Maritime Indonesia and the Archipelagic Outlook; Some Reflections From a Multidisciplinary Perspective on Old Port Cities in Java

The present paper reflects on Indonesia\u27s status as an archipelagic state and a maritime nation from a historical perspective. It explores the background of a multi-year research project into Indonesia\u27s maritime past currently being undertaken at the Humanities Faculty of Universitas Indonesia. The multidisciplinary research uses toponymy, epigraphy, philology, and linguistic lines of analysis in examining old inscriptions and manuscripts and also includes site visits to a number of old port cities across the archipelago. We present here some of the core concepts behind the research such as the importance of the ancient port cities in a network of maritime trade and diplomacy, and link them to some contemporary issues such as the Archipelagic Outlook. This is based on a concept of territorial integrity that reflects Indonesia\u27s national identity and aspirations. It is hoped that the paper can extend the discussion about efforts to make maritime affairs a strategic geopolitical goal along with restoring Indonesia\u27s identity as a maritime nation

PROVIDE: hiding from automated network scans with proofs of identity

Network scanners are a valuable tool for researchers and administrators, however they are also used by malicious actors to identify vulnerable hosts on a network. Upon the disclosure of a security vulnerability, scans are launched within hours. These opportunistic attackers enumerate blocks of IP addresses in hope of discovering an exploitable host. Fortunately, defensive measures such as port knocking protocols (PKPs) allow a service to remain stealth to unauthorized IP addresses. The service is revealed only when a client includes a special authentication token (AT) in the IP/TCP header. However this AT is generated from a secret shared between the clients/servers and distributed manually to each endpoint. As a result, these defense measures have failed to be widely adopted by other protocols such as HTTP/S due to challenges in distributing the shared secrets. In this paper we propose a scalable solution to this problem for services accessed by domain name. We make the following observation: automated network scanners access servers by IP address, while legitimate clients access the server by name. Therefore a service should only reveal itself to clients who know its name. Based on this principal, we have created a proof of the verifier’s identity (a.k.a. PROVIDE) protocol that allows a prover (legitimate user) to convince a verifier (service) that it is knowledgeable of the verifier’s identity. We present a PROVIDE implementation using a PKP and DNS (PKP+DNS) that uses DNS TXT records to distribute identification tokens (IDT) while DNS PTR records for the service’s domain name are prohibited to prevent reverse DNS lookups. Clients are modified to make an additional DNS TXT query to obtain the IDT which is used by the PKP to generate an AT. The inclusion of an AT in the packet header, generated from the DNS TXT query, is proof the client knows the service’s identity. We analyze the effectiveness of this mechanism with respect to brute force attempts for various strength ATs and discuss practical considerations.This work has been supported by the National Science Foundation (NSF) awards #1430145, #1414119, and #1012798

Linux XIA: an interoperable meta network architecture to crowdsource the future Internet

With the growing number of proposed clean-slate redesigns of the Internet, the need for a medium that enables all stakeholders to participate in the realization, evaluation, and selection of these designs is increasing. We believe that the missing catalyst is a meta network architecture that welcomes most, if not all, clean-state designs on a level playing field, lowers deployment barriers, and leaves the final evaluation to the broader community. This paper presents Linux XIA, a native implementation of XIA [12] in the Linux kernel, as a candidate. We first describe Linux XIA in terms of its architectural realizations and algorithmic contributions. We then demonstrate how to port several distinct and unrelated network architectures onto Linux XIA. Finally, we provide a hybrid evaluation of Linux XIA at three levels of abstraction in terms of its ability to: evolve and foster interoperation of new architectures, embed disparate architectures inside the implementation’s framework, and maintain a comparable forwarding performance to that of the legacy TCP/IP implementation. Given this evaluation, we substantiate a previously unsupported claim of XIA: that it readily supports and enables network evolution, collaboration, and interoperability—traits we view as central to the success of any future Internet architecture.This research was supported by the National Science Foundation under awards CNS-1040800, CNS-1345307 and CNS-1347525

Deliverable DJRA1.3: Tool prototype for creating and stitching multiple network resources for virtual infrastructures

This document describes the prototype FEDERICA Slice Tool developed for the virtualization of network elements in FEDERICA and for creating and stitching network resources over this virtual infrastructure. An SNMP-based resource discovery prototype is also introduced as a new functionality to be integrated in the tool.The deliverable also presents aviability study for the use of traffic prioritization in the FEDERICA infrastructure and some network performance measurements on a real slice within FEDERICA.This document reports the final results of JRA1.2 Activity in the development of a tool prototype for creating sets ofvirtual resourcesinFEDERICA.The prototype goal is to simplify and automate part of the work for NOC.The tool may also serve,with different privileges, a FEDERICA user to operate on his/her slice. The tool described here was designed with the objective of providing an interactive application with a graphical interface to operate on resources for the NOC and the end users (researchers). The tool simplify the creation and configuration of resources in a slice and it is a mandatory step to ensure scalability of the NOC effort. It offers an interactive Graphical User Interface that translates the users’ actions to commands in the substrate (networknodesandV-nodes)andslice elements(VirtualMachines).User accounts may be created for the NOC and for researchers, each with specific privileges to enable different sets of capabilities. The NOC account has full access to all the resources in the substrate, while each user’account has full access only to the virtual resources in his/her slice. The tool has been developed using the Java programming language as Open Source code and relies on the open source Globus® Toolkit. Testing has been performed in a laboratory environment and on some FEDERICA substrate equipment (1switch, 2VMwareServers) in their standard configuration. For testing the router, web services and GUI an additional computer was used, using a public IP address.Postprint (published version

The Design and Implementation of a PCIe-based LESS Label Switch

With the explosion of the Internet of Things, the number of smart, embedded devices has grown exponentially in the last decade, with growth projected at a commiserate rate. These devices create strain on the existing infrastructure of the Internet, creating challenges with scalability of routing tables and reliability of packet delivery. Various schemes based on Location-Based Forwarding and ID-based routing have been proposed to solve the aforementioned problems, but thus far, no solution has completely been achieved. This thesis seeks to improve current proposed LORIF routers by designing, implementing, and testing and a PCIe-based LESS switch to process unrouteable packets under the current LESS forwarding engine