Using Tuangou to reduce IP transit costs

A majority of ISPs (Internet Service Providers) support connectivity to the entire Internet by transiting their traffic via other providers. Although the transit prices per Mbps decline steadily, the overall transit costs of these ISPs remain high or even increase, due to the traffic growth. The discontent of the ISPs with the high transit costs has yielded notable innovations such as peering, content distribution networks, multicast, and peer-to-peer localization. While the above solutions tackle the problem by reducing the transit traffic, this paper explores a novel approach that reduces the transit costs without altering the traffic. In the proposed CIPT (Cooperative IP Transit), multiple ISPs cooperate to jointly purchase IP (Internet Protocol) transit in bulk. The aggregate transit costs decrease due to the economies-of-scale effect of typical subadditive pricing as well as burstable billing: not all ISPs transit their peak traffic during the same period. To distribute the aggregate savings among the CIPT partners, we propose Shapley-value sharing of the CIPT transit costs. Using public data about IP traffic of 264 ISPs and transit prices, we quantitatively evaluate CIPT and show that significant savings can be achieved, both in relative and absolute terms. We also discuss the organizational embodiment, relationship with transit providers, traffic confidentiality, and other aspects of CIPT

Design and implementation of the node identity internetworking architecture

The Internet Protocol (IP) has been proven very flexible, being able to accommodate all kinds of link technologies and supporting a broad range of applications. The basic principles of the original Internet architecture include end-to-end addressing, global routeability and a single namespace of IP addresses that unintentionally serves both as locators and host identifiers. The commercial success and widespread use of the Internet have lead to new requirements, which include internetworking over business boundaries, mobility and multi-homing in an untrusted environment. Our approach to satisfy these new requirements is to introduce a new internetworking layer, the node identity layer. Such a layer runs on top of the different versions of IP, but could also run directly on top of other kinds of network technologies, such as MPLS and 2G/3G PDP contexts. This approach enables connectivity across different communication technologies, supports mobility, multi-homing, and security from ground up. This paper describes the Node Identity Architecture in detail and discusses the experiences from implementing and running a prototype

I Know Where You are and What You are Sharing: Exploiting P2P Communications to Invade Users' Privacy

In this paper, we show how to exploit real-time communication applications to determine the IP address of a targeted user. We focus our study on Skype, although other real-time communication applications may have similar privacy issues. We first design a scheme that calls an identified targeted user inconspicuously to find his IP address, which can be done even if he is behind a NAT. By calling the user periodically, we can then observe the mobility of the user. We show how to scale the scheme to observe the mobility patterns of tens of thousands of users. We also consider the linkability threat, in which the identified user is linked to his Internet usage. We illustrate this threat by combining Skype and BitTorrent to show that it is possible to determine the file-sharing usage of identified users. We devise a scheme based on the identification field of the IP datagrams to verify with high accuracy whether the identified user is participating in specific torrents. We conclude that any Internet user can leverage Skype, and potentially other real-time communication systems, to observe the mobility and file-sharing usage of tens of millions of identified users.Comment: This is the authors' version of the ACM/USENIX Internet Measurement Conference (IMC) 2011 pape

Active and Passive Monitoring and Analysis of IP Option Header Transparency from Covert Channel Point of View

In a context of network covert channels, unused header fields in communication protocols are vulnerable to embed secret data. An IP Option field in the IP header is considered as one of useful spaces for constructing the Internet-wide network covert channels. On the other hand, IP packets with IP Option have been said non-transparent on the global Internet. This paper investigates how an IP packet with IP option can be going through over the Internet by active and passive monitoring methods. At first, we investigated AS border traffic in an academic AS and a commercial IX. The result was that only four types of IP Options, Route Record (RR), Time Stamp (TS), No Operation (NOP) and End of Option List (EOOL), were observed. Then, we preliminary evaluated transparency of these four types IP Options over the global Internet by probing from ten Planetlab nodes on six countries against 5,000 randomly chosen destination IP addresses and 11,251 intermediate routers. Both destination addresses and intermediate routers were included in 1,132 intermediate ASes. As the active measurement result, 57% routers replied to IP packets with the RR Option, that is, the RR Option was transparent in 914 intermediate ASes on this experiment. On the other hand, 41% of intermediate routers replied probe packets with the TS option, that is, the TS Option was transparent in 811 intermediate ASes on this experiment

PROXIMITY BASED CONTACT SUGGESTION SYSTEM

A proximity based suggestion system can be used to deliver suggestions to social network users, to add one or more users to their friend list, based on users’ proximity to each other. The system receives a first Internet Protocol (IP) address of a first user device connected to the Internet through a first access point. The system also receives IP address of a first client device connected to the Internet through the first access point. The system then receives a first MAC address of the first client device and a second MAC address of a second client device from the first client device. Similarly, the system also receives the second MAC address of the second client device and the first MAC address of the first client device from the second client device. Further, the system receives IP address of the second client device connected to the Internet through a second access point and a second IP address of a second user device connected to the Internet through the second access point. The system then determines that the first user connected to the Internet through the first access point and the second user connected to the Internet through the second access point are in physical proximity to each other

Distance Cautious IP - A Systematic Approach in VANETS

VANET is a decentralized network that allows the vehicles to communicate with each other for providingsafety warning, traffic management and driver assistance systems. Vehicular IP in Wireless Access in Vehicular Environments (VIP-WAVE)has characterized the IP configuration for extended andnon-extended IP services, and amobilitymanagement scheme supportedby Proxy Mobile IPv6 over WAVE.As the vehicular networks are formed even in remote areas with inadequate power source, the units have power constraints which are overcome by power control in the proposed system .The objective of the paper is to improve the quality of the network by providing internet accesswith transmit power control along which the distance between the RSU and on-board vehicular units(OBU)is determined i.e., power consumption is reduced when at least distance. Hence the RSU provides Distance Cautious Internet Protocol (DCIP) to the OBU for internet access.This paper analyses the WAVE standard and its support of IP based applications, and proposesDistance Cautious Internet Protocol in WAVE(DCIP-WAVE)