One of the key research issues in further strengthening the role of railways in the transportation system is to achieve the highest possible level of cyber security against significant threats to the signaling and telecom systems. The European Rail Traffic Management System (ERTMS) was designed in the 1990s with the security measures and strategies available at the time. However, ERTMS' underlying communication technology, GSM-R, needs replacing, and replacement strategies are already underway. Due to their direct effects on safety, ERTMS security mechanisms also need updating to face current security threats. This article provides a security analysis of ERTMS' safety layer, Euroradio, in terms of current security threats. After identifying its vulnerabilities, we present four main recommendations: a more robust cryptographic mechanism, a new key distribution scheme, a new key storage and system integrity module, and a set of countermeasures for avoiding radio jamming attacks.

Reliability is a key research issue to promote the role of rail in the transportation system. An important set of critical and vital railway services, such as Traction Power Supply and Supervision Systems, relay currently on modern Supervisory Control and Data Acquisition (SCADA) systems. At the same time, these large scale and networked SCADA systems are deployed over heterogeneous wide area networks. Current strategies to warrant reliability on these systems focus on costly equipment redundancy or retransmission techniques with associated delay penalization. In this paper, we propose a MultiPath strategy with redundant policy to increase reliability in railway SCADA over TCP/IP systems. We built a hybrid simulation tool with real Modbus over TCP/IP equipment and validate our approach comparing the obtained results with three alternative strategies (default TCP/IP, backup and default delivery policy).

IP-enabled sensors can be globally addressable by any Internet-connected entity, and therefore, their protection presents different challenges than that of traditional sensors, as they are subject to any potential attacker in the Internet. For this reason, specific security protocols must be developed to address the security requirements of IP-enabled sensors. An interesting approach to achieve this aim is the Ladon security protocol, which allows resource-deprived devices to efficiently implement end-to-end authentication, authorisation and key establishment mechanisms. However, in so limited environments such as sensor networks, not only efficient protocols must be defined, but they must also be optimally parameterised. This paper constitutes a step forward in this direction. First, a state transition model of the Ladon protocol is presented to analytically describe its behaviour. Then, this model is used to select the most effective parameterisation of the protocol in terms of message retransmissions and execution of cryptographic operations. The obtained results show that the selected parameterisation allows maximising the probability of a successful secure session establishment, while keeping the overhead introduced by the protocol low. Additionally, the performance comparison carried out shows that Ladon outperforms alternative approaches to achieve the same objective in terms of message transmission and reception operations.

The possibility to deploy telecommunication services based on the availability of a fully flow-aware network is an appealing possibility. Concepts like Network Service Chaining and Network Function Virtualization expect the information to be manageable at the flow level. But, for this concept to be available for the development of user-centric applications, the access network should also be made flow-aware. In this paper we present the integration of a legacy DOCSIS based access network under an OpenFlow Control Framework by using the Hardware Abstraction Layer designed in the FP7 ALIEN project. The result is a dynamic wide area OpenFlow switch that spawns from the aggregation switch to the home equipment and hides all the complexity (including the provisioning) of the access technology to an unmodified and standard OpenFlow controller. As a result, the access network can react not only to any kind of user traffic but also to the connection of CPE to the network. The approach used is technology independent, and the results have been successfully demonstrated over a Cisco based DOCSIS access network.

This paper presents FlowNAC, a Flow-based Network Access Control solution that allows to grant users the rights to access the network depending on the target service requested. Each service, defined univocally as a set of flows, can be independently requested and multiple services can be authorized simultaneously. Building this proposal over SDN principles has several benefits: SDN adds the appropriate granularity (fine- or coarse-grained) depending on the target scenario and flexibility to dynamically identify the services at data plane as a set of flows to enforce the adequate policy. FlowNAC uses a modified version of IEEE 802.1X (novel EAPoL-in-EAPoL encapsulation) to authenticate the users (without the need of a captive portal) and service level access control based on proactive deployment of flows (instead of reactive). Explicit service request avoids misidentifying the target service, as it could happen by analyzing the traffic (e.g. private services). The proposal is evaluated in a challenging scenario (concurrent authentication and authorization processes) with promising results.

This paper describes an experimentally-tested approach towards programmability for legacy network elements in the software-defined networking architecture. As OpenFlow is a leading control-plane protocol enabling SDN in modern networks, yet not all equipment is compatible with this framework. This problem is addressed in ALIEN, the FP7 research project, where Hardware Abstraction Layer (HAL) for non-OpenFlow capable devices is introduced. This paper describes outcomes of the project, and specifically, gives a set of examples of the successful implementation of OpenFlow through the HAL on ‘alien’ devices.

Nowadays, several devices supporting OpenFlow versions beyond 1.0 are available on the market. However, existent OpenFlow testbeds like OFELIA do not provide support for such devices, therefore it is hard for the research community to explore and test the newest functionalities of the protocol in realistic environments. This paper gives a short overview of two different architectures investigated within the FP7 ALIEN project that both aim to overcome this limitation within the OFELIA experimental facility.

The rise of cloud services poses considerable challenges on the control of both cloud and carrier network infrastructures. While traditional telecom network services rely on rather static processes (often involving manual steps), the wide adoption of mobile devices including tablets, smartphones and wearables introduce previously unseen dynamics in the creation, scaling and withdrawal of new services. These phenomena require optimal flexibility in the characterization of services, as well as on the control and orchestration of both carrier and cloud infrastructure. This paper proposes a unified programmability framework addressing: the unification of network and cloud resources, the integrated control and management of cloud and network, the description for programming networked/cloud services, and the provisioning processes of these services. In addition proofs-of-concept are provided based on existing opensource control software components.