Juanjo Unzilla

Toward an SDN-enabled NFV architecture

This article presents the progressive evolution of NFV from the initial SDN-agnostic initiative to a fully SDN-enabled NFV solution, where SDN is not only used as infrastructure support but also influences how virtual network functions (VNFs) are designed. In the latest approach, when possible, stateless processing in the VNF shifts from the computing element to the networking element. To support these claims, the article presents the implementation of a flow-based network access control solution, with an SDN-enabled VNF built on IEEE 802.1x, which establishes services as sets of flow definitions that are authorized as the result of an end user authentication process. Enforcing the access to the network is done at the network element, while the authentication and authorization state is maintained at the compute element. The application of this proposal allows the performance to be enhanced, while traffic in the control channel is reduced to a minimum. The SDN-enabled NFV approach sets the foundation to increase the areas of application of NFV, in particular in those areas where massive stateless processing of packets is expected.

Service description in the NFV revolution: Trends, challenges and a way forward

The telecommunications landscape has been undergoing a major shift in recent years. Initially Software Defined Networking (SDN), and then Network Function Virtualization (NFV) have opened up new ways of looking at the increasingly demanding service provider scenario. The description of the service to be provided will be a key point determining the success in the integration and interoperability of the different proposals. However, the refined understanding of the future scenario and its requirements has recently introduced unique challenges in the path to fully achieve the benefits of the NFV vision. In this paper we review the proposals of service description in the main initiatives related to the NFV arena. Then we elaborate on key novel challenges and evaluate how the different proposals solve them. Finally, we propose a straw man model of service and resource description addressing these challenges and defining the features that would serve as design directions for future initiatives and updates in this topic.

Integrating Complex Legacy Systems under OpenFlow Control: The DOCSIS Use Case

The possibility to deploy telecommunication services based on the availability of a fully flow-aware network is an appealing possibility. Concepts like Network Service Chaining and Network Function Virtualization expect the information to be manageable at the flow level. But, for this concept to be available for the development of user-centric applications, the access network should also be made flow-aware. In this paper we present the integration of a legacy DOCSIS based access network under an OpenFlow Control Framework by using the Hardware Abstraction Layer designed in the FP7 ALIEN project. The result is a dynamic wide area OpenFlow switch that spawns from the aggregation switch to the home equipment and hides all the complexity (including the provisioning) of the access technology to an unmodified and standard OpenFlow controller. As a result, the access network can react not only to any kind of user traffic but also to the connection of CPE to the network. The approach used is technology independent, and the results have been successfully demonstrated over a Cisco based DOCSIS access network.

An Optical Scan E-Voting System based on N-Version Programming

This article presents Demotek, a multi-agent prototype for an electronic voting system based on optical character recognition technology. Trade-offs in voter training, ease of use, security, and coercion across various systems are considered for the purpose of recognizing achievable improvements. Based on the use of N-version programming techniques, we propose improvements to Demotek, including those in security and new capabilities. This case study demonstrates how the voters authentication system and vote data transmission could further simplify and improve the electoral process by adding these new capabilities to the electronic voting system using N-version programming.

PKIX-based certification infrastructure implementation adapted to non-personal end entities

Public Key Infrastructures (PKIs) are considered the most suitable system to provide basic security services through digital certificates use. Nevertheless, traditional way of operation, based on web interface and asynchronous interactions, as well as the cost and difficulty of registration processes, have caused their replacement by other systems in many of the scenarios for which PKIs were conceived. These more efficient solutions present generally laxer security mechanisms and require too much user knowledge. The system we propose tries to provide a bridge between both approaches by defining an automated PKI focused on specific application scopes by using on-line interaction procedures.

A Bew Watermarking Method Using High Frequency Components to Guide the Insertion Process in the Spatial Domain

This paper presents a new method for signing digital images using high frequency components to guide the way digital watermarks are inserted in the image. Although this is not a new idea, we implement it working in the spatial domain, which means a more efficient algorithm and less processing time. We use a users configurable line segment chain to define the watermark and line segments that can be found in high frequency components of an image to guide the process of inserting the watermark. Therefore, this method offers a new way of finding specific zones of the image where watermark is to be inserted. It also presents a distributed system for signing digital images using watermarks and delivering watermarked images over Internet. This system provides secure access using Java applets and a Certification Authority.

Evaluation of a Mobility Approach to Support Vehicular Applications Using a Realistic Simulation Framework

The connected vehicle is becoming a reality. Internet access onboard will indeed increase road safety and security thanks to the cooperative networking that it is expected among vehicles, roadside units and the Internet. Moreover, this connectivity will bring innovative driving assistance services and infotainment alike services for end users. This fact is endorsed by standardisation bodies like the ETSI or the 5G-PPP that are actively working on the definition of these innovative services and setting their requirements. The connected vehicle poses technological challenges that need to be addressed. The mobility has to be managed regardless the location of the vehicles to ensure connectivity. At the same time the required security and performance levels for the applications need to be ensured. In this paper, we present a realistic simulation framework to evaluate vehicular applications while the protocol to manage the mobility, NeMHIP, is running underneath. The simulation framework is based on the integration of the OMNeT++, SUMO, VEINS and VsimRTI simulation tools. Obtained results have been compared with the requirements defined by the 5G-PPP automotive white paper, ITU-T Y.1541 and 3GPP TS 22.105 standards with satisfactory results. Thus, we demonstrate that the NeMHIP protocol is suitable because it fulfils the requirements of the applications while it provides an essential mobility service. In addition, this work shows the validity of the simulation framework.

A compatibility strategy for enabling secure and efficient ITS communications in today's Internet

Emerging communication services in the intelligent transportation systems (ITS) scenario have recently considered the provision of Internet services because this fact will aid in safety purposes and will offer a wide scope of applications to end users. Consequently, and considering the ITS scenario a specific mobile networking context (several connection capable nodes moving at the same time), mobile communications should provide the required security level as well as efficiency. In this regard, mobility management is the key aspect in this scenario so the mobility protocol underneath has to ensure those properties. In this article, thanks to the security and efficiency properties it provides from its design, we consider the NeMHIP protocol an appropriate alternative for managing mobility in the ITS context. Nevertheless, NeMHIP entails challenges when being introduced in the current legacy Internet architecture. In order to deal with these issues, this article proposes a compatibility strategy. This strategy involves a novel naming resolution procedure based on the definion of an evolved DNS resolution process. As a result, mobile networks can securely and efficiently move along the current Internet, using most common communication services transparently. We have implemented the compatibility solution in a testbed, validated its functionality and design correctness to assess its feasibility. Obtained results demonstrate the feasibility of the proposed strategy.

A practical tool for analysis of security in systems for distribution of digital contents based on ‘attack trees’

When there is a need to compare the characteristics of several similar global communications systems, security is often an important factor to consider in the comparison. However, in most situations it is difficult to deduce whether a system is more secure than other; and it is even more difficult to deduce how much more secure a system is compared to another. This paper presents a method based on the use of ‘attack trees’ for the analysis of the security level supported by communications systems. Specifically this paper presents the most relevant aspects of the application of this method to protocols for distributing digital contents with copyright protection; to compare the security level of different systems and to obtain quantitative information about the level of security supported by each protocol.