ADN: An Information-Centric Networking Architecture for the Internet of Things

Forwarding data by name has been assumed to be a necessary aspect of an information-centric redesign of the current Internet architecture that makes content access, dissemination, and storage more efficient. The Named Data Networking (NDN) and Content-Centric Networking (CCNx) architectures are the leading examples of such an approach. However, forwarding data by name incurs storage and communication complexities that are orders of magnitude larger than solutions based on forwarding data using addresses. Furthermore, the specific algorithms used in NDN and CCNx have been shown to have a number of limitations. The Addressable Data Networking (ADN) architecture is introduced as an alternative to NDN and CCNx. ADN is particularly attractive for large-scale deployments of the Internet of Things (IoT), because it requires far less storage and processing in relaying nodes than NDN. ADN allows things and data to be denoted by names, just like NDN and CCNx do. However, instead of replacing the waist of the Internet with named-data forwarding, ADN uses an address-based forwarding plane and introduces an information plane that seamlessly maps names to addresses without the involvement of end-user applications. Simulation results illustrate the order of magnitude savings in complexity that can be attained with ADN compared to NDN.Comment: 10 page

Exploring usable Path MTU in the Internet

This work is funded by the European Union’s Horizon 2020 research and innovation programme under grant agreement No. 644399 (MONROE) through the Open Call. Additionally this work was partially supported by the European Union’s Horizon 2020 research and innovation programme under grant agreement No. 688421 (MAMI). The opinions expressed and arguments employed reflect only the authors’ view. The European Commission is not responsible for any use that may be made of that informationPostprin

Solving MTU Mismatch and Broadcast Overhead of NDN over Link-layer Networks

Named Data Networking (NDN) has been considered as a promising Internet architecture for the future data-centric communication. In particular, NDN over link-layer networks would cut off the overheads of Transmission Control Protocol/Internet Protocol (TCP/IP), and enhance the efficiency of data distribution. However, there are two main unsolved issues for the NDN link-layer, namely broadcast overhead and Maximum Transmission Unit (MTU) mismatch. In this paper, we have therefore designed and implemented an NDN Neighborhood Discovery Protocol, named NDN-NDP, to enable a unicast data transmission over the link-layer. Furthermore, our NDN-NDP has included a negotiation mechanism to fix the MTU mismatch issue. In comparison to previously proposed NDN link-layer technologies, we can fix both MTU mismatch and broadcast overhead problems. Through emulation and experiments on a test-bed, we have also compared our NDN-NDP with the Link-layer Protocol for NDN (NDNLP), which is the most widely deployed NDNLP. From our experiments, NDN-NDP can efficiently fix MTU mismatch and broadcast overhead issue

A New Model for Testing IPv6 Fragment Handling

Since the origins of the Internet, various vulnerabilities exploiting the IP fragmentation process have plagued IPv4 protocol, many leading to a wide range of attacks. IPv6 modified the handling of fragmentations and introduced a specific extension header, not solving the related problems, as proved by extensive literature. One of the primary sources of problems has been the overlapping fragments, which result in unexpected or malicious packets when reassembled. To overcome the problem related to fragmentation, the authors of RFC 5722 decided that IPv6 hosts MUST silently drop overlapping fragments. Since then, several studies have proposed methodologies to check if IPv6 hosts accept overlapping fragments and are still vulnerable to related attacks. However, some of the above methodologies have not been proven complete or need to be more accurate. In this paper we propose a novel model to check IPv6 fragmentation handling specifically suited for the reassembling strategies of modern operating systems. Previous models, indeed, considered OS reassembly policy as byte-based. However, nowadays, reassembly policies are fragment-based, making previous models inadequate. Our model leverages the commutative property of the checksum, simplifying the whole assessing process. Starting with this new model, we were able to better evaluate the RFC-5722 and RFC-9099 compliance of modern operating systems against fragmentation handling. Our results suggest that IPv6 fragmentation can still be considered a threat and that more effort is needed to solve related security issues

Transport layer protocols and architectures for satellite networks

Designing efficient transmission mechanisms for advanced satellite networks is a demanding task, requiring the definition and the implementation of protocols and architectures well suited to this challenging environment. In particular, transport protocols performance over satellite networks is impaired by the characteristics of the satellite radio link, specifically by the long propagation delay and the possible presence of segment losses due to physical channel errors. The level of impact on performance depends upon the link design (type of constellation, link margin, coding and modulation) and operational conditions (link obstructions, terminal mobility, weather conditions, etc.). To address these critical aspects a number of possible solutions have been presented in the literature, ranging from limited modifications of standard protocols (e.g. TCP, transmission control protocol) to completely alternative protocol and network architectures. However, despite the great number of different proposals (or perhaps also because of it), the general framework appears quite fragmented and there is a compelling need of an integration of the research competences and efforts. This is actually the intent of the transport protocols research line within the European SatNEx (Satellite Network of Excellence) project. Stemming from the authors' work on this project, this paper aims to provide the reader with an updated overview of all the possible approaches that can be pursued to overcome the limitations of current transport protocols and architectures, when applied to satellite communications. In the paper the possible solutions are classified in the following categories: optimization of TCP interactions with lower layers, TCP enhancements, performance enhancement proxies (PEP) and delay tolerant networks (DTN). Advantages and disadvantages of the different approaches, as well as their interactions, are investigated and discussed, taking into account performance improvement, complexity, and compliance to the standard semantics. From this analysis, it emerges that DTN architectures could integrate some of the most efficient solutions from the other categories, by inserting them in a new rigorous framework. These innovative architectures therefore may represent a promising solution for solving some of the important problems posed at the transport layer by satellite networks, at least in a medium-to-long-term perspective. Copyright (c) 2006 John Wiley & Sons, Ltd

Network-aware Active Wardens in IPv6

Every day the world grows more and more dependent on digital communication. Technologies like e-mail or the World Wide Web that not so long ago were considered experimental, have first become accepted and then indispensable tools of everyday life. New communication technologies built on top of the existing ones continuously race to provide newer and better functionality. Even established communication media like books, radio, or television have become digital in an effort to avoid extinction. In this torrent of digital communication a constant struggle takes place. On one hand, people, organizations, companies and countries attempt to control the ongoing communications and subject them to their policies and laws. On the other hand, there oftentimes is a need to ensure and protect the anonymity and privacy of the very same communications. Neither side in this struggle is necessarily noble or malicious. We can easily imagine that in presence of oppressive censorship two parties might have a legitimate reason to communicate covertly. And at the same time, the use of digital communications for business, military, and also criminal purposes gives equally compelling reasons for monitoring them thoroughly. Covert channels are communication mechanisms that were never intended nor designed to carry information. As such, they are often able to act ``below\u27\u27 the notice of mechanisms designed to enforce security policies. Therefore, using covert channels it might be possible to establish a covert communication that escapes notice of the enforcement mechanism in place. Any covert channel present in digital communications offers a possibility of achieving a secret, and therefore unmonitored, communication. There have been numerous studies investigating possibilities of hiding information in digital images, audio streams, videos, etc. We turn our attention to the covert channels that exist in the digital networks themselves, that is in the digital communication protocols. Currently, one of the most ubiquitous protocols in deployment is the Internet Protocol version 4 (IPv4). Its universal presence and range make it an ideal candidate for covert channel investigation. However, IPv4 is approaching the end of its dominance as its address space nears exhaustion. This imminent exhaustion of IPv4 address space will soon force a mass migration towards Internet Protocol version 6 (IPv6) expressly designed as its successor. While the protocol itself is already over a decade old, its adoption is still in its infancy. The low acceptance of IPv6 results in an insufficient understanding of its security properties. We investigated the protocols forming the foundation of the next generation Internet, Internet Protocol version 6 (IPv6) and Internet Control Message Protocol (ICMPv6) and found numerous covert channels. In order to properly assess their capabilities and performance, we built cctool, a comprehensive covert channel tool. Finally, we considered countermeasures capable of defeating discovered covert channels. For this purpose we extended the previously existing notions of active wardens to equip them with the knowledge of the surrounding network and allow them to more effectively fulfill their role

Transport of video over partial order connections

A Partial Order and partial reliable Connection (POC) is an end-to-end transport connection authorized to deliver objects in an order that can differ from the transmitted one. Such a connection is also authorized to lose some objects. The POC concept is motivated by the fact that heterogeneous best-effort networks such as Internet are plagued by unordered delivery of packets and losses, which tax the performances of current applications and protocols. It has been shown, in several research works, that out of order delivery is able to alleviate (with respect to CO service) the use of end systems’ communication resources. In this paper, the efficiency of out-of-sequence delivery on MPEG video streams processing is studied. Firstly, the transport constraints (in terms of order and reliability) that can be relaxed by MPEG video decoders, for improving video transport, are detailed. Then, we analyze the performance gain induced by this approach in terms of blocking times and recovered errors. We demonstrate that POC connections fill not only the conceptual gap between TCP and UDP but also provide real performance improvements for the transport of multimedia streams such MPEG video

InfiniBand-Based Mechanism to Enhance Multipath QoS in MANETs

Mobile Ad-hoc Networks (MANETs), the continuous changes in topology and the big amounts of data exchanged across the network makes it difficult for a single routing algorithm to route data efficiently between nodes. MANETs usually suffer from high packet loss rates and high link failure rates, which also makes it difficult to exchange data in effective and reliable fashion. These challenges usually increase congestion on some links while other links are almost free. In this thesis, we propose a novel mechanism to enhance QoS in multipath routing protocols in MANETs based on the InfiniBand (IB) QoS architecture. The basic idea of our approach is to enhance the path balancing to reduce congestion on overloaded links. This mechanism has enabled us to give critical applications higher priority to send them packet when routing their packets across the network, effectively manage frequent connections and disconnections and thus help reduce link failures and packet loss rates, and reduce the overall power consumption as a consequence of the previous gains. We have tested the scheme on the (IBMGTSim) simulator and achieved significant improvements in QoS parameters compared to two well-known routing protocols: AODV and AOMDV.هناك نوع من الشبكات حيث يكون كل المكونات فيها عبارة عن اجهزة متحركة بدون اي بنية تحتية تسمى "MANET "في هذا النوع من الشبكات تتعاون االجهزة ذاتيا لتحديد الطرق في ما بينها والنها متحركة تقوم هذه االجهزة بحساب اكثر من طريق عو ًضا عن حساب طريق واحد لتقليل من احتمالية فشل في االرسال حيث اذا تم فشل في طريق معينة تبقى الطرق االخرة سليمة. وفي ناحية اخرى ولتنوع اهمية البرامج والخدمات التي توفرها هذه االجهزة هناك ما يسمى "بجودى الخدمات Service of Quality" حيث يقوم المستخدم بوضع اولويات للبرامج والخدمات من استهالك المصادر المتاحة, والطريق الشائعة هي ان يقوم المستخدم بوضع حدود على سرعة استعمال الشبكة من قبل البرامج االقل اهمية لترك المصادر متاحة للبرامج الاكثر المهمة بشكل اكثر وهذا الحل يحتوي على الكثير من المشاكل في هذا النوع من الشبكات, حيث ان مواصفات الطرق غير معروفة وغير ثابتة وقد تحتوي او تتغير الى قيم اقل من الحدود الموضوعة للبرمج الغير مهمة فتتساوى البرامج والخدمات االقل اهمية بالبرامج االكثر اهمية مما يعني فشل في جودة الخدمات. من خالل بحثنا عن حلول ودراسة انواع مختلفة من الشبكات وجدنا نوع من تطبيق جودة الخدمات في نوع الشبكات المسمى بInfiniBand حيث يتم تطبيق جودة الخدمات من خالل تغيير عدد الرسال المبعثة من قبل البرامج, حيث تقوم االجهزة بارسال عدد اكبر من الرسال التابعة للبرامج المهمة مقارنة بعدد الرسال التابعة للبرامج االقل اهمية, ويتم ذلك باستخدام الصفوف, حيث تصطف الرسال من البرامج المهمة بصف يختلف عن الصف الذي يحتوي على رسال البرامج الغير مهمة. هذا الحل له فائدتان مهمتان االولى انه ال يوثر عالطريقة التقليدية ويمكن ان يستخدم معها والفائدة الثانية انه وبخالف الطريقة التقليدية, الطريقة الجديدة ال تتاثر بصفات الطريق المحسوبة او بتغير صفاتها فنسبة عدد الرسال تكون نفسها مهما اختلفت الطرق و صفاتها, بعد تطبيق هذا النوع وجددنا تحسين في كفائة االرسال تصل الى 18 %في جودة التوصيل و 10 %في سرعة الوصول مع العلم ان جودة الخدمات لم تفشل على غرار الطريقة التقليدية