RFC9031: Constrained Join Protocol (CoJP) for 6TiSCH

International audienceThis document describes the minimal framework required for a new device, called a "pledge", to securely join a 6TiSCH (IPv6 over the Time-Slotted Channel Hopping mode of IEEE 802.15.4) network. The framework requires that the pledge and the JRC (Join Registrar/Coordinator, a central entity), share a symmetric key. How this key is provisioned is out of scope of this document. Through a single CoAP (Constrained Application Protocol) request-response exchange secured by OSCORE (Object Security for Constrained RESTful Environments), the pledge requests admission into the network, and the JRC configures it with link-layer keying material and other parameters. The JRC may at any time update the parameters through another request-response exchange secured by OSCORE. This specification defines the Constrained Join Protocol and its CBOR (Concise Binary Object Representation) data structures, and it describes how to configure the rest of the 6TiSCH communication stack for this join process to occur in a secure manner. Additional security mechanisms may be added on top of this minimal framework

To Relive the Web: A Framework for the Transformation and Archival Replay of Web Pages

When replaying an archived web page (known as a memento), the fundamental expectation is that the page should be viewable and function exactly as it did at archival time. However, this expectation requires web archives to modify the page and its embedded resources, so that they no longer reference (link to) the original server(s) they were archived from but back to the archive. Although these modifications necessarily change the state of the representation, it is understood that without them the replay of mementos from the archive would not be possible. Unfortunately, because the replay of mementos and the modifications made to them by web archives in order to facilitate replay varies between archives, the terminology for describing replay and the modification made to mementos for facilitating replay does not exist. In this thesis, we propose terminology for describing the existing styles of replay and the modifications made on the part of web archives to mementos in order to facilitate replay. This thesis also, in the process of defining terminology for the modifications made by client-side rewriting libraries to the JavaScript execution environment of the browser during replay, proposes a general framework for the auto-generation of client-side rewriting libraries. Finally, we evaluate the effectiveness of using a generated client-side rewriting library to augment the existing replay systems of web archives by crawling mementos replayed from the Internet Archive’s Wayback Machine with and without the generated client-side rewriter. By using the generated client-side rewriter we were able to decrease the cumulative number of requests blocked by the content security policy of the Wayback Machine for 577 mementos by 87.5% and increased the cumulative number of requests made by 32.8%. Also by using the generated client-side rewriter, we were able to replay mementos that were previously not replayable from the Internet Archive

Aggregating Private and Public Web Archives Using the Mementity Framework

Web archives preserve the live Web for posterity, but the content on the Web one cares about may not be preserved. The ability to access this content in the future requires the assurance that those sites will continue to exist on the Web until the content is requested and that the content will remain accessible. It is ultimately the responsibility of the individual to preserve this content, but attempting to replay personally preserved pages segregates archived pages by individuals and organizations of personal, private, and public Web content. This is misrepresentative of the Web as it was. While the Memento Framework may be used for inter-archive aggregation, no dynamics exist for the special consideration needed for the contents of these personal and private captures. In this work we introduce a framework for aggregating private and public Web archives. We introduce three mementities that serve the roles of the aforementioned aggregation, access control to personal Web archives, and negotiation of Web archives in dimensions beyond time, inclusive of the dimension of privacy. These three mementities serve as the foundation of the Mementity Framework. We investigate the difficulties and dynamics of preserving, replaying, aggregating, propagating, and collaborating with live Web captures of personal and private content. We offer a systematic solution to these outstanding issues through the application of the framework. We ensure the framework\u27s applicability beyond the use cases we describe as well as the extensibility of reusing the mementities for currently unforeseen access patterns. We evaluate the framework by justifying the mementity design decisions, formulaically abstracting the anticipated temporal and spatial costs, and providing reference implementations, usage, and examples for the framework

Autenticação e Autorização: antigas demandas, no-vos desafios e tecnologias emergentes

Identity and access management integrates policies, business processes, and technologies to enable authentication and authorization of subjects before and during an online transaction.Technological developments, and social and regulatory demands, such as personal data protection regulations, constantly pose challenges for identity management. This chapter begins with a characterization of identity and access management models, which includes the decentralized identity model. It then presents some technologies and standards to meet new demands and challenges regarding security, privacy, usability, and user empowerment. It also characterizes software identity, the use of authorization and access control in web applications, ending with an overview of the topics covered

Semantic OrientaTree: Integración en Linked Open Data de una aplicación móvil de orientación deportiva con enfoque educativo

OrientaTree nació como un acercamiento de la tecnología a las actividades físicas en el medio natural, que cada vez cobran más fuerza en el ámbito educativo. Esta aplicación móvil utiliza la orientación deportiva que, mediante la definición de un conjunto de tareas y actividades, puede ser adaptada al aprendizaje. A pesar de su utilidad, OrientaTree presentaba algunas limitaciones, como la escasa variedad de actividades y la imposibilidad de compartir datos con otras aplicaciones. Con la idea de llevar más lejos OrientaTree, en este Trabajo Fin de Máster se ha desarrollado una nueva versión: Semantic OrientaTree. En ella, se integró la web semántica con la idea de obtener más información y datos de la web, pudiendo desarrollar nuevas actividades de orientación deportiva mediante una ontología que permita enlazar los datos de Orientatree con otros repositorios de la web semántica. Es por ello que el objetivo del trabajo ha sido desarrollar una ontología capaz de, no solo, implementar las actividades y tareas de la versión original, sino añadir nuevas que sean publicadas para que puedan desarrollarse en aplicaciones de este tipo. Finalmente se integró la ontología en la aplicación, para que sea capaz de funcionar utilizando las ventajas que brinda Linked Open Data superando las limitaciones iniciales.OrientaTree was born as an approach of technology to physical activities in the natural environment, which are increasingly gaining strength in the educational field. This mobile application uses orienteering which, by defining a set of tasks and activities, can be adapted to learning. Despite its usefulness, OrientaTree had some limitations, such as the limited variety of activities and the impossibility of sharing data with other applications. With the idea of taking OrientaTree further, a new version has been developed in this Master Thesis: Semantic OrientaTree. In it, the semantic web was integrated with the idea of obtaining more information and data from the web, being able to develop new orienteering activities by means of an ontology that allows linking Orientatree data with those of other semantic web repositories. Therefore, the aim of the work has been to develop an ontology capable of not only implementing the activities and tasks of the original version, but also adding new ones that are published so that they can be developed in applications of this type. Finally, the ontology was integrated into the application, so that it is able to function using the advantages provided by Linked Open Data overcoming the initial limitations.Departamento de Informática (Arquitectura y Tecnología de Computadores, Ciencias de la Computación e Inteligencia Artificial, Lenguajes y Sistemas Informáticos)Máster en Ingeniería Informátic

DOI Assignment Practice of Czech Scientific Journal Publishers

Cílem předložené bakalářské je zmapovat způsob přiřazování Digital Object Identifier (DOI) u českých vědeckých časopisů. V teoretické části jsou popsány systémy trvalých identifikátorů, zvláště pak DOI, registrační agentury, vydavatelé, registrátoři, redakce a redakční systémy. V praktické části byl kvantitativní metodou vybrán vzorek vědeckých časopisů, u kterých bylo zjištěno, od kdy přidělují DOI, u kterého registrátora jsou DOI registrována, jakou metodou jsou registrována a je popsán způsob konstrukce sufixu DOI. Na vzorku článků bylo zkoumáno, zda metadata o článcích deponovaná u registrační agentury Crossref jsou přesná a s jakým časovým zpožděním jsou deponována. Powered by TCPDF (www.tcpdf.org)The aim of this bachelor's thesis is to map the method of assigning the Digital Object Identifier (DOI) in Czech scientific journals. The theoretical part describes the systems of permanent identifiers, in particular, the DOI, registration agencies, publishers, registrars, editors and editorial systems. In the practical part, a selection of scientific journals was made for the purposes of quantitative research. From these, the following were determined and described: when the journals were assigned DOIs, where and by what method the DOIs are registered, and the method of DOI suffix construction. From the sample of articles an examination was conducted into whether the metadata on the articles deposited with the Crossref registration agency is accurate and with what time delay they were deposited. Powered by TCPDF (www.tcpdf.org)Institute of Information Studies and LibrarianshipÚstav informačních studií a knihovnictvíFaculty of ArtsFilozofická fakult

Framework de rede tolerante a falhas

Dissertação de mestrado integrado em Engenharia InformáticaUma Fault Tolerant Network é uma estrutura de Redes que tem como objetivo garantir a comunicação entre Nodos de uma Rede mesmo que esta seja propícia à perda de Datagramas e à consequente perda de Informação. Estas perdas podem acontecer por vários motivos, mas este projeto tem como alvo analisar três casos, o da mobilidade de Nodos na Rede, o da conexão intermitente e o da conexão esporádica. Todos estes ambientes onde se pretende assegurar a troca de Informação entre Nodos apresentam uma característica em comum, um possível volume elevado de perda de Datagramas a qualquer instante que limita a quantidade de Dados que podem ser trocados bem como a Qualidade de Serviço destas mesmas trocas de Dados. Esta é a principal característica que se pretende atenuar com o desenvolvimento deste Projeto, porém existem outras relacionadas como a interrupção prolongada de uma Transmissão e a sua retoma que também foram analisadas. Como todos os ambientes referidos anteriormente apresentam adversidades semelhantes ou que podem ser tratadas como tal, optou-se pelo desenvolvimento de um Protocolo de Transferência de Dados adaptado a tais adversidades. Este encontra-se entre a Camada de Transporte e a Camada de Aplicações da Network Stack e pode ser utilizado como base para o Desenvolvimento de Arquiteturas que possibilitem a Troca organizada de Informação entre Nodos. Neste Projeto foi Desenhado e Implementado um Protocolo de Transferência de Dados que possibilita a troca de informação nos ambientes anteriormente referidos, apresentando resiliência a Drops de Datagramas, grandes Delays na transmissão destes e movimentações de Nodos na Rede. Para além deste Protocolo, foi Desenhada uma simples Arquitetura de Redes baseada em Redes Ad Hoc onde cada Nodo tem uma visualização da Rede centralizada nele próprio e os restantes Nodos visíveis encontram-se organizados em Níveis de Vizinhança consoante a sua distância ao Nodo central. Foi tamb´em definido o objetivo de desenho de uma Arquitetura de Redes baseada em Redes DTN, que fortemente influenciou o Protocolo de Transferência de dados devido às suas grandes exigências. Por fim foram realizados testes em determinados cenários reais pertinentes ao Protótipo Implementado de forma a provar que os objetivos delineados inicialmente foram atingidos.A Fault Tolerant Network is a Network structure that aims to guarantee Node communication in certain Network environments that are prone to Datagram Drops and consequent loss of Information. These Drops can be present due to a multitude of reasons but this Project aims to analyze three specific cases where these can occur, Node Mobility, Intermittent Network Connection and Sporadic Network Connection. All these cases present the same challenge to Node Communication, there’s a possibility of a high volume of Datagram Drops that can happen unexpectedly, limits the amount of Data that can be exchanged between Nodes and lowers the Quality of Service of said exchanges. The main objective of this Project is to address these limitations that are innate in these specific cases as well as other topics that are derivative of said limitations such as extensive interruptions in Data Transfers and subsequent resume of these. Since all the cases described previously present the same challenges, or they can be treated like they are similar, it was decided to develop a Data Transfer Protocol fitted for these limitations. This Protocol is between the Transport and Application Layers of the Network Stack and it’s purpose is to improve Data Transfer and Reception between Nodes. In this Project, a Data Transfer Protocol was designed and implemented that enables Data transmission between Nodes in the cases previously referred, showing resilience against Datagram Drops, Transmission Delays and Node Mobility. In addition to this Protocol, a simple Ad Hoc Network Architecture was designed using said Protocol where each Node has a view of the Network centralized onto itself and the Neighboring Nodes organized in Neighbor Levels depending on their distance to the central Node. The objective of designing a simple version of a DTN was also established bringing new challenges that strongly influenced the design of the Data Transfer Protocol due to its strict requirements. Lastly, some tests were performed in real world scenarios in such ways that all the features designed and developed in this Project could be shown to be working properly and that all objectives delined were met

Contributions to routing scalability and QoS assurance in cloud data transport networks based on the recursive internetwork architecture

With an increasing number of devices and heterogeneous distributed applications, it is becoming evident that service delivered by the current Internet fall short to supply the actual Quality of Service (QoS) requirements of applications. In addition, the global scope of the IP layer causes large scalability problems on the network. Multiple solutions aim to overcome the limitations of the model (BGP, NAT, etc.), but all end being constrained by the same networking model that they try to improve, ending simply breaking and patching the stack itself of TCP/IP. In contrast, RINA proposes a new clean-slate Internet architecture based on a recursive networking stack with focus on inter process communication, where each layer, or DIF, performs the same set of tasks. DIFs are fully configurable by mean of programmable policies, and provide complete support for QoS services. RINA is capable to provide a standardized way to express the capabilities of each layer, the QoS Cubes. With those, RINA allows for applications and upper processes to express their requirements in terms of latency, losses, etc. The contributions in this thesis take profit from the recursive stack of RINA and the use of policies to propose and analyse old and new solutions which would not be compatible with the current TCP/IP Internet. Improving the QoS services, this work takes profit from the information on requirements provided by the applications themselves to improve the assurance of QoS. With the use of Q-based scheduling policies, improved QoS assurances are provided, aiming to provide “good enough” service for all flows in the network, resulting in a more appropriate sharing of resources. These policies have been tested in backbone-like networks, showing interesting improvements with respect to commonly used solutions like MPLS-based VPNs. In addition the provisioning of QoS services to end-users is also considered. In order to allow that, it is required to impose some limits on what end-users can send to the network, limiting the amount of priority traffic that potentially greedy users can send. In that regard, while enforcing strict rate-limits per QoS would be trivial in RINA, a new △Q-based rate-limiting policy that aims to limit the amount of priority traffic in a more user-friendly way is also explored. In terms of scalability, this work also considers different measures to improve forwarding and routing within large-scale networks. As for the use of policies that could profit from specific network topologies, a new forwarding policy, that mix both topological rules and exceptions, is proposed. With this policy, forwarding table lookups in large tables are replaced with fast and simple forwarding rules based on the location of nodes and their neighbourhood. Given the common topologies used in large data centres, the proposed policy is found to be a perfect match for those scenarios. Test for different data centre topology showed clear improvements, requiring only a small fraction of all forwarding information despite the large size of such networks, depending that in the number of concurrent failures in the network rather than on the size of it. In addition, this work also considers the use of topological routing policies to populate exceptions upon failures. The use of topological routing solutions resulted in reduced complexity for computing paths and less routing messages. In addition to topological solutions, the use other routing solution, not well suited for the IP environment are also investigated. Specifically, it is shown how a Landmark routing solution could be implemented within RINA. Finally, efforts are also devoted to analyse the importance of path selection for ensuring QoS requirements and how it is not required to reach extremes solutions, like the use of connections, to provide the required services.Con un número cada vez mayor de dispositivos y aplicaciones distribuidas, se está volviendo evidente que el servicio best-effort ofrecido por la actual Internet TCP/IP no satisface los requisitos de calidad de servicio (QoS) de las aplicaciones. No solo eso, sino que el alcance global de la capa de IP se convierte en la causa de grandes problemas de escalabilidad, requiriendo costes cada vez más altos para ser resueltos. Desde la implantación de TCP/IP, han aparecido múltiples soluciones que tienen como objetivo superar las limitaciones del modelo (BGP, NAT, LISP, etc.). Aun así, todas estas soluciones terminan restringidas por el mismo modelo de red que intentan mejorar. Dado esto, la mayoría de las soluciones terminan simplemente rompiendo y parcheando la pila misma de TCP/IP. Con el objetivo de resolver esos problemas, la Recursive InterNetwork Architecture (RINA) propone una nueva arquitectura de Internet que vuelve a las raíces de la comunicación en red. En lugar de parchear la pila actual de TCP/IP, RINA propone una pila de red recursiva con enfoque en la comunicación entre procesos, donde cada capa, llamada Distributed IPC Facility (DIF), realiza el mismo conjunto de tareas. Mientras realizan las mismas tareas, las DIF de RINA son completamente configurables por medio de políticas programables, definiciones de cómo realizar tales tareas. Además, RINA brinda soporte completo para servicios de QoS por medio de los Cubos QoS, o clases de QoS que definen las capacidades de cada DIF. Con el uso de los Cubos QoS, RINA es capaz de proporcionar una forma estandarizada de expresar las capacidades de cada capa. Además, dada esa información, RINA también permite que las aplicaciones y los procesos de capas superiores expresen sus requisitos de QoS en términos de latencia aceptada, pérdidas, uso promedio, etc. Las contribuciones en esta tesis sacan provecho de la pila recursiva de RINA y el uso de políticas para proponer y analizar soluciones, antiguas y nuevas, para QoS y escalabilidad, que no serán compatibles con la Internet TCP/IP actual. En términos de mejoras de los servicios de QoS, el trabajo en esta tesis aprovecha la información sobre los requisitos de flujo, proporcionados por las propias aplicaciones, para mejorar las garantías de QoS proporcionadas por la red. Propone el uso de políticas basadas en △Q, proporcionando garantías de QoS mejoradas, que coinciden mejor con los requisitos de los flujos. A diferencia de las soluciones de diferenciación de QoS más simples, donde los servicios de QoS se proporcionan en orden de prioridad, △Q pretende proporcionar un servicio “suficientemente bueno" para todos los flujos en la red, lo que resulta en una repartición de recursos más apropiada. En este trabajo, estas políticas se han probado en redes tipo backbone, que muestran mejoras interesantes con respecto a las soluciones comunes de diferenciación de QoS, como las VPN basadas en MPLS. Además del uso de las políticas de △Q en el núcleo de la red, esta tesis también considera el suministro de servicios de QoS a los usuarios finales, siendo ese el objetivo final de las redes. Para permitir eso, se requiere imponer algunos límites a lo que los usuarios finales pueden enviar a la red, con el fin de limitar la cantidad de tráfico prioritario que usuarios codiciosos puedan enviar. En ese sentido, aunque imponer límites de velocidad estrictos por QoS sería trivial en RINA, también se explora una nueva política de limitación de tasas basada en △Q que pretende limitar la cantidad de tráfico prioritario de una manera más beneficiosa para los usuarios. En términos de escalabilidad, esta tesis también considera diferentes medidas para mejorar el reenvío y el enrutamiento dentro de redes de gran escala. Primero, en cuanto al uso de políticas que podrán beneficiarse de topologías de red específicas, se propone una nueva política de forwarding que combina reglas topológicas, es decir decisiones basadas en la ubicación de nodos, y excepciones, es decir entradas que sobrescriben reglas en caso de error. Con esta política, las costosas búsquedas en tablas grandes se reemplazan con reglas de rápidas y simples basadas en la ubicación de los nodos y su vecindad. Dadas las topologías específicas más comúnmente utilizadas en los grandes centros de datos hoy en día, se encuentra que el uso de la política propuesta es la combinación perfecta para esos escenarios. Pruebas en varias topologías comunes para centros de datos mostraron mejoras claras, que requieren solo una pequeña fracción de toda la información sobre la red, a pesar del gran tamaño de dichas redes, dependiendo esta de la cantidad de fallas concurrentes en la red y no del tamaño de la misma. Además, esta tesis también considera el uso de políticas de enrutamiento topológico para poblar tales excepciones en caso de fallas. El uso de soluciones de enrutamiento topológico dio como resultado la reducción de la complejidad en el cálculo de rutas, junto con un menor número de mensajes de enrutamiento. Además de las soluciones topológicas, también se investiga el uso de otra solución de enrutamiento, no adecuada para el entorno de IP. Específicamente, se muestra como una solución de enrutamiento Landmark, una solución de enrutamiento de la familia de enrutamiento compacto, podría implementarse dentro de RINA. Finalmente, también se dedican esfuerzos a analizar la importancia de la selección de rutas para garantizar los requisitos de QoS y como no se requiere llegar a soluciones extremas, como el uso de conexiones, para proporcionar los servicios requeridos.Postprint (published version