Abstract: A method for introducing in-network services in an end-to-end communication path between two hosts includes: providing at least one middlebox entity and performing a registration procedure that includes registering the in-network services together with their respective service level agreements at the at least one middlebox entity; by at least one of the two hosts, sending a subscription for the in-network services to the at least one middlebox entity together with a policy list containing at least host-specific security requirements; by the at least one middlebox entity, evaluating potential conflicts between the host-specific security requirements and the service level agreements of the in-network services, and, in case no conflicts are detected, authenticating the in-network services; and inserting the authenticated in-network services within the end-to-end communication path and starting encrypted communication between the two hosts.

Abstract: A method of processing information centric networking (ICN) interest messages in a delay tolerant networking (DTN) scenario, wherein ICN data mules receive interests for content from end-users and disseminate content to end-users based on the interests and/or during encounters with other ICN data mules, includes performing a popularity estimation of content; appending, by a first end-user when forwarding an interest for given content to a data mule, a nonce to the interest; and employing, by a first data mule, the appended nonce according to predefined rules to maintain and/or record a counter for interests for the given content. The counter functions as a popularity indicator for the given content.

Abstract: A method for introducing in-network services in an end-to-end communication path between two hosts includes: providing at least one middlebox entity and performing a registration procedure that includes registering the in-network services together with their respective service level agreements at the at least one middlebox entity; by at least one of the two hosts, sending a subscription for the in-network services to the at least one middlebox entity together with a policy list containing at least host-specific security requirements; by the at least one middlebox entity, evaluating potential conflicts between the host-specific security requirements and the service level agreements of the in-network services, and, in case no conflicts are detected, authenticating the in-network services; and inserting the authenticated in-network services within the end-to-end communication path and starting encrypted communication between the two hosts.

Abstract: A method provides an information centric network with a software defined network based on an information centric networking protocol on top of a physical network based on an internet protocol. A controller in the software defined network receives a first packet of an object request in the information centric network. The controller encodes a message ID indicating an object source of the object request into a header of the first packet. The controller installs forwarding rules on forwarding elements in the physical network such that further packets of the object request are forwarded according to the installed forwarding rules by the forwarding elements rewriting headers of the further packets.

Abstract: A method for operating an information-centric network (ICN), wherein at least one named data object (NDO) is addressable, and wherein after an initial request, a request aggregation of subsequent requests for the at least one NDO is performed according to a definable rule. The method includes implementing software-defined networking (SDN) in the ICN with an SDN controller, and performing a network-wide request aggregation by the SDN controller.

Abstract: A method for assessing a message transmitted between at least: two parties via a previously unknown third party in a decentralized communication network, wherein all parties share a common trust architecture, includes publishing, on-behalf-of indication and public, security information of the third party; publishing, the message of the first party; evaluating the published information to extract published content of the first party by the second party as intended receiver of the message; verifying a real-world-identity of the third party and/or the signature of the third party based on the previously received trust information and/or based on the self-certifying name and the public security information of the third party; checking a trust information chain according to the common trust architecture from the second party to the third party; and assessing the content of the first party based on the checked trust chain.

Abstract: A method of processing information centric networking (ICN) interest messages in a delay tolerant networking (DTN) scenario, wherein ICN data mules receive interests for content from end-users and disseminate content to end-users based on the interests and/or during encounters with other ICN data mules, includes performing a popularity estimation of content; appending, by a first end-user when forwarding an interest for given content to a data mule, a nonce to the interest; and employing, by a first data mule, the appended nonce according to predefined rules to maintain and/or record a counter for interests for the given content. The counter functions as a popularity indicator for the given content.

Abstract: A method provides an information centric network with a software defined network based on an information centric networking protocol on top of a physical network based on an internet protocol. A controller in the software defined network receives a first packet of an object request in the information centric network. The controller encodes a message ID indicating an object source of the object request into a header of the first packet. The controller installs forwarding rules on forwarding elements in the physical network such that further packets of the object request are forwarded according to the installed forwarding rules by the forwarding elements rewriting headers of the further packets.

Abstract: A method and system provide an information centric network with a software defined network based on an information centric networking protocol on top of a physical network based on the internet protocol. There are forwarding elements in the physical network and a controller in the software defined network for controlling the forwarding elements. A publicly routable network address per domain for outside data object requests of named data objects is announced via the information centric network, and upon a first packet of an object request being received by an ingress element of the information centric network, the first packet is forwarded to the controller. The controller determines an object source for the requested named data object, encodes a message id into a header of the packet and establishes a forwarding path to forward the packet and further packets to the determined object source.

Abstract: A method for operating an information-centric network (ICN), wherein at least one named data object (NDO) is addressable, and wherein after an initial request, a request aggregation of subsequent requests for the at least one NDO is performed according to a definable rule. The method includes implementing software-defined networking (SDN) in the ICN with an SDN controller, and performing a network-wide request aggregation by the SDN controller.

Abstract: A method for assessing a message transmitted between at least: two parties via a previously unknown third party in a decentralized communication network, wherein all parties share a common trust architecture, includes publishing, on-behalf-of indication and public, security information of the third party; publishing, the message of the first party; evaluating the published information to extract published content of the first party by the second party as intended receiver of the message; verifying a real-world-identity of the third party and/or the signature of the third party based on the previously received trust information and/or based on the self-certifying name and the public security information of the third party; checking a trust information chain according to the common trust architecture from the second party to the third party; and assessing the content of the first party based on the checked trust chain.

Abstract: A method of operating a packet dropper in a congestion exposure-enabled network, wherein sending hosts and receiving hosts communicate with each other by sending flows of packets over network paths via intermediate routers, which, upon detecting congestion, mark packets of the flows as congestion packets, wherein congestion is indicated to the sending hosts by way of a congestion feedback mechanism, and wherein the sending hosts, upon receiving congestion indications, declare a subset of the packets they send as congestion response packets, thereby producing either conformant flows or non-conformant flows, depending on whether the amount of congestion response packets is balanced with the indicated congestion level or not, is characterized in that the packet dropper carries out in succession a series of traffic analyzing steps for identifying the non-conformant flows. Furthermore, a corresponding packet dropper for use in a congestion exposure-enabled network is described.

Abstract: A method and system provide an information centric network with a software defined network based on an information centric networking protocol on top of a physical network based on the internet protocol. There are forwarding elements in the physical network and a controller in the software defined network for controlling the forwarding elements. A publicly routable network address per domain for outside data object requests of named data objects is announced via the information centric network, and upon a first packet of an object request being received by an ingress element of the information centric network, the first packet is forwarded to the controller. The controller determines an object source for the requested named data object, encodes a message id into a header of the packet and establishes a forwarding path to forward the packet and further packets to the determined object source.

Abstract: A method of policing network traffic based on congestion on a flow-based programmable switch, such as an OpenFlow switch is provided. The method polices congestion-causing flows in a network by detecting congestion at a flow-based programmable switch on the network. Once congestion has been detected, the method identifies one or more flows that are causing the congestion at the flow-based programmable switch, and penalizes the flows that were identified as causing congestion. A flow-based programmable switch including a data plane having input ports, output ports, and forwarding rules that map packets received on an input port to an output port based on a packet matching a rule in the forwarding rules is also described.

Abstract: A method for supporting congestion management in a congestion exposure-enabled network, wherein sending hosts and receiving hosts communicate with each other by sending flows of packets over network paths via intermediate routers, which, upon detecting congestion, mark packets of the flows as congestion packets by including congestion information, wherein congestion is indicated to the sending hosts via a congestion feedback mechanism, and wherein the sending hosts, upon receiving congestion indications, declare a subset of the packets they send as congestion response packets by including congestion information, depending on whether the amount of congestion response packets is balanced with the indicated congestion level or not is characterized in that aggregated congestion is determined on the basis of congestion information included in packets that are sent over the network paths between the sending hosts and the receiving hosts.

Abstract: For allowing a particularly economic operation of a network with a high degree of energy conservation a method for operating a wireless radio network, especially a radio access network, is claimed, wherein the wireless radio network includes a core network, a number of base stations and at least one mobile host for wireless communication via at least one base station, wherein the method is characterized in that an association of powered on and powered off base stations within definable base station partitions will be arranged in a coordinated manner, thereby maintaining a minimum number or the smallest possible number of powered on base stations being necessary for accommodating a current traffic demand. Further, a network is claimed, preferably for carrying out the above mentioned method.

Abstract: For allowing a best possible usage of network resources even under congestion conditions a method for operating a wireless network, especially an IP (Internet Protocol) network, is described, wherein a queue management function based on an average queue length in a network element is used. The method is characterized in that a result of a weighting function will be combined or multiplied with the average queue length for determining a combined congestion contribution for use within the queue management function, wherein the weighting function takes into account per-user information on a wireless channel condition. Further, a corresponding wireless network, preferably for carrying out the above mentioned method, is also described.

Abstract: For allowing a very effective resource management and network utilization a method for resource management within a wireless network, especially EPS (Evolved Packet Core) of LTE (Long Term Evolution) network, is described, wherein a congestion control of data-traffic is performed. The method is characterized in that for congestion control a Re-ECN (Explicit Congestion Notification) function will be used wherein the Re-ECN function includes a policing function and a dropping function. Further, a corresponding wireless network is described, preferably for carrying out the above mentioned method.

Abstract: A method of policing network traffic based on congestion on a flow-based programmable switch, such as an OpenFlow switch is provided. The method polices congestion-causing flows in a network by detecting congestion at a flow-based programmable switch on the network. Once congestion has been detected, the method identifies one or more flows that are causing the congestion at the flow-based programmable switch, and penalizes the flows that were identified as causing congestion. A flow-based programmable switch including a data plane having input ports, output ports, and forwarding rules that map packets received on an input port to an output port based on a packet matching a rule in the forwarding rules is also described.

Abstract: A method for supporting congestion management in a congestion exposure-enabled network, wherein sending hosts and receiving hosts communicate with each other by sending flows of packets over network paths via intermediate routers, which, upon detecting congestion, mark packets of the flows as congestion packets by including congestion information, wherein congestion is indicated to the sending hosts via a congestion feedback mechanism, and wherein the sending hosts, upon receiving congestion indications, declare a subset of the packets they send as congestion response packets by including congestion information, depending on whether the amount of congestion response packets is balanced with the indicated congestion level or not is characterized in that aggregated congestion is determined on the basis of congestion information included in packets that are sent over the network paths between the sending hosts and the receiving hosts.