183 research outputs found
Internames: a name-to-name principle for the future Internet
We propose Internames, an architectural framework in which names are used to
identify all entities involved in communication: contents, users, devices,
logical as well as physical points involved in the communication, and services.
By not having a static binding between the name of a communication entity and
its current location, we allow entities to be mobile, enable them to be reached
by any of a number of basic communication primitives, enable communication to
span networks with different technologies and allow for disconnected operation.
Furthermore, with the ability to communicate between names, the communication
path can be dynamically bound to any of a number of end-points, and the
end-points themselves could change as needed. A key benefit of our architecture
is its ability to accommodate gradual migration from the current IP
infrastructure to a future that may be a ubiquitous Information Centric
Network. Basic building blocks of Internames are: i) a name-based Application
Programming Interface; ii) a separation of identifiers (names) and locators;
iii) a powerful Name Resolution Service (NRS) that dynamically maps names to
locators, as a function of time/location/context/service; iv) a built-in
capacity of evolution, allowing a transparent migration from current networks
and the ability to include as particular cases current specific architectures.
To achieve this vision, shared by many other researchers, we exploit and expand
on Information Centric Networking principles, extending ICN functionality
beyond content retrieval, easing send-to-name and push services, and allowing
to use names also to route data in the return path. A key role in this
architecture is played by the NRS, which allows for the co-existence of
multiple network "realms", including current IP and non-IP networks, glued
together by a name-to-name overarching communication primitive.Comment: 6 page
Poseidon: Mitigating Interest Flooding DDoS Attacks in Named Data Networking
Content-Centric Networking (CCN) is an emerging networking paradigm being
considered as a possible replacement for the current IP-based host-centric
Internet infrastructure. In CCN, named content becomes a first-class entity.
CCN focuses on content distribution, which dominates current Internet traffic
and is arguably not well served by IP. Named-Data Networking (NDN) is an
example of CCN. NDN is also an active research project under the NSF Future
Internet Architectures (FIA) program. FIA emphasizes security and privacy from
the outset and by design. To be a viable Internet architecture, NDN must be
resilient against current and emerging threats. This paper focuses on
distributed denial-of-service (DDoS) attacks; in particular we address interest
flooding, an attack that exploits key architectural features of NDN. We show
that an adversary with limited resources can implement such attack, having a
significant impact on network performance. We then introduce Poseidon: a
framework for detecting and mitigating interest flooding attacks. Finally, we
report on results of extensive simulations assessing proposed countermeasure.Comment: The IEEE Conference on Local Computer Networks (LCN 2013
A proposal for secured, efficient and scalable layer 2 network virtualisation mechanism
El contenidos de los capítulos 3 y 4 está sujeto a confidencialidad.
291 p.La Internet del Futuro ha emergido como un esfuerzo investigador para superar estas limitaciones identificadas en la actual Internet. Para ello es necesario investigar en arquitecturas y soluciones novedosas (evolutivas o rompedoras), y las plataformas de experimentación surgen para proporcionar un entorno realista para validar estas nuevas propuestas a gran escala.Debido a la necesidad de compartir la misma infraestructura y recursos para testear simultáneamente diversas propuestas de red, la virtualización de red es la clave del éxito. Se propone una nueva taxonomía para poder analizar y comparar las diferentes propuestas. Se identifican tres tipos: el Nodo Virtual (vNode), la Virtualización posibilitada por SDN (SDNeV) y el overlay.Además, se presentan las plataformas experimentales más relevantes, con un foco especial en la forma en la que cada una de ellas permite la investigación en propuestas de red, las cuales no cumplen todos estos requisitos impuestos: aislamiento, seguridad, flexibilidad, escalabilidad, estabilidad, transparencia, soporte para la investigación en propuestas de red. Por lo tanto, una nueva plataforma de experimentación ortogonal a la experimentación es necesaria.Las principales contribuciones de esta tesis, sustentadas sobre tecnología SDN y NFV, son también los elementos clave para construir la plataforma de experimentación: la Virtualización de Red basada en Prefijos de Nivel 2 (Layer 2 Prefix-based Network Virtualisation, L2PNV), un Protocolo para la Configuración de Direcciones MAC (MAC Address Configuration Protocol, MACP), y un sistema de Control de Acceso a Red basado en Flujos (Flow-based Network Access Control, FlowNAC).Como resultado, se ha desplegado en la Universidad del Pais Vasco (UPV/EHU) una nueva plataforma experimental, la Plataforma Activada por OpenFlow de EHU (EHU OpenFlow Enabled Facility, EHU-OEF), para experimentar y validar estas propuestas realizadas
Networking Solutions for Integrated Heterogeneous Wireless Ecosystem
As wireless communications technology is steadily evolving to improve the offered connectivity levels, additional research on emerging network architectures is becoming timely to understand the applicability of both traditional and novel networking solutions. This chapter concentrates on the utilization of cloud computing techniques to construct feasible system prototypes and demonstrators within the rapidly maturing heterogeneous wireless ecosystem. Our first solution facilitates cooperative radio resource management in heterogeneous networks. The second solution enables assisted direct connectivity between proximate users. The contents of the chapter outline our corresponding research and development efforts as well as summarize the major experiences and lessons learned
Why We Shouldn't Forget Multicast in Name-oriented Publish/Subscribe
Name-oriented networks introduce the vision of an information-centric,
secure, globally available publish-subscribe infrastructure. Current approaches
concentrate on unicast-based pull mechanisms and thereby fall short in
automatically updating content at receivers. In this paper, we argue that an
inclusion of multicast will grant additional benefits to the network layer,
namely efficient distribution of real-time data, a many-to-many communication
model, and simplified rendezvous processes. These aspects are comprehensively
reflected by a group-oriented naming concept that integrates the various
available group schemes and introduces new use cases. A first draft of this
name-oriented multicast access has been implemented in the HAMcast middleware
SoK: Distributed Computing in ICN
Information-Centric Networking (ICN), with its data-oriented operation and
generally more powerful forwarding layer, provides an attractive platform for
distributed computing. This paper provides a systematic overview and
categorization of different distributed computing approaches in ICN
encompassing fundamental design principles, frameworks and orchestration,
protocols, enablers, and applications. We discuss current pain points in legacy
distributed computing, attractive ICN features, and how different systems use
them. This paper also provides a discussion of potential future work for
distributed computing in ICN.Comment: 10 pages, 3 figures, 1 table. Accepted by ACM ICN 202
ANDaNA: Anonymous Named Data Networking Application
Content-centric networking -- also known as information-centric networking
(ICN) -- shifts emphasis from hosts and interfaces (as in today's Internet) to
data. Named data becomes addressable and routable, while locations that
currently store that data become irrelevant to applications.
Named Data Networking (NDN) is a large collaborative research effort that
exemplifies the content-centric approach to networking. NDN has some innate
privacy-friendly features, such as lack of source and destination addresses on
packets. However, as discussed in this paper, NDN architecture prompts some
privacy concerns mainly stemming from the semantic richness of names. We
examine privacy-relevant characteristics of NDN and present an initial attempt
to achieve communication privacy. Specifically, we design an NDN add-on tool,
called ANDaNA, that borrows a number of features from Tor. As we demonstrate
via experiments, it provides comparable anonymity with lower relative overhead.Comment: NDSS 2012 - Proceedings of the Network and Distributed System
Security Symposium, San Diego, California, US
- …