Explicit congestion control algorithms for time-varying capacity media

Tese de doutoramento. Engenharia Electrotécnica e de Computadores. Faculdade de Engenharia. Universidade do Porto. 200

Implementation and performance evaluation of explicit congestion control algorithms

Estágio realizado no INESC-Porto e orientado pelo Eng.º Filipe Lameiro AbrantesTese de mestrado integrado. Engenharia Electrotécnica e de Computadores. Faculdade de Engenharia. Universidade do Porto. 200

Controlo de congestionamento em redes sem fios

Doutoramento em Engenharia ElectrotécnicaCongestion control in wireless networks is an important and open issue. Previous research has proven the poor performance of the Transport Control Protocol (TCP) in such networks. The factors that contribute to the poor performance of TCP in wireless environments concern its unsuitability to identify/detect and react properly to network events, its TCP window based ow control algorithm that is not suitable for the wireless channel, and the congestion collapse due to mobility. New rate based mechanisms have been proposed to mitigate TCP performance in wired and wireless networks. However, these mechanisms also present poor performance, as they lack of suitable bandwidth estimation techniques for multi-hop wireless networks. It is thus important to improve congestion control performance in wireless networks, incorporating components that are suitable for wireless environments. A congestion control scheme which provides an e - cient and fair sharing of the underlying network capacity and available bandwidth among multiple competing applications is crucial to the definition of new e cient and fair congestion control schemes on wireless multi-hop networks. The Thesis is divided in three parts. First, we present a performance evaluation study of several congestion control protocols against TCP, in wireless mesh and ad-hoc networks. The obtained results show that rate based congestion control protocols need an eficient and accurate underlying available bandwidth estimation technique. The second part of the Thesis presents a new link capacity and available bandwidth estimation mechanism denoted as rt-Winf (real time wireless inference). The estimation is performed in real-time and without the need to intrusively inject packets in the network. Simulation results show that rt-Winf obtains the available bandwidth and capacity estimation with accuracy and without introducing overhead trafic in the network. The third part of the Thesis proposes the development of new congestion control mechanisms to address the congestion control problems of wireless networks. These congestion control mechanisms use cross layer information, obtained by rt-Winf, to accurately and eficiently estimate the available bandwidth and the path capacity over a wireless network path. Evaluation of these new proposed mechanisms, through ns-2 simulations, shows that the cooperation between rt-Winf and the congestion control algorithms is able to significantly increase congestion control eficiency and network performance.O controlo de congestionamento continua a ser extremamente importante quando se investiga o desempenho das redes sem fios. Trabalhos anteriores mostram o mau desempenho do Transport Control Proto- col (TCP) em redes sem fios. Os fatores que contribuem para um pior desempenho do TCP nesse tipo de redes s~ao: a sua falta de capacidade para identificar/detetar e reagir adequadamente a eventos da rede; a utilização de um algoritmo de controlo de uxo que não é adequado para o canal sem fios; e o colapso de congestionamento devido á mobilidade. Para colmatar este problemas foram propostos novos mecanismos de controlo de congestionamento baseados na taxa de transmissão. No entanto, estes mecanismos também apresentam um pior desempenho em redes sem fios, já que não utilizam mecanismos adequados para a avaliação da largura de banda disponível. Assim, é importante para melhorar o desempenho do controlo de congestionamento em redes sem fios, incluir componentes que são adequados para esse tipo de ambientes. Um esquema de controlo de congestionamento que permita uma partilha eficiente e justa da capacidade da rede e da largura de banda disponível entre múltiplas aplicações concorrentes é crucial para a definição de novos, eficientes e justos mecanismos de controlo congestionamento para as redes sem fios. A Tese está dividida em três partes. Primeiro, apresentamos um estudo sobre a avaliação de desempenho de vários protocolos de controlo de congestionamento relativamente ao TCP, em redes sem fios em malha e ad-hoc. Os resultados obtidos mostram que os protocolos baseados na taxa de transmissão precisam de uma técnica de avaliação da largura de banda disponível que seja eficiente e precisa . A segunda parte da Tese apresenta um novo mecanismo de avaliação da capacidade da ligação e da largura de banda disponível, designada por rt-Winf (real time wireless inference). A avaliação é realizada em tempo real e sem a necessidade de inserir tráfego na rede. Os resultados obtidos através de simulação e emulação mostram que o rt-Winf obtém com precisão a largura de banda disponível e a capacidade da ligação sem sobrecarregar a rede. A terceira parte da Tese propõe novos mecanismos de controlo de congestionamento em redes sem fios. Estes mecanismos de controlo de congestionamento apresentam um conjunto de caracter ísticas novas para melhorar o seu desempenho, de entre as quais se destaca a utilização da informação de largura de banda disponível obtida pelo rt-Winf. Os resultados da avaliação destes mecanismos, utilizando o simulador ns-2, permitem concluir que a cooperação entre o rt-Winf e os algoritmos de controlo de congestionamento aumenta significativamente o desempenho da rede

Assessing the evidential value of artefacts recovered from the cloud

Cloud computing offers users low-cost access to computing resources that are scalable and flexible. However, it is not without its challenges, especially in relation to security. Cloud resources can be leveraged for criminal activities and the architecture of the ecosystem makes digital investigation difficult in terms of evidence identification, acquisition and examination. However, these same resources can be leveraged for the purposes of digital forensics, providing facilities for evidence acquisition, analysis and storage. Alternatively, existing forensic capabilities can be used in the Cloud as a step towards achieving forensic readiness. Tools can be added to the Cloud which can recover artefacts of evidential value. This research investigates whether artefacts that have been recovered from the Xen Cloud Platform (XCP) using existing tools have evidential value. To determine this, it is broken into three distinct areas: adding existing tools to a Cloud ecosystem, recovering artefacts from that system using those tools and then determining the evidential value of the recovered artefacts. From these experiments, three key steps for adding existing tools to the Cloud were determined: the identification of the specific Cloud technology being used, identification of existing tools and the building of a testbed. Stemming from this, three key components of artefact recovery are identified: the user, the audit log and the Virtual Machine (VM), along with two methodologies for artefact recovery in XCP. In terms of evidential value, this research proposes a set of criteria for the evaluation of digital evidence, stating that it should be authentic, accurate, reliable and complete. In conclusion, this research demonstrates the use of these criteria in the context of digital investigations in the Cloud and how each is met. This research shows that it is possible to recover artefacts of evidential value from XCP

An Efficient Framework of Congestion Control for Next-Generation Networks

The success of the Internet can partly be attributed to the congestion control algorithm in the Transmission Control Protocol (TCP). However, with the tremendous increase in the diversity of networked systems and applications, TCP performance limitations are becoming increasingly problematic and the need for new transport protocol designs has become increasingly important.Prior research has focused on the design of either end-to-end protocols (e.g., CUBIC) that rely on implicit congestion signals such as loss and/or delay or network-based protocols (e.g., XCP) that use precise per-flow feedback from the network. While the former category of schemes haveperformance limitations, the latter are hard to deploy, can introduce high per-packet overhead, and open up new security challenges. This dissertation explores the middle ground between these designs and makes four contributions. First, we study the interplay between performance and feedback in congestion control protocols. We argue that congestion feedback in the form of aggregate load can provide the richness needed to meet the challenges of next-generation networks and applications. Second, we present the design, analysis, and evaluation of an efficient framework for congestion control called Binary Marking Congestion Control (BMCC). BMCC uses aggregate load feedback to achieve efficient and fair bandwidth allocations on high bandwidth-delaynetworks while minimizing packet loss rates and average queue length. BMCC reduces flow completiontimes by up to 4x over TCP and uses only the existing Explicit Congestion Notification bits.Next, we consider the incremental deployment of BMCC. We study the bandwidth sharing properties of BMCC and TCP over different partial deployment scenarios. We then present algorithms for ensuring safe co-existence of BMCC and TCP on the Internet. Finally, we consider the performance of BMCC over Wireless LANs. We show that the time-varying nature of the capacity of a WLAN can lead to significant performance issues for protocols that require capacity estimates for feedback computation. Using a simple model we characterize the capacity of a WLAN and propose the usage of the average service rate experienced by network layer packets as an estimate for capacity. Through extensive evaluation, we show that the resulting estimates provide good performance

Service-oriented models for audiovisual content storage

What are the important topics to understand if involved with storage services to hold digital audiovisual content? This report takes a look at how content is created and moves into and out of storage; the storage service value networks and architectures found now and expected in the future; what sort of data transfer is expected to and from an audiovisual archive; what transfer protocols to use; and a summary of security and interface issues

Detecting and Mitigating Denial-of-Service Attacks on Voice over IP Networks

Voice over IP (VoIP) is more susceptible to Denial of Service attacks than traditional data traffic, due to the former's low tolerance to delay and jitter. We describe the design of our VoIP Vulnerability Assessment Tool (VVAT) with which we demonstrate vulnerabilities to DoS attacks inherent in many of the popular VoIP applications available today. In our threat model we assume an adversary who is not a network administrator, nor has direct control of the channel and key VoIP elements. His aim is to degrade his victim's QoS without giving away his presence by making his attack look like a normal network degradation. Even black-boxed, applications like Skype that use proprietary protocols show poor performance under specially crafted DoS attacks to its media stream. Finally we show how securing Skype relays not only preserves many of its useful features such as seamless traversal of firewalls but also protects its users from DoS attacks such as recording of conversations and disruption of voice quality. We also present our experiences using virtualization to protect VoIP applications from 'insider attacks'. Our contribution is two fold we: 1) Outline a threat model for VoIP, incorporating our attack models in an open-source network simulator/emulator allowing VoIP vendors to check their software for vulnerabilities in a controlled environment before releasing it. 2) We present two promising approaches for protecting the confidentiality, availability and authentication of VoIP Services

An open virtual multi-services networking architecture for the future internet

© 2015, El Barachi et al.; licensee Springer. Network virtualization is considered as a promising way to overcome the limitations and fight the gradual ossification of the current Internet infrastructure. The network virtualization concept consists in the dynamic creation of several co-existing logical network instances (or virtual networks) over a shared physical network infrastructure. We have previously proposed a service-oriented hierarchical business model for virtual networking environments. This model promotes the idea of network as a service, by considering the functionalities offered by different types of network resources as services of different levels – services that can be dynamically discovered, used, and composed. In this paper, we propose an open, virtual, multi-services networking architecture enabling the realization of our business model. We also demonstrate the operation of our architecture using a virtualized QoS-enabled VoIP scenario. Moreover, virtual routing and control level performance was evaluated using proof-of-concept prototyping. Several important findings were made in the course of this work; one is that service-oriented concepts can be used to build open, flexible, and collaborative virtual networking environments. Another finding is that some of the existing open source virtual routing solutions such as Vyatta are only suitable for building small to medium size virtual networking infrastructures