628 research outputs found
Server-side performance evaluation of NDN
International audienceNDN is a promising protocol that can help to reduce congestion at Internet scale by putting content at the center of communications instead of hosts, and by providing each node with a caching capability. NDN can also natively authenticate transmitted content with a mechanism similar to website certificates that allows clients to assess the original provider. But this security feature comes at a high cost, as it relies heavily on asymmetric cryptography which affects server performance when NDN Data are generated. This is particularly critical for many services dealing with real-time data (VOIP, live streaming, etc.), but current tools are not adapted for a realistic server-side performance evaluation of NDN traffic generation when digital signature is used. We propose a new tool, NDNperf, to perform this evaluation and show that creating NDN packets is a major bottleneck of application performances. On our testbed, 14 server cores only generate ∼400 Mbps of new NDN Data with default packet settings. We propose and evaluate practical solutions to improve the performance of server-side NDN Data generation leading to significant gains
On Constructing Persistent Identifiers with Persistent Resolution Targets
Persistent Identifiers (PID) are the foundation referencing digital assets in
scientific publications, books, and digital repositories. In its realization,
PIDs contain metadata and resolving targets in form of URLs that point to data
sets located on the network. In contrast to PIDs, the target URLs are typically
changing over time; thus, PIDs need continuous maintenance -- an effort that is
increasing tremendously with the advancement of e-Science and the advent of the
Internet-of-Things (IoT). Nowadays, billions of sensors and data sets are
subject of PID assignment. This paper presents a new approach of embedding
location independent targets into PIDs that allows the creation of
maintenance-free PIDs using content-centric network technology and overlay
networks. For proving the validity of the presented approach, the Handle PID
System is used in conjunction with Magnet Link access information encoding,
state-of-the-art decentralized data distribution with BitTorrent, and Named
Data Networking (NDN) as location-independent data access technology for
networks. Contrasting existing approaches, no green-field implementation of PID
or major modifications of the Handle System is required to enable
location-independent data dissemination with maintenance-free PIDs.Comment: Published IEEE paper of the FedCSIS 2016 (SoFAST-WS'16) conference,
11.-14. September 2016, Gdansk, Poland. Also available online:
http://ieeexplore.ieee.org/document/7733372
The Road Ahead for Networking: A Survey on ICN-IP Coexistence Solutions
In recent years, the current Internet has experienced an unexpected paradigm
shift in the usage model, which has pushed researchers towards the design of
the Information-Centric Networking (ICN) paradigm as a possible replacement of
the existing architecture. Even though both Academia and Industry have
investigated the feasibility and effectiveness of ICN, achieving the complete
replacement of the Internet Protocol (IP) is a challenging task.
Some research groups have already addressed the coexistence by designing
their own architectures, but none of those is the final solution to move
towards the future Internet considering the unaltered state of the networking.
To design such architecture, the research community needs now a comprehensive
overview of the existing solutions that have so far addressed the coexistence.
The purpose of this paper is to reach this goal by providing the first
comprehensive survey and classification of the coexistence architectures
according to their features (i.e., deployment approach, deployment scenarios,
addressed coexistence requirements and architecture or technology used) and
evaluation parameters (i.e., challenges emerging during the deployment and the
runtime behaviour of an architecture). We believe that this paper will finally
fill the gap required for moving towards the design of the final coexistence
architecture.Comment: 23 pages, 16 figures, 3 table
Security for the Industrial IoT: The Case for Information-Centric Networking
Industrial production plants traditionally include sensors for monitoring or
documenting processes, and actuators for enabling corrective actions in cases
of misconfigurations, failures, or dangerous events. With the advent of the
IoT, embedded controllers link these `things' to local networks that often are
of low power wireless kind, and are interconnected via gateways to some cloud
from the global Internet. Inter-networked sensors and actuators in the
industrial IoT form a critical subsystem while frequently operating under harsh
conditions. It is currently under debate how to approach inter-networking of
critical industrial components in a safe and secure manner.
In this paper, we analyze the potentials of ICN for providing a secure and
robust networking solution for constrained controllers in industrial safety
systems. We showcase hazardous gas sensing in widespread industrial
environments, such as refineries, and compare with IP-based approaches such as
CoAP and MQTT. Our findings indicate that the content-centric security model,
as well as enhanced DoS resistance are important arguments for deploying
Information Centric Networking in a safety-critical industrial IoT. Evaluation
of the crypto efforts on the RIOT operating system for content security reveal
its feasibility for common deployment scenarios.Comment: To be published at IEEE WF-IoT 201
Linux XIA: an interoperable meta network architecture to crowdsource the future Internet
With the growing number of proposed clean-slate redesigns of the Internet, the need for a medium that enables all stakeholders to participate in the realization, evaluation, and selection of these designs is increasing. We believe that the missing catalyst is a meta network architecture that welcomes most, if not all, clean-state designs on a level playing field, lowers deployment barriers, and leaves the final evaluation to the broader community. This paper presents Linux XIA, a native implementation of XIA [12] in the Linux kernel, as a candidate. We first describe Linux XIA in terms of its architectural realizations and algorithmic contributions. We then demonstrate how to port several distinct and unrelated network architectures onto Linux XIA. Finally, we provide a hybrid evaluation of Linux XIA at three levels of abstraction in terms of its ability to: evolve and foster interoperation of new architectures, embed disparate architectures inside the implementation’s framework, and maintain a comparable forwarding performance to that of the legacy TCP/IP implementation. Given this evaluation, we substantiate a previously unsupported claim of XIA: that it readily supports and enables network evolution, collaboration, and interoperability—traits we view as central to the success of any future Internet architecture.This research was supported by the National Science Foundation under awards CNS-1040800, CNS-1345307 and CNS-1347525
To NACK or not to NACK? Negative Acknowledgments in Information-Centric Networking
Information-Centric Networking (ICN) is an internetworking paradigm that
offers an alternative to the current IP\nobreakdash-based Internet
architecture. ICN's most distinguishing feature is its emphasis on information
(content) instead of communication endpoints. One important open issue in ICN
is whether negative acknowledgments (NACKs) at the network layer are useful for
notifying downstream nodes about forwarding failures, or requests for incorrect
or non-existent information. In benign settings, NACKs are beneficial for ICN
architectures, such as CCNx and NDN, since they flush state in routers and
notify consumers. In terms of security, NACKs seem useful as they can help
mitigating so-called Interest Flooding attacks. However, as we show in this
paper, network-layer NACKs also have some unpleasant security implications. We
consider several types of NACKs and discuss their security design requirements
and implications. We also demonstrate that providing secure NACKs triggers the
threat of producer-bound flooding attacks. Although we discuss some potential
countermeasures to these attacks, the main conclusion of this paper is that
network-layer NACKs are best avoided, at least for security reasons.Comment: 10 pages, 7 figure
Greening Multi-Tenant Data Center Demand Response
Data centers have emerged as promising resources for demand response,
particularly for emergency demand response (EDR), which saves the power grid
from incurring blackouts during emergency situations. However, currently, data
centers typically participate in EDR by turning on backup (diesel) generators,
which is both expensive and environmentally unfriendly. In this paper, we focus
on "greening" demand response in multi-tenant data centers, i.e., colocation
data centers, by designing a pricing mechanism through which the data center
operator can efficiently extract load reductions from tenants during emergency
periods to fulfill energy reduction requirement for EDR. In particular, we
propose a pricing mechanism for both mandatory and voluntary EDR programs,
ColoEDR, that is based on parameterized supply function bidding and provides
provably near-optimal efficiency guarantees, both when tenants are price-taking
and when they are price-anticipating. In addition to analytic results, we
extend the literature on supply function mechanism design, and evaluate ColoEDR
using trace-based simulation studies. These validate the efficiency analysis
and conclude that the pricing mechanism is both beneficial to the environment
and to the data center operator (by decreasing the need for backup diesel
generation), while also aiding tenants (by providing payments for load
reductions).Comment: 34 pages, 6 figure
Covert Ephemeral Communication in Named Data Networking
In the last decade, there has been a growing realization that the current
Internet Protocol is reaching the limits of its senescence. This has prompted
several research efforts that aim to design potential next-generation Internet
architectures. Named Data Networking (NDN), an instantiation of the
content-centric approach to networking, is one such effort. In contrast with
IP, NDN routers maintain a significant amount of user-driven state. In this
paper we investigate how to use this state for covert ephemeral communication
(CEC). CEC allows two or more parties to covertly exchange ephemeral messages,
i.e., messages that become unavailable after a certain amount of time. Our
techniques rely only on network-layer, rather than application-layer, services.
This makes our protocols robust, and communication difficult to uncover. We
show that users can build high-bandwidth CECs exploiting features unique to
NDN: in-network caches, routers' forwarding state and name matching rules. We
assess feasibility and performance of proposed cover channels using a local
setup and the official NDN testbed
- …