Efficient Micro-Mobility using Intra-domain Multicast-based Mechanisms (M&M)

One of the most important metrics in the design of IP mobility protocols is the handover performance. The current Mobile IP (MIP) standard has been shown to exhibit poor handover performance. Most other work attempts to modify MIP to slightly improve its efficiency, while others propose complex techniques to replace MIP. Rather than taking these approaches, we instead propose a new architecture for providing efficient and smooth handover, while being able to co-exist and inter-operate with other technologies. Specifically, we propose an intra-domain multicast-based mobility architecture, where a visiting mobile is assigned a multicast address to use while moving within a domain. Efficient handover is achieved using standard multicast join/prune mechanisms. Two approaches are proposed and contrasted. The first introduces the concept proxy-based mobility, while the other uses algorithmic mapping to obtain the multicast address of visiting mobiles. We show that the algorithmic mapping approach has several advantages over the proxy approach, and provide mechanisms to support it. Network simulation (using NS-2) is used to evaluate our scheme and compare it to other routing-based micro-mobility schemes - CIP and HAWAII. The proactive handover results show that both M&M and CIP shows low handoff delay and packet reordering depth as compared to HAWAII. The reason for M&M's comparable performance with CIP is that both use bi-cast in proactive handover. The M&M, however, handles multiple border routers in a domain, where CIP fails. We also provide a handover algorithm leveraging the proactive path setup capability of M&M, which is expected to outperform CIP in case of reactive handover.Comment: 12 pages, 11 figure

The Raincore Distributed Session Service for Networking Elements

Motivated by the explosive growth of the Internet, we study efficient and fault-tolerant distributed session layer protocols for networking elements. These protocols are designed to enable a network cluster to share the state information necessary for balancing network traffic and computation load among a group of networking elements. In addition, in the presence of failures, they allow network traffic to fail-over from failed networking elements to healthy ones. To maximize the overall network throughput of the networking cluster, we assume a unicast communication medium for these protocols. The Raincore Distributed Session Service is based on a fault-tolerant token protocol, and provides group membership, reliable multicast and mutual exclusion services in a networking environment. We show that this service provides atomic reliable multicast with consistent ordering. We also show that Raincore token protocol consumes less overhead than a broadcast-based protocol in this environment in terms of CPU task-switching. The Raincore technology was transferred to Rainfinity, a startup company that is focusing on software for Internet reliability and performance. Rainwall, Rainfinity’s first product, was developed using the Raincore Distributed Session Service. We present initial performance results of the Rainwall product that validates our design assumptions and goals

WAIT: Selective Loss Recovery for Multimedia Multicast.

Recently the Internet has been increasingly used for multi-party applications like video-conferencing, video-on-demand and shared white-boards. Multicast extensions to IP to support multi-party applications are best effort, often resulting in packet loss within the network. Since some multicast applications can not tolerate packet loss, most of the existing reliable multicast schemes recover each and every lost packet. However, multimedia applications can tolerate a certain amount of packet loss and are sensitive to long recovery delays. We propose a new loss recovery technique that selectively repairs lost packets based upon the amount of packet loss and delay expected for the repair. Our technique sends a special WAIT message down the multicast tree in the event a loss is detected in order to reduce the number of retransmission requests. We also propose an efficient sender initiated multicast trace-route mechanism for determining the multicast topology and a mechanism to deliver the topology information to the multicast session participants. We evaluate our proposed technique using an event driven network simulator, comparing it with two popular reliable multicast protocols, SRM and PGM. We conclude that our proposed WAIT protocol can reduce the overhead on a multicast session as well as improve the average end-to-end latency of the session

Network-supported layered multicast transport control for streaming media

Multicast is very efficient in distributing large volume of data to multiple receivers over the Internet. Layered multicast helps solve the heterogeneity problem in multicast delivery. Extensive work has been done in the area of layered multicast, for both congestion control and error control. In this paper, we focus on network-supported protocols for streaming media. Most of the existing work solves the congestion control and error control problems separately, and do not give an integrated, efficient solution. In this paper, after reviewing related work, we introduce our proposed protocols, RALM and RALF. The former is a congestion control protocol and the latter is an error control protocol. They work under the same framework and provide an integrated solution. We also extend RALM to RALM-II, which is compatible with TCP traffic. We analyze the complexity of the proposed protocols in the network and investigated their performance through simulations. We show that our solution achieves significant performance gains with reasonable additional complexity. © 2007 IEEE.published_or_final_versio

Security and Privacy Issues in Wireless Mesh Networks: A Survey

This book chapter identifies various security threats in wireless mesh network (WMN). Keeping in mind the critical requirement of security and user privacy in WMNs, this chapter provides a comprehensive overview of various possible attacks on different layers of the communication protocol stack for WMNs and their corresponding defense mechanisms. First, it identifies the security vulnerabilities in the physical, link, network, transport, application layers. Furthermore, various possible attacks on the key management protocols, user authentication and access control protocols, and user privacy preservation protocols are presented. After enumerating various possible attacks, the chapter provides a detailed discussion on various existing security mechanisms and protocols to defend against and wherever possible prevent the possible attacks. Comparative analyses are also presented on the security schemes with regards to the cryptographic schemes used, key management strategies deployed, use of any trusted third party, computation and communication overhead involved etc. The chapter then presents a brief discussion on various trust management approaches for WMNs since trust and reputation-based schemes are increasingly becoming popular for enforcing security in wireless networks. A number of open problems in security and privacy issues for WMNs are subsequently discussed before the chapter is finally concluded.Comment: 62 pages, 12 figures, 6 tables. This chapter is an extension of the author's previous submission in arXiv submission: arXiv:1102.1226. There are some text overlaps with the previous submissio

Analysis domain model for shared virtual environments

The field of shared virtual environments, which also encompasses online games and social 3D environments, has a system landscape consisting of multiple solutions that share great functional overlap. However, there is little system interoperability between the different solutions. A shared virtual environment has an associated problem domain that is highly complex raising difficult challenges to the development process, starting with the architectural design of the underlying system. This paper has two main contributions. The first contribution is a broad domain analysis of shared virtual environments, which enables developers to have a better understanding of the whole rather than the part(s). The second contribution is a reference domain model for discussing and describing solutions - the Analysis Domain Model

End-to-end security in active networks

Active network solutions have been proposed to many of the problems caused by the increasing heterogeneity of the Internet. These ystems allow nodes within the network to process data passing through in several ways. Allowing code from various sources to run on routers introduces numerous security concerns that have been addressed by research into safe languages, restricted execution environments, and other related areas. But little attention has been paid to an even more critical question: the effect on end-to-end security of active flow manipulation. This thesis first examines the threat model implicit in active networks. It develops a framework of security protocols in use at various layers of the networking stack, and their utility to multimedia transport and flow processing, and asks if it is reasonable to give active routers access to the plaintext of these flows. After considering the various security problem introduced, such as vulnerability to attacks on intermediaries or coercion, it concludes not. We then ask if active network systems can be built that maintain end-to-end security without seriously degrading the functionality they provide. We describe the design and analysis of three such protocols: a distributed packet filtering system that can be used to adjust multimedia bandwidth requirements and defend against denial-of-service attacks; an efficient composition of link and transport-layer reliability mechanisms that increases the performance of TCP over lossy wireless links; and a distributed watermarking servicethat can efficiently deliver media flows marked with the identity of their recipients. In all three cases, similar functionality is provided to designs that do not maintain end-to-end security. Finally, we reconsider traditional end-to-end arguments in both networking and security, and show that they have continuing importance for Internet design. Our watermarking work adds the concept of splitting trust throughout a network to that model; we suggest further applications of this idea

Secure Routing in Wireless Mesh Networks

Wireless mesh networks (WMNs) have emerged as a promising concept to meet the challenges in next-generation networks such as providing flexible, adaptive, and reconfigurable architecture while offering cost-effective solutions to the service providers. Unlike traditional Wi-Fi networks, with each access point (AP) connected to the wired network, in WMNs only a subset of the APs are required to be connected to the wired network. The APs that are connected to the wired network are called the Internet gateways (IGWs), while the APs that do not have wired connections are called the mesh routers (MRs). The MRs are connected to the IGWs using multi-hop communication. The IGWs provide access to conventional clients and interconnect ad hoc, sensor, cellular, and other networks to the Internet. However, most of the existing routing protocols for WMNs are extensions of protocols originally designed for mobile ad hoc networks (MANETs) and thus they perform sub-optimally. Moreover, most routing protocols for WMNs are designed without security issues in mind, where the nodes are all assumed to be honest. In practical deployment scenarios, this assumption does not hold. This chapter provides a comprehensive overview of security issues in WMNs and then particularly focuses on secure routing in these networks. First, it identifies security vulnerabilities in the medium access control (MAC) and the network layers. Various possibilities of compromising data confidentiality, data integrity, replay attacks and offline cryptanalysis are also discussed. Then various types of attacks in the MAC and the network layers are discussed. After enumerating the various types of attacks on the MAC and the network layer, the chapter briefly discusses on some of the preventive mechanisms for these attacks.Comment: 44 pages, 17 figures, 5 table

The Scalability of Multicast Communication

Multicast is a communication method which operates on groups of applications. Having multiple instances of an application which are addressed collectively using a unique, multicast address, allows elegant solutions to some of the more intractable problems in distributed programming, such as providing fault tolerance. However, as multicast techniques are applied in areas such as distributed operating systems, where the operating system may span a large number of hosts, or on faster network architectures, where the problems of congestion reduce the effectiveness of the technique, then the scalability of multicast must be addressed if multicast is to gain a wider application. The main scalability issue was considered to be packet loss due to buffer overrun, the most common cause of this buffer overrun being the mismatch in packet arrival rate and packet consumption at the multicast originator, the so-called implosion problem. This issue affects positively acknowledged and transactional protocols. As these two techniques are the most common protocol designs, it was felt that an investigation into the problems of these types of protocol would be most effective. A model for implosion was developed which was simulated in order to investigate the parameters of implosion. A measure of this implosion was derived from the data, this index of implosion allowing the severity of implosion to be described as well as the location of the implosion in the model. This implosion index was derived by dividing the rate at which buffers were occupied by the rate at which packets were generated by the model. The value may then be used to predict the number of buffers required given the number of packets expected. A number of techniques were developed which may be used to offset implosion, either by artificially increasing the inter-packet gap, or by distributing replies so that no one host receives enough packets to cause an implosion. Of these alternatives, the latter offers the most promise, although requiring a large effort to maintain the resulting hierarchical structure in the presence of multiple failures