Research on network anycast

Anycast is defined as a service in IPv6, which provides stateless best effort delivery of an anycast datagram to at least one, and preferably only one host. It is a topic of increasing interest. This paper is an attempt to gather and report on the work done on anycast. There are two main categories at present: network-layer anycast and application-layer anycast. Both involve anycast architectures, routing algorithms, metrics, applications, etc. We also present an efficient algorithm for application-layer anycast, and point out possible research directions based on our research. <br /

An anycast based feedback aggregation scheme for efficient network transparency in cross-layer design

To ensure Quality of Service for multimedia data sessions in next generation mobile telecommunication systems, jointly-optimized cross-layer architectures were introduced recently. Such shemes usually require an adaptive media source which is able to modify the main parameters of ongoing connections by transferring control and feedback information via the network and through different protocol layers from application layer to physical layer and vice versa, according to the actual state of the path between peer nodes. This concept of transmitting cross-layer information is referred as network transparency in the literature, meaning that the underlying infrastructure is almost invisible to all the entities involved in joint optimization due to the continuous conveyance of cross-layer feedbacks. In this paper we introduce and evaluate a possible solution for reducing the network overhead caused by this volume of information exchange. Our soulution is based on the anycasting communication paradigm and creates a hierarchical data aggregation scheme allowing to adapt each entity of the multimedia transmission chain based on frequent feedbacks and even so in a low-bandwitdh manner

A COMMUNICATION FRAMEWORK FOR MULTIHOP WIRELESS ACCESS AND SENSOR NETWORKS: ANYCAST ROUTING & SIMULATION TOOLS

The reliance on wireless networks has grown tremendously within a number of varied application domains, prompting an evolution towards the use of heterogeneous multihop network architectures. We propose and analyze two communication frameworks for such networks. A first framework is designed for communications within multihop wireless access networks. The framework supports dynamic algorithms for locating access points using anycast routing with multiple metrics and balancing network load. The evaluation shows significant performance improvement over traditional solutions. A second framework is designed for communication within sensor networks and includes lightweight versions of our algorithms to fit the limitations of sensor networks. Analysis shows that this stripped down version can work almost equally well if tailored to the needs of a sensor network. We have also developed an extensive simulation environment using NS-2 to test realistic situations for the evaluations of our work. Our tools support analysis of realistic scenarios including the spreading of a forest fire within an area, and can easily be ported to other simulation software. Lastly, we us our algorithms and simulation environment to investigate sink movements optimization within sensor networks. Based on these results, we propose strategies, to be addressed in follow-on work, for building topology maps and finding optimal data collection points. Altogether, the communication framework and realistic simulation tools provide a complete communication and evaluation solution for access and sensor networks

Anycast services and its applications

Anycast in next generation Internet Protocol is a hot topic in the research of computer networks. It has promising potentials and also many challenges, such as architecture, routing, Quality-of-Service, anycast in ad hoc networks, application-layer anycast, etc. In this thesis, we tackle some important topics among them. The thesis at first presents an introduction about anycast, followed by the related work. Then, as our major contributions, a number of challenging issues are addressed in the following chapters. We tackled the anycast routing problem by proposing a requirement based probing algorithm at application layer for anycast routing. Compared with the existing periodical based probing routing algorithm, the proposed routing algorithm improves the performance in terms of delay. We addressed the reliable service problem by the design of a twin server model for the anycast servers, providing a transparent and reliable service for all anycast queries. We addressed the load balance problem of anycast servers by proposing new job deviation strategies, to provide a similar Quality-of-Service to all clients of anycast servers. We applied the mesh routing methodology in the anycast routing in ad hoc networking environment, which provides a reliable routing service and uses much less network resources. We combined the anycast protocol and the multicast protocol to provide a bidirectional service, and applied the service to Web-based database applications, achieving a better query efficiency and data synchronization. Finally, we proposed a new Internet based service, minicast, as the combination of the anycast and multicast protocols. Such a service has potential applications in information retrieval, parallel computing, cache queries, etc. We show that the minicast service consumes less network resources while providing the same services. The last chapter of the thesis presents the conclusions and discusses the future work

An Architecture for Global Distributed SIP Network Using IPv4 Anycast

Tato diplomová práce se zabývá metodami pro výběr nejbližší RTP proxy k VoIP klientům s použitím IP anycastu. RTP proxy servery jsou umístěny v síti Internetu a přeposílají RTP data pro VoIP klienty za síťovými překladači adres(NAT). Bez zeměpisně rozmístěných RTP proxy serverů a metod pro nalezení nejbližšího RTP proxy serveru by došlo ke zbytečnému poklesu kvality přenosu médialních dat a velkému zpoždení. Tento dokument navrhuje 4 metody a jejich porovnání s podrobnějšími rozbory metod s využitím DNS resolvování a přímo SIP protokolu. Tento dokument také obsahuje měření chování IP anycastu v porovnání mezi metrikami směrování a metrikami časovými. Nakonec dokumentu je také uvedena implemetace na SIP Express Router platformě.This thesis is about using IP anycast-based methods for locating RTP proxy servers close to VoIP clients. The RTP proxy servers are hosts on the public Internet that relay RTP media between VoIP clients in a way that accomplishes traversal over Network Address Translators (NATs). Without geographically-dispersed RTP proxy servers and methods to find one in client's proximity, voice latency may be unbearably long and dramatically reduce perceived voice quality. This document proposes four methods their comparison with further design of DNS-based and SIP-based methods. It includes IP anycast measurements that provides an overview of IP anycast behaviour in terms of routing metrics and latency metrics. It also includes implementation on SIP Express Router platform.

보안 설정의 공간적 차이를 이용한 TLS 다운그레이드 공격

학위논문 (석사) -- 서울대학교 대학원 : 공과대학 컴퓨터공학부, 2021. 2. 권태경.To provide secure content delivery, Transport Layer Security (TLS) has become a de facto standard over a couple of decades. However, TLS has a long history of security weaknesses and drawbacks. Thus the security of TLS has been enhanced by addressing security problems through continuous version upgrades. Meanwhile, to provide fast content delivery globally, websites need to administer many machines in globally distributed environments. They often delegate the management of machines to web hosting services or Content Delivery Networks (CDNs), where the security configurations on distributed servers may vary depending on the managing entities or locations. By leveraging these spatial differences in TLS security, we present a new TLS downgrade attack, called a Teleport attack. In our attack model, an adversary collects the information of (web) domains that exhibit different TLS versions and cryptographic options depending on clients locations. Then the adversary redirects TLS handshake messages to weak TLS servers, and downgrades TLS sessions, which both the server and the client may not be aware of. We measure how many domains in the wild are vulnerable to the Teleport attack, and seek to better understand the root causes of the spatial differences in TLS security configurations. We also measure the redirection delay in various locations over the world to demonstrate the feasibility of the Teleport attack.지난 수십 년간 TLS(Transport Layer Security)는 안전한 웹 콘텐츠의 전달을 위한 사실상의 표준으로 자리매김했다. 그러나 TLS는 오랜 기간동안 지속적으로 취약점을 노출해 왔으며, 그로 인해 TLS의 안전성은 지속적인 버전 업그레이드를 통해 보안 문제들을 해결함으로써 유지되어 왔다. 한편, 세계각지의 사용자들에게 웹 콘텐츠를 빠르게 전달하기 위하여 웹서비스 제공자들이 지리적으로 분산된 환경에서 많은 서버들을 유지할 필요성이 대두되었다. 그 결과 웹 호스팅 또는 CDN(Content Delivery Networks) 서비스 제공자에게 자신들의 웹 콘텐츠를 위임하는 경우가 많아졌으며, 이때 분산된 서버들의 보안 설정 또한 위임되어 관리 주체나 서비스 지역에 따라 달라질 수 있게 되었다. 이러한 TLS 보안 설정의 공간적 차이를 활용하여 우리는 새로운 TLS 다운그레이드 공격으로 이른바 텔레포트(Teleport) 공격을 제시한다. 이 공격 모델에서 공격자는 클라이언트의 지리적 위치에 따라 다른 TLS 버전과 암호 옵션을 제공하는 도메인들의 정보를 수집한다. 그런 다음, 클라이언트의 TLS 연결 메시지를 다른 지역의 취약한 서버로 우회시켜 서버와 클라이언트 양자가 알아차리지 못하게 TLS 세션을 다운그레이드한다. 우리는 실제 환경에서 얼마나 많은 도메인들이 텔레포트 공격에 취약한지를 측정하였으며, TLS 보안 설정의 공간적 차이가 발생하는 근본적인 원인을 추적하기 위한 분석을 수행하였다. 또한 여러 지역에서 세션 우회로 인한 지연 시간을 측정하여 텔레포트 공격의 실효성을 입증하였다.Chapter 1. Introduction 1 Chapter 2. Background 6 2.1 TLS Handshakes and Downgrade Attacks 6 2.2 CDN Redirection 8 Chapter 3. Teleport Attack 10 3.1 Threat Model 10 3.2 Populating Target Database 12 3.3 TLS Handshake Redirection 14 3.4 Downgraded Session Exploitation 17 3.5 Summary 18 Chapter 4. Effect of the Teleport attack 19 4.1 Data Collection 19 4.2 Vulnerable Domains 21 4.3 Cases of Spatial Differences 25 4.4 How Web Servers are Managed 26 4.5 Classification Results 31 Chapter 5. Feasibility of the Teleport attack 34 Chapter 6. Discussions 38 6.1 Mitigation 38 6.2 Limitations 39 Chapter 7. Related Work 41 Chapter 8. Conclusion 44Maste

Performance Evaluation of TCP Multihoming for IPV6 Anycast Networks and Proxy Placement

In this thesis, the impact of multihomed clients and multihomed proxy servers on the performance of modern networks is investigated. The network model used in our investigation integrates three main components: the new one-to-any Anycast communication paradigm that facilitates server replication, the next generation Internet Protocol Version 6 (IPv6) that offers larger address space for packet switched networks, and the emerging multihoming trend of connecting devices and smart phones to more than one Internet service provider thereby acquiring more than one IP address. The design of a previously proposed Proxy IP Anycast service is modified to integrate user device multihoming and Ipv6 routing. The impact of user device multihoming (single-homed, dual-homed, and triple-homed) on network performance is extensively analyzed using realistic network topologies and different traffic scenarios of client-server TCP flows. Network throughput, packet latency delay and packet loss rate are the three performance metrics used in our analysis. Performance comparisons between the Anycast Proxy service and the native IP Anycast protocol are presented. The number of Anycast proxy servers and their placement are studied. Five placement methods have been implemented and evaluated including random placement, highest traffic placement, highest number of active interface placements, K-DS placement and a new hybrid placement method. The work presented in this thesis provides new insight into the performance of some new emerging communication paradigms and how to improve their design. Although the work has been limited to investigating Anycast proxy servers, the results can be beneficial and applicable to other types of overlay proxy services such as multicast proxies

Providing Administrative Control and Autonomy in Structured Peer-to-Peer Overlays

self-organizing substrate for distributed applications and support powerful abstractions such as distributed hash tables (DHTs) and group communication. However, in most of these systems, lack of control over key placement and routing paths raises concerns over autonomy, administrative control and accountability of participating organizations. Additionally, structured p2p overlays tend to assume global connectivity while in reality, network address translation and firewalls limit connectivity among hosts in different organizations. In this paper, we present a general technique that ensures content/path locality and administrative autonomy for participating organizations, and provides natural support for NATs and firewalls. Instances of conventional structured overlays are configured to form a hierarchy of identifier spaces that reflects administrative boundaries and respects connectivity constraints among networks