Alfredo Matos

Who Said That? Privacy at Link Layer

Wireless LAN and other radio broadcast technologies are now in full swing. However, the widespread usage of these technologies comes at the price of location privacy, be it by observing the communication patterns or the interface identifiers. Although a number of network level solutions have been proposed , this paper describes a novel approach to location privacy at the link layer level. We present a generic mechanism and then map it to a real protocol, IEEE 802.11. The work also provides an analysis of the protocol in terms of privacy and performance considerations.

Virtual Identity Framework for Telecom Infrastructures

Identity Management has so far been a field mainly applications and Web focused. This paper describes a novel approach to cross layer identity management that extends digital identities to the network, the virtual identity (VID) framework. The VID framework provides strong privacy to the user, while easily supporting personalization cross-service providers. While other identity management solutions are tailored to one specific application and/or protocol domain, the proposed framework extends the use of one’s digital identity to all aspects of the network and services architecture. It is also the first to consider legal constrains, such as ownership of data and legal intercept issues, in such a broad scope. One major aspect reported here is the relevance for operators.

HIP location privacy framework

Privacy and security are key aspects in future network architectures. The Host Identity Protocol (HIP) is a new proposal which decouples identifiers from locators and may eventually replace conventional addressing and network transport. In this document we propose an architecture that provides location privacy, based on HIP. We further validate our work by implementation and support the feasibility of our protocol by experimentation.

Integrating user Identity Management systems with the Host Identity Protocol

Identity Management (IdM) on the application layer improves the usability and security for end users by offering features like Single Sign-On and attribute provisioning. Unrelated approaches on the network layer introduce identity concepts to solve mobility problems and support multihoming. This paper describes a novel approach to the integration of IdM on the application layer with identity concepts introduced by the Host Identity Protocol (HIP). We propose an integrated architecture combining the advantages of both domains. In this scope, we tackle the mapping between the HIP namespace and user IdM namespace as well as we the management and assignment of user and host identities. The new architecture provides a unified view over user and host identities, enabling the exchange of user and host attributes, while it also provides enhanced security and network features.

Embedding identity in mobile environments

Recent trends bring Identity concepts into the application layer, although usually focusing in web environments. While this enables new solutions, interactions and paradigms at the application layer, the lower layers are neglected, and considered irrelevant for identity purposes. However, making Identity information available to the OSI stack enables enhanced protocols, which better integrate with A4C mechanisms, and provide better cross-layer integration. We present a solution to integrate identity information into all layers of the OSI stack, and enhance it with resolution mechanisms, enabling full fledged use of Identity by lower layers, such as transport and network. In particular, a new mobility paradigm can be created through an identity-dependent design.

Preserving Privacy in Mobile Environments With Virtual Network Stacks

User privacy is a growing requirement in the evolution of communication networks. In this sense, the concept of virtual personae, which corresponds to different identities of the same user, starts getting much attention. However, to provide privacy and non-linkage between these virtual users, a cross-layer approach to identity needs to be supported. This paper proposes a solution to preserve the application layer privacy models by applying the virtual personae concept throughout the network stack. It also proposes mechanisms for non-correlation between identities in 4G mobile environments, and addresses the benefits of the evolving multi-homing characteristics of 4G networks to enrich the non-linkage between identities support of our privacy solution.

User Centric Community Clouds

With the evolution in cloud technologies, users are becoming acquainted with seamless service provision. Nevertheless, clouds are not a user centric technology, and users become completely dependent on service providers. We propose a novel concept for clouds, where users self-organize to create their clouds. We present such an architecture for user-centric clouds, which relies on self-managed clouds based on doctrine and on identity management concepts.

Toward dependable networking: secure location and privacy at the link layer

WLAN and other radio broadcast technologies are now commonplace. However, the widespread usage of these technologies comes at the price of loss of location privacy. Although a number of network-level solutions exist to lessen the problem, we describe an improved approach to location privacy at the link layer. We present a generic mechanism and then map it to the common IEEE 802.11 protocol set. The article finally provides an analysis of our mechanism in terms of privacy and performance.

Waypoint Routing: A Network Layer Privacy Framework

This paper presents a routing framework that embeds location and communication privacy into the routing mechanisms. It conceals endpoint identification by introducing waypoints, through encrypted routing hints, where each waypoint has knoweldge of the next hop, assuring network privacy over several waypoints. Based on IPv6 extension headers and Onion Routing techniques, the network waypoints comply with normal routing procedures, avoiding explicit tunneling or full packet encryption. By focusing on the network as a cooperative entity for privacy preservation, we propose a lightweight approach that can be easily deployed, establishing a good compromise between privacy and optimal routing.

Deploying and testing a NGN testbed IST-daidalos testbed

In the last 3 years a medium size NGN testbed was deployed at the Instituto de Telecomunicações of Aveiro in order to support the validation of the project IST-Daidalos. This paper intends to describe not only the work done in order to setup and maintain this testbed but also to elucidate the community of some of the caveats of creating and managing such a testbed in a environment where most of the prototypes are under specification and requirements change quickly. In this paper we also present some of the methodology used in order to extract results from this testbed and an insight to what can be done in the future.