2018 4th IEEE Conference on Network Softwarization and Workshops (NetSoft), 2018
The need to support a wide variety of requirements, from the different verticals envisioned, make... more The need to support a wide variety of requirements, from the different verticals envisioned, make slicing a core component of the 5G scenario. One of the foundations of slicing is the capability of isolating the different services provided, to guarantee the required performance for each of them. The performance impact of the isolation mechanisms themselves becomes a key aspect that must be carefully balanced and evaluated in all the components of the infrastructure. In this paper, we introduce L2TSM, a Layer 2 Traffic Steering Mechanism for Network Slicing scenarios, including Service Function Chaining and Network Function Virtualization deployments. L2TSM minimizes the overhead, simplifies exposing the programmability of the network devices to be exploited by the service functions and maintains the isolation between the service chains, through a software-defined and standard compliant addressing scheme. With a case study in our L2TSM prototype, we show how different types of traffic composing a service chain are supported and gather some insights on the performance of the solution.
Communications in Computer and Information Science, 2018
Network monitoring is a paramount aspect for the detection of abnormal and malicious activity. Ho... more Network monitoring is a paramount aspect for the detection of abnormal and malicious activity. However, this feature must go hand by hand with mitigation techniques. On SDN environments, control techniques may be easily developed as a result of its ability for programming the network. In this work, we take advantage of this fact to improve the network security using the sFlow monitoring tool along with the SDN controller. We present an architecture where sFlow is in charge of detecting network anomalies defined by user rules, while the SDN technology is responsible to mitigate the intrusion. Our testbed has been implemented on Mininet and the SDN environment is governed by Opendaylight controller and the OpenFlow southbound protocol. Experimental validation demonstrate that our system can effectively report various types of intrusion associated with the reconnaissance phase of an attack.
Cyber-Physical Systems: Architecture, Security and Application, 2018
Security is a key aspect in the development of innovative and valuable services based on Cyber-Ph... more Security is a key aspect in the development of innovative and valuable services based on Cyber-Physical Systems (CPSs). In the last years, the research area related to CPS security has received a significant attention, dealing with the design of different architectures, security protocols, and policy models. However, beyond monitoring data publishing behavior, CPSs are expected to offer some manageability-related services, and the proper fine-grained and flexible access control model remains challenging due to both criticality and feasibility. In fact, traditional security countermeasures cannot be applied directly to any sensor in CPS scenarios, because they are too resource-consuming and not optimized for resource-deprived devices. Different access control models facing both feasibility and enforcement tightness are arising as a way to solve the mentioned issues related to resource limitations, and this study provides a deep survey on them.
2009 IFIP International Conference on Wireless and Optical Communications Networks, 2009
... Integrated HAP and Mobile Satellite System with Optical Links by Ömer Korçak, Fatih ... Sessi... more ... Integrated HAP and Mobile Satellite System with Optical Links by Ömer Korçak, Fatih ... Session 14: Networking and Wireless Communications II Chair: Assistant Professor Mohamed Khedr, Arab ... Topologies in Optical Distribution Networks by Jose M. Gutierrez, Tahir Riaz, Jens M ...
2016 Fifth European Workshop on Software-Defined Networks (EWSDN), 2016
Life-cycle management of stateful VNF services is a complicated task, especially when automated r... more Life-cycle management of stateful VNF services is a complicated task, especially when automated resiliency and scaling should be handled in a secure manner, without service degradation. We present FlowSNAC, a resilient and scalable VNF service for user authentication and service deployment. FlowSNAC consists of both stateful and stateless components, some of that are SDN-based and others that are NFVs. We describe how it adapts to changing conditions by automatically updating resource allocations through a series of intermediate steps of traffic steering, resource allocation, and secure state transfer. We conclude by highlighting some of the lessons learned during implementation, and their wider consequences for the architecture of SDN/NFV management and orchestration systems.
... Thomas Magesacher , Per Ö dling , Miguel Berg , Stefan H ö st , Enrique Areizaga , Per Ola B ... more ... Thomas Magesacher , Per Ö dling , Miguel Berg , Stefan H ö st , Enrique Areizaga , Per Ola B ö rjesson , and Eduardo Jacob ... of broadband access systems for telephone loops have been rolled out: Generation 1, which is mainly based on ISDN (cf., eg, Stallings [2] ) and ...
2007 2nd IEEE/IFIP International Workshop on Broadband Convergence Networks, 2007
... PlaNetS (Platforms for Networked Service Delivery [13]) is a Medea+ labeled European research... more ... PlaNetS (Platforms for Networked Service Delivery [13]) is a Medea+ labeled European research project that covers future aggregation network architectures, network access solutions andappropriate access nodes, home (or residential) gateways, in-house networking solutions ...
... Enhanced 802.16e or WiMAX supports vehicular mobility up to 200km/h. with a high throughput u... more ... Enhanced 802.16e or WiMAX supports vehicular mobility up to 200km/h. with a high throughput up to 30 Mbps. ... The security systems make use of IPSec protocol along Internet Key Exchange (IKE) protocol for dynamic key exchange [11]. ...
Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, 2010
Recent widespread of small electronic devices with a low capacity microprocessor and wireless com... more Recent widespread of small electronic devices with a low capacity microprocessor and wireless communication capabilities integrated, has given place to the emergence of new communication scenarios, mainly characterized by their heterogeneity and ubiquity. As an example, in the near future, it will be very common for users to access and control electrical appliances or high performance sensors in remote locations
IEEE International Symposium on Broadband Multimedia Systems and Broadcasting 2008, Broadband Multimedia Symposium 2008, BMSB, 2008
... After comparison with other event-driven network simulation, Opnet Modeler was chosen due to ... more ... After comparison with other event-driven network simulation, Opnet Modeler was chosen due to the support to the WiMAX model. This model is still under development. We have broken our validation methodology into four stages. Figure 4: Real testbed deployment ...
Proceedings - 2009 IEEE International Conference on Communications Workshops, ICC 2009, 2009
... The ASN-GW is interconnected with the BSs through a wireless point to point IEEE802.16 link t... more ... The ASN-GW is interconnected with the BSs through a wireless point to point IEEE802.16 link that ... The WiMAX architecture can be used to support both IP and Ethernet packets. IP packets may be transported using the IP convergence sublayer (IP-CS) over IEEE 802.16e or ...
2018 4th IEEE Conference on Network Softwarization and Workshops (NetSoft), 2018
The need to support a wide variety of requirements, from the different verticals envisioned, make... more The need to support a wide variety of requirements, from the different verticals envisioned, make slicing a core component of the 5G scenario. One of the foundations of slicing is the capability of isolating the different services provided, to guarantee the required performance for each of them. The performance impact of the isolation mechanisms themselves becomes a key aspect that must be carefully balanced and evaluated in all the components of the infrastructure. In this paper, we introduce L2TSM, a Layer 2 Traffic Steering Mechanism for Network Slicing scenarios, including Service Function Chaining and Network Function Virtualization deployments. L2TSM minimizes the overhead, simplifies exposing the programmability of the network devices to be exploited by the service functions and maintains the isolation between the service chains, through a software-defined and standard compliant addressing scheme. With a case study in our L2TSM prototype, we show how different types of traffic composing a service chain are supported and gather some insights on the performance of the solution.
Communications in Computer and Information Science, 2018
Network monitoring is a paramount aspect for the detection of abnormal and malicious activity. Ho... more Network monitoring is a paramount aspect for the detection of abnormal and malicious activity. However, this feature must go hand by hand with mitigation techniques. On SDN environments, control techniques may be easily developed as a result of its ability for programming the network. In this work, we take advantage of this fact to improve the network security using the sFlow monitoring tool along with the SDN controller. We present an architecture where sFlow is in charge of detecting network anomalies defined by user rules, while the SDN technology is responsible to mitigate the intrusion. Our testbed has been implemented on Mininet and the SDN environment is governed by Opendaylight controller and the OpenFlow southbound protocol. Experimental validation demonstrate that our system can effectively report various types of intrusion associated with the reconnaissance phase of an attack.
Cyber-Physical Systems: Architecture, Security and Application, 2018
Security is a key aspect in the development of innovative and valuable services based on Cyber-Ph... more Security is a key aspect in the development of innovative and valuable services based on Cyber-Physical Systems (CPSs). In the last years, the research area related to CPS security has received a significant attention, dealing with the design of different architectures, security protocols, and policy models. However, beyond monitoring data publishing behavior, CPSs are expected to offer some manageability-related services, and the proper fine-grained and flexible access control model remains challenging due to both criticality and feasibility. In fact, traditional security countermeasures cannot be applied directly to any sensor in CPS scenarios, because they are too resource-consuming and not optimized for resource-deprived devices. Different access control models facing both feasibility and enforcement tightness are arising as a way to solve the mentioned issues related to resource limitations, and this study provides a deep survey on them.
2009 IFIP International Conference on Wireless and Optical Communications Networks, 2009
... Integrated HAP and Mobile Satellite System with Optical Links by Ömer Korçak, Fatih ... Sessi... more ... Integrated HAP and Mobile Satellite System with Optical Links by Ömer Korçak, Fatih ... Session 14: Networking and Wireless Communications II Chair: Assistant Professor Mohamed Khedr, Arab ... Topologies in Optical Distribution Networks by Jose M. Gutierrez, Tahir Riaz, Jens M ...
2016 Fifth European Workshop on Software-Defined Networks (EWSDN), 2016
Life-cycle management of stateful VNF services is a complicated task, especially when automated r... more Life-cycle management of stateful VNF services is a complicated task, especially when automated resiliency and scaling should be handled in a secure manner, without service degradation. We present FlowSNAC, a resilient and scalable VNF service for user authentication and service deployment. FlowSNAC consists of both stateful and stateless components, some of that are SDN-based and others that are NFVs. We describe how it adapts to changing conditions by automatically updating resource allocations through a series of intermediate steps of traffic steering, resource allocation, and secure state transfer. We conclude by highlighting some of the lessons learned during implementation, and their wider consequences for the architecture of SDN/NFV management and orchestration systems.
... Thomas Magesacher , Per Ö dling , Miguel Berg , Stefan H ö st , Enrique Areizaga , Per Ola B ... more ... Thomas Magesacher , Per Ö dling , Miguel Berg , Stefan H ö st , Enrique Areizaga , Per Ola B ö rjesson , and Eduardo Jacob ... of broadband access systems for telephone loops have been rolled out: Generation 1, which is mainly based on ISDN (cf., eg, Stallings [2] ) and ...
2007 2nd IEEE/IFIP International Workshop on Broadband Convergence Networks, 2007
... PlaNetS (Platforms for Networked Service Delivery [13]) is a Medea+ labeled European research... more ... PlaNetS (Platforms for Networked Service Delivery [13]) is a Medea+ labeled European research project that covers future aggregation network architectures, network access solutions andappropriate access nodes, home (or residential) gateways, in-house networking solutions ...
... Enhanced 802.16e or WiMAX supports vehicular mobility up to 200km/h. with a high throughput u... more ... Enhanced 802.16e or WiMAX supports vehicular mobility up to 200km/h. with a high throughput up to 30 Mbps. ... The security systems make use of IPSec protocol along Internet Key Exchange (IKE) protocol for dynamic key exchange [11]. ...
Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, 2010
Recent widespread of small electronic devices with a low capacity microprocessor and wireless com... more Recent widespread of small electronic devices with a low capacity microprocessor and wireless communication capabilities integrated, has given place to the emergence of new communication scenarios, mainly characterized by their heterogeneity and ubiquity. As an example, in the near future, it will be very common for users to access and control electrical appliances or high performance sensors in remote locations
IEEE International Symposium on Broadband Multimedia Systems and Broadcasting 2008, Broadband Multimedia Symposium 2008, BMSB, 2008
... After comparison with other event-driven network simulation, Opnet Modeler was chosen due to ... more ... After comparison with other event-driven network simulation, Opnet Modeler was chosen due to the support to the WiMAX model. This model is still under development. We have broken our validation methodology into four stages. Figure 4: Real testbed deployment ...
Proceedings - 2009 IEEE International Conference on Communications Workshops, ICC 2009, 2009
... The ASN-GW is interconnected with the BSs through a wireless point to point IEEE802.16 link t... more ... The ASN-GW is interconnected with the BSs through a wireless point to point IEEE802.16 link that ... The WiMAX architecture can be used to support both IP and Ethernet packets. IP packets may be transported using the IP convergence sublayer (IP-CS) over IEEE 802.16e or ...
Uploads
Papers by Eduardo Jacob