Towards Disruption Tolerant ICN

Information-Centric Networking (ICN) is a promi- nent topic in current networking research. ICN design signifi- cantly considers the increased demand of scalable and efficient content distribution for Future Internet. However, intermittently connected mobile environments or disruptive networks present a significant challenge to ICN deployment. In this context, delay tolerant networking (DTN) architecture is an initiative that effec- tively deals with network disruptions. Among all ICN proposals, Content Centric Networking (CCN) is gaining more and more interest for its architectural design, but still has the limitation in highly disruptive environment. In this paper, we design a protocol stack referred as CCNDTN which integrates DTN architecture in the native CCN to deal with network disruption. We also present the implementation details of the proposed CCNDTN. We extend CCN routing strategies by integrating Bundle protocol of DTN architecture. The integration of CCN and DTN enriches the connectivity options of CCN architecture in fragmented networks. Furthermore, CCNDTN can be beneficial through the simultaneous use of all available connectivities and opportunistic networking of DTN for the dissemination of larger data items. This paper also highlights the potential use cases of CCNDTN architecture and crucial questions about integrating CCN and DTNComment: ISCC 201

Secure Naming and Addressing Operations for Store, Carry and Forward Networks

This paper describes concepts for secure naming and addressing directed at Store, Carry and Forward (SCF) distributed applications, where disconnection and intermittent connectivity between forwarding systems is the norm. The paper provides a brief overview of store, carry and forward distributed applications followed by an in depth discussion of how to securely: create a namespace; allocate names within the namespace; query for names known within a local processing system or connected subnetwork; validate ownership of a given name; authenticate data from a given name; and, encrypt data to a given name. Critical issues such as revocation of names, mobility and the ability to use various namespaces to secure operations or for Quality-of-Service are also presented. Although the concepts presented for naming and addressing have been developed for SCF, they are directly applicable to fully connected systems

Enhanced Community-Based Routing for Low-Capacity Pocket Switched Networks

Sensor devices and the emergent networks that they enable are capable of transmitting information between data sources and a permanent data sink. Since these devices have low-power and intermittent connectivity, latency of the data may be tolerated in an effort to save energy for certain classes of data. The BUBBLE routing algorithm developed by Hui et al. in 2008 provides consistent routing by employing a model which computes individual nodes popularity from sets of nodes and then uses these popularity values for forwarding decisions. This thesis considers enhancements to BUBBLE based on the hypothesis that nodes do form groups and certain centrality values of nodes within these groups can be used to improve routing decisions further. Built on this insight, there are two algorithms proposed in this thesis. First is the Community-Based- Forwarding (CBF), which uses pairwise group interactions and pairwise node-to-group interactions as a measure of popularity for routing messages. By having a different measure of popularity than BUBBLE, as an additional factor in determining message forwarding, CBF is a more conservative routing scheme than BUBBLE. Thus, it provides consistently superior message transmission and delivery performance at an acceptable delay cost in resource constrained environments. To overcome this drawback, the concept of unique interaction pattern within groups of nodes is introduced in CBF and it is further renewed into an enhanced algorithm known as Hybrid-Community-Based- Forwarding (HCBF). Utilizing this factor will channel messages along the entire path with consideration for higher probability of contact with the destination group and the destination node. Overall, the major contribution of this thesis is to design and evaluate an enhanced social based routing algorithm for resource-constrained Pocket Switched Networks (PSNs), which will optimize energy consumption related to data transfer. It will do so by explicitly considering features of communities in order to reduce packet loss while maintaining high delivery ratio and reduced delay

End to End Reliability without Unicast Acknowledgements over Vehicular Networks

The Future Cities Project (http://futurecities.up.pt/) has turned the city of Porto (Portugal) into an urban-scale living lab, where researchers, companies and startups can develop and test technologies, products and services. One of its largest infrastructures is the UrbanSense testbed, consisting of 25 environmental sensing units installed around the city, and another the BusNet, a vehicular ad-hoc network installed in over 400 STCP buses together with 55 Road Side Units (RSU), operated by the UP spin-off Veniam. The data gathered by UrbanSense is carried by BusNet to a storage facility. Because BusNet does not support unicast addressing, there i currently on means to provide end-to-end reliability to the communication, leading to data losses. The goal of this thesis is to explore possibilities to address this problem, designing an application level protocol that provides reliability to the data transfer without requiring unicast addressing. Instead, the protocol should leverage the knowledge about bus routes and geographic location of sensing nodes to target the delivery of the acknowledgements

Connectivity and Data Transmission over Wireless Mobile Systems

We live in a world where wireless connectivity is pervasive and becomes ubiquitous. Numerous devices with varying capabilities and multiple interfaces are surrounding us. Most home users use Wi-Fi routers, whereas a large portion of human inhabited land is covered by cellular networks. As the number of these devices, and the services they provide, increase, our needs in bandwidth and interoperability are also augmented. Although deploying additional infrastructure and future protocols may alleviate these problems, efficient use of the available resources is important. We are interested in the problem of identifying the properties of a system able to operate using multiple interfaces, take advantage of user locations, identify the users that should be involved in the routing, and setup a mechanism for information dissemination. The challenges we need to overcome arise from network complexity and heterogeneousness, as well as the fact that they have no single owner or manager. In this thesis I focus on two cases, namely that of utilizing "in-situ" WiFi Access Points to enhance the connections of mobile users, and that of establishing "Virtual Access Points" in locations where there is no fixed roadside equipment available. Both environments have attracted interest for numerous related works. In the first case the main effort is to take advantage of the available bandwidth, while in the second to provide delay tolerant connectivity, possibly in the face of disasters. Our main contribution is to utilize a database to store user locations in the system, and to provide ways to use that information to improve system effectiveness. This feature allows our system to remain effective in specific scenarios and tests, where other approaches fail

AUTOMATED NETWORK SECURITY WITH EXCEPTIONS USING SDN

Campus networks have recently experienced a proliferation of devices ranging from personal use devices (e.g. smartphones, laptops, tablets), to special-purpose network equipment (e.g. firewalls, network address translation boxes, network caches, load balancers, virtual private network servers, and authentication servers), as well as special-purpose systems (badge readers, IP phones, cameras, location trackers, etc.). To establish directives and regulations regarding the ways in which these heterogeneous systems are allowed to interact with each other and the network infrastructure, organizations typically appoint policy writing committees (PWCs) to create acceptable use policy (AUP) documents describing the rules and behavioral guidelines that all campus network interactions must abide by. While users are the audience for AUP documents produced by an organization\u27s PWC, network administrators are the responsible party enforcing the contents of such policies using low-level CLI instructions and configuration files that are typically difficult to understand and are almost impossible to show that they do, in fact, enforce the AUPs. In other words, mapping the contents of imprecise unstructured sentences into technical configurations is a challenging task that relies on the interpretation and expertise of the network operator carrying out the policy enforcement. Moreover, there are multiple places where policy enforcement can take place. For example, policies governing servers (e.g., web, mail, and file servers) are often encoded into the server\u27s configuration files. However, from a security perspective, conflating policy enforcement with server configuration is a dangerous practice because minor server misconfigurations could open up avenues for security exploits. On the other hand, policies that are enforced in the network tend to rarely change over time and are often based on one-size-fits-all policies that can severely limit the fast-paced dynamics of emerging research workflows found in campus networks. This dissertation addresses the above problems by leveraging recent advances in Software-Defined Networking (SDN) to support systems that enable novel in-network approaches developed to support an organization\u27s network security policies. Namely, we introduce PoLanCO, a human-readable yet technically-precise policy language that serves as a middle-ground between the imprecise statements found in AUPs and the technical low-level mechanisms used to implement them. Real-world examples show that PoLanCO is capable of implementing a wide range of policies found in campus networks. In addition, we also present the concept of Network Security Caps, an enforcement layer that separates server/device functionality from policy enforcement. A Network Security Cap intercepts packets coming from, and going to, servers and ensures policy compliance before allowing network devices to process packets using the traditional forwarding mechanisms. Lastly, we propose the on-demand security exceptions model to cope with the dynamics of emerging research workflows that are not suited for a one-size-fits-all security approach. In the proposed model, network users and providers establish trust relationships that can be used to temporarily bypass the policy compliance checks applied to general-purpose traffic -- typically by network appliances that perform Deep Packet Inspection, thereby creating network bottlenecks. We describe the components of a prototype exception system as well as experiments showing that through short-lived exceptions researchers can realize significant improvements for their special-purpose traffic

Secure Communication in Disaster Scenarios

Während Naturkatastrophen oder terroristischer Anschläge ist die bestehende Kommunikationsinfrastruktur häufig überlastet oder fällt komplett aus. In diesen Situationen können mobile Geräte mithilfe von drahtloser ad-hoc- und unterbrechungstoleranter Vernetzung miteinander verbunden werden, um ein Notfall-Kommunikationssystem für Zivilisten und Rettungsdienste einzurichten. Falls verfügbar, kann eine Verbindung zu Cloud-Diensten im Internet eine wertvolle Hilfe im Krisen- und Katastrophenmanagement sein. Solche Kommunikationssysteme bergen jedoch ernsthafte Sicherheitsrisiken, da Angreifer versuchen könnten, vertrauliche Daten zu stehlen, gefälschte Benachrichtigungen von Notfalldiensten einzuspeisen oder Denial-of-Service (DoS) Angriffe durchzuführen. Diese Dissertation schlägt neue Ansätze zur Kommunikation in Notfallnetzen von mobilen Geräten vor, die von der Kommunikation zwischen Mobilfunkgeräten bis zu Cloud-Diensten auf Servern im Internet reichen. Durch die Nutzung dieser Ansätze werden die Sicherheit der Geräte-zu-Geräte-Kommunikation, die Sicherheit von Notfall-Apps auf mobilen Geräten und die Sicherheit von Server-Systemen für Cloud-Dienste verbessert