John Ronan

Evaluation of a DTN convergence layer for the AX.25 network protocol

The AX.25 Link Access Protocol for Amateur Packet Radio is a data link layer protocol derived from the ITU-T X.25 data link protocol with modifications for use by amateur radio operators. One of the authors has produced a prototype AX.25 connected mode DTN Convergence Layer (CL) based on the existing DTN2 reference implementation. Initial testing of this implementation was undertaken on Linux in order to compare the performance of the implementation with the performance of native AX.25 links. Initial results appear to indicate that the current prototype can be up to 25 percent more efficient than using the Linux TCP/IP over AX.25 implementation in certain circumstances. The experimental results also reveal situations where obvious improvements can still be made to the implementation.

Implementation and evaluation of the Shim6 protocol in the Linux kernel

In the changing landscape of the todays Internet, several solutions are under investigation to allow efficient, flexible and scalable multihoming. One of the proposals is shim6, a host-based multihoming solution based on the use of multiple IPv6 addresses on each host. In this work, we first describe the main features of this protocol, then we explain our implementation of shim6, along with the associated security mechanisms in the Linux kernel and, finally, we evaluate its performance. In particular, we analyse the performance impact of the security mechanisms used by shim6 and the impact of shim6 on the performance of end-host systems, especially heavily loaded servers. We conclude by discussing the remaining open issues for a widespread deployment of host-based multihoming techniques such as shim6.

Authentication issues in multi-service residential access Networks

Multi-service residential access networks allow residential customers to choose amongst a variety of service offerings, over a range of Core Networks and subject to user requirements such as QoS, mobility, cost and availability. These issues place requirements on authentication for network access, with a need for mutual authentication of the residential gateway (RG) to the local access point (LAP). The EU-IST project TORRENT is building a testbed providing for multi-service residential access networks in order to demonstrate the benefit of intelligent control, both for the customer and for the network operators and service providers. Adequate security measures are essential in order to secure access to the TORRENT system and services and for QoS provisioning to authorised users. This paper examines the authentication issues for the TORRENT system and presents a public key based authentication protocol for mutually authenticating the RG and the LAP.

An Empirical Evaluation of a Shim6 Implementation

Several solutions are proposed to enable scalable multihoming over IPv6. One of these proposals is Shim6, a host-based multihoming solution based on the modification of the Internet Protocol stack of the host. This modification adds a layer below the transport protocols but above the forwarding layer. As this approach makes the modifications to the network stack transparent, existing applications automatically benefit from Shim6 functionality.

Security and Trustworthiness Threats to Composite Services: Taxonomy, Countermeasures, and Research Directions

This chapter studies not only how traditional threats may affect composite services, but also some of the new challenges that arise from the emerging Future Internet. For instance, while atomic services may, in isolation, comply with privacy requirements, a composition of the same services could lead to violations due to the combined information they manipulate. Furthermore, with volatile services and evolving laws and regulations, a composite service that seemed secure enough at deployment time, may find itself unacceptably compromised some time later. Our main contributions are a taxonomy of threats for composite services in the Future Internet, which organises thirty-two threats within seven categories, and a corresponding taxonomy of thirty-three countermeasures. These results have been devised from analysing service scenarios and their possible abuse with participants from seventeen organisations from industry and academia.