FBK CREATE-NET Research Center

We present our experiences to date building ONOS (Open Network Operating System), an experimental distributed SDN control platform motivated by the performance, scalability, and availability requirements of large operator networks. We describe and evaluate two ONOS prototypes. The first version implemented core features: a distributed, but logically centralized, global network view; scale-out; and fault tolerance. The second version focused on improving performance. Based on experience with these prototypes, we identify additional steps that will be required for ONOS to support use cases such as core network traffic engineering and scheduling, and to become a usable open source, distributed network OS platform that the SDN community can build upon.

The blockchain technology has revolutionized the digital currency space with the pioneering cryptocurrency platform named Bitcoin. From an abstract perspective, a blockchain is a distributed ledger capable of maintaining an immutable log of transactions happening in a network. In recent years, this technology has attracted significant scientific interest in research areas beyond the financial sector, one of them being the Internet of Things (IoT). In this context, the blockchain is seen as the missing link toward building a truly decentralized, trustless, and secure environment for the IoT and, in this survey, we aim to shape a coherent and comprehensive picture of the current state-of-the-art efforts in this direction. We start with fundamental working principles of blockchains and how blockchain-based systems achieve the characteristics of decentralization, security, and auditability. From there, we build our narrative on the challenges posed by the current centralized IoT models, followed by recent advances made both in industry and research to solve these challenges and effectively use blockchains to provide a decentralized, secure medium for the IoT.

The recent, exponential rise in adoption of the most disparate Internet of Things (IoT) devices and technologies has reached also Agriculture and Food (Agri-Food) supply chains, drumming up substantial research and innovation interest towards developing reliable, auditable and transparent traceability systems. Current IoT-based traceability and provenance systems for Agri-Food supply chains are built on top of centralized infrastructures and this leaves room for unsolved issues and major concerns, including data integrity, tampering and single points of failure. Blockchains, the distributed ledger technology underpinning cryptocurrencies such as Bitcoin, represent a new and innovative technological approach to realizing decentralized trustless systems. Indeed, the inherent properties of this digital technology provide fault-tolerance, immutability, transparency and full traceability of the stored transaction records, as well as coherent digital representations of physical assets and autonomous transaction executions. This paper presents AgriBlockIoT, a fully decentralized, blockchain-based traceability solution for Agri-Food supply chain management, able to seamless integrate IoT devices producing and consuming digital data along the chain. To effectively assess AgriBlockIoT, first, we defined a classical use-case within the given vertical domain, namely from-farm-to-fork. Then, we developed and deployed such use-case, achieving traceability using two different blockchain implementations, namely Ethereum and Hyperledger Sawtooth. Finally, we evaluated and compared the performance of both the deployments, in terms of latency, CPU, and network usage, also highlighting their main pros and cons.

Providing "connectivity from the sky" is the new innovative trend in wireless communications. High and low altitude platforms, drones, aircrafts, and airships are being considered as candidates for deploying wireless communications complementing the terrestrial communication infrastructure. In this article we report the detailed account of the design and implementation challenges of an aerial network consisting of LTE-Advanced (LTE-A) base stations. In particular, we review achievements and innovations harnessed by an aerial network composed of Helikite platforms. Helikites can be raised in the sky to bring Internet access during special events and in the aftermath of an emergency. The trial phase of the system mounting LTE-A technology onboard Helikites to serve users on the ground yielded very encouraging results, and showed that such a system could offer a longer lasting solution, provided that inefficiency in powering the radio frequency equipment in the Helikite can be overcome.

The Internet of Things (IoT) is expected to substantially support sustainable development of future smart cities. This article identifies the main issues that may prevent IoT from playing this crucial role, such as the heterogeneity among connected objects and the unreliable nature of associated services. To solve these issues, a cognitive management framework for IoT is proposed, in which dynamically changing real-world objects are represented in a virtualized environment, and where cognition and proximity are used to select the most relevant objects for the purpose of an application in an intelligent and autonomic way. Part of the framework is instantiated in terms of building blocks and demonstrated through a smart city scenario that horizontally spans several application domains. This preliminary proof of concept reveals the high potential that self-reconfigurable IoT can achieve in the context of smart cities.

Cyber-threat protection is today's one of the most challenging research branches of information technology, while the exponentially increasing number of tiny, connected devices able to push personal data to the Internet is doing nothing but exacerbating the battle between the involved parties. Thus, this protection becomes crucial with a typical Internet-of-Things (IoT) setup, as it usually involves several IoT-based data sources interacting with the physical world within various application domains, such as agriculture, health care, home automation, critical industrial processes, etc. Unfortunately, contemporary IoT devices often offer very limited security features, laying themselves open to always new and more sophisticated attacks and also inhibiting the expected global adoption of IoT technologies, not to mention millions of IoT devices already deployed without any hardware security support. In this context, it is crucial to develop tools able to detect such cyber threats. In this article, we present Passban, an intelligent intrusion detection system (IDS) able to protect the IoT devices that are directly connected to it. The peculiarity of the proposed solution is that it can be deployed directly on very cheap IoT gateways (e.g., single-board PCs currently costing few tens of U.S. dollars), hence taking full advantage of the edge computing paradigm to detect cyber threats as close as possible to the corresponding data sources. We will demonstrate that Passban is able to detect various types of malicious traffic, including Port Scanning, HTTP and SSH Brute Force, and SYN Flood attacks with very low false positive rates and satisfactory accuracies.

Today's health care is difficult to imagine without the possibility to objectively measure various physiological parameters related to patients' symptoms (from temperature through blood pressure to complex tomographic procedures). Psychiatric care remains a notable exception that heavily relies on patient interviews and self-assessment. This is due to the fact that mental illnesses manifest themselves mainly in the way patients behave throughout their daily life and, until recently there were no "behavior measurement devices." This is now changing with the progress in wearable activity recognition and sensor enabled smartphones. In this paper, we introduce a system, which, based on smartphone-sensing is able to recognize depressive and manic states and detect state changes of patients suffering from bipolar disorder. Drawing upon a real-life dataset of ten patients, recorded over a time period of 12 weeks (in total over 800 days of data tracing 17 state changes) by four different sensing modalities, we could extract features corresponding to all disease-relevant aspects in behavior. Using these features, we gain recognition accuracies of 76% by fusing all sensor modalities and state change detection precision and recall of over 97%. This paper furthermore outlines the applicability of this system in the physician-patient relations in order to facilitate the life and treatment of bipolar patients.

We study a fixed-point formalization of the well-known analysis of Bianchi. We provide a significant simplification and generalization of the analysis. In this more general framework, the fixed-point solution and performance measures resulting from it are studied. Uniqueness of the fixed point is established. Simple and general throughput formulas are provided. It is shown that the throughput of any flow will be bounded by the one with the smallest transmission rate. The aggregate throughput is bounded by the reciprocal of the harmonic mean of the transmission rates. In an asymptotic regime with a large number of nodes, explicit formulas for the collision probability, the aggregate attempt rate, and the aggregate throughput are provided. The results from the analysis are compared with ns2 simulations and also with an exact Markov model of the backoff process. It is shown how the saturated network analysis can be used to obtain TCP transfer throughputs in some cases.

Vehicular ad hoc networks (VANETs) have received considerable attention in recent times. Multihop data delivery between vehicles is an important aspect for the support of VANET-based applications. Although data dissemination and routing have extensively been addressed, many unique characteristics of VANETs, together with the diversity in promising applications, offer newer research challenges. This paper introduces the improved greedy traffic-aware routing protocol (GyTAR), which is an intersection-based geographical routing protocol that is capable of finding robust and optimal routes within urban environments. The main principle behind GyTAR is the dynamic and in-sequence selection of intersections through which data packets are forwarded to the destinations. The intersections are chosen considering parameters such as the remaining distance to the destination and the variation in vehicular traffic. Data forwarding between intersections in GyTAR adopts an improved greedy carry-and-forward mechanism. Evaluation of the proposed routing protocol shows significant performance improvement in comparison with other existing routing approaches. With the aid of extensive simulations, we also validate the optimality and sensitivity of significant GyTAR parameters.

Automated and smart meters are devices that are able to monitor the energy consumption of electricity consumers in near real-time. They are considered key technological enablers of the smart grid, as the real-time consumption data that they can collect could enable new sophisticated billing schemes, could facilitate more efficient power distribution system operation and could give rise to a variety of value-added services. At the same time, the energy consumption data that the meters collect are sensitive consumer information; thus, privacy is a key concern and is a major inhibitor of real-time data collection in practice. In this paper, we review the different uses of metering data in the smart grid and the related privacy legislation. We then provide a structured overview, shortcomings, recommendations, and research directions of security solutions that are needed for privacy-preserving meter data delivery and management. We finally survey recent work on privacy-preserving technologies for meter data collection for the three application areas: 1) billing; 2) operations; and 3) value-added services including demand response.

As the radio spectrum usage paradigm shifting from the traditional command and control allocation scheme to the open spectrum allocation scheme, wireless ad-hoc networks meet new opportunities and challenges. The open spectrum allocation scheme has potential to provide those networks more capacity, and make them more flexible and reliable. However, the freedom brought by the new spectrum allocation scheme introduces spectrum management and network coordination challenges. Moreover, wireless ad-hoc networks usually rely on a common control channel for operation. Such a control channel may, however, not always available in an open spectrum allocation scheme due to the interference and the need for coexistence with primary users of the spectrum. Instead, common channels most likely exist in a local area.In this paper, we propose a cluster-based framework to form a wireless mesh network in the context of open spectrum sharing. Clusters are constructed by neighbor nodes sharing local common channels, and the network is formed by interconnecting the clusters gradually. We identify issues in such a network and provide mechanisms for neighbor discovery, cluster formation, network formation, and network topology management. The unique feature of this network is its ability to intelligently adapt to the network and radio environment change.

The success of the IoT world requires service provision attributed with ubiquity, reliability, high-performance, efficiency, and scalability. In order to accomplish this attribution, future business and research vision is to merge the Cloud Computing and IoT concepts, i.e., enable an “Everything as a Service” model: specifically, a Cloud ecosystem, encompassing novel functionality and cognitive-IoT capabilities, will be provided. Hence the paper will describe an innovative IoT centric Cloud smart infrastructure addressing individual IoT and Cloud Computing challenges.

Current security mechanisms are not suitable for organisations that outsource their data management to untrusted servers. Encrypting and decrypting sensitive data at the client side is the normal approach in this situation but has high communication and computation overheads if only a subset of the data is required, for example, selecting records in a database table based on a keyword search. New cryptographic schemes have been proposed that support encrypted queries over encrypted data. But they all depend on a single set of secret keys, which implies single user access or sharing keys among multiple users, with key revocation requiring costly data re-encryption. In this paper, we propose an encryption scheme where each authorised user in the system has his own keys to encrypt and decrypt data. The scheme supports keyword search which enables the server to return only the encrypted data that satisfies an encrypted query without decrypting it. We provide a concrete construction of the scheme and give formal proofs of its security. We also report on the results of our implementation.

We present OpenVirteX, a network virtualization platform that enables operators to create and manage virtual Software Defined Networks (vSDNs). Tenants are free to specify the topology and addressing scheme of their vSDN, and run their own Network Operating System (NOS) to control it. Since OpenVirteX logically decouples vSDNs from the infrastructure, it also enables the introduction of features such as link and switch resiliency, and network snapshotting and migration of these tenant networks. OpenVirteX builds on the design of FlowVisor, and functions as an OpenFlow controller proxy between an operator's network and the tenants' network OSes. Our evaluations of this implementation show that i) OpenVirteX is capable of presenting tenants with configurable vSDNs while incurring a modest overhead to the control channel, and ii) that our architecture enables the introduction of features and enhancements such as link resilience to tenant networks.

Increase in workload across many organizations and consequent increase in occupational stress are negatively affecting the health of the workforce. Measuring stress and other human psychological dynamics is difficult due to subjective nature of selfreporting and variability between and within individuals. With the advent of smartphones, it is now possible to monitor diverse aspects of human behavior, including objectively measured behavior related to psychological state and consequently stress. We have used data from the smartphone's built-in accelerometer to detect behavior that correlates with subjects stress levels. Accelerometer sensor was chosen because it raises fewer privacy concerns (e.g., in comparison to location, video, or audio recording), and because its low-power consumption makes it suitable to be embedded in smaller wearable devices, such as fitness trackers. About 30 subjects from two different organizations were provided with smartphones. The study lasted for eight weeks and was conducted in real working environments, with no constraints whatsoever placed upon smartphone usage. The subjects reported their perceived stress levels three times during their working hours. Using combination of statistical models to classify selfreported stress levels, we achieved a maximum overall accuracy of 71% for user-specific models and an accuracy of 60% for the use of similar-users models, relying solely on data from a single accelerometer.

Software Defined Radio (SDR) and Cognitive Radio (CR) are promising technologies, which can be used to alleviate the spectrum shortage problem or the barriers to communication interoperability in various application domains. The successful deployment of SDR and CR technologies will depend on the design and implementation of essential security mechanisms to ensure the robustness of networks and terminals against security attacks. SDR and CR may introduce entirely new classes of security threats and challenges including download of malicious software, licensed user emulation and selfish misbehaviors. An attacker could disrupt the basic functions of a CR network, cause harmful interference to licensed users or deny communication to other CR nodes. The research activity in this area has started only recently and many challenges are still to be resolved. This paper presents a survey of security aspects in SDR and CR. We identify the requirements for the deployment of SDR and CR, the main security threats and challenges and the related protection techniques. This paper provides an overview of the SDR and CR certification process and how it is related to the security aspects. Finally, this paper summarizes the most critical challenges in the context of the future evolution of SDR/CR technologies.

Blockchain, the underlying technology of cryptocurrency networks like Bitcoin, can prove to be essential towards realizing the vision of a decentralized, secure, and open Internet of Things (IoT) revolution. There is a growing interest in many research groups towards leveraging blockchains to provide IoT data privacy without the need for a centralized data access model. This paper aims to propose a decentralized access model for IoT data, using a network architecture that we call a modular consortium architecture for IoT and blockchains. The proposed architecture facilitates IoT communications on top of a software stack of blockchains and peer-to-peer data storage mechanisms. The architecture is aimed to have privacy built into it, and to be adaptable for various IoT use cases. To understand the feasibility and deployment considerations for implementing the proposed architecture, we conduct performance analysis of existing blockchain development platforms, Ethereum and Monax.

Several novel metrics have been proposed in recent literature in order to study the relative importance of nodes in complex networks. Among those, k-coreness has found a number of applications in areas as diverse as sociology, proteinomics, graph visualization, and distributed system analysis and design. This paper proposes new distributed algorithms for the computation of the k-coreness of a network, a process also known as k-core decomposition. This technique 1) allows the decomposition, over a set of connected machines, of very large graphs, when size does not allow storing and processing them on a single host, and 2) enables the runtime computation of k-cores in “live” distributed systems. Lower bounds on the algorithms complexity are given, and an exhaustive experimental analysis on real-world data sets is provided.

In WDM optical networks, the physical layer impairments (PLIs) and their significance depend on network type-opaque, translucent, or transparent; the reach-access, metro, or core/long-haul; the number and type of network elements-fiber, wavelengths, amplifiers, switching elements, etc.; and the type of applications-real-time, non-real time, missioncritical, etc. In transparent optical networks, PLIs incurred by non-ideal optical transmission media accumulate along an optical path, and the overall effect determines the feasibility of the lightpaths. If the received signal quality is not within the receiver sensitivity threshold, the receiver may not be able to correctly detect the optical signal and this may result in high bit-error rates. Hence, it is important to understand various PLIs and their effect on optical feasibility, analytical models, and monitoring and mitigation techniques. Introducing optical transparency in the physical layer on one hand leads to a dynamic, flexible optical layer with the possibility of adding intelligence such as optical performance monitoring, fault management, etc. On the other hand, transparency reduces the possibility of client layer interaction with the optical layer at intermediate nodes along the path. This has an impact on network design, planning, control, and management. Hence, it is important to understand the techniques that provide PLI information to the control plane protocols and that use this information efficiently to compute feasible routes and wavelengths. The purpose of this article is to provide a comprehensive survey of various PLIs, their effects, and the available modeling and mitigation techniques. We then present a comprehensive survey of various PLI-aware network design techniques, regenerator placement algorithms, routing and wavelength assignment algorithms, and PLI-aware failure recovery algorithms. Furthermore, we identify several important research issues that need to be addressed to realize dynamically reconfigurable next-generation optical networks. We also argue the need for PLI-aware control plane protocol extensions and present several interesting issues that need to be considered in order for these extensions to be deployed in real-world networks.

Wireless communication systems are rapidly becoming a viable solution for employment at the lowest level of factory automation systems, usually referred to as either "device" or "field" level, where the requested performance may be rather critical in terms of both transmission time and reliability. In this paper, we deal with the use of wireless networks at the device level. Specifically, after an analysis of the communication requirements, we introduce a general profile of a wireless fieldbus. Both the physical and data link layers are taken directly from existing wireless local area networks and wireless personal area networks standards, whereas the application layer is derived from the most popular wired fieldbuses. We discuss implementation issues related to two models of application layer protocols and present performance results obtained through numerical simulations. We also address some important aspects related to data security and power consumption.