NEC (Germany)

Proof of Work (PoW) powered blockchains currently account for more than 90% of the total market capitalization of existing digital cryptocurrencies. Although the security provisions of Bitcoin have been thoroughly analysed, the security guarantees of variant (forked) PoW blockchains (which were instantiated with different parameters) have not received much attention in the literature. This opens the question whether existing security analysis of Bitcoin's PoW applies to other implementations which have been instantiated with different consensus and/or network parameters.

We present an overview of ad hoc routing protocols that make forwarding decisions based on the geographical position of a packet's destination. Other than the destination's position, each node need know only its own position and the position of its one-hop neighbors in order to forward packets. Since it is not necessary to maintain explicit routes, position-based routing does scale well even if the network is highly dynamic. This is a major advantage in a mobile ad hoc network where the topology may change frequently. The main prerequisite for position-based routing is that a sender can obtain the current position of the destination. Therefore, previously proposed location services are discussed in addition to position-based packet forwarding strategies. We provide a qualitative comparison of the approaches in both areas and investigate opportunities for future research.

Routing of data in a vehicular ad hoc network is a challenging task due to the high dynamics of such a network. Recently, it was shown for the case of highway traffic that position-based routing approaches can very well deal with the high mobility of network nodes. However, baseline position-based routing has difficulties to handle two-dimensional scenarios with obstacles (buildings) and voids as it is the case for city scenarios. In this paper we analyze a position-based routing approach that makes use of the navigational systems of vehicles. By means of simulation we compare this approach with non-position-based ad hoc routing strategies (dynamic source routing and ad-hoc on-demand distance vector routing). The simulation makes use of highly realistic vehicle movement patterns derived from Daimler-Chrysler's Videlio traffic simulator. While DSR's performance is limited due to problems with scalability and handling mobility, both AODV and the position-based approach show good performances with the position-based approach outperforming AODV.

The ever-increasing traffic demand is pushing network operators to find new cost-efficient solutions toward the deployment of future 5G mobile networks. The network sharing paradigm was explored in the past and partially deployed. Nowadays, advanced mobile network multi-tenancy approaches are increasingly gaining momentum, paving the way toward further decreasing capital expenditure and operational expenditure (CAPEX/OPEX) costs, while enabling new business opportunities. This article provides an overview of the 3GPP standard evolution from network sharing principles, mechanisms, and architectures to future on-demand multi-tenant systems. In particular, it introduces the concept of the 5G Network Slice Broker in 5G systems, which enables mobile virtual network operators, over-the-top providers, and industry vertical market players to request and lease resources from infrastructure providers dynamically via signaling means. Finally, it reviews the latest standardization efforts, considering remaining open issues for enabling advanced network slicing solutions, taking into account the allocation of virtualized network functions based on ETSI NFV, the introduction of shared network functions, and flexible service chaining.

With a wide range of potential applications, Machine Type Communication (MTC) or Machine to Machine (M2M) communication is gaining a tremendous interest among mobile network operators, equipment vendors, MTC specialist companies, and research bodies. To facilitate convergence among these different stakeholders, different standardization groups started working on MTC. This article introduces briefly some of the relevant activities, with a focus on those related to the 3rd Generation Partnership Project (3GPP). The article focuses on two important aspects of MTC devices, currently discussed in 3GPP as part of its Release 10. They are subscription control and network congestion/overload control. For the latter, a new solution based on bulk signaling handling is proposed.

This article introduces the Follow-Me Cloud concept and proposes its framework. The proposed framework is aimed at smooth migration of all or only a required portion of an ongoing IP service between a data center and user equipment of a 3GPP mobile network to another optimal DC with no service disruption. The service migration and continuity is supported by replacing IP addressing with service identification. Indeed, an FMC service/application is identified, upon establishment, by a session/service ID, dynamically changing along with the service being delivered over the session; it consists of a unique identifier of UE within the 3GPP mobile network, an identifier of the cloud service, and dynamically changing characteristics of the cloud service. Service migration in FMC is triggered by change in the IP address of the UE due to a change of data anchor gateway in the mobile network, in turn due to UE mobility and/or for load balancing. An optimal DC is then selected based on the features of the new data anchor gateway. Smooth service migration and continuity are supported thanks to logic installed at UE and DCs that maps features of IP flows to the session/service ID.

Routing in wireless sensor networks is different from that in commonsense mobile ad-hoc networks. It mainly needs to support reverse multicast traffic to one particular destination in a multihop manner. For such a communication pattern, end-to-end encryption is a challenging problem. To save the overall energy resources of the network, sensed data needs to be consolidated and aggregated on its way to the final destination. We present an approach that 1) conceals sensed data end-to-end by 2) still providing efficient and flexible in-network data aggregation. The aggregating intermediate nodes are not required to operate on the sensed plaintext data. We apply a particular class of encryption transformations and discuss techniques for computing the aggregation functions "average" and "movement detection." We show that the approach is feasible for the class of "going down" routing protocols. We consider the risk of corrupted sensor nodes by proposing a key predistribution algorithm that limits an attacker's gain and show how key predistribution and a key-ID sensitive "going down" routing protocol help increase the robustness and reliability of the connected backbone

End-to-end encryption for wireless sensor networks is a challenging problem. To save the overall energy resources of the network, it is agreed that sensed data need to be consolidated and aggregated on their way to the final destination. We present an approach that (1) conceals sensed data end-to-end, by (2) still providing efficient in-network data aggregation. The aggregating intermediate nodes are not required to operate on the sensed plaintext data. We apply a particular class of encryption transformation and exemplarily discuss the approach on the basis of two aggregation functions. We use actual implementation to show that the approach is feasible and flexible and frequently even more energy efficient than hop-by-hop encryption.

Coupling the high data rates of IEEE 802.11p-based VANETs and the wide coverage area of 3GPP networks (e.g., UMTS), this paper envisions a VANET-UMTS integrated network architecture. In this architecture, vehicles are dynamically clustered according to different related metrics. From these clusters, a minimum number of vehicles, equipped with IEEE 802.11p and UTRAN interfaces, are selected as vehicular gateways to link VANET to UMTS. Issues pertaining to gateway selection, gateway advertisement and discovery, service migration between gateways (i.e., when serving gateways lose their optimality) are all addressed and an adaptive mobile gateway management mechanism is proposed. Simulations are carried out using NS2 to evaluate the performance of the envisioned architecture incorporating the proposed mechanisms. Encouraging results are obtained in terms of high data packet delivery ratios and throughput, reduced control packet overhead, and minimized delay and packet drop rates.

The new paradigm of cloud computing poses severe security risks to its adopters. In order to cope with these risks, appropriate taxonomies and classification criteria for attacks on cloud computing are required. In this work-in-progress paper we present one such taxonomy based on the notion of attack surfaces of the cloud computing scenario participants.

The Follow-Me Cloud (FMC) concept enables service mobility across federated data centers (DCs). Following the mobility of a mobile user, the service located in a given DC is migrated each time an optimal DC is detected. The detailed criterion for optimality is defined by operator policy, but it may be typically derived from geographical proximity or load. Service migration may be an expensive operation given the incurred cost in terms of signaling messages and data transferred between DCs. Decision on service migration defines therefore a tradeoff between cost and user perceived quality. In this paper, we address this tradeoff by modeling the service migration procedure using a Markov Decision Process (MDP). The aim is to formulate a decision policy that determines whether to migrate a service or not when the concerned User Equipment (UE) is at a certain distance from the source DC. We numerically formulate the decision policies and compare the proposed approach against the baseline counterpart.

With electric heat pumps substituting for fossil-fueled alternatives, the temporal variability of their power consumption becomes increasingly important to the electricity system. To easily include this variability in energy system analyses, this paper introduces the "When2Heat" dataset comprising synthetic national time series of both the heat demand and the coefficient of performance (COP) of heat pumps. It covers 16 European countries, includes the years 2008 to 2018, and features an hourly resolution. Demand profiles for space and water heating are computed by combining gas standard load profiles with spatial temperature and wind speed reanalysis data as well as population geodata. COP time series for different heat sources - air, ground, and groundwater - and different heat sinks - floor heating, radiators, and water heating - are calculated based on COP and heating curves using reanalysis temperature data. The dataset, as well as the scripts and input parameters, are publicly available under an open source license on the Open Power System Data platform.

The Internet of Things (IoT) is an emerging network superstructure that will connect physical resources and actual users. It will support an ecosystem of smart applications and services bringing hyper

The random waypoint model is a commonly used mobility model for simulations of wireless communication networks. In this paper, we present analytical derivations of some fundamental stochastic properties of this model with respect to: (a) the length and duration of a movement epoch, (b) the chosen direction angle at the beginning of a movement epoch, and (c) the cell change rate of the random waypoint mobility model when used within the context of cellular networks. Our results and methods can be used to compare the random waypoint model with other mobility models. The results on the movement epoch duration as well as on the cell change rate enable us to make a statement about the 'degree of mobility' of a certain simulation scenario. The direction distribution explains in an analytical manner the effect that nodes tend to move back to the middle of the system area.

Runtime monitoring is a general approach to verifying system properties at runtime by comparing system events against a specification formalizing which event sequences are allowed. We present a runtime monitoring algorithm for a safety fragment of metric first-order temporal logic that overcomes the limitations of prior monitoring algorithms with respect to the expressiveness of their property specification languages. Our approach, based on automatic structures, allows the unrestricted use of negation, universal and existential quantification over infinite domains, and the arbitrary nesting of both past and bounded future operators. Furthermore, we show how to use and optimize our approach for the common case where structures consist of only finite relations, over possibly infinite domains. We also report on case studies from the domain of security and compliance in which we empirically evaluate the presented algorithms. Taken together, our results show that metric first-order temporal logic can serve as an effective specification language for expressing and monitoring a wide variety of practically relevant system properties.

The recent deployment of smart grids has proven to bring numerous advantages in terms of energy consumption reduction in both homes and businesses. A more accurate measurement of up-to-date electricity necessities through smart meters utilization leads to an enhancement in the ability of monitoring, controlling and predicting energy use. Nevertheless, it has associated drawbacks related to the privacy of customers as well, since such management might reveal their personal habits and behavior, which electrical appliances they are using at each moment, whether they are at home or not, and so on. In this article we present a privacy enhanced architecture for smart metering aimed to tackle this threat by means of a new and novel protocol encrypting individual measurements while allowing the electricity supplier to access the aggregation of the corresponding decrypted values. The technique being used is named additively homomorphic encryption, and enables the direct connection and exchange of data between electricity suppliers and final users, while preserving the privacy of the latter.

Vehicular communication (VC) systems have the potential to improve road safety and driving comfort. Nevertheless, securing the operation is a prerequisite for deployment. So far, the security of VC applications has mostly drawn the attention of research efforts, while comprehensive solutions to protect the network operation have not been developed. In this paper, we address this problem: we provide a scheme that secures geographic position-based routing, which has been widely accepted as the appropriate one for VC. Moreover, we focus on the scheme currently chosen and evaluated in the <i xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">Car2Car</i> <i xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">Communication</i> <i xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">Consortium</i> (C2C-CC). We integrate security mechanisms to protect the position-based routing functionality and services (beaconing, multi-hop forwarding, and geo-location discovery), and enhance the network robustness. We propose defense mechanisms, relying both on cryptographic primitives and plausibility checks mitigating false position injection. Our implementation and initial measurements show that the security overhead is low and the proposed scheme deployable.

In-network data aggregation is a popular technique for reducing the energy consumption tied to data transmission in a multi-hop wireless sensor network. However, data aggregation in untrusted or even hostile environments becomes problematic when end-to-end privacy between sensors and the sink is desired. In this paper we revisit and investigate the applicability of additively homomorphic public-key encryption algorithms for certain classes of wireless sensor networks. Finally, we provide recommendations for selecting the most suitable public key schemes for different topologies and wireless sensor network scenarios.

This paper addresses the slicing of radio access network resources by multiple tenants, e.g., virtual wireless operators and service providers. We consider a criterion for dynamic resource allocation amongst tenants, based on a weighted proportionally fair objective, which achieves desirable fairness/protection across the network slices of the different tenants and their associated users. Several key properties are established, including: the Pareto-optimality of user association to base stations, the fair allocation of base stations' resources, and the gains resulting from dynamic resource sharing across slices, both in terms of utility gains and capacity savings. We then address algorithmic and practical challenges in realizing the proposed criterion. We show that the objective is NP-hard, making an exact solution impractical, and design a distributed semi-online algorithm, which meets performance guarantees in equilibrium and can be shown to quickly converge to a region around the equilibrium point. Building on this algorithm, we devise a practical approach with limited computational information and handoff overheads. We use detailed simulations to show that our approach is indeed near-optimal and provides substantial gains both to tenants (in terms of capacity savings) and end users (in terms of improved performance).

In this paper, we introduce a cooperative collision-avoidance (CCA) scheme for intelligent transport systems. Unlike contemporary strategies, the envisioned scheme avoids flooding the considered vehicular network with high volumes of emergency messages upon accidental events. We present a cluster-based organization of the target vehicles. The cluster is based upon several criteria, which define the movement of the vehicles, namely, the directional bearing and relative velocity of each vehicle, as well as the inter-vehicular distance. We also design a risk-aware medium-access control (MAC) protocol to increase the responsiveness of the proposed CCA scheme. According to the order of each vehicle in its corresponding cluster, an emergency level is associated with the vehicle that signifies the risk of encountering a potential emergency scenario. To swiftly circulate the emergency notifications to collocated vehicles to mitigate the risk of chain collisions, the medium-access delay of each vehicle is set as a function of its emergency level. Due to its twofold contributions, i.e., the cluster-based and risk-conscious approaches, our adopted strategy is referred to as the cluster-based risk-aware CCA (C-RACCA) scheme. The performance of the C-RACCA system is verified through mathematical analyses and computer simulations, whose results clearly verify its effectiveness in mitigating collision risks of the vehicles arising from accidental hazards.