De-ossifying the Internet Transport Layer : A Survey and Future Perspectives

ACKNOWLEDGMENT The authors would like to thank the anonymous reviewers for their useful suggestions and comments.Peer reviewedPublisher PD

Non-conventional digital signatures and their implementations – A review

The final publication is available at Springer via http://dx.doi.org/10.1007/978-3-319-19713-5_36The current technological scenario determines a profileration of trust domains, which are usually defined by validating the digital identity linked to each user. This validation entails critical assumptions about the way users’ privacy is handled, and this calls for new methods to construct and treat digital identities. Considering cryptography, identity management has been constructed and managed through conventional digital signatures. Nowadays, new types of digital signatures are required, and this transition should be guided by rigorous evaluation of the theoretical basis, but also by the selection of properly verified software means. This latter point is the core of this paper. We analyse the main non-conventional digital signatures that could endorse an adequate tradeoff betweeen security and privacy. This discussion is focused on practical software solutions that are already implemented and available online. The goal is to help security system designers to discern identity management functionalities through standard cryptographic software libraries.This work was supported by Comunidad de Madrid (Spain) under the project S2013/ICE-3095-CM (CIBERDINE) and the Spanish Government project TIN2010-19607

Preventing DDOS Attack by Dynamic Path Identifiers In Internet

The enterprise, employment, and assessment of D-PID, a basis that uses PIDs transferred between adjacent domains as inter-domain routing objects. In DPID, the PID of an inter-domain path linking two domains is reserved clandestine and changes animatedly. We label in part how neighboring domains negotiate PIDs, how to uphold constant communications when PIDs change. We shape a 42-node sample comprised by six domains to prove D-PID’s possibility and demeanor widespread admirations to gauge its efficacy and charge

On the Validity of Geosocial Mobility Traces

Mobile networking researchers have long searched for largescale, fine-grained traces of human movement, which have remained elusive for both privacy and logistical reasons. Recently, researchers have begun to focus on geosocial mobility traces, e.g. Foursquare checkin traces, because of their availability and scale. But are we conceding correctness in our zeal for data? In this paper, we take initial steps towards quantifying the value of geosocial datasets using a large ground truth dataset gathered from a user study. By comparing GPS traces against Foursquare checkins, we find that a large portion of visited locations is missing from checkins, and most checkin events are either forged or superfluous events. We characterize extraneous checkins, describe possible techniques for their detection, and show that both extraneous and missing checkins introduce significant errors into applications driven by these traces

A new Analysis of Preventing DDOS attack by dynamic path identifiers in internet

We have exhibited the structure, execution and assessment of D-PID, a system that powerfully changes way identifiers (PIDs) of between space ways so as to anticipate DDoS flooding attacks, when PIDs are utilized as between area directing articles. We have depicted the plan subtleties of D-PID and actualized it in a 42-node model to confirm its attainability and viability

Google QUIC performance over a public SATCOM access

Google QUIC accounts for almost 10 % of the Internet traffic and the protocol is not standardized at the IETF yet. We distinguish Google QUIC (GQUIC) and IETF QUIC (IQUIC) since there may be differences between the two. Both Google and IETF versions run over UDP and cannot be split the way satellite systems usually do with TCP connections. The need for adapting any-QUIC parameters needs to be evaluated. Since GQUIC is available, we analyze its behavior over a satellite communication system. In our evaluations, GQUIC quick connection establishment does not compensate an inappropriate congestion control. The resulting page downloading time doubles when using GQUIC as opposed to the performance with optimized split TCP connections. This paper concludes that specific tuning are required when any-QUIC runs over a high BDP network

Understanding Traffic Characteristics in a Server to Server Data Center Network

The number of Data Centers and the servers present in them has been on the rise over the last decade with the advent of cloud computing, social networking, Big data analytics etc. This has eventually led to the increase in the power consumption of the Data Center due to the power hungry interconnection fabric which consists of switches and routers. The scalability of the data center has also become a problem due to the interconnect cabling complexity which is also responsible for the increase in the energy used for cooling the data center as these bundles of wires reduce the air flow in the data center. The maintenance costs of the data center is high due to this reason. This brings the challenge of reducing the power consumption as well as improving the scalability of the data center. There is a lot of cost involved in the establishment of a network in a data center and this network is one of the main source of power consumption. Therefore, there is a need to accurately characterize the data center network before its construction which requires the simulation of the data center models. For the simulation of data center models, we require the traffic which is identical to that of an actual data center so that the results will be similar to a real time data center. Traditional data center networks have a wired communication fabric, which is not scalable and contributes largely to the power consumption. This has led to the investigation of other methods. There have been transceivers designed that can support the unlicensed 60 GHz spectrum, supporting high bandwidth similar to the wired network present in traditional data centers. These wireless links have spatial reusability and the data centers can make use of this communication medium to meet the high bandwidth demands and also reduce the use of cable thereby bringing down the cost and the power consumption. This thesis studies the previous traffic models used in the simulation of a data center network. Traffic collected from ten different data centers is then characterized and modelled based on various probability distributions. The implementation of the model tries to generate traffic similar to that of an actual data center. The Data Center Network is then simulated using the traffic generated and the performance of the wired data center is quantified in terms of metrics like throughput, latency and the power consumption of the data center networks

Software-Defined Networking: A Comprehensive Survey

peer reviewedThe Internet has led to the creation of a digital society, where (almost) everything is connected and is accessible from anywhere. However, despite their widespread adoption, traditional IP networks are complex and very hard to manage. It is both difficult to configure the network according to predefined policies, and to reconfigure it to respond to faults, load, and changes. To make matters even more difficult, current networks are also vertically integrated: the control and data planes are bundled together. Software-defined networking (SDN) is an emerging paradigm that promises to change this state of affairs, by breaking vertical integration, separating the network's control logic from the underlying routers and switches, promoting (logical) centralization of network control, and introducing the ability to program the network. The separation of concerns, introduced between the definition of network policies, their implementation in switching hardware, and the forwarding of traffic, is key to the desired flexibility: by breaking the network control problem into tractable pieces, SDN makes it easier to create and introduce new abstractions in networking, simplifying network management and facilitating network evolution. In this paper, we present a comprehensive survey on SDN. We start by introducing the motivation for SDN, explain its main concepts and how it differs from traditional networking, its roots, and the standardization activities regarding this novel paradigm. Next, we present the key building blocks of an SDN infrastructure using a bottom-up, layered approach. We provide an in-depth analysis of the hardware infrastructure, southbound and northbound application programming interfaces (APIs), network virtualization layers, network operating systems (SDN controllers), network programming languages, and network applications. We also look at cross-layer problems such as debugging and troubleshooting. In an effort to anticipate the future evolution of this - ew paradigm, we discuss the main ongoing research efforts and challenges of SDN. In particular, we address the design of switches and control platforms—with a focus on aspects such as resiliency, scalability, performance, security, and dependability—as well as new opportunities for carrier transport networks and cloud providers. Last but not least, we analyze the position of SDN as a key enabler of a software-defined environment

Towards Autonomous Defense of SDN Networks Using MuZero Based Intelligent Agents

The Software Defined Networking (SDN) paradigm enables the development of systems that centrally monitor and manage network traffic, providing support for the deployment of machine learning-based systems that automatically detect and mitigate network intrusions. This paper presents an intelligent system capable of deciding which countermeasures to take in order to mitigate an intrusion in a software defined network. The interaction between the intruder and the defender is posed as a Markov game and MuZero algorithm is used to train the model through self-play. Once trained, the model is integrated with an SDN controller, so that it is able to apply the countermeasures of the game in a real network. To measure the performance of the model, attackers and defenders with different training steps have been confronted and the scores obtained by each of them, the duration of the games and the ratio of games won have been collected. The results show that the defender is capable of deciding which measures minimize the impact of the intrusion, isolating the attacker and preventing it from compromising key machines in the network.This work was supported in part by the Spanish Centre for the Development of Industrial Technology (CDTI) through the Project EGIDA-RED DE EXCELENCIA EN TECNOLOGIAS DE SEGURIDAD Y PRIVACIDAD under Grant CER20191012, in part by the Spanish Ministry of Science and Innovation under Grant PID2019-104966GB-I00, in part by the Basque Business Development Agency (SPRI)-Basque Country Government ELKARTEK Program through the projects TRUSTIND under Grant KK-2020/00054 and 3KIA under Grant KK-2020/00049, and in part by the Basque Country Program of Grants for Research Groups under Grant IT-1244-19