liu.seSearch for publications in DiVA
Change search
Refine search result
12 1 - 50 of 72
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • oxford
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Rows per page
  • 5
  • 10
  • 20
  • 50
  • 100
  • 250
Sort
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
Select
The maximal number of hits you can export is 250. When you want to export more records please use the Create feeds function.
  • 1.
    Ahmad, Ijaz
    et al.
    University of Oulu, Finland.
    Kumar, Tanesh
    University of Oulu, Finland.
    Liyanage, Madhusanka
    University of Oulu, Finland.
    Okwuibe, Jude
    University of Oulu, Finland.
    Ylianttila, Mika
    University of Oulu, Finland.
    Gurtov, Andrei
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
    5G Security: Analysis of Threats and Solutions2017In: 2017 IEEE CONFERENCE ON STANDARDS FOR COMMUNICATIONS AND NETWORKING (CSCN), IEEE , 2017, p. 193-199Conference paper (Refereed)
    Abstract [en]

    5G will provide broadband access everywhere, entertain higher user mobility, and enable connectivity of massive number of devices (e.g. Internet of Things (IoT)) in an ultrareliable and affordable way. The main technological enablers such as cloud computing, Software Defined Networking (SDN) and Network Function Virtualization (NFV) are maturing towards their use in 5G. However, there are pressing security challenges in these technologies besides the growing concerns for user privacy. In this paper, we provide an overview of the security challenges in these technologies and the issues of privacy in 5G. Furthermore, we present security solutions to these challenges and future directions for secure 5G systems.

  • 2.
    Ahmad, Ijaz
    et al.
    Univ Oulu, Finland.
    Liyanage, Madhusanka
    Univ Oulu, Finland.
    Ylianttila, Mika
    Univ Oulu, Finland.
    Gurtov, Andrei
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
    Analysis of Deployment Challenges of Host Identity Protocol2017In: 2017 EUROPEAN CONFERENCE ON NETWORKS AND COMMUNICATIONS (EUCNC), IEEE , 2017Conference paper (Refereed)
    Abstract [en]

    Host Identity Protocol (HIP), a novel internetworking technology proposes separation of the identity-location roles of the Internet Protocol (IP). HIP has been successful from the technological perspectives for network security and mobility, however, it has very limited deployment. In this paper we assess HIP to find the reasons behind its limited deployment and highlight the challenges faced by HIP for its commercial use. We propose technological development and outline deployment strategies for the wide use of HIP. Furthermore, this paper investigates the use of HIP in Software Defined Networks (SDN) to evaluate its performance in new disruptive networking technologies. In a nutshell, this paper presents revealing challenges for the deployment of innovative networking protocols and a way ahead for successful and large scale deployment.

  • 3.
    Ahmad, Ijaz
    et al.
    VTT Tech Res Ctr Finland, Finland.
    Shahabuddin, Shariar
    Nokia, Finland.
    Malik, Hassan
    Edge Hill Univ, England.
    Harjula, Erkki
    Univ Oulu, Finland.
    Leppanen, Teemu
    Univ Oulu, Finland.
    Loven, Lauri
    Univ Oulu, Finland.
    Anttonen, Antti
    VTT Tech Res Ctr Finland, Finland.
    Sodhro, Ali Hassan
    Mid Sweden Univ, Sweden.
    Mahtab Alam, Muhammad
    Tallinn Univ Technol, Estonia.
    Juntti, Markku
    Univ Oulu, Finland.
    Yla-Jaaski, Antti
    Aalto Univ, Finland.
    Sauter, Thilo
    TU Wien, Austria; Danube Univ Krems, Austria.
    Gurtov, Andrei
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
    Ylianttila, Mika
    Univ Oulu, Finland.
    Riekki, Jukka
    Univ Oulu, Finland.
    Machine Learning Meets Communication Networks: Current Trends and Future Challenges2020In: IEEE Access, E-ISSN 2169-3536, Vol. 8, p. 223418-223460Article in journal (Refereed)
    Abstract [en]

    The growing network density and unprecedented increase in network traffic, caused by the massively expanding number of connected devices and online services, require intelligent network operations. Machine Learning (ML) has been applied in this regard in different types of networks and networking technologies to meet the requirements of future communicating devices and services. In this article, we provide a detailed account of current research on the application of ML in communication networks and shed light on future research challenges. Research on the application of ML in communication networks is described in: i) the three layers, i.e., physical, access, and network layers; and ii) novel computing and networking concepts such as Multi-access Edge Computing (MEC), Software Defined Networking (SDN), Network Functions Virtualization (NFV), and a brief overview of ML-based network security. Important future research challenges are identified and presented to help stir further research in key areas in this direction.

    Download full text (pdf)
    fulltext
  • 4.
    Ahmad, Ijaz
    et al.
    VTT Tech Res Ctr Finland, Finland.
    Suomalainen, Jani
    VTT Tech Res Ctr Finland, Finland.
    Porambage, Pawani
    VTT Tech Res Ctr Finland, Finland; Univ Oulu, Finland.
    Gurtov, Andrei
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
    Huusko, Jyrki
    VTT Tech Res Ctr Finland, Finland.
    Höyhtyä, Marko
    VTT Tech Res Ctr Finland, Finland.
    Security of Satellite-Terrestrial Communications: Challenges and Potential Solutions2022In: IEEE Access, E-ISSN 2169-3536, Vol. 10, p. 96038-96052Article in journal (Refereed)
    Abstract [en]

    The integration of satellite and terrestrial networks has become inevitable in the next generations of communications networks due to emerging needs of ubiquitous connectivity of remote locations. New and existing services and critical infrastructures in remote locations in sea, on land and in space will be seamlessly connected through a diverse set of terrestrial and non-terrestrial communication technologies. However, the integration of terrestrial and non-terrestrial systems will open up both systems to unique security challenges that can arise due to the migration of security challenges from one to another. Similarly, security challenges can also arise due to the incompatibility of distinct systems or incoherence of security policies. The resulting security implications, thus, can be highly consequential due to the criticality of the infrastructures such as space stations, autonomous ships, and airplanes, for instance. Therefore, in this article we study existing security challenges in satellite-terrestrial communication systems and discuss potential solutions for those challenges. Furthermore, we provide important research directions to encourage future research on existing security gaps.

    Download full text (pdf)
    fulltext
  • 5.
    Ahmed, Ijaz
    et al.
    Centre for Wireless Communications, University of Oulu, Finland; VTT Technical Research Centre of Finland.
    Shahabuddin, Shahriar
    Centre for Wireless Communications, University of Oulu, Finland; Nokia, Oulu, Finland.
    Tanesh, Kumar
    Centre for Wireless Communications, University of Oulu, Finland.
    Okwuibe, Jude
    Centre for Wireless Communications, University of Oulu, Finland.
    Gurtov, Andrei
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
    Ylianttila, Mika
    Centre for Wireless Communications, University of Oulu, Finland.
    Security for 5G and Beyond2019In: IEEE Communications Surveys and Tutorials, ISSN 1553-877X, E-ISSN 1553-877X, Vol. 21, no 4, p. 3682-3722Article in journal (Refereed)
    Abstract [en]

    The development of the Fifth Generation (5G) wireless networks is gaining momentum to connect almost all aspects of life through the network with much higher speed, very low latency and ubiquitous connectivity. Due to its crucial role in our lives, the network must secure its users, components, and services. The security threat landscape of 5G has grown enormously due to the unprecedented increase in types of services and in the number of devices. Therefore, security solutions if not developed yet must be envisioned already to cope with diverse threats on various services, novel technologies, and increased user information accessible by the network. This article outlines the 5G network threat landscape, the security vulnerabilities in the new technological concepts that will be adopted by 5G, and provides either solutions to those threats or future directions to cope with those security challenges. We also provide a brief outline of the post-5G cellular technologies and their security vulnerabilities which is referred to as Future Generations (XG) in this paper. In brief, this article highlights the present and future security challenges in wireless networks, mainly in 5G, and future directions to secure wireless networks beyond 5G.

  • 6.
    Bhattacherjee, Debopam
    et al.
    Swiss Fed Inst Technol, Switzerland; Aalto Univ, Finland.
    Gurtov, Andrei
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
    Aura, Tuomas
    Aalto Univ, Finland.
    Watch your step! Detecting stepping stones in programmable networks2019In: ICC 2019 - 2019 IEEE INTERNATIONAL CONFERENCE ON COMMUNICATIONS (ICC), IEEE , 2019Conference paper (Refereed)
    Abstract [en]

    Hackers hide behind compromised intermediate hosts and pose advanced persistent threats (APTs). The compromised hosts are used as stepping stones to launch real attacks, as is evident from an incident that shook the world in 2016 - Panama Papers Leak. The major attack would not go unnoticed if the compromised stepping stone, in this case an email server, could be identified in time. In this paper, we explore how todays programmable networks could be retrofitted with effective stepping stone detection mechanisms to correlate flows. We share initial results to prove that such a setup exists. Lastly, we analyze scalability issues associated with the setup and explore recent developments in network monitoring which have potential to address these issues.

  • 7.
    Blåberg, Anton
    et al.
    Linköping University, Department of Computer and Information Science. Linköping University, Faculty of Science & Engineering.
    Lindahl, Gustav
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
    Gurtov, Andrei
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
    Josefsson, Billy
    Luftfartsverket, Sweden.
    Simulating ADS-B Attacks in Air Traffic Management2020In: 2020 AIAA/IEEE 39TH DIGITAL AVIONICS SYSTEMS CONFERENCE (DASC) PROCEEDINGS, IEEE , 2020Conference paper (Refereed)
    Abstract [en]

    In Air Traffic Management (ATM) training, simulations of real air traffic control (ATC) scenarios are a key part of practical teaching. On the internet one may find multiple different ATM simulators available to the public with open source code. Today most aircraft transmit data about position, altitude, and speed into the atmosphere that practically are unencrypted data points. This data is called automatic dependant surveillance broadcast (ADS-B) data. The lack of security means that potential attackers could project "fake" ADS-B data and spoof existing data to air traffic controllers (ATCO) if the right equipment is used. We see this as a security flaw and we want to prepare ATCO for cyberattacks by modifying an ATM simulator with cyberattacks. First, OpenScope was chosen as the ATM simulator to be modified. Subsequently, three types of attacks were chosen for the simulator to be equipped with, based on ADS-B weaknesses from existing literature: aircraft not responding to commands, aircraft with altering positional data, and aircraft with incorrect speed and altitude data. The recorded parameters were the written command lines and corresponding aircraft type it was applied to. Using this modified simulator, ATCO can now be evaluated against cyberattacks.

  • 8.
    Borhani, Mohammad
    et al.
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
    Avgouleas, Ioannis
    Linköping University, Department of Science and Technology, Communications and Transport Systems. Linköping University, Faculty of Science & Engineering.
    Gurtov, Andrei
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
    Optimization of Relay Placement for Scalable Virtual Private LAN Services2022Conference paper (Refereed)
  • 9.
    Borhani, Mohammad
    et al.
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
    Avgouleas, Ioannis
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
    Liyanage, Madhusanka
    School of Computer Science, University College Dublin, Dublin, Ireland.
    Gurtov, Andrei
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
    KDC Placement Problem in Secure VPLS Networks2023In: IEEE Transactions on Information Forensics and Security, ISSN 1556-6013, E-ISSN 1556-6021, Vol. 18, p. 1951-1962Article in journal (Refereed)
    Abstract [en]

    Virtual Private LAN Service (VPLS) is a VPN technology that connects remote client sites with provider networks in a transparent manner. Session key-based HIPLS (S-HIPLS) is a VPLS architecture based on the Host Identity Protocol (HIP) that provides a secure VPLS architecture using a Key Distribution Center (KDC) to implement security mechanisms such as authentication, encryption etc. It exhibits limited scalability though. Using multiple distributed KDCs would offer numerous advantages including reduced workload per KDC, distributed key storage, and improved scalability, while simultaneously eliminating the single point of failure of S-HIPLS. It would also come with the need for optimally placing KDCs in the provider network. In this work, we formulate the KDC placement (KDCP) problem for a secure VPLS network as an Integer Linear Programming (ILP) problem. The latter is NP-hard, thereby suggesting a high computational cost for obtaining exact solutions especially for large deployments. Therefore, we motivate the use of a primal-dual algorithm to efficiently produce near-optimal solutions. Extensive evaluations on large-scale network topologies, such as the random Internet graph, demonstrate our method’s time-efficiency as well as its improved scalability and usefulness compared to both HIPLS and S-HIPLS.

  • 10.
    Borhani, Mohammad
    et al.
    Division of Computer Science and Software Engineering, Mälardalen University, Västerås, Sweden.
    Liyanage, Madhusanka
    School of Computer Science, University College Dublin, Dublin, Ireland; Centre for Wireless Communications, University of Oulu, Oulu, Finland.
    Sodhro, Ali Hassan
    Linköping University, Faculty of Science & Engineering. Linköping University, Department of Computer and Information Science, Database and information techniques.
    Kumar, Pardeep
    Department of Computer Science, Swansea University, Swansea, UK.
    Jurcut, Anca Delia
    School of Computer Science, University College Dublin, Dublin, Ireland.
    Gurtov, Andrei
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering. Centre for Wireless Communications, University of Oulu, Oulu, Finland.
    Secure and resilient communications in the industrial internet2020In: Guide to disaster-resilient communication networks / [ed] Jacek Rak, David Hutchison, Cham: Springer, 2020, p. 219-242Chapter in book (Other academic)
    Abstract [en]

    The Industrial Internet brings the promise of increased efficiency through on-demand manufacturing and maintenance, combining sensors data from engines and industrial devices with big data analysis in the cloud. In this chapter, we survey the main challenges that the Industrial Internet faces from a networking viewpoint. We especially focus on security, as critical industrial components could be exposed over the Internet, affecting resilience. We describe two approaches, Identity-Defined Networking and Software-Defined Virtual Private LAN Services as potential network architectures for the Industrial Internet.

  • 11.
    Borisenko, Konstantin
    et al.
    St Petersburg Electrotech University of LETI, Russia.
    Rukavitsyn, Andrey
    St Petersburg Electrotech University of LETI, Russia.
    Gurtov, Andrei
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering. ITMO University, Russia.
    Shorov, Andrey
    St Petersburg Electrotech University of LETI, Russia.
    Detecting the Origin of DDoS Attacks in OpenStack Cloud Platform Using Data Mining Techniques2016In: Internet of Things, Smart Spaces, and Next Generation Networks and Systems, NEW2AN 2016/uSMART 2016, SPRINGER INT PUBLISHING AG , 2016, Vol. 9870, p. 303-315Conference paper (Refereed)
    Abstract [en]

    The paper presents the results of the design and implementation of detection system against DDoS attacks for OpenStack cloud computing platform. Proposed system uses data mining techniques to detect malicious traffic. Formal models of detecting components are described. To train data mining models real legitimate traffic was combined with modelled malicious one. Paper presents results of detecting the origin of DDoS attacks on cloud instances.

  • 12.
    Chakir, Oumaima
    et al.
    USMS Univ, Morocco.
    Rehaimi, Abdeslam
    USMS Univ, Morocco.
    Sadqi, Yassine
    USMS Univ, Morocco.
    Alaoui, El Arbi Abdellaoui
    Univ Moulay Ismail, Morocco.
    Krichen, Moez
    Al Baha Univ, Saudi Arabia; Univ Sfax, Tunisia.
    Singh Gaba, Gurjot
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
    Gurtov, Andrei
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
    An empirical assessment of ensemble methods and traditional machine for web-based attack detection in 5.02023In: JOURNAL OF KING SAUD UNIVERSITY-COMPUTER AND INFORMATION SCIENCES, ISSN 1319-1578, Vol. 35, no 3, p. 103-119Article in journal (Refereed)
    Abstract [en]

    Cybersecurity attacks that target software have become profitable and popular targets for cybercriminals who consciously take advantage of web-based vulnerabilities and execute attacks that might jeopardize essential industry 5.0 features. Several machine learning-based techniques have been developed in the literature to identify these types of assaults. In contrast to single classifiers, ensemble methods have not been evaluated empirically. To the best of our knowledge, this work is the first empirical evaluation of both homogeneous and heterogeneous ensemble approaches compared to single classifiers for web -based attack detection in industry 5.0, utilizing two of the most realistic public web-based attack data -sets. The authors divided the experiment into three main phases: In the first phase, they evaluated the performance of five well-established supervised machine learning (ML) classifiers. In the second phase, they constructed a heterogeneous ensemble of the three best-performing ML algorithms using max vot-ing and stacking methods. In the third phase, they used four well-known homogeneous ensembles to evaluate the performance of the bagging and boosting method. The results based on the ECML/PKDD 2007 and CSIC HTTP 2010 datasets revealed that bagging, particularly Random Forest, outperformed sin-gle classifiers in terms of accuracy, precision, F-value, FPR, and area of the ROC curve with values of 99.597%, 98.274%, 99.129%, 0.523%, 100 and 99.867%, 99.867%, 99.867%, 0.267%, 100, respectively. In con-trast, single classifiers performed better than boosting and stacking. However, in terms of FPR, the boost-ing exceeded single classifiers. Max voting is appropriate when accuracy, precision, and FPR are the primary concerns, whereas single classifiers can be employed when recall, FNR, training, and prediction times are critical elements. In terms of training time, ensemble approaches are more likely to be affected by data volume than single classifiers. The papers findings will help security researchers and practition-ers identify the most efficient learning techniques for securing web applications. (c) 2023 The Author(s). Published by Elsevier B.V. on behalf of King Saud University. This is an open access article under the CC BY license (http://creativecommons.org/licenses/by/4.0/).

    Download full text (pdf)
    fulltext
  • 13.
    Chiesa, Marco
    et al.
    Catholic University of Louvain, Belgium.
    Nikolaevskiy, Ilya
    Aalto University, Finland.
    Mitrovic, Slobodan
    Ecole Polytech Federal Lausanne, Switzerland.
    Gurtov, Andrei
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering. ITMO University, Russia.
    Madry, Aleksander
    MIT, MA 02139 USA.
    Schapira, Michael
    Hebrew University of Jerusalem, Israel.
    Shenker, Scott
    University of Calif Berkeley, CA 94720 USA; Int Comp Science Institute, CA 94704 USA.
    On the Resiliency of Static Forwarding Tables2017In: IEEE/ACM Transactions on Networking, ISSN 1063-6692, E-ISSN 1558-2566, Vol. 25, no 2, p. 1133-1146Article in journal (Refereed)
    Abstract [en]

    Fast reroute and other forms of immediate failover have long been used to recover from certain classes of failures without invoking the network control plane. While the set of such techniques is growing, the level of resiliency to failures that this approach can provide is not adequately understood. In this paper, we embarked upon a systematic algorithmic study of the resiliency of forwarding tables in a variety of models (i.e., deterministic/probabilistic routing, with packet-headerrewriting, with packet-duplication). Our results show that the resiliency of a routing scheme depends on the "connectivity" k of a network, i.e., the minimum number of link deletions that partition a network. We complement our theoretical result with extensive simulations. We show that resiliency to four simultaneous link failures, with limited path stretch, can be achieved without any packet modification/duplication or randomization. Furthermore, our routing schemes provide resiliency against k - 1 failures, with limited path stretch, by storing log(k) bits in the packet header, with limited packet duplication, or with randomized forwarding technique.

  • 14.
    Eskilsson, Sofie
    et al.
    Linköping University, Department of Computer and Information Science. Linköping University, Faculty of Science & Engineering.
    Gustafsson, Hanna
    Linköping University, Department of Computer and Information Science. Linköping University, Faculty of Science & Engineering.
    Khan, Suleman
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
    Gurtov, Andrei
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
    DEMONSTRATING ADS-B AND CPDLC ATTACKS WITH SOFTWARE-DEFINED RADIO2020In: 2020 INTEGRATED COMMUNICATIONS NAVIGATION AND SURVEILLANCE CONFERENCE (ICNS), IEEE , 2020Conference paper (Refereed)
    Abstract [en]

    Several studies have shown insufficient security in air traffic communication. Controller-Pilot Datalink Communications (CPDLC) is used to communicate in text over the VHF data link, and Automatic Dependent Surveillance Broadcast (ADS-B) determines the position of an aircraft. The vulnerability of air data communication was confirmed by successful experiments using Software-Defined Radio, where both CPDLC and ADS-B messages were transmitted in a safe environment. Neither ADS-B messages nor CPDLC messages are encrypted during transmission. The encoding of FANS-1/A messages was demonstrated, and the experiments showed that it is possible to send such messages with relatively inexpensive technology.

  • 15.
    Esposito, Christian
    et al.
    University of “Federico II”, Napoli, Italy.
    Gouglidis, Antonios
    Lancaster University, Lancaster, United Kingdom.
    Hutchison, David
    Lancaster University, Lancaster, United Kingdom.
    Gurtov, Andrei
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
    Helvik, Bjarne E.
    Norwegian University of Science and Technology, Trondheim, Norway.
    Heegaard, Poul E.
    Norwegian University of Science and Technology, Trondheim, Norway.
    Rizzo, Gianluca
    University of Applied Sciences of Western Switzerland, HES SO Valais, Switzerland.
    Rak, Jacek
    Gdansk University of Technology, Gdansk, Poland.
    On the Disaster Resiliency within the Context of 5G Networks: The RECODIS Experience2018In: On the Disaster Resiliency within the Context of 5G Networks: The RECODIS Experience, Slovenia: IEEE, 2018, p. 1-4Conference paper (Refereed)
    Abstract [en]

    Network communications and the Internet pervade our daily activities so deeply that we strongly depend on the availability and quality of the services they provide. For this reason, natural and technological disasters, by affecting network and service availability, have a potentially huge impact on our daily lives. Ensuring adequate levels of resiliency is hence a key issue that future network paradigms, such as 5G, need to address. This paper provides an overview of the main avenues of research on this topic within the context of the RECODIS COST Action.

  • 16.
    Fuchs, Adel
    et al.
    Jerusalem Coll Technol, Israel.
    Stulman, Ariel
    Jerusalem Coll Technol, Israel.
    Gurtov, Andrei
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
    Hardening Opportunistic HIP2017In: PROCEEDINGS OF THE 20TH ACM INTERNATIONAL CONFERENCE ON MODELLING, ANALYSIS AND SIMULATION OF WIRELESS AND MOBILE SYSTEMS (MSWIM17), ASSOC COMPUTING MACHINERY , 2017, p. 123-127Conference paper (Refereed)
    Abstract [en]

    As mobile and multi-homed devices are becoming ubiquitous, the need for a dynamic, yet secure communication protocol is unavoidable. The Host Identity Protocol (HIP) was constructed to meet this requirement; to provide significantly more secure mobility and multi-homing capabilities. HIP opportunistic mode, which is to be used when other, more trusted mechanisms are lacking, is based on a leap of faith (LoF) paradigm. In this paper, we analyze different Man in the middle (MiTM) attacks which might occur under this LoF, and propose a set of tweaks for hardening opportunistic HIP (HOH) that strengthen opportunistic modes security.

  • 17.
    Fuchs, Adel
    et al.
    Bar Ilan Univ, Israel.
    Stulman, Ariel
    Jerusalem Coll Technol, Israel.
    Gurtov, Andrei
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
    IoT and HIPs Opportunistic Mode2021In: IEEE Transactions on Mobile Computing, ISSN 1536-1233, E-ISSN 1558-0660, Vol. 20, no 4, p. 1434-1448Article in journal (Refereed)
    Abstract [en]

    Key sharing has always been a complex issue. It became even more challenging for the Internet of Things (IoT), where a trusted third party for global management rarely exists. With authentication and confidentiality lacking, things resort to a leap of faith (LoF) paradigm where it is assumed that no attacker is present during the initial configuration. In this paper we focus on the Host Identity Protocol (HIP), specifically designed to provide mobility and multihoming capabilities. Although HIP is normally based on many strict security mechanisms (e.g., DNSSEC), it also provides a better than nothing opportunistic mode, based on the LoF paradigm, which is to be used when other more trusted mechanisms are not available. In this paper, we analyze different MiTM attacks which might occur under this opportunistic mode. Taking advantage of HIPs multihoming capabilities, we propose two key spraying techniques which strengthen the opportunistic modes security. The first technique spreads the four key-exchange messages among different networks, while the second spreads fractions of one of those messages. Evaluation of these techniques is provided, demonstrating the major benefit of our proposal.

  • 18.
    Gaur, Kuntal
    et al.
    Department of Computer Applications, Manipal University Jaipur, India.
    Kalla, Anshuman
    Centre for Wireless Communications, University of Oulu, Finland.
    Grover, Jyoti
    Department of Computer Science and Engineering, Malaviya National Institute of Technology Jaipur, India.
    Borhani, Mohammad
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
    Gurtov, Andrei
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
    Liyanage, Madhusanka
    Centre for Wireless Communications, University of Oulu, Finland; School of Computer Science, University College Dublin, Ireland.
    A Survey of Virtual Private LAN Services (VPLS): Past, Present and Future2021In: Computer Networks, ISSN 1389-1286, E-ISSN 1872-7069, Vol. 196, article id 108245Article in journal (Refereed)
    Abstract [en]

    Virtual Private LAN services (VPLS) is a Layer 2 Virtual Private Network (L2VPN) service that has gained immense popularity due to a number of its features, such as protocol independence, multipoint-to-multipoint mesh connectivity, robust security, low operational cost (in terms of optimal resource utilization), and high scalability. In addition to the traditional VPLS architectures, novel VPLS solutions have been designed leveraging new emerging paradigms, such as Software Defined Networking (SDN) and Network Function Virtualization (NFV), to keep up with the increasing demand. These emerging solutions help in enhancing scalability, strengthening security, and optimizing resource utilization. This paper aims to conduct an in-depth survey of various VPLS architectures and highlight different characteristics through insightful comparisons. Moreover, the article discusses numerous technical aspects such as security, scalability, compatibility, tunnel management, operational issues, and complexity, along with the lessons learned. Finally, the paper outlines future research directions related to VPLS. To the best of our knowledge, this paper is the first to furnish a detailed survey of VPLS.

  • 19.
    Gurtov, Andrei
    et al.
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
    Koskela, Joakim
    Aalto Univ, Finland.
    Korzun, Dmitry
    Petrozavodsk State Univ, Russia.
    Cyclic ranking in single-resource peer-to-peer exchange2018In: Peer-to-Peer Networking and Applications, ISSN 1936-6442, E-ISSN 1936-6450, Vol. 11, no 3, p. 632-643Article in journal (Refereed)
    Abstract [en]

    Peer-to-peer (P2P) sharing systems use incentives for resource exchange to encourage cooperation and ensure fairness. In bilateral strategies, such as BitTorrent Tit-for-Tat or deficit-based FairTorrent, individual decisions of peers utilize direct observations. It may result in low performance and unfair treatment. In this paper, we study a novel exchange strategy that applies Cyclic Ranking (CR). In addition to direct observations, a peer utilizes provision cycles-a shared history of effective exchanges. The PageRank algorithm runs for the locally collected cycles and computes the numerical ranks to estimate the reputation. The CR strategy incrementally augments known incentive-aware strategies. For evaluation we implement CR-BitTorrent and CR-FairTorrent variants. Our simulation model captures the dependence on network bandwidth and the number of seeders as well as selfishness and stability of the participants. The initial experiments show improved fairness and download times, compared to the original BitTorrent and FairTorrent. The performance of selfish and unstable peers decreases by as much as 50%. The CR strategy suits well in environments where direct reciprocity has shown little effect. Contrasted to existing solutions, the CR strategy rewards longevity and stability of peers.

  • 20.
    Gurtov, Andrei
    et al.
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
    Liyanage, Madhusanka
    Centre for Wireless Communications, University of Oulu, Finland.
    Korzun, Dmitry
    Petrozavodsk State University, Petrozavodsk, Kareliya Republits, Russia.
    Secure Communication and Data Processing Challenges in the Industrial Internet2016In: Baltic Journal of Modern Computing, ISSN 2255-8942, E-ISSN 2255-8950, Vol. 4, no 4, p. 1058-1073Article in journal (Refereed)
    Abstract [en]

    The next industrial revolution is foreseen to happen with upcoming Industrial Internet that combines massive data collected by industrial sensors with data analysis for improving the efficiency of operations. Collecting, pre-processing, storing and analyzing such real-time data is a complex task with stringent demands on communication intelligence, QoS and security. In this paper we outline some challenges facing the Industrial Internet, namely integration with 5G wireless networks, Software Defined Machines, ownership and smart processing of digital sensor data. We propose a secure communication architecture for the Industrial Internet based on Smart Spaces and Virtual Private LAN Services. It is a position paper, describing state-of-the-art and a roadmap for future research on the Industrial Internet.

    Download full text (pdf)
    fulltext
  • 21.
    Gurtov, Andrei
    et al.
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
    Polishchuk, Tatiana
    Linköping University, Department of Science and Technology, Communications and Transport Systems. Linköping University, Faculty of Science & Engineering.
    Wernberg, Max
    Linköping University, Department of Science and Technology, Communications and Transport Systems. Linköping University, Faculty of Science & Engineering.
    Controller-Pilot Data Link Communication Security2018In: Sensors, E-ISSN 1424-8220, Vol. 18, no 5, article id 1636Article in journal (Refereed)
    Abstract [en]

    The increased utilization of the new types of cockpit communications, including controller pilot data link communications (CPDLC), puts the airplane at higher risk of hacking or interference than ever before. We review the technological characteristics and properties of the CPDLC and construct the corresponding threat model. Based on the limitations imposed by the system parameters, we propose several solutions for the improved security of the data messaging communication used in air traffic management (ATM). We discuss the applicability of elliptical curve cryptography (ECC), protected aircraft communications addressing and reporting systems (PACARs) and the Host Identity Protocol (HIP) as possible countermeasures to the identified security threats. In addition, we consider identity-defined networking (IDN) as an example of a genuine security solution which implies global changes in the whole air traffic communication system.

    Download full text (pdf)
    fulltext
  • 22.
    Gurtov, Andrei
    et al.
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
    R, Moskowitz
    S, Card
    A., Wiethuechter
    UAS Remote ID, draft-moskowitz-drip-uas-rid-012020Report (Refereed)
  • 23.
    Gurtov, Andrei
    et al.
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
    R., Moskowitz
    S., Card
    A., Wiethuechter
    A., Gurtov
    Secure UAS Network RID and C2 Transport2020Report (Refereed)
  • 24.
    Hansson, Adam
    et al.
    Linköping University.
    Khodari, Mohammad
    Linköping University.
    Gurtov, Andrei
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
    Analyzing Internet-Connected Industrial Equipment2018Conference paper (Refereed)
    Abstract [en]

    The search engine Shodan crawls the Internet to collect banners from Internet connected devices. When making this information publicly available, anyone can search and find these devices. Results from Shodan show that it is not only web or mail servers that are connected, but also industrial Control Systems (ICS) and Internet of Things (IoT) devices. Some of these devices use protocols that were invented more than 20 years ago. These protocols are not designed to be exposed on the Internet and since they lack security mechanisms, they are vulnerable to attacks. With help from Shodan we have searched for vulnerable devices using search queries corresponding to ICS and IoT protocols. To find the security flaws in protocols, we utilized the vulnerability and exploit database Rapid7. Our results indicate that there are several hundreds of online devices that are vulnerable in Sweden.

  • 25.
    Harjula, Erkki
    et al.
    University of Oulu, Finland.
    Gurtov, Andrei
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering. ITMO University, Russia.
    Koskela, Timo
    University of Oulu, Finland.
    Ojala, Timo
    University of Oulu, Finland.
    Ylianttila, Mika
    University of Oulu, Finland.
    Energy-aware load monitoring for improving battery life of mobile peer-to-peer nodes2016In: SUSTAINABLE COMPUTING-INFORMATICS and SYSTEMS, ISSN 2210-5379, Vol. 12, p. 43-54Article in journal (Refereed)
    Abstract [en]

    In this article, we propose an energy -aware load monitoring model, called e-Mon, for enabling energy aware load balancing in Peer-to-Peer (P2P) systems. P2P is a scalable and self-organizing technology for utilizing computational resources of the end-user devices for the benefit of a computing system. In P2P systems, the need for fair balance of load is crucial since the end-users need to be incentivized to participate in the system. The short battery life, caused by additional strain on the computational resources of the end-user devices, is a significant negative incentive factor for mobile end-users of current P2P systems. The e-Mon model, proposed in this article, enables moving load from energy-critical to less energy-critical nodes in P2P systems. This is done by including the energy status of a peer node as one of the factors defining a nodes load. The model helps saving the energy of mobile P2P nodes, particularly in cases when the remaining battery capacity is low. The article provides a thorough energy efficiency evaluation demonstrating that e-Mon can significantly improve the battery life of mobile nodes by improving the quality and fairness of load balance between heterogeneous nodes. With a proper selection of a load balancing model for the application scenario, e-Mon is shown to achieve up to 470% battery life extension compared to the case with traditional load balancing with no battery monitoring. (C) 2016 Elsevier Inc. All rights reserved.

  • 26.
    Hasselquist, David
    et al.
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
    Lindstrom, Christoffer
    Linköping University, Faculty of Science & Engineering.
    Korzhitskii, Nikita
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
    Carlsson, Niklas
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
    Gurtov, Andrei
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
    QUIC Throughput and Fairness over Dual Connectivity2022In: Computer Networks, ISSN 1389-1286, E-ISSN 1872-7069, Vol. 219Article in journal (Refereed)
    Abstract [en]

    Dual Connectivity (DC) is an important lower-layer feature accelerating the transition from 4G to 5G that also is expected to play an important role in standalone 5G radio networks. However, even though the packet reordering introduced by DC can significantly impact the performance of upper-layer protocols, no prior work has studied the impact of DC on QUIC. In this paper, we present the first such performance study. Using a series of throughput and fairness experiments, we show how QUIC is affected by different DC parameters, network conditions, and whether the DC implementation aims to improve throughput or reliability. Results for two QUIC implementations (aioquic, ngtcp2) and two congestion control algorithms (NewReno, CUBIC) are presented under both static and highly time-varying network conditions Our findings provide network operators with insights and understanding into the impacts of splitting QUIC traffic in a DC environment. With reasonably selected DC parameters and increased UDP receive buffers, QUIC over DC performs similarly to TCP over DC and achieves optimal fairness under symmetric link conditions when DC is not used for packet duplication. The insights can help network operators provide modern users with better end-to-end service when deploying DC.

    Download full text (pdf)
    fulltext
  • 27.
    Hasselquist, David
    et al.
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
    Lindström, Christoffer
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
    Korzhitskii, Nikita
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
    Gurtov, Andrei
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
    Carlsson, Niklas
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
    QUIC Throughput and Fairness over Dual Connectivity2020In: Symposium on Modelling, Analysis, and Simulation of Computer and Telecommunication Systems (MASCOTS), Springer, 2020Conference paper (Refereed)
    Abstract [en]

    Dual Connectivity (DC) is an important lower-layer feature accelerating the transition from 4G to 5G that also is expected to play an important role in standalone 5G. However, even though the packet reordering introduced by DC can significantly impact the performance of upper-layer protocols, no prior work has studied the impact of DC on QUIC. In this paper, we present the first such performance study. Using a series of throughput and fairness experiments, we show how QUIC is affected by different DC parameters, network conditions, and whether the DC implementation aims to improve throughput or reliability. Our findings provide insights into the impacts of splitting QUIC traffic in a DC environment. With reasonably selected DC parameters and increased UDP receive buffers, QUIC over DC performs similarly to TCP over DC and achieves optimal fairness under symmetric link conditions when DC is not used for packet duplication. 

  • 28.
    Hasselquist, David
    et al.
    Linköping University, Department of Computer and Information Science, Software and Systems. Linköping University, Faculty of Science & Engineering.
    Rawat, Abhimanyu
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
    Gurtov, Andrei
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
    Trends and Detection Avoidance of Internet-Connected Industrial Control Systems2019In: IEEE Access, E-ISSN 2169-3536, Vol. 7, p. 155504-155512Article in journal (Refereed)
    Abstract [en]

    The search engine Shodan crawls the Internet for, among other things, Industrial Control Systems (ICS). ICS are devices used to operate and automate industrial processes. Due to the increasing popularity of the Internet, these devices are getting more and more connected to the Internet. These devices will, if not hidden, be shown on Shodan. This study uses Shodan, together with data found by other researches to plot the trends of these ICS devices. The studied trends focus on the country percentage distribution and the usage of ICS protocols. The results show that all studied countries, except the United States, have decreased their percentage of world total ICS devices. We suspect that this does not represent the real story, as companies are getting better at hiding their devices from online crawlers. Our results also show that the usage of old ICS protocols is increasing. One of the explanations is that industrial devices, running old communication protocols, are increasingly getting connected to the Internet. In addition to the trend study, we evaluate Shodan by studying the time it takes for Shodan to index one of our devices on several networks. We also study ways of avoiding detection by Shodan and show that, by using a method called port knocking, it is relatively easy for a device to hide from Shodan, but remain accessible for legitimate users.

    Download full text (pdf)
    fulltext
  • 29.
    Islam, Hasan M. A.
    et al.
    Aalto Univ, Finland.
    Lagutin, Dmitrij
    Aalto Univ, Finland.
    Lukyanenko, Andrey
    Aalto Univ, Finland.
    Gurtov, Andrei
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
    Yla-Jaaski, Antti
    Aalto Univ, Finland.
    CIDOR: Content Distribution and Retrieval in Disaster Networks for Public Protection2017In: 2017 IEEE 13TH INTERNATIONAL CONFERENCE ON WIRELESS AND MOBILE COMPUTING, NETWORKING AND COMMUNICATIONS (WIMOB), IEEE , 2017, p. 324-333Conference paper (Refereed)
    Abstract [en]

    Information-Centric Networking (ICN) introduces a paradigm shift from a host centric communication model for Future Internet architectures. It supports the retrieval of a particular content regardless of the physical location of the content. Emergency network in a disaster scenario or disruptive network presents a significant challenge to the ICN deployment. In this paper, we present a Content dIstribution and retrieval framework in disaster netwOrks for public pRotection (CIDOR) which exploits the design principle of the native CCN architecture in the native Delay Tolerant Networking (DTN) architecture. We prove the feasibility and investigate the performance of our proposed solution using extensive simulation with different classes of the DTN routing strategies in different mobility scenarios. The simulation result shows that CIDOR can reduce the content retrieval time up to 50% while the response ratio is close to 100%.

  • 30.
    Islam, Hasan Mahmood Aminul
    et al.
    Aalto Univ, Finland.
    Lagutin, Dmitrij
    Aalto Univ, Finland.
    Yla-Jaaski, Antti
    Aalto Univ, Finland.
    Fotiou, Nikos
    Athens Univ Econ and Business, Greece.
    Gurtov, Andrei
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
    Transparent CoAP Services to IoT Endpoints through ICN Operator Networks2019In: Sensors, E-ISSN 1424-8220, Vol. 19, no 6, article id 1339Article in journal (Refereed)
    Abstract [en]

    The Constrained Application Protocol (CoAP) is a specialized web transfer protocol which is intended to be used for constrained networks and devices. CoAP and its extensions (e.g., CoAP observe and group communication) provide the potential for developing novel applications in the Internet-of-Things (IoT). However, a full-fledged CoAP-based application may require significant computing capability, power, and storage capacity in IoT devices. To address these challenges, we present the design, implementation, and experimentation with the CoAP handler which provides transparent CoAP services through the ICN core network. In addition, we demonstrate how the CoAP traffic over an ICN network can unleash the full potential of the CoAP, shifting both overhead and complexity from the (constrained) endpoints to the ICN network. The experiments prove that the CoAP Handler helps to decrease the required computation complexity, communication overhead, and state management of the CoAP server.

    Download full text (pdf)
    fulltext
  • 31.
    Kashevnik, Alexey
    et al.
    ITMO Univ, Russia; Russian Acad Sci SPIIRAS, Russia.
    Lashkov, Igor
    ITMO Univ, Russia; Russian Acad Sci SPIIRAS, Russia.
    Gurtov, Andrei
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering. ITMO Univ, Russia.
    Methodology and Mobile Application for Driver Behavior Analysis and Accident Prevention2020In: IEEE transactions on intelligent transportation systems (Print), ISSN 1524-9050, E-ISSN 1558-0016, Vol. 21, no 6, p. 2427-2436Article in journal (Refereed)
    Abstract [en]

    This paper presents a methodology and mobile application for driver monitoring, analysis, and recommendations based on detected unsafe driving behavior for accident prevention using a personal smartphone. For the driver behavior monitoring, the smartphones cameras and built-in sensors (accelerometer, gyroscope, GPS, and microphone) are used. A developed methodology includes dangerous state classification, dangerous state detection, and a reference model. The methodology supports the following drivers online dangerous states: distraction and drowsiness as well as an offline dangerous state related to a high pulse rate. We implemented the system for Android smartphones and evaluated it with ten volunteers.

  • 32.
    Kashevnik, Alexey
    et al.
    ITMO Univ, Russia; SPIIRAS, Russia.
    Lashkov, Igor
    SPIIRAS, Russia.
    Ponomarev, Andrew
    SPIIRAS, Russia.
    Teslya, Nikolay
    SPIIRAS, Russia.
    Gurtov, Andrei
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering. ITMO Univ, Russia.
    Cloud-Based Driver Monitoring System Using a Smartphone2020In: IEEE Sensors Journal, ISSN 1530-437X, E-ISSN 1558-1748, Vol. 20, no 12, p. 6701-6715Article in journal (Refereed)
    Abstract [en]

    The paper presents an approach and case study of a distributed driver monitoring system. The system utilizes smartphone sensors for detecting dangerous states for a driver in a vehicle. We use a mounted smartphone on a vehicle windshield directed towards the drivers face tracked by the front-facing camera. Using information from camera video frames as well as other sensors, we determine drowsiness, distraction, aggressive driving, and high pulse rate dangerous states that can lead to road accidents. We propose a cloud system architecture to capture statistics from vehicle drivers, analyze it and personalize the smartphone application for the driver. The cloud service provides reports on driver trips as well as statistics to developers. This allows to monitor and improve the system by developing modules for personification and taking into account context situation. We identified statistically that the driver eye closeness is related to the light brightness and drowsiness recognition should be adjusted accordingly.

  • 33.
    Khan, Suleman
    et al.
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
    Gaba, Gurjot Singh
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
    Braeken, An
    Vrije Universiteit Brussel, Brussels, Belgium.
    Kumar, Pardeep
    Swansea University, Swansea, UK.
    Gurtov, Andrei
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
    AKAASH: A realizable authentication, key agreement, and secure handover approach for controller-pilot data link communications2023In: International Journal of Critical Infrastructure Protection, ISSN 1874-5482, E-ISSN 2212-2087, Vol. 42, article id 100619Article in journal (Refereed)
    Abstract [en]

    Controller-Pilot Data Link Communications (CPDLC) are rapidly replacing voice-based Air Traffic Control (ATC) communications worldwide. Being digital, CPDLC is highly resilient and bandwidth efficient, which makes it the best choice for traffic-congested airports. Although CPDLC initially seems to be a perfect solution for modern-day ATC operations, it suffers from serious security issues. For instance, eavesdropping, spoofing, man-in-the-middle, message replay, impersonation attacks, etc. Cyber attacks on the aviation communication network could be hazardous, leading to fatal aircraft incidents and causing damage to individuals, service providers, and the aviation industry. Therefore, we propose a new security model called AKAASH, enabling several paramount security services, such as efficient and robust mutual authentication, key establishment, and a secure handover approach for the CPDLC-enabled aviation communication network. We implement the approach on hardware to examine the practicality of the proposed approach and verify its computational and communication efficiency and efficacy. We investigate the robustness of AKAASH through formal (proverif) and informal security analysis. The analysis reveals that the AKAASH adheres to the CPDLC standards and can easily integrate into the CPDLC framework.

    Download full text (pdf)
    fulltext
  • 34.
    Khan, Suleman
    et al.
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
    Gurtov, Andrei
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
    Breaken, An
    Vrije Univ Brussel VUB, Belgium.
    Kumar, Pardeep
    Swansea Univ, Wales.
    A SECURITY MODEL FOR CONTROLLER-PILOT DATA COMMUNICATION LINK2021In: 2021 INTEGRATED COMMUNICATIONS NAVIGATION AND SURVEILLANCE CONFERENCE (ICNS), IEEE , 2021Conference paper (Refereed)
    Abstract [en]

    Communication systems in aviation tend to focus on safety rather than security. Protocols such as ADS-B are known to use plain-text, unauthenticated messages and thus are open to various attacks. Controller-Pilot Data Communication Link is no exception and was shown vulnerable also in practice. In this paper, we propose a cryptographic mechanism to provide secure mobility for CPDLC that can enable data encryption and authentication. The protocol is formally verified with the Proverif tool. We also estimate the byte overhead in CPDLC use.

  • 35.
    Khan, Suleman
    et al.
    Air Univ, Pakistan.
    Kifayat, Kashif
    Air Univ, Pakistan.
    Kashif Bashir, Ali
    Manchester Metropolitan Univ, England.
    Gurtov, Andrei
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
    Hassan, Mehdi
    Air Univ, Pakistan.
    Intelligent intrusion detection system in smart grid using computational intelligence and machine learning2021In: European transactions on telecommunications, ISSN 1124-318X, E-ISSN 2161-3915, Vol. 32, no 6, article id e4062Article in journal (Refereed)
    Abstract [en]

    Smart grid systems enhanced the capability of traditional power networks while being vulnerable to different types of cyber-attacks. These vulnerabilities could cause attackers to crash into the network breaching the integrity and confidentiality of the smart grid systems. Therefore, an intrusion detection system (IDS) becomes an important way to provide a secure and reliable services in a smart grid environment. This article proposes a feature-based IDS for smart grid systems. The proposed system performance is evaluated in terms of accuracy, intrusion detection rate (DR), and false alarm rate (FAR). The obtained results show that the random forest and neural network classifiers have outperformed other classifiers. We have achieved a 0.5% FAR on KDD99 dataset and a 0.08% FAR on the NSLKDD dataset. The DR and the testing accuracy on average are 99% for both datasets.

  • 36.
    Khan, Suleman
    et al.
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
    Kumar, Pardeep
    Swansea Univ, Wales.
    An, Breaken
    Vrije Univ Brussel VUB, Belgium.
    Gurtov, Andrei
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
    POSTER: FL-Guard: A Federated Learning Based Ground-AirSecure Communication Model For Future Aviation Network2022Conference paper (Refereed)
    Abstract [en]

    L-band Digital Aeronautical Communication System (LDACS) is a newly proposed modern state-of-the-art system that will enable communication, navigation, and surveillance in the future aviation network. The current LDACS system does not prevent and detect intrusion within the LDACS domain. Therefore, it may suffer from various cyber-attacks, including spoofing, injection and many more attacks. To the best of our knowledge, this paper proposes the first federated learning-based attack detection model, called FL-Guard, for LDACS. Our proposed model exploits a federated learning environment and uses a deep neural network (DNN) to detect possible attacks on LDACS-based Air-Ground communication. FL-Guardis was simulated on a network of four aeroplanes, and the preliminary results show that the proposed model can detect attacks with 89 % accuracy.

  • 37.
    Khan, Suleman
    et al.
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
    Singh Gaba, Gurjot
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
    Gurtov, Andrei
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
    A Federated Learning Based Privacy-Preserving Intrusion Detection System For The Cpdlc2022Conference paper (Other academic)
    Abstract [en]

    The safety of the passengers and goods in airplanes depends upon a number of combined factors. An airplane's condition and the pilot's experience are pivotal, but another very crucial element is the synchronization among the pilots and the air traffic controller (ATC). The communication link between the two carries many uncertain aspects.  The aviation sector often tends to give more priority to safety rather than cybersecurity.  Although the controller-pilot data communication link (CPDLC) system has been proposed for consistent and reliable communication recently, it has some serious drawbacks. In this paper, we highlight the shortcomings of the CPDLC system from a cyber security perspective. We propose a federated learning-based privacy-preserving intrusion detection system (IDS) to protect the CPDLC from uplink and downlink cyber attacks. To ensure a realistic and viable solution, we created our own training dataset by eavesdropping on the air-ground communication at a site near Arlanda airport, Sweden. The anomaly detection model constructed through federated learning has achieved higher accuracy, precision, recall and F1 score as compared to the centrally and locally trained models, enabling higher security. Due to the lower training loss and time, the proposed approach is highly suitable for the sensitive aviation communications.

  • 38.
    Khan, Suleman
    et al.
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
    Singh, Gurjot
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
    Gurtov, Andrei
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
    Maeurer, Nils
    German Aerosp Ctr DLR, Germany.
    Graeupl, Thomas
    German Aerosp Ctr DLR, Germany.
    Schmitt, Corinna
    Univ Bundeswehr Munchen, Germany.
    Enhancing Cybersecurity for LDACS: a Secure and Lightweight Mutual Authentication and Key Agreement Protocol2023In: 2023 IEEE/AIAA 42ND DIGITAL AVIONICS SYSTEMS CONFERENCE, DASC, IEEE , 2023Conference paper (Refereed)
    Abstract [en]

    The aviation industry faces significant challenges due to rising global air travel demand. Frequency saturation in Air Traffic Management (ATM) leads to communication problems, necessitating the enhancement of traditional systems. The Single European Sky ATM Research (SESAR) initiative, backed by the European Commission, aims to digitize ATM, with the L-band Digital Aeronautical Communications System (LDACS) as a key component. LDACS aims to improve communication, enhance surveillance, and optimize airspace usage for safer, more efficient ATM. Although LDACS is protected against most cyberattacks, a critical security objective, anonymity, is currently overlooked. To strengthen LDACS's security, robust authentication mechanisms, Post-Quantum security, and measures to ensure aircraft anonymity are crucial. Therefore, we propose a comprehensive security framework to enhance LDACS's cybersecurity, focusing on mutual authentication and key agreement. The protocol uses Physical Unclonable Function (PUF) for robust mutual authentication and Bit-flipping Key Encapsulation (BIKE) for secure session key establishment utilizing Post-Quantum Cryptography (PQC). This framework ensures anonymity and secure communication between aircraft and ground stations while minimizing message exchange, latency, and data overhead. An informal security analysis confirms our proposed framework's potential to augment the efficiency and security of ATM operations.

  • 39.
    Khan, Suleman
    et al.
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
    Thorn, Joakim
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
    Wahlgren, Alex
    Linköping University, Department of Computer and Information Science. Linköping University, Faculty of Science & Engineering.
    Gurtov, Andrei
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
    Intrusion Detection in Automatic Dependent Surveillance-Broadcast (ADS-B) with Machine Learning2021In: 2021 IEEE/AIAA 40TH DIGITAL AVIONICS SYSTEMS CONFERENCE (DASC), IEEE , 2021Conference paper (Refereed)
    Abstract [en]

    Communication systems in aviation tend to focus on safety rather than security. Protocols such as Automatic Dependent Surveillance-Broadcast (ADS-B) use plain-text, unauthenticated messages and, therefore, open to various attacks. The open and shared nature of the ADS-B protocol makes its messages extremely vulnerable to various security threats, such as jamming, flooding, false information, and false Squawk attacks. To handle this security issue in the ADS-B system, a state-of-theart dataset is required to train the ADS-B system against these attacks using machine learning algorithms. Therefore, we generated the dataset with four new attacks: name jumping attack, false information attack, false heading attack, and false squawk attack. After the dataset generation, we performed some data pre-processing steps, including removing missing values, removing outliers from data, and data transformation. After pre-processing, we applied three machine learning algorithms. Logistic regression, Naive Bayes, and K-Nearest Neighbor (KNN) are used in this paper. We used accuracy, precision, recall, F1-Score, and false alarm rate (FAR) to evaluate the performance of machine learning algorithms. KNN outperformed Naive Bayes and logistic regression algorithms in terms of the results. We achieved 0% FAR for anomaly messages, and for normal ADS-B messages, we achieved 0.10% FAR, respectively. On average more than 99.90% accuracy, precision, recall, and F1-score are achieved using KNN for both normal and anomaly ADS-B messages.

  • 40.
    Korzun, Dmitry
    et al.
    Department of Computer Science, Petrozavodsk State University, Petrozavodsk, Russian Federation.
    Kuptsov, Dmitriy
    Helsinki Institute for Information Technology, Helsinki, Finland.
    Gurtov, Andrei
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
    A comparative simulation study of deterministic and stochastic strategies for reduction of packet reordering in multipath data streaming2016In: International journal of simulation. Systems, Science and Technology, ISSN 1473-8031, E-ISSN 1473-804X, Vol. 17, no 33, p. 10.1-10.8Article in journal (Refereed)
    Abstract [en]

    Multipath routing gains clear network performance advantages for data streaming in networked systems with high path diversity. The level of packet reordering, however, becomes higher: distant packets are reordered, the application performance is reduced due to head-of-line blocking at the destination, and a large resequencing buffer is needed for sorting incoming packets. In this paper, we study by simulation the stochastic compensation effect to reduce packet reordering. If a source randomizes packet scheduling into multiple paths of random transmission delays, then these two sides of randomness “quench” each other. We perform comparison experiments to test this hypothesis in various multipath configurations, focusing on deterministic vs. randomized strategies of packet scheduling. The experiments confirm the existence of the stochastic compensation effect and its considerable influence on the application performance. © 2016, UK Simulation Society. All rights reserved.

  • 41.
    Kumar, Pardeep
    et al.
    University of Oxford, England.
    Braeken, An
    Vrije University of Brussel, Belgium.
    Gurtov, Andrei
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering. ITMO University, Russia.
    Iinatti, Jari
    University of Oulu, Finland.
    Hoai Ha, Phuong
    University of Tromso, Norway.
    Anonymous Secure Framework in Connected Smart Home Environments2017In: IEEE Transactions on Information Forensics and Security, ISSN 1556-6013, E-ISSN 1556-6021, Vol. 12, no 4, p. 968-979Article in journal (Refereed)
    Abstract [en]

    The smart home is an environment, where heterogeneous electronic devices and appliances are networked together to provide smart services in a ubiquitous manner to the individuals. As the homes become smarter, more complex, and technology dependent, the need for an adequate security mechanism with minimum individuals intervention is growing. The recent serious security attacks have shown how the Internet-enabled smart homes can be turned into very dangerous spots for various ill intentions, and thus lead the privacy concerns for the individuals. For instance, an eavesdropper is able to derive the identity of a particular device/appliance via public channels that can be used to infer in the life pattern of an individual within the home area network. This paper proposes an anonymous secure framework (ASF) in connected smart home environments, using solely lightweight operations. The proposed framework in this paper provides efficient authentication and key agreement, and enables devices (identity and data) anonymity and unlinkability. One-time session key progression regularly renews the session key for the smart devices and dilutes the risk of using a compromised session key in the ASF. It is demonstrated that computation complexity of the proposed framework is low as compared with the existing schemes, while security has been significantly improved.

  • 42.
    Kumar, Pardeep
    et al.
    UiT Arctic University of Norway, Norway.
    Gurtov, Andrei
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering. ITMO University, Russia.
    Iinatti, Jari
    University of Oulu, Finland.
    Sain, Mangal
    Dongseo University, South Korea.
    Ha, Phuong H.
    UiT Arctic University of Norway, Norway.
    Access Control Protocol With Node Privacy in Wireless Sensor Networks2016In: IEEE Sensors Journal, ISSN 1530-437X, E-ISSN 1558-1748, Vol. 16, no 22, p. 8142-8150Article in journal (Refereed)
    Abstract [en]

    For preventing malicious nodes joining wireless sensor networks (WSNs), an access control mechanism is necessary for the trustworthy cooperation between the nodes. In addition to access control, recently, privacy has been an important topic regarding how to achieve privacy without disclosing the real identity of communicating entities in the WSNs. Based on elliptic curve cryptography, in this paper, we present an access control protocol with node privacy (called ACP) for the WSN. The proposed scheme not only accomplishes the node authentication but also provides the identity privacy (i.e., source to destination and vice-versa) for the communicating entities. Compared with the current state of the art, the proposed solution can defend actively against attacks. The efficacy and the efficiency of the proposed ACP are confirmed through the test bed analysis and performance evaluations.

  • 43.
    Kumar, Pardeep
    et al.
    University of Oxford, Oxford, United Kingdom.
    Gurtov, Andrei
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering. ITMO University, Saint Petersburg, Russian Federation.
    Sain, Mangal
    Dongseo University, South Korea.
    Martin, Andrew
    University of Oxford, Oxford, United Kingdom.
    Ha, Phuong H.
    Arctic University of Norway, Norway.
    Lightweight Authentication and Key Agreement for Smart Metering in Smart Energy Networks2019In: IEEE Transactions on Smart Grid, ISSN 1949-3053, E-ISSN 1949-3061, Vol. 10, no 4, p. 4349-4359Article in journal (Refereed)
    Abstract [en]

    Smart meters are considered as foundational part of the smart metering infrastructure (SMI) in smart energy networks. Smart meter is a digital device that makes use of twoway communication between consumer and utility to exchange, manage and control energy consumptions within a home. However, despite all the features, a smart meter raises several securityrelated concerns. For instance, how to exchange data between the legal entities (e.g., smart meter and utility server) while maintaining privacy of the consumer. To address these concerns, authentication and key agreement in SMI can provide important security properties that not only to maintain a trust between the legitimate entities but also to satisfy other security services. This work presents a lightweight authentication and key agreement (LAKA) that enables trust, anonymity, integrity and adequate security in the domain of smart energy network. The proposed scheme employs hybrid cryptography to facilitate mutual trust (authentication), dynamic session key, integrity, and anonymity. We justify the feasibility of the proposed scheme with a testbed using 802.15.4 based device (i.e., smart meter). Moreover, through the security and performance analysis, we show that the proposed scheme is more effective and energy efficient compared to the previous schemes.

    Download full text (pdf)
    fulltext
  • 44.
    Lehto, Andre
    et al.
    Linköping University, Department of Computer and Information Science. Linköping University, Faculty of Science & Engineering.
    Sestorp, Isak
    Linköping University, Department of Computer and Information Science. Linköping University, Faculty of Science & Engineering.
    Khan, Suleman
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
    Gurtov, Andrei
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
    CONTROLLER PILOT DATA LINK COMMUNICATION SECURITY: A PRACTICAL STUDY2021In: 2021 INTEGRATED COMMUNICATIONS NAVIGATION AND SURVEILLANCE CONFERENCE (ICNS), IEEE , 2021Conference paper (Refereed)
    Abstract [en]

    Controller-Pilot Data Link Communication, a technology that has been introduced to help offload the congested VHF voice communication in larger airports, is being questioned on its sufficiency in security. As the traffic load in air traffic communication keeps demanding more reliable and secure systems, we in this paper look at how widely CPDLC is actually used in practice in Europe. By using the newly introduced technology in software defined radios, we show that it is possible to capture and decode CPDLC messages to readable plain text. Furthermore, we discuss which type of attacks could be possible with information retrieved from CPDLC communication.

  • 45.
    Liyanage, Madhusanka
    et al.
    University of Oulu, Finland.
    Braeken, An
    Vrije University of Brussel, Belgium.
    Delia Jurcut, Anca
    University of Coll Dublin, Ireland.
    Ylianttila, Mika
    University of Oulu, Finland.
    Gurtov, Andrei
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering. ITMO University, Russia.
    Secure communication channel architecture for Software Defined Mobile Networks2017In: Computer Networks, ISSN 1389-1286, E-ISSN 1872-7069, Vol. 114, p. 32-50Article in journal (Refereed)
    Abstract [en]

    A Software-Defined Mobile Network (SDMN) architecture is proposed to enhance the performance, flexibility, and scalability of todays telecommunication networks. However, SDMN features such as centralized controlling, network programmability, and virtualization introduce new security challenges to telecommunication networks. In this article, we present security challenges related to SDMN communication channels (i.e., control and data channel) and propose a novel secure communication channel architecture based on Host Identity Protocol (HIP). IPsec tunneling and security gateways are widely utilized in present-day mobile networks to secure backhaul communication channels. However, the utilization of legacy IPsec mechanisms in SDMNs is challenging due to limitations such as distributed control, lack of visibility, and limited scalability. The proposed architecture also utilizes IPsec tunnels to secure the SDMN communication channels by eliminating these limitations. The proposed architecture is implemented in a testbed and we analyzed its security features. The performance penalty of security due to the proposed security mechanisms is measured on both control and data channels. (C) 2017 Elsevier B.V. All rights reserved.

  • 46.
    Liyanage, Madhusanka
    et al.
    University of Oulu, Finland.
    Bux Abro, Ahmed
    VMware, CA USA.
    Ylianttila, Mika
    University of Oulu, Finland.
    Gurtov, Andrei
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering. ITMO University, Russia.
    Opportunities and Challenges of Software-Defined Mobile Networks in Network Security2016In: IEEE Security and Privacy, ISSN 1540-7993, E-ISSN 1558-4046, Vol. 14, no 4, p. 34-44Article in journal (Refereed)
    Abstract [en]

    To transform rigid and disparate legacy mobile networks into scalable and dynamic ecosystems, software-defined mobile network (SDMN) architecture integrates software-defined networks, network functions virtualization, and cloud computing principles. However, because SDMN architecture separates control and data planes, it can introduce new security challenges.

  • 47.
    Liyanage, Madhusanka
    et al.
    University College Dublin, Ireland; University of Oulu, Finland.
    Sodhro, Ali Hassan
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
    Kumar, Pardeep
    Swansea University, Swansea, United Kingdom.
    Jurcut, Anca Delia
    University College Dublin, Ireland.
    Gurtov, Andrei
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
    Securing the Communication of Industrial Internet2020In: Guide to Disaster-resilient Communication Networks / [ed] Rak, Jacek, Hutchison, David, Springer, 2020Chapter in book (Refereed)
    Abstract [en]

    The popularity of new cyber-physical systems such as Industrial Internetor Industrial Internet of Things (IIoT) in new applications is creating new requirementssuch as high security, enhanced scalability, and optimal utilization of networkresources, efficient energy management and low operational cost. Specifically, theincreasing number of connected devices and new services will result in the increasingcapacity requirements for the cyber-physical systems. Thus, accommodating thesecure connectivity for this expected traffic growth is an imminent requirement offuture cyber-physical systems. Although the existing secure communication architecturesare able to provide a sufcient level of security, they are suffering from limitationssuch as limited scalability, over utilization of network resources and highoperational cost, mainly due to the complex and static security management procedures.On these grounds, SDN and NFV are promising technologies which areexpected to solve the limitations in current communication networks. The pursuit ofa cohesive cyber security strategy will minimize the risks and enable society to take advantage of the opportunities associated with the IIoT. In this chapter, we presentsthe possible secure connectivity solutions for IIoT/Industrial Internet.

  • 48.
    Liyanage, Madhusanka
    et al.
    Univ Oulu, Finland.
    Ylianttila, Mika
    Univ Oulu, Finland.
    Gurtov, Andrei
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
    Enhancing Security, Scalability and Flexibility of Virtual Private LAN Services2017In: 2017 IEEE INTERNATIONAL CONFERENCE ON COMPUTER AND INFORMATION TECHNOLOGY (CIT), IEEE , 2017, p. 286-291Conference paper (Refereed)
    Abstract [en]

    Ethernet based VPLS (Virtual Private LAN Service) networks are now becoming attractive in many enterprise applications due to simple, protocol-independent and cost efficient operation. However, new VPLS applications demand additional requirements, such as elevated security, enhanced scalability and improved flexibility. This paper summarized the results of a thesis which focused to increase the scalability, flexibility and compatibility of secure VPLS networks. First, we propose a scalable secure flat-VPLS architecture based on Host Identity Protocol (HIP) to increase the forwarding and security plane scalability. Then, a secure hierarchical-VPLS architecture has been proposed by extending the previous proposal to achieve control plane scalability as well. To solve the compatibility issues of Spanning Tree Protocol (STP) in VPLS networks, a novel Distributed STP (DSTP) is proposed. Lastly, we propose a novel SDN (Software Defined Networking) based VPLS (SoftVPLS) architecture to overcome tunnel management limitations in legacy secure VPLS architectures. Simulation models and testbed implementations are used to verify the performance of proposed solutions.

  • 49.
    Liyanage, Madhusanka
    et al.
    Univ Oulu, Finland.
    Ylianttila, Mika
    Univ Oulu, Finland.
    Gurtov, Andrei
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
    Fast Transmission Mechanism for Secure VPLS Architectures2017In: 2017 IEEE INTERNATIONAL CONFERENCE ON COMPUTER AND INFORMATION TECHNOLOGY (CIT), IEEE , 2017, p. 192-196Conference paper (Refereed)
    Abstract [en]

    Ethernet based secure VPLS (Virtual Private LAN Services) networks require to establish full mesh of VPLS tunnels between the customer sites. However, the tunnel establishment between geographically distant customer sites introduces a significantly high delay to the user traffic transportation. In this article, we propose a novel fast transmission mechanism for secure VPLS architectures to reduce the waiting time before transmitting the data and the average data transmission delay between geographically distant customer sites. The performance of proposed mechanism is analyzed by using a simulation model and a testbed implementation.

  • 50.
    Liyanage, Madhusanka
    et al.
    Univ Oulu, Finland.
    Ylianttila, Mika
    Univ Oulu, Finland.
    Gurtov, Andrei
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
    Software Defined VPLS Architectures: Opportunities and Challenges2017In: 2017 IEEE 28TH ANNUAL INTERNATIONAL SYMPOSIUM ON PERSONAL, INDOOR, AND MOBILE RADIO COMMUNICATIONS (PIMRC), IEEE , 2017Conference paper (Refereed)
    Abstract [en]

    Virtual Private LAN Services (VPLS) is an Ethernet based VPN (Virtual Private Network) service which provides protocol independent and high speed multipoint-to-multipoint connectivity. In this article, we discuss the possibility to use emerging networks concepts such as Software Defined Networking (SDN) and Network Function Virtualization (NFV) to improve the performance, flexibility and adaptability of VPLS networks. SDN and NFV based VPLS (SoftVPLS) architectures offer new features such as centralized control, network programmability and abstraction to improve the performance, flexibility and automation of traffic, security and network management functions for future VPLS networks.

12 1 - 50 of 72
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • oxford
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf