Zubair Md. Fadlullah,Chao Wei,Zhiguo Shi,Nei Kato

DOI: https://doi.org/10.1109/TWC.2016.2636186

2017-01-01

Abstract:Recently, numerous real-time, data-rich, and differentiated applications and services have appeared in the next-generation Heterogeneous Networks. As a result, the number of potentially “untrusted” connections to the mobile operator’s core network is expected to dramatically increase. Therefore, the operators must provide adequate security, without significantly affecting the quality of service (QoS). Hence, joint consideration of QoS and security is a critical research issue. However, due to their difficult-to-model conflicting objectives, existing research works have often dealt with them separately. In this paper, we address this problem, formally formulate it, and envision GT-QoSec, a game-theoretic joint optimization of QoS and security. Using GT-QoSec, the mobile user equipment (UE) and their servicing base stations (eNBs) play games with each other. Thus, the UE obtains a balanced set of QoS and security levels while the eNBs maximize their bandwidth utilization. Extensive analysis and simulation results are presented to evaluate the performance of GT-QoSec in contrast with several conventional methods.

Zubair Md Fadlullah,Chao Wei,Zhiguo Shi,Nei Kato

DOI: https://doi.org/10.1109/mwc.2016.7498077

IF: 12.777

2016-01-01

IEEE Wireless Communications

Abstract:The recent proliferation of various new real-time and latency-sensitive applications and differentiated services, surge of mobile traffic, and emergence of next generation Het-Nets are anticipated to exponentially increase the number of potentially "untrusted" links to the operator's core network. Therefore, mobile broadband operators need to provide much needed security without sacrificing the network performance which calls for the joint provisioning of QoS and security technologies. However, research studies on HetNets have often treated QoS and security as separate entities, and overlooked the combined QoS and security optimization because they usually have difficult-to-model trade-off. In this article, we formulate this problem and propose a game-theoretic algorithm to solve it. In our proposal, the mobile users and their servicing base stations play games with each other to ensure a balanced set of security and QoS parameters for the users. The effectiveness of our proposal is evaluated through simulations.

沈晶,石教英,姜晓红

DOI: https://doi.org/10.3969/j.issn.1001-3695.2001.10.023

2001-01-01

Abstract:After detailed analysis of four IP QoS protocols under develop (RSVP, DiffServ, MPLS and SBM), it is found that , although each protocol can support QoS service in network, none of then can be solutions to end-to-end QoS in large scale network all by itself, Only the utilization of all four procotols can realize deterministic transmission of user traffic flow in WAN. From this on, an integrated architecture for end-to-end IP QoS service is given.

Erik Blasch,Khanh Pham,Genshe Chen,Gang Wang,Chaoyong Li,Xin Tian,Dan Shen

DOI: https://doi.org/10.1109/dasc.2014.6979501

2014-01-01

Abstract:Air and space resiliency requires efficient and functioning avionics using a robust and scalable architecture. In satellite communication (SATCOM) networks, each satellite can be treated as a topological node, such that the overall constellation can be represented by a graph matrix (i.e., graph Laplacian or adjacency matrix), and the quality of service (QoS) of each inter-satellite link (ISL) captures the instantaneous well-being of the communication channel. The exact value or condition of the SATCOM network is crucial, if not critical, in dynamic routing and communication management. However, each satellite could only access to QoS information of its adjacent ISLs. The proposed QoS Awareness in Satellite communication network with Optimal Routing (QuASOR) schemes take advantage of the discretized information flow within satellite constellation to balance between situational awareness and communication overhead. Simulations results verified the effectiveness of the QuASOR method for a space scenario.

李振东,谢立

DOI: https://doi.org/10.3969/j.issn.1002-137X.2003.04.010

2003-01-01

Computer Science

Abstract:Constructing Virtual Private Network (VPN) over public network infrastructure (Internet) is becoming the foundation of the next generation network service. At present, VPN mainly focuses on the security property, while it is lack of consideration of QoS. On the basis of analyzing the Differentiated Services (Diffserv) and IPsec, we put forward a QoS-based IP VPN Architecture Model which is a tri-tier model that is composed of ESN, ISN and VPN node. It combines encrypted channel mechanism of IPsec and the edge-and-core-model of Diffserv. It provides end-to-end QoS while assures security.

Kai Wang,Chuang Lin,Fangqin Liu

DOI: https://doi.org/10.1109/ICIS.2009.162

2009-01-01

Abstract:IP multimedia subsystem (IMS) is considered as the main solution to the next generation multimedia communication.By examining potential security threats to IMS, we initiate a set of security policies for choice and consider their quality of protection (QoP) based on the strength of the security mechanism. In order to provide secure service to users, it is insufficient to just take the security benefits into consideration. An adequate analysis of the impact of security policies in IMS on the performance quantitatively is necessary and significant. We present a novel study of IMS performance using queuing Petri nets (QPN) to predict the system performance metrics, i.e., the signaling delay, server utilization, which then be used to evaluate the impacts of different security mechanism on system performance quantitatively. With the multi-view security partition introduced, multi-level security service can be provided to diverse users and applications for a best tradeoff between security requirements and system performance.

L Shen,M Xu,K Xu,Y Cui,Yj Zhao

DOI: https://doi.org/10.1109/ICC.2004.1312893

2004-01-01

Abstract:QoS (Quality-of-Service) control will be one of the most important mechanisms in the next-generation Internet, where QoS routing (QoSR) is a promising solution. We propose a multi-constrained intradomain QoS routing protocol SQOSPF. The advantages of this protocol include easy implementation, multi-constrained QoS support, high-speed convergence and multiple QoSR algorithms support. Stochastic Petri Net is employed to model SQOSPF and analyze impacts of update threshold and routing holding time upon the load of networks and routers. Extensive simulations show that choosing appropriate update threshold and routing holding time can excessively reduce the extra load and keep routing performance at the same time.

Ahmad R. Dhaini,Pin-Han Ho,Xiaohong Jiang

DOI: https://doi.org/10.1109/jlt.2011.2132753

IF: 4.7

2011-01-01

Journal of Lightwave Technology

Abstract:The integration of ethernet passive optical networks (EPONs) and IEEE 802.16 has been lately presented as a promising candidate for next-generation broadband access. This paper investigates the performance of the integrated carrier when specific service bundles (SBs) with bandwidth guarantee and diverse quality of service requirements are provisioned. We first present a novel framework that fairly distributes the upstream network capacity among the different SBs. We then propose a novel delay-based admission control scheme to increase the network utilization and enable an inter-SB statistical multiplexing. To obtain the expected delay of each SB stream, a generic analytical model is developed. Based on this model, we further formulate some important performance measures such as queuing delay, end-to-end (from wireless user to the central office of PON) delay, average queue size and optimal orthogonal frequency division multiplexing frame length. Numerical results validate our analysis and highlight the advantages of the proposed solution.

Muhammad Aamir,Mustafa Zaidi,Husnain Mansoor

DOI: https://doi.org/10.48550/arXiv.1206.5469

2012-06-24

Abstract:Quality of Service (QoS) techniques are applied in IP networks to utilize available network resources in the most efficient manner to minimize delays and delay variations (jitters) in network traffic having multiple type of services. Multimedia services may include voice, video and database. Researchers have done considerable work on queuing disciplines to analyze and improve QoS performance in wired and wireless IP networks. This paper highlights QoS analysis in a wired IP network with more realistic enterprise modeling and presents simulation results of a few statistics not presented and discussed before. Four different applications are used i.e. FTP, Database, Voice over IP (VoIP) and Video Conferencing (VC). Two major queuing disciplines are evaluated i.e. 'Priority Queuing' and 'Weighted Fair Queuing' for packet identification under Differentiated Services Code Point (DSCP). The simulation results show that WFQ has an edge over PQ in terms of queuing delays and jitters experienced by low priority services. For high priority traffic, dependency of 'Traffic Drop', 'Buffer Usage' and 'Packet Delay Variation' on selected buffer sizes is simulated and discussed to evaluate QoS deeper. In the end, it is also analyzed how network's database service with applied Quality of Service may be affected in terms of throughput (average rate of data received) for internal network users when the server is also accessed by external user(s) through Virtual Private Network (VPN).

Networking and Internet Architecture

Hongyun Man,Linying Xu,Zijian Li,Lianfang Zhang

DOI: https://doi.org/10.1109/ccece.2004.1345194

2004-01-01

Abstract:All the new emerging QoS architectures are motivated by the desire to improve the overall performance of an IP network. While the integrated services (IntServ) architecture provides a means for the delivery of end-to-end QoS, it is not scalable or practical to operate and manage. Differentiated services (DiffServ) defines a model for implementing scalable differentiation of QoS in the Internet, but it has the drawback of providing no guarantees. Multiprotocol label switching (MPLS) is a fast label-based switching technique that offers new QoS capabilities for large scale IP networks. When an MPLS network supports DiffServ, traffic flows can receive class-based network treatment that provides bases for QoS guarantees, and these guarantees come with better scalability and reduced complexity in comparison with IntServ. We describe a service architecture model where part of the underlying technology used for IP transport is MPLS using DiffServ-like mechanisms and constraint based routing for traffic engineering.

XM Fan,C Lin,XP Fan,YY Wei

DOI: https://doi.org/10.1109/iccnmc.2003.1243034

2003-01-01

Abstract:This paper proposed a sort of self-organizing IP QoS architecture based on adaptive edge control (QAAC) and presented its routing realization algorithms (called DSQR). In QAAC architecture, active probe would cooperate with passive regulate and artificial intelligencewould control the proportion of probe packets, chromosome packets and information packets, in order to provide effective QoS for users. This architecture can enhance network adaptive and scalable through the users's adaptive and self-organizing behaving and QAAC will coexistence with traditional best effort services and architectures. The simulation results show that QAAC and DSQR are effective and applied to provide preferable service. This will accommodate the next generation network development and application requirements much more.

Andrew Campbell,Geoff Coulson

DOI: https://doi.org/10.1088/0967-1846/4/1/006

1997-03-01

Distributed Systems Engineering

Abstract:The long awaited `new environment' of high speed broadband networks and multimedia applications is fast becoming a reality. However, few systems in existence today, whether they be large scale pilots or small scale test-beds in research laboratories, offer a fully integrated and flexible environment where multimedia applications can maximally exploit the quality of service (QoS) capabilities of supporting networks and end-systems. In this paper we describe the implementation of an adaptive transport system that incorporates a QoS oriented API and a range of mechanisms to assist applications in exploiting QoS and adapting to fluctuations in QoS. The system, which is an instantiation of the Lancaster QoS Architecture, is implemented in a multi ATM switch network environment with Linux based PC end systems and continuous media file servers. A performance evaluation of the system configured to support video-on-demand application scenario is presented and discussed. Emphasis is placed on novel features of the system and on their integration into a complete prototype. The most prominent novelty of our design is a `distributed QoS adaptation' scheme which allows applications to delegate to the system responsibility for augmenting and reducing the perceptual quality of video and audio flows when resource availability increases or decreases.

Ya Hang Zhang,BoWen Cheng,Sihan Qing,Guang N. Zou,Weiping Wen

DOI: https://doi.org/10.1117/12.855391

2010-01-01

Abstract:To solve the conflict between TCP accelerating technology based on PEP middle node and IPSec protocol used in the Satellite Network, NASA and the Hughes Research Laboratory (HRL) each independently proposed a solution named Multilayer IPsec protocol which can integrate IPSec with TCP PEPs. The problem is: Traditional IKE protocol can't work with Multilayer IPSec protocol. In this study, the traditional IKE main mode and quick mode are enhanced for layered IPSec protocol, and an improved layered key distribution protocol: ML-IKE is proposed. This key distribution protocol is used for key exchange between peers and middle node, so that different nodes have different security associations (SA), and different security associations correspond to different IP packet fields, so different SA nodes have different authorization to different IP packet fields. ML-IKE protocol is suitable for layered IPSec, thus layered IPSec can be used for automatic key distribution and update.

Li Qi,Xu Mingwei,Xu Ke

DOI: https://doi.org/10.1109/ICOIN.2008.4472762

2008-01-01

Abstract:IP Security (IPSec) is an important protection mechanism for securing the Internet communication. However, IPSec is a complex security protocol family, and the management issue is still a challenge for mass deployment. Many researchers have investigated the IPSec management issue with various approaches, the policy configuration and distribution issue remain to be efficiently resolved. A certificate-based scheme to manage IPSec endpoints is proposed in this paper. A Role-based Access Control (RBAC) model is introduced to simplify the process of policy configuration, and policy control mechanism is proposed to check whether new security association conforms to local security policies. The analysis of the scheme shows the flexibility and efficiency of our approach. Based on our proposed scheme, we implement a prototype system with the proof-of-concept and conduct experimental studies to demonstrate the feasibility and performance of our approach.

Lei Shi,Bin Liu,Wenjie Li,Beibei Wu,Yunhao Liu

DOI: https://doi.org/10.1109/INFOCOM.2006.136

2006-01-01

Abstract:Parallel Packet Switch (PPS) is used intensively in today's terabit router to construct the switching fabric. Basic PPS equally deals with all of the traffic in order to achieve uniform load-balancing and high throughput, but it fails to support differentiated QoS. With the recent blooming of delay-sensitive Internet traffic, such as the peer-to-peer live streaming and IPTV, differentiated QoS is becoming an urgent demand. In this paper, we propose a novel and practical framework, the Differentiated Service Parallel Packet Switch (DS-PPS), which supports three fundamental QoS features: guaranteed-delay (GD), guaranteed-bandwidth (GB) and best-effort (BE). By adaptively adjusting the number of switching planes offered to each QoS class, DS-PPS precisely controls the delay bounds of GD traffic and the drop precedence of GB traffic. We evaluate DS-PPS by extensive theoretical analyses and comprehensive simulations. Experimental results on a prototype implementation of the framework show that DS-PPS outperforms the basic PPS in three main aspects. First, the average delay of TCP short packet under full load is reduced by more than 94%. Second, the average delay of real-time traffic under full load is reduced by more than 82%. And third, the GB traffic of low drop precedence is guaranteed of nearly three times the throughput of high drop precedence at the hotspots. Significantly, our proposed DS-PPS framework is universal and scalable to support various kinds of emerging QoS-sensitive applications in multi-service terabit routers without any extra overhead.

符松,金志权,陈佩佩

DOI: https://doi.org/10.3969/j.issn.1000-3428.2001.10.045

2001-01-01

Abstract:IPSec is a security architecture for the Internet protocol ,which provides transparent protection services for upper protocols. It consists of the protocols of automatic key management, authentication and encryption. In this paper, some modifications and a new protocol for the runtime detection are presented to enhance the efficiency and security of the original architecture.

Xiyang Zhang,Yongze Ma,Yanqing Zhao,Yanxin Li,Yi Hu

DOI: https://doi.org/10.1109/ICTech58362.2023.00073

2023-04-01

Abstract:Aiming at the problem that the existing application layer protocols (http, smtp, ftp) are difficult to fully meet the communication and transmission of industrial data in the network, this paper proposes an industrial Internet application layer protocol QSHQ (Quick-Security-HQ) that supports multiple underlying bearer protocols (MQTT, WebSocket) based on various factors such as security, real-time, versatility, and scalability. QSHQ (Quick-Security-HQ) unifies the format and message structure of industrial data in network transmission, avoids repeated design in industrial Internet development, and at the same time, addresses the security issues of transmission in industrial data networks. In the process of QSHQ message transmission, AES and RSA hybrid encryption technology is used to realize the encryption and decryption of data. Based on this, a set of CNC machine tool security interaction system is designed. The system shows that the protocol can avoid reading and tampering data in network transmission, avoid the network risk caused by the interconnection between CNC network and other networks, and has good real-time performance and versatility, which can provide basic support for industrial data in network transmission.

Engineering,Computer Science

xiumei fan,chuang lin

DOI: https://doi.org/10.1109/APCC.2003.1274342

2003-01-01

Abstract:IP QoS is the important bottleneck of Integrated Broad Band Network development but the active IP QoS architecture (such as IntServ, DiffServ, etc.) can't satisfy the users requirements commendably. So, our research would be a new explore about IP QoS architecture. Relying on currently network condition and next generation network development demand, we researched a sort of self-organizing IP QoS architecture based on adaptive edge control (QAAC) and presented its routing realization algorithms (called DSQR). This architecture can enhance network adaptive and scalable through the users's adaptive and self-organizing behaving. The simulation results show that QAAC and DSQR are effective and applied to provide preferable service. This will accommodate the next generation network development and application requirements much more.

Fazlullah Khan,Ateeq Ur Rehman,Abid Yahya,Mian Ahmad Jan,Joseph Chuma,Zhiyuan Tan,Khalid Hussain

DOI: https://doi.org/10.3390/s19194321

2019-10-06

Abstract:The Internet of Things (IoT) is an emerging technology that aims to enable the interconnection of a large number of smart devices and heterogeneous networks. Ad hoc networks play an important role in the designing of IoT-enabled platforms due to their efficient, flexible, low-cost and dynamic infrastructures. These networks utilize the available resources efficiently to maintain the Quality of Service (QoS) in a multi-hop communication. However, in a multi-hop communication, the relay nodes can be malicious, thus requiring a secured and reliable data transmission. In this paper, we propose a QoS-aware secured communication scheme for IoT-based networks (QoS-IoT). In QoS-IoT, a Sybil attack detection mechanism is used for the identification of Sybil nodes and their forged identities in multi-hop communication. After Sybil nodes detection, an optimal contention window (CW) is selected for QoS provisioning, that is, to achieve per-flow fairness and efficient utilization of the available bandwidth. In a multi-hop communication, the medium access control (MAC) layer protocols do not perform well in terms of fairness and throughput, especially when the nodes generate a large amount of data. It is because the MAC layer has no capability of providing QoS to prioritized or forwarding flows. We evaluate the performance of QoS-IoT in terms of Sybil attack detection, fairness, throughput and buffer utilization. The simulation results show that the proposed scheme outperforms the existing schemes and significantly enhances the performance of the network with a large volume of data. Moreover, the proposed scheme is resilient against Sybil attack.

Yinghua Wu,Jianping Wu,Ke Xu,Mingwei Xu

DOI: https://doi.org/10.1109/TENCON.2002.1181240

2002-01-01

Abstract:IPSec protocols offer a standard security mechanism, used for security service to upper' protocols (such as UDP and TCP). This paper introduces the design and implementation of Router Security Subsystem based on IPSec, the important part of High Performance Security Router made by Tsinghua University. We complete consummate and reliable security functions, use various optimal methods to enhance the performance furthest.