MPTCP Robustness Against Large-Scale Man-in-the-Middle Attacks

International audienceMultipath communications at the Internet scale have been a myth for a long time, with no actual protocol being deployed at large scale. Recently, the Multipath Transmission Control Protocol (MPTCP) extension was standardized and is undergoing rapid adoption in many different use-cases, from mobile to fixed access networks, from data-centers to core networks. Among its major benefits-i.e., reliability thanks to backup path rerouting, through-put increase thanks to link aggregation, and confidentiality being more difficult to intercept a full connection-the latter has attracted lower attention. How effective would be to use MPTCP, or an equivalent multipath transport layer protocol, to exploit multiple Internet-scale paths and decrease the probability of Man-in-the-Middle (MITM) attacks is a question which we try to answer. By analyzing the Autonomous System (AS) level graph, we identify which countries and regions show a higher level of robustness against MITM AS-level attacks, for example due to core cable tapping or route hijacking practices.

Modelling and Design of Resilient Networks under Challenges

Communication networks, in particular the Internet, face a variety of challenges that can disrupt our daily lives resulting in the loss of human lives and significant financial costs in the worst cases. We define challenges as external events that trigger faults that eventually result in service failures. Understanding these challenges accordingly is essential for improvement of the current networks and for designing Future Internet architectures. This dissertation presents a taxonomy of challenges that can help evaluate design choices for the current and Future Internet. Graph models to analyse critical infrastructures are examined and a multilevel graph model is developed to study interdependencies between different networks. Furthermore, graph-theoretic heuristic optimisation algorithms are developed. These heuristic algorithms add links to increase the resilience of networks in the least costly manner and they are computationally less expensive than an exhaustive search algorithm. The performance of networks under random failures, targeted attacks, and correlated area-based challenges are evaluated by the challenge simulation module that we developed. The GpENI Future Internet testbed is used to conduct experiments to evaluate the performance of the heuristic algorithms developed

Techniques d'ingénierie de trafic dynamique pour l'internet

Network convergence and new applications running on end-hosts result in increasingly variable and unpredictable traffic patterns. By providing origin-destination pairs with several possible paths, Dynamic Load-Balancing (DLB) has proved itself an excellent tool to face this uncertainty. The objective in DLB is to distribute traffic among these paths in real-time so that a certain objective function is optimized. In these dynamic schemes, paths are established a priori and the amount of traffic sent through each of them depends on the current traffic demand and network condition. In this thesis we study and propose various DLB mechanisms, differing in two important aspects. The first difference resides in the assumption, or not, that resources are reserved for each path. The second lies on the objective function, which clearly dictates the performance obtained from the network. However, a performance benchmarking of the possible choices has not been carried out so far. In this sense, for the case in which no reservations are performed, we study and compare several objective functions, including a proposal of ours. We will also propose and study a new distributed algorithm to attain the optimum of these objective functions. Its advantage with respect to previous proposals is its complete self-configuration (i. E. Convergence is guaranteed without any parametrization). Finally, we present the first complete comparative study between DLB and Robust Routing (a fixed routing configuration for all possible traffic demands). In particular, we analyze which scheme is more convenient in each given situation, and highlight some of their respective shortcomings and virtues.Avec la multiplication des services dans un même réseau et les diversités des applications utilisées par les usagers finaux, le trafic transporté est devenu très complexe et dynamique. Le Partage de la Charge Dynamique (PCD) constitue une alternative intéressante pour résoudre cette problématique. Si une paire Source-Destination est connectée par plusieurs chemins, le problème est le suivant : comment distribuer le trafic parmi ces chemins de telle façon qu’une fonction objective soit optimisé. Dans ce cas les chemins sont fixés a priori et la quantité de trafic acheminée sur chaque route est déterminée dynamiquement en fonction de la demande de trafic et de la situation actuelle du réseau. Dans cette thèse nous étudions puis nous proposons plusieurs mécanismes de PCD. Tout d'abord, nous distinguons deux types d’architecture : celles dans lesquelles les ressources sont réservées pour chaque chemin, et celles pour lesquelles aucune réservation n'est effectuée. La simplification faite dans le premier type d’architecture nous permet de proposer l'utilisation d'un nouveau mécanisme pour gérer les chemins. Partant de ce mécanisme, nous définissons un nouvel algorithme de PCD. Concernant la deuxième architecture, nous étudions et comparons plusieurs fonctions objectives. À partir de notre étude, nous proposons un nouvel algorithme distribué permettant d’atteindre l'optimum de ces fonctions objectives. La principale caractéristique de notre algorithme, et son avantage par rapport aux propositions antérieures, est sa capacité d'auto-configuration, dans la mesure où la convergence de l'algorithme est garantie sans aucun besoin de réglage préalable de ses paramètres

Shifting Interfaces: art research at the intersections of live performance and technology

Merged with duplicate record 10026.1/809 on 08.20.2017 by CS (TIS)This collection of published works is an outcome of my practice-led inter-disciplinary collaborative artistic research into deepening understanding of creative process in the field of contemporary dance. It comprises thirty written works published from 1999 to 2007 in various formats and platforms. This collection is framed by a methodological discussion that provides insight into how this research has intersected over time with diverse fields of practice including contemporary dance, digital and new media arts and non-art domains such as cognitive and social science. Fields are understood in the context of this research to be largely constituted out of the expert practices of individual collaborators. This research starts from an interest in the Impact of new media technologies on dance making/ choreography. The collection of works show evidence, established in the first two publications, of an evolving engagement with two concepts related to this interest: (1) the 'algorithm' as a process-level connection or bridge between dance composition and computation; (2) the empirical study of movement embedded as a 'knowledge base' in the practices of both computer animation and dance and thus forming a special correspondence between them. This collection provides evidence of this research through a period of community-building amongst artists using new media technologies in performance, and culminates in the identification of an emerging 'community of practice' coming together around the formation of a unique body of knowledge pertaining to dance. The late 1990s New Media Art movement provided a supportive context for Important peer-to-peer encounters with creators and users of software tools and platforms in the context of inter-disciplinary art-making. A growing interest in software programming as a creative practice opened up fresh perspectives on possible connections with dance making. It became clear that software's utility alone, including artistic uses of software, was a limited conception. This was the background thinking that informed the first major shift in the research towards the design of software that might augment the creative process of expert choreographers and dancers. This shift from software use to its design, framed by a focus on the development of tools to support dance creation, also provided strong rationale to deepen the research into dance making processes. In the second major phase of the research presented here, scientific study is brought collaboratively to bear on questions related to choreographic practice. This lead to a better understanding of ways in which dancers and choreographers, as 'thinking bodies', interact with their design tools and each other in the context of creation work. In addition to this collection, outcomes of this research are traceable to other published papers and art works it has given rise to. Less easily measureable, but just as valuable, are the sustained relations between individuals and groups behind the 'community of practice' now recognised for its development of unique formats for bringing choreographic ideas and processes into contact, now and in the future, with both general audiences and other specialist practices

Integração do paradigma de cloud computing com a infraestrutura de rede do operador

Doutoramento em Engenharia InformáticaThe proliferation of Internet access allows that users have the possibility to use services available directly through the Internet, which translates in a change of the paradigm of using applications and in the way of communicating, popularizing in this way the so-called cloud computing paradigm. Cloud computing brings with it requirements at two different levels: at the cloud level, usually relying in centralized data centers, where information technology and network resources must be able to guarantee the demand of such services; and at the access level, i.e., depending on the service being consumed, different quality of service is required in the access network, which is a Network Operator (NO) domain. In summary, there is an obvious network dependency. However, the network has been playing a relatively minor role, mostly as a provider of (best-effort) connectivity within the cloud and in the access network. The work developed in this Thesis enables for the effective integration of cloud and NO domains, allowing the required network support for cloud. We propose a framework and a set of associated mechanisms for the integrated management and control of cloud computing and NO domains to provide endto- end services. Moreover, we elaborate a thorough study on the embedding of virtual resources in this integrated environment. The study focuses on maximizing the host of virtual resources on the physical infrastructure through optimal embedding strategies (considering the initial allocation of resources as well as adaptations through time), while at the same time minimizing the costs associated to energy consumption, in single and multiple domains. Furthermore, we explore how the NO can take advantage of the integrated environment to host traditional network functions. In this sense, we study how virtual network Service Functions (SFs) should be modelled and managed in a cloud environment and enhance the framework accordingly. A thorough evaluation of the proposed solutions was performed in the scope of this Thesis, assessing their benefits. We implemented proof of concepts to prove the added value, feasibility and easy deployment characteristics of the proposed framework. Furthermore, the embedding strategies evaluation has been performed through simulation and Integer Linear Programming (ILP) solving tools, and it showed that it is possible to reduce the physical infrastructure energy consumption without jeopardizing the virtual resources acceptance. This fact can be further increased by allowing virtual resource adaptation through time. However, one should have in mind the costs associated to adaptation processes. The costs can be minimized, but the virtual resource acceptance can be also reduced. This tradeoff has also been subject of the work in this Thesis.A proliferação do acesso à Internet permite aos utilizadores usar serviços disponibilizados diretamente através da Internet, o que se traduz numa mudança de paradigma na forma de usar aplicações e na forma de comunicar, popularizando desta forma o conceito denominado de cloud computing. Cloud computing traz consigo requisitos a dois níveis: ao nível da própria cloud, geralmente dependente de centros de dados centralizados, onde as tecnologias de informação e recursos de rede têm que ser capazes de garantir as exigências destes serviços; e ao nível do acesso, ou seja, dependendo do serviço que esteja a ser consumido, são necessários diferentes níveis de qualidade de serviço na rede de acesso, um domínio do operador de rede. Em síntese, existe uma clara dependência da cloud na rede. No entanto, o papel que a rede tem vindo a desempenhar neste âmbito é reduzido, sendo principalmente um fornecedor de conectividade (best-effort) tanto no dominio da cloud como no da rede de acesso. O trabalho desenvolvido nesta Tese permite uma integração efetiva dos domínios de cloud e operador de rede, dando assim à cloud o efetivo suporte da rede. Para tal, apresentamos uma plataforma e um conjunto de mecanismos associados para gestão e controlo integrado de domínios cloud computing e operador de rede por forma a fornecer serviços fim-a-fim. Além disso, elaboramos um estudo aprofundado sobre o mapeamento de recursos virtuais neste ambiente integrado. O estudo centra-se na maximização da incorporação de recursos virtuais na infraestrutura física por meio de estratégias de mapeamento ótimas (considerando a alocação inicial de recursos, bem como adaptações ao longo do tempo), enquanto que se minimizam os custos associados ao consumo de energia. Este estudo é feito para cenários de apenas um domínio e para cenários com múltiplos domínios. Além disso, exploramos como o operador de rede pode aproveitar o referido ambiente integrado para suportar funções de rede tradicionais. Neste sentido, estudamos como as funções de rede virtualizadas devem ser modeladas e geridas num ambiente cloud e estendemos a plataforma de acordo com este conceito. No âmbito desta Tese foi feita uma avaliação extensa das soluções propostas, avaliando os seus benefícios. Implementámos provas de conceito por forma a demonstrar as mais-valias, viabilidade e fácil implantação das soluções propostas. Além disso, a avaliação das estratégias de mapeamento foi realizada através de ferramentas de simulação e de programação linear inteira, mostrando que é possível reduzir o consumo de energia da infraestrutura física, sem comprometer a aceitação de recursos virtuais. Este aspeto pode ser melhorado através da adaptação de recursos virtuais ao longo do tempo. No entanto, deve-se ter em mente os custos associados aos processos de adaptação. Os custos podem ser minimizados, mas isso implica uma redução na aceitação de recursos virtuais. Esta compensação foi também um tema abordado nesta Tese

Upowszechnianie wyników badań naukowych w międzynarodowych bazach danych : analiza biometryczna na przykładzie nauk technicznych, ze szczególnym uwzględnieniem elektrotechniki

The issues of bibliometrics, scientometrics, informetrics and webometrics have an important place among research subject undertaken by Polish and foreign scholars. Initially, these notions were used only by researchers in the fields of library science, scientometrics and information science. However, at the turn of the 20th and 21st centuries, quantitative methods became a fundamental tool for evaluation of, among others, sources of academic communication, academic research, research and academic centers. One of the elements of the evaluation is a quantitative analysis of academic publications in databases with international access. It is of particular importance in the case of technical sciences. This work is an attempt at a quantitative analysis of publications by Polish authors (affiliated to Polish technical universities) and Polish journals on electrotechnics in international databases. The contents are organized into four chapters with an introduction, conclusions, bibliography, name index and a list of figures and illustrations. Chapters one and two are devoted to theoretical issues, whereas chapters three and four – to practical issues. In the first chapter, selected issues concerning quantitative methods were presented, including an analysis of literature and a discussion over terminology carried out in book publications and journals. Moreover, selected examples of research conducted with the use of quantitative methods (including rankings and scientific reports) were discussed in this chapter). In chapter two, sources of information on academic publications, their origins and development (from bibliographic bases to citation indexes) were presented. A separate subchapter was devoted to databases of academic publications created by libraries of technical universities, and to indicators in the assessment of academic publications. Chapter three deals with electrotechnics as a field of science. An analysis was conducted with regard to the place of electrotechnics in science classifications based on selected examples, and the development of the teaching of electrotechnics at university level was shown. In this chapter, early and contemporary Polish journals on electrotechnics were presented, including journals published by technical universities themselves. Chapter four contains the results of an analysis of international databases (Scopus, WoS, CC), focusing on the representation of Polish journals, including their citations, and publications of authors with affiliation to Polish technical universities. Final conclusions of research and analyses have brought an answer to questions raised with regard to the assessment of representation in international databases of publications by Polish authors affiliated to Polish technical universities (in its various aspects, e.g., a publication type, language of publication, publication dynamics taking into account years of publications, cooperation with representatives of other European and non-European countries), and of Polish journals

Actas da 10ª Conferência sobre Redes de Computadores

Universidade do MinhoCCTCCentro AlgoritmiCisco SystemsIEEE Portugal Sectio

A Polyhedral Study of Mixed 0-1 Set

We consider a variant of the well-known single node fixed charge network flow set with constant capacities. This set arises from the relaxation of more general mixed integer sets such as lot-sizing problems with multiple suppliers. We provide a complete polyhedral characterization of the convex hull of the given set