132 research outputs found
Trustless communication across distributed ledgers: impossibility and practical solutions
Since the advent of Bitcoin as the first decentralized digital currency in 2008, a plethora of distributed ledgers has been created, differing in design and purpose. Considering the heterogeneous nature of these systems, it is safe to say there shall not be ``one coin to rule them all". However, despite the growing and thriving ecosystem, blockchains continue to operate almost exclusively in complete isolation from one another: by design, blockchain protocols provide no means by which to communicate or exchange data with external systems. To this date, centralized providers hence remain the preferred route to exchange assets and information across blockchains~-- undermining the very nature of decentralized currencies.
The contribution of this thesis is threefold.
First, we critically evaluate the (im)possibilty, requirements, and challenges of cross-chain communication by contributing the first systematization of this field. We formalize the problem of Cross-Chain Communication (CCC) and show it is impossible without a trusted third party by relating CCC to the Fair Exchange problem. With this impossibility result in mind, we develop a framework to design new and evaluate existing CCC protocols, focusing on the inherent trust assumptions thereof, and derive a classification covering the field of cross-chain communication to date.
We then present XCLAIM, the first generic framework for transferring assets and information across permissionless distributed ledgers without relying on a centralized third party.
XCLAIM leverages so-called cryptocurrency-backed assets, blockchain-based assets one-to-one backed by other cryptocurrencies, such as Bitcoin-backed tokens on Ethereum. Through the secure issuance, transfer, and redemption of these assets, users can perform cross-chain exchanges in a financially trustless and non-interactive manner, overcoming the limitations of existing solutions.
To ensure the security of user funds, XCLAIM relies on collateralization of intermediaries and a proof-or-punishment approach, enforced via smart contracts equipped with cross-chain light clients, so-called chain relays.
XCLAIM has been adopted in practice, among others by the Polkadot blockchain, as a bridge to Bitcoin and other cryptocurrencies.
Finally, we contribute to advancing the state of the art in cross-chain light clients.
We develop TxChain, a novel mechanism to significantly reduce storage and bandwidth costs of modern blockchain light clients using contingent transaction aggregation, and apply our scheme to Bitcoin and Ethereum individually, as well as in the cross-chain setting.Open Acces
Segurança e privacidade em terminologia de rede
Security and Privacy are now at the forefront of modern concerns, and drive
a significant part of the debate on digital society. One particular aspect that
holds significant bearing in these two topics is the naming of resources in the
network, because it directly impacts how networks work, but also affects how
security mechanisms are implemented and what are the privacy implications
of metadata disclosure. This issue is further exacerbated by interoperability
mechanisms that imply this information is increasingly available regardless of
the intended scope.
This work focuses on the implications of naming with regards to security and
privacy in namespaces used in network protocols. In particular on the imple-
mentation of solutions that provide additional security through naming policies
or increase privacy. To achieve this, different techniques are used to either
embed security information in existing namespaces or to minimise privacy ex-
posure. The former allows bootstraping secure transport protocols on top of
insecure discovery protocols, while the later introduces privacy policies as part
of name assignment and resolution.
The main vehicle for implementation of these solutions are general purpose
protocols and services, however there is a strong parallel with ongoing re-
search topics that leverage name resolution systems for interoperability such
as the Internet of Things (IoT) and Information Centric Networks (ICN), where
these approaches are also applicable.Segurança e Privacidade são dois topicos que marcam a agenda na discus-
são sobre a sociedade digital. Um aspecto particularmente subtil nesta dis-
cussão é a forma como atribuímos nomes a recursos na rede, uma escolha
com consequências práticas no funcionamento dos diferentes protocols de
rede, na forma como se implementam diferentes mecanismos de segurança
e na privacidade das várias partes envolvidas. Este problema torna-se ainda
mais significativo quando se considera que, para promover a interoperabili-
dade entre diferentes redes, mecanismos autónomos tornam esta informação
acessível em contextos que vão para lá do que era pretendido.
Esta tese foca-se nas consequências de diferentes políticas de atribuição de
nomes no contexto de diferentes protocols de rede, para efeitos de segurança
e privacidade. Com base no estudo deste problema, são propostas soluções
que, através de diferentes políticas de atribuição de nomes, permitem introdu-
zir mecanismos de segurança adicionais ou mitigar problemas de privacidade
em diferentes protocolos. Isto resulta na implementação de mecanismos de
segurança sobre protocolos de descoberta inseguros, assim como na intro-
dução de mecanismos de atribuiçao e resolução de nomes que se focam na
protecçao da privacidade.
O principal veículo para a implementação destas soluções é através de ser-
viços e protocolos de rede de uso geral. No entanto, a aplicabilidade destas
soluções extende-se também a outros tópicos de investigação que recorrem
a mecanismos de resolução de nomes para implementar soluções de intero-
perabilidade, nomedamente a Internet das Coisas (IoT) e redes centradas na
informação (ICN).Programa Doutoral em Informátic
Self-organizing Network Optimization via Placement of Additional Nodes
Das Hauptforschungsgebiet des Graduiertenkollegs "International Graduate
School on Mobile Communication" (GS Mobicom) der Technischen Universität
Ilmenau ist die Kommunikation in Katastrophenszenarien. Wegen eines
Desasters oder einer Katastrophe können die terrestrischen Elementen der
Infrastruktur eines Kommunikationsnetzwerks beschädigt oder komplett
zerstört werden. Dennoch spielen verfügbare Kommunikationsnetze eine sehr
wichtige Rolle während der Rettungsmaßnahmen, besonders für die
Koordinierung der Rettungstruppen und für die Kommunikation zwischen ihren
Mitgliedern. Ein solcher Service kann durch ein mobiles Ad-Hoc-Netzwerk
(MANET) zur Verfügung gestellt werden. Ein typisches Problem der MANETs
ist Netzwerkpartitionierung, welche zur Isolation von verschiedenen
Knotengruppen führt. Eine mögliche Lösung dieses Problems ist die
Positionierung von zusätzlichen Knoten, welche die Verbindung zwischen den
isolierten Partitionen wiederherstellen können. Hauptziele dieser Arbeit
sind die Recherche und die Entwicklung von Algorithmen und Methoden zur
Positionierung der zusätzlichen Knoten. Der Fokus der Recherche liegt auf
Untersuchung der verteilten Algorithmen zur Bestimmung der Positionen für
die zusätzlichen Knoten. Die verteilten Algorithmen benutzen nur die
Information, welche in einer lokalen Umgebung eines Knotens verfügbar ist,
und dadurch entsteht ein selbstorganisierendes System. Jedoch wird das
gesamte Netzwerk hier vor allem innerhalb eines ganz speziellen Szenarios -
Katastrophenszenario - betrachtet. In einer solchen Situation kann die
Information über die Topologie des zu reparierenden Netzwerks im Voraus
erfasst werden und soll, natürlich, für die Wiederherstellung mitbenutzt
werden. Dank der eventuell verfügbaren zusätzlichen Information können
die Positionen für die zusätzlichen Knoten genauer ermittelt werden. Die
Arbeit umfasst eine Beschreibung, Implementierungsdetails und eine
Evaluierung eines selbstorganisierendes Systems, welche die
Netzwerkwiederherstellung in beiden Szenarien ermöglicht.The main research area of the International Graduate School on Mobile
Communication (GS Mobicom) at Ilmenau University of Technology is
communication in disaster scenarios. Due to a disaster or an accident, the
network infrastructure can be damaged or even completely destroyed.
However, available communication networks play a vital role during the
rescue activities especially for the coordination of the rescue teams and
for the communication between their members. Such a communication service
can be provided by a Mobile Ad-Hoc Network (MANET). One of the typical
problems of a MANET is network partitioning, when separate groups of nodes
become isolated from each other. One possible solution for this problem is
the placement of additional nodes in order to reconstruct the communication
links between isolated network partitions. The primary goal of this work is
the research and development of algorithms and methods for the placement of
additional nodes. The focus of this research lies on the investigation of
distributed algorithms for the placement of additional nodes, which use
only the information from the nodes’ local environment and thus form a
self-organizing system. However, during the usage specifics of the system
in a disaster scenario, global information about the topology of the
network to be recovered can be known or collected in advance. In this case,
it is of course reasonable to use this information in order to calculate
the placement positions more precisely. The work provides the description,
the implementation details and the evaluation of a self-organizing system
which is able to recover from network partitioning in both situations
FatPaths: Routing in Supercomputers and Data Centers when Shortest Paths Fall Short
We introduce FatPaths: a simple, generic, and robust routing architecture
that enables state-of-the-art low-diameter topologies such as Slim Fly to
achieve unprecedented performance. FatPaths targets Ethernet stacks in both HPC
supercomputers as well as cloud data centers and clusters. FatPaths exposes and
exploits the rich ("fat") diversity of both minimal and non-minimal paths for
high-performance multi-pathing. Moreover, FatPaths uses a redesigned "purified"
transport layer that removes virtually all TCP performance issues (e.g., the
slow start), and incorporates flowlet switching, a technique used to prevent
packet reordering in TCP networks, to enable very simple and effective load
balancing. Our design enables recent low-diameter topologies to outperform
powerful Clos designs, achieving 15% higher net throughput at 2x lower latency
for comparable cost. FatPaths will significantly accelerate Ethernet clusters
that form more than 50% of the Top500 list and it may become a standard routing
scheme for modern topologies
Scalability and Resilience Analysis of Software-Defined Networking
Software-defined Networking (SDN) ist eine moderne Architektur für Kommunikationsnetze, welche entwickelt wurde, um die Einführung von neuen Diensten und Funktionen in Netzwerke zu erleichtern. Durch eine Trennung der Weiterleitungs- und Kontrollfunktionen sind nur wenige Kontrollelemente mit Software-Updates zu versehen, um Veränderungen am Netz vornehmen zu können. Allerdings wirft die Netzstrukturierung von SDN neue Fragen bezüglich Skalierbarkeit und Ausfallsicherheit auf, welche in dezentralen Netzstrukturen nicht auftreten. In dieser Arbeit befassen wir uns mit Fragestellungen zu Skalierbarkeit und Ausfallsicherheit in Bezug auf Unicast- und Multicast-Verkehr in SDN-basierten Netzen. Wir führen eine Komprimierungstechnik für Routingtabellen ein, welche die Skalierungsproblematik aktueller SDN Weiterleitungsgeräte verbessern soll und ermitteln ihre Effizienz in einer Leistungsbewertung. Außerdem diskutieren wir unterschiedliche Methoden, um die Ausfallsicherheit in SDN zu verbessern. Wir analysieren sie auf öffentlich zugänglichen Netzwerken und benennen Vor- und Nachteile der Ansätze. Abschließend schlagen wir eine skalierbare und ausfallsichere Architektur für Multicast-basiertes SDN vor. Wir untersuchen ihre Effizienz in einer Leistungsbewertung und zeigen ihre Umsetzbarkeit mithilfe eines Prototypen.Software-Defined Networking (SDN) is a novel architecture for communication networks that has been developed to ease the introduction of new network services and functions. It leverages the separation of the data plane and the control plane to allow network services to be deployed solely in software. Although SDN provides great flexibility, the applicability of SDN in communication networks raises several questions with regard to scalability and resilience against network failures. These concerns are not prevalent in current decentralized network architectures. In this thesis, we address scalability and resilience issues with regard to unicast and multicast traffic for SDN-based networks. We propose a new compression method for inter-domain routing tables to address hardware limitations of current SDN switches and analyze its effectiveness. We propose various resilience methods for SDN and identify their key performance indicators in the context of carrier-grade and datacenter networks. We discuss the advantages and disadvantages of these proposals and their appropriate use cases. Finally, we propose a scalable and resilient software-defined multicast architecture. We study the effectiveness of our approach and show its feasibility using a prototype implementation
Exploiting the power of multiplicity: a holistic survey of network-layer multipath
The Internet is inherently a multipath network: For an underlying network with only a single path, connecting various nodes would have been debilitatingly fragile. Unfortunately, traditional Internet technologies have been designed around the restrictive assumption of a single working path between a source and a destination. The lack of native multipath support constrains network performance even as the underlying network is richly connected and has redundant multiple paths. Computer networks can exploit the power of multiplicity, through which a diverse collection of paths is resource pooled as a single resource, to unlock the inherent redundancy of the Internet. This opens up a new vista of opportunities, promising increased throughput (through concurrent usage of multiple paths) and increased reliability and fault tolerance (through the use of multiple paths in backup/redundant arrangements). There are many emerging trends in networking that signify that the Internet's future will be multipath, including the use of multipath technology in data center computing; the ready availability of multiple heterogeneous radio interfaces in wireless (such as Wi-Fi and cellular) in wireless devices; ubiquity of mobile devices that are multihomed with heterogeneous access networks; and the development and standardization of multipath transport protocols such as multipath TCP. The aim of this paper is to provide a comprehensive survey of the literature on network-layer multipath solutions. We will present a detailed investigation of two important design issues, namely, the control plane problem of how to compute and select the routes and the data plane problem of how to split the flow on the computed paths. The main contribution of this paper is a systematic articulation of the main design issues in network-layer multipath routing along with a broad-ranging survey of the vast literature on network-layer multipathing. We also highlight open issues and identify directions for future work
Network flow optimization for distributed clouds
Internet applications, which rely on large-scale networked environments such as data centers for their back-end support, are often geo-distributed and typically have stringent performance constraints. The interconnecting networks, within and across data centers, are critical in determining these applications' performance. Data centers can be viewed as composed of three layers: physical infrastructure consisting of servers, switches, and links, control platforms that manage the underlying resources, and applications that run on the infrastructure. This dissertation shows that network flow optimization can improve performance of distributed applications in the cloud by designing high-throughput schemes spanning all three layers.
At the physical infrastructure layer, we devise a framework for measuring and understanding throughput of network topologies. We develop a heuristic for estimating the worst-case performance of any topology and propose a systematic methodology for comparing performance of networks built with different equipment. At the control layer, we put forward a source-routed data center fabric which can achieve near-optimal throughput performance by leveraging a large number of available paths while using limited memory in switches. At the application layer, we show that current Application Network Interfaces (ANIs), abstractions that translate an application's performance goals to actionable network objectives, fail to capture the requirements of many emerging applications. We put forward a novel ANI that can capture application intent more effectively and quantify performance gains achievable with it.
We also tackle resource optimization in the inter-data center context of cellular providers. In this emerging environment, a large amount of resources are geographically fragmented across thousands of micro data centers, each with a limited share of resources, necessitating cross-application optimization to satisfy diverse performance requirements and improve network and server utilization. Our solution, Patronus, employs hierarchical optimization for handling multiple performance requirements and temporally partitioned scheduling for scalability
Near real-time network analysis for the identification of malicious activity
The evolution of technology and the increasing connectivity between devices lead to an
increased risk of cyberattacks. Reliable protection systems, such as Intrusion Detection
System (IDS) and Intrusion Prevention System (IPS), are essential to try to prevent,
detect and counter most of the attacks. However, the increased creativity and type of
attacks raise the need for more resources and processing power for the protection systems
which, in turn, requires horizontal scalability to keep up with the massive companies’
network infrastructure and with the complexity of attacks. Technologies like machine
learning, show promising results and can be of added value in the detection and prevention
of attacks in near real-time. But good algorithms and tools are not enough. They require
reliable and solid datasets to be able to effectively train the protection systems. The
development of a good dataset requires horizontal-scalable, robust, modular and faulttolerant
systems so that the analysis may be done in near real-time. This work describes
an architecture design for horizontal-scaling capture, storage and analyses, able to collect
packets from multiple sources and analyse them in a parallel fashion. The system depends
on multiple modular nodes with specific roles to support different algorithms and tools.A evolução da tecnologia e o aumento da conectividade entre dispositivos, levam a um
aumento do risco de ciberataques. Os sistemas de deteção de intrusão são essenciais para
tentar prevenir, detetar e conter a maioria dos ataques. No entanto, o aumento da criatividade
e do tipo de ataques aumenta a necessidade dos sistemas de proteção possuírem
cada vez mais recursos e poder computacional. Por sua vez, requerem escalabilidade horizontal
para acompanhar a massiva infraestrutura de rede das empresas e a complexidade
dos ataques. Tecnologias como machine learning apresentam resultados promissores e
podem ser de grande valor na deteção e prevenção de ataques em tempo útil. No entanto,
a utilização dos algoritmos e ferramentas requer sempre um conjunto de dados sólidos e
confiáveis para treinar os sistemas de proteção de maneira eficaz. A implementação de um
bom conjunto de dados requer sistemas horizontalmente escaláveis, robustos, modulares
e tolerantes a falhas para que a análise seja rápida e rigorosa. Este trabalho descreve
a arquitetura de um sistema de captura, armazenamento e análise, capaz de capturar
pacotes de múltiplas fontes e analisá-los de forma paralela. O sistema depende de vários
nós modulares com funções específicas para oferecer suporte a diferentes algoritmos e
ferramentas
- …