An Architecture for Network Layer Privacy

We present an architecture for the provision of network layer privacy based on the SHIM6 multihoming protocol. In its basic form, the architecture prevents on-path eavesdroppers from using SHIM6 network layer information to correlate packets that belong to the same communication but use different locators. To achieve this, several extensions to the SHIM6 protocol and to the HBA (Hash Based Addresses) addressing model are defined. On its full-featured mode of operation, hosts can vary dynamically the addresses of the packets of on-going communications. Single-homed hosts can adopt the SHIM6 protocol with the privacy enhancements to benefit from this protection against information collectors.IEEE Communications SocietyPublicad

Network layer access control for context-aware IPv6 applications

As part of the Lancaster GUIDE II project, we have developed a novel wireless access point protocol designed to support the development of next generation mobile context-aware applications in our local environs. Once deployed, this architecture will allow ordinary citizens secure, accountable and convenient access to a set of tailored applications including location, multimedia and context based services, and the public Internet. Our architecture utilises packet marking and network level packet filtering techniques within a modified Mobile IPv6 protocol stack to perform access control over a range of wireless network technologies. In this paper, we describe the rationale for, and components of, our architecture and contrast our approach with other state-of-the- art systems. The paper also contains details of our current implementation work, including preliminary performance measurements

TARANET: Traffic-Analysis Resistant Anonymity at the NETwork layer

Modern low-latency anonymity systems, no matter whether constructed as an overlay or implemented at the network layer, offer limited security guarantees against traffic analysis. On the other hand, high-latency anonymity systems offer strong security guarantees at the cost of computational overhead and long delays, which are excessive for interactive applications. We propose TARANET, an anonymity system that implements protection against traffic analysis at the network layer, and limits the incurred latency and overhead. In TARANET's setup phase, traffic analysis is thwarted by mixing. In the data transmission phase, end hosts and ASes coordinate to shape traffic into constant-rate transmission using packet splitting. Our prototype implementation shows that TARANET can forward anonymous traffic at over 50~Gbps using commodity hardware

To NACK or not to NACK? Negative Acknowledgments in Information-Centric Networking

Information-Centric Networking (ICN) is an internetworking paradigm that offers an alternative to the current IP\nobreakdash-based Internet architecture. ICN's most distinguishing feature is its emphasis on information (content) instead of communication endpoints. One important open issue in ICN is whether negative acknowledgments (NACKs) at the network layer are useful for notifying downstream nodes about forwarding failures, or requests for incorrect or non-existent information. In benign settings, NACKs are beneficial for ICN architectures, such as CCNx and NDN, since they flush state in routers and notify consumers. In terms of security, NACKs seem useful as they can help mitigating so-called Interest Flooding attacks. However, as we show in this paper, network-layer NACKs also have some unpleasant security implications. We consider several types of NACKs and discuss their security design requirements and implications. We also demonstrate that providing secure NACKs triggers the threat of producer-bound flooding attacks. Although we discuss some potential countermeasures to these attacks, the main conclusion of this paper is that network-layer NACKs are best avoided, at least for security reasons.Comment: 10 pages, 7 figure

HORNET: High-speed Onion Routing at the Network Layer

We present HORNET, a system that enables high-speed end-to-end anonymous channels by leveraging next generation network architectures. HORNET is designed as a low-latency onion routing system that operates at the network layer thus enabling a wide range of applications. Our system uses only symmetric cryptography for data forwarding yet requires no per-flow state on intermediate nodes. This design enables HORNET nodes to process anonymous traffic at over 93 Gb/s. HORNET can also scale as required, adding minimal processing overhead per additional anonymous channel. We discuss design and implementation details, as well as a performance and security evaluation.Comment: 14 pages, 5 figure

Network traffic behaviour near phase transition point

We explore packet traffic dynamics in a data network model near phase transition point from free flow to congestion. The model of data network is an abstraction of the Network Layer of the OSI (Open Systems Interconnection) Reference Model of packet switching networks. The Network Layer is responsible for routing packets across the network from their sources to their destinations and for control of congestion in data networks. Using the model we investigate spatio-temporal packets traffic dynamics near the phase transition point for various network connection topologies, and static and adaptive routing algorithms. We present selected simulation results and analyze them

PersLay: A Neural Network Layer for Persistence Diagrams and New Graph Topological Signatures

Persistence diagrams, the most common descriptors of Topological Data Analysis, encode topological properties of data and have already proved pivotal in many different applications of data science. However, since the (metric) space of persistence diagrams is not Hilbert, they end up being difficult inputs for most Machine Learning techniques. To address this concern, several vectorization methods have been put forward that embed persistence diagrams into either finite-dimensional Euclidean space or (implicit) infinite dimensional Hilbert space with kernels. In this work, we focus on persistence diagrams built on top of graphs. Relying on extended persistence theory and the so-called heat kernel signature, we show how graphs can be encoded by (extended) persistence diagrams in a provably stable way. We then propose a general and versatile framework for learning vectorizations of persistence diagrams, which encompasses most of the vectorization techniques used in the literature. We finally showcase the experimental strength of our setup by achieving competitive scores on classification tasks on real-life graph datasets