MPTCP Robustness Against Large-Scale Man-in-the-Middle Attacks

International audienceMultipath communications at the Internet scale have been a myth for a long time, with no actual protocol being deployed at large scale. Recently, the Multipath Transmission Control Protocol (MPTCP) extension was standardized and is undergoing rapid adoption in many different use-cases, from mobile to fixed access networks, from data-centers to core networks. Among its major benefits-i.e., reliability thanks to backup path rerouting, through-put increase thanks to link aggregation, and confidentiality being more difficult to intercept a full connection-the latter has attracted lower attention. How effective would be to use MPTCP, or an equivalent multipath transport layer protocol, to exploit multiple Internet-scale paths and decrease the probability of Man-in-the-Middle (MITM) attacks is a question which we try to answer. By analyzing the Autonomous System (AS) level graph, we identify which countries and regions show a higher level of robustness against MITM AS-level attacks, for example due to core cable tapping or route hijacking practices.

Applications of ontology in the Internet of Things: a systematic analysis

Ontology has been increasingly implemented to facilitate the Internet of Things (IoT) activities, such as tracking and information discovery, storage, information exchange, and object addressing. However, a complete understanding of using ontology in the IoT mechanism remains lacking. The main goal of this research is to recognize the use of ontology in the IoT process and investigate the services of ontology in IoT activities. A systematic literature review (SLR) is conducted using predefined protocols to analyze the literature about the usage of ontologies in IoT. The following conclusions are obtained from the SLR. (1) Primary studies (i.e., selected 115 articles) have addressed the need to use ontologies in IoT for industries and the academe, especially to minimize interoperability and integration of IoT devices. (2) About 31.30% of extant literature discussed ontology development concerning the IoT interoperability issue, while IoT privacy and integration issues are partially discussed in the literature. (3) IoT styles of modeling ontologies are diverse, whereas 35.65% of total studies adopted the OWL style. (4) The 32 articles (i.e., 27.83% of the total studies) reused IoT ontologies to handle diverse IoT methodologies. (5) A total of 45 IoT ontologies are well acknowledged, but the IoT community has widely utilized none. An in-depth analysis of different IoT ontologies suggests that the existing ontologies are beneficial in designing new IoT ontology or achieving three main requirements of the IoT field: interoperability, integration, and privacy. This SLR is finalized by identifying numerous validity threats and future directions

Joint Optimization of Radio and Computational Resources for Multicell Mobile-Edge Computing

Migrating computational intensive tasks from mobile devices to more resourceful cloud servers is a promising technique to increase the computational capacity of mobile devices while saving their battery energy. In this paper, we consider a MIMO multicell system where multiple mobile users (MUs) ask for computation offloading to a common cloud server. We formulate the offloading problem as the joint optimization of the radio resources-the transmit precoding matrices of the MUs-and the computational resources-the CPU cycles/second assigned by the cloud to each MU-in order to minimize the overall users' energy consumption, while meeting latency constraints. The resulting optimization problem is nonconvex (in the objective function and constraints). Nevertheless, in the single-user case, we are able to express the global optimal solution in closed form. In the more challenging multiuser scenario, we propose an iterative algorithm, based on a novel successive convex approximation technique, converging to a local optimal solution of the original nonconvex problem. Then, we reformulate the algorithm in a distributed and parallel implementation across the radio access points, requiring only a limited coordination/signaling with the cloud. Numerical results show that the proposed schemes outperform disjoint optimization algorithms.Comment: Paper submitted to IEEE Trans. on Signal and Information Processing over Network

Integração do paradigma de cloud computing com a infraestrutura de rede do operador

Doutoramento em Engenharia InformáticaThe proliferation of Internet access allows that users have the possibility to use services available directly through the Internet, which translates in a change of the paradigm of using applications and in the way of communicating, popularizing in this way the so-called cloud computing paradigm. Cloud computing brings with it requirements at two different levels: at the cloud level, usually relying in centralized data centers, where information technology and network resources must be able to guarantee the demand of such services; and at the access level, i.e., depending on the service being consumed, different quality of service is required in the access network, which is a Network Operator (NO) domain. In summary, there is an obvious network dependency. However, the network has been playing a relatively minor role, mostly as a provider of (best-effort) connectivity within the cloud and in the access network. The work developed in this Thesis enables for the effective integration of cloud and NO domains, allowing the required network support for cloud. We propose a framework and a set of associated mechanisms for the integrated management and control of cloud computing and NO domains to provide endto- end services. Moreover, we elaborate a thorough study on the embedding of virtual resources in this integrated environment. The study focuses on maximizing the host of virtual resources on the physical infrastructure through optimal embedding strategies (considering the initial allocation of resources as well as adaptations through time), while at the same time minimizing the costs associated to energy consumption, in single and multiple domains. Furthermore, we explore how the NO can take advantage of the integrated environment to host traditional network functions. In this sense, we study how virtual network Service Functions (SFs) should be modelled and managed in a cloud environment and enhance the framework accordingly. A thorough evaluation of the proposed solutions was performed in the scope of this Thesis, assessing their benefits. We implemented proof of concepts to prove the added value, feasibility and easy deployment characteristics of the proposed framework. Furthermore, the embedding strategies evaluation has been performed through simulation and Integer Linear Programming (ILP) solving tools, and it showed that it is possible to reduce the physical infrastructure energy consumption without jeopardizing the virtual resources acceptance. This fact can be further increased by allowing virtual resource adaptation through time. However, one should have in mind the costs associated to adaptation processes. The costs can be minimized, but the virtual resource acceptance can be also reduced. This tradeoff has also been subject of the work in this Thesis.A proliferação do acesso à Internet permite aos utilizadores usar serviços disponibilizados diretamente através da Internet, o que se traduz numa mudança de paradigma na forma de usar aplicações e na forma de comunicar, popularizando desta forma o conceito denominado de cloud computing. Cloud computing traz consigo requisitos a dois níveis: ao nível da própria cloud, geralmente dependente de centros de dados centralizados, onde as tecnologias de informação e recursos de rede têm que ser capazes de garantir as exigências destes serviços; e ao nível do acesso, ou seja, dependendo do serviço que esteja a ser consumido, são necessários diferentes níveis de qualidade de serviço na rede de acesso, um domínio do operador de rede. Em síntese, existe uma clara dependência da cloud na rede. No entanto, o papel que a rede tem vindo a desempenhar neste âmbito é reduzido, sendo principalmente um fornecedor de conectividade (best-effort) tanto no dominio da cloud como no da rede de acesso. O trabalho desenvolvido nesta Tese permite uma integração efetiva dos domínios de cloud e operador de rede, dando assim à cloud o efetivo suporte da rede. Para tal, apresentamos uma plataforma e um conjunto de mecanismos associados para gestão e controlo integrado de domínios cloud computing e operador de rede por forma a fornecer serviços fim-a-fim. Além disso, elaboramos um estudo aprofundado sobre o mapeamento de recursos virtuais neste ambiente integrado. O estudo centra-se na maximização da incorporação de recursos virtuais na infraestrutura física por meio de estratégias de mapeamento ótimas (considerando a alocação inicial de recursos, bem como adaptações ao longo do tempo), enquanto que se minimizam os custos associados ao consumo de energia. Este estudo é feito para cenários de apenas um domínio e para cenários com múltiplos domínios. Além disso, exploramos como o operador de rede pode aproveitar o referido ambiente integrado para suportar funções de rede tradicionais. Neste sentido, estudamos como as funções de rede virtualizadas devem ser modeladas e geridas num ambiente cloud e estendemos a plataforma de acordo com este conceito. No âmbito desta Tese foi feita uma avaliação extensa das soluções propostas, avaliando os seus benefícios. Implementámos provas de conceito por forma a demonstrar as mais-valias, viabilidade e fácil implantação das soluções propostas. Além disso, a avaliação das estratégias de mapeamento foi realizada através de ferramentas de simulação e de programação linear inteira, mostrando que é possível reduzir o consumo de energia da infraestrutura física, sem comprometer a aceitação de recursos virtuais. Este aspeto pode ser melhorado através da adaptação de recursos virtuais ao longo do tempo. No entanto, deve-se ter em mente os custos associados aos processos de adaptação. Os custos podem ser minimizados, mas isso implica uma redução na aceitação de recursos virtuais. Esta compensação foi também um tema abordado nesta Tese

On distributed mobile edge computing

Mobile Cloud Computing (MCC) has been proposed to offload the workloads of mobile applications from mobile devices to the cloud in order to not only reduce energy consumption of mobile devices but also accelerate the execution of mobile applications. Owing to the long End-to-End (E2E) delay between mobile devices and the cloud, offloading the workloads of many interactive mobile applications to the cloud may not be suitable. That is, these mobile applications require a huge amount of computing resources to process their workloads as well as a low E2E delay between mobile devices and computing resources, which cannot be satisfied by the current MCC technology. In order to reduce the E2E delay, a novel cloudlet network architecture is proposed to bring the computing and storage resources from the remote cloud to the mobile edge. In the cloudlet network, each mobile user is associated with a specific Avatar (i.e., a dedicated Virtual Machine (VM) providing computing and storage resources to its mobile user) in the nearby cloudlet via its associated Base Station (BS). Thus, mobile users can offload their workloads to their Avatars with low E2E delay (i.e., one wireless hop). However, mobile users may roam among BSs in the mobile network, and so the E2E delay between mobile users and their Avatars may become worse if the Avatars remain in their original cloudlets. Thus, Avatar handoff is proposed to migrate an Avatar from one cloudlet into another to reduce the E2E delay between the Avatar and its mobile user. The LatEncy aware Avatar handDoff (LEAD) algorithm is designed to determine the location of each mobile user\u27s Avatar in each time slot in order to minimize the average E2E delay among all the mobile users and their Avatars. The performance of LEAD is demonstrated via extensive simulations. The cloudlet network architecture not only facilitates mobile users in offloading their computational tasks but also empowers Internet of Things (IoT). Popular IoT resources are proposed to be cached in nearby brokers, which are considered as application layer middleware nodes hosted by cloudlets in the cloudlet network, to reduce the energy consumption of servers. In addition, an Energy Aware and latency guaranteed dynamic reSourcE caching (EASE) strategy is proposed to enable each broker to cache suitable popular resources such that the energy consumption from the servers is minimized and the average delay of delivering the contents of the resources to the corresponding clients is guaranteed. The performance of EASE is demonstrated via extensive simulations. The future work comprises two parts. First, caching popular IoT resources in nearby brokers may incur unbalanced traffic loads among brokers, thus increasing the average delay of delivering the contents of the resources. Thus, how to balance the traffic loads among brokers to speed up IoT content delivery process requires further investigation. Second, drone assisted mobile access network architecture will be briefly investigated to accelerate communications between mobile users and their Avatars

Virtual Cluster Management for Analysis of Geographically Distributed and Immovable Data

Thesis (Ph.D.) - Indiana University, Informatics and Computing, 2015Scenarios exist in the era of Big Data where computational analysis needs to utilize widely distributed and remote compute clusters, especially when the data sources are sensitive or extremely large, and thus unable to move. A large dataset in Malaysia could be ecologically sensitive, for instance, and unable to be moved outside the country boundaries. Controlling an analysis experiment in this virtual cluster setting can be difficult on multiple levels: with setup and control, with managing behavior of the virtual cluster, and with interoperability issues across the compute clusters. Further, datasets can be distributed among clusters, or even across data centers, so that it becomes critical to utilize data locality information to optimize the performance of data-intensive jobs. Finally, datasets are increasingly sensitive and tied to certain administrative boundaries, though once the data has been processed, the aggregated or statistical result can be shared across the boundaries. This dissertation addresses management and control of a widely distributed virtual cluster having sensitive or otherwise immovable data sets through a controller. The Virtual Cluster Controller (VCC) gives control back to the researcher. It creates virtual clusters across multiple cloud platforms. In recognition of sensitive data, it can establish a single network overlay over widely distributed clusters. We define a novel class of data, notably immovable data that we call "pinned data", where the data is treated as a first-class citizen instead of being moved to where needed. We draw from our earlier work with a hierarchical data processing model, Hierarchical MapReduce (HMR), to process geographically distributed data, some of which are pinned data. The applications implemented in HMR use extended MapReduce model where computations are expressed as three functions: Map, Reduce, and GlobalReduce. Further, by facilitating information sharing among resources, applications, and data, the overall performance is improved. Experimental results show that the overhead of VCC is minimum. The HMR outperforms traditional MapReduce model while processing a particular class of applications. The evaluations also show that information sharing between resources and application through the VCC shortens the hierarchical data processing time, as well satisfying the constraints on the pinned data

A Survey of Machine Learning Techniques for Video Quality Prediction from Quality of Delivery Metrics

A growing number of video streaming networks are incorporating machine learning (ML) applications. The growth of video streaming services places enormous pressure on network and video content providers who need to proactively maintain high levels of video quality. ML has been applied to predict the quality of video streams. Quality of delivery (QoD) measurements, which capture the end-to-end performances of network services, have been leveraged in video quality prediction. The drive for end-to-end encryption, for privacy and digital rights management, has brought about a lack of visibility for operators who desire insights from video quality metrics. In response, numerous solutions have been proposed to tackle the challenge of video quality prediction from QoD-derived metrics. This survey provides a review of studies that focus on ML techniques for predicting the QoD metrics in video streaming services. In the context of video quality measurements, we focus on QoD metrics, which are not tied to a particular type of video streaming service. Unlike previous reviews in the area, this contribution considers papers published between 2016 and 2021. Approaches for predicting QoD for video are grouped under the following headings: (1) video quality prediction under QoD impairments, (2) prediction of video quality from encrypted video streaming traffic, (3) predicting the video quality in HAS applications, (4) predicting the video quality in SDN applications, (5) predicting the video quality in wireless settings, and (6) predicting the video quality in WebRTC applications. Throughout the survey, some research challenges and directions in this area are discussed, including (1) machine learning over deep learning; (2) adaptive deep learning for improved video delivery; (3) computational cost and interpretability; (4) self-healing networks and failure recovery. The survey findings reveal that traditional ML algorithms are the most widely adopted models for solving video quality prediction problems. This family of algorithms has a lot of potential because they are well understood, easy to deploy, and have lower computational requirements than deep learning techniques

SLA Violation Detection Model and SLA Assured Service Brokering (SLaB) in Multi-Cloud Architecture

Cloud brokering facilitates CSUs to find cloud services according to their requirements. In the current practice, CSUs or Cloud Service Brokers (CSBs) select cloud services according to SLA committed by CSPs in their website. In our observation, it is found that most of the CSPs do not fulfill the service commitment mentioned in the SLA agreement. Verified cloud service performances against their SLA commitment of CSPs provide an additional trust on CSBs to recommend services to the CSUs. In this thesis work, we propose a SLA assured service-brokering framework, which considers both committed and delivered SLA by CSPs in cloud service recommendation to the users. For the evaluation of the performance of CSPs, two evaluation techniques: Heat Map and IFL are proposed, which include both directly measurable and non-measurable parameters in the performance evaluation CSPs. These two techniques are implemented using real data measured from CSPs. The result shows that Heat Map technique is more transparent and consistent in CSP performance evaluation than IFL technique. In this work, regulatory compliance of the CSPs is also analyzed and visualized in performance heat map table to provide legal status of CSPs. Moreover, missing points in their terms of service and SLA document are analyzed and recommended to add in the contract document. In the revised European GPDR, DPIA is going to be mandatory for all organizations/tools. The decision recommendation tool developed using above mentioned evaluation techniques may cause potential harm to individuals in assessing data from multiple CSPs. So, DPIA is carried out to assess the potential harm/risks to individuals due to our tool and necessary precaution to be taken in the tool to minimize possible data privacy risks. It also analyzes the service pattern and future performance behavior of CSPs to help CSUs in decision making to select appropriate CSP