Discovering the IPv6 Network Periphery

We consider the problem of discovering the IPv6 network periphery, i.e., the last hop router connecting endhosts in the IPv6 Internet. Finding the IPv6 periphery using active probing is challenging due to the IPv6 address space size, wide variety of provider addressing and subnetting schemes, and incomplete topology traces. As such, existing topology mapping systems can miss the large footprint of the IPv6 periphery, disadvantaging applications ranging from IPv6 census studies to geolocation and network resilience. We introduce "edgy," an approach to explicitly discover the IPv6 network periphery, and use it to find >~64M IPv6 periphery router addresses and >~87M links to these last hops -- several orders of magnitude more than in currently available IPv6 topologies. Further, only 0.2% of edgy's discovered addresses are known to existing IPv6 hitlists

Privacidade em redes de próxima geração

Doutoramento em Engenharia InformáticaIn the modern society, communications and digital transactions are becoming the norm rather than the exception. As we allow networked computing devices into our every-day actions, we build a digital lifestyle where networks and devices enrich our interactions. However, as we move our information towards a connected digital environment, privacy becomes extremely important as most of our personal information can be found in the network. This is especially relevant as we design and adopt next generation networks that provide ubiquitous access to services and content, increasing the impact and pervasiveness of existing networks. The environments that provide widespread connectivity and services usually rely on network protocols that have few privacy considerations, compromising user privacy. The presented work focuses on the network aspects of privacy, considering how network protocols threaten user privacy, especially on next generation networks scenarios. We target the identifiers that are present in each network protocol and support its designed function. By studying how the network identifiers can compromise user privacy, we explore how these threats can stem from the identifier itself and from relationships established between several protocol identifiers. Following the study focused on identifiers, we show that privacy in the network can be explored along two dimensions: a vertical dimension that establishes privacy relationships across several layers and protocols, reaching the user, and a horizontal dimension that highlights the threats exposed by individual protocols, usually confined to a single layer. With these concepts, we outline an integrated perspective on privacy in the network, embracing both vertical and horizontal interactions of privacy. This approach enables the discussion of several mechanisms to address privacy threats on individual layers, leading to architectural instantiations focused on user privacy. We also show how the different dimensions of privacy can provide insight into the relationships that exist in a layered network stack, providing a potential path towards designing and implementing future privacy-aware network architectures.Na sociedade moderna, as comunicações e transacções digitais estão a tornar-se a regra e não a excepção. À medida que permitimos a intromissão de dispositivos electrónicos de rede no nosso quotidiano, vamos construíndo um estilo de vida digital onde redes e dispositivos enrirquecem as nossas interacções. Contudo, ao caminharmos para um ambiente digital em rede, a nossa privacidade vai-se revestindo de maior importãncia, pois a nossa informação pessoal passa a encontrar-se cada vez mais na rede. Isto torna-se particularmente relevante ao adoptarmos redes de próxima geração, que permitem acesso ubíquo a redes, serviços e conteúdos, aumentando o impacte e pervasividade das redes actuais. Os ambientes onde a conectividade e os serviços se tornam uma constante, assentam em protocolos de rede que normalmente contemplam poucas considerações sobre privacidade, comprometendo desta forma o utlizador. O presente trabalho centra-se nos aspectos de privacidade que dizem respeito à rede devido à forma como os protocolos são utilizados nas diferentes camadas, e que resultando em ameaças à privacidade do utilizador. Abordamos especificamente os identificadores presentes nos protocolos de rede, e que são essenciais à sua função. Neste contexto exploramos a possibilidade destes identificadores comprometerem a privacidade do utilizador através da informação neles contida, bem como das relações que podem ser estabelecidas entre identificadores de diferentes protocolos. Após este estudo centrado nos identificadores, mostramos como a privacidade em redes pode ser explorada ao longo de duas dimensões: uma dimensão que acentua as relações verticais de privacidade, cruzando vários protocolos até chegar ao utilizador, e uma dimensão horizontal que destaca as ameaças causadas por cada protocolo, de forma individual, normalmente limitadas a uma única camada. Através destes conceitos, mostramos uma visão integrada de privacidade em redes, abrangendo tanto as interacçoes de privacidade verticais como as horizontais. Esta visão permite discutir vários mecanismos para mitigar ameaças específicas a cada camada de rede, resultando em instânciações arquitecturais orientadas à privacidade do utilizador. Finalmente, mostramos como as diferentes dimensões de privacidade podem fornecer uma visão diferente sobre as relações estabelecidas na pilha protocolar que assenta em camadas, mostrando um caminho possível para o desenvolvimento de futuras arquitecturas de rede com suporte para privacidade

Remedying Security Concerns at an Internet Scale

The state of security across the Internet is poor, and it has been so since the advent of the modern Internet. While the research community has made tremendous progress over the years in learning how to design and build secure computer systems, network protocols, and algorithms, we are far from a world where we can truly trust the security of deployed Internet systems. In reality, we may never reach such a world. Security concerns continue to be identified at scale through-out the software ecosystem, with thousands of vulnerabilities discovered each year. Meanwhile, attacks have become ever more frequent and consequential.As Internet systems will continue to be inevitably affected by newly found security concerns, the research community must develop more effective ways to remedy these issues. To that end, in this dissertation, we conduct extensive empirical measurements to understand how remediation occurs in practice for Internet systems, and explore methods for spurring improved remediation behavior. This dissertation provides a treatment of the complete remediation life cycle, investigating the creation, dissemination, and deployment of remedies. We start by focusing on security patches that address vulnerabilities, and analyze at scale their creation process, characteristics of the resulting fixes, and how these impact vulnerability remediation. We then investigate and systematize how administrators of Internet systems deploy software updates which patch vulnerabilities across the many machines they manage on behalf of organizations. Finally, we conduct the first systematic exploration of Internet-scale outreach efforts to disseminate information about security concerns and their remedies to system administrators, with an aim of driving their remediation decisions. Our results show that such outreach campaigns can effectively galvanize positive reactions.Improving remediation, particularly at scale, is challenging, as the problem space exhibits many dimensions beyond traditional computer technical considerations, including human, social, organizational, economic, and policy facets. To make meaningful progress, this work uses a diversity of empirical methods, from software data mining to user studies to Internet-wide network measurements, to systematically collect and evaluate large-scale datasets. Ultimately, this dissertation establishes broad empirical grounding on security remediation in practice today, as well as new approaches for improved remediation at an Internet scale

Rising China and Internet governance: Multistakeholderism, fragmentation and the Liberal Order in the age of digital sovereignty

In its open and private-based dimension, the Internet is the epitome of the Liberal International Order in its global spatial dimension. Therefore, normative questions arise from the emergence of powerful non-liberal actors such as China in Internet governance. In particular, China has supported a UN-based multilateral Internet governance model based on state sovereignty aimed at replacing the existing ICANN-based multistakeholder model. While persistent, this debate has become less dualistic through time. However, fear of Internet fragmentation has increased as the US-China technological competition grew harsher. This thesis inquires “(To what extent) are Chinese stakeholders reshaping the rules of Global Internet Governance?”. This is further unpacked in three smaller questions: (i) (To what extent) are Chinese stakeholders contributing to increased state influence in multistakeholder fora?; (ii) (how) is China contributing to Internet fragmentation?; and (iii) what are the main drivers of Chinese stakeholders’ stances? To answer these questions, Chinese stakeholders’ actions are observed in the making and management of critical Internet resources at the IETF and ICANN respectively, and in mobile connectivity standard-making at 3GPP. Through the lens of norm entrepreneurship in regime complexes, this thesis interprets changes and persistence in the Internet governance normative order and Chinese attitudes towards it. Three research methods are employed: network analysis, semi-structured expert interviews, and thematic document analysis. While China has enhanced state intervention in several technological fields, fostering debates on digital sovereignty, this research finds that the Chinese government does not exert full control on its domestic private actors and concludes that Chinese stakeholders have increasingly adapted to multistakeholder Internet governance as they grew influential within it. To enhance control over Internet-based activities, the Chinese government resorted to regulatory and technical control domestically rather than establishing a splinternet. This is due to Chinese stakeholders’ interest in retaining the network benefits of global interconnectivity

Journal of Telecommunications and Information Technology, 2013, nr 1

kwartalni

Optimização de recursos para difusão em redes de próxima geração

Doutoramento em ElectrotecniaEsta tese aborda o problema de optimização de recursos de rede, na entrega de Serviços de Comunicação em Grupo, em Redes de Próxima Geração que suportem tecnologias de difusão. De acordo com esta problemática, são feitas propostas que levam em atenção a evolução espectável das redes 3G em Redes Heterogéneas de Próxima Geração que incluam tecnologias de difusão tais como o DVB. A optimização de recursos em Comunicações em Grupo é apresentada como um desafio vertical que deve cruzar diversas camadas. As optimizações aqui propostas cobrem tanto a interface entre Aplicação e a Plataforma de Serviços para a disponibilização de serviços de comunicação em grupo, como as abstracções e mapeamentos feitos na interface entre a Rede Central e a Rede de Acesso Rádio. As optimizações propostas nesta tese, assumem que o caminho evolutivo na direcção de uma Rede de Próxima Geração é feito através do IP. Em primeiro lugar são endereçadas as optimizações entre a Aplicação e a Plataforma de Serviços que já podem ser integradas nas redes 3G existentes. Estas optimizações podem potenciar o desenvolvimento de novas e inovadoras aplicações, que através do uso de mecanismos de distribuição em difusão podem fazer um uso mais eficiente dos recursos de rede. De seguida são apresentadas optimizações ao nível da interface entre a Rede Central e a Rede de Acesso Rádio que abordam a heterogeneidade das redes futuras assim como a necessidade de suportar tecnologias de difusão. É ainda considerada a possibilidade de aumentar a qualidade de serviço de serviços de difusão através do mapeamento do IP multicast em portadoras unidireccionais. Por forma a validar todas estas optimizações, vários protótipos foram desenvolvidos com base num router avançado para redes de acesso de próxima geração. As funcionalidades e arquitectura de software desse router são também aqui apresentadas.This thesis addresses the problem of optimizing network resource usage, for the delivery of Group Services, in Next Generation Networks featuring broadcast technologies. In this scope, proposals are made according to the expected evolution of 3G networks into Next Generation Heterogeneous Networks that include broadcast technologies such as DVB. Group Communication resource optimization is considered a vertical challenge that must cross several layers. The optimizations here proposed cover both Application to Service Platform interfaces for group communication services, and Core Network to Radio Access Network interface abstractions and mappings. The proposed optimizations are also presented taking into consideration network evolution path towards an All-IP based Next Generation Network. First it is addressed the Application to Service Platform optimization, which can already be deployed over 3G networks. This optimization could potentiate the development of new and innovative applications that through the use of broadcast/multicast service delivery mechanisms could be more efficient network wise. Next proposals are made on the Core Network to Radio Access Network interfaces that address the heterogeneity of future networks and consider the need to support broadcast networks. It is also considered the possibility to increase the Quality of Service of broadcast/multicast services based on the dynamic mapping of IP multicast into unicast radio bearers. In order to validate these optimizations, several prototypes were built based on an advanced access router for next generation networks. Such access router functionalities and software architecture are also presented here

Seamless Communication for Crises Management

SECRICOM is proposed as a collaborative research project aiming at development of a reference security platform for EU crisis management operations with two essential ambitions: (A) Solve or mitigate problems of contemporary crisis communication infrastructures (Tetra, GSM, Citizen Band, IP) such as poor interoperability of specialized communication means, vulnerability against tapping and misuse, lack of possibilities to recover from failures, inability to use alternative data carrier and high deployment and operational costs. (B) Add new smart functions to existing services which will make the communication more effective and helpful for users. Smart functions will be provided by distributed IT systems based on an agents’ infrastructure. Achieving these two project ambitions will allow creating a pervasive and trusted communication infrastructure fulfilling requirements of crisis management users and ready for immediate application

Journal of Telecommunications and Information Technology, 2014, nr 3

kwartalni

Radio Communications

In the last decades the restless evolution of information and communication technologies (ICT) brought to a deep transformation of our habits. The growth of the Internet and the advances in hardware and software implementations modified our way to communicate and to share information. In this book, an overview of the major issues faced today by researchers in the field of radio communications is given through 35 high quality chapters written by specialists working in universities and research centers all over the world. Various aspects will be deeply discussed: channel modeling, beamforming, multiple antennas, cooperative networks, opportunistic scheduling, advanced admission control, handover management, systems performance assessment, routing issues in mobility conditions, localization, web security. Advanced techniques for the radio resource management will be discussed both in single and multiple radio technologies; either in infrastructure, mesh or ad hoc networks