Network-controlled mobility within radio access networks based onWLAN technologies

This article presents a network-controlled approach of user terminal mobility within anIP based WirelessLAN Access Network. In a first part, this article makes a review of the mobility support, on the subject of emergingWLAN technologies asHIPERLAN/2 andIEEE 802.11, on the one hand, and, regardingIP networks as currently studied withinIETF, on the other hand. Both types ofIP mobility protocols are presented, either global mobility protocols such as MobileIP, or local mobility management protocols (micro mobility). In the next part, the overall principles of our mobility management approach are explained; this approach is based on the implementation of a new network entity dedicated to the control of user terminal mobility. The last part details a practical implementation of this approach. The implementation is carried out on the basis of Hierarchical MobileIPv6 (HMIPv6). The experimental results confirm the importance to carefully plan and control the user terminal mobility within largeIP based Access Networks, as this brings benefit to the user as well as to the operator.     

Un environnement de conception de systèmes distribués basé sur UML

This paper introduces a new environment for developing distributed systems. It is based on theTurtle uml profile. Analysis and design phases, described in previous papers, have been extended with an additional deployment phase. In this new step,Turtle components are deployed over hardware execution nodes, and nodes are connected together throughout links,Turtle deployment diagrams are given a formal semantics inRt-lotos, therefore following the approach used forTurtle analysis and design diagrams. Moreover, the paper presents a Java code generator which outputs appropriate Java code forTurtle deployment diagrams. This code is automatically deployable on networks because it implements node communication using network protocols such asUdp orRmi. ttool, the turtle toolkit has been extended to support these new diagrams and code generators. The attack of protected data exchanged throughout securedHttp sessions serves as example.     

Rogue-base station detection in WiMax/802.16 wireless access networks

We address the problem of detecting a rogue base station (Bs) in WiMax/802.16 wireless access networks. A rogueBs is a malicious station that impersonates a legitimate access point (Ap). The rogueBs attack represents a major denial-of-service threat against wireless networks. Our approach is based on the observation that inconsistencies in the signal strength reports received by the mobile stations (Mss) can be seen if a rogueBs is present in a network. These reports can be assessed by the legitimate base stations, for instance, when a mobile station undertakes a handover towards anotherBs. Novel algorithms for detecting violations of received signal strength reports consistency are described in this paper. These algorithms can be used by an intrusion detection system localized on the legitimateBss or on a global network management system operating theBss.     

TMN implementation strategy based on OSI management standards

In order to facilitate the implementations ofTMN interface protocols/services studied inITU-T, it is very important to define profiles for supportingTMN management service. This paper proposes a concrete method for achieving this based on osi management standards as a promisingTMN implementation method. It proposes an idea of structuring theTMN ISP’S based on the structure of the osi managementISP’S. The paper discusses aTMN based on the osi managementISP’S. Finally the implementation as software is discussed and a software architecture for efficient application development is proposed.     

Application level active network (alan) server management architecture

This paper presents the details of the policy-based security and resource management architecture for Application Level Active Network (alan) servers.alan is an active network architecture which enables deployment of user-customised processes (proxylets), which enhance the existing services or introduce new services to the end-user, on the select group of servers in anip network. The issues of security and resource management in this scenario are of crucial importance so as to efficiently facilitate and control the resource consumption of user-specified processes on the active servers, as well as to protect the server platforms from unauthorised proxylet deployment or malevolent behaviour. The architecture allowing efficient resource and security control is presented in this paper, including detaileduml diagrams capturing the management functionality, as well as a set of concrete management policies for thealan scenario. The examplexml policies are also given, and the deployment of this architecture in real-life trials is described. This development forms a part of a larger management architecture foralan-enabled networks developed in the context of theist projectandroid (Active Network DistRibuted Open Infrastructure Development).     

Optimizing IP networks in a hybrid IGP/MPLS environment

In this paper, we consider a traffic engineering (te) approach toip networks in a hybridigp/mpls environment. Thoughigp (Interior Gateway Protocol) routing has proven its scalability and reliability, effective traffic engineering has been difficult to achieve in public IP networks because of the limited functional capabilities of conventionalip technologies.mpls (Multi-Protocol Label Switching) on the one hand enhances the possibility to engineer traffic onip networks by allowing explicit routes. But on the other hand it suffers from the scalability (n-square) problem. Hybridigp/mpls approaches rely onip native routing as much as possible and usempls only if necessary. In this work we propose a novel hybrid traffic engineering method based on genetic algorithms, which can be considered as an offlinete approach to handle long or medium-term traffic variations in the range days, weeks or months. In our approach the maximum number of hops anlsp (Label Switched Path) may take and the number oflsps which are applied solely to improve the routing performance, are treated as constraints due to delay considerations and the complexity of management. We apply our method to the German scientific network (b-win) for which a traffic matrix is available and also to some other networks with a simple demand model. We will show results comparing this hybridigp/mpls routing scenario with the result of pureigp routing and that of a full meshmpls with and without traffic splitting.     

Strong and privacy-friendly management of federated identities for service provision over UMTS

Mobile subscribers who wish to mutually authenticate to service providers on the Internet utilize existing identity management mechanisms, such as Microsoft .net passport, overlooking the existing trust relationship between the subscriber and the 3G mobile operator and increasing network resources consumption, in an environment that requires security mechanisms that are as lightweight as possible. Furthermore, knowledge as well as the possession of an item, does not distinguish a person uniquely, revealing an inherent security weakness of pin authentication mechanisms. This paper proposes a protocol (3GbioId) for implementing strong identity management for Internet applications over 3G mobile networks. 3GBioId introduces biometrics, as well as the principles of the Liberty Alliance, into the 3G mobile security architecture, targeting to a more effective, secure and lightweight identity management alternative to the existing protocols. The results of a security, privacy, performance, usability and complexity evaluation indicate 3GbioId’s benefits and limits.     

Modélisation de la technique temporelle asynchrone

The evolution towards the integrated broadband communication network is undertaken by several countries. In France, system designers ofCnet in Lannion have assembled an experimental integrated broadband communication network (Ibcn)called Prelude based upon a 4.5 Gbit/s switching matrix and a new and promising transfer mode called the asynchronous time-division technique (Atd).During the project, performance evaluation studies have been carried through, aiming to validate the Atd concepts and to dimension the switching matrix. This paper reviews the Ibcn lab experiments in the world, with operational characteristics;Atd concepts are detailed and the most important features of Ibcn modelling are given. Finally, the network dimensioning is carried through giving packet size, buffers length, loss probabilities and waiting times.     

A taxonomy for medium access control protocols in wireless sensor networks

Wireless sensor networks (Wsns) tend to be highly optimized due to severely restricted constraints. Various medium access control (Mac) protocols forWsns have been proposed, being specially tailored to a target application. This paper proposes a taxonomy for the different mechanisms employed in those protocols. The taxonomy characterizes the protocols according to the methods implemented to handle energy consumption, quality of service and adaptability requirements. We also present an overview of the transceptors found inWsns, identifying how events on communication affect the energy consumption. Based on the taxonomy, we classify existingMac protocols. Finally, we discuss challenging trends inMac protocols forWsns, such as security issues and software radios.     

Securing communications overAtm networks: the remoteAtm private networks interconnection example

When remoteAtm sites communicate through anAtm public network, a number of security problems arise, such as hacking, eavesdropping and traffic tampering. This paper proposes three contributions to these security problems. Firstly, risks due toAtm technology usage are detailed. Secondly, a survey of existing techniques aiming at securingAtm communications is presented with emphasis on theAtm Forum’s security specifications. Thirdly, a new solution called Safe (which stands for Solution for anAtm Frequent communications Environment) developed in the Démostène project is described. Safe realizes both firewall’s filtering functions and communications protection over theAtm network. The main idea of Safe is to use signaling (Uni 3.1) as a means to exchange security information over the network. This idea has been implemented and introduced to theAtm Forum.     

Improving parallel EKF-based nonlinear channel equalization using unscented transformation

The paper presents a new review of parallel Kalman filtering for nonlinear channel equalization. A Network of Extended Kalman Filters (nekf) has already been suggested for this purpose. This equalizer gives recursively a minimum mean squared error (mmse) estimation of a sequence of transmitted symbols according to a state formulation of a digital communication scheme. It is essentially based on two mechanisms: the approximation of the non Gaussiana posteriori probability density function (pdf) of the symbol sequence by a Weighted Gaussian Sum (wgs); and the local linearization of the nonlinear channel function for each branch of the network. Since the linearization, bearing on scattered symbol states, is one of the major limitations of thenekf, a new Kalman filtering approach, the Unscented Kalman Filter (ukf) suggested by Julier and Uhlman is considered in this paper for an interesting adaptation to the equalization context. Theukf algorithm is based on the equations of a Kalman filter, as the optimal linear minimum variance estimator, and on determining conditional expectations based on a kind of deterministic Monte-Carlo simulations. The new equalizer referred to as the Network ofukf (nukf), thus combines density approximation by awgs and the Unscented Transformation (ut) principle to circumvent the linearization brought within eachekf and is shown to perform better than thenekf based equalizer for severe nonlinear channels. Also, an adaptive version of thenukf is developed using the k-means clustering algorithm for noise-free channel output identification, since thenukf-based algorithm does not require the knowledge of the channel nonlinearity model.     

An evaluation oftcp with explicit congestion notification

We study the effect of Explicit Congestion Notification (ecn) ontcp for relatively large but finite file transfers inip networks, and compare it to other congestion avoidance mechanisms, namely Drop Tail (dt) and Random Early Detection (red). We use simulation to measuretcp performance for transfers initiated by a varying number of end hosts. In contrast to previous work, we focus on situations in which all nodes in the network operate uniformly under the same mechanism (dt orred orecn). Our results show that under such uniform conditionsecn does not necessarily lead to significant improvement intcp goodput, although in no case does it lead to an actual degradation in performance. Our results also show that, withecn, tcp flows benefit from lower overhead for unsuccessful transmissions. Furthermore, lockouts are largely avoided. In other words, in an all-ecn network resources are shared more fairly. Finally, we show that global synchronization is no longer an issue, and argue that currenttcp versions have essentially solved the problem, regardless of the queue management scheme employed.     

WLAN standards and evolutions

Wireless Local Area Networks technologies have known an important technological and commercial development. Multiplicity of standards and variety of domains of use make necessary to compose with different technologies that can be seen either as concurrent or complementary. In this article, after positioning the different types of wireless networks (IEEE 802.11, HomeRF,HIPERLAN/2, Bluetooth) for mass market and professional applications destination, some generalities are briefly reminded such as centralised and ad-hoc architectures, regulatory constraints in the 2.45 and 5GHZ frequency bands used forWLAN, typical ranges, mobility and security features and limitations. Then the differentIEEE (802.11, 802.11a et 802.11b) andETSI (HIPERLAN/2) standards are described in details as well as their foreseen evolutions. It appears that 802.11 family of standards would take benefit of the currently existing products to evolve smoothly while integrating new features (broadband 802.11a physical layer, necessary radio features to meet European regulatory requirements, future introduction of Quality of Service schemes…). In the meantime,HIPERLAN/2 which has been specified as a complete system already supports most of those important features and is able to be adapted to various kinds of higher network layers. Lastly, it is shown that interworking schemes between 3G cellular systems andWLAN currently under investigations in 3GPP andETSI BRAN should permit in the future to easily operate wide area and multi-access technology based mobile networks.     

Architecture d’un réseau actif à base de services Web

This paper presents a novel active architecture for building and deploying network services:aswa, Web Services based Active network Architecture. At the architectural level,aswa defines an active node whose functionalities are divided into the Node Operating System, the Execution Environment, and the Active Applications. At the implementation level,aswa is a Web Services based platform where new components could be added and deployed, in order to dynamically modify network nodes behavior. Applications can be developed with any language and communicate across heterogeneous environments, and across Internet and Intranet structures. At the deployment levelaswa uses an active node approach, and offers a controlled deployment mode. In terms of security, Authentication of deployed code and protection of the nodes is achieved by the use ofhttps and the header extensions of thesoap envelope. Finally to validate this architecture,aswa defines a Firewall as an Active Application to secure the code deployment.     

nOBS: an ns2 based simulation tool for performance evaluation of TCP traffic in OBS networks

Performance evaluation of tcp traffic in obs networks has been under intensive study, since tcp constitutes the majority of Internet traffic. As a reliable and publicly available simulator, ns2 has been widely used for studying tcp/ip networks; however ns2 lacks many of the components for simulating optical burst switching networks. In this paper, an ns2 based obs simulation tool (nobs), which is built for studying burst assembly, scheduling and contention resolution algorithms in obs networks is presented. The node and link objects in obs are extended in nobs for developing optical nodes and optical links. The ingress, core and egress node functionalities are combined into a common optical node architecture, which comprises agents responsible for burstification, routing and scheduling. The effects of burstification parameters, e.g., burstification timeout, burst size and number of burstification buffers per egress node, on tcp performance are investigated using nobs for different tcp versions and different network topologies.     

Mastering quality of service in GPRS/UMTS an overview

Quality of Service (QoS) has become a very important issue in networking, covering many performance aspects and numerous measures. The deployment of next generation wireless system includes 2.5G General Packet Radio Service (Gprs), which is the packet-switched extension of the Global System for Mobile communications (Gsm), and Third-Generation (3G) Universal Mobile Telecommunications System (Umts) to meet the needs of larger capacity and higher bit rates. AnUmts packet core network is an IP-based network. The Internet Engineering Task Force (Ietf) Forum developed several IP QoS related mechanisms available for IP transport networks. Service Quality Management (Sqm), one component of Telecommunication Management Network (Tun), will enable providers to manage QoS against objectives set out in customer Service Level Agreements (Slas) and will enable customers to compare the service offerings of different service providers.     

Iterative successive interference cancellation for multi-user DS/CDMA detectors in multipath channels

This paper deals with uplink Direct-Sequence Code Division Multiple Access (DS-CDMA) transmissions over mobile radio channels. A new interference cancellation scheme for multiuser detection, calledSIC/RAKE, is presented. It is based on a modified multistage Successive Interference Cancellation (sic) structure that enables efficient detection in multipath propagation environments, thanks to a single userRAKE receiver incorporated in each unit of thesic structure. Furthermore, a modified version of thesic structure, calledSIC/MMSE, that ensures convergence to theMMSE detector rather than to the decorrelating detector has been suggested. The convergence of theSIC/RAKE andSIC/MMSE methods is proved. Simulation results for the Universal Mobile Telecommunication System (UMTS) have been carried out for flat fading Rayleigh multipath channels, showing that the proposed detector is resistant to the near-far effect and that low performance loss is obtained compared to the single-user bound.     

A countermeasure againstDDOS attacks using active networks technologies

A Distributed Denial of Service (DDoCS) attack consumes the resources of a remote host or network by sending a massive amount ofIP packets from many distributed hosts. It is a pressing problem on the Internet as demonstrated by recent attacks on major e-commerce servers andISPs. Since the attack is distributed and the attack tools evolve at a rapid and alarming rate, an effective solution must be formulated using a distributed and adaptive approach. In this paper, we propose a countermeasure againstDDoCS attacks using a method we call Active Shaping. Our method employs the Active Networks technologies, which incorporates programmability into network nodes. The Active Networks technology enables us to deter congestion and bandwidth consumption of the backbone network caused byDDoCS attacks, and to prevent our system from dropping packets of legitimate users mistakenly. This paper introduces the concept of our method, system design and evaluates the effectiveness of our method using a prototype.