Browsing by Author "Suomalainen, Jani"

Filter results by typing the first few letters
Now showing 1 - 5 of 5
  • Critical communications over mobile operators' networks: 5G use cases enabled by licensed spectrum sharing, network slicing and QoS control
    (2018-11-28) Höyhtyä, Marko; Lähetkangas, Kalle; Suomalainen, Jani; Hoppari, Mika; Kujanpää, Kaisa; Ngo, Kien Trung; Kippola, Tero; Heikkilä, Marjo; Posti, Harri; Mäki, Jari; Savunen, Tapio; Hulkkonen, Ari; Kokkinen, Heikki
     A1 Alkuperäisartikkeli tieteellisessä aikakauslehdessä
    Commercial mobile operators' networks will be used for public safety communications due to demand for wireless broadband services, new applications, and smart devices. Existing dedicated professional mobile radio (PMR) networks, such as terrestrial trunked radio (TETRA), Tetrapol, and project 25 (P25), are based on narrowband technologies and hence their data bandwidth is limited. This paper studies how critical communications needed e.g., by ambulance personnel, rescue squads, and law enforcement agencies can be implemented over a 5G network. The most important technology enablers are described and test network architectures used in our project given. We focus on two different use cases: First, how to enable priority communications over a commercial mobile network. Second, how to create rapidly deployable networks for emergency and tactical operations. Tests done with the implemented systems in real networks show that both approaches are very promising for future critical users. Techniques such as network slicing and licensed shared access (LSA) provide means to support mission critical applications in any environment.
  • Cybersecurity for tactical 6G networks: threats, architecture, and intelligence
    (2025-01) Suomalainen, Jani; Ahmad, Ijaz; Shajan, Annette; Savunen, Tapio
     A1 Alkuperäisartikkeli tieteellisessä aikakauslehdessä
    Edge intelligence, network autonomy, broadband satellite connectivity, and other concepts for private 6G networks are enabling new applications for public safety authorities, e.g., for police and rescue personnel. Enriched situational awareness, group communications with high-quality video, large scale IoT, and remote control of vehicles and robots will become available in any location and situation. We analyze cybersecurity in intelligent tactical bubbles, i.e., in autonomous rapidly deployable mobile networks for public safety operations. Machine learning plays major roles in enabling these networks to be rapidly orchestrated for different operations and in securing these networks from emerging threats, but also in enlarging the threat landscape. We explore applicability of different threat and risk analysis methods for mission-critical networked applications. We present the results of a joint risk prioritization study. We survey security solutions and propose a security architecture, which is founded on the current standardization activities for terrestrial and non-terrestrial 6G and leverages the concepts of machine learning-based security to protect mission-critical assets at the edge of the network.
  • Intelligent Security for 5G Networks and Beyond - Enablers of Customized Active Defenses for Mobile Communication Applications
    (2022) Suomalainen, Jani
     School of Science | Doctoral dissertation (article-based)
    The evolution of security in mobile communication networks is driven by vulnerabilities in previous generations, the need to address insider threats, diverse requirements from different user sectors, as well as opportunities and challenges arising from the emerging technologies. For new users, such as industry and public safety authorities, transitions from own dedicated network infrastructures to commercial networks and 3GPP-based technologies mean large changes also from the security perspective. The transition enables cost-efficiency and new user applications but changes the threat landscape and increases the risks of disturbances and information leaking due to adversaries who are sharing the infrastructure. To manage the growing complexity and threat landscape, intelligent and active defense solutions are needed. Intelligent security means the capability to achieve security goals in different situations with the optimal use of resources. Active defense means the capability to make attacks harder with dynamic network and security measures. Intelligent security requires solutions to collect and share information, analyze the security situation and react accordingly. The tools for intelligent security include artificial intelligence and machine learning, which provide rapid means to react against previously unseen threats but which may also open up new vulnerabilities. This dissertation explores requirements and solutions for customizing network security for different applications and for enabling active defenses. The dissertation includes articles, which analyze selected concepts and enablers for intelligent security. Literature analyses focus on special challenges in communications for public safety authorities as well as new threats arising from the use of machine learning. The enablers include micro-segmentation, which is a method for creating fine-grained logical network slices on top of a shared infrastructure. A designed intelligent security approach for micro-segmentation is based on software networks and continuous learning. Adaptive pseudonymization is an example of the use of real-time threat analysis to adapt active security and privacy defenses. Tactical bubbles are rapidly deployable networks, which are targeted for public safety users and which can be isolated from the commercial infrastructure by logical and physical solutions. The explored use cases provide examples of how the security of mobile communication networks can be adapted to fulfill the needs of different applications and how security resources can be focused on security-critical communications.
  • Kartonginvalmistuksen ja ulkoistetun arkituksen optimointi
    (2009) Shemeikka, Antto
     Helsinki University of Technology | Master's thesis
    Diplomityön tarkoituksena oli selvittää, kuinka optimoida kartonkikonetta ja ulkoistettua arkitusta eri tilaustilanteissa. Työn päätavoitteena oli luoda ohjeet ja laskelmat siitä, missä tilanteissa kannattaa optimoida kartonkikoneen trimmihyötysuhdetta ja missä tilanteissa ulkoisen arkittajan läpimenoa, jotta toimitusketju olisi kokonaisuutena kustannustehokkain ja luotettavin. Diplomityössä käydään läpi tuotannonohjauksen ja -suunnittelun teoriaa sekä kuvataan Consumer Packagingin tehtaiden tuotannonsuunnittelu- ja ohjausprosessien eroja. Eri toimintatapoja analysoidaan ohjausjärjestelmistä saadun datan sekä keskusteluiden ja haastattelujen avulla. Työn teoriassa perehdytään myös kartonginvalmistuksen kustannuksiin ja tehokkuuden laskentaan sekä kartongin arkittamisen kustannuksiin ja tehokkuustekijöihin. Ulkoisen arkituksen tehokkuutta vertailtiin lisäksi sisäisen arkittamon tehokkuuteen. Myös kartongin valmistus- ja arkitusprosessi kuvataan asioiden käsittelyn ymmärtämiseksi. Selvitysten pohjalta tehdään kustannuslaskelmat ja toimintaohjeet eri kysyntätilanteisiin. Tutkimuksissa ulkoinen arkittaminen osoittautui omaan Simpeleen arkittamoon nähden noin 50 prosenttia kalliimmaksi. Lisäksi ulkoisen laitoksen tehokkuustekijät olivat huomattavasti Simpeleen arvoja heikommalla tasolla. Laskelmista ja selvityksistä saatujen tulosten perusteella voidaan todeta, että ylikysyntätilanteessa kartonkikoneen trimmihyötysuhteen optimointi on selvästi kustannustehokkaampaa kuin ulkoisen arkittajan läpimenon optimointi. Tällöin ulkoinen arkittamo muodostaa kuitenkin helposti pullonkaulan toimitusketjuun. Trimmihyötysuhteen optimointi on kaikkein käyttökelpoisin metodi vakavassa alikysynnässä, jolloin arkituskapasiteettia pitäisi olla riittävästi. Lievässä alikysyntätilanteessa jalostuslähtöinen suunnittelu on kannattavaa, jos ulkoisen arkituksen hinta laskee 4,5 prosenttia. Ylikysyntätilanteessa vaadittava alennus on 15 prosenttia ja vakavassa alikysyntätilanteessa 9 prosenttia. Jalostuslähtöinen suunnittelu onkin käyttökelpoisinta lievässä alikysynnässä etenkin, jos arkittamo on pullonkaula. Lopullinen kokonaiskustannustehokkuus riippuu tällöin ulkoisen arkittajan kanssa tehdyn sopimuksen luonteesta.
  • Smart Authentication and Authorization in Heterogeneous Networked World
    (2013) Suomalainen, Jani
     Perustieteiden korkeakoulu | Licentiate thesis
    Our living environments are full of various connected computing devices. These environments in homes, offices, public spaces, transportation etc. are gaining abilities to acquire and apply knowledge about the environment and its users in order to improve users' experience in that environment. However, before smart adaptive solutions can be deployed in critical applications, authentication and authorization mechanisms are needed to provide protection against various security threats. These mechanisms must be able to interoperate and share information with different devices. The thesis focuses to questions on how to facilitate the interoperability of authentication and authorization solutions and how to enable adaptability and smartness of these solutions. To address questions, this thesis explores existing authentication and authorizations solutions. Then the thesis builds new reusable, interoperable, and adaptive security solutions. The smart space concept, based on semantic web technologies and publish-and-subscribe architecture, is recognized as a prominent approach for interoperability. We contribute by proposing solutions, which facilitate implementation of smart access control applications. An essential enabler for smart spaces is a secure platform for information sharing. This platform can be based on various security protocols and frameworks, providing diverse security levels. We survey security-levels and feasibility of some key establishment protocols and solutions for authentication and authorization. We also study ecosystem and adaptation issues as well as design and implement a fine-grained and context-based reusable security model, which enables development of self-configuring and adaptive authorization solutions.