Communications in Computer and Information Science, 2018
Network monitoring is a paramount aspect for the detection of abnormal and malicious activity. Ho... more Network monitoring is a paramount aspect for the detection of abnormal and malicious activity. However, this feature must go hand by hand with mitigation techniques. On SDN environments, control techniques may be easily developed as a result of its ability for programming the network. In this work, we take advantage of this fact to improve the network security using the sFlow monitoring tool along with the SDN controller. We present an architecture where sFlow is in charge of detecting network anomalies defined by user rules, while the SDN technology is responsible to mitigate the intrusion. Our testbed has been implemented on Mininet and the SDN environment is governed by Opendaylight controller and the OpenFlow southbound protocol. Experimental validation demonstrate that our system can effectively report various types of intrusion associated with the reconnaissance phase of an attack.
Cyber-Physical Systems: Architecture, Security and Application, 2018
Security is a key aspect in the development of innovative and valuable services based on Cyber-Ph... more Security is a key aspect in the development of innovative and valuable services based on Cyber-Physical Systems (CPSs). In the last years, the research area related to CPS security has received a significant attention, dealing with the design of different architectures, security protocols, and policy models. However, beyond monitoring data publishing behavior, CPSs are expected to offer some manageability-related services, and the proper fine-grained and flexible access control model remains challenging due to both criticality and feasibility. In fact, traditional security countermeasures cannot be applied directly to any sensor in CPS scenarios, because they are too resource-consuming and not optimized for resource-deprived devices. Different access control models facing both feasibility and enforcement tightness are arising as a way to solve the mentioned issues related to resource limitations, and this study provides a deep survey on them.
2016 Fifth European Workshop on Software-Defined Networks (EWSDN), 2016
Life-cycle management of stateful VNF services is a complicated task, especially when automated r... more Life-cycle management of stateful VNF services is a complicated task, especially when automated resiliency and scaling should be handled in a secure manner, without service degradation. We present FlowSNAC, a resilient and scalable VNF service for user authentication and service deployment. FlowSNAC consists of both stateful and stateless components, some of that are SDN-based and others that are NFVs. We describe how it adapts to changing conditions by automatically updating resource allocations through a series of intermediate steps of traffic steering, resource allocation, and secure state transfer. We conclude by highlighting some of the lessons learned during implementation, and their wider consequences for the architecture of SDN/NFV management and orchestration systems.
... Enhanced 802.16e or WiMAX supports vehicular mobility up to 200km/h. with a high throughput u... more ... Enhanced 802.16e or WiMAX supports vehicular mobility up to 200km/h. with a high throughput up to 30 Mbps. ... The security systems make use of IPSec protocol along Internet Key Exchange (IKE) protocol for dynamic key exchange [11]. ...
Proceedings 39th Annual 2005 International Carnahan Conference on Security Technology, 2005
Systems based on the use of watermarking techniques are seen in recent times as the most interest... more Systems based on the use of watermarking techniques are seen in recent times as the most interesting solutions to provide means of protecting intellectual property rights in electronic commerce with digital contents environments. A key aspect of this secure e-commerce environment is security. It is important to be able to evaluate and to know the security level and the risks
2009 9th International Conference on Intelligent Transport Systems Telecommunications, ITST 2009, 2009
ABSTRACT In the last few years, in the European context, railway communication architectures have... more ABSTRACT In the last few years, in the European context, railway communication architectures have migrated from a juxtaposition of different, and mostly proprietary, technological solutions-each of them addressing the particular requirements of a specific railway IT service-to a single unique and integrated telecom open architecture based on GSM-R (Global System for Mobile Communications - Railways). Next envisaged movement is to integrate the current different railway IT services and emerging railway needs in a global open and standard th generation mobile communication architecture. However, in-depth studies are necessary to validate these packet switched technologies and architectures as usable for the highly demanding railway operational communications such as the automatic train control service. The standardized version of this service in the European context, is known as ETCS service (European train control system). These packet switched technologies, since they are based on a different philosophy, they need adequate engineering rules. This paper is focused on building a simulation framework able to carry out these in-depth performance evaluation studies.
Proceedings - 2009 IEEE International Conference on Communications Workshops, ICC 2009, 2009
... The ASN-GW is interconnected with the BSs through a wireless point to point IEEE802.16 link t... more ... The ASN-GW is interconnected with the BSs through a wireless point to point IEEE802.16 link that ... The WiMAX architecture can be used to support both IP and Ethernet packets. IP packets may be transported using the IP convergence sublayer (IP-CS) over IEEE 802.16e or ...
2009 IEEE International Symposium on Broadband Multimedia Systems and Broadcasting, 2009
When there is a need to compare the characteristics of several similar global communications syst... more When there is a need to compare the characteristics of several similar global communications systems, security is often an important factor to consider in the comparison. However, in most situations it is difficult to deduce whether a system is more secure than other; and it is even more difficult to deduce how much more secure a system is compared to
2009 9th International Conference on Intelligent Transport Systems Telecommunications, (ITST), 2009
Together with the IMO's future navigation system implementation strategy, the e-navigatio... more Together with the IMO's future navigation system implementation strategy, the e-navigation, wireless access technologies are proliferating on the maritime scenario, covering last mile communications. In the near future, we foresee that communication technologies will coexist and will be available in overlapping areas through the maritime last mile. Therefore, in order to enhace ship-shore communications, always-best-connected procedures and an efficient mobility
International Journal of Internet Protocol Technology, 2005
... Eduardo Jacob, Juan Jos?? Unzilla, M?? Victoria Higuero, Purificaci??n Saiz, Marina Aguado, C... more ... Eduardo Jacob, Juan Jos?? Unzilla, M?? Victoria Higuero, Purificaci??n Saiz, Marina Aguado, Christian Pinedo Departamento de Electr??nica y ... 5.51, available at http://www.heanet.ie/ einfrastructures/ White_Paper_version_5.51.pdf [3] RJ Anderson, ???The Eternity Service???, presented ...
Communications in Computer and Information Science, 2018
Network monitoring is a paramount aspect for the detection of abnormal and malicious activity. Ho... more Network monitoring is a paramount aspect for the detection of abnormal and malicious activity. However, this feature must go hand by hand with mitigation techniques. On SDN environments, control techniques may be easily developed as a result of its ability for programming the network. In this work, we take advantage of this fact to improve the network security using the sFlow monitoring tool along with the SDN controller. We present an architecture where sFlow is in charge of detecting network anomalies defined by user rules, while the SDN technology is responsible to mitigate the intrusion. Our testbed has been implemented on Mininet and the SDN environment is governed by Opendaylight controller and the OpenFlow southbound protocol. Experimental validation demonstrate that our system can effectively report various types of intrusion associated with the reconnaissance phase of an attack.
Cyber-Physical Systems: Architecture, Security and Application, 2018
Security is a key aspect in the development of innovative and valuable services based on Cyber-Ph... more Security is a key aspect in the development of innovative and valuable services based on Cyber-Physical Systems (CPSs). In the last years, the research area related to CPS security has received a significant attention, dealing with the design of different architectures, security protocols, and policy models. However, beyond monitoring data publishing behavior, CPSs are expected to offer some manageability-related services, and the proper fine-grained and flexible access control model remains challenging due to both criticality and feasibility. In fact, traditional security countermeasures cannot be applied directly to any sensor in CPS scenarios, because they are too resource-consuming and not optimized for resource-deprived devices. Different access control models facing both feasibility and enforcement tightness are arising as a way to solve the mentioned issues related to resource limitations, and this study provides a deep survey on them.
2016 Fifth European Workshop on Software-Defined Networks (EWSDN), 2016
Life-cycle management of stateful VNF services is a complicated task, especially when automated r... more Life-cycle management of stateful VNF services is a complicated task, especially when automated resiliency and scaling should be handled in a secure manner, without service degradation. We present FlowSNAC, a resilient and scalable VNF service for user authentication and service deployment. FlowSNAC consists of both stateful and stateless components, some of that are SDN-based and others that are NFVs. We describe how it adapts to changing conditions by automatically updating resource allocations through a series of intermediate steps of traffic steering, resource allocation, and secure state transfer. We conclude by highlighting some of the lessons learned during implementation, and their wider consequences for the architecture of SDN/NFV management and orchestration systems.
... Enhanced 802.16e or WiMAX supports vehicular mobility up to 200km/h. with a high throughput u... more ... Enhanced 802.16e or WiMAX supports vehicular mobility up to 200km/h. with a high throughput up to 30 Mbps. ... The security systems make use of IPSec protocol along Internet Key Exchange (IKE) protocol for dynamic key exchange [11]. ...
Proceedings 39th Annual 2005 International Carnahan Conference on Security Technology, 2005
Systems based on the use of watermarking techniques are seen in recent times as the most interest... more Systems based on the use of watermarking techniques are seen in recent times as the most interesting solutions to provide means of protecting intellectual property rights in electronic commerce with digital contents environments. A key aspect of this secure e-commerce environment is security. It is important to be able to evaluate and to know the security level and the risks
2009 9th International Conference on Intelligent Transport Systems Telecommunications, ITST 2009, 2009
ABSTRACT In the last few years, in the European context, railway communication architectures have... more ABSTRACT In the last few years, in the European context, railway communication architectures have migrated from a juxtaposition of different, and mostly proprietary, technological solutions-each of them addressing the particular requirements of a specific railway IT service-to a single unique and integrated telecom open architecture based on GSM-R (Global System for Mobile Communications - Railways). Next envisaged movement is to integrate the current different railway IT services and emerging railway needs in a global open and standard th generation mobile communication architecture. However, in-depth studies are necessary to validate these packet switched technologies and architectures as usable for the highly demanding railway operational communications such as the automatic train control service. The standardized version of this service in the European context, is known as ETCS service (European train control system). These packet switched technologies, since they are based on a different philosophy, they need adequate engineering rules. This paper is focused on building a simulation framework able to carry out these in-depth performance evaluation studies.
Proceedings - 2009 IEEE International Conference on Communications Workshops, ICC 2009, 2009
... The ASN-GW is interconnected with the BSs through a wireless point to point IEEE802.16 link t... more ... The ASN-GW is interconnected with the BSs through a wireless point to point IEEE802.16 link that ... The WiMAX architecture can be used to support both IP and Ethernet packets. IP packets may be transported using the IP convergence sublayer (IP-CS) over IEEE 802.16e or ...
2009 IEEE International Symposium on Broadband Multimedia Systems and Broadcasting, 2009
When there is a need to compare the characteristics of several similar global communications syst... more When there is a need to compare the characteristics of several similar global communications systems, security is often an important factor to consider in the comparison. However, in most situations it is difficult to deduce whether a system is more secure than other; and it is even more difficult to deduce how much more secure a system is compared to
2009 9th International Conference on Intelligent Transport Systems Telecommunications, (ITST), 2009
Together with the IMO's future navigation system implementation strategy, the e-navigatio... more Together with the IMO's future navigation system implementation strategy, the e-navigation, wireless access technologies are proliferating on the maritime scenario, covering last mile communications. In the near future, we foresee that communication technologies will coexist and will be available in overlapping areas through the maritime last mile. Therefore, in order to enhace ship-shore communications, always-best-connected procedures and an efficient mobility
International Journal of Internet Protocol Technology, 2005
... Eduardo Jacob, Juan Jos?? Unzilla, M?? Victoria Higuero, Purificaci??n Saiz, Marina Aguado, C... more ... Eduardo Jacob, Juan Jos?? Unzilla, M?? Victoria Higuero, Purificaci??n Saiz, Marina Aguado, Christian Pinedo Departamento de Electr??nica y ... 5.51, available at http://www.heanet.ie/ einfrastructures/ White_Paper_version_5.51.pdf [3] RJ Anderson, ???The Eternity Service???, presented ...
Uploads
Papers by Eduardo Jacob