Fair-RTT-DAS: A robust and efficient dynamic adaptive streaming over ICN

To sustain the adequate bandwidth demands over rapidly growing multimedia traffic and considering the effectiveness of Information-Centric Networking (ICN), recently, HTTP based Dynamic Adaptive Streaming (DASH) has been introduced over ICN, which significantly increases the network bandwidth utilisation. However, we identified that the inherent features of ICN also causes new vulnerabilities in the network. In this paper, we first propose a novel attack called as Bitrate Oscillation Attack (BOA), which exploits fundamental ICN characteristics: in-network caching and interest aggregation, to disrupt DASH functionality. In particular, the proposed attack forces the bitrate and resolution of video received by the attacked client to oscillate with high frequency and high amplitude during the streaming process. To detect and mitigate BOA, we design and implement a reactive countermeasure called Fair-RTT-DAS. Our solution ensures efficient bandwidth utilisation and improves the user perceived Quality of Experience (QoE) in the presence of varying content source locations. For this purpose, Fair-RTT-DAS consider DASH\u2019s two significant features: round-trip-time (RTT) and throughput fairness. In the presence of BOA in a network, our simulation results show an increase in the annoyance factor in user\u2019s spatial dimension, i.e., increase in oscillation frequency and amplitude. The results also show that our countermeasure significantly alleviates these adverse effects and makes dynamic adaptive streaming friendly to ICN\u2019s implicit features

Autonomic Renumbering in the Future Internet

International audienceIPv6 is an essential building block of the evolution towards the future Internet. To take the full benefit of this protocol and exploit all its features, the future Internet needs to gracefully couple it with autonomics. In this paper we demonstrate through our experience with network renumbering how the coupling of both IPv6 core functionality extended with major functions of the autonomic world can lead to fully autonomous activities of main management functions. We instantiate the notions of self-configuration, self-monitoring, self-protection and self-healing in the network renumbering process and show how they can altogether make renumbering a real success. We illustrate the various functions with the tools we implemented to support them over the last three years

Automated and Secure IPv6 Configuration in Enterprise Networks

International audienceOver the last decade, IPv6 has established itself as the most mature network protocol for the future Internet. Its recent deployment in core networks of operators, its availability to end customers of multiple ISPs together with the availability of native access to large services like Google assess the increasing penetration of IPv6. While its deployment from the inside of the network leading to the edges is successful, the transition remains an issue today for many enterprises which see it as a tedious and error prone task for network administrators. To fill this gap, we present the necessary algorithms and provide the supporting tools to enable this transition to become automatic. Based on a model of an IPv4 network, we describe the algorithms to build an optimized IPv6 adressing scheme and to automatically generate the adequate security plan as well as the corresponding configurations for the different devices in the network

NAMING OF FILES IN DISTRIBUTED SYSTEMS (TILDE, REMOTE, UNIX, NETWORK)

Naming is among the most important characteristics of a com- puter system. The research discussed in this dissertation investi- gates issues in the naming of files in distributed systems. Distributed naming mechanisms are difficult to construct for many reasons. For example, disjoint computing environments in a distributed system may make access to remote files difficult. A distributed naming mechanism must be able to function despite the loss of some com- ponents of the distributed system. Distributed computing systems may include replicated or redundant files, which the naming mechanism must be able to distinguish and identify. We have developed the Tilde naming system, which addresses the specific problems identified in our study of distributed naming. The Tilde naming system breaks the name evaluation procedure into two components: a per-process local naming environment and a global, transparent access mechanism. In place of a global or hardware-dependent naming structure, the Tilde naming system organizes network files into collections of related files known as Tilde Trees. Files within Tilde Trees are organized, as the name implies, into a tree, providing the familiar advantages of hierarchical naming within the components of a given subsystem. Each user can then organize Tilde Trees into a Tilde Forest, a local naming environment specific to the user\u27s naming requirements. Tilde trees are identified by a universal, network-wide access mechanism, independent of any particular network component. To investigate Tilde naming in a real-world environment, we have implemented the Tilde naming mechanism in an experimental computing network. The Tilde naming mechanism is implemented in a modified version of the UNIX(\u27(DAG)) operating system kernel running on a network of VAX(\u27(DBLDAG)) computers. Additional modifications to existing application programs and the construction of new software provide a complete experimental facility for exploring the Tilde naming sys- tem. Questions raised by the experimental system have provided direction for our research and experience with the implementation has justified our decisions and basic design. This thesis, then, maintains that contemporary hierarchical naming systems are inappropriate for distributed systems, providing neither the flexibility required by the individual user, nor the universal access required for reliable network access. We present the Tilde naming mechanism as an alternative to global naming hierarchies for distributed naming. (\u27(DAG))UNIX is a Trademark of Bell Laboratories. (\u27(DBLDAG))VAX is a trademark of Digital Equipment Corporation

SLICT: Secure Localized Information Centric Things

While the potential advantages of geographic forwarding in wireless sensor networks (WSN) have been demonstrated for a while now, research in applying Information Centric Networking (ICN) has only gained momentum in the last few years. In this paper, we bridge these two worlds by proposing an ICN-compliant and secure implementation of geographic forwarding for ICN. We implement as a proof of concept the Greedy Perimeter Stateless Routing (GPSR) algorithm and compare its performance to that of vanilla ICN forwarding. We also evaluate the cost of security in 802.15.4 networks in terms of energy, memory and CPU footprint. We show that in sparse but large networks, GPSR outperforms vanilla ICN forwarding in both memory footprint and CPU consumption. However, GPSR is more energy intensive because of the cost of communications

On the Cost of Secure Association of Information Centric Things

Information Centric Networking (ICN) paradigms nicely fit the world of wireless sensors, whose devices have tight constraints. In this poster, we compare two alternative designs for secure association of new IoT devices in existing ICN deployments, which are based on asymmetric and symmetric cryptography respectively. While the security properties of both approaches are equivalent, an interesting trade-off arises between properties of the protocol vs properties of its implementation in current IoT boards. Indeed, while the asymmetric-keys based approach incurs a lower traffic overhead (of about 30%), we find that its implementation is significantly more energy- and time-consuming due to the cost of cryptographic operations (it requires up to 41x more energy and 8x more time)