Gozar: NAT-friendly Peer Sampling with One-Hop Distributed NAT Traversal

Gossip-based peer sampling protocols have been widely used as a building block for many large-scale distributed applications. However, Network Address Translation gateways (NATs) cause most existing gossiping protocols to break down, as nodes cannot establish direct connections to nodes behind NATs (private nodes). In addition, most of the existing NAT traversal algorithms for establishing connectivity to private nodes rely on third party servers running at a well-known, public IP addresses. In this paper, we present Gozar, a gossip-based peer sampling service that: (i) provides uniform random samples in the presence of NATs, and (ii) enables direct connectivity to sampled nodes using a fully distributed NAT traversal service, where connection messages require only a single hop to connect to private nodes. We show in simulation that Gozar preserves the randomness properties of a gossip-based peer sampling service. We show the robustness of Gozar when a large fraction of nodes reside behind NATs and also in catastrophic failure scenarios. For example, if 80% of nodes are behind NATs, and 80% of the nodes fail, more than 92% of the remaining nodes stay connected. In addition, we compare Gozar with existing NAT-friendly gossip-based peer sampling services, Nylon and ARRG. We show that Gozar is the only system that supports one-hop NAT traversal, and its overhead is roughly half of Nylon’s

Mathematical analysis of scheduling policies in peer-to-peer video streaming networks

Las redes de pares son comunidades virtuales autogestionadas, desarrolladas en la capa de aplicación sobre la infraestructura de Internet, donde los usuarios (denominados pares) comparten recursos (ancho de banda, memoria, procesamiento) para alcanzar un fin común. La distribución de video representa la aplicación más desafiante, dadas las limitaciones de ancho de banda. Existen básicamente tres servicios de video. El más simple es la descarga, donde un conjunto de servidores posee el contenido original, y los usuarios deben descargar completamente este contenido previo a su reproducción. Un segundo servicio se denomina video bajo demanda, donde los pares se unen a una red virtual siempre que inicien una solicitud de un contenido de video, e inician una descarga progresiva en línea. El último servicio es video en vivo, donde el contenido de video es generado, distribuido y visualizado simultáneamente. En esta tesis se estudian aspectos de diseño para la distribución de video en vivo y bajo demanda. Se presenta un análisis matemático de estabilidad y capacidad de arquitecturas de distribución bajo demanda híbridas, asistidas por pares. Los pares inician descargas concurrentes de múltiples contenidos, y se desconectan cuando lo desean. Se predice la evolución esperada del sistema asumiendo proceso Poisson de arribos y egresos exponenciales, mediante un modelo determinístico de fluidos. Un sub-modelo de descargas secuenciales (no simultáneas) es globalmente y estructuralmente estable, independientemente de los parámetros de la red. Mediante la Ley de Little se determina el tiempo medio de residencia de usuarios en un sistema bajo demanda secuencial estacionario. Se demuestra teóricamente que la filosofía híbrida de cooperación entre pares siempre desempeña mejor que la tecnología pura basada en cliente-servidor

User-Centric Quality of Service Provisioning in IP Networks

The Internet has become the preferred transport medium for almost every type of communication, continuing to grow, both in terms of the number of users and delivered services. Efforts have been made to ensure that time sensitive applications receive sufficient resources and subsequently receive an acceptable Quality of Service (QoS). However, typical Internet users no longer use a single service at a given point in time, as they are instead engaged in a multimedia-rich experience, comprising of many different concurrent services. Given the scalability problems raised by the diversity of the users and traffic, in conjunction with their increasing expectations, the task of QoS provisioning can no longer be approached from the perspective of providing priority to specific traffic types over coexisting services; either through explicit resource reservation, or traffic classification using static policies, as is the case with the current approach to QoS provisioning, Differentiated Services (Diffserv). This current use of static resource allocation and traffic shaping methods reveals a distinct lack of synergy between current QoS practices and user activities, thus highlighting a need for a QoS solution reflecting the user services. The aim of this thesis is to investigate and propose a novel QoS architecture, which considers the activities of the user and manages resources from a user-centric perspective. The research begins with a comprehensive examination of existing QoS technologies and mechanisms, arguing that current QoS practises are too static in their configuration and typically give priority to specific individual services rather than considering the user experience. The analysis also reveals the potential threat that unresponsive application traffic presents to coexisting Internet services and QoS efforts, and introduces the requirement for a balance between application QoS and fairness. This thesis proposes a novel architecture, the Congestion Aware Packet Scheduler (CAPS), which manages and controls traffic at the point of service aggregation, in order to optimise the overall QoS of the user experience. The CAPS architecture, in contrast to traditional QoS alternatives, places no predetermined precedence on a specific traffic; instead, it adapts QoS policies to each individual’s Internet traffic profile and dynamically controls the ratio of user services to maintain an optimised QoS experience. The rationale behind this approach was to enable a QoS optimised experience to each Internet user and not just those using preferred services. Furthermore, unresponsive bandwidth intensive applications, such as Peer-to-Peer, are managed fairly while minimising their impact on coexisting services. The CAPS architecture has been validated through extensive simulations with the topologies used replicating the complexity and scale of real-network ISP infrastructures. The results show that for a number of different user-traffic profiles, the proposed approach achieves an improved aggregate QoS for each user when compared with Best effort Internet, Traditional Diffserv and Weighted-RED configurations. Furthermore, the results demonstrate that the proposed architecture not only provides an optimised QoS to the user, irrespective of their traffic profile, but through the avoidance of static resource allocation, can adapt with the Internet user as their use of services change.France Teleco

Distributed Optimization of P2P Media Delivery Overlays

Media streaming over the Internet is becoming increasingly popular. Currently, most media is delivered using global content-delivery networks, providing a scalable and robust client-server model. However, content delivery infrastructures are expensive. One approach to reduce the cost of media delivery is to use peer-to-peer (P2P) overlay networks, where nodes share responsibility for delivering the media to one another. The main challenges in P2P media streaming using overlay networks include: (i) nodes should receive the stream with respect to certain timing constraints, (ii) the overlay should adapt to the changes in the network, e.g., varying bandwidth capacity and join/failure of nodes, (iii) nodes should be intentivized to contribute and share their resources, and (iv) nodes should be able to establish connectivity to the other nodes behind NATs. In this work, we meet these requirements by presenting P2P solutions for live media streaming, as well as proposing a distributed NAT traversal solution. First of all, we introduce a distributed market model to construct an approximately minimal height multiple-tree streaming overlay for content delivery, in gradienTv. In this system, we assume all the nodes are cooperative and execute the protocol. However, in reality, there may exist some opportunistic nodes, free-riders, that take advantage of the system, without contributing to content distribution. To overcome this problem, we extend our market model in Sepidar to be effective in deterring free-riders. However, gradienTv and Sepidar are tree-based solutions, which are fragile in high churn and failure scenarios. We present a solution to this problem in GLive that provides a more robust overlay by replacing the tree structure with a mesh. We show in simulation, that the mesh-based overlay outperforms the multiple-tree overlay. Moreover, we compare the performance of all our systems with the state-of-the-art NewCoolstreaming, and observe that they provide better playback continuity and lower playback latency than that of NewCoolstreaming under a variety of experimental scenarios. Although our distributed market model can be run against a random sample of nodes, we improve its convergence time by executing it against a sample of nodes taken from the Gradient overlay. The Gradient overlay organizes nodes in a topology using a local utility value at each node, such that nodes are ordered in descending utility values away from a core of the highest utility nodes. The evaluations show that the streaming overlays converge faster when our market model works on top of the Gradient overlay. We use a gossip-based peer sampling service in our streaming systems to provide each node with a small list of live nodes. However, in the Internet, where a high percentage of nodes are behind NATs, existing gossiping protocols break down. To solve this problem, we present Gozar, a NAT-friendly gossip-based peer sampling service that: (i) provides uniform random samples in the presence of NATs, and (ii) enables direct connectivity to sampled nodes using a fully distributed NAT traversal service. We compare Gozar with the state-of-the-art NAT-friendly gossip-based peer sampling service, Nylon, and show that only Gozar supports one-hop NAT traversal, and its overhead is roughly half of Nylon’s

Understand the Similarity of Internet Service Providers via Peer-to-Peer User Interest Analysis

University of Minnesota M.S. thesis. June 2019. Major: Computer Science. Advisor: Haiyang Wang. 1 computer file (PDF); 63 pages.Internet traffic continues to exhibit exponential growth in the past few years. This forces Internet service providers(ISPs) to continuously invest in infrastructure upgrades and deploy traffic management techniques, such as caching and locality, to fulfill the increasing user demand. To help ISPs better manage their infrastructures, it is important to compare and understand the similarity of their user interests. However, such a comparison is challenging because the ISP data is hard to obtain, not to mention the related modeling and analysis issues. In this thesis, we aim to understand the ISP similarity through an extensive analysis of Peer-to-Peer(P2P) user interest. To collect the P2P dataset, we develop a tool to automatically download BitTorrent's meta-info(torrent) files on the Internet. This tool also helps us to collect important peer and content information in these BitTorrent swarms without uploading any copyrighted files. As a result, we successfully obtained 16,697 active peers from 1,721 torrents in 1,097 unique Autonomous Systems(ASes). After that, we adopt the classic statistical and clustering approaches to compare their different user interests. Our research for the first time shows the existence of cloud users in such real-world content distribution systems as BitTorrent. The model analysis further indicates that we can adopt similar traffic management approaches (e.g., caching similar contents) across geographically closer ASes

Scenarios and system dynamics of mobile peer-to-peer content distribution

Vertaisverkkoteknologian menestys kiinteissä verkoissa on johtanut vertaisverkkototeutuksiin myös mobiileissa verkoissa. Mobiilin vertaisverkkoteknologian tulevaisuuden suhteen on tosin vielä paljon epävarmuutta, koska operaattorit ja muut sidosryhmän jäsenet, jotka kärsivät laittoman tiedostonvaihdon seurauksista kiinteän verkon puolella, pelkäävät saman tapahtuvan myös mobiileissa verkoissa. Täten he saattavat yrittää estää mobiilin vertaisverkkoteknologian kehittymistä. On myös epävarmaa onko mobiilille vertaisverkkoteknologialle tarvetta loppukäyttäjän näkökulmasta, eritoten kun mobiililaitteiden suorituskyvyt ovat huomattavasti alhaisempia kuin kiinteiden. Tämä diplomityö keskittyy mobiilin vertaisverkon sisällönjakeluun. Sisällönjakelu on jaettu tiedostonvaihtoon, sisällön suoratoistoon ja kaupallisiin sisältöjärjestelmiin. Työ antaa näkemystä mobiilin vertaisverkon sisällönjakelun olennaisimpiin skenaarioihin, sidosryhmän jäseniin ja heidän kannustimiin. Mobiilin vertaisverkon sisällönjakelun epävarmuutta rajataan käyttämällä skenaarioanalyysiä ja mallinnetaan systeemidynamiikalla. Olennaisimmat skenaariot rakennetaan Schoemakerin metodilla ja niiden mallinnusta yritetään systeemidynamiikan keinoin. Tuloksena saadaan neljä eri skenaariota, jotka on kehitetty brainstorming -tilaisuuksissa ja kirjallisuuskatsauksessa löydettyjen avaintrendien ja -epävarmuustekijöiden perusteella. Skenaarioiden kvantitatiivisen mallinnuksen sijaan mallinnetaan skenaarioihin perustuvan mobiilin vertaisverkon sisällönjakelujärjestelmän dynaamista käyttäytymistä. Vaikka joitakin mobiilia vertaisverkkoteknologiaa hyödyntäviä sovelluksia on jo kehitetty ja käytössä, sekä aihetta tutkittu laajasti, vieläkin on epävarmaa mikä teknologian vaikutus tulee olemaan. Tämä diplomityö esittää mahdollisia vaikutuksia teknologialle ja antaa lähtökohdan tulevalle mobiilien vertaisverkon sisällönjakelujärjestelmien kvantitatiiviselle mallinnukselle. Systeemidynamiikka on toteuttamiskelpoinen vaihtoehto tavallisemmille mallinnustekniikoille, kuten taulukkolaskentamallinnukselle, jonka etuna on järjestelmän takaisinkytkentäsilmukkojen mallintaminen. Kun mobiili vertaisverkkoteknologia kehittyy, enemmän dataa tulee saataville ja vaihtoehtoisten systeemidynamiikkamallien rakentaminen on suositeltavaa.The success of peer-to-peer technology in the fixed networks has led to peer-to-peer implementations in the mobile networks as well. There is, however, a lot of uncertainty regarding the future of mobile peer-to-peer technology as the operators and other stakeholders that were affected negatively by illegal peer-to-peer file sharing in the fixed networks are afraid that it might happen in the mobile domain as well. Thus they might try to prevent mobile peer-to-peer technology from emerging. There is also the question whether there really is a need for peer-to-peer technology in the mobile domain from the end users' perspective, especially as the mobile device capabilities are considerably lower compared to the fixed ones. This thesis concentrates on mobile peer-to-peer content distribution. Content distribution is divided to file exchange, content streaming and commercial content systems. The thesis provides insight to the most relevant scenarios, stakeholders and their incentives related to mobile peer-to-peer content distribution. The uncertainty regarding mobile peer-to-peer content distribution will be bounded using scenario analysis and modeled using system dynamics. The most relevant scenarios regarding mobile peer-to-peer content distribution are constructed using Schoemaker's method and modeling of these scenarios is attempted with system dynamics. As a result four different scenarios are developed based on the key trends and uncertainties discovered during the literature review and brainstorming sessions. Instead of modeling the scenarios quantitatively, the dynamic behavior of a mobile peer-to-peer content distribution system based on the scenarios is modeled with system dynamics. Although there are some mobile peer-to-peer content distribution applications already developed and used, and the topic is considerably researched, it is still uncertain what the outcome of the technology will be. This thesis presents possible outcomes for the technology and provides a starting point for further quantitative modeling of mobile peer-to-peer content distribution systems. System dynamics provides a viable alternative to more common modeling techniques such as spreadsheet modeling, with a distinctive benefit of modeling the feedback loops in a system when used proficiently. As the mobile peer-to-peer technology evolves, more data becomes available and the construction of alternative system dynamics models is encouraged

Secure identity management in structured peer-to-peer (P2P) networks

Structured Peer-to-Peer (P2P) networks were proposed to solve routing problems of big distributed infrastructures. But the research community has been questioning their security for years. Most prior work in security services was focused on secure routing, reputation systems, anonymity, etc. However, the proper management of identities is an important prerequisite to provide most of these security services. The existence of anonymous nodes and the lack of a centralized authority capable of monitoring (and/or punishing) nodes make these systems more vulnerable against selfish or malicious behaviors. Moreover, these improper usages cannot be faced only with data confidentiality, nodes authentication, non-repudiation, etc. In particular, structured P2P networks should follow the following secure routing primitives: (1) secure maintenance of routing tables, (2) secure routing of messages, and (3) secure identity assignment to nodes. But the first two problems depend in some way on the third one. If nodes’ identifiers can be chosen by users without any control, these networks can have security and operational problems. Therefore, like any other network or service, structured P2P networks require a robust access control to prevent potential attackers joining the network and a robust identity assignment system to guarantee their proper operation. In this thesis, firstly, we analyze the operation of the current structured P2P networks when managing identities in order to identify what security problems are related to the nodes’ identifiers within the overlay, and propose a series of requirements to be accomplished by any generated node ID to provide more security to a DHT-based structured P2P network. Secondly, we propose the use of implicit certificates to provide more security and to exploit the improvement in bandwidth, storage and performance that these certificates present compared to explicit certificates, design three protocols to assign nodes’ identifiers avoiding the identified problems, while maintaining user anonymity and allowing users’ traceability. Finally, we analyze the operation of the most used mechanisms to distribute revocation data in the Internet, with special focus on the proposed systems to work in P2P networks, and design a new mechanism to distribute revocation data more efficiently in a structured P2P network.Las redes P2P estructuradas fueron propuestas para solventar problemas de enrutamiento en infraestructuras de grandes dimensiones pero su nivel de seguridad lleva años siendo cuestionado por la comunidad investigadora. La mayor parte de los trabajos que intentan mejorar la seguridad de estas redes se han centrado en proporcionar encaminamiento seguro, sistemas de reputación, anonimato de los usuarios, etc. Sin embargo, la adecuada gestión de las identidades es un requisito sumamente importante para proporcionar los servicios mencionados anteriormente. La existencia de nodos anónimos y la falta de una autoridad centralizada capaz de monitorizar (y/o penalizar) a los nodos hace que estos sistemas sean más vulnerables que otros a comportamientos maliciosos por parte de los usuarios. Además, esos comportamientos inadecuados no pueden ser detectados proporcionando únicamente confidencialidad de los datos, autenticación de los nodos, no repudio, etc. Las redes P2P estructuradas deberían seguir las siguientes primitivas de enrutamiento seguro: (1) mantenimiento seguro de las tablas de enrutamiento, (2) enrutamiento seguro de los mensajes, and (3) asignación segura de las identidades. Pero la primera de los dos primitivas depende de alguna forma de la tercera. Si las identidades de los nodos pueden ser elegidas por sus usuarios sin ningún tipo de control, muy probablemente aparecerán muchos problemas de funcionamiento y seguridad. Por lo tanto, de la misma forma que otras redes y servicios, las redes P2P estructuradas requieren de un control de acceso robusto para prevenir la presencia de atacantes potenciales, y un sistema robusto de asignación de identidades para garantizar su adecuado funcionamiento. En esta tesis, primero de todo analizamos el funcionamiento de las redes P2P estructuradas basadas en el uso de DHTs (Tablas de Hash Distribuidas), cómo gestionan las identidades de sus nodos, identificamos qué problemas de seguridad están relacionados con la identificación de los nodos y proponemos una serie de requisitos para generar identificadores de forma segura. Más adelante proponemos el uso de certificados implícitos para proporcionar más seguridad y explotar las mejoras en consumo de ancho de banda, almacenamiento y rendimiento que proporcionan estos certificados en comparación con los certificados explícitos. También hemos diseñado tres protocolos de asignación segura de identidades, los cuales evitan la mayor parte de los problemas identificados mientras mantienen el anonimato de los usuarios y la trazabilidad. Finalmente hemos analizado el funcionamiento de la mayoría de los mecanismos utilizados para distribuir datos de revocación en Internet, con especial interés en los sistemas propuestos para operar en redes P2P, y hemos diseñado un nuevo mecanismo para distribuir datos de revocación de forma más eficiente en redes P2P estructuradas.Postprint (published version

Distribuição de conteúdos multimédia na Web/P2P : SeedSeer

Mestrado em Engenharia de Computadores e TelemáticaDesde a criação da Internet que existem inumeras formas de partilhar ficheiros, mas até ao dia de hoje é discutível se alguma possa ser considerada a melhor. A apetência do público em geral para conteúdo multimedia levou ao aparecimento de novas plataformas de distribuição de conteúdo como o Google Play, Netflix, Apple Store, entre outros. Estes conteúdos são distribuídos de forma centralizada e levam a grandes custos de infra-estrutura para essas entidades. Por outro lado, as redes P2P permitem a distribuição de conteúdos de forma descentralizada e com baixos custos, estes contudo, exigem aplicações específicas e conhecimentos técnicos, o que se torna uma barreira entre o consumidor e os conteúdos que estão disponíveis nestas plataformas. Nesta tese é desenvolvido um protótipo de uma nova solução, usando novos standards HTML5 como WebSockets e WebRTC para introduzir uma nova perspectiva de como os utilizadores podem partilhar e consumir conteúdo. Em termos simples, a abordagem desta tese procura trazer a rede BitTorrent para os Browsers usando apenas javascript, tirando partido da sua facilidade de utilização por não exigir qualquer tipo de instalação necessária. Usando WebRTC esta tese foca-se em como fazer crescer a rede dos Browsers de forma descentralizada, incentivando o consumo de conteúdo em comunidades de utilizadores num esforço para aumentar a privacidade e resistência à censura, assim como mitigar limitações de escala da solução. Os resultados deste trabalho demonstram que alguns conceitos utilizados nesta tese têm vantagens únicas que são relevantes para o público em geral, no entanto, estas vêm com o custo de algumas limitações que são inerentes e devem ser mitigadas.Since the inception of the Internet there are a lot of ways to share files, but still to this day it is arguable if there’s a best one. The palatability of the general public for multimedia content created the need for new platforms of content distribution like Google Play, Netflix, Apple Store and some others. Contents that are distributed in a centralized way and that lead to great infrastructure costs to these entities. On the other hand, P2P networks allow the distribution of content in a decentralized way with low costs, these however require specific applications and technical knowledge, which is a barrier between the consumer and the contents that are available in these platforms. In this thesis a prototype of a new solution is developed, using upcoming HTML5 standards like WebSockets and WebRTC to introduce a new perspective to how users can share and consume content. In simple terms, the approach of this thesis is to bring the BitTorrent network into the browsers using only javascript, taking advantage of its ease of use by not requiring any kind installation. Using WebRTC this thesis focused in how to grow the browser’s network while being decentralized, encouraging content consumption in communities of users in an effort to increase privacy and resilience to censorship as well as mitigate scaling limitations of the solution. Results of this research demonstrate that some concepts used in this thesis have unique advantages that are relevant to the general public, however they come at the cost of some inherent limitations that should be mitigated