Internames: a name-to-name principle for the future Internet

We propose Internames, an architectural framework in which names are used to identify all entities involved in communication: contents, users, devices, logical as well as physical points involved in the communication, and services. By not having a static binding between the name of a communication entity and its current location, we allow entities to be mobile, enable them to be reached by any of a number of basic communication primitives, enable communication to span networks with different technologies and allow for disconnected operation. Furthermore, with the ability to communicate between names, the communication path can be dynamically bound to any of a number of end-points, and the end-points themselves could change as needed. A key benefit of our architecture is its ability to accommodate gradual migration from the current IP infrastructure to a future that may be a ubiquitous Information Centric Network. Basic building blocks of Internames are: i) a name-based Application Programming Interface; ii) a separation of identifiers (names) and locators; iii) a powerful Name Resolution Service (NRS) that dynamically maps names to locators, as a function of time/location/context/service; iv) a built-in capacity of evolution, allowing a transparent migration from current networks and the ability to include as particular cases current specific architectures. To achieve this vision, shared by many other researchers, we exploit and expand on Information Centric Networking principles, extending ICN functionality beyond content retrieval, easing send-to-name and push services, and allowing to use names also to route data in the return path. A key role in this architecture is played by the NRS, which allows for the co-existence of multiple network "realms", including current IP and non-IP networks, glued together by a name-to-name overarching communication primitive.Comment: 6 page

Is DNS Ready for Ubiquitous Internet of Things?

The vision of the Internet of Things (IoT) covers not only the well-regulated processes of specific applications in different areas but also includes ubiquitous connectivity of more generic objects (or things and devices) in the physical world and the related information in the virtual world. For example, a typical IoT application, such as a smart city, includes smarter urban transport networks, upgraded water supply, and waste-disposal facilities, along with more efficient ways to light and heat buildings. For smart city applications and others, we require unique naming of every object and a secure, scalable, and efficient name resolution which can provide access to any object\u27s inherent attributes with its name. Based on different motivations, many naming principles and name resolution schemes have been proposed. Some of them are based on the well-known domain name system (DNS), which is the most important infrastructure in the current Internet, while others are based on novel designing principles to evolve the Internet. Although the DNS is evolving in its functionality and performance, it was not originally designed for the IoT applications. Then, a fundamental question that arises is: can current DNS adequately provide the name service support for IoT in the future? To address this question, we analyze the strengths and challenges of DNS when it is used to support ubiquitous IoT. First, we analyze the requirements of the IoT name service by using five characteristics, namely security, mobility, infrastructure independence, localization, and efficiency, which we collectively refer to as SMILE. Then, we discuss the pros and cons of the DNS in satisfying SMILE in the context of the future evolution of the IoT environment

Understanding tradeoffs in incremental deployment of new network architectures

Despite the plethora of incremental deployment mechanisms proposed, rapid adoption of new network-layer protocols and architectures remains difficult as reflected by the widespread lack of IPv6 traffic on the Internet. We show that all de-ployment mechanisms must address four key questions: How to select an egress from the source network, how to select an ingress into the destination network, how to reach that egress, and how to reach that ingress. By creating a de-sign space that maps all existing mechanisms by how they answer these questions, we identify the lack of existing mech-anisms in part of this design space and propose two novel approaches: the “4ID ” and the “Smart 4ID”. The 4ID mech-anism utilizes new data plane technology to flexibly decide when to encapsulate packets at forwarding time. The Smart 4ID mechanism additionally adopts an SDN-style control plane to intelligently pick ingress/egress pairs based on a wider view of the local network. We implement these mech-anisms along with two widely used IPv6 deployment mech-anisms and conduct wide-area deployment experiments over PlanetLab. We conclude that Smart 4ID provide better overall performance and failure semantics, and that inno-vations in the data plane and control plane enable straight-forward incremental deployment

A distributed source locator model for name resolution in named data network

Recently, the number of devices that are connected to the Internet had been significantly increased with much more expected increment in the future. ICN is a new concept for future Internet that has been developed, many projects within the ICN concept are being researched and NDN in one of them. The purpose of this research is to design distribution source locator for Name Resolution System to avoid the point of failure that may occur if there is only a central system and implemented this new model in NDN architecture to guarantee findings of any object in the network instead of looking for data hop by hop. This research employs the Design Research Methodology (DRM) and introduces its main stages according to the nature of this research. The conceptual model had been designed based on the previous study of NRS in other ICN projects, and according to Chord model in the distributed hash table (DHT). The huge amount of data and unfixed name length in NDN architecture are the main points that must be taken into consideration in order to produce an efficient NRS for NDN. Furthermore, such system simplifies the distributing of the data that correspond to it. NDN is a new project under ICN concept and it is still under research with many issues that is needed to be solved, also there is no real component to work on NDN and all work had been done based on simulation environment. Since the present research focuses on distributing the source locator for NRS, the major contribution of this study is to provide a guaranteed way to find the data object in NDN architecture and to improve the scalability issues in the network. This will support the data routing and transfer between the node and reduce the overall exchanged traffic. This permits the development of solving one of the major open issues in NDN architecture and thus aids in supporting the deployment of the new Internet concept base on the ICN networks. It will thus help users to transfer data reliably and more efficiently. The major contributions of this study include the design of a new Distributed Source Locator (DSL) for Name Resolution. Other contributions are the way of distributing the hash tables for better and faster data lookup, on the other hand, this distribution gives the users the privilege to specify the data levels which results in an increment in the data security of the network. All these would contribute toward the maximized utilization of network resources

Mecanismos de autenticação e controle de acesso para uma arquitetura de Internet do Futuro

Even with evolutions, the current Internet can not properly handle requirements such as multihoming, Quality of Service, mobility, multicasting and security. Several research groups around the world are involved in experimentally and incrementally creating the next generation of Internet architecture. Currently, knowledge and information are the factors of extreme importance for any person, company or nation. Therefore, the information security is a prerequisite for any information system. However, when the Internet was designed and security was not a necessity at the moment, this became a chronic problem in the last decades. Whenever new vulnerabilities emerge on the network, a new mechanism is created to combat this threat, so the mechanism is added to the design of the Internet as an overlay, rather than the architecture providing security intrinsically. In this way, including security aspects is a fundamental requirement for the Future Internet architecture. With regard to these architectures, Brazil has some initiatives and one of them in an ETArch. It has a conceptual view very close to the definition of Software Defined Networks and therefore since its first prototype uses the OpenFlow protocol to materialize this vision. From its creation, researchers from several universities are working to incorporate in the ETArch, in an incremental way, solutions that meet the requirements of the Future Internet. The mechanisms implementation proved viable with a reasonable average increase in time, considering the resources acquired by the mechanisms of authentication and access control incorporated into ETArch.CAPES - Coordenação de Aperfeiçoamento de Pessoal de Nível SuperiorDissertação (Mestrado)Mesmo com evoluções, a Internet atual não consegue tratar adequadamente requisitos como multihoming, Quality of Service (QoS), mobilidade, multicast e segurança. Vários grupos de pesquisa ao redor mundo estão envolvidos em criar, de forma experimental e incremental, a próxima geração da arquitetura da Internet. Atualmente, o conhecimento e a informação são fatores importantes para qualquer pessoa, organização ou nação. Pensando nisso, a segurança é um pré-requisito para todo e qualquer sistema de computação, mas quando a Internet foi projetada, a segurança não era uma necessidade da época, provocando um problema crônico nas últimas décadas. Sempre que surgem novas vulnerabilidades em um sistema computacional, um novo mecanismo é criado para combater essa ameaça, sendo assim, o mecanismo é adicionado ao projeto da Internet como uma sobreposição, em vez da arquitetura fornecer a segurança de forma intrínseca. No que tange à essas arquiteturas, o Brasil possui algumas iniciativas e uma delas é a Entity Title Architecture (ETArch). Ela possui uma visão conceitual muito próxima da abstração proposta pelas Redes Definidas por Software e portanto, desde o seu primeiro protótipo utiliza o protocolo OpenFlow para materializar essa visão. Desde a sua criação, pesquisadores de várias universidades vêm trabalhando para incorporar à ETArch, de forma incremental, soluções que visam atender os requisitos de Internet do Futuro. Apesar da segurança ser um requisito fundamental para implementações em arquiteturas de Internet do Futuro, na ETArch tal requisito ainda não foi projetado. Deste modo, as principais contribuições deste trabalho são elaborar e implementar dois mecanismos de segurança: um para autenticação e outro para o controle de acesso. A implementação dos mecanismos demonstraram-se viáveis com um acréscimo médio relativamente pequeno em termos de tempo, se considerar os benefícios adquiridos pelos mecanismos de autenticação e controle de acesso incorporados à ETArch

Enhanching Security in the Future Cyber Physical Systems

Cyber Physical System (CPS) is a system where cyber and physical components work in a complex co-ordination to provide better performance. By exploiting the communication infrastructure among the sensors, actuators, and control systems, attackers may compromise the security of a CPS. In this dissertation, security measures for different types of attacks/ faults in two CPSs, water supply system (WSS) and smart grid system, are presented. In this context, I also present my study on energy management in Smart Grid. The techniques for detecting attacks/faults in both WSS and Smart grid system adopt Kalman Filter (KF) and χ2 detector. The χ2 -detector can detect myriad of system fault- s/attacks such as Denial of Service (DoS) attack, short term and long term random attacks. However, the study shows that the χ2 -detector is unable to detect the intelligent False Data Injection attack (FDI). To overcome this limitation, I present a Euclidean detector for smart grid which can effectively detect such injection attacks. Along with detecting attack/faults I also present the isolation of the attacked/faulty nodes for smart grid. For isolation the Gen- eralized Observer Scheme (GOS) implementing Kalman Filter is used. As GOS is effective in isolating attacks/faults on a single sensor, it is unable to isolate simultaneous attacks/faults on multiple sensors. To address this issue, an Iterative Observer Scheme (IOS) is presented which is able to detect attack on multiple sensors. Since network is an integral part of the future CPSs, I also present a scheme for pre- serving privacy in the future Internet architecture, namely MobilityFirst architecture. The proposed scheme, called Anonymity in MobilityFirst (AMF), utilizes the three-tiered ap- proach to effectively exploit the inherent properties of MF Network such as Globally Unique Flat Identifier (GUID) and Global Name Resolution Service (GNRS) to provide anonymity to the users. While employing new proposed schemes in exchanging of keys between different tiers of routers to alleviate trust issues, the proposed scheme uses multiple routers in each tier to avoid collaboration amongst the routers in the three tiers to expose the end users