Madhusanka Liyanage | University of Oulu (original) (raw)
Uploads
Thesis Chapters by Madhusanka Liyanage
Doctoral Dissertation, 2016
Ethernet based VPLS (Virtual Private LAN Service) is a transparent, protocol independent, multipo... more Ethernet based VPLS (Virtual Private LAN Service) is a transparent, protocol independent,
multipoint L2VPN (Layer 2 Virtual Private Network) mechanism to interconnect remote customer
sites over IP (Internet Protocol) or MPLS (Multiprotocol Label Switching) based provider
networks. VPLS networks are now becoming attractive in many Enterprise applications, such as
DCI (data center interconnect), voice over IP (VoIP) and videoconferencing services due to their
simple, protocol-independent and cost efficient operation. However, these new VPLS applications
demand additional requirements, such as elevated security, enhanced scalability, optimum
utilization of network resources and further reduction in operational costs. Hence, the motivation
of this thesis is to develop secure and scalable VPLS architectures for future communication
networks.
First, a scalable secure flat-VPLS architecture is proposed based on a Host Identity Protocol
(HIP). It contains a session key-based security mechanism and an efficient broadcast mechanism
that increase the forwarding and security plane scalability of VPLS networks. Second, a secure
hierarchical-VPLS architecture is proposed to achieve control plane scalability. A novel encrypted
label-based secure frame forwarding mechanism is designed to transport L2 frames over a
hierarchical VPLS network. Third, a novel Distributed Spanning Tree Protocol (DSTP) is
designed to maintain a loop free Ethernet network over a VPLS network. With DSTP it is
proposed to run a modified STP (Spanning Tree Protocol) instance in each remote segment of the
VPLS network. In addition, two Redundancy Identification Mechanisms (RIMs) termed Customer
Associated RIMs (CARIM) and Provider Associated RIMs (PARIM) are used to mitigate the
impact of invisible loops in the provider network.
Lastly, a novel SDN (Software Defined Networking) based VPLS (Soft-VPLS) architecture is
designed to overcome tunnel management limitations in legacy secure VPLS architectures.
Moreover, three new mechanisms are proposed to improve the performance of legacy tunnel
management functions: 1) A dynamic tunnel establishment mechanism, 2) a tunnel resumption
mechanism and 3) a fast transmission mechanism. The proposed architecture utilizes a centralized
controller to command VPLS tunnel establishment based on real-time network behavior.
Hence, the results of the thesis will help for more secure, scalable and efficient system design
and development of VPLS networks. It will also help to optimize the utilization of network
resources and further reduction in operational costs of future VPLS networks.
Papers by Madhusanka Liyanage
A Software-Defined Mobile Network (SDMN) architecture is proposed to enhance the performance, fle... more A Software-Defined Mobile Network (SDMN) architecture is proposed to enhance the performance, flexibility , and scalability of today's telecommunication networks. However, SDMN features such as centralized controlling, network programmability, and virtualization introduce new security challenges to telecom-munication networks. In this article, we present security challenges related to SDMN communication channels (i.e., control and data channel) and propose a novel secure communication channel architecture based on Host Identity Protocol (HIP). IPsec tunneling and security gateways are widely utilized in present-day mobile networks to secure backhaul communication channels. However, the utilization of legacy IPsec mechanisms in SDMNs is challenging due to limitations such as distributed control, lack of visibility, and limited scalability. The proposed architecture also utilizes IPsec tunnels to secure the SDMN communication channels by eliminating these limitations. The proposed architecture is implemented in a testbed and we analyzed its security features. The performance penalty of security due to the proposed security mechanisms is measured on both control and data channels.
—Recent developments in Internet of Things (IoT) technologies have already put a huge impact on t... more —Recent developments in Internet of Things (IoT) technologies have already put a huge impact on the medical and health sector. Thus, the patient treatment can be performed in more efficient ways compared with traditional methods. Secure identification is a key system requirement for patients to acquire these health related services. Fast and convenient identification is important in the case of critical and elderly or disabled patients who required frequent health services. In this paper, we are presenting concept of the Naked environment where patients can get health services from smart and intelligent surroundings of hospital without using explicit gadgets. Patients would have direct interaction with the environment and get identified through it. We propose a biometric based authentication scheme for the Naked hospital environment that also protects the patients identity privacy. In addition, we show that this authentication scheme can resist various well known attacks such as insider attacks, replay attacks and identity privacy among others.
A Software-Defined Mobile Network (SDMN) architecture is proposed to enhance the performance, fle... more A Software-Defined Mobile Network (SDMN) architecture is proposed to enhance the performance, flexibility , and scalability of today's telecommunication networks. However, SDMN features such as centralized controlling, network programmability, and virtualization introduce new security challenges to telecom-munication networks. In this article, we present security challenges related to SDMN communication channels (i.e., control and data channel) and propose a novel secure communication channel architecture based on Host Identity Protocol (HIP). IPsec tunneling and security gateways are widely utilized in present-day mobile networks to secure backhaul communication channels. However, the utilization of legacy IPsec mechanisms in SDMNs is challenging due to limitations such as distributed control, lack of visibility, and limited scalability. The proposed architecture also utilizes IPsec tunnels to secure the SDMN communication channels by eliminating these limitations. The proposed architecture is implemented in a testbed and we analyzed its security features. The performance penalty of security due to the proposed security mechanisms is measured on both control and data channels.
IEEE Security & Privacy, 2016
Proceeding of IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks 2014, 2014
Baltic Journal of Modern Computing, 2016
2016 13th IEEE Annual Consumer Communications & Networking Conference (CCNC), 2016
IEEE Security & Privacy, 2016
2016 IEEE International Conference on Communications Workshops (ICC), 2016
2015 IEEE 10th International Conference on Industrial and Information Systems (ICIIS), 2015
2015 IEEE 10th International Conference on Industrial and Information Systems (ICIIS), 2015
Security and Communication Networks, 2016
2015 9th International Conference on Next Generation Mobile Applications, Services and Technologies, 2015
5G constitutes the next revolution in mobile communications. It is expected to deliver ultra-fast... more 5G constitutes the next revolution in mobile communications. It is expected to deliver ultra-fast, ultra-reliable network access supporting a massive increase of data traffic and connected nodes. Different technologies are emerging to address the requirements of future mobile networks, such as Software Defined Networking (SDN), Network Function Virtualization (NFV) and cloud computing concepts. In this paper, we introduce the security challenges these new technologies are facing, inherent to the new telecommunication paradigm. We also present a multitier approach to secure Software Defined Mobile Network (SDMN) by tackling security at different levels to protect the network itself and its users. First, we secure the communication channels between network elements by leveraging Host Identity Protocol (HIP) and IPSec tunnelling. Then, we restrict the unwanted access to the mobile backhaul network with policy based communications. It also protects the backhaul devices from source address spoofing and Denial of Service (DoS) attacks. Finally, we leverage Software Defined Monitoring (SDM) and data collection to detect, prevent and react to security threats.
2015 IEEE International Conference on Communication Workshop (ICCW), 2015
This book describes the concept of a Software Defined Mobile Network (SDMN), which will impact th... more This book describes the concept of a Software Defined Mobile Network (SDMN), which will impact the network architecture of current LTE (3GPP) networks. SDN will also open up new opportunities for traffic, resource and mobility management, as well as impose new challenges on network security. Therefore, the book addresses the main affected areas such as traffic, resource and mobility management, virtualized traffics transportation, network management, network security and techno economic concepts. Moreover, a complete introduction to SDN and SDMN concepts. Furthermore, the reader will be introduced to cutting-edge knowledge in areas such as network virtualization, as well as SDN concepts relevant to next generation mobile networks. Finally, by the end of the book the reader will be familiar with the feasibility and opportunities of SDMN concepts, and will be able to evaluate the limits of performance and scalability of these new technologies while applying them to mobile broadband ne...
Doctoral Dissertation, 2016
Ethernet based VPLS (Virtual Private LAN Service) is a transparent, protocol independent, multipo... more Ethernet based VPLS (Virtual Private LAN Service) is a transparent, protocol independent,
multipoint L2VPN (Layer 2 Virtual Private Network) mechanism to interconnect remote customer
sites over IP (Internet Protocol) or MPLS (Multiprotocol Label Switching) based provider
networks. VPLS networks are now becoming attractive in many Enterprise applications, such as
DCI (data center interconnect), voice over IP (VoIP) and videoconferencing services due to their
simple, protocol-independent and cost efficient operation. However, these new VPLS applications
demand additional requirements, such as elevated security, enhanced scalability, optimum
utilization of network resources and further reduction in operational costs. Hence, the motivation
of this thesis is to develop secure and scalable VPLS architectures for future communication
networks.
First, a scalable secure flat-VPLS architecture is proposed based on a Host Identity Protocol
(HIP). It contains a session key-based security mechanism and an efficient broadcast mechanism
that increase the forwarding and security plane scalability of VPLS networks. Second, a secure
hierarchical-VPLS architecture is proposed to achieve control plane scalability. A novel encrypted
label-based secure frame forwarding mechanism is designed to transport L2 frames over a
hierarchical VPLS network. Third, a novel Distributed Spanning Tree Protocol (DSTP) is
designed to maintain a loop free Ethernet network over a VPLS network. With DSTP it is
proposed to run a modified STP (Spanning Tree Protocol) instance in each remote segment of the
VPLS network. In addition, two Redundancy Identification Mechanisms (RIMs) termed Customer
Associated RIMs (CARIM) and Provider Associated RIMs (PARIM) are used to mitigate the
impact of invisible loops in the provider network.
Lastly, a novel SDN (Software Defined Networking) based VPLS (Soft-VPLS) architecture is
designed to overcome tunnel management limitations in legacy secure VPLS architectures.
Moreover, three new mechanisms are proposed to improve the performance of legacy tunnel
management functions: 1) A dynamic tunnel establishment mechanism, 2) a tunnel resumption
mechanism and 3) a fast transmission mechanism. The proposed architecture utilizes a centralized
controller to command VPLS tunnel establishment based on real-time network behavior.
Hence, the results of the thesis will help for more secure, scalable and efficient system design
and development of VPLS networks. It will also help to optimize the utilization of network
resources and further reduction in operational costs of future VPLS networks.
A Software-Defined Mobile Network (SDMN) architecture is proposed to enhance the performance, fle... more A Software-Defined Mobile Network (SDMN) architecture is proposed to enhance the performance, flexibility , and scalability of today's telecommunication networks. However, SDMN features such as centralized controlling, network programmability, and virtualization introduce new security challenges to telecom-munication networks. In this article, we present security challenges related to SDMN communication channels (i.e., control and data channel) and propose a novel secure communication channel architecture based on Host Identity Protocol (HIP). IPsec tunneling and security gateways are widely utilized in present-day mobile networks to secure backhaul communication channels. However, the utilization of legacy IPsec mechanisms in SDMNs is challenging due to limitations such as distributed control, lack of visibility, and limited scalability. The proposed architecture also utilizes IPsec tunnels to secure the SDMN communication channels by eliminating these limitations. The proposed architecture is implemented in a testbed and we analyzed its security features. The performance penalty of security due to the proposed security mechanisms is measured on both control and data channels.
—Recent developments in Internet of Things (IoT) technologies have already put a huge impact on t... more —Recent developments in Internet of Things (IoT) technologies have already put a huge impact on the medical and health sector. Thus, the patient treatment can be performed in more efficient ways compared with traditional methods. Secure identification is a key system requirement for patients to acquire these health related services. Fast and convenient identification is important in the case of critical and elderly or disabled patients who required frequent health services. In this paper, we are presenting concept of the Naked environment where patients can get health services from smart and intelligent surroundings of hospital without using explicit gadgets. Patients would have direct interaction with the environment and get identified through it. We propose a biometric based authentication scheme for the Naked hospital environment that also protects the patients identity privacy. In addition, we show that this authentication scheme can resist various well known attacks such as insider attacks, replay attacks and identity privacy among others.
A Software-Defined Mobile Network (SDMN) architecture is proposed to enhance the performance, fle... more A Software-Defined Mobile Network (SDMN) architecture is proposed to enhance the performance, flexibility , and scalability of today's telecommunication networks. However, SDMN features such as centralized controlling, network programmability, and virtualization introduce new security challenges to telecom-munication networks. In this article, we present security challenges related to SDMN communication channels (i.e., control and data channel) and propose a novel secure communication channel architecture based on Host Identity Protocol (HIP). IPsec tunneling and security gateways are widely utilized in present-day mobile networks to secure backhaul communication channels. However, the utilization of legacy IPsec mechanisms in SDMNs is challenging due to limitations such as distributed control, lack of visibility, and limited scalability. The proposed architecture also utilizes IPsec tunnels to secure the SDMN communication channels by eliminating these limitations. The proposed architecture is implemented in a testbed and we analyzed its security features. The performance penalty of security due to the proposed security mechanisms is measured on both control and data channels.
IEEE Security & Privacy, 2016
Proceeding of IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks 2014, 2014
Baltic Journal of Modern Computing, 2016
2016 13th IEEE Annual Consumer Communications & Networking Conference (CCNC), 2016
IEEE Security & Privacy, 2016
2016 IEEE International Conference on Communications Workshops (ICC), 2016
2015 IEEE 10th International Conference on Industrial and Information Systems (ICIIS), 2015
2015 IEEE 10th International Conference on Industrial and Information Systems (ICIIS), 2015
Security and Communication Networks, 2016
2015 9th International Conference on Next Generation Mobile Applications, Services and Technologies, 2015
5G constitutes the next revolution in mobile communications. It is expected to deliver ultra-fast... more 5G constitutes the next revolution in mobile communications. It is expected to deliver ultra-fast, ultra-reliable network access supporting a massive increase of data traffic and connected nodes. Different technologies are emerging to address the requirements of future mobile networks, such as Software Defined Networking (SDN), Network Function Virtualization (NFV) and cloud computing concepts. In this paper, we introduce the security challenges these new technologies are facing, inherent to the new telecommunication paradigm. We also present a multitier approach to secure Software Defined Mobile Network (SDMN) by tackling security at different levels to protect the network itself and its users. First, we secure the communication channels between network elements by leveraging Host Identity Protocol (HIP) and IPSec tunnelling. Then, we restrict the unwanted access to the mobile backhaul network with policy based communications. It also protects the backhaul devices from source address spoofing and Denial of Service (DoS) attacks. Finally, we leverage Software Defined Monitoring (SDM) and data collection to detect, prevent and react to security threats.
2015 IEEE International Conference on Communication Workshop (ICCW), 2015
This book describes the concept of a Software Defined Mobile Network (SDMN), which will impact th... more This book describes the concept of a Software Defined Mobile Network (SDMN), which will impact the network architecture of current LTE (3GPP) networks. SDN will also open up new opportunities for traffic, resource and mobility management, as well as impose new challenges on network security. Therefore, the book addresses the main affected areas such as traffic, resource and mobility management, virtualized traffics transportation, network management, network security and techno economic concepts. Moreover, a complete introduction to SDN and SDMN concepts. Furthermore, the reader will be introduced to cutting-edge knowledge in areas such as network virtualization, as well as SDN concepts relevant to next generation mobile networks. Finally, by the end of the book the reader will be familiar with the feasibility and opportunities of SDMN concepts, and will be able to evaluate the limits of performance and scalability of these new technologies while applying them to mobile broadband ne...
The focus of this research study is on behavior of traditional TCP over wire- less links and poss... more The focus of this research study is on behavior of traditional TCP over wire- less links and possible improvements with scheduling and network coding. TCP was originally designed for wired networks, where random bit error rate is negligible, and congestion is the main cause of packet loss. This assumption does not always hold when end to end path includes wireless links. Then, TCP assumes that higher packet losses and unusual delays in wireless links result from congestion in the network and performance of TCP is degraded. This research study was focused on the possible im- provements and alterations which can be implemented in order to get rid of the above behavior of TCP by means of scheduling and network coding at the MAC layer. In first part of the research study, we investigate the impact of MAC layer retrans- mission on TCP Throughput Performance over Wireless LANs. In second section, we used the network coding approaches to identify the possible improvements for link delay at...