Search Results (13)

To address the key challenges of poor real-time interaction, insufficient integration of operating rules, and limited virtual–physical synergy in current carrier-based aircraft scheduling simulations, this study proposes an immersive digital twin platform that integrates a two-layer genetic algorithm (GA) with hardware-in-the-loop (HIL) semi-physical validation. The platform architecture combines high-fidelity 3D visualization-based modeling (of aircraft, carrier deck, and auxiliary equipment) with real-time data exchange via TCP/IP, establishing a collaborative virtual–physical simulation environment. Three key innovations are presented: (1) a two-tier genetic algorithm (GA)-based scheduling model is proposed to coordinate global planning and dynamic execution optimization for carrier-based aircraft operations; (2) a systematic constraint integration framework incorporating aircraft taxiing dynamics, deck spatial constraints, and safety clearance requirements into the scheduling system, significantly enhancing tactical feasibility compared to conventional approaches that oversimplify multidimensional operational rules; (3) an integrated virtual–physical simulation architecture merging virtual reality interaction with HIL verification, establishing a collaborative digital twin–physical device platform for immersive visualization of full-process operations and dynamic spatiotemporal evolution characterization. Experimental results indicate that this work bridges the gap between theoretical scheduling algorithms and practical naval aviation requirements, offering a standardized testing platform for intelligent carrier-based aircraft operations. Full article

(1) Background: In orthognathic surgery, segmental Le Fort I osteotomies are a valuable method to correct maxillary deformities or transversal discrepancies. However, these procedures are technically challenging, and osteosynthesis can be prone to error. (2) Methods: In this retrospective, monocentric cohort study, patients were enrolled who underwent a virtually planned segmental maxillary osteotomy during their combined treatment. Positioning and osteosynthesis were achieved by either a 3D-printed splint and conventional miniplates or patient-specific implants (PSI). The preoperative CT data, virtual planning data, and postoperative CBCT data were segmented. The deviation of all the segments from the desired virtually planned position was measured using the analysis function of IPS CaseDesigner. (3) Results: 28 Patients in the PSI Group and 22 in the conventional groups were included. The PSI group showed significantly lower deviation from the planned position anteroposteriorly (−0.63 ± 1.62 mm vs. −1.3 ± 2.54 mm) and craniocaudally (−1.39 ± 1.59 mm vs. −2.7 ± 3.1 mm). For rotational deviations, the pitch (0.64 ± 2.59° vs. 2.91 ± 4.08°), as well as the inward rotation of the lateral segments, was positively influenced by PSI. (4). Conclusions: The presented data show that patient-specific osteosynthesis significantly reduces deviations from the preoperative plan in virtually planned cases. Transversal expansions and vertical positioning can be addressed better. Full article

The proliferation of devices for the Internet of Things (IoT) and their implication in many activities of our lives have led to a considerable increase in concern about the security of these devices, posing a double challenge for designers and developers of products. On the one hand, the design of new security primitives, suitable for resource-limited devices, can facilitate the inclusion of mechanisms and protocols to ensure the integrity and privacy of the data exchanged over the Internet. On the other hand, the development of techniques and tools to evaluate the quality of the proposed solutions as a step prior to their deployment, as well as to monitor their behavior once in operation against possible changes in operating conditions arising naturally or as a consequence of a stress situation forced by an attacker. To address these challenges, this paper first describes the design of a security primitive that plays an important role as a component of a hardware-based root of trust, as it can act as a source of entropy for True Random Number Generation (TRNG) or as a Physical Unclonable Function (PUF) to facilitate the generation of identifiers linked to the device on which it is implemented. The work also illustrates different software components that allow carrying out a self-assessment strategy to characterize and validate the performance of this primitive in its dual functionality, as well as to monitor possible changes in security levels that may occur during operation as a result of device aging and variations in power supply or operating temperature. The designed PUF/TRNG is provided as a configurable IP module, which takes advantage of the internal architecture of the Xilinx Series-7 and Zynq-7000 programmable devices and incorporates an AXI4-based standard interface to facilitate its interaction with soft- and hard-core processing systems. Several test systems that contain different instances of the IP have been implemented and subjected to an exhaustive set of on-line tests to obtain the metrics that determine its quality in terms of uniqueness, reliability, and entropy characteristics. The results obtained prove that the proposed module is a suitable candidate for various security applications. As an example, an implementation that uses less than 5% of the resources of a low-cost programmable device is capable of obfuscating and recovering 512-bit cryptographic keys with virtually zero error rate. Full article

Decoupled data and control planes in Software Defined Networks (SDN) allow them to handle an increasing number of threats by limiting harmful network links at the switching stage. As storage, high-end servers, and network devices, Network Function Virtualization (NFV) is designed to replace purpose-built network elements with VNFs (Virtualized Network Functions). A Software Defined Network Function Virtualization (SDNFV) network is designed in this paper to boost network performance. Stateful firewall services are deployed as VNFs in the SDN network in this article to offer security and boost network scalability. The SDN controller’s role is to develop a set of guidelines and rules to avoid hazardous network connectivity. Intruder assaults that employ numerous socket addresses cannot be adequately protected by these strategies. Machine learning algorithms are trained using traditional network threat intelligence data to identify potentially malicious linkages and probable attack targets. Based on conventional network data (DT), Bayesian Network (BayesNet), Naive-Bayes, C4.5, and Decision Table (DT) algorithms are used to predict the target host that will be attacked. The experimental results shows that the Bayesian Network algorithm achieved an average prediction accuracy of 92.87%, Native–Bayes Algorithm achieved an average prediction accuracy of 87.81%, C4.5 Algorithm achieved an average prediction accuracy of 84.92%, and the Decision Tree algorithm achieved an average prediction accuracy of 83.18%. There were 451 k login attempts from 178 different countries, with over 70 k source IP addresses and 40 k source port addresses recorded in a large dataset from nine honeypot servers. Full article

Network Functions Virtualization (NFV) is a key technology for network automation and has been instrumental to materialize the disruptive view of 5G and beyond mobile networks. In particular, 5G embraces NFV to support the automated and agile provision of telecommunication and vertical services as a composition of versatile virtualized components, referred to as Virtual Network Functions (VNFs). It provides a high degree of flexibility in placing these components on distributed NFV infrastructures (e.g., at the network edge, close to end users). Still, this flexibility creates new challenges in terms of VNF connectivity. To address these challenges, we introduce a novel secure link-layer connectivity platform, L2S. Our solution can automatically be deployed and configured as a regular multi-site NFV service, providing the abstraction of a layer-2 switch that offers link-layer connectivity to VNFs deployed on remote NFV sites. Inter-site communications are effectively protected using existing security solutions and protocols, such as IP security (IPsec). We have developed a functional prototype of L2S using open-source software technologies. Our evaluation results indicate that this prototype can perform IP tunneling and cryptographic operations at Gb/s data rates. Finally, we have validated L2S using a multi-site NFV ecosystem at the Telefonica Open Network Innovation Centre (5TONIC), using our solution to support a multicast-based IP television service. Full article

Software-defined networking (SDN) architecture has provided well-known advantages in terms of network programmability, initially offering a standard, open, and vendor-agnostic interface (e.g., OpenFlow) to instruct the forwarding behavior of network devices from different vendors. However, in the last few years, data plane programmability has emerged as a promising approach to extend the network management allowing the definition and programming of customized and non-standardized protocols, as well as specific packet processing pipelines. In this paper, we propose an in-network key-based routing protocol called P4-KBR, in which end-points (hosts, contents or services) are identified by virtual identifiers (keys) instead of IP addresses, and where P4 network elements are programmed to be able to route the packets adequately. The proposal was implemented and evaluated using bmv2 P4 switches, verifying how data plane programmability offers a powerful tool to overcome continuing challenges that appear in SDN networks. Full article

Due to the rapid growth of the Internet of Things (IoT), applications such as the Augmented Reality (AR)/Virtual Reality (VR), higher resolution media stream, automatic vehicle driving, the smart environment and intelligent e-health applications, increasing demands for high data rates, high bandwidth, low latency, and the quality of services are increasing every day (QoS). The management of network resources for IoT service provisioning is a major issue in modern communication. A possible solution to this issue is the use of the integrated fiber-wireless (FiWi) access network. In addition, dynamic and efficient network configurations can be achieved through software-defined networking (SDN), an innovative and programmable networking architecture enabling machine learning (ML) to automate networks. This paper, we propose a machine learning supervised network traffic classification scheduling model in SDN enhanced-FiWi-IoT that can intelligently learn and guarantee traffic based on its QoS requirements (QoS-Mapping). We capture the different IoT and non-IoT device network traffic trace files based on the traffic flow and analyze the traffic traces to extract statistical attributes (port source and destination, IP address, etc.). We develop a robust IoT device classification process module framework, using these network-level attributes to classify IoT and non-IoT devices. We tested the proposed classification process module in 21 IoT/Non-IoT devices with different ML algorithms and the results showed that classification can achieve a Random Forest classifier with 99% accuracy as compared to other techniques. Full article

Mobile ad-hoc networks (MANETs) have great potential applications in military missions or emergency rescue due to their no-infrastructure, self-organizing and multi hop capability characteristics. Obviously, it is important to implement a low-cost and efficient mechanism of anti-invasion, anti-eavesdropping and anti-attack in MANETs, especially for military scenarios. The purpose of intruding or attacking a MANET is usually different from that of wired Internet networks whose security mechanism has been widely explored and implemented. For MANETs, moving target defense (MTD) is a suitable mechanism to enhance the network security, whose basic idea is to continuously and randomly change the system parameters or configuration to create inaccessibility for intruders and attackers. In this paper, a two-layer IP hopping-based MTD approach is proposed, in which device IP addresses or virtual IP addresses change or hop according to the network security status and requirements. The proposed MTD scheme based on the two-layer IP hopping has two major advantages in terms of network security. First, the device IP address of each device is not exposed to the wireless physical channel at all. Second, the two-layer IP hops with individual interval and rules to obtain enhanced security of MANET while maintaining relatively low computational load and communication cost for network control and synchronization. The proposed MTD scheme is implemented in our developed MANET terminals, providing three level of network security: anti-intrusion in normal environment, intrusion detection in offensive environment and anti-eavesdropping in a hostile environment by combining the data encryption technology. Full article

The advantage of using the Network Address Translation device is that the internal IP address, which makes the IP address space of Internet of Things (IoT) devices expanded, is invisible from the outside and safe from external attacks. However, the use of these private IPv4 addresses poses traversal problems, especially for the mobile IoTs to operate peer-to-peer applications. An alternative solution is to use IPv6 technologies for future IoT devices. However, IPv6 package, including IPSec, is too complex to apply to the IoT device because it is a technology developed for the user terminal with enough computing power. This paper proposes a gatekeeper to enable the real IP addresses of IoTs inside the same subnetwork to be not explicitly addressable and visible from outside of the gatekeeper. Each IoT device publishes its virtual IP address via the Registrar Server or Domain Name System (DNS) with which the gatekeeper shares the address mapping information. While the gatekeeper maintains the mapping information for the local IoT devices, the registration server or DNS has global address mapping information so that any peer can reach the mapping information. All incoming and outgoing packets must pass through the gatekeeper responsible for the address conversion and security checks for them from the entrance. This paper aims to apply our gatekeeper system to a platform of self-driving cars that allows surrounding IoT cameras and autonomous vehicles to communicate with each other securely, safely, and rapidly. So, this paper finally analyzes improvement effects on latency to show that our gatekeeper system guarantees the latency goal of 20 ms under the environment of 5G links. Full article

In recent years we have been assisting a radical change in the way devices are connected to the Internet. In this new scope, the traditional TCP/IP host-centric network fails in large-scale mobile wireless distributed environments, such as IoT scenarios, due to node mobility, dynamic topologies and intermittent connectivity, and the Information-Centric Networking (ICN) paradigm has been considered the most promising candidate to overcome the drawbacks of host-centric architectures. Despite bringing efficient solutions for content distribution, the basic ICN operating principle, where content must always be associated with an interest, has serious restrictions in IoT environments in relation to scale, performance, and naming, among others. To address such drawbacks, we are presenting ndnIoT-FC, an NDN-based architecture that respects the ICN rules but offers special treatment for IoT traffic. It combines efficient hybrid naming with strategies to minimize the number of interests and uses caching strategies that virtually eliminates copies of IoT data from intermediate nodes. The ndnIoT-FC makes available new NDN-based application-to-application protocol to implement a signature model operation and tools to manage its life cycle, following a publisher-subscriber scheme. To demonstrate the versatility of the proposed architecture, we show the results of the efficient gathering of environmental information in a simulation environment considering different and distinct use cases. Full article

Over the years, the cellular mobile network has evolved from a wireless plain telephone system to a very complex system providing telephone service, Internet connectivity and many interworking capabilities with other networks. Its air interface performance has increased drastically over time, leading to high throughput and low latency. Changes to the core network, however, have been slow and incremental, with increased complexity worsened by the necessity of backwards-compatibility with older-generation systems such as the Global System for Mobile communication (GSM). In this paper, a new virtualized Peer-to-Peer (P2P) core network architecture is presented. The key idea of our approach is that each user is assigned a private virtualized copy of the whole core network. This enables a higher degree of security and novel services that are not possible in today’s architecture. We describe the new architecture, focusing on its main elements, IP addressing, message flows, mobility management, and scalability. Furthermore, we will show some significant advantages this new architecture introduces. Finally, we investigate the performance of our architecture by analyzing voice-call traffic available in a database of a large U.S. cellular network provider. Full article

The existing traffic light system fails to deal with the increase in vehicular traffic requirements due to fixed time programming. Traffic flow suffers from vehicle delay and congestion. A new networking technology called vehicular ad hoc networking (VANET) offers a novel solution for vehicular traffic management. Nowadays, vehicles communicate with each other (V2V), infrastructure (V2I), or roadside units (V2R) using IP-based networks. Nevertheless, IP-based networks demonstrate low performance with moving nodes as they depend on communication with static nodes. Currently, the research community is studying a new networking architecture based on content name called named data networking (NDN) to implement it in VANET. NDN is suitable for VANET as it sends/receives information based on content name, not content address. In this paper, we present one of VANET’s network applications over NDN, a smart traffic light system. Our system solves the traffic congestion issue as well as reducing the waiting time of vehicles in road intersections. This system replaces the current conventional system with virtual traffic lights (VTLs). Instead of installing traffic lights at every intersection, we utilize a road side unit (RSU) to act as the intersection controller. Instead of a light signal, the RSU collects the orders of vehicles that have arrived or will arrive at the intersection. After processing the orders according to the priority policy, the RSU sends an instant message for every vehicle to pass the intersection or wait for a while. The proposed system mimics a human policeman intersection controlling. This approach is suitable for autonomous vehicles as they only receive signals from the RSU instead of processing many images. We provide a map of future work directions for enhancing this solution to take into account pedestrian and parking issues. Full article

In disaster management services, the dynamic binding between roles and individuals for creating response teams across multiple organizations to act during a disaster recovery time period is an important task. Existing studies have shown that IP-based or traditional telephony solutions are not well-suited to deal with such group communication. Research has also shown the advantages of leveraging information centric networking (ICN) in providing essential communication in disaster management services. However, present studies use a centralized networking architecture for disaster management, in which disaster information is gathered and processed at a centralized management center before incident responses are made and warning messages are sent out. The centralized design can be inefficient in terms of scalability and communication. The reason is that when the network is very large (i.e., country level), the management for disaster services becomes very complicated, with a large number of organizations and offices. Disaster data are required to be transmitted over a long path before reaching the central management center. As a result, the transmission overhead and delay are high. Especially when the network is fragmented and network connectivity from a disaster-affected region to the central management center is disconnected, the service may be corrupted. In this paper, we designed and implemented a distributed edge cloud architecture based on ICN and network function virtualization (NFV) to address the above issues. In the proposed architecture, disaster management functions with predefined disaster templates were implemented at edge clouds closed to local regions to reduce the communication overhead and increase the service availability. The real implementation and performance evaluation showed that the proposed architecture achieves a significant improvement in terms of average bandwidth utilization, disaster notification delivery latency, routing convergence time, and successful request ratio compared to the existing approaches. Full article