2,459 research outputs found
Efficient Micro-Mobility using Intra-domain Multicast-based Mechanisms (M&M)
One of the most important metrics in the design of IP mobility protocols is
the handover performance. The current Mobile IP (MIP) standard has been shown
to exhibit poor handover performance. Most other work attempts to modify MIP to
slightly improve its efficiency, while others propose complex techniques to
replace MIP. Rather than taking these approaches, we instead propose a new
architecture for providing efficient and smooth handover, while being able to
co-exist and inter-operate with other technologies. Specifically, we propose an
intra-domain multicast-based mobility architecture, where a visiting mobile is
assigned a multicast address to use while moving within a domain. Efficient
handover is achieved using standard multicast join/prune mechanisms. Two
approaches are proposed and contrasted. The first introduces the concept
proxy-based mobility, while the other uses algorithmic mapping to obtain the
multicast address of visiting mobiles. We show that the algorithmic mapping
approach has several advantages over the proxy approach, and provide mechanisms
to support it. Network simulation (using NS-2) is used to evaluate our scheme
and compare it to other routing-based micro-mobility schemes - CIP and HAWAII.
The proactive handover results show that both M&M and CIP shows low handoff
delay and packet reordering depth as compared to HAWAII. The reason for M&M's
comparable performance with CIP is that both use bi-cast in proactive handover.
The M&M, however, handles multiple border routers in a domain, where CIP fails.
We also provide a handover algorithm leveraging the proactive path setup
capability of M&M, which is expected to outperform CIP in case of reactive
handover.Comment: 12 pages, 11 figure
The Raincore Distributed Session Service for Networking Elements
Motivated by the explosive growth of the Internet, we study efficient and fault-tolerant distributed session layer
protocols for networking elements. These protocols are
designed to enable a network cluster to share the state
information necessary for balancing network traffic and
computation load among a group of networking elements.
In addition, in the presence of failures, they allow
network traffic to fail-over from failed networking
elements to healthy ones. To maximize the overall
network throughput of the networking cluster, we assume a unicast communication medium for these protocols. The Raincore Distributed Session Service is based on a fault-tolerant token protocol, and provides group membership, reliable multicast and mutual exclusion services in a networking environment. We show that this service provides atomic reliable multicast with consistent ordering. We also show that Raincore token protocol consumes less overhead than a broadcast-based protocol in this environment in terms of CPU task-switching. The Raincore technology was transferred to Rainfinity, a startup company that is focusing on software for Internet reliability and performance. Rainwall, Rainfinityâs first product, was developed using the Raincore Distributed Session Service. We present initial performance results of the Rainwall product that validates our design assumptions and goals
WAIT: Selective Loss Recovery for Multimedia Multicast.
Recently the Internet has been increasingly used for multi-party applications like video-conferencing, video-on-demand and shared white-boards. Multicast extensions to IP to support multi-party applications are best effort, often resulting in packet loss within the network. Since some multicast applications can not tolerate packet loss, most of the existing reliable multicast schemes recover each and every lost packet. However, multimedia applications can tolerate a certain amount of packet loss and are sensitive to long recovery delays. We propose a new loss recovery technique that selectively repairs lost packets based upon the amount of packet loss and delay expected for the repair. Our technique sends a special WAIT message down the multicast tree in the event a loss is detected in order to reduce the number of retransmission requests. We also propose an efficient sender initiated multicast trace-route mechanism for determining the multicast topology and a mechanism to deliver the topology information to the multicast session participants. We evaluate our proposed technique using an event driven network simulator, comparing it with two popular reliable multicast protocols, SRM and PGM. We conclude that our proposed WAIT protocol can reduce the overhead on a multicast session as well as improve the average end-to-end latency of the session
Network-supported layered multicast transport control for streaming media
Multicast is very efficient in distributing large volume of data to multiple receivers over the Internet. Layered multicast helps solve the heterogeneity problem in multicast delivery. Extensive work has been done in the area of layered multicast, for both congestion control and error control. In this paper, we focus on network-supported protocols for streaming media. Most of the existing work solves the congestion control and error control problems separately, and do not give an integrated, efficient solution. In this paper, after reviewing related work, we introduce our proposed protocols, RALM and RALF. The former is a congestion control protocol and the latter is an error control protocol. They work under the same framework and provide an integrated solution. We also extend RALM to RALM-II, which is compatible with TCP traffic. We analyze the complexity of the proposed protocols in the network and investigated their performance through simulations. We show that our solution achieves significant performance gains with reasonable additional complexity. © 2007 IEEE.published_or_final_versio
Security and Privacy Issues in Wireless Mesh Networks: A Survey
This book chapter identifies various security threats in wireless mesh
network (WMN). Keeping in mind the critical requirement of security and user
privacy in WMNs, this chapter provides a comprehensive overview of various
possible attacks on different layers of the communication protocol stack for
WMNs and their corresponding defense mechanisms. First, it identifies the
security vulnerabilities in the physical, link, network, transport, application
layers. Furthermore, various possible attacks on the key management protocols,
user authentication and access control protocols, and user privacy preservation
protocols are presented. After enumerating various possible attacks, the
chapter provides a detailed discussion on various existing security mechanisms
and protocols to defend against and wherever possible prevent the possible
attacks. Comparative analyses are also presented on the security schemes with
regards to the cryptographic schemes used, key management strategies deployed,
use of any trusted third party, computation and communication overhead involved
etc. The chapter then presents a brief discussion on various trust management
approaches for WMNs since trust and reputation-based schemes are increasingly
becoming popular for enforcing security in wireless networks. A number of open
problems in security and privacy issues for WMNs are subsequently discussed
before the chapter is finally concluded.Comment: 62 pages, 12 figures, 6 tables. This chapter is an extension of the
author's previous submission in arXiv submission: arXiv:1102.1226. There are
some text overlaps with the previous submissio
Analysis domain model for shared virtual environments
The field of shared virtual environments, which also
encompasses online games and social 3D environments, has a
system landscape consisting of multiple solutions that share great functional overlap. However, there is little system interoperability between the different solutions. A shared virtual environment has an associated problem domain that is highly complex raising difficult challenges to the development process, starting with the architectural design of the underlying system. This paper has two main contributions. The first contribution is a broad domain analysis of shared virtual environments, which enables developers to have a better understanding of the whole rather than the part(s). The second contribution is a reference domain model for discussing and describing solutions - the Analysis Domain Model
End-to-end security in active networks
Active network solutions have been proposed to many of the problems caused by the increasing heterogeneity of the Internet. These ystems allow nodes within the network to process data passing through in several ways. Allowing code from various sources to run on routers introduces numerous security concerns that have been addressed by research into safe languages, restricted execution environments, and other related areas. But little attention has been paid to an even more critical question: the effect on end-to-end security of active flow manipulation. This thesis first examines the threat model implicit in active networks. It develops a framework of security protocols in use at various layers of the networking stack, and their utility to multimedia transport and flow processing, and asks if it is reasonable to give active routers access to the plaintext of these flows. After considering the various security problem introduced, such as vulnerability to attacks on intermediaries or coercion, it concludes not. We then ask if active network systems can be built that maintain end-to-end security without seriously degrading the functionality they provide. We describe the design and analysis of three such protocols: a distributed packet filtering system that can be used to adjust multimedia bandwidth requirements and defend against denial-of-service attacks; an efficient composition of link and transport-layer reliability mechanisms that increases the performance of TCP over lossy wireless links; and a distributed watermarking servicethat can efficiently deliver media flows marked with the identity of their recipients. In all three cases, similar functionality is provided to designs that do not maintain end-to-end security. Finally, we reconsider traditional end-to-end arguments in both networking and security, and show that they have continuing importance for Internet design. Our watermarking work adds the concept of splitting trust throughout a network to that model; we suggest further applications of this idea
Secure Routing in Wireless Mesh Networks
Wireless mesh networks (WMNs) have emerged as a promising concept to meet the
challenges in next-generation networks such as providing flexible, adaptive,
and reconfigurable architecture while offering cost-effective solutions to the
service providers. Unlike traditional Wi-Fi networks, with each access point
(AP) connected to the wired network, in WMNs only a subset of the APs are
required to be connected to the wired network. The APs that are connected to
the wired network are called the Internet gateways (IGWs), while the APs that
do not have wired connections are called the mesh routers (MRs). The MRs are
connected to the IGWs using multi-hop communication. The IGWs provide access to
conventional clients and interconnect ad hoc, sensor, cellular, and other
networks to the Internet. However, most of the existing routing protocols for
WMNs are extensions of protocols originally designed for mobile ad hoc networks
(MANETs) and thus they perform sub-optimally. Moreover, most routing protocols
for WMNs are designed without security issues in mind, where the nodes are all
assumed to be honest. In practical deployment scenarios, this assumption does
not hold. This chapter provides a comprehensive overview of security issues in
WMNs and then particularly focuses on secure routing in these networks. First,
it identifies security vulnerabilities in the medium access control (MAC) and
the network layers. Various possibilities of compromising data confidentiality,
data integrity, replay attacks and offline cryptanalysis are also discussed.
Then various types of attacks in the MAC and the network layers are discussed.
After enumerating the various types of attacks on the MAC and the network
layer, the chapter briefly discusses on some of the preventive mechanisms for
these attacks.Comment: 44 pages, 17 figures, 5 table
The Scalability of Multicast Communication
Multicast is a communication method which operates on groups of applications. Having multiple instances of an application which are addressed collectively using a unique, multicast address, allows elegant solutions to some of the more intractable problems in distributed programming, such as providing fault tolerance. However, as multicast techniques are applied in areas such as distributed operating systems, where the operating system may span a large number of hosts, or on faster network architectures, where the problems of congestion reduce the effectiveness of the technique, then the scalability of multicast must be addressed if multicast is to gain a wider application. The main scalability issue was considered to be packet loss due to buffer overrun, the most common cause of this buffer overrun being the mismatch in packet arrival rate and packet consumption at the multicast originator, the so-called implosion problem. This issue affects positively acknowledged and transactional protocols. As these two techniques are the most common protocol designs, it was felt that an investigation into the problems of these types of protocol would be most effective. A model for implosion was developed which was simulated in order to investigate the parameters of implosion. A measure of this implosion was derived from the data, this index of implosion allowing the severity of implosion to be described as well as the location of the implosion in the model. This implosion index was derived by dividing the rate at which buffers were occupied by the rate at which packets were generated by the model. The value may then be used to predict the number of buffers required given the number of packets expected. A number of techniques were developed which may be used to offset implosion, either by artificially increasing the inter-packet gap, or by distributing replies so that no one host receives enough packets to cause an implosion. Of these alternatives, the latter offers the most promise, although requiring a large effort to maintain the resulting hierarchical structure in the presence of multiple failures
- âŠ