Distribution efficace des contenus dans les réseaux : partage de ressources sans fil, planification et sécurité

In recent years, the amount of traffic requests that Internet users generate on a daily basis has increased exponentially, mostly due to the worldwide success of video streaming services, such as Netflix and YouTube. While Content-Delivery Networks (CDNs) are the de-facto standard used nowadays to serve the ever increasing users’ demands, the scientific community has formulated proposals known under the name of Content-Centric Networks (CCN) to change the network protocol stack in order to turn the network into a content distribution infrastructure. In this context this Ph.D. thesis studies efficient techniques to foster content distribution taking into account three complementary problems:1) We consider the scenario of a wireless heterogeneous network, and we formulate a novel mechanism to motivate wireless access point owners to lease their unexploited bandwidth and cache storage, in exchange for an economic incentive.2) We study the centralized network planning problem and (I) we analyze the migration to CCN; (II) we compare the performance bounds for a CDN with those of a CCN, and (III) we take into account a virtualized CDN and study the stochastic planning problem for one such architecture.3) We investigate the security properties on access control and trackability and formulate ConfTrack-CCN: a CCN extension to enforce confidentiality, trackability and access policy evolution in the presence of distributed caches.Au cours de ces dernières années, la quantité de trafic que les utilisateurs Internet produisent sur une base quotidienne a augmenté de façon exponentielle, principalement en raison du succès des services de streaming vidéo, tels que Netflix et YouTube. Alors que les réseaux de diffusion de contenu (Content-Delivery Networks, CDN) sont la technique standard utilisée actuellement pour servir les demandes des utilisateurs, la communauté scientifique a formulé des propositions connues sous le nom de Content-Centric Networks (CCN) pour changer la pile de protocoles réseau afin de transformer Internet en une infrastructure de distribution de contenu. Dans ce contexte, cette thèse de doctorat étudie des techniques efficaces pour la distribution de contenu numérique en tenant compte de trois problèmes complémentaires : 1) Nous considérons le scénario d’un réseau hétérogène sans fil, et nous formulons un mécanisme pour motiver les propriétaires des points d’accès à partager leur capacité WiFi et stockage cache inutilisés, en échange d’une contribution économique.2) Nous étudions le problème centralisé de planification du réseau en présence de caches distribuées et (I) nous analysons la migration optimale du réseau à CCN; (II) nous comparons les bornes de performance d’un réseau CDN avec ceux d’un CCN, et (III) nous considérons un réseau CDN virtualisé et étudions le problème stochastique de planification d’une telle infrastructure.3) Nous considérons les implications de sécurité sur le contrôle d’accès et la traçabilité, et nous formulons ConfTrack-CCN, une extension deCCN utilisée pour garantir la confidentialité, traçabilité et l’évolution de la politique d’accès, en présence de caches distribuées

Multidisciplinary perspectives on Artificial Intelligence and the law

This open access book presents an interdisciplinary, multi-authored, edited collection of chapters on Artificial Intelligence (‘AI’) and the Law. AI technology has come to play a central role in the modern data economy. Through a combination of increased computing power, the growing availability of data and the advancement of algorithms, AI has now become an umbrella term for some of the most transformational technological breakthroughs of this age. The importance of AI stems from both the opportunities that it offers and the challenges that it entails. While AI applications hold the promise of economic growth and efficiency gains, they also create significant risks and uncertainty. The potential and perils of AI have thus come to dominate modern discussions of technology and ethics – and although AI was initially allowed to largely develop without guidelines or rules, few would deny that the law is set to play a fundamental role in shaping the future of AI. As the debate over AI is far from over, the need for rigorous analysis has never been greater. This book thus brings together contributors from different fields and backgrounds to explore how the law might provide answers to some of the most pressing questions raised by AI. An outcome of the Católica Research Centre for the Future of Law and its interdisciplinary working group on Law and Artificial Intelligence, it includes contributions by leading scholars in the fields of technology, ethics and the law.info:eu-repo/semantics/publishedVersio

Segurança e privacidade em terminologia de rede

Security and Privacy are now at the forefront of modern concerns, and drive a significant part of the debate on digital society. One particular aspect that holds significant bearing in these two topics is the naming of resources in the network, because it directly impacts how networks work, but also affects how security mechanisms are implemented and what are the privacy implications of metadata disclosure. This issue is further exacerbated by interoperability mechanisms that imply this information is increasingly available regardless of the intended scope. This work focuses on the implications of naming with regards to security and privacy in namespaces used in network protocols. In particular on the imple- mentation of solutions that provide additional security through naming policies or increase privacy. To achieve this, different techniques are used to either embed security information in existing namespaces or to minimise privacy ex- posure. The former allows bootstraping secure transport protocols on top of insecure discovery protocols, while the later introduces privacy policies as part of name assignment and resolution. The main vehicle for implementation of these solutions are general purpose protocols and services, however there is a strong parallel with ongoing re- search topics that leverage name resolution systems for interoperability such as the Internet of Things (IoT) and Information Centric Networks (ICN), where these approaches are also applicable.Segurança e Privacidade são dois topicos que marcam a agenda na discus- são sobre a sociedade digital. Um aspecto particularmente subtil nesta dis- cussão é a forma como atribuímos nomes a recursos na rede, uma escolha com consequências práticas no funcionamento dos diferentes protocols de rede, na forma como se implementam diferentes mecanismos de segurança e na privacidade das várias partes envolvidas. Este problema torna-se ainda mais significativo quando se considera que, para promover a interoperabili- dade entre diferentes redes, mecanismos autónomos tornam esta informação acessível em contextos que vão para lá do que era pretendido. Esta tese foca-se nas consequências de diferentes políticas de atribuição de nomes no contexto de diferentes protocols de rede, para efeitos de segurança e privacidade. Com base no estudo deste problema, são propostas soluções que, através de diferentes políticas de atribuição de nomes, permitem introdu- zir mecanismos de segurança adicionais ou mitigar problemas de privacidade em diferentes protocolos. Isto resulta na implementação de mecanismos de segurança sobre protocolos de descoberta inseguros, assim como na intro- dução de mecanismos de atribuiçao e resolução de nomes que se focam na protecçao da privacidade. O principal veículo para a implementação destas soluções é através de ser- viços e protocolos de rede de uso geral. No entanto, a aplicabilidade destas soluções extende-se também a outros tópicos de investigação que recorrem a mecanismos de resolução de nomes para implementar soluções de intero- perabilidade, nomedamente a Internet das Coisas (IoT) e redes centradas na informação (ICN).Programa Doutoral em Informátic

Droplet: Decentralized Authorization for IoT Data Streams

This paper presents Droplet, a decentralized data access control service, which operates without intermediate trust entities. Droplet enables data owners to securely and selectively share their encrypted data while guaranteeing data confidentiality against unauthorized parties. Droplet's contribution lies in coupling two key ideas: (i) a new cryptographically-enforced access control scheme for encrypted data streams that enables users to define fine-grained stream-specific access policies, and (ii) a decentralized authorization service that handles user-defined access policies. In this paper, we present Droplet's design, the reference implementation of Droplet, and experimental results of three case-study apps atop of Droplet: Fitbit activity tracker, Ava health tracker, and ECOviz smart meter dashboard

Security Mechanisms in Unattended Wireless Sensor Networks

Wireless Sensor Networks (WSNs) consisting of a large number of sensor nodes are being deployed in potentially hostile environments for applications such as forest fire detection, battlefield surveillance, habitat monitoring, traffic management, etc. One common assumption in traditional WSNs is that a trusted third party, i.e., a sink, is assumed to be always available to collect sensed data in a real time or near real time fashion. Although many WSNs operate in such an on-site mode, there are WSN applications that do not fit into the real time data collection mode. For example, data collection in Unattended WSNs (UWSNs) relies on the periodical appearance of a mobile sink. As most existing security solutions developed for traditional WSNs rely on the presence of a trusted third party, it makes them not applicable to UWSNs directly. This motivates the research on security mechanisms for UWSNs. This dissertation contributes to security mechanisms in UWSNs from three important aspects, as, confidentiality and reliability, trust management, and capture resistance. The first aspect addresses data confidentiality and data reliability in UWSNs. We propose a data distribution scheme to provide forward secrecy, probabilistic backward secrecy and data reliability. Moreover, we demonstrate that backward secrecy of the historical data can be achieved through homomorphic encryption and key evolution. Furthermore, we propose a constrained optimization algorithm to further improve the above two data distribution schemes. The second study introduces trust management in UWSNs. We propose a set of efficient and robust trust management schemes for the case of UWSNs. The Advanced Scheme utilizes distributed trust data storage to provide trust data reliability and takes the advantages of both Geographic Hash Table (GHT) and Greedy Perimeter Stateless Routing (GPSR) to find storage nodes and to route trust data to them. In this way, it significantly reduces storage cost caused by distributed trust data storage and provides resilience to node compromise and node invalidation. The third study investigates how to detect a captured node and to resist node capture attack in UWSNs. We propose a node capture resistance and key refreshing scheme for UWSNs based on the Chinese remainder theorem. The scheme is able to provide forward secrecy, backward secrecy and collusion resistance for diminishing the effects of capture attacks