Mobility research group

Transcription

1 Mobility research group professor Hannu H. Kari Helsinki University (HUT) Department of Computer Science and Engineering Laboratory for Theoretical Computer Science Hannu H. Kari/HUT/CS/TCS Page 1/36

2 Research areas of HUT s mobility group Ongoing research Traditional mobility management research Mobile IP, ad hoc routing protocols, mobile networks,... Packet Level Authentication (PLA) Strong control and proof of the origin of packets Reliable delivery of content Enhanced multicast delivery engine Hannu H. Kari/HUT/CS/TCS Page 2/36

3 Traditional mobility management research Hannu H. Kari/HUT/CS/TCS Page 3/36

4 Traditional mobility management research Implementations (for Linux environment) Mobile IPv6 Ad hoc routing protocols (AODVv6) Global-v6 (connectivity of ad hoc and fixed networks) Network mobility (NeMo) Host Identity Protocol (HIP) Network simulation (with NS-2 simulator) Mobility patterns New clustering protocols Access point selection methods Radio propagation in urban environment Hannu H. Kari/HUT/CS/TCS Page 4/36

5 Packet Level Authentication Hannu H. Kari/HUT/CS/TCS Page 5/36

6 Protecting infrastructure: Main principle Target Communication between two legitimate computers shall work in all the time despite any hostile attacks, that manipulate packets, jam the network, cut the communication links, or by other means try to disturb legitimate communication The network (i.e., routers) shall distinguish whether a packet is generated by a legitimate computer (and packet shall be forwarded further) generated or modified by attackers (record/discard that packet and optionally rise an alarm) Network shall be capable of prioritizing traffic based on importance of packets (Qos) and user not every computer or packet is equal Hannu H. Kari/HUT/CS/TCS Page 6/36

7 Original concept of PLA Without PLA: illegal duplicates cause flooding With PLA: discard illegal duplicates S D S D Hannu H. Kari/HUT/CS/TCS Page 7/36

8 Packet level authentication Analogy: Security measures on notes Holograms Microprint Watermarks UV-light... Any receiver of notes can verify the authenticity of every note without consulting with banks or other authorities Hannu H. Kari/HUT/CS/TCS Page 8/36

9 Packet level authentication: Implementation IP packet IP HDR IP HDR TTP Pub-Key TTP-sig Seq #, time Packet-sig New PLA Header PLA header inserted the same way as Mobile IP, IPsec,... protocols PLA header is transparent to standard IP routers (that do not understand PLA) PLA header is transparent to all upper level protocols (UDP, TCP, SCTP,...) PLA can be used in both IPv4 and IPv6 networks Hannu H. Kari/HUT/CS/TCS Page 9/36

10 Packet level authentication: Implementation IP packet IP HDR IP HDR TTP Pub-Key TTP-sig Seq #, time Packet-sig Authority identity (trusted 3 rd party) sender s public key Authority s certificate (short or chain) and validity time for sender s public key Timeliness and uniqueness of the packet Digital signature with private key to protect integrity of the packet Hannu H. Kari/HUT/CS/TCS Page 10/36

11 Performance Elliptic curve implementation at ECE department of HUT FPGA with gates Clock speed 66MHz 167 bit ECC multiplication on 100 µs using 167 bit arithmetics Estimate: one signature in less than 1 ms Actually it is closer to 200 µs Performance is thus (in order of magnitude) 1000 packets/s With 500 Byte packet size, 4 Mbps Hannu H. Kari/HUT/CS/TCS Page 11/36

12 Performance How about scaling up? Pentium IV class silicon Clock speed 66MHz -> 3 GHz (speedup factor 45) Dice size gates -> 55 M gates (160 parallel signature units) 350kG 66MHz 55MG 3GHz 1 C 1ms C new ref G G new ref = 1 1ms 3GHz 66Mhz = 7.14 Msignature / s Hannu H. Kari/HUT/CS/TCS Page 12/36

13 Performance Throughput of Pentium IV-class PLA accelerator Throughput [Gbps] Signatures Packet size validated per packet 150B 500B 1500B One (*) Two (**) (**) For the first packet from a given sender (*) For the subsequent packets from the same sender Hannu H. Kari/HUT/CS/TCS Page 13/36

14 Reliable delivery of content Hannu H. Kari/HUT/CS/TCS Page 14/36

15 Multichannel data delivery: today Actual data Military networks TETRA/ VIRVE GSM Internet Radio/TV Authorities Citizens Hannu H. Kari/HUT/CS/TCS Page 15/36

16 Multichannel data delivery: in the future Actual data Military networks TETRA/ VIRVE GSM Internet Radio/TV Authorities Citizens Hannu H. Kari/HUT/CS/TCS Page 16/36

17 Reliable delivery of one document document Sender Add FEC Signatures multichannel network check signatures Receiver data reconstruction defragmentation fragmentation document Hannu H. Kari/HUT/CS/TCS Page 17/36

18 Multichannel data delivery Actual data Military networks TETRA/ VIRVE GSM Internet Radio/TV Information Hannu H. Kari/HUT/CS/TCS Page 18/36

19 Multichannel data delivery Actual data Military networks TETRA/ VIRVE GSM Internet Radio/TV Information Hannu H. Kari/HUT/CS/TCS Page 19/36

20 Multichannel data delivery Actual data Military networks TETRA/ VIRVE GSM Internet Radio/TV Information Hannu H. Kari/HUT/CS/TCS Page 20/36

21 Multichannel data delivery Actual data Military networks TETRA/ VIRVE GSM Internet Radio/TV Information Hannu H. Kari/HUT/CS/TCS Page 21/36

22 Multichannel data delivery Actual data Military networks TETRA/ VIRVE GSM Internet Radio/TV Information Hannu H. Kari/HUT/CS/TCS Page 22/36

23 Multichannel data delivery Actual data Military networks TETRA/ VIRVE GSM Internet Radio/TV Regenerating missing data by using error correction information in other packets locally Information Hannu H. Kari/HUT/CS/TCS Page 23/36

24 Multichannel data delivery Actual data Military networks TETRA/ VIRVE GSM Internet Radio/TV correct and up to date information Information Hannu H. Kari/HUT/CS/TCS Page 24/36

25 Example: Structured document Any information can be converted into structured docment Download only updated parts Download adaptively based on transfer capacity, cost, situation, user needs,... Check whether document is up to date Download deltas Update notifications Digitally signed containers, can be transferred separately CityEmergencySituation-2005/05/10 art 1 art2 TOP SECRET art N Hannu H. Kari/HUT/CS/TCS Page 25/36

26 Controlled consumption of digital content Hannu H. Kari/HUT/CS/TCS Page 26/36

27 Basic operating principles Separation of data transmission and consumption Protected/controlled content Video movie IP-based multitechnology network Live audio/video PDF-document Web-page Large capacity, large scale efficient data delivery, multicast-capable network content Potentially low speed, long delays, Key management of content and expensive network keys Hannu H. Kari/HUT/CS/TCS Page 27/36

28 Basic operating principles Public content storage Protected content Content controller Certificate (proof of subscription) New certificate (decryption key for content) User id based content manager Watermarked unprotected content Hannu H. Kari/HUT/CS/TCS Page 28/36

29 New project concept: Nomadic Applications Hannu H. Kari/HUT/CS/TCS Page 29/36

30 Traditional migrating operating systems OS 1 Windows OS 2 Linux OS n Linux Several operating systems can be run on top of the same physical with help of special VMM module. Commercial example VMWare and XEN. Virtual Machine Management (XEN, VMWare) Physical Input Output Disks NET... Hannu H. Kari/HUT/CS/TCS Page 30/36

31 Traditional migrating operating systems OS 1 Windows OS 2 Linux OS n Linux XEN enables smooth transfer of an entire operating system from a computer to another without interruption of service (e.g., WWWserver) OS n Linux Virtual Machine Management (XEN, VMWARE) Physical Virtual Machine Management (XEN, VMWARE) Physical -2 Input Output Disks CPU NET... Input Output Disks CPU NET... Hannu H. Kari/HUT/CS/TCS Page 31/36

32 Virtual computers and nomadic applications Virtual computer Dynamically created computer from local computing resources. Each devices we can select out of 0 N instances Virtual I/O devices, virtual network interface, virtual disk,... Nomadic applications Session continuity/mobility Snapshot of applications (reincarnation of application after crash). Home storage/resting place A program can be started in one computer, then suspended and moved into an other computer New ways to develop applications (ultra dynamicity). Events to trigger also I/O device changes (display-> audio output, files offline) Hannu H. Kari/HUT/CS/TCS Page 32/36

33 Concept of virtual computer OS 1 Windows OS 2 Linux OS n Linux Virtual Machine Management (XEN++) Nomadic applications platform enables smooth transfer from one virtual computer setting to an other without interruption of service (e.g., videophoning) OS 1 Windows OS 2 Linux OS n Linux Virtual Machine Management (XEN++) Virtual Input Output Disks CPU NET... Virtual Input Output Disks CPU NET... Any network Any network Input1 Input2 Output DisksN Net 1 Net 2 Input1 Input2 Output Output N Net 1 Net 2 Hannu H. Kari/HUT/CS/TCS Page 33/36

34 Concept of nomadic applications OS n Linux A nomadic application may create a backup ( snapshot ) of itself for safety reasons or to go to hibernation Network storage Virtual Machine Management (XEN++) Virtual Input Output Disks CPU NET... A nomadic application can be then resumed or re-incarnated into the same or different virtual computer OS n Linux Any network Virtual Machine Management (XEN++) Input1 Input2 Output DisksN Net 1 Net 2 Virtual Input Output Disks CPU NET Input1 Input2 Any network Output DisksN... Net 1 Net 2 Hannu H. Kari/HUT/CS/TCS Page 34/36

35 Concept of nomadic applications OS n Linux Virtual Machine Management (XEN++) A nomadic application may migrate from one virtual computing platform to an other without interruption OS 1 Windows Virtual Machine Management (XEN++) Virtual Input Output Disks CPU NET... Virtual Input Output Disks CPU NET... Any network Any network Input1 Input2 Output DisksN Net 1 Net 2 Input3 Output M Net 3 Hannu H. Kari/HUT/CS/TCS Page 35/36

36 Operating model for open source research Customer needs Military requirements Protocol analysis/ verification Protocol testing Protocol design and validation Civilian requirements Protocol specifications Protocol implementations Reference implementations Open source code Standards Business opportunities Idea Companies Solutions Hannu H. Kari/HUT/CS/TCS Page 36/36

37 Questions, Comments,? Hannu H. Kari/HUT/CS/TCS Page 37/36