Hidden geometric correlations in real multiplex networks

Real networks often form interacting parts of larger and more complex systems. Examples can be found in different domains, ranging from the Internet to structural and functional brain networks. Here, we show that these multiplex systems are not random combinations of single network layers. Instead, they are organized in specific ways dictated by hidden geometric correlations between the individual layers. We find that these correlations are strong in different real multiplexes, and form a key framework for answering many important questions. Specifically, we show that these geometric correlations facilitate: (i) the definition and detection of multidimensional communities, which are sets of nodes that are simultaneously similar in multiple layers; (ii) accurate trans-layer link prediction, where connections in one layer can be predicted by observing the hidden geometric space of another layer; and (iii) efficient targeted navigation in the multilayer system using only local knowledge, which outperforms navigation in the single layers only if the geometric correlations are sufficiently strong. Our findings uncover fundamental organizing principles behind real multiplexes and can have important applications in diverse domains.Comment: Supplementary Materials available at http://www.nature.com/nphys/journal/v12/n11/extref/nphys3812-s1.pd

The Impact of IPv6 on Penetration Testing

In this paper we discuss the impact the use of IPv6 has on remote penetration testing of servers and web applications. Several modifications to the penetration testing process are proposed to accommodate IPv6. Among these modifications are ways of performing fragmentation attacks, host discovery and brute-force protection. We also propose new checks for IPv6-specific vulnerabilities, such as bypassing firewalls using extension headers and reaching internal hosts through available transition mechanisms. The changes to the penetration testing process proposed in this paper can be used by security companies to make their penetration testing process applicable to IPv6 targets

Scarcity in IP addresses: IPv4 Address Transfer Markets and the Regional Internet Address Registries

We are running out of Internet addresses. This paper evaluates address transfer policies that Internet governance agencies are considering as a response to the depletion of the IPv4 address space. The paper focuses on proposals to allow organizations holding IPv4 addresses to sell address blocks to other organizations willing to buy them. This paper analyzes the economics of the proposed transfer policies, and conducts a systematic comparison of the policies proposed in the three main world Internet regions

Flow-Based Detection of IPv6-specific Network Layer Attacks

With a vastly different header format, IPv6 introduces new vulnerabilities not possible in IPv4, potentially requiring new detection algorithms. While many attacks specific to IPv6 have proven to be possible and are described in the literature, no detection solutions for these attacks have been proposed. In this study we identify and characterise IPv6-specific attacks that can be detected using flow monitoring. By constructing flow-based signatures, detection can be performed using available technologies such as NetFlow and IPFIX. To validate our approach, we implemented these signatures in a prototype, monitoring two production networks and injecting attacks into the production traffic

IPv6 Network Mobility

Network Authentication, Authorization, and Accounting has been used since before the days of the Internet as we know it today. Authentication asks the question, “Who or what are you?” Authorization asks, “What are you allowed to do?” And fi nally, accounting wants to know, “What did you do?” These fundamental security building blocks are being used in expanded ways today. The fi rst part of this two-part series focused on the overall concepts of AAA, the elements involved in AAA communications, and highlevel approaches to achieving specifi c AAA goals. It was published in IPJ Volume 10, No. 1[0]. This second part of the series discusses the protocols involved, specifi c applications of AAA, and considerations for the future of AAA

Mobility as a first class function

Seamless host mobility has been a desirable feature for a long time, but was not part of the original design of the Internet architecture or protocols. Current approaches to network-layer mobility typically require additional network-layer entities for mobility management, which add complexity to the current engineering landscape of the Internet. We present a host-based, end-to-end architecture for host mobility using the Identifier-Locator Network Protocol (ILNP). ILNP provides mobility support as a first class function, since mobility management is controlled and managed by the end-systems, and does not require additional network-layer entities. We demonstrate an instance of ILNP that is a superset of IPv6 – called ILNPv6 – that is implemented by extending the current IPv6 code in the Linux kernel. We make a direct comparison of performance of ILNPv6 and Mobile IPv6, showing the improved performance of ILNPv6.Postprin

Internet... the final frontier: an ethnographic account: exploring the cultural space of the Net from the inside

The research project The Internet as a space for interaction, which completed its mission in Autumn 1998, studied the constitutive features of network culture and network organisation. Special emphasis was given to the dynamic interplay of technical and social conventions regarding both the Net’s organisation as well as its change. The ethnographic perspective chosen studied the Internet from the inside. Research concentrated upon three fields of study: the hegemonial operating technology of net nodes (UNIX) the network’s basic transmission technology (the Internet Protocol IP) and a popular communication service (Usenet). The project’s final report includes the results of the three branches explored. Drawing upon the development in the three fields it is shown that changes that come about on the Net are neither anarchic nor arbitrary. Instead, the decentrally organised Internet is based upon technically and organisationally distributed forms of coordination within which individual preferences collectively attain the power of developing into definitive standards. --

IP without IP addresses

D. Phoomikiattisak was funded by the Thai Government. B. Simpson was funded by Cisco Systems under a University Research Programme (URP) grant award.We discuss a key engineering challenge in implementing the Identifier- Locator Network Protocol (ILNP), as described in IRTF Experimental RFCs 6740-6748: enabling legacy applications that use the C sockets API. We have built the first two OS kernel implementations of ILNPv6 (ILNP as a superset of IPv6), in both the Linux OS kernel and the FreeBSD OS kernel. Our evaluation is in comparison with IPv6, in the context of a topical and challenging scenario: host mobility implemented as a purely end-to-end function. Our experiments show that ILNPv6 has excellent potential for deployment using existing IPv6 infrastructure, whilst offering the new properties and functionality of ILNP.Postprin

Control plane handoff analysis for IP mobility

Seamless host mobility is vital to future network mobility, and has been an active research area for a long time. Much research focuses on the performance of the data plane. In this paper, we present comprehensive analyses on the control (signalling) plane in the IETF Mobile IPv6, and compare it with the IRTF Identifier-Locator Network Protocol (ILNP). The control plane behaviour is important in order to assess the robustness and scalability of the mobility protocol. ILNP has a different mobility model from Mobile IPv6: it isa host-based, end-to-end architecture and does not require additional network-layer entities. Hence, the control signals are exchanged only between the end systems. We provide model-based analyses for handoff signalling, and show that ILNP is more efficient than MIPv6 in terms of robustness and scalability. The analytical models we present could also be adapted for other mobility solutions, for comparative assessment.Postprin