identify each client, allowing tracking of location over time. We enhance location privacy through frequent disposal of a client’s interface identifier. While not preventing triangulation per se, it protects against an adversary following a user’s movements over time. Design challenges include selecting new interface identifiers, detecting address collisions at the MAC layer, and timing identifier switches to balance network disruptions against privacy protection. Using a modified authentication protocol, network operators can still control access to their network. An analysis of a public WLAN usage trace shows that disposing addresses before reassociation already yields significant privacy improvements. Marco Gruteser is a Ph.D. candidate in computer science, advised by Prof. Dirk Grunwald at the University of Colorado at Boulder. His research interests include location privacy, context-aware applications, and wireless networks. He received his MS in computer science from the University of Colorado at Boulder and completed a Vordiplom at the Technical University Darmstadt, Germany. During a one-year leave at the IBM T.J. Watson Research Center, he developed software infrastructure that integrates sensors to support context-aware applications in the BlueSpace smart office project. He is a student member of the ACM. Contact him at Campus Box 430, Boulder, CO 80309-0430;. Dirk Grunwald received his Ph.D. from the University of Illinois in 1989 and joined the University of Colorado the same year. His work addresses research and teaching in the broad area of “computer systems”, which includes computer architecture, operating systems, networks, and storage systems. His interests also include issues in pervasive computing, novel computing models, and enjoying the mountains. He is currently an Associate Professor in the Department of Computer Science and in Electrical and Computer Engineering and is also the Director of the Colorado Center for Information Storage.This revised version was published online in AUgust 2005 with a corrected cover date.     

Mutually Trusted Authority-Free Secret Sharing Schemes

Traditional secret sharing schemes involve the use of a mutually trusted authority to assist in the generation and distribution of shares that will allow a secret to be protected among a set of participants. In contrast, this paper addresses the problem of establishing secret sharing schemes for a given access structure without the use of a mutually trusted authority. A general protocol is discussed and several implementations of this protocol are presented. Several efficiency measures are proposed and we consider how to refine the general protocol in order to improve the efficiency with respect to each of the proposed measures. Special attention is given to mutually trusted authority-free threshold schemes. Constructions are presented for such threshold schemes that are shown to be optimal with respect to each of the proposed efficiency measures. Received 13 September 1995 and revised 10 April 1996     

Using DHCP with computers that move

The Dynamic Host Configuration Protocol (DHCP) was designed to allow the frequent allocation of resources and configuration information useful to Internet hosts at boot time, including Internet addresses in particular. It turns out that getting a new Internet address is crucial to the problem of enabling the movement of Internet hosts from one network to another, and thus DHCP is quite relevant to the problem of providing seamless, transparent mobility to Internet hosts. We decided to investigate the ways that DHCP could be of assistance in this regard. Since the DHCP protocol was not itself designed for the purpose of providing host mobility, a number of problems arise. Our experience with deploying DHCP, and our proposed mechanisms for the use of DHCP with mobile computers, are the subjects of this paper.     

基于身份与位置分离的嵌套移动网络路由优化机制

基于移动IPv6嵌套移动网络中存在的路由优化问题,本质上是由传统互联网的体系结构造成的.在传统互联网体系结构中,IP地址同时代表了节点的身份标识和位置标识,这种双重功能不利于节点的移动.针对这一问题,本文提出一种身份与位置分离的体系结构,IP地址只作为节点的位置标识,引入端点标识符作为通信双方的身份标识,使得当节点的地址改变时通信双方的连接不中断.在该身份与位置分离体系结构基础上,提出一种嵌套移动网络的路由优化机制,利用封装在IPv6逐跳选项报头中的路由更新选项、路由确认选项和路由删除选项进行路由优化.性能分析结果表明,该机制具有较低的报文开销和路由更新时延.     

SIP-based enterprise converged networks for voice/video-over-IP: implementation and evaluation of components

The next generation of enterprise networks is undergoing major changes as a plethora of new architectures, applications, and services begin to roll out within businesses. In general, the world of voice/telephony, video, and data are "converging" into a global communications network. The purpose of this paper is twofold. First, the design, analysis, and performance of a session initiation protocol (SIP)-based videoconferencing desktop client, which has been developed and deployed over Internet2, is presented. Second, a guideline for managing SIP-based services to be deployed within enterprises, which addresses several challenges in each layer, such as network address translator (NAT)/FW issues, directory service integration issues, and interoperability issues, is proposed. Several detailed experimental results related to interoperability and conformance that were carried out are presented. Findings of extensive SIP/NAT traversal analysis through network traffic measurements are reported. The lessons learned from both the design of a new SIP-based voice/video client, as well as management challenges with enterprise deployment are highlighted.     

A protocol for automatic node discovery in CANopen networks

The correct operation of the CANopen protocol relies on the assumption that each node in the network be identified uniquely. To this extent, the CANopen specifications provide a means to remotely configure the addresses of the slave devices attached to the CAN bus. This technique, however, requires that each device has to be connected separately to a configuration tool. CANopen, in fact, does not have a mechanism to identify, in an efficient and reliable way, the nodes that do not have an associated address when they have already been connected to the network. In this paper, we present a new automatic node discovery protocol, which is able to eliminate such drawbacks. Our technique can be used to identify the nonconfigured nodes directly in the final system and is conceived as an extension of the basic layer setting services of CANopen, so as to provide a very good degree of compatibility with the existing devices.     

Hybrid mobile backbone network routing with flow control and distance awareness (MBNR-FC/DA)

The mobile backbone network (MBN) architecture has been introduced to synthesize robust, scalable and efficient mobile ad hoc wireless networks that support multimedia flows. Backbone capable nodes are dynamically elected to construct a mobile backbone (Bnet). In this article, we present a hybrid routing mechanism for such networks, identified as MBN routing with flow control and distance awareness (MBNR-FC/DA) scheme. Flows that travel a distance longer than a threshold level are routed across the Bnet. This induces a significant reduction in the route discovery control overhead, yielding a highly scalable operation. In turn, a limited span global route discovery process is invoked for routing shorter distance flows. Discovered global routes use effectively the capacity of non-backbone wireless links. Such an operation serves to upgrade the network’s throughput capacity level when the backbone network does not provide global topological covering. The hybrid routing protocol introduced and studied in this paper, also employs combined nodal congestion control and flow admission control schemes to guide admitted flows across areas that are less congested, and to avoid overloading the network. We present a centralized procedure as well as a distributed adaptive scheme for the calculation of the distance threshold level under varying traffic loading and backbone coverage conditions. We show our schemes to make efficient use of network-wide capacity resources by dynamically selecting proper distance threshold levels, yielding outstanding delay–throughput performance.     

An RFID Based Multi-batch Supply Chain Systems

Application of RFID tags had provided a great convenience in supply chain systems. In this paper, an improved version of Cai et al. protocol which was specifically designed for supply chains application is proposed. The Cai et al. RFID system architecture is modified that includes a batch identifier and a path configuration features in order to accommodate multi-batch operation requirements in supply chain systems. Other important requirements in supply chain systems which had been found in relevant articles are also summarized. In addition, requirements of mutual authentication, missing tag identification, and multi-batch operation ability are investigated. We summarize the vulnerabilities of former protocol and propose a new protocol, which employs an  RFID verification scheme, for supply chain systems. Two protocols are presented which included the tags reading protocol with mutual authentication between tags and reader/partner, and the updating protocol (renewing the related secrets). We also modified the handover process and made it more reasonable. The proposed protocol satisfies most of the requirements of supply chain systems and allows multi-batch operation of products. Other merits of our solutions are: collision-free, missing tag identification, and high efficiency. Hence, the overall performance and security of supply chain systems are improved.     

Omissions and ambiguities in CCITT Recommendation Q.921

The data link layer protocol for the integrated services digital network (ISDN) user/network interface, known as link access protocol-D (LAPD), is a protocol that operates at layer 2 of the open systems interconnection (OSI) architecture. Its purpose is to safely convey information between layer 3 entities using the D-channel. The information types that LAPD is intended to transport include call control signaling, packet mode communications, and management information. Observations are made in this article about what are, in the authors' opinion, the most confusing points of CCITT Recommendation Q.921 with comments related to data link layer address field, broadcast connections, terminal endpoint identifier (TEI) management procedures, layer 2 frames exchange, and connection management entity response to MDL-error indication primitives. This article intends solely to clarify the recommendations so that their concepts and procedures become easier to understand and implement, which can lead to significant saving of time for those who must eventually use LAPD procedures or develop the software for handling them     

Advocating a Remote Socket Architecture for Internet Access Using Wireless LANs

One challenge in the development of telecommunication networks is the seamless integration of wireless devices into the global Internet. Although it is well known that the Internet protocols were designed for heterogeneous networks an end-system with the usual Internet protocol stack will suffer an inefficient communication while connected via a wireless link. The protocol mechanisms of the transport layer can lead to poor performance in case of TCP and a high loss rate in case of UDP. In this paper we advocate a Remote Socket Architecture (ReSoA) which is a kind of proxy-oriented architecture for wireless Internet access in Wireless LAN environment. This approach allows the use of a thin protocol stack on the wireless end-system to save scarce resources and a tailored protocol for the wireless link without breaking the original TCP semantics. We show the suitability of ReSoA by comparing its performance with that of pure TCP and Berkeley Snoop through actual measurements in a test environment.