6 research outputs found
Recommended from our members
Design and Implementation of an Economy Plane for the Internet
The Internet has been very successful in supporting many network applications. As the diversity of uses for the Internet has increased, many protocols and services have been developed by the industry and the research community. However, many of them failed to get deployed in the Internet. One challenge of deploying these novel ideas in operational network is that the network providers need to be involved in the process.
Many novel network protocols and services, like multicast and end-to-end QoS, need the support from network providers. However, since network providers are typically driven by business reasons, if they can not get economic profit from supporting new protocols and services, they will not deploy them. Therefore, we conclude that the lack of explicit economic relationship in the current Internet hinders the innovation of itself, and it is critical that a network architecture intrinsically considers economic relationships.
ChoiceNet is an NSF funded Future Internet Architecture (FIA) project that aims to address these challenges. ChoiceNet proposes an ``economy plane\u27\u27 of the Internet to explicitly represent economic relationship within the architecture. This economy plane enables entities in the network to dynamically set up fine-grained, short-term economic contracts for network services. A marketplace can be established for advertising and selling services. The services can be simple path services ( pathlets ) between end-points, or more complex processing and storage services (e.g., transcoding and caching).
ChoiceNet is a comprehensive project, and its architecture is designed by researchers from several institutes. This work will not cover every aspect of it. Instead, this work will focus on five aspects of ChoiceNet: 1) service definition and protocol design, 2) marketplace design, 3) use plane design, 4) path finding algorithm design, and 5) access control for services. Service definition aims at a unified and extensible description of services, and the method to compose them. Marketplace design discusses the protocols used to advertise and request services. The use plane design describes how network providers and users will access the Marketplace while preserving the existing infrastructure and applications, it also discusses how to progressively deploy ChoiceNet in the current Internet. The path finding algorithm design proposes ParetoBFS, an algorithm finding all the Pareto-optimal paths in a multi-criteria network. The access control discusses how to prevent unauthorized usage of the services, we present OrthCredential, an algorithm for high-performance access control in ChoiceNet. To prove the feasibility of such an economy plane, this work presents a Software Defined Networking (SDN) based implementation of ChoiceNet. The implementation has been deployed and tested on GENI, a global test bed for network architectures.
By designing and implementing ChoiceNet, this work tries to offer a network architecture that users can select from several different network services rather than being limited to a single choice. By enabling greater choice, ChoiceNet can promote competition among providers for price and quality. This competition will lead to lower prices and higher quality services, which are beneficial for consumers and eventually help bring sustained innovation into the Internet
Security and Privacy of IP-ICN Coexistence: A Comprehensive Survey
Internet usage has changed from its first design. Hence, the current Internet
must cope with some limitations, including performance degradation,
availability of IP addresses, and multiple security and privacy issues.
Nevertheless, to unsettle the current Internet's network layer i.e., Internet
Protocol with ICN is a challenging, expensive task. It also requires worldwide
coordination among Internet Service Providers , backbone, and Autonomous
Services. Additionally, history showed that technology changes e.g., from 3G to
4G, from IPv4 to IPv6 are not immediate, and usually, the replacement includes
a long coexistence period between the old and new technology. Similarly, we
believe that the process of replacement of the current Internet will surely
transition through the coexistence of IP and ICN. Although the tremendous
amount of security and privacy issues of the current Internet taught us the
importance of securely designing the architectures, only a few of the proposed
architectures place the security-by-design. Therefore, this article aims to
provide the first comprehensive Security and Privacy analysis of the
state-of-the-art coexistence architectures. Additionally, it yields a
horizontal comparison of security and privacy among three deployment approaches
of IP and ICN protocol i.e., overlay, underlay, and hybrid and a vertical
comparison among ten considered security and privacy features. As a result of
our analysis, emerges that most of the architectures utterly fail to provide
several SP features including data and traffic flow confidentiality,
availability and communication anonymity. We believe this article draws a
picture of the secure combination of current and future protocol stacks during
the coexistence phase that the Internet will definitely walk across
Recommended from our members
Improving Computer Network Operations Through Automated Interpretation of State
Networked systems today are hyper-scaled entities that provide core functionality for distributed services and applications spanning personal, business, and government use. It is critical to maintain correct operation of these networks to avoid adverse business outcomes. The advent of programmable networks has provided much needed fine-grained network control, enabling providers and operators alike to build some innovative networking architectures and solutions. At the same time, they have given rise to new challenges in network management. These architectures, coupled with a multitude of devices, protocols, virtual overlays on top of physical data-plane etc. make network management a highly challenging task. Existing network management methodologies have not evolved at the same pace as the technologies and architectures. Current network management practices do not provide adequate solutions for highly dynamic, programmable environments. We have a long way to go in developing management methodologies that can meaningfully contribute to networks becoming self-healing entities. The goal of my research is to contribute to the design and development of networks towards transforming them into self-healing entities.
Network management includes a multitude of tasks, not limited to diagnosis and troubleshooting, but also performance engineering and tuning, security analysis etc. This research explores novel methods of utilizing network state to enhance networking capabilities. It is constructed around hypotheses based on careful analysis of practical deficiencies in the field. I try to generate real-world impact with my research by tackling problems that are prevalent in deployed networks, and that bear practical relevance to the current state of networking. The overarching goal of this body of work is to examine various approaches that could help enhance network management paradigms, providing administrators with a better understanding of the underlying state of the network, thus leading to more informed decision-making. The research looks into two distinct areas of network management, troubleshooting and routing, presenting novel approaches to accomplishing certain goals in each of these areas, demonstrating that they can indeed enhance the network management experience
Security Properties of Information-centric Networks
The IP network was built decades ago, and with today s use of Internet, a new network layer protocol is much needed. Named Data Networking (NDN) is a proposal for content-centric discovery and routing. Yet, the public key infrastructure issue has not been solved in NDN. Identity-based cryptography (IBC) seems to be applicable to wireless sensor networks,
and even more applicable when deployed over NDN.
In this paper I will explain the NDN architecture and the basics of IBC. Further, I will model and implement a trust model in a thought sensor network using IBC, running over NDN.
Implementing and testing my proposal verifies the relevancy of IBC over wireless sensor network running over NDN, and the usability of developing applications over NDN.
I formally and informally prove the security in the protocols suggested for device registration and data pull under deployment in the application
Distribution efficace des contenus dans les réseaux : partage de ressources sans fil, planification et sécurité
In recent years, the amount of traffic requests that Internet users generate on a daily basis has increased exponentially, mostly due to the worldwide success of video streaming services, such as Netflix and YouTube. While Content-Delivery Networks (CDNs) are the de-facto standard used nowadays to serve the ever increasing users’ demands, the scientific community has formulated proposals known under the name of Content-Centric Networks (CCN) to change the network protocol stack in order to turn the network into a content distribution infrastructure. In this context this Ph.D. thesis studies efficient techniques to foster content distribution taking into account three complementary problems:1) We consider the scenario of a wireless heterogeneous network, and we formulate a novel mechanism to motivate wireless access point owners to lease their unexploited bandwidth and cache storage, in exchange for an economic incentive.2) We study the centralized network planning problem and (I) we analyze the migration to CCN; (II) we compare the performance bounds for a CDN with those of a CCN, and (III) we take into account a virtualized CDN and study the stochastic planning problem for one such architecture.3) We investigate the security properties on access control and trackability and formulate ConfTrack-CCN: a CCN extension to enforce confidentiality, trackability and access policy evolution in the presence of distributed caches.Au cours de ces dernières années, la quantité de trafic que les utilisateurs Internet produisent sur une base quotidienne a augmenté de façon exponentielle, principalement en raison du succès des services de streaming vidéo, tels que Netflix et YouTube. Alors que les réseaux de diffusion de contenu (Content-Delivery Networks, CDN) sont la technique standard utilisée actuellement pour servir les demandes des utilisateurs, la communauté scientifique a formulé des propositions connues sous le nom de Content-Centric Networks (CCN) pour changer la pile de protocoles réseau afin de transformer Internet en une infrastructure de distribution de contenu. Dans ce contexte, cette thèse de doctorat étudie des techniques efficaces pour la distribution de contenu numérique en tenant compte de trois problèmes complémentaires : 1) Nous considérons le scénario d’un réseau hétérogène sans fil, et nous formulons un mécanisme pour motiver les propriétaires des points d’accès à partager leur capacité WiFi et stockage cache inutilisés, en échange d’une contribution économique.2) Nous étudions le problème centralisé de planification du réseau en présence de caches distribuées et (I) nous analysons la migration optimale du réseau à CCN; (II) nous comparons les bornes de performance d’un réseau CDN avec ceux d’un CCN, et (III) nous considérons un réseau CDN virtualisé et étudions le problème stochastique de planification d’une telle infrastructure.3) Nous considérons les implications de sécurité sur le contrôle d’accès et la traçabilité, et nous formulons ConfTrack-CCN, une extension deCCN utilisée pour garantir la confidentialité, traçabilité et l’évolution de la politique d’accès, en présence de caches distribuées