A Video Timeline with Bookmarks and Prefetch State for Faster Video Browsing

International audienceReducing seek latency by predicting what the users will access is important for user experience, particularly during video browsing, where users seek frequently to skim through a video. Much existing research strived to predict user access pattern more accurately to improve the prefetching hit rate. This paper proposed a different approach whereby the prefetch hit rate is improved by biasing the users to seek to prefetched content with higher probability, through changing the video player user interface. Through a user study, we demonstrated that our player interface can lead to up to 4$\times$ more seeks to bookmarked segments and reduce seek latency by 40\%, compared to a video player interface commonly used today. The user study also showed that the user experience and the understanding of the video content when browsing is not compromised by the changes in seek behavior.

Reflections on security options for the real-time transport protocol framework

The Real-time Transport Protocol (RTP) supports a range of video conferencing, telephony, and streaming video ap- plications, but offers few native security features. We discuss the problem of securing RTP, considering the range of applications. We outline why this makes RTP a difficult protocol to secure, and describe the approach we have recently proposed in the IETF to provide security for RTP applications. This approach treats RTP as a framework with a set of extensible security building blocks, and prescribes mandatory-to-implement security at the level of different application classes, rather than at the level of the media transport protocol

Multi-layer virtual transport network design and management

Nowadays there is an increasing need for a general paradigm that can simplify network management and further enable network innovations. Software Defined Networking (SDN) is an efficient way to make the network programmable and reduce management complexity, however it is plagued with limitations inherited from the legacy Internet (TCP/IP) architecture. On the other hand, service overlay networks and virtual networks are widely used to overcome deficiencies of the Internet. However, most overlay/virtual networks are single-layered and lack dynamic scope management. Furthermore, how to solve the joint problem of designing and mapping the overlay/virtual network requests for better application and network performance remains an understudied area. In this thesis, in response to limitations of current SDN management solutions and of the traditional single-layer overlay/virtual network design, we propose a recursive approach to enterprise network management, where network management is done through managing various Virtual Transport Networks (VTNs) over different scopes (i.e., regions of operation). Different from the traditional overlay/virtual network model which mainly focuses on routing/tunneling, our VTN approach provides communication service with explicit Quality-of-Service (QoS) support for applications via transport flows, i.e., it involves all mechanisms (e.g., addressing, routing, error and flow control, resource allocation) needed to meet application requirements. Our approach inherently provides a multi-layer solution for overlay/virtual network design. The contributions of this thesis are threefold: (1) we propose a novel VTN-based management approach to enterprise network management; (2) we develop a framework for multi-layer VTN design and instantiate it to meet specific application and network goals; and (3) we design and prototype a VTN-based management architecture. Our simulation and experimental results demonstrate the flexibility of our VTN-based management approach and its performance advantages

Can NSEC5 be practical for DNSSEC deployments?

NSEC5 is proposed modification to DNSSEC that simultaneously guarantees two security properties: (1) privacy against offline zone enumeration, and (2) integrity of zone contents, even if an adversary compromises the authoritative nameserver responsible for responding to DNS queries for the zone. This paper redesigns NSEC5 to make it both practical and performant. Our NSEC5 redesign features a new fast verifiable random function (VRF) based on elliptic curve cryptography (ECC), along with a cryptographic proof of its security. This VRF is also of independent interest, as it is being standardized by the IETF and being used by several other projects. We show how to integrate NSEC5 using our ECC-based VRF into the DNSSEC protocol, leveraging precomputation to improve performance and DNS protocol-level optimizations to shorten responses. Next, we present the first full-fledged implementation of NSEC5—extending widely-used DNS software to present a nameserver and recursive resolver that support NSEC5—and evaluate their performance under aggressive DNS query loads. Our performance results indicate that our redesigned NSEC5 can be viable even for high-throughput scenarioshttps://eprint.iacr.org/2017/099.pdfFirst author draf

Infective flooding in low-duty-cycle networks, properties and bounds

Flooding information is an important function in many networking applications. In some networks, as wireless sensor networks or some ad-hoc networks it is so essential as to dominate the performance of the entire system. Exploiting some recent results based on the distributed computation of the eigenvector centrality of nodes in the network graph and classical dynamic diffusion models on graphs, this paper derives a novel theoretical framework for efficient resource allocation to flood information in mesh networks with low duty-cycling without the need to build a distribution tree or any other distribution overlay. Furthermore, the method requires only local computations based on each node neighborhood. The model provides lower and upper stochastic bounds on the flooding delay averages on all possible sources with high probability. We show that the lower bound is very close to the theoretical optimum. A simulation-based implementation allows the study of specific topologies and graph models as well as scheduling heuristics and packet losses. Simulation experiments show that simple protocols based on our resource allocation strategy can easily achieve results that are very close to the theoretical minimum obtained building optimized overlays on the network

A survey of denial-of-service and distributed denial of service attacks and defenses in cloud computing

Cloud Computing is a computingmodel that allows ubiquitous, convenient and on-demand access to a shared pool of highly configurable resources (e.g., networks, servers, storage, applications and services). Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) attacks are serious threats to the Cloud services’ availability due to numerous new vulnerabilities introduced by the nature of the Cloud, such as multi-tenancy and resource sharing. In this paper, new types of DoS and DDoS attacks in Cloud Computing are explored, especially the XML-DoS and HTTP-DoS attacks, and some possible detection and mitigation techniques are examined. This survey also provides an overview of the existing defense solutions and investigates the experiments and metrics that are usually designed and used to evaluate their performance, which is helpful for the future research in the domain

Multi-layered virtual transport network design and management (PhD Thesis)

Nowadays there is an increasing need for a general paradigm that can simplify network management and further enable network innovations. Softwa re Defined Networking (SDN) is an efficient way to make the network programmable and reduce management complexity, however it is plagued with limitations inherited from the legacy Internet (TCP/IP) architecture. On the other hand, service overlay networks and virtual networks are widely usedto overcome deficiencies of the Internet. However, most over lay/virtual networks are single- layered and lack dynamic scope management. Furthermore, how to solve the joint problem of designing and mapping the overlay/virtual network requests for better application and network performance remains an understudied area. In this thesis, in response to limitations of current SDN management solutions and of the traditional single-layer overlay/virtual network design, we propose a recursive approach to enterprise network management, where network management is done through managing various Virtual Transport Networks (VTNs) over different scopes (i.e., regions of opera-tion). Different from the traditional overlay/virtual network model which mainly focuses on routing/tunneling, our VTN approach provides communication service with explicit Quality-of-Service (QoS) support for applications via transport flows, i.e., it involves all mechanisms (e.g., addressing, routing, error and flow control, resource allocation) needed to meet application requirements. Our approach inherently provides a multi-layer solution for overlay/virtual network design. The contributions of this thesis are threefold: (1) we propose a novel VTN-based management approach to enterprise network management; (2) we develop a framework for multi-layer VTN design and instantiate it to meet specific application and network goals; and (3) we design and prototype a VTN-based management architecture. Our simulation and experimental results demonstrate the flexibility of our VTN-based management approach and its performance advantages

AEGIS: Validating Execution Behavior of Controller Applications in Software-Defined Networks

The software-defined network (SDN) controller provides an application programming interface (API) for network applications and controller modules. Malicious applications and network attackers can misuse these APIs to cause outbreaks on the controller. The controller is the heart of the SDN and should be secured from such API misuse scenarios and network attacks. Most of the prior research in security for SDN controllers focuses on a defense mechanism for a particular attack scenario that requires changes in the controller code. This research proposes dynamic access control and a policy engine-based approach for protecting the SDN controller from network attacks and application bugs, thus defending against the misuse of the controller APIs. The proposed AEGIS protects controller APIs and defines a set of access, semantic, syntactic and communication policy rules and a permission set for accessing controller APIs. It utilizes the traditional API hooking technique to control API usage. We generated various attack scenarios that included application bugs and network attacks on the Floodlight SDN controller and showed that applying AEGIS secured the Floodlight controller APIs and hence protected them from network attacks and application bugs. Finally, we discuss performance comparison tests of the new AEGIS controller implementation for memory usage, API execution time and boot-up time and conclude that AEGIS effectively protects the SDN controller for trustworthy operations