Internet connected wireless multi-hop networks are an interesting alternative for providing broadband wireless access. In order for the network to be transparent, the same services need to be available as in standard infrastructure wireless deployments. However, there is a significant challenge in providing services such as authentication, name resolution, VoIP over multi-hop mesh networks as dedicated servers implementing those services might be not available. Therefore, deploying overlay networks in the mesh to decentralize those services and move towards a Peer-to-Peer paradigm is an interesting approach. However, the multi-hop nature of wireless mesh networks and the restrictions in resource availability might cause problems when deploying overlay networks on top of such environments. In this paper, we investigate the overhead and trade-offs when deploying a structured overlay solution such as the Bamboo DHT over wireless multi-hop mesh networks. We provide various simulation results characterizing the overhead of management and control traffic and give recommendations for performance improvement.

With the constant development of wireless technologies, the usageof wireless devices tends to increase even more in the future.Wireless multi-hop networks (WMNs) have emerged as a keytechnology to numerous potential scenarios, ranging from disasterrecovery to wireless broadband internet access. The distributedarchitecture of WMNs enables nodes to cooperatively relay othernode's packets. Because of their advantages over other wirelessnetworks, WMNs are undergoing rapid progress and inspiringnumerous applications. However, many technical issues still existin this field. In this thesis we investigate how Voice over IP(VoIP) and peer-to-peer (P2P) application are influenced bywireless multi-hop network characteristics and how to optimizethem in order to provide scalable communication.We first consider the deployment of VoIP service in wirelessmulti-hop networks, by using the Session Initiation Protocol (SIP)architecture. Our investigation shows that the centralized SIParchitecture imposes several challenges when deployed in thedecentralized wireless multi-hop environment. We find that VoIPquality metrics are severely degraded as the traffic and number ofmultiple hops to the gateway increase. In the context ofscalability, we further propose four alternative approaches whichavoid current limitations.In the second part of this thesis we tackle the network capacityproblem while providing scalable VoIP service over wirelessmulti-hop networks. The performance evaluation shows the influenceof intra and inter-flow interference in channel utilization, whichdirect impacts the VoIP capacity. In order to avoid the small VoIPpacket overhead, we propose a new adaptive hop-by-hop packetaggregation scheme based on wireless link characteristics. Ourperformance evaluation shows that the proposed scheme can increasethe VoIP capacity by a two-fold gain.The study of peer-to-peer applicability over wireless multi-hopnetworks is another important contribution. A resource lookupapplication is realized through structured P2P overlay. We showthat due to several reasons, such as characteristics of wirelesslinks, multi-hop forwarding operation, and structured P2Pmanagement traffic aggressiveness the performance of traditionalP2P applications is rather low in wireless multi-hop environments.Therefore, we suggested that a trade-off between the P2P lookupefficiency and the P2P management traffic overhead can be achievedwhile maintaining the overlay network consistency in wirelessmulti-hop networks.

Due to its ability to deliver scalable and fault-tolerant solutions, applications based on the peer-to-peer (P2P) paradigm are used by millions of users on the internet. Recently, wireless mesh networks (WMNs) have attracted a lot of interest from both academia and industry, because of their potential to provide flexible and alternative broadband wireless internet connectivity. However, due to various reasons such as unstable wireless link characteristics and multi-hop forwarding operation, the performance of current P2P systems is rather low in WMNs.

This dissertation studies the technological challenges involved while deploying P2P systems over WMNs. We study the benefits of location-awareness and resource replication to the P2P overlay while targeting efficient resource lookup in WMNs. We further propose a cross-layer information exchange between the P2P overlay and the WMN in order to reduce resource lookup delay by augmenting the overlay routing table with physical neighborhood and resource lookup history information.

Aiming to achieve throughput maximization and fairness in P2P systems, we model the peer selection problem as a mathematical optimization problem by using a set of mixed integer linear equations. A study of the model reveals the relationship between peer selection, resource replication and channel assignment on the performance of P2P systems over WMNs. We extend the model by formulating the P2P download problem as chunk scheduling problem. As a novelty, we introduce constraints to model the capacity limitations of the network due to the given routing and channel assignment strategy. Based on the analysis of the model, we propose a new peer selection algorithm which incorporates network load information and multi-path routing capability.

By conducting testbed experiments, we evaluate the achievable throughput in multi-channel multi-radio WMNs. We show that the adjacent channel interference (ACI) problem in multi-radio systems can be mitigated, making better use of the available spectrum. Important lessons learned are also outlined in order to design practical channel and channel bandwidth assignment algorithms in multi-channel multi-radio WMNs.

The report is dedicated to the description of the actions that have taken place during the first year of

NEWCOM++ within WPI.3 Valorization of human capital.

This WP is inserted in the integration activities of NEWCOM++; the integration among partners gives

the opportunity to researchers to meet and exchange their talents. This positive trend gives a benefit to

the network as a whole and it is a chance for researchers to improve their knowledge and values.

Therefore, in order to have some indicators on the degree of integration among the partners, data on

joint papers, researchers exchange and grants, are presented.

A final paragraph is dedicated to gender issue, as the importance of this topic involves NEWCOM++

life too.

As a result, 38 scientific exchanges of a short term and long-term durations have been taken place, 47

joint papers have been published, 2 mobility grants for projects implementation have been given by

the NEWCOM++ Mobility Panel, as well as one grant for the PhD student to participate in the ICT

Mobile Summit 2008

Recently, Voice over IP (VoIP) has become an important service for the future internet. However, for ubiquitous wireless VoIP services, greater coverage will be necessary as promised by the advent of e.g. 802.11 WLAN based wireless meshed networks. Unfortunately, the transmission of small (voice) packets imposes high overhead which leads to low capacity for VoIP over 802.11 based multihop meshed networks. In this work, we present a novel packet aggregation mechanism that significantly enhances capacity of VoIP in wireless meshed networks while still maintaining satisfactory voice quality. Extensive experiments using network simulation ns-2 confirm that our packet aggregation algorithm can lead to a significantly increase in the number of supported concurrent VoIP flows over a variety of different hop numbers while reducing the MAC layer contention

Opportunistic networks represent a new frontier for networking research as due to node mobility the network might become disconnected. Such intermittent connectivity imposes challenges to protocol design, especially when information access might require the availability of updated information about resources shared by mobile nodes. An opportunistic network can be seen as a peer-to-peer network where resources should be located in a distributed way. Numerous solutions for P2P resource management have been proposed in the last years. Among the different approaches being considered, Distributed Hash Table (DHT) based schemes offer the advantages of a distributed approach which can be tuned to network scalability. In this paper we consider two well known P2P DHT-based solutions for wireless networks denoted as Bamboo and Georoy, and compare their performance in a multihop wireless scenario. We evaluate scalability and key lookup behavior for different network sizes. The results allow us to gain insights into protocol behavior which allows to select for a given network configuration the appropriate scheme.

Opportunistic networking represents a promising paradigm for support of communications, specifically in infrastructure-less scenarios such as remote areas communications. In principle in opportunistic environments, we would like to make available all the applications thought for traditional wired and wireless networks like file sharing and content distribution. In this paper we present a delay tolerant scenario for file sharing applications in rural areas where an opportunistic approach is exploited. In order to support communications, we compare two peer-to-peer (P2P) schemes initially conceived for wireless networks and prove their applicability and usefulness to a DTN scenario where replication of resources can be used to improve the lookup performance and the network can be occasionally connected by mean of a data mule. Simulation results show the suitability of the schemes and allow to derive interesting design guidelines on the convenience and applicability of such approaches

Mobile Ad Hoc networking has been considered as one of the most important technologies to support future Ubiquitous and Pervasive Computing Scenarios and internet connected MANETs will be an integral part of future wireless networks. For providing multimedia services and Voice over IP in such environment, support for Session Initiation Protocol (SIP) is essential. A MANET is a decentralized collection of autonomous nodes but a SIP infrastructure requires centralized proxies and registrar servers. In this paper, we study the implications of using standard SIP architecture in internet connected MANETs. We analyze performance limitations of SIP service scalability when centralized proxies/registrars located in the access network are used by MANET nodes. We also present and compare an alternative approach to provide SIP services in internet connected MANETs in order to minimize the impact of such performance limitations

Recently, Mobile Ad-hoc Networks (MANETs) have gained a lot of attraction because they are flexible, self-configurable and fast to deploy. Systems beyond 4G are likely to consist of a combination of heterogeneous wireless technologies and naturally might comprise MANETs as one component. In order to provide multimedia services such as Voice over IP in such environment, support for Session Initiation Protocol (SIP) is essential. A MANET is a decentralized collection of autonomous nodes but a SIP infrastructure requires centralized proxies and registrar servers. In this paper, we first study the implications of using standard SIP architecture in internet connected MANETs. We analyze limitations of SIP service scalability when centralized proxies/registrars located in the Access Network are used by MANET nodes. Finally, we present alternative approaches to provide SIP services in such environment to avoid such limitations

Traditional Voice over IP (VoIP) systems is based on client/server architecture, which is not applicable to Mobile Ad Hoc Networks (MANETs), which are a decentralized collection of autonomous nodes. However, internet connectivity for MANETs becomes important as internet connected MANETs can serve as hot spot extension in 4G scenarios. Here, MANET nodes can reach any wired node thus potentially registering with SIP proxies in the fixed network becomes a viable solution. In order to study the implications of using VoIP systems in internet connected MANETs we present in this paper simulation result of SIP service scalability when centralized proxies/registrars located in the Access Network are used by MANET nodes. Alternative approaches to provide SIP services in such environment are also discussed to improve performance

Mobile Ad Hoc networking has been considered as one of the most important technologies to support future Ubiquitous and Pervasive Computing Scenarios and internet connected MANETs will be an integral part of future wireless networks. For providing multimedia services and Voice over IP in such environment, support for Session Initiation Protocol (SIP) is essential. A MANET is a decentralized collection of autonomous nodes but a SIP infrastructure requires centralized proxies and registrar servers. In this paper, we study the implications of using standard SIP architecture in internet connected MANETs. We analyze performance limitations of SIP service scalability when centralized proxies/registrars located in the Access Network are used by MANET nodes. We also present and compare an alternative approach to provide SIP services in internet connected MANETs in order to minimize the impact of such performance limitations

In this paper we study the interactions between peer selection, routing and channel assignment while deploying Peer-to-Peer (P2P) systems over multi-channel multi-radio Wireless Mesh Networks (WMNs). In particular we propose Bestpeer, a novel peer selection algorithm for WMNs which incorporates a cross-layer path load metric and integrates multi-path load balancing capability throughout the P2P download process in order to achieve faster resource disseminations. By comparing Bestpeer with BitTorrent through extensive simulations, we show that we can reduce the time to disseminate a resource by up to 40 %. The key mechanism used by Bestpeer to increase performance in WMNs is the effective exploitation of cross-layer information made available from the routing and channel assignment during the peer selection process in order to balance the load along high capacity paths

In this paper we address the impact of ACI on dynamic spectrum allocation in multi-radio systems. In particular, we present the benefits of dynamic spectrum allocation by adapting channel bandwidth and distance in order to mitigate ACI in multi-radio mesh networks. Based on our measurement campaign in an indoor mesh testbed, which we extended in order to use adaptive channel width, we evaluate the performance in terms of network throughput. We show that by using channel bandwidth adaptation and antenna separation, the impact of ACI can be significantly reduced. The performed experiments give important insights into ACI in multi-radio cognitive systems which help to develop e.g. better channel assignment algorithms or capacity estimation methods

Wireless multi-hop networks such as mobile ad-hoc (MANET) or wireless

mesh networks (WMN) have attracted big research efforts during the last years

as they have huge potential in several areas such as military communications, fast

infrastructure replacement during emergency operations, extension of hotspots or

as an alternative communication system. Due to various reasons, such as characteristics

of wireless links, multi-hop forwarding operation, and mobility of nodes,

performance of traditional peer-to-peer applications is rather low in such networks.

In this book chapter, we provide a comprehensive and in-depth survey on recent research

on various approaches to provide peer-to-peer services in wireless multi-hop

networks. The causes and problems for low performance of traditional approaches

are discussed. Various representative alternative approaches to couple interactions

between the peer-to-peer overlay and the network layer are examined and compared.

Some open questions are discussed to stimulate further research in this area

Existing networks for public safety communications are mostly based on systems such as terrestrial trunked radio (TETRA), TETRAPOL and Project 25. These systems are mainly designed to support voice services. However, public safety communication networks are challenged to expand their scope way beyond their original functions toward more sophisticated devices and support new services including packet data communications. Therefore, governments, public safety agencies and research communities are continuously working together and are making significant progresses toward improving public safety communications capabilities. Next-generation mobile technologies are the enablers for meeting the new requirements of the public safety community. Public safety and commercial systems are typically designed and deployed to fulfill different needs and have different requirements, which are directly affecting the quality of service of the communications. The unique and vital nature of public safety affects the technical decisions that are necessary to guarantee connectivity for everyone, anywhere and anytime. For this reason, recent enhancements of the 4G long term evolution (LTE) in the field of public safety communications, such as device-to-device and group communications for mobiles in physical proximity, accrue a great opportunity to bring new services and a high-level of technological innovation to the public safety workers or first responders. We describe and analyze the evolution of public safety communication systems from the technical standpoint providing a complete overview of what is available in the market and a glimpse of future trends. Furthermore, we discuss the challenges to efficiently deploy, operate and interoperate present and future technologies for public safety communication networks and describe how these technologies can help public safety agencies to meet their expectations.

In this chapter, we first discuss the basic features and recent issues of the SDN control plane, notably the controller element. Then, we present feasible ideas to address the SDN controller-related problems using Big Data analytics techniques. Accordingly, we propose that Big Data can help various aspects of the SDN controller to address scalability issue and resiliency problem. Furthermore, we proposed six applicable scenarios for optimizing the SDN controller using the Big Data analytics: (i) controller scale-up/out against network traffic concentration, (ii) controller scale-in for reduced energy usage, (iii) backup controller placement for fault tolerance and high availability, (iv) creating backup paths to improve fault tolerance, (v) controller placement for low latency between controllers and switches, and (vi) flow rule aggregation to reduce the SDN controller's traffic. Although real-world practices on optimizing SDN controllers using Big Data are absent in the literature, we expect scenarios we highlighted in this chapter to be highly applicable to optimize the SDN controller in the future.

Network Function Virtualization (NFV) is an emerging network architecture to increase flexibility and agility within operator's networks by placing virtualized services on demand in Cloud data centers (CDCs). One of the main challenges for the NFV environment is how to minimize network latency in the rapidly changing network environments. Although many researchers have already studied in the field of Virtual Machine (VM) migration and Virtual Network Function (VNF) placement for efficient resource management in CDCs, VNF migration problem for low network latency among VNFs has not been studied yet to the best of our knowledge. To address this issue in this article, we i) formulate the VNF migration problem and ii) develop a novel VNF migration algorithm called VNF Real-time Migration (VNF-RM) for lower network latency in dynamically changing resource availability. As a result of experiments, the effectiveness of our algorithm is demonstrated by reducing network latency by up to 70.90% after latency-aware VNF migrations.

Packet/frame 'rebuffering' in wireless video streaming typically considers only connectivity from the mobile terminal to its network access point (AP). However, in the presence of multiple APs with the possibility of handoffs, the overall wireless environment should be considered. We develop a model capturing joint rebuffering & handoff dynamics in wireless video streaming, and design a new channel-aware joint rebuffering & handoff control scheme, aiming to minimize the long-run average cost of video jitters and freezes. We first characterize the optimal control in the general case of multiple wireless APs/channels and multiple states per channel. Subsequently, we evaluate the system performance in key important cases, using experimental traces of wireless channel data. We explore the relationship between optimal rebuffering thresholds and overall channel dynamics, and evaluate the associated joint handoff control. The performance results demonstrate the importance of jointly managing rebuffering and handoff controls to achieve high-performance wireless video streaming.

Wireless hand-off control typically considers only connectivity strength from the mobile terminal to alternative access points. In wireless video streaming, however, where video freezing must be avoided at the mobile terminal, the playout buffer level should also be considered by hand-off control. In this paper, we first develop a model capturing hand-off dynamics under video streaming, and design a new playout buffer aware hand-off control. It aims to avert a video freeze for as long as possible, maximizing the expected time until freezing. We compute the optimal control in the general case of multiple access points and multiple connectivity strength states per channel. The optimal hand-off control is then computationally probed in specific relevant cases. It is demonstrated that there is a certain playout buffer threshold level - a buffer tipping point - above which a hand-off should be attempted. Of course, this tipping point depends on the access point to mobile channel statistics

Reputation systems rate the contributions to participatory sensing campaigns from each user by associatinga reputation score. The reputation scores are used to weedout incorrect sensor readings. However, an adversary can de-anonmyize the users even when they use pseudonyms by linking the reputation scores associated with multiple contributions. Since the contributed readings are usually annotated with spatio-temporal information, this poses a serious breach of privacy for the users. In this paper, we address this privacy threat by proposing a framework called IncogniSense. Our system utilizes periodic pseudonyms generated using blind signature and relies on reputation transfer between these pseudonyms. The reputation transfer process has an inherent trade-off between anonymity protection and loss in reputation. We investigate by means of extensive simulations several reputation cloaking schemes that address this tradeoff differently. Our system is robust against reputation corruption and a proof-of-concept implementation demonstrates that the associated overheads are minimal.

Reputation systems are fundamental for assessing the quality of user contributions inparticipatory sensing. However, naively associating reputation scores to contributionsallows adversaries to establish links between multiple contributions and thus deanonymizeusers. We present the IncogniSense framework as a panacea to these privacythreats. IncogniSense utilizes periodic pseudonyms generated using blind signatureand relies on reputation transfer between these pseudonyms. Simulations are used toanalyze various reputation cloaking schemes that address the inherent trade-off betweenanonymity protection and loss in reputation. Our threat analysis confirms the robustnessof IncogniSense and a prototype demonstrates that associated overheads are minimal.

Today, the most frequently used signaling system for telecommunication is called Signaling System No. 7 (SS7). The growing usage of mobile telephones and mobile data communica-tion, and the development of new services mean that the risk of intrusion and exploitation of the SS7 signaling networks increases. The increasing problem with unauthorized access to sensitive information and the operators’ growing demand for security is the origin of our work. This thesis presents a prototype design and implementation of a Security Gateway (SEG), which is a fundamental part of the TCAP user security (TCAPsec) concept. TCAPsec is a security concept for introducing security mechanisms to the signaling system. The proto-type includes three different protection modes that provide security services, ranging from almost no protection to full protection with the use of encryption algorithms. The thesis also contains an evaluation study of the delay penalties caused by the use of these security services. With regards to the restrictions on the prototype, the conclusion drawn from the evaluation results was that the protection mechanisms in the different protection modes did not inflict any significant time penalties. Instead, the results of the study indicate that the routing process of messages in the network is a more significant delaying part in the communication between different nodes. This result implies that the routing process takes longer time than the security services. The thesis also presents a number of discovered features that will require further investigation and development before the TCAPsec concept can be realized.

Today, the most frequently used signaling system for telecommunication is called Signaling

System No. 7 (SS7). The growing usage of mobile telephones and mobile data communication,

and the development of new services mean that the risk of intrusion and exploitation of

the SS7 signaling networks increases. The increasing problem with unauthorized access to

sensitive information and the operators’ growing demand for security is the origin of our

work. This thesis presents a prototype design and implementation of a Security Gateway

(SEG), which is a fundamental part of the TCAP user security (TCAPsec) concept. TCAPsec

is a security concept for introducing security mechanisms to the signaling system. The prototype

includes three different protection modes that provide security services, ranging from

almost no protection to full protection with the use of encryption algorithms. The thesis also

contains an evaluation study of the delay penalties caused by the use of these security services.

With regards to the restrictions on the prototype, the conclusion drawn from the evaluation

results was that the protection mechanisms in the different protection modes did not inflict

any significant time penalties. Instead, the results of the study indicate that the routing process

of messages in the network is a more significant delaying part in the communication between

different nodes. This result implies that the routing process takes longer time than the security

services. The thesis also presents a number of discovered features that will require further

investigation and development before the TCAPsec concept can be realized.

Software in computers control many important functions in today's society and are widely used for communication but also to control equipment. For the software to work reliably it needs to be built correctly and tested extensively. To achieve reliability, a build server can be used to automatically build and test the software. This report describes how a prototype of a monitoring system for the build servers was created. The system will be monitored by a monitoring service that retrieves information from a build server using the CruiseControl.NET [10] software. The information gathered by the monitoring service will be presented on a web portal. The information retrieved from build the server goes from a high level of abstraction down to the smallest detail that is based on the log files from the build server, for example, information about compilation errors.

The development of the monitoring system has been focused on making it possible to use cloud services and thus not restrict where a build server is located. One of the cloud services used is the Service Bus Relay [27] that handles the communication between a monitoring service and the web portal. The web portal is developed to be responsive [34] and provide support for mobile devices which give the user the freedom to visit the web portal from whatever device. The web portal uses a database to store information which enables monitoring of multiple build servers. A well-developed user management system is used on the web portal which provides administrators with an effective tool for user management. There have been several lessons learned, including the discovery of a bug in the Microsoft implementation of message handling in the Service Bus Relay.

Mobila lösningar blir allt vanligare och appar kan utvecklas för att hjälpa mobilanvändare

med det mesta. Att utveckla appar är populärt och kan göras i en mängd olika språk och

utvecklingsmiljöer, och projektet har haft som mål att både utveckla en användbar app

och utvärdera en sådan utvecklingsmiljö.

PaddelAppen som utvecklats i projektet fyller ett tomrum genom att vara en resurs för

paddelintresserade. Samtidigt har utvecklingsarbetet resulterat i en utvärdering av utveck-lingsmiljön Xamarin, som använts tillsammans med Visual Studio för att plattformsobe-roende utveckla appen för både Android och Windows Phone.

Abstract—The General Data Protection Regulation (GDPR)impacts any information systems that process personal datain or from the European Union. Yet its enforcement is stillrecent. Organizations under its effect are slow to adopt itsprinciples. One particular difficulty is the low familiarity withthe regulation among software architects and designers. Thedifficulty to interpret the content of the legal regulation ata technical level adds to that. This results in problems inunderstanding the impact and consequences that the regulationmay have in detail for a particular system or project context.In this paper we present some early work and emergingresults related to supporting software architects in this situation.Specifically, we target those who need to understand how theGDPR might impact their design decisions. In the spirit ofarchitectural tactics and patterns, we systematically identifiedand categorized 155 forces in the regulation. These results formthe conceptual base for a first prototypical tool. It enablessoftware architects to identify the relevant forces by guidingthem through an online questionnaire. This leads them to relevantfragments of the GDPR and potentially relevant privacy patterns.We argue that this approach may help software professionals,in particular architects, familiarize with the GDPR and outlinepotential paths for evaluation.

More and more applications and protocols are now running on wireless networks. Testing         the implementation of such applications and protocols is a real challenge as the position of the mobile terminals and environmental effects strongly affect the overall performance. Network emulation is often perceived as a good trade-off between experiments on operational wireless networks and discrete-event simulations on Opnet or ns-2. However, ensuring repeatability and realism in network emulation while taking into account mobility in a wireless environment is very difficult. This paper proposes a network emulation platform, called W-NINE, based on off-line computations preceding online pattern-based traffic shaping. The underlying concepts of repeatability, dynamicity, accuracy, and realism are defined in the emulation context. Two different simple case studies illustrate the validity of our approach with respect to these concepts.

The impact of transmission impairments such as loss and latency on user perceived quality(QoE) depends on the service type. In a real network, multiple service types such as audio,video, and data coexist. This makes resource management inherently complex and difficultto orchestrate. In this paper, we propose an autonomous Quality of Experience managementapproach for multiservice wireless mesh networks, where individual mesh nodes apply rein-forcement learning methods to dynamically adjust their routing strategies in order to maxi-mize the user perceived QoE for each flow. Within the forwarding nodes, we develop a novelpacket dropping strategy that takes into account the impact on QoE. Finally, a novel sourcerate adaptation mechanism is designed that takes into account the expected QoE in order tomatch the sending rate with the available network capacity. An evaluation of our mechanismsusing simulations demonstrates that our approach is superior to the standard approaches,AODV and OLSR, and effectively balances the user perceived QoE between the service flows.

We present a software that can dynamically determine what machine learning algorithm is best to use in a certain situation given predefined traits. The produced software uses ideal conditions to exemplify how such a solution could function. The software is designed to train a selection algorithm that can predict the behavior of the specified testing algorithms to derive which among them is the best. The software is used to summarize and evaluate a collection of selection algorithm predictions to determine  which testing algorithm was the best during that entire period. The goal of this project is to provide a prediction evaluation software solution can lead towards a realistic implementation.

Certificate Transparency (CT) logs are append-only tamper-evident data structures that can be verified by anyone. For example, it is possible to challenge a log to prove certificate inclusion (membership) and log consistency (append-only, no tampering) based on partial information. While these properties can convince an entity that a certificate is logged and not suddenly removed in the future, there is no guarantee that anyone else observes the same consistent view. To solve this issue a few gossip protocols have been proposed, each with different quirks, benefits, assumptions, and goals. We explore CT gossip below the application layer, finding that packet processors such as switches, routers, and middleboxes can aggregate gossip passively or actively to achieve herd immunity: (in)direct protection against undetectable log misbehaviour. Throughout the thesis we describe, instantiate, and discuss passive aggregation of gossip messages for a restricted data plane programming language: P4. The concept of active aggregation is also introduced. We conclude that (i) aggregation is independent of higher-level transparency applications and infrastructures, (ii) it appears most prominent to aggregate Signed Tree Heads (STHs) in terms of privacy and scalability, and (iii) passive aggregation can be a long-term solution if the CT ecosystem adapts. In other words, not all sources of gossip must be encrypted to preserve privacy.

Today's computer logs are like smoking guns and treasure maps in case of suspicious system activities: they document intrusions, and log crucial information such as failed system updates and crashed services. An adversary thus has a clear motive to observe, alter, and delete log entries, considering that she could (i) start by using the log's content to identify new security vulnerabilities, and (ii) exploit them without ever being detected. With this in mind we consider syslog standards and open source projects that safeguard events during the storage and transit phases, and examine how data compression effects security. We conclude that there are syslog standards in place that satisfy security on a hop-by-hop basis, that there are no such standards for secure storage, and that message compression is not recommended during transit.

Certificate Transparency (CT) is a project that mandates public logging of TLS certificates issued by certificate authorities. While a CT log is designed to be trustless, it relies on the assumption that every client sees and cryptographically verifies the same log. The solution to this problem is a gossip mechanism that ensures that clients share the same view of the logs. Despite CT being added to Google Chrome, no gossip mechanism is pending wide deployment. We suggest an aggregation-based gossip mechanism that passively observes cryptographic material that CT logs emit in plaintext, aggregating at packet processors and periodically verifying log consistency off-path. Based on 20 days of RIPE Atlas measurements that represents clients from 3500 autonomous systems and 40% of the IPv4 space, our proposal can be deployed incrementally for a realistic threat model with significant protection against undetected log misbehavior. We also discuss how to instantiate aggregation-based gossip on a variety of packet processors, and show that our P4 and XDP proof-of-concepts implementations run at line-speed.

Throughout the years the Swedish local history societies have collected a large quantity of material, consisting of photos, documents and items, among others. As the society has become more computerized, the need has increased for these collections to become digitalized. This is a way to make their media more easily accessible to the general public, but also to easily be able to archive and preserve for example photos and videos electronically.This thesis concerns itself with the work we have done for the local history society of Nyed in Molkom. The task set before us consisted of creating both a website for the society, and a reliable database from witch the website draws its information. This project allows anyone with administrator privileges to upload new files and any additional information. Beyond that, general users van then search through and view these files. The following is an explanation ofout methodology, concluding with an assessment of out performance bases on the standards set by the requestor.

In today's information society, privacy-enhanced identity management can help users to control their personal spheres when makinguse of e-services. However, privacy is a difficult concept to visualise, and comprehensible and intuitive user interfaces are needed to make such systems usable and informative for normal users. Typically, usability tests are used as a means to achieve this. This paper describes how the concept of identity management was introduced to the test subjects before a series of tests on prototypes and mock-ups of user interfaces were conducted. One reason why this was necessary was to provide the test subjects with enough context information to be able to perform the tests. Both oral and written introductions have been used, as well as introductory films. This paper discusses how these introductions have evolved during the usability testing process, and it further elaborates on which kinds of introductions are most suitable for which kind of usability test.

This deliverable provides a first overview of the state of the art on wireless security metrics and algorithms,

which are particularly very important with respect to the intrinsic vulnerability of the wireless

medium. The first part deals with building practical physical layer information-theoretic secure schemes.

Indeed, Shannon formalized the concepts of capacity (as a transmission efficiency measure) and equivocation

(as a measure of secrecy). While the concept of capacity has been extended to fading channels

with the introduction of concepts like the outage capacity or the ergodic capacity, similar paths are yet to

be developed concerning equivocation. In the second part, we present a taxonomy of threats for wireless

networks, and particularly for wireless sensor networks, in terms of the affected protocol layers. Besides,

an overview to attack tree and attack graph techniques as formal means for describing and measuring

vulnerabilities and thus also for assessing also the security level of wireless sensor networks is provided.

Finally, an overview to suitable security concepts for wireless networks is given

When using Voice over IP (VoIP) in Wireless Mesh Networks the overhead induced by the IEEE 802.11 PHY and MAC layer accounts for more than 80% of the channel utilization time, while the actual payload only uses 20% of the time. As a consequence, the Voice over IP capacity is very low. To increase the channel utilization efficiency and the capacity several IP packets can be aggregated in one large packet and transmitted at once. This paper presents a new hop-by-hop IP packet aggregation scheme for Wireless Mesh Networks.

The size of the aggregation packets is a very important performance factor. Too small packets yield poor aggregation efficiency; too large packets are likely to get dropped when the channel quality is poor. Two novel distributed protocols for calculation of the optimum respectively maximum packet size are described. The first protocol assesses network load by counting the arrival rate of routing protocol probe messages and constantly measuring the signal-to-noise ratio of the channel. Thereby the optimum packet size of the current channel condition can be calculated. The second protocol, which is a simplified version of the first one, measures the signal-to-noise ratio and calculates the maximum packet size.

The latter method is implemented in the ns-2 network simulator. Performance measurements with no aggregation, a fixed maximum packet size and an adaptive maximum packet size are conducted in two different topologies. Simulation results show that packet aggregation can more than double the number of supported VoIP calls in a Wireless Mesh Network. Adaptively determining the maximum packet size is especially useful when the nodes have different distances or the channel quality is very poor. In that case, adaptive aggregation supports twice as many VoIP calls as fixed maximum packet size aggregation.

Wireless Mesh Networks (WMNs) have emerged as a promising network technology, which combines the benefits of cellular networks and Wireless Local Area Networks (WLANs). In a WMN mesh routers wirelessly relay traffic on behalf of other mesh routers or clients and thereby provide coverage areas comparable to cellular networks, while having the low complexity and low costs of WLANs. As Voice over IP (VoIP) is a very important Internet service, it is critical for the success of WMNs to support high quality VoIP. However, currentWMNs are not adapted well for VoIP. The capacity and scalability of single-radio WMNs is low, especially for small packet transmissions of VoIP calls, because the MAC and PHY layer overhead for small packets is high. The scalability of multiradio/multi-channel WMNs is usually higher, since fewer nodes contend for a channel. However channel scheduling might be required, which can lead to excessive delay and jitter and result in poor VoIP quality. In this thesis we investigate how to deliver high quality VoIP in single radio and multi-radio networks by using cross-layer optimization. For single radio WMNs, we consider the use of IP packet aggregation and IEEE 802.11e transmission opportunities. We conclude that IP packet aggregation greatly improves the capacity and thereby the scalability of WMNs. We show that the key for providing good quality is to artificially delay packets prior to aggregation. We propose a distributed cross-layer optimization system, which, based on Fuzzy Logic Inference, derives an aggregation delay that enhances the capacity and quality. For multi-radio/multi-channel WMNs, we demonstrate the importance of qualityof- service-aware channel scheduling. We develop a quality-of-serviceaware channel scheduler that compared to a basic round-robin scheme significantly reduces jitter and in that way increases VoIP quality. Our analysis shows that there is a trade-off between the jitter of high priority VoIP traffic and the throughput of background TCP traffic. The proposed optimizations significantly increase the capacity of singleradio and multi-radio WMNs. This allows network operators to serve more users with an existing mesh infrastructure or provide better service delivery to existing users.

Abstract--- In multi-radio wireless mesh networks (WMNs) several radios can operate within one node simultaneously on different channels. Due to frequency selective fading and varying output powers of WLAN cards the received signal strength on channels in the U-NII band can differ by several dB. Furthermore, power leakage from neighboring channels in the frequency spectrum can cause adjacent channel interference (ACI). Using a IEEE 802.11a testbed, we experimentally evaluate the achievable throughput of a multi-radio mesh network in a string topology under the impact of ACI and channel heterogeneity. Our results show that for low PHY rates the channel separation is a good indicator for throughput. However, for high PHY rates the propagation properties of a specific channel also need to be considered. Based on the results we provide recommendations for designing channel assignment algorithms for IEEE 802.11-based WMNs

In Wireless mesh networks mesh access points (MAPs) forward traffic wirelessly towards users or Internet gateways. A user device usually connects to the MAP with the strongest signal, as such MAP should guarantee the best quality of service. However, this connection policy may lead to: (i) unfairness towards users that are distant from gateways; (ii) uneven distribution of users to MAPs; and (iii) inefficient use of network paths. We present a new model and solution approach to the problem of assigning users to MAPs and routing the data within the mesh network with the objective of providing max–min fair throughput. The problem is formulated as a mixed-integer linear programming problem (MILP). Because of the inherent complexity of the problem, real size instances cannot be solved to optimality within the time limits for online optimization. Therefore, we propose an original heuristic solution algorithm for the resulting MILP. Both numerical comparisons and network simulations demonstrate the effectiveness of the proposed heuristic. For random networks, the heuristic achieves 98% of the optimal solution. Network simulations show that in medium-sized networks, the number of users with at least 1Mbit/s minimum end-to-end rate increases by 550% when compared with the classical signal-strength based association.

In this demo, we will present KAUMesh, an experimental Wireless Broadband Mesh Network based on 802.11a/b/g WLAN devices that has been deployed at the Karlstad University Campus. KAUMesh comprises currently 20 mesh nodes, which are permanently installed to cover large areas inside the new House 21. Standard 802.11b/g based clients can be used to connect to the mesh as they would to any given normal WLAN access point. KAUMesh features multiple gateways that connect the mesh network towards the internet. By deploying multiple radio cards in mesh nodes, KAUMesh is able to fully exploit available spectrum in the mesh backbone. One radio card interface is used for transparent client access, using typically 802.11b/g mode. The mesh backhaul connectivity is established using multiple radio interfaces per mesh node. The interfaces involved in the backhaul use a hybrid channel assignment mechanism, which rebalances channel usage according to user demand. As the hybrid channel assignment involves channel switching, a novel scheduling approach for making the channel switching QoS aware has been developed. KAUMesh also supports 802.11e standard on the mesh interface to provide service differentiation on the mesh backhaul