Kolesnikov V.,Domain Labs |
Shikfa A.,Bell Laboratories
Bell Labs Technical Journal | Year: 2012
Much of the value of cloud services lies in leveraging client data, which often conflicts with the client's desire to keep that data private. Reconciling these contradictory requirements is an important research and engineering problem, whose efficient solution would have a far-reaching business impact. Generic theoretical approaches, such as fully-homomorphic encryption, are inefficient. Ad hoc approaches, such as order-preserving encryption (OPE), provide solutions to a limited class of problems (e.g., evaluating encrypted range queries). Security achieved in real systems, even if an "ideal OPE" is employed, is hard to evaluate, and is often only illusory, since the ability to order ciphertexts may reveal a lot about the underlying plaintexts. We concentrate on a typical application of OPE, encrypted searchable webmail service. We describe how the use of OPE in this setting may divulge information and discuss approaches to minimize its impact. The main avenue to improve privacy is to appropriately limit the type of interactions that should be allowed with a webmail server. © 2012 Alcatel-Lucent.
Benno S.,Alcatel - Lucent |
Esteban J.O.,Alcatel - Lucent |
Rimac I.,Domain Labs
Bell Labs Technical Journal | Year: 2011
HTTP adaptive streaming (HAS) is becoming popular for video delivery because it dynamically provides high quality content. A HAS client does this by requesting a small chunk of video at a time, selecting the chunk quality based on inferred network conditions and its own buffer state. Because chunks are requested using Hypertext Transfer Protocol (HTTP), they traverse firewalls and are cacheable like any other Web content. Even though HAS is compatible with existing infrastructure, HAS's near-real time demands and the new request patterns it causes require an understanding of the interaction between the network and HAS algorithms. In this paper, we evaluate the responsiveness of HAS algorithms under dynamic conditions and how it affects the overall user experience as well as key infrastructure resources, particularly intermediate caches. Relevant scenarios we evaluate include varying delays, available bandwidth, cache response times, and interaction with competing traffic. © 2011 Alcatel-Lucent.
Razavi R.,Alcatel - Lucent |
Klein S.,Domain Labs |
Claussen H.,Alcatel - Lucent
Bell Labs Technical Journal | Year: 2010
Optimization of antenna downtilt is an important aspect of coverage optimization in cellular networks. In this paper, an algorithm based on the combination of fuzzy logic and reinforcement learning is proposed and applied to the downtilt optimization problem to achieve the self-configuration, self-optimization, and self-healing functionalities required for future communication networks. To evaluate the efficiency of the proposed scheme, we use a detailed Long Term Evolution (LTE) simulation environment and employ an algorithm for configuring and optimizing the downtilt angle of the LTE base station antennas. This scheme is fully distributed and does not require any synchronization between network elements. Compared to an existing solution, evolutionary learning of fuzzy rules (ELF), the solution we propose provides up to 20 percent improvement in performance. In addition to self-x capabilities, the experiments further confirm the reliability and robustness of the algorithm in extremely noisy environments. © 2010 Alcatel-Lucent. Published by Wiley Periodicals, Inc.
Bessis T.,Alcatel - Lucent |
Gurbani V.K.,Domain Labs |
Rana A.,Alcatel - Lucent
Bell Labs Technical Journal | Year: 2011
As the deployment of Session Initiation Protocol (SIP) accelerates, there is an accompanying need to secure the SIP infrastructure. One way to do so is through a SIP firewall, which is loosely defined as a device that blocks attacks mounted via SIP. Using this definition, a firewall is indistinguishable from a session border controller (SBC), also used by SIP service providers to secure their networks. SIP firewalls and SBCs are often deployed by SIP service providers at the periphery of the network to impose some manner of order on the SIP traffic before allowing it to enter the network. In this vein, a SIP firewall needs to effectively block many SIP attacks and distinguish a distributed denial of service (DDoS) attack from a classic overload traffic arrival rate. But what exactly is a firewall and what features should it provide in its role of inspecting SIP traffic bound for the service provider's network? What are the economic and technical tradeoffs necessary for ubiquitous deployment? In this paper, we define the role of a firewall in protecting the IP Multimedia Subsystem (IMS) or SIP-based core network, distinguish it from an SBC, and characterize the specific threats to SIP messages at the L2 (data link layer), L3 (network layer), L4 (transport layer), and L5 (session layer). We show how a SIP firewall can thwart these attacks and we propose an implementation based on a simplified, but fully hardware accelerated SIP proxy as a front end SIP firewall. Such a system naturally blocks most attacks and implements many defense mechanisms. © 2011 Alcatel-Lucent.
Stanze O.,Domain Labs |
Weber A.,Domain Labs
Bell Labs Technical Journal | Year: 2013
Heterogeneous networks (HetNets) are a powerful solution to handle the rapidly increasing demand for mobile broadband bandwidth and are a key concept of Alcatel-Lucent's lightRadio™ strategy. HetNets consist of small cells embedded in a macrocellular network and enable flexible and scalable capacity enhancements. The first part of this paper discusses basic HetNet-specific aspects, e.g., small cell placement and fairness with respect to service quality. We present solutions for cell range expansion of small cells, which enables more user equipment (UEs) to profit from the additional capacity. The second part discusses advanced approaches for interference management optimized for HetNets. We present advanced solutions which exploit the possibilities offered by new Long Term Evolution (LTE)-Advanced features like enhanced inter-cell interference coordination (eICIC) and carrier aggregation (CA). We evaluate the performance of these advanced solutions based on standards compliant downlink (DL) system simulations in different application scenarios and provide recommendations on advanced scheduling strategies. © 2013 Alcatel-Lucent.