Date of Award

6-2012

Degree Name

Doctor of Philosophy

Department

Electrical and Computer Engineering

First Advisor

Dr. Liang Dong

Second Advisor

Dr. Ikhlas Abdel-Qader

Third Advisor

Dr. Janos L. Grantner

Fourth Advisor

Dr. Kapseong Ro

Keywords

network security, multi-agent systems, network performance, scheduling, QoS, buffer estimation

Abstract

Conventional real-time scheduling algorithms are in care of timing constraints; they don’t pay any attention to enhance or optimize the real-time packet’s security performance. In this work, we propose an adaptive security-aware scheduling with congestion control mechanism for packet switching networks using real-time agentbased systems. The proposed system combines the functionality of real-time scheduling with the security service enhancement, where the real-time scheduling unit uses the differentiated-earliest-deadline-first (Diff-EDF) scheduler, while the security service enhancement scheme adopts a congestion control mechanism based on a resource estimation methodology.

The security service enhancement unit was designed based on two models: singlelayer and weighted multi-layer design models. For single-layer, the design provides an enhancement for a single security service: confidentiality, integrity, or authentication, while the weighted multi-layer design provides an enhancement for multiple security services with different weights on a real-time network with multiprocessor end nodes. The proposed system provides the required QoS guarantees for different classes of real-time data flows (video, audio), while adaptively enhances the packet’s security service levels according to a feedback from the congestion control model, which efficiently utilizes the buffering system at the edge network, and thus protects the network from being congested by heavy traffic load.

Our agent-based system eliminates the overhead of the security association phase performed by the internet protocol security (IPsec). Such elimination had been achieved by overloading the priority code point (PCP) fields of the IEEE 802.1Q tagged frame format for the single-layer scheme, while repeated single-layer and overloading the PCP and the virtual-LAN identifier (VID) fields of the IEEE 802.1Q were the adopted methodologies by the weighted multi-layer security design model.

By using the Diff-EDF scheduler, the proposed system minimizes the flows miss rates and the flows average total delays compared to the earliest-deadline-first (EDF) and the first-come-first-served (FCFS) schedulers. From the other hand, our adaptive security enhancement scheme minimizes the buffer consumption, the average total packet delays, and the pending packets at the end users compared to the IPsec protocol. It was also compared to an implemented feedback-IPsec, where our adaptive system eliminated the repeated security associations performed by the feedback-IPsec, hence less overhead and increases the chances to meet the flows QoS requirements.

Access Setting

Dissertation-Open Access

Download

Share

COinS