Towards accurate accounting of cellular data for TCP retransmission

The current architecture supporting data services to mobile devices is built below the network layer (IP) and users receive the payload at the application layer. Between them is the transport layer that can cause data consumption inflation due to the retransmission mecha-nism that provides reliable delivery. In this paper, we examine the accounting policies of five large cellular ISPs in the U.S. and South Korea. We look at their policies regarding the transport layer re-liability mechanism with TCP’s retransmission and show that the current implementation of accounting policies either fails to meet the billing fairness or is vulnerable to charge evasions. Three of the ISPs surveyed charge for all IP packets regardless of retransmis-sion, allowing attackers to inflate a victim’s bill by intentionally re-transmitting packets. The other two ISPs deduct the retransmitted amount from the user’s bill thus allowing tunneling through TCP retransmissions. We show that a “free-riding ” attack is viable with these ISPs and discuss some of the mitigation techniques

Co-Evaluation of Pattern Matching Algorithms on IoT Devices with Embedded GPUs

Pattern matching is an important building block for many security applications, including Network Intrusion Detection Systems (NIDS). As NIDS grow in functionality and complexity, the time overhead and energy consumption of pattern matching become a significant consideration that limits the deployability of such systems, especially on resource-constrained devices.\ua0On the other hand, the emergence of new computing platforms, such as embedded devices with integrated, general-purpose Graphics Processing Units (GPUs), brings new, interesting challenges and opportunities for algorithm design in this setting: how to make use of new architectural features and how to evaluate their effect on algorithm performance. Up to now, work that focuses on pattern matching for such platforms has been limited to specific algorithms in isolation.In this work, we present a systematic and comprehensive benchmark that allows us to co-evaluate both existing and new pattern matching algorithms on heterogeneous devices equipped with embedded GPUs, suitable for medium- to high-level IoT deployments. We evaluate the algorithms on such a heterogeneous device, in close connection with the architectural features of the platform and provide insights on how these features affect the algorithms\u27 behavior. We find that, in our target embedded platform, GPU-based pattern matching algorithms have competitive performance compared to the CPU and consume half as much energy as the CPU-based variants.\ua0Based on these insights, we also propose HYBRID, a new pattern matching approach that efficiently combines techniques from existing approaches and outperforms them by 1.4x, across a range of realistic and synthetic data sets. Our benchmark details the effect of various optimizations, thus providing a path forward to make existing security mechanisms such as NIDS deployable on IoT devices

Enabling Performance Exploration and Analysis for Multi-parametric Systems *

ABSTRACT Tuning third-party systems is time-consuming and sometimes challenging, particularly when targeting multiple embedded platforms. Unfortunately, system integrators, application developers, and other users of third-party systems lack proper tools for conducting systematic performance analysis on those systems, and have no easy way to reproduce the systems' advertised performance and identify configurations that yield excellent, fair, or poor behavior. To fill this void we introduce SPEX, a framework aimed at making it easier to characterize third-party systems' performance in relation to configuration parameters. SPEX enables automatic performance exploration for systems with no need to access their source code. It offers the flexibility to define pluggable policies that steer the exploration process by varying configuration parameters of the observed system. Our results show that SPEX adds little overhead to the monitored system, and suggest that it can be effective in providing useful information to third-party system users