Prospects of peer-to-peer SIP for mobile operators

Tämän diplomityön tarkoituksena on esitellä kehitteillä oleva Peer-to-Peer Session Initiation Protocol (P2PSIP), jonka avulla käyttäjät voivat itsenäisesti ja helposti luoda keskenään puhe- ja muita multimediayhteyksiä vertaisverkko-tekniikan avulla. Lisäksi tarkoituksena on arvioida P2PSIP protokollan vaikutuksia ja mahdollisuuksia mobiilioperaattoreille, joille sitä voidaan pitää uhkana. Tästä huolimatta, P2PSIP:n ei ole kuitenkaan tarkoitus korvata nykyisiä puhelinverkkoja. Työn alussa esittelemme SIP:n ja vertaisverkkojen (Peer-to-Peer) periaatteet, joihin P2PSIP-protokollan on suunniteltu perustuvan. SIP mahdollistaa multimedia-istuntojen luomisen, sulkemisen ja muokkaamisen verkossa, mutta sen monipuolinen käyttö vaatii keskitettyjen palvelimien käyttöä. Vertaisverkon avulla käyttäjät voivat suorittaa keskitettyjen palvelimien tehtävät keskenään hajautetusti. Tällöin voidaan ylläpitää laajojakin verkkoja tehokkaasti ilman palvelimista aiheutuvia ylläpito-kustannuksia. Mobiilioperaattorit ovat haasteellisen tilanteen edessä, koska teleliikennemaailma on muuttumassa yhä avoimemmaksi. Tällöin operaattoreiden asiakkaille aukeaa mahdollisuuksia käyttää kilpailevia Internet-palveluja (kuten Skype) helpommin ja tulevaisuudessa myös itse muodostamaan kommunikointiverkkoja P2PSIP:n avulla. Tutkimukset osoittavat, että näistä uhista huolimatta myös operaattorit pystyvät näkemään P2PSIP:n mahdollisuutena mukautumisessa nopeasti muuttuvan teleliikennemaailman haasteisiin. Nämä mahdollisuudet sisältävät operaattorin oman verkon optimoinnin lisäksi vaihtoehtoisten ja monipuolisempien palveluiden tarjoamisen asiakkailleen edullisesti. Täytyy kuitenkin muistaa, että näiden mahdollisuuksien toteuttamisten vaikutusten ei tulisi olla ristiriidassa operaattorin muiden palveluiden kanssa. Lisäksi tulisi muistaa, että tällä hetkellä keskeneräisen P2PSIP-standardin lopullinen luonne ja ominaisuudet voivat muuttaa sen vaikutuksia.The purpose of this thesis is to present the Peer-to-Peer Session Initiation Protocol (P2PSIP) being developed. In addition, the purpose of this thesis is to evaluate the impacts and prospects of P2PSIP to mobile operators, to whom it can be regarded as a threat. In P2PSIP, users can independently and easily establish voice and other multimedia connections using peer-to-peer (P2P) networking. However, P2PSIP is not meant to replace the existing telephony networks of the operators. We start by introducing the principles of SIP and P2P networking that the P2PSIP is intended to use. SIP enables to establish, terminate and modify multimedia sessions, but its versatile exploitation requires using centralized servers. By using P2P networking, users can decentralize the functions of centralized servers by performing them among themselves. This enables to maintain large and robust networks without maintenance costs resulted of running such centralized servers. Telecommunications market is transforming to a more open environment, where mobile operators and other service providers are challenged to adapt to the upcoming changes. Subscribers have easier access to rivalling Internet-services (such as Skype) and in future they can form their own communication communities by using P2PSIP. The results show that despite of these threats, telecom operators can find potential from P2PSIP in concurrence in adaptation to the challenges of the rapidly changing telecom environment. These potential roles include optimization of the network of the operator, but as well roles to provide alternative and more versatile services to their subscribers at low cost. However, the usage of P2PSIP should not conflict with the other services of the operator. Also, as P2PSIP is still under development, its final nature and features may change its impacts and prospects

An interoperable and secure architecture for internet-scale decentralized personal communication

Interpersonal network communications, including Voice over IP (VoIP) and Instant Messaging (IM), are increasingly popular communications tools. However, systems to date have generally adopted a client-server model, requiring complex centralized infrastructure, or have not adhered to any VoIP or IM standard. Many deployment scenarios either require no central equipment, or due to unique properties of the deployment, are limited or rendered unattractive by central servers. to address these scenarios, we present a solution based on the Session Initiation Protocol (SIP) standard, utilizing a decentralized Peer-to-Peer (P2P) mechanism to distribute data. Our new approach, P2PSIP, enables users to communicate with minimal or no centralized servers, while providing secure, real-time, authenticated communications comparable in security and performance to centralized solutions.;We present two complete protocol descriptions and system designs. The first, the SOSIMPLE/dSIP protocol, is a P2P-over-SIP solution, utilizing SIP both for the transport of P2P messages and personal communications, yielding an interoperable, single-stack solution for P2P communications. The RELOAD protocol is a binary P2P protocol, designed for use in a SIP-using-P2P architecture where an existing SIP application is modified to use an additional, binary RELOAD stack to distribute user information without need for a central server.;To meet the unique security needs of a fully decentralized communications system, we propose an enrollment-time certificate authority model that provides asserted identity and strong P2P and user-level security. In this model, a centralized server is contacted only at enrollment time. No run-time connections to the servers are required.;Additionally, we show that traditional P2P message routing mechanisms are inappropriate for P2PSIP. The existing mechanisms are generally optimized for file sharing and neglect critical practical elements of the open Internet --- namely link-level security and asymmetric connectivity caused by Network Address Translators (NATs). In response to these shortcomings, we introduce a new message routing paradigm, Adaptive Routing (AR), and using both analytical models and simulation show that AR significantly improves message routing performance for P2PSIP systems.;Our work has led to the creation of a new research topic within the P2P and interpersonal communications communities, P2PSIP. Our seminal publications have provided the impetus for subsequent P2PSIP publications, for the listing of P2PSIP as a topic in conference calls for papers, and for the formation of a new working group in the Internet Engineering Task Force (IETF), directed to develop an open Internet standard for P2PSIP

Enabling technologies for decentralized interpersonal communication

In the recent years the Internet users have witnessed the emergence of Peer-to-Peer (P2P) technologies and applications. One class of P2P applications is comprised of applications that are targeted for interpersonal communication. The communication applications that utilize P2P technologies are referred to as decentralized interpersonal communication applications. Such applications are decentralized in a sense that they do not require assistance from centralized servers for setting up multimedia sessions between users. The invention of Distributed Hash Table (DHT) algorithms has been an important, but not an inclusive enabler for decentralized interpersonal communication. Even though the DHTs provide a basic foundation for decentralization, there are still a number of challenges without viable technological solutions. The main contribution of this thesis is to propose technological solutions to a subset of the existing challenges. In addition, this thesis also presents the preliminary work for the technological solutions. There are two parts in the preliminary work. In the first part, a set of DHT algorithms are evaluated from the viewpoint of decentralized interpersonal communication, and the second part gives a coherent presentation of the challenges that a decentralized interpersonal communication application is going to encounter in mobile networks. The technological solution proposals contain two architectures and two algorithms. The first architecture enables an interconnection between a decentralized and a centralized communication network, and the second architecture enables the decentralization of a set of legacy applications. The first algorithm is a load balancing algorithm that enables good scalability, and the second algorithm is a search algorithm that enables arbitrary searches. The algorithms can be used, for example, in DHT-based networks. Even though this thesis has focused on the decentralized interpersonal communication, some of the proposed technological solutions also have general applicability outside the scope of decentralized interpersonal communication

Security in peer-to-peer communication systems

P2PSIP (Peer-to-Peer Session Initiation Protocol) is a protocol developed by the IETF (Internet Engineering Task Force) for the establishment, completion and modi¿cation of communication sessions that emerges as a complement to SIP (Session Initiation Protocol) in environments where the original SIP protocol may fail for technical, ¿nancial, security, or social reasons. In order to do so, P2PSIP systems replace all the architecture of servers of the original SIP systems used for the registration and location of users, by a structured P2P network that distributes these functions among all the user agents that are part of the system. This new architecture, as with any emerging system, presents a completely new security problematic which analysis, subject of this thesis, is of crucial importance for its secure development and future standardization. Starting with a study of the state of the art in network security and continuing with more speci¿c systems such as SIP and P2P, we identify the most important security services within the architecture of a P2PSIP communication system: access control, bootstrap, routing, storage and communication. Once the security services have been identi¿ed, we conduct an analysis of the attacks that can a¿ect each of them, as well as a study of the existing countermeasures that can be used to prevent or mitigate these attacks. Based on the presented attacks and the weaknesses found in the existing measures to prevent them, we design speci¿c solutions to improve the security of P2PSIP communication systems. To this end, we focus on the service that stands as the cornerstone of P2PSIP communication systems¿ security: access control. Among the new designed solutions stand out: a certi¿cation model based on the segregation of the identity of users and nodes, a model for secure access control for on-the-¿y P2PSIP systems and an authorization framework for P2PSIP systems built on the recently published Internet Attribute Certi¿cate Pro¿le for Authorization. Finally, based on the existing measures and the new solutions designed, we de¿ne a set of security recommendations that should be considered for the design, implementation and maintenance of P2PSIP communication systems.Postprint (published version

Enabling technologies for decentralized interpersonal communication

In the recent years the Internet users have witnessed the emergence of Peer-to-Peer (P2P) technologies and applications. One class of P2P applications is comprised of applications that are targeted for interpersonal communication. The communication applications that utilize P2P technologies are referred to as decentralized interpersonal communication applications. Such applications are decentralized in a sense that they do not require assistance from centralized servers for setting up multimedia sessions between users. The invention of Distributed Hash Table (DHT) algorithms has been an important, but not an inclusive enabler for decentralized interpersonal communication. Even though the DHTs provide a basic foundation for decentralization, there are still a number of challenges without viable technological solutions. The main contribution of this thesis is to propose technological solutions to a subset of the existing challenges. In addition, this thesis also presents the preliminary work for the technological solutions. There are two parts in the preliminary work. In the first part, a set of DHT algorithms are evaluated from the viewpoint of decentralized interpersonal communication, and the second part gives a coherent presentation of the challenges that a decentralized interpersonal communication application is going to encounter in mobile networks. The technological solution proposals contain two architectures and two algorithms. The first architecture enables an interconnection between a decentralized and a centralized communication network, and the second architecture enables the decentralization of a set of legacy applications. The first algorithm is a load balancing algorithm that enables good scalability, and the second algorithm is a search algorithm that enables arbitrary searches. The algorithms can be used, for example, in DHT-based networks. Even though this thesis has focused on the decentralized interpersonal communication, some of the proposed technological solutions also have general applicability outside the scope of decentralized interpersonal communication

Integrating Wireless Sensor Networks and Mobile Ad-hoc NETworks for enhanced value-added services

In some situations where the standard telecommunication infrastructure is not available, Mobile Ad hoc NETworks (MANETs) can be deployed to provide the required communication. These networks are established "on the fly" without a need for prior communication organization and are composed of autonomous mobile devices, such as cell phones, PDAs or laptops. In similar conditions, such as in emergency response operations, integrating MANETs and Wireless Sensor Networks (WSNs) can notably enhance the MANET participant's end-user experience. WSNs sense and aggregate ambient information, such as physiological, environmental or physical data related to a nearby phenomenon. The integration, which provides end-user availability to WSN required information, is feasible via gateways. However, when the ambient information collected by WSNs is intended for applications residing in MANETs, centralized and fixed gateways are not practicably feasible. This is mainly due to ad-hoc nature, lack of centralized control and constraints on the end-user devices that are used in MANETs. These devices are usually limited in power and capacity and cannot host centralized gateways. In this thesis we exploit the integration of WSN and MANET in order to provide novel value-added services which enhance the end-user experience of MANET participants. Motivating scenarios are introduced, background information is presented, requirements are derived and the state of the art regarding the integration of WSN with existing networks, including MANETs, is evaluated. Based on the evaluation, none of the existing solutions satisfies all of our derived requirements. Therefore, we propose an overall two-level overlay architecture to integrate WSNs (with mobile sinks) and MANETs. This architecture is based on the distributed gateway and applications which form the P2P overlays. Overlays are application-layer networks which are created on top of the exiting MANET. To interconnect gateway and application overlays we derive corresponding requirements and evaluate the existing approaches. Since none of these approaches fulfills all of our requirements, we propose protocols, mechanisms and design corresponding modules for the interconnection of overlays. Finally we refine our overall architecture based on the interconnection aspects. As a proof of concept, we implement a prototype for the inter-overlay information exchange. This implementation is based on SIP extensions and uses two existing P2P middlewares. We also simulate our prototype using Oversim simulation tool and collect experimental results. Based on these results, we can see that our architecture is a valid and promising approach for interconnecting different P2P overlays and can be deployed to provide the overall solution for WSN and MANET integrated system

Implementación y pruebas de REsource LOcation And Discovery (RELOAD) Parser and Encoder

El ampliamente utilizado paradigma cliente/servidor está siendo complementado e incluso reemplazado por otros planteamientos de tipo Peer-to-Peer (P2P). Las redes P2P ofrecen un sistema descentralizado de distribución de la información, son más estables, y representan una solución al problema de la escalabilidad. Al mismo tiempo, el Session Initiation Protocol (SIP), un protocolo de señalización diseñado inicialmente para arquitecturas de tipo ciente/servidor, ha sido ampliamente adoptado para servicios de comunicación tipo Voice-over-IP (VoIP). El actual proceso de estandarización llevado a cabo por el Peer-to-Peer Session Initiation Protocol (P2PSIP) Working Group del IETF se está acercando al desarrollo de aplicaciones que puedan utilizar tecnologías P2P junto con SIP. RELOAD es un protocolo P2P de señalización, que está todavía en desarrollo. RELOAD trabaja en entornos en los que existen Network Address Translators (NATs) o firewalls. RELOAD soporta diferentes aplicaciones y proporciona un marco de seguridad, también permite el uso de diversos algoritmos para las Distributed Hash Tables (DHTs) mediante los llamados "topology plugins". Esta tesis tiene como objetivos la implementación de un codificador y decodificador para mensajes de RELOAD, y el análisis de su rendimiento. Para este último punto se implementará un programa de prueba ejecutable en un teléfono móvil y en un servidor para la simulación de una red RELOAD. ________________________________________The widely used classic client/server paradigm is being complemented and sometimes replaced by current Peer-to-Peer (P2P) approaches. P2P networks offer decentralized distribution of information, are more stable, and represent a solution to the problem of scalability. At the same time the Session Initiation Protocol (SIP), a signalling protocol initially designed for client/server architectures, has been widely adopted for Voice-over-IP (VoIP) communication. The current standardization process of the Peer-to-Peer Session Initiation Protocol (P2PSIP) working group of the IETF is moving towards the development of applications that can use both P2P and Session Initiation Protocol (SIP) technologies in conjuntion. RELOAD is a P2P signalling protocol, which is still under development. RELOAD works in environments where there are Network Address Translators (NATs) or firewalls. RELOAD can support various applications and provides a security frameworks. RELOAD also allows the use of various Distributed Hash Table (DHT) algorithms in the form of topology plugins. This thesis aims at implementing a parser and encoder for RELOAD messages, and analyzing its performance by implementing a test program that will run on a mobile phone and on a server simulating a RELOAD overlay network.Ingeniería Técnica en Informática de Gestió

Scenarios and system dynamics of mobile peer-to-peer content distribution

Vertaisverkkoteknologian menestys kiinteissä verkoissa on johtanut vertaisverkkototeutuksiin myös mobiileissa verkoissa. Mobiilin vertaisverkkoteknologian tulevaisuuden suhteen on tosin vielä paljon epävarmuutta, koska operaattorit ja muut sidosryhmän jäsenet, jotka kärsivät laittoman tiedostonvaihdon seurauksista kiinteän verkon puolella, pelkäävät saman tapahtuvan myös mobiileissa verkoissa. Täten he saattavat yrittää estää mobiilin vertaisverkkoteknologian kehittymistä. On myös epävarmaa onko mobiilille vertaisverkkoteknologialle tarvetta loppukäyttäjän näkökulmasta, eritoten kun mobiililaitteiden suorituskyvyt ovat huomattavasti alhaisempia kuin kiinteiden. Tämä diplomityö keskittyy mobiilin vertaisverkon sisällönjakeluun. Sisällönjakelu on jaettu tiedostonvaihtoon, sisällön suoratoistoon ja kaupallisiin sisältöjärjestelmiin. Työ antaa näkemystä mobiilin vertaisverkon sisällönjakelun olennaisimpiin skenaarioihin, sidosryhmän jäseniin ja heidän kannustimiin. Mobiilin vertaisverkon sisällönjakelun epävarmuutta rajataan käyttämällä skenaarioanalyysiä ja mallinnetaan systeemidynamiikalla. Olennaisimmat skenaariot rakennetaan Schoemakerin metodilla ja niiden mallinnusta yritetään systeemidynamiikan keinoin. Tuloksena saadaan neljä eri skenaariota, jotka on kehitetty brainstorming -tilaisuuksissa ja kirjallisuuskatsauksessa löydettyjen avaintrendien ja -epävarmuustekijöiden perusteella. Skenaarioiden kvantitatiivisen mallinnuksen sijaan mallinnetaan skenaarioihin perustuvan mobiilin vertaisverkon sisällönjakelujärjestelmän dynaamista käyttäytymistä. Vaikka joitakin mobiilia vertaisverkkoteknologiaa hyödyntäviä sovelluksia on jo kehitetty ja käytössä, sekä aihetta tutkittu laajasti, vieläkin on epävarmaa mikä teknologian vaikutus tulee olemaan. Tämä diplomityö esittää mahdollisia vaikutuksia teknologialle ja antaa lähtökohdan tulevalle mobiilien vertaisverkon sisällönjakelujärjestelmien kvantitatiiviselle mallinnukselle. Systeemidynamiikka on toteuttamiskelpoinen vaihtoehto tavallisemmille mallinnustekniikoille, kuten taulukkolaskentamallinnukselle, jonka etuna on järjestelmän takaisinkytkentäsilmukkojen mallintaminen. Kun mobiili vertaisverkkoteknologia kehittyy, enemmän dataa tulee saataville ja vaihtoehtoisten systeemidynamiikkamallien rakentaminen on suositeltavaa.The success of peer-to-peer technology in the fixed networks has led to peer-to-peer implementations in the mobile networks as well. There is, however, a lot of uncertainty regarding the future of mobile peer-to-peer technology as the operators and other stakeholders that were affected negatively by illegal peer-to-peer file sharing in the fixed networks are afraid that it might happen in the mobile domain as well. Thus they might try to prevent mobile peer-to-peer technology from emerging. There is also the question whether there really is a need for peer-to-peer technology in the mobile domain from the end users' perspective, especially as the mobile device capabilities are considerably lower compared to the fixed ones. This thesis concentrates on mobile peer-to-peer content distribution. Content distribution is divided to file exchange, content streaming and commercial content systems. The thesis provides insight to the most relevant scenarios, stakeholders and their incentives related to mobile peer-to-peer content distribution. The uncertainty regarding mobile peer-to-peer content distribution will be bounded using scenario analysis and modeled using system dynamics. The most relevant scenarios regarding mobile peer-to-peer content distribution are constructed using Schoemaker's method and modeling of these scenarios is attempted with system dynamics. As a result four different scenarios are developed based on the key trends and uncertainties discovered during the literature review and brainstorming sessions. Instead of modeling the scenarios quantitatively, the dynamic behavior of a mobile peer-to-peer content distribution system based on the scenarios is modeled with system dynamics. Although there are some mobile peer-to-peer content distribution applications already developed and used, and the topic is considerably researched, it is still uncertain what the outcome of the technology will be. This thesis presents possible outcomes for the technology and provides a starting point for further quantitative modeling of mobile peer-to-peer content distribution systems. System dynamics provides a viable alternative to more common modeling techniques such as spreadsheet modeling, with a distinctive benefit of modeling the feedback loops in a system when used proficiently. As the mobile peer-to-peer technology evolves, more data becomes available and the construction of alternative system dynamics models is encouraged

Descubrimiento dinámico de servidores basado en información de localización usando una tabla de Hash distribuida balanceada

The current Internet includes a large number of distributed services. In order to guarantee the QoS of the communications in these services, a client has to select a close-by server with enough available resources. To achieve this objective, in this Thesis, we propose a simple and practical solution for Dynamic and Location Aware Server Discovery based on a Distributed Hash Table (DHT). Specifically, we decide to use a Chord DHT system (although any other DHT scheme can be used). In more detail, the solution works as follows. The servers offering a given service S form a Chord-like DHT. In addition, they register their location (topological and/or geographical) information in the DHT. Each client using the service S is connected to at least one server from the DHT. Eventually, a given client C realizes that it is connected to a server providing a bad QoS, then, it queries the DHT in order to find an appropriate server (i.e. a close-by server with enough available resources). We define 11 design criteria, and compare our solution to the Related Work based on them. We show that our solution is the most complete one. Furthermore, we validate the performance of our solution in two different scenarios: (i) NAT Traversal Server Discovery and (ii) Home Agent Discovery in Mobile IP scenarios. The former serves to validate our solution in a highly dynamic environment whereas the latter demonstrates the appropriateness of our solution in more classical environments where the servers are typically always-on hosts. The extra overhead suffered from the servers involved in our system comes from their participation in the Chord DHT. Therefore, it is critical to fairly balance the load among all the servers. In our system as well as in other P2P systems (e.g. P2PSIP) the stored objects are small, then routing dominates the cost of publishing and retrieving objects. Therefore, in the second part of this Thesis, we address the issue of fairly balancing the routing load in Chord DHTs. We present an analytical model to evaluate the routing fairness of Chord based on the well accepted Jain’s Fairness Index (FI). Our model shows that Chord performs poorly. Following this observation, we propose a simple enhancement to the Chord finger selection algorithm with the goal of mitigating this effect. The key advantage of our proposal as compared to previous approaches is that it adds a neglible overhead to the basic Chord algorithm. We validate the goodness of the proposed solution analytically and by large scale simulations.-------------------------------------------------------------------------------------------------------------------------------------------------------------En los últimos años un gran número de servicios distribuídos han aparecido en Internet. Para garantizar la Calidad de Servicio de las comunicaciones en estos servicios sus clientes deben conectarse a un servidor cercano con suficientes recursos disponibles. Para alcanzar este objetivo, en esta Tesis, se propone una solución simple y práctica para el Descubrimiento Dinámico de Servidores basado en Información de Localizació usando una Tabla de Hash Distribuída (DHT). En concreto, hemos decidido usar una DHT de tipo Chord (aunque cualquier otro tipo de DHT puede usarse). A continuación describimos brevemente nuestra solución. Los servidores que ofrecen un servicio específico S forman una DHT tipo Chord donde registran su información de localización (topológica y/o geográfica). Cada cliente que usa el servicio S está conectado al menos a un servidor de la DHT. En caso de que un cliente C perciba que el servidor al que está conectado está ofreciendo una mala Calidad de Servicio, C consulta la DHT para encontrar un servidor más apropiado (p.ej. un servidor cercano con suficientes recursos disponibles). En la Tesis se definen 11 criterios de diseño y se compara nuestra solución con las soluciones existentes en base a ellos, demostrando que la nuestra es la solución más completa. Además, validamos el rendimiento de nuestra solución en dos escenarios diferentes: (i) Descubrimiento de Servidores para atravesar Traductores de Direcciones de Red (NATs) y (ii) Descubrimiento de Agentes Hogar (HAs) en escenarios de Movilidad IP. El primero sirve para validar el rendimiento de nuestra solución en escenarios altamente dinámicos mientras que el segundo demuestra la validez de la solución en un escenario más clásico donde los servidores son máquinas que están ininterrumpidamente funcionando. Los servidores involucrados en nuestro sistema sufren una sobrecarga debido a su participación en la DHT tipo Chord. Desafortunadamente, esta sobrecarga es inherente al sistema anteriormente descrito y no se puede eliminar. En cambio lo que sí podemos hacer es balancear la carga de la manera más justa posible entre todos los servidores. En nuestro sistema, al igual que en otros sistemas P2P (p.ej. P2PSIP) los objetos almacenados tienen un tamaño pequeño, produciendo que sea la tarea de enrutamiento la que domina el coste de publicar y obtener objetos. Por lo tanto, en la segunda parte de esta Tesis abordamos el reparto equilibrado de la carga de enrutamiento en DHTs tipo Chord. En primer lugar, definimos un modelo analítico para evaluar el reparto de la carga de enrutamiento entre los nodos que forman una DHT tipo Chord. Para ello nos basamos en una métrica aceptada por la comunidad investigadora como es el Jain’s Fairness Index (FI). El modelo resultante demuestra que Chord tiene un rendimiento pobre en el reparto justo de la carga de enrutamiento. Basándonos en esta observación proponemos una modificación simple al algoritmo de selección de punteros de Chord para mejorar el reparto de la carga de enrutamiento. La ventaja fundamental de nuestra solución en comparación con otras propuestas anteriores es que nuestra solución añade un coste despreciable al algoritmo básico de Chord. Finalmente, validamos el rendimiento de nuestra solución analíticamente y por medio de simulaciones a gran escala

Security for Decentralised Service Location - Exemplified with Real-Time Communication Session Establishment

Decentralised Service Location, i.e. finding an application communication endpoint based on a Distributed Hash Table (DHT), is a fairly new concept. The precise security implications of this approach have not been studied in detail. More importantly, a detailed analysis regarding the applicability of existing security solutions to this concept has not been conducted. In many cases existing client-server approaches to security may not be feasible. In addition, to understand the necessity for such an analysis, it is key to acknowledge that Decentralised Service Location has some unique security requirements compared to other P2P applications such as filesharing or live streaming. This thesis concerns the security challenges for Decentralised Service Location. The goals of our work are on the one hand to precisely understand the security requirements and research challenges for Decentralised Service Location, and on the other hand to develop and evaluate corresponding security mechanisms. The thesis is organised as follows. First, fundamentals are explained and the scope of the thesis is defined. Decentralised Service Location is defined and P2PSIP is explained technically as a prototypical example. Then, a security analysis for P2PSIP is presented. Based on this security analysis, security requirements for Decentralised Service Location and the corresponding research challenges -- i.e. security concerns not suitably mitigated by existing solutions -- are derived. Second, several decentralised solutions are presented and evaluated to tackle the security challenges for Decentralised Service Location. We present decentralised algorithms to enable availability of the DHTs lookup service in the presence of adversary nodes. These algorithms are evaluated via simulation and compared to analytical bounds. Further, a cryptographic approach based on self-certifying identities is illustrated and discussed. This approach enables decentralised integrity protection of location-bindings. Finally, a decentralised approach to assess unknown identities is introduced. The approach is based on a Web-of-Trust model. It is evaluated via prototypical implementation. Finally, the thesis closes with a summary of the main contributions and a discussion of open issues