41 research outputs found
A Multi-perspective Analysis of Carrier-Grade NAT Deployment
As ISPs face IPv4 address scarcity they increasingly turn to network address
translation (NAT) to accommodate the address needs of their customers.
Recently, ISPs have moved beyond employing NATs only directly at individual
customers and instead begun deploying Carrier-Grade NATs (CGNs) to apply
address translation to many independent and disparate endpoints spanning
physical locations, a phenomenon that so far has received little in the way of
empirical assessment. In this work we present a broad and systematic study of
the deployment and behavior of these middleboxes. We develop a methodology to
detect the existence of hosts behind CGNs by extracting non-routable IP
addresses from peer lists we obtain by crawling the BitTorrent DHT. We
complement this approach with improvements to our Netalyzr troubleshooting
service, enabling us to determine a range of indicators of CGN presence as well
as detailed insights into key properties of CGNs. Combining the two data
sources we illustrate the scope of CGN deployment on today's Internet, and
report on characteristics of commonly deployed CGNs and their effect on end
users
Censura en BitTorrent
BitTorrent es, hoy en dÃa, una de las redes P2P (Peer-to-Peer) de compartición de objetos más populares. Tiene millones de usuarios. BitTorrent proporciona un mecanismo eficiente para compartir objetos entre un gran número de clientes, incentivando a aquellos que descargan un objeto a compartirlo con el resto. Para obtener peers con los que intercambiar un objeto, las versiones más recientes de BitTorrent empiezan a incorporar el uso de un DHT (Distributed Hash Table). El DHT es un mecanismo para distribuir el almacenamiento de las listas de peers participantes en la distribución de un objeto entre todos los nodos participantes en la red P2P. BitTorrent tiene dos DHTs: Mainline DHT y Azureus DHT. Este proyecto se centra en el estudio de Mainline DHT. Concretamente, este proyecto se centra en el estudio de la generación, distribución y obtención de valores en Mainline DHT. En primer lugar, se presenta un análisis teórico de esta parte concreta del DHT y, posteriormente, se contrasta con el comportamiento real. Se identifican situaciones inesperadas y casos en los que el rendimiento del DHT se podrÃa mejorar. Además, de acuerdo con el análisis que se presenta, hay situaciones en las que el DHT es vulnerable, haciendo posible: censura mediante la denegación a nodos del acceso al intercambio de un objeto, encaminamiento de tráfico a modo de ataque DDoS (Distributed Denial of Service) y un problema de escala-bilidad. Se han comprobado estos problemas experimentalmente y se incluye una documentación de los mismos. El análisis ha ayudado a diseñar algunos experimentos que muestran la robustez del DHT contra la censura y, por otro lado, un serio problema de escalabilidad. Para llevar a cabo los experimentos, se ha desarrollado una colección de herramientas que sirve para monitorizar aspectos concretos del DHT. Estas herramientas son Open Source de modo que se puedan utilizar y ampliar para llevar a cabo más experimentos
Systematizing Decentralization and Privacy: Lessons from 15 Years of Research and Deployments
Decentralized systems are a subset of distributed systems where multiple
authorities control different components and no authority is fully trusted by
all. This implies that any component in a decentralized system is potentially
adversarial. We revise fifteen years of research on decentralization and
privacy, and provide an overview of key systems, as well as key insights for
designers of future systems. We show that decentralized designs can enhance
privacy, integrity, and availability but also require careful trade-offs in
terms of system complexity, properties provided, and degree of
decentralization. These trade-offs need to be understood and navigated by
designers. We argue that a combination of insights from cryptography,
distributed systems, and mechanism design, aligned with the development of
adequate incentives, are necessary to build scalable and successful
privacy-preserving decentralized systems
Evaluating Connection Resilience for the Overlay Network Kademlia
Kademlia is a decentralized overlay network, up to now mainly used for highly
scalable file sharing applications. Due to its distributed nature, it is free
from single points of failure. Communication can happen over redundant network
paths, which makes information distribution with Kademlia resilient against
failing nodes and attacks. This makes it applicable to more scenarios than
Internet file sharing. In this paper, we simulate Kademlia networks with
varying parameters and analyze the number of node-disjoint paths in the
network, and thereby the network connectivity. A high network connectivity is
required for communication and system-wide adaptation even when some nodes or
communication channels fail or get compromised by an attacker. With our
results, we show the influence of these parameters on the connectivity and,
therefore, the resilience against failing nodes and communication channels.Comment: 12 pages, 14 figures, accepted to ICDCS2017. arXiv admin note:
substantial text overlap with arXiv:1605.0800
Recommended from our members
Stealing bandwidth from BitTorrent seeders
BitTorrent continues to comprise the largest fraction of Internet traffic. While significant progress has been made in understanding the BitTorrent choking mechanism, its security vulnerabilities have not been investigated thoroughly. This paper presents an experimental analysis of bandwidth attacks against different choking algorithms in the BitTorrent seed state. We reveal a simple exploit that allows malicious peers to receive a considerably higher download rate than contributing leechers, therefore introducing significant efficiency degradations for benign peers. We show the damage caused by the proposed attack in two different environments: a lab testbed comprising 32 peers and a PlanetLab testbed with 300 peers. Our results show that 3 malicious peers can degrade the download rate up to 414.99% for all peers. Combined with a Sybil attack that consists of as many attackers as leechers, it is possible to degrade the download rate by more than 1000%. We propose a novel choking algorithm which is immune against bandwidth attacks and a countermeasure against the revealed attack
A Lightweight Approach for Improving the Lookup Performance in Kademlia-type Systems
Discovery of nodes and content in large-scale distributed systems is
generally based on Kademlia, today. Understanding Kademlia-type systems to
improve their performance is essential for maintaining a high service quality
for an increased number of participants, particularly when those systems are
adopted by latency-sensitive applications.
This paper contributes to the understanding of Kademlia by studying the
impact of \emph{diversifying} neighbours' identifiers within each routing table
bucket on the lookup performance. We propose a new, yet backward-compatible,
neighbour selection scheme that attempts to maximize the aforementioned
diversity. The scheme does not cause additional overhead except negligible
computations for comparing the diversity of identifiers. We present a
theoretical model for the actual impact of the new scheme on the lookup's hop
count and validate it against simulations of three exemplary Kademlia-type
systems. We also measure the performance gain enabled by a partial deployment
for the scheme in the real KAD system. The results confirm the superiority of
the systems that incorporate our scheme.Comment: 13 pages, 8 figures, conference version 'Diversity Entails
Improvement: A new Neighbour Selection Scheme for Kademlia-type Systems' at
IEEE P2P 201
An Extension and Cooperation Mechanism for Heterogeneous Overlay Networks
Part 1: Future Heterogeneous NetworkInternational audienceIn real-world peer-to-peer applications, the scalability of data lookup is heavily affected by network artifacts. A common solution to improve scalability, robustness and security is to increase the local properties of nodes, by clustering them together. This paper presents a framework which allows for the development of distributed applications on top of interconnected overlay network. Here, message routing between overlays is accomplished by using co-located nodes, i.e. nodes belonging to more than one overlay network at the same time. These co-located nodes serve as distributed gateways, enabling the routing of requests across overlays, while keeping overlay maintenance operations local. The protocol has been evaluated via simulations and client deployment, showing that the ability, of reaching the totality of the overlays in a federated configuration can be preserved even with the simplest routing, proving the feasibility of federated overlay configurations
Estudo do IPFS como protocolo de distribuição de conteúdos em redes veiculares
Over the last few years, vehicular ad-hoc networks (VANETs) have been the
focus of great progress due to the interest in autonomous vehicles and in
distributing content not only between vehicles, but also to the Cloud. Performing
a download/upload to/from a vehicle typically requires the existence
of a cellular connection, but the costs associated with mobile data transfers
in hundreds or thousands of vehicles quickly become prohibitive. A VANET
allows the costs to be several orders of magnitude lower - while keeping the
same large volumes of data - because it is strongly based in the communication
between vehicles (nodes of the network) and the infrastructure.
The InterPlanetary File System (IPFS) is a protocol for storing and distributing
content, where information is addressed by its content, instead of
its location. It was created in 2014 and it seeks to connect all computing
devices with the same system of files, comparable to a BitTorrent swarm
exchanging Git objects. It has been tested and deployed in wired networks,
but never in an environment where nodes have intermittent connectivity,
such as a VANET. This work focuses on understanding IPFS, how/if it can
be applied to the vehicular network context, and comparing it with other
content distribution protocols.
In this dissertation, IPFS has been tested in a small and controlled network
to understand its working applicability to VANETs. Issues such as neighbor
discoverability times and poor hashing performance have been addressed.
To compare IPFS with other protocols (such as Veniam’s proprietary solution
or BitTorrent) in a relevant way and in a large scale, an emulation platform
was created. The tests in this emulator were performed in different times of
the day, with a variable number of files and file sizes. Emulated results show
that IPFS is on par with Veniam’s custom V2V protocol built specifically for
V2V, and greatly outperforms BitTorrent regarding neighbor discoverability
and data transfers.
An analysis of IPFS’ performance in a real scenario was also conducted, using
a subset of STCP’s vehicular network in Oporto, with the support of
Veniam. Results from these tests show that IPFS can be used as a content
dissemination protocol, showing it is up to the challenge provided by a
constantly changing network topology, and achieving throughputs up to 2.8
MB/s, values similar or in some cases even better than Veniam’s proprietary
solution.Nos últimos anos, as redes veiculares (VANETs) têm sido o foco de grandes
avanços devido ao interesse em veÃculos autónomos e em distribuir conteúdos,
não só entre veÃculos mas também para a "nuvem" (Cloud). Tipicamente,
fazer um download/upload de/para um veÃculo exige a utilização
de uma ligação celular (SIM), mas os custos associados a fazer transferências
com dados móveis em centenas ou milhares de veÃculos rapidamente se
tornam proibitivos. Uma VANET permite que estes custos sejam consideravelmente
inferiores - mantendo o mesmo volume de dados - pois é fortemente
baseada na comunicação entre veÃculos (nós da rede) e a infraestrutura.
O InterPlanetary File System (IPFS - "sistema de ficheiros interplanetário")
é um protocolo de armazenamento e distribuição de conteúdos, onde a informação
é endereçada pelo conteúdo, em vez da sua localização. Foi criado
em 2014 e tem como objetivo ligar todos os dispositivos de computação num
só sistema de ficheiros, comparável a um swarm BitTorrent a trocar objetos
Git. Já foi testado e usado em redes com fios, mas nunca num ambiente
onde os nós têm conetividade intermitente, tal como numa VANET. Este
trabalho tem como foco perceber o IPFS, como/se pode ser aplicado ao
contexto de rede veicular e compará-lo a outros protocolos de distribuição
de conteúdos.
Numa primeira fase o IPFS foi testado numa pequena rede controlada, de
forma a perceber a sua aplicabilidade às VANETs, e resolver os seus primeiros
problemas como os tempos elevados de descoberta de vizinhos e o fraco desempenho
de hashing.
De modo a poder comparar o IPFS com outros protocolos (tais como a
solução proprietária da Veniam ou o BitTorrent) de forma relevante e em
grande escala, foi criada uma plataforma de emulação. Os testes neste emulador
foram efetuados usando registos de mobilidade e conetividade veicular
de alturas diferentes de um dia, com um número variável de ficheiros e
tamanhos de ficheiros. Os resultados destes testes mostram que o IPFS está
a par do protocolo V2V da Veniam (desenvolvido especificamente para V2V
e VANETs), e que o IPFS é significativamente melhor que o BitTorrent no
que toca ao tempo de descoberta de vizinhos e transferência de informação.
Uma análise do desempenho do IPFS em cenário real também foi efetuada,
usando um pequeno conjunto de nós da rede veicular da STCP no Porto,
com o apoio da Veniam. Os resultados destes testes demonstram que o
IPFS pode ser usado como protocolo de disseminação de conteúdos numa
VANET, mostrando-se adequado a uma topologia constantemente sob alteração,
e alcançando débitos até 2.8 MB/s, valores parecidos ou nalguns
casos superiores aos do protocolo proprietário da Veniam.Mestrado em Engenharia de Computadores e Telemátic
Towards a common architecture to interconnect heterogeneous overlay networks
ICPADS Workshop sessionInternational audienceThis paper presents a novel overlay architecture to allow the design and development of distributed applications based on multiple interconnected overlay networks. Message routing between overlays is achieved via co-located nodes, i.e. nodes that are part of multiple overlay networks at the same time. Co-located nodes, playing the role of distributed gateways, allow a message to reach a wider set of peers while overlay maintenance remains localized to individual overlays of smaller size. To increase robustness, gateway nodes route messages in an unstructured fashion, and can discover each other by analyzing the overlay traffic. The approach is able to work in both "collaborative" scenarios, where overlay protocol messages can be modified to include additional inter-routing information, or non-collaborative ones. This allows for the interaction with existing overlay protocols already deployed