153 research outputs found
Method and System for Name Resolution Across Heterogeneous Architectures
One embodiment of the present invention provides a system for resolving a name request in a network comprising a plurality of groups that use different name-resolution schemes. During operation, the system receives, at a first group, the name request; identifies a parent group of the first group, which is a member of the parent group; and in response to failing to resolve the name request within the first group, forwards the name request to the identified parent group
Formal verification of authentication and service authorization protocols in 5G-enabled device-to-device communications using ProVerif
Device-to-Device (D2D) communications will be used as an underlay technology in the Fifth Generation mobile network (5G), which will make network services of multiple Service Providers (SP) available anywhere. The end users will be allowed to access and share services using their User Equipments (UEs), and thus they will require seamless and secured connectivity. At the same time, Mobile Network Operators (MNOs) will use the UE to offload traffic and push contents closer to users relying on D2D communications network. This raises security concerns at different levels of the system architecture and highlights the need for robust authentication and authorization mechanisms to provide secure services access and sharing between D2D users. Therefore, this paper proposes a D2D level security solution that comprises two security protocols, namely, the D2D Service security (DDSec) and the D2D Attributes and Capability security (DDACap) protocols, to provide security for access, caching and sharing data in network-assisted and non-network-assisted D2D communications scenarios. The proposed solution applies Identity-based Encryption (IBE), Elliptic Curve Integrated Encryption Scheme (ECIES) and access control mechanisms for authentication and authorization procedures. We formally verified the proposed protocols using ProVerif and applied pi calculus. We also conducted a security analysis of the proposed protocols
Recommended from our members
Service Competition and Data-Centric Protocols for Internet Access
The Internet evolved in many aspects, from the application to the physical layers. However, the evolution of the Internet access technologies, most visible in dense urban scenarios, is not easily noticeable in sparsely populated and rural areas.
In the United States, for example, the FCC identified that 50% of the census blocks have access to up to two broadband providers; however, these providers do not necessarily compete. Additionally, due to the methodology of the study, there is evidence that the number of actual customers without broadband access is higher since the FCC considers the entire block to have broadband if any customer in a block has broadband. Moreover, the average downstream connection bandwidth in the United States is 18.7 Mbps, according to the Akamai State of the Internet report, which places the US in the 10th position in the global rank. It’s worth noting that modern applications such as Ultra High Definition (UHD) video streaming requires a bandwidth of at least 25 Mbps. Newer applications such as virtual reality streaming require at least a 50 Mbps bandwidth. Additionally, urban scenarios are dominated by monopolistic and duopolistic markets, whereby network providers have little incentives to offer innovative services. In this work, we propose an open access network infrastructure along with a novel Internet architecture that allows dynamic economic relationships between users and providers through a marketplace of network services. These economic relationships have a finer granularity than today’s coarse and lengthy contracts, allowing higher competition and promoting innovation in the access market. We develop an agent-based simulator to evaluate our proposed network model and its various competition scenarios. Our simulations show that competition greatly benefits users and applications, creating the necessary incentives for providers to innovate while also benefiting consumers.
The trend that resulted in sparsely populated areas lagging of the latest innovations in the access networks is also observed in wireless access networks, where the investments are focused on densely populated areas. Moreover, the rapidly increasing number of mobile devices coupled with the increasingly bandwidth demanding applications are posing a significant challenge to cellular network operators that have to increase OPEX/CAPEX and deal with higher complexity in their networks.
The advances in the access technologies that brought higher speeds and lower latency also reduced the area of coverage of cellular base stations. To cope with the increase in traffic, cellular network operators have been deploying more base stations. In addition, cellular providers have adopted “all-you-can-use” price models, which led users to ramp-up their usage, further worsening congestion in the network.
To address this issue, we propose a scheme that uses Device-to-Device (D2D) communication along with Information-Centric Networking (ICN) to offload traffic from cellular base stations. Then, we build on this scheme and propose a cross-layer assisted forwarding strategy to enhance communication in the MANET. In D2D communication, users can retrieve content directly from their nearby peers. However, this type of communication poses challenges to the current connection-oriented communication model, as devices can move in and out of the communication range at any time, constantly changing routing state, and nodes are subject to hidden and exposed terminal problems. ICN addresses some of these issues with inherent support for transparent caching and named content retrieval, making the network more resilient to disconnections. Our proposed scheme can offload up to 51.7% of the contents from the backhaul cellular infrastructure when requesting the content from nearby peers first.
Finally, we combine the concepts of the marketplace, D2D communication, and ICN to propose a platform for decentralized and opportunistic communication that uses COTS radios to relay packets, extending the reach of the Internet to sparsely populated areas with low cost and without the lengthy contracts from commercial network providers. Our platform can potentially link the remaining part of the population that is not currently connected to the Internet
OpenCache:a content delivery platform for the modern internet
Since its inception, the World Wide Web has revolutionised the way we share information, keep in touch with each other and consume content. In the latter case, it is now used by thousands of simultaneous users to consume video, surpassing physical media as the primary means of distribution. With the rise of on-demand services and more recently, high-definition media, this popularity has not waned. To support this consumption, the underlying infrastructure has been forced to evolve at a rapid pace. This includes the technology and mechanisms to facilitate the transmission of video, which are now offered at varying levels of quality and resolution. Content delivery networks are often deployed in order to scale the distribution provision. These vary in nature and design; from third-party providers running entirely as a service to others, to in-house solutions owned by the content service providers themselves. However, recent innovations in networking and virtualisation, namely Software Defined Networking and Network Function Virtualisation, have paved the way for new content delivery infrastructure designs. In this thesis, we discuss the motivation behind OpenCache, a next-generation content delivery platform. We examine how we can leverage these emerging technologies to provide a more flexible and scalable solution to content delivery. This includes analysing the feasibility of novel redirection techniques, and how these compare to existing means. We also investigate the creation of a unified interface from which a platform can be precisely controlled, allowing new applications to be created that operate in harmony with the infrastructure provision. Developments in distributed virtualisation platforms also enables functionality to be spread throughout a network, influencing the design of OpenCache. Through a prototype implementation, we evaluate each of these facets in a number of different scenarios, made possible through deployment on large-scale testbeds
A survey on cost-effective context-aware distribution of social data streams over energy-efficient data centres
Social media have emerged in the last decade as a viable and ubiquitous means of communication. The ease of user content generation within these platforms, e.g. check-in information, multimedia data, etc., along with the proliferation of Global Positioning System (GPS)-enabled, always-connected capture devices lead to data streams of unprecedented amount and a radical change in information sharing. Social data streams raise a variety of practical challenges, including derivation of real-time meaningful insights from effectively gathered social information, as well as a paradigm shift for content distribution with the leverage of contextual data associated with user preferences, geographical characteristics and devices in general. In this article we present a comprehensive survey that outlines the state-of-the-art situation and organizes challenges concerning social media streams and the infrastructure of the data centres supporting the efficient access to data streams in terms of content distribution, data diffusion, data replication, energy efficiency and network infrastructure. We systematize the existing literature and proceed to identify and analyse the main research points and industrial efforts in the area as far as modelling, simulation and performance evaluation are concerned
SECURE BOOTSTRAPPING AND ACCESS CONTROL IN NDN-BASED SMART HOME SYSTEMS
Smart home systems utilize network-enabled sensors to collect environmental data and provide various services to home residents. Such a system must be designed with security mechanisms to protect the safety and privacy of the residents. More specifically, we need to secure the production, dissemination, and consumption of smart home data, as well as prevent any unauthorized access to the services provided by the system. In this work, we study how to build a secure smart home system in the context of Named Data Networking, a future Internet architecture that has unique advantages in securing Internet of Things. We focus on solving two security problems: (a) mutual authentication between a new device and an existing smart home system to bootstrap the device, and (b) controlling access to smart home data. We designed a naming hierarchy for a smart home system and the corresponding trust model. Based on the naming and trust model, we designed bootstrapping protocols which enforce mutual cryptographic challenges, and a programming template which facilitates Name-based Access Control. We have designed and implemented an application that incorporates these solutions. Evaluation result shows: (a) the bootstrapping protocols can defend against replay attacks with a small computation overhead, and (b) Name-Based Access Control can provide accurate time schedules to restrict access to fine-grained data types with a small computation overhead
Convergence du web et des services de communication
Les services de communication, du courrier postal à la téléphonie, en passant par la voix et la vidéo sur IP (Internet Protocol), la messagerie électronique, les salons de discussion sur Internet, les visioconférences ou les télécommunications immersives ont évolué au fil du temps. Un système de communication voix-vidéo sur IP est réalisé grâce à deux couches architecturales fondamentales : la couche de signalisation et la couche média. Le protocole de signalisation est utilisé pour créer, modifier et terminer des sessions multimédias entre des participants. La couche de signalisation est divisée en deux sous-couches - la couche de service et celle de contrôle - selon la spécification de l IP Multimedia Subsystem (IMS). Deux systèmes de communication largement utilisés sont l IMS et SIP Pair-à - Pair (P2P SIP). Les fournisseurs de services, qui se comportent en tant qu intermédiaires entre appelants et appelés, implémentent les systèmes de communication, contrôlant strictement la couche signalisation. Or ces fournisseurs de services ne prennent pas en compte la diversité des utilisateurs. Cette thèse identifie trois barrières technologiques dans les systèmes de communication actuels et plus précisément concernant la couche de signalisation. I. Un manque d ouverture et de flexibilité dans la couche de signalisation pour les utilisateurs. II. Un développement difficile des services basés sur le réseau et les sessions. III. Une complexification du la couche de signalisation lors d un très grand nombre d appels. Ces barrières technologiques gênent l innovation des utilisateurs avec ces services de communication. Basé sur les barrières technologiques listées cidessus, le but initial de cette thèse est de définir un concept et une architecture de système de communication dans lequel chaque individu devient un fournisseur de service. Le concept, "My Own Communication Service Provider" (MOCSP) et le système MOCSP sont proposés, accompagné d un diagramme de séquence. Ensuite, la thèse fournit une analyse qui compare le système MOCSP avec les systèmes de communication existants en termes d ouverture et de flexibilité. La seconde partie de la thèse présente des solutions pour les services basés sur le réseau ou les sessions, mettant en avant le système MOCSP proposé. Deux services innovants, user mobility et partial session transfer/retrieval (PSTR) sont pris comme exemples de services basés sur le réseau ou les sessions. Les services basés sur un réseau ou des sessions interagissent avec une session ou sont exécutés dans une session. Dans les deux cas, une seule entité fonctionnelle entre l appelant et l appelé déclenche le flux multimédia pendant l initialisation de l appel et/ou en cours de communication. De plus, la coopération entre le contrôle d appel réseau et les différents pairs est facilement réalisé. La dernière partie de la thèse est dédiée à l extension de MOCSP en cas de forte densité d appels, elle inclut une analyse comparative. Cette analyse dépend de quatre facteurs - limite de passage à l échelle, niveau de complexité, ressources de calcul requises et délais d établissement de session - qui sont considérés pour évaluer le passage à l échelle de la couche de signalisation. L analyse comparative montre clairement que la solution basée sur MOCSP est simple et améliore l usage effectif des ressources de calcul par rapport aux systèmes de communication traditionnelsDifferent communication services from delivery of written letters to telephones, voice/video over Internet Protocol(IP), email, Internet chat rooms, and video/audio conferences, immersive communications have evolved over time. A communication system of voice/video over IP is the realization of a two fundamental layered architecture, signaling layer and media layer. The signaling protocol is used to create, modify, and terminate media sessions between participants. The signaling layer is further divided into two layers, service layer and service control layer, in the IP Multimedia Subsystem (IMS) specification. Two widely used communication systems are IMS, and Peer-to-Peer Session Initiation Protocol (P2P SIP). Service providers, who behave as brokers between callers and callees, implement communication systems, heavily controlling the signaling layer. These providers do not take the diversity aspect of end users into account. This dissertation identifies three technical barriers in the current communication systems especially in the signaling layer. Those are: I. lack of openness and flexibility in the signaling layer for end users. II. difficulty of development of network-based, session-based services. III. the signaling layer becomes complex during the high call rate. These technical barriers hinder the end-user innovation with communication services. Based on the above listed technical barriers, the first part of this thesis defines a concept and architecture for a communication system in which an individual user becomes the service provider. The concept, My Own Communication Service Provider (MOCSP) and MOCSP system is proposed and followed by a call flow. Later, this thesis provides an analysis that compares the MOCSP system with existing communication systems in terms of openness and flexibility. The second part of this thesis presents solutions for network-based, session based services, leveraging the proposed MOCSP system. Two innovative services, user mobility and partial session transfer/retrieval are considered as examples for network-based, session-based services. The network-based, sessionbased services interwork with a session or are executed within a session. In both cases, a single functional entity between caller and callee consistently enables the media flow during the call initiation and/or mid-call. In addition, the cooperation of network call control and end-points is easily achieved. The last part of the thesis is devoted to extending the MOCSP for a high call rate and includes a preliminary comparative analysis. This analysis depends on four factors - scalability limit, complexity level, needed computing resources and session setup latency - that are considered to specify the scalability of the signaling layer. The preliminary analysis clearly shows that the MOCSP based solution is simple and has potential for improving the effective usage of computing resources over the traditional communication systemsEVRY-INT (912282302) / SudocSudocFranceF
Formal verification of authentication and service authorization protocols in 5G-enabled device-to-device communications using ProVerif
Device-to-Device (D2D) communications will be used as an underlay technology in the Fifth Generation mobile network (5G), which will make network services of multiple Service Providers (SP) available anywhere. The end users will be allowed to access and share services using their User Equipments (UEs), and thus they will require seamless and secured connectivity. At the same time, Mobile Network Operators (MNOs) will use the UE to offload traffic and push contents closer to users relying on D2D communications network. This raises security concerns at different levels of the system architecture and highlights the need for robust authentication and authorization mechanisms to provide secure services access and sharing between D2D users. Therefore, this paper proposes a D2D level security solution that comprises two security protocols, namely, the D2D Service security (DDSec) and the D2D Attributes and Capability security (DDACap) protocols, to provide security for access, caching and sharing data in network-assisted and non-network-assisted D2D communications scenarios. The proposed solution applies Identity-based Encryption (IBE), Elliptic Curve Integrated Encryption Scheme (ECIES) and access control mechanisms for authentication and authorization procedures. We formally verified the proposed protocols using ProVerif and applied pi calculus. We also conducted a security analysis of the proposed protocols
Proactive Mechanisms for Video-on-Demand Content Delivery
Video delivery over the Internet is the dominant source of network load all over the world.
Especially VoD streaming services such as YouTube, Netflix, and Amazon Video have propelled the proliferation of VoD in many peoples' everyday life.
VoD allows watching video from a large quantity of content at any time and on a multitude of devices, including smart TVs, laptops, and smartphones.
Studies show that many people under the age of 32 grew up with VoD services and have never subscribed to a traditional cable TV service.
This shift in video consumption behavior is continuing with an ever-growing number of users.
satisfy this large demand, VoD service providers usually rely on CDN, which make VoD streaming scalable by operating a geographically distributed network of several hundreds of thousands of servers.
Thereby, they deliver content from locations close to the users, which keeps traffic local and enables a fast playback start.
CDN experience heavy utilization during the day and are usually reactive to the user demand, which is not optimal as it leads to expensive over-provisioning, to cope with traffic peaks, and overreacting content eviction that decreases the CDN's performance.
However, to sustain future VoD streaming projections with hundreds of millions of users, new approaches are required to increase the content delivery efficiency.
To this end, this thesis identifies three key research areas that have the potential to address the future demand for VoD content.
Our first contribution is the design of vFetch, a privacy-preserving prefetching mechanism for mobile devices.
It focuses explicitly on OTT VoD providers such as YouTube.
vFetch learns the user interest towards different content channels and uses these insights to prefetch content on a user terminal.
To do so, it continually monitors the user behavior and the device's mobile connectivity pattern, to allow for resource-efficient download scheduling.
Thereby, vFetch illustrates how personalized prefetching can reduce the mobile data volume and alleviate mobile networks by offloading peak-hour traffic.
Our second contribution focuses on proactive in-network caching.
To this end, we present the design of the ProCache mechanism that divides the available cache storage concerning separate content categories.
Thus, the available storage is allocated to these divisions based on their contribution to the overall cache efficiency.
We propose a general work-flow that emphasizes multiple categories of a mixed content workload in addition to a work-flow tailored for music video content, the dominant traffic source on YouTube.
Thereby, ProCache shows how content-awareness can contribute to efficient in-network caching.
Our third contribution targets the application of multicast for VoD scenarios.
Many users request popular VoD content with only small differences in their playback start time which offers a potential for multicast.
Therefore, we present the design of the VoDCast mechanism that leverages this potential to multicast parts of popular VoD content.
Thereby, VoDCast illustrates how ISP can collaborate with CDN to coordinate on content that should be delivered by ISP-internal multicast
High Performance Web Servers: A Study In Concurrent Programming Models
With the advent of commodity large-scale multi-core computers, the performance of software running on these computers has become a challenge to researchers and enterprise developers. While academic research and industrial products have moved in the direction of writing scalable and highly available services using distributed computing, single machine performance remains an active domain, one which is far from saturated.
This thesis selects an archetypal software example and workload in this domain, and describes software characteristics affecting performance. The example is highly-parallel web-servers processing a static workload. Particularly, this work examines concurrent programming models in the context of high-performance web-servers across different architectures — threaded (Apache, Go and μKnot), event-driven (Nginx, μServer) and staged (WatPipe) — compared with two static workloads in two different domains. The two workloads are a Zipf distribution of file sizes representing a user session pulling an assortment of many small and a few large files, and a 50KB file representing chunked streaming of a large audio or video file. Significant effort is made to fairly compare eight web-servers by carefully tuning each via their adjustment parameters. Tuning plays a significant role in workload-specific performance. The two domains are no disk I/O (in-memory file set) and medium disk I/O. The domains are created by lowering the amount of RAM available to the web-server from 4GB to 2GB, forcing files to be evicted from the file-system cache. Both domains are also restricted to 4 CPUs.
The primary goal of this thesis is to examine fundamental performance differences between threaded and event-driven concurrency models, with particular emphasis on user-level threading models. Additionally, a secondary goal of the work is to examine high-performance software under restricted hardware environments. Over-provisioned hardware environments can mask architectural and implementation shortcomings in software – the hypothesis in this work is that restricting resources stresses the application, bringing out important performance characteristics and properties. Experimental results for the given workload show that memory pressure is one of the most significant factors for the degradation of web-server performance, because it forces both the onset and amount of disk I/O. With an ever increasing need to support more content at faster rates, a web-server relies heavily on in-memory caching of files and related content. In fact, personal and small business web-servers are even run on minimal hardware, like the Raspberry Pi, with only 1GB of RAM and a small SD card for the file system. Therefore, understanding behaviour and performance in restricted contexts should be a normal aspect of testing a web server (and other software systems)
- …