Secure service proxy : a CoAP(s) intermediary for a securer and smarter web of things

As the IoT continues to grow over the coming years, resource-constrained devices and networks will see an increase in traffic as everything is connected in an open Web of Things. The performance- and function-enhancing features are difficult to provide in resource-constrained environments, but will gain importance if the WoT is to be scaled up successfully. For example, scalable open standards-based authentication and authorization will be important to manage access to the limited resources of constrained devices and networks. Additionally, features such as caching and virtualization may help further reduce the load on these constrained systems. This work presents the Secure Service Proxy (SSP): a constrained-network edge proxy with the goal of improving the performance and functionality of constrained RESTful environments. Our evaluations show that the proposed design reaches its goal by reducing the load on constrained devices while implementing a wide range of features as different adapters. Specifically, the results show that the SSP leads to significant savings in processing, network traffic, network delay and packet loss rates for constrained devices. As a result, the SSP helps to guarantee the proper operation of constrained networks as these networks form an ever-expanding Web of Things

Traffic analysis of Internet user behavior and content demand patterns

El estudio del trafico de internet es relevante para poder mejorar la calidad de servicio de los usuarios. Ser capaz de conocer cuales son los servicios más populares y las horas con más usuarios activos permite identificar la cantidad de tráfico producido y, por lo tanto, diseñar una red capaz de soportar la actividad esperada. La implementación de una red considerando este conocimiento puede reducir el tiempo de espera considerablemente, mejorando la experiencia de los usuarios en la web. Ya existen análisis del trafico de los usuarios y de sus patrones de demanda. Pero, los datos utilizados en estos estudios no han sido renovados, por lo tanto los resultados obtenidos pueden estar obsoletos y se han podido producir cambios importantes. En esta tesis, se estudia la cantidad de trafico entrante y saliente producido por diferentes aplicaciones y se ha hecho una evolución teniendo en cuenta datos presentes y pasados. Esto nos permitirá entender los cambios producidos desde 2007 hasta 2015 y observar las tendencias actuales. Además, se han analizado los patrones de demanda de usuarios del inicio de 2016 y se han comparado con resultados previos. La evolución del tráfico demuestra cambios en las preferencias de los usuarios, a pesar de que los patrones de demanda siguen siendo los mismos que en años anteriores. Los resultados obtenidos en esta tesis confirman las predicciones sobre un aumento del tráfico de 'Streaming Media'; se ha comprobado que el tráfico de 'Streaming Media' es el tráfico total dominante, con Netflix como el mayor contribuidor.L'estudi del trànsit d'Internet és rellevant per a poder millor la qualitat de servei dels usuaris. Ser capaç de conèixer quins són els serveis més popular i les hores amb més usuaris actius permet identificar la quantitat de trànsit produït i, per tant, dissenyar una xarxa capaç de soportar la activitat esperada. L'implementació d'una xarxa considerant aquest coneixement pot reduir el temps d'espera considerablement, millorant l'experiència dels usuaris a la web. Ja existeixen anàlisis del transit dels usuaris i els seus patrons de demanda. Però, les dades utilitzades en aquests estudis no han sigut renovades, per tant els resultats obtinguts poden estar obsolets i s'han produït canvis importants. En aquesta tesis, s'estudia la quantitat de transit entrant i sortint produit per diferents aplicacions i s'ha fet una evolució, tenint en compte dades presents i passades. Això ens permetrà entendre els canvis produïts des de 2007 fins 2015 i observar les tendències actuals. A més, s'han analitzat els patrons de demanda de usuaris de principis de 2016 i s'han comparat amb resultats previs. L'evolució del trànsit mostra canvis en las preferències dels usuaris, en canvi els patrons de demanda continuen sent els mateixos que en anys posteriors. Els resultats obtinguts en aquesta tesis confirmen les prediccions sobre un augment del trànsit de 'Streaming Media'; s'ha comprovat que el trànsit de 'Streaming Media' es el trànsit total dominant, amb Netflix com el major contribuïdor.The study of Internet traffic is relevant in order to improve the quality of service of users. Being able to know which are the most popular services and the hours with most active users can let us identify the amount of inbound and outbound traffic produced, and hence design a network able to support the activity expected. The implementation of a network considering that knowledge can reduce the waiting time of users considerably, improving the users’ experience in the web. Analysis of users’ traffic and user demand patterns already exist. However, the data used in these studies is not renewed, thus the results found can be obsolete and considerable changes would have happened. In this bachelor’s thesis, it is studied the amount of inbound and outbound traffic produced considering different applications and the evolution when regarding previous and actual data has been taken into account. This would let us understand the changes produced from 2007 to 2015 and observe the tendencies nowadays. In addition, it has been analyzed the user demand patterns in the beginning of 2016 and it has been contrasted with previous results. The evolution of traffic has shown changes in users’ preferences, although their demand patterns are still the same as previous years. The results found in this thesis confirmed the expectations about an increase of streaming media Internet traffic; it was proved that streaming media traffic is the dominant total traffic, with Netflix as the major contributor

Data Structures and Algorithms for Scalable NDN Forwarding

Named Data Networking (NDN) is a recently proposed general-purpose network architecture that aims to address the limitations of the Internet Protocol (IP), while maintaining its strengths. NDN takes an information-centric approach, focusing on named data rather than computer addresses. In NDN, the content is identified by its name, and each NDN packet has a name that specifies the content it is fetching or delivering. Since there are no source and destination addresses in an NDN packet, it is forwarded based on a lookup of its name in the forwarding plane, which consists of the Forwarding Information Base (FIB), Pending Interest Table (PIT), and Content Store (CS). In addition, as an in-network caching element, a scalable Repository (Repo) design is needed to provide large-scale long-term content storage in NDN networks. Scalable NDN forwarding is a challenge. Compared to the well-understood approaches to IP forwarding, NDN forwarding performs lookups on packet names, which have variable and unbounded lengths, increasing the lookup complexity. The lookup tables are larger than in IP, requiring more memory space. Moreover, NDN forwarding has a read-write data plane, requiring per-packet updates at line rates. Designing and evaluating a scalable NDN forwarding node architecture is a major effort within the overall NDN research agenda. The goal of this dissertation is to demonstrate that scalable NDN forwarding is feasible with the proposed data structures and algorithms. First, we propose a FIB lookup design based on the binary search of hash tables that provides a reliable longest name prefix lookup performance baseline for future NDN research. We have demonstrated 10 Gbps forwarding throughput with 256-byte packets and one billion synthetic forwarding rules, each containing up to seven name components. Second, we explore data structures and algorithms to optimize the FIB design based on the specific characteristics of real-world forwarding datasets. Third, we propose a fingerprint-only PIT design that reduces the memory requirements in the core routers. Lastly, we discuss the Content Store design issues and demonstrate that the NDN Repo implementation can leverage many of the existing databases and storage systems to improve performance

A Framework for pervasive web content delivery

Ph.DDOCTOR OF PHILOSOPH

A Survey on Data Plane Programming with P4: Fundamentals, Advances, and Applied Research

With traditional networking, users can configure control plane protocols to match the specific network configuration, but without the ability to fundamentally change the underlying algorithms. With SDN, the users may provide their own control plane, that can control network devices through their data plane APIs. Programmable data planes allow users to define their own data plane algorithms for network devices including appropriate data plane APIs which may be leveraged by user-defined SDN control. Thus, programmable data planes and SDN offer great flexibility for network customization, be it for specialized, commercial appliances, e.g., in 5G or data center networks, or for rapid prototyping in industrial and academic research. Programming protocol-independent packet processors (P4) has emerged as the currently most widespread abstraction, programming language, and concept for data plane programming. It is developed and standardized by an open community and it is supported by various software and hardware platforms. In this paper, we survey the literature from 2015 to 2020 on data plane programming with P4. Our survey covers 497 references of which 367 are scientific publications. We organize our work into two parts. In the first part, we give an overview of data plane programming models, the programming language, architectures, compilers, targets, and data plane APIs. We also consider research efforts to advance P4 technology. In the second part, we analyze a large body of literature considering P4-based applied research. We categorize 241 research papers into different application domains, summarize their contributions, and extract prototypes, target platforms, and source code availability.Comment: Submitted to IEEE Communications Surveys and Tutorials (COMS) on 2021-01-2

A Cognitive Routing framework for Self-Organised Knowledge Defined Networks

This study investigates the applicability of machine learning methods to the routing protocols for achieving rapid convergence in self-organized knowledge-defined networks. The research explores the constituents of the Self-Organized Networking (SON) paradigm for 5G and beyond, aiming to design a routing protocol that complies with the SON requirements. Further, it also exploits a contemporary discipline called Knowledge-Defined Networking (KDN) to extend the routing capability by calculating the “Most Reliable” path than the shortest one. The research identifies the potential key areas and possible techniques to meet the objectives by surveying the state-of-the-art of the relevant fields, such as QoS aware routing, Hybrid SDN architectures, intelligent routing models, and service migration techniques. The design phase focuses primarily on the mathematical modelling of the routing problem and approaches the solution by optimizing at the structural level. The work contributes Stochastic Temporal Edge Normalization (STEN) technique which fuses link and node utilization for cost calculation; MRoute, a hybrid routing algorithm for SDN that leverages STEN to provide constant-time convergence; Most Reliable Route First (MRRF) that uses a Recurrent Neural Network (RNN) to approximate route-reliability as the metric of MRRF. Additionally, the research outcomes include a cross-platform SDN Integration framework (SDN-SIM) and a secure migration technique for containerized services in a Multi-access Edge Computing environment using Distributed Ledger Technology. The research work now eyes the development of 6G standards and its compliance with Industry-5.0 for enhancing the abilities of the present outcomes in the light of Deep Reinforcement Learning and Quantum Computing

Using program behaviour to exploit heterogeneous multi-core processors

Multi-core CPU architectures have become prevalent in recent years. A number of multi-core CPUs consist of not only multiple processing cores, but multiple different types of processing cores, each with different capabilities and specialisations. These heterogeneous multi-core architectures (HMAs) can deliver exceptional performance; however, they are notoriously difficult to program effectively. This dissertation investigates the feasibility of ameliorating many of the difficulties encountered in application development on HMA processors, by employing a behaviour aware runtime system. This runtime system provides applications with the illusion of executing on a homogeneous architecture, by presenting a homogeneous virtual machine interface. The runtime system uses knowledge of a program's execution behaviour, gained through explicit code annotations, static analysis or runtime monitoring, to inform its resource allocation and scheduling decisions, such that the application makes best use of the HMA's heterogeneous processing cores. The goal of this runtime system is to enable non-specialist application developers to write applications that can exploit an HMA, without the developer requiring in-depth knowledge of the HMA's design. This dissertation describes the development of a Java runtime system, called Hera-JVM, aimed at investigating this premise. Hera-JVM supports the execution of unmodified Java applications on both processing core types of the heterogeneous IBM Cell processor. An application's threads of execution can be transparently migrated between the Cell's different core types by Hera-JVM, without requiring the application's involvement. A number of real-world Java benchmarks are executed across both of the Cell's core types, to evaluate the efficacy of abstracting a heterogeneous architecture behind a homogeneous virtual machine. By characterising the performance of each of the Cell processor's core types under different program behaviours, a set of influential program behaviour characteristics is uncovered. A set of code annotations are presented, which enable program code to be tagged with these behaviour characteristics, enabling a runtime system to track a program's behaviour throughout its execution. This information is fed into a cost function, which Hera-JVM uses to automatically estimate whether the executing program's threads of execution would benefit from being migrated to a different core type, given their current behaviour characteristics. The use of history, hysteresis and trend tracking, by this cost function, is explored as a means of increasing its stability and limiting detrimental thread migrations. The effectiveness of a number of different migration strategies is also investigated under real-world Java benchmarks, with the most effective found to be a strategy that can target code, such that a thread is migrated whenever it executes this code. This dissertation also investigates the use of runtime monitoring to enable a runtime system to automatically infer a program's behaviour characteristics, without the need for explicit code annotations. A lightweight runtime behaviour monitoring system is developed, and its effectiveness at choosing the most appropriate core type on which to execute a set of real-world Java benchmarks is examined. Combining explicit behaviour characteristic annotations with those characteristics which are monitored at runtime is also explored. Finally, an initial investigation is performed into the use of behaviour characteristics to improve application performance under a different type of heterogeneous architecture, specifically, a non-uniform memory access (NUMA) architecture. Thread teams are proposed as a method of automatically clustering communicating threads onto the same NUMA node, thereby reducing data access overheads. Evaluation of this approach shows that it is effective at improving application performance, if the application's threads can be partitioned across the available NUMA nodes of a system. The findings of this work demonstrate that a runtime system with a homogeneous virtual machine interface can reduce the challenge of application development for HMA processors, whilst still being able to exploit such a processor by taking program behaviour into account

Provider-Controlled Bandwidth Management for HTTP-based Video Delivery

Over the past few years, a revolution in video delivery technology has taken place as mobile viewers and over-the-top (OTT) distribution paradigms have significantly changed the landscape of video delivery services. For decades, high quality video was only available in the home via linear television or physical media. Though Web-based services brought video to desktop and laptop computers, the dominance of proprietary delivery protocols and codecs inhibited research efforts. The recent emergence of HTTP adaptive streaming protocols has prompted a re-evaluation of legacy video delivery paradigms and introduced new questions as to the scalability and manageability of OTT video delivery. This dissertation addresses the question of how to enable for content and network service providers the ability to monitor and manage large numbers of HTTP adaptive streaming clients in an OTT environment. Our early work focused on demonstrating the viability of server-side pacing schemes to produce an HTTP-based streaming server. We also investigated the ability of client-side pacing schemes to work with both commodity HTTP servers and our HTTP streaming server. Continuing our client-side pacing research, we developed our own client-side data proxy architecture which was implemented on a variety of mobile devices and operating systems. We used the portable client architecture as a platform for investigating different rate adaptation schemes and algorithms. We then concentrated on evaluating the network impact of multiple adaptive bitrate clients competing for limited network resources, and developing schemes for enforcing fair access to network resources. The main contribution of this dissertation is the definition of segment-level client and network techniques for enforcing class of service (CoS) differentiation between OTT HTTP adaptive streaming clients. We developed a segment-level network proxy architecture which works transparently with adaptive bitrate clients through the use of segment replacement. We also defined a segment-level rate adaptation algorithm which uses download aborts to enforce CoS differentiation across distributed independent clients. The segment-level abstraction more accurately models application-network interactions and highlights the difference between segment-level and packet-level time scales. Our segment-level CoS enforcement techniques provide a foundation for creating scalable managed OTT video delivery services

Network level performance of differentiated services (diffserv) networks

The Differentiated Services (DiffServ) architecture is a promising means of providing Quality of Service (QoS) in Internet. In DiffServ networks, three service classes, or Per-hop Behaviors (PHBs), have been defined: Expedited Forwarding (EF), Assured Forwarding (AF) and Best Effort (BE). In this dissertation, the performance of DiffServ networks at the network level, such as end-to-end QoS, network stability, and fairness of bandwidth allocation over the entire network have been extensively investigated. It has been shown in literature that the end-to-end delay of EF traffic can go to infinity even in an over-provisioned network. In this dissertation, a simple scalable aggregate scheduling scheme, called Youngest Serve First (YSF) algorithm is proposed. YSF is not only able to guarantee finite end-to-end delay, but also to keep a low scheduling complexity. With respect to the Best Effort traffic, Random Exponential Marking (REM), an existing AQM scheme is studied under a new continuous time model, and its local stable condition is presented. Next, a novel virtual queue and rate based AQM scheme (VQR) is proposed, and its local stability condition has been presented. Then, a new AQM framework, Edge-based AQM (EAQM) is proposed. EAQM is easier to implement, and it achieves similar or better performance than traditional AQM schemes. With respect to the Assured Forwarding, a network-assist packet marking (NPM) scheme has been proposed. It has been demonstrated that NPM can fairly distribute bandwidth among AF aggregates based on their Committed Information Rates (CIRs) in both single and multiple bottleneck link networks