80 research outputs found
Internames: a name-to-name principle for the future Internet
We propose Internames, an architectural framework in which names are used to
identify all entities involved in communication: contents, users, devices,
logical as well as physical points involved in the communication, and services.
By not having a static binding between the name of a communication entity and
its current location, we allow entities to be mobile, enable them to be reached
by any of a number of basic communication primitives, enable communication to
span networks with different technologies and allow for disconnected operation.
Furthermore, with the ability to communicate between names, the communication
path can be dynamically bound to any of a number of end-points, and the
end-points themselves could change as needed. A key benefit of our architecture
is its ability to accommodate gradual migration from the current IP
infrastructure to a future that may be a ubiquitous Information Centric
Network. Basic building blocks of Internames are: i) a name-based Application
Programming Interface; ii) a separation of identifiers (names) and locators;
iii) a powerful Name Resolution Service (NRS) that dynamically maps names to
locators, as a function of time/location/context/service; iv) a built-in
capacity of evolution, allowing a transparent migration from current networks
and the ability to include as particular cases current specific architectures.
To achieve this vision, shared by many other researchers, we exploit and expand
on Information Centric Networking principles, extending ICN functionality
beyond content retrieval, easing send-to-name and push services, and allowing
to use names also to route data in the return path. A key role in this
architecture is played by the NRS, which allows for the co-existence of
multiple network "realms", including current IP and non-IP networks, glued
together by a name-to-name overarching communication primitive.Comment: 6 page
Is DNS Ready for Ubiquitous Internet of Things?
The vision of the Internet of Things (IoT) covers not only the well-regulated processes of specific applications in different areas but also includes ubiquitous connectivity of more generic objects (or things and devices) in the physical world and the related information in the virtual world. For example, a typical IoT application, such as a smart city, includes smarter urban transport networks, upgraded water supply, and waste-disposal facilities, along with more efficient ways to light and heat buildings. For smart city applications and others, we require unique naming of every object and a secure, scalable, and efficient name resolution which can provide access to any object\u27s inherent attributes with its name. Based on different motivations, many naming principles and name resolution schemes have been proposed. Some of them are based on the well-known domain name system (DNS), which is the most important infrastructure in the current Internet, while others are based on novel designing principles to evolve the Internet. Although the DNS is evolving in its functionality and performance, it was not originally designed for the IoT applications. Then, a fundamental question that arises is: can current DNS adequately provide the name service support for IoT in the future? To address this question, we analyze the strengths and challenges of DNS when it is used to support ubiquitous IoT. First, we analyze the requirements of the IoT name service by using five characteristics, namely security, mobility, infrastructure independence, localization, and efficiency, which we collectively refer to as SMILE. Then, we discuss the pros and cons of the DNS in satisfying SMILE in the context of the future evolution of the IoT environment
Understanding tradeoffs in incremental deployment of new network architectures
Despite the plethora of incremental deployment mechanisms proposed, rapid adoption of new network-layer protocols and architectures remains difficult as reflected by the widespread lack of IPv6 traffic on the Internet. We show that all de-ployment mechanisms must address four key questions: How to select an egress from the source network, how to select an ingress into the destination network, how to reach that egress, and how to reach that ingress. By creating a de-sign space that maps all existing mechanisms by how they answer these questions, we identify the lack of existing mech-anisms in part of this design space and propose two novel approaches: the “4ID ” and the “Smart 4ID”. The 4ID mech-anism utilizes new data plane technology to flexibly decide when to encapsulate packets at forwarding time. The Smart 4ID mechanism additionally adopts an SDN-style control plane to intelligently pick ingress/egress pairs based on a wider view of the local network. We implement these mech-anisms along with two widely used IPv6 deployment mech-anisms and conduct wide-area deployment experiments over PlanetLab. We conclude that Smart 4ID provide better overall performance and failure semantics, and that inno-vations in the data plane and control plane enable straight-forward incremental deployment
A distributed source locator model for name resolution in named data network
Recently, the number of devices that are connected to the Internet had been significantly increased with much more expected increment in the future. ICN is a new concept for future Internet that has been developed, many projects within the ICN concept are being researched and NDN in one of them. The purpose of this research is to design
distribution source locator for Name Resolution System to avoid the point of failure that may occur if there is only a central system and implemented this new model in NDN architecture to guarantee findings of any object in the network instead of looking for data hop by hop. This research employs the Design Research Methodology (DRM) and introduces its main stages according to the nature of this research. The conceptual model had been designed based on the previous study of NRS in other ICN projects, and according to Chord model in the distributed hash table (DHT). The huge amount of data and unfixed name length in NDN architecture are the main points that must be taken into
consideration in order to produce an efficient NRS for NDN. Furthermore, such system simplifies the distributing of the data that correspond to it. NDN is a new project under ICN concept and it is still under research with many issues that is needed to be solved, also there is no real component to work on NDN and all work had been done based on
simulation environment. Since the present research focuses on distributing the source locator for NRS, the major contribution of this study is to provide a guaranteed way to find the data object in NDN architecture and to improve the scalability issues in the network. This will support the data routing and transfer between the node and reduce the overall exchanged traffic. This permits the development of solving one of the major open issues in NDN architecture and thus aids in supporting the deployment of the new Internet concept base on the ICN networks. It will thus help users to transfer data reliably and more efficiently. The major contributions of this study include the design
of a new Distributed Source Locator (DSL) for Name Resolution. Other contributions are the way of distributing the hash tables for better and faster data lookup, on the other hand, this distribution gives the users the privilege to specify the data levels which results in an increment in the data security of the network. All these would contribute
toward the maximized utilization of network resources
Mecanismos de autenticação e controle de acesso para uma arquitetura de Internet do Futuro
Even with evolutions, the current Internet can not properly handle requirements such
as multihoming, Quality of Service, mobility, multicasting and security. Several research
groups around the world are involved in experimentally and incrementally creating the
next generation of Internet architecture.
Currently, knowledge and information are the factors of extreme importance for any
person, company or nation. Therefore, the information security is a prerequisite for any
information system. However, when the Internet was designed and security was not a
necessity at the moment, this became a chronic problem in the last decades.
Whenever new vulnerabilities emerge on the network, a new mechanism is created to
combat this threat, so the mechanism is added to the design of the Internet as an overlay,
rather than the architecture providing security intrinsically. In this way, including security
aspects is a fundamental requirement for the Future Internet architecture.
With regard to these architectures, Brazil has some initiatives and one of them in an
ETArch. It has a conceptual view very close to the definition of Software Defined Networks
and therefore since its first prototype uses the OpenFlow protocol to materialize this
vision. From its creation, researchers from several universities are working to incorporate
in the ETArch, in an incremental way, solutions that meet the requirements of the Future
Internet.
The mechanisms implementation proved viable with a reasonable average increase in
time, considering the resources acquired by the mechanisms of authentication and access
control incorporated into ETArch.CAPES - Coordenação de Aperfeiçoamento de Pessoal de Nível SuperiorDissertação (Mestrado)Mesmo com evoluções, a Internet atual não consegue tratar adequadamente requisitos
como multihoming, Quality of Service (QoS), mobilidade, multicast e segurança. Vários
grupos de pesquisa ao redor mundo estão envolvidos em criar, de forma experimental e
incremental, a próxima geração da arquitetura da Internet.
Atualmente, o conhecimento e a informação são fatores importantes para qualquer
pessoa, organização ou nação. Pensando nisso, a segurança é um pré-requisito para todo
e qualquer sistema de computação, mas quando a Internet foi projetada, a segurança não
era uma necessidade da época, provocando um problema crônico nas últimas décadas.
Sempre que surgem novas vulnerabilidades em um sistema computacional, um novo
mecanismo é criado para combater essa ameaça, sendo assim, o mecanismo é adicionado
ao projeto da Internet como uma sobreposição, em vez da arquitetura fornecer a segurança
de forma intrínseca.
No que tange à essas arquiteturas, o Brasil possui algumas iniciativas e uma delas é a
Entity Title Architecture (ETArch). Ela possui uma visão conceitual muito próxima da
abstração proposta pelas Redes Definidas por Software e portanto, desde o seu primeiro
protótipo utiliza o protocolo OpenFlow para materializar essa visão. Desde a sua criação,
pesquisadores de várias universidades vêm trabalhando para incorporar à ETArch, de
forma incremental, soluções que visam atender os requisitos de Internet do Futuro.
Apesar da segurança ser um requisito fundamental para implementações em arquiteturas
de Internet do Futuro, na ETArch tal requisito ainda não foi projetado. Deste modo,
as principais contribuições deste trabalho são elaborar e implementar dois mecanismos de
segurança: um para autenticação e outro para o controle de acesso.
A implementação dos mecanismos demonstraram-se viáveis com um acréscimo médio
relativamente pequeno em termos de tempo, se considerar os benefícios adquiridos pelos
mecanismos de autenticação e controle de acesso incorporados à ETArch
Enhanching Security in the Future Cyber Physical Systems
Cyber Physical System (CPS) is a system where cyber and physical components work in a complex co-ordination to provide better performance. By exploiting the communication infrastructure among the sensors, actuators, and control systems, attackers may compromise the security of a CPS. In this dissertation, security measures for different types of attacks/ faults in two CPSs, water supply system (WSS) and smart grid system, are presented. In this context, I also present my study on energy management in Smart Grid. The techniques for detecting attacks/faults in both WSS and Smart grid system adopt Kalman Filter (KF) and χ2 detector. The χ2 -detector can detect myriad of system fault- s/attacks such as Denial of Service (DoS) attack, short term and long term random attacks. However, the study shows that the χ2 -detector is unable to detect the intelligent False Data Injection attack (FDI). To overcome this limitation, I present a Euclidean detector for smart grid which can effectively detect such injection attacks. Along with detecting attack/faults I also present the isolation of the attacked/faulty nodes for smart grid. For isolation the Gen- eralized Observer Scheme (GOS) implementing Kalman Filter is used. As GOS is effective in isolating attacks/faults on a single sensor, it is unable to isolate simultaneous attacks/faults on multiple sensors. To address this issue, an Iterative Observer Scheme (IOS) is presented which is able to detect attack on multiple sensors. Since network is an integral part of the future CPSs, I also present a scheme for pre- serving privacy in the future Internet architecture, namely MobilityFirst architecture. The proposed scheme, called Anonymity in MobilityFirst (AMF), utilizes the three-tiered ap- proach to effectively exploit the inherent properties of MF Network such as Globally Unique Flat Identifier (GUID) and Global Name Resolution Service (GNRS) to provide anonymity to the users. While employing new proposed schemes in exchanging of keys between different tiers of routers to alleviate trust issues, the proposed scheme uses multiple routers in each tier to avoid collaboration amongst the routers in the three tiers to expose the end users
- …