Bando de buen gobierno para la M.N.M.L y H. ciudad de Valladolid

Copia digital. Valladolid : Junta de Castilla y León. Consejería de Cultura y Turismo, 2009-201

A practical approach to network-based processing

The usage of general-purpose processors externally attached to routers to play virtually the role of active coprocessors seems a safe and cost-effective approach to add active network capabilities to existing routers. This paper reviews this router-assistant way of making active nodes, addresses the benefits and limitations of this technique, and describes a new platform based on it using an enhanced commercial router. The features new to this type of architecture are transparency, IPv4 and IPv6 support, and full control over layer 3 and above. A practical experience with two applications for path characterization and a transport gateway managing multi-QoS is described.Most of this work has been funded by the IST project GCAP (Global Communication Architecture and Protocols for new QoS services over IPv6 networks) IST-1999-10 504. Further development and application to practical scenarios is being supported by IST project Opium (Open Platform for Integration of UMTS Middleware) IST-2001-36063 and the Spanish MCYT under projects TEL99-0988-C02-01 and AURAS TIC2001-1650-C02-01.Publicad

Contribución al diseño de arquitecturas distribuidas de nodos de red programable

Hoy en día, los nodos de red que forman Internet son complejos sistemas hardware/software que soportan un gran número de protocolos, servicios de red, o funcionalidades avanzadas como rewall o NAT. Sin embargo el proceso para añadir un nuevo protocolo o servicio es extremadamente largo y costoso, debido a múltiples causas, pero especialmente a que los routers siguen siendo sistemas propietarios, integrados verticalmente por los fabricantes. En este sentido, la investigación en redes programables intenta simpli car el desarrollo y el despliegue de los servicios de red mediante la de nición de interfaces abiertos entre todos los elementos que forman el router. Sin embargo hasta que los primeros diseños de nodos de red totalmente programables lleguen a comercializarse, es necesario aportar soluciones a corto y medio plazo que permitan ampliar las capacidades y servicios de los routers de alto rendimiento actuales. Esta tesis presenta una arquitectura de nodo de red programable de transici ón y bajo coste, denominada Simple Assistant-Router Architecture (SARA), que permite extender las capacidades de un router comercial delegando el procesamiento avanzado de los paquetes a un cluster de asistentes , lo que simpli ca el desarrollo y despliegue dinámico de los nuevos servicios de red. Un aspecto fundamental de esta arquitectura distribuida es la de nición de mecanismos de coordinación de los asistentes entre sí y con el router legado. Para ello se propone la utilización del Router-Assistant Protocol (RAP), un protocolo de control que permite a los asistentes con gurar el plano de datos del router, recibir eventos, así como desviar paquetes de señalización y ujos de datos para su procesamiento en los asistentes. Dada la heterogeneidad de los requisitos de las aplicaciones de red es necesario proporcionar varios mecanismos para asegurar un reparto de carga efectivo en el cluster de asistentes. Esta Tesis Doctoral propone dos algoritmos de Fast Robust Hashing que permiten la asignación equitativa y persistente de ujos a asistentes, mejorando el rendimiento de las técnicas de Robust Hashing actuales, por lo que son lo su cientemente e cientes como para ser implementados en el plano de datos de un router comercial. Además, este trabajo especi ca el eXtensible Service Discovery Framework (XSDF), un marco de trabajo sencillo y escalable, que integra en un único proceso el descubrimiento de servicios y el reparto de carga entre servidores desacoplados.Nowadays, the network nodes that build Internet are complex hardware/ software systems, that support many signalling protocols, network services, and complex functionalities such as rewalling or NAT. However adding a new capability is a long, complex and costly process, due to many causes, but specially because routers are still proprietary systems, vertically integrated by the vendors. In this sense, the research in programmable networks tries to simplify the development and deployment of network services by specifying open interfaces among all the elements that make up a router. However, before the rst programmable network nodes start being deployed, it is necessary to provide short and medium term solutions that allow current high-performance routers to add advanced capabilities and new network services. This PhD. Thesis presents a low-cost transition architecture for programmable network nodes named Simple Assistant-Router Architecture (SARA), that allows a commercial router to easily extend its capabilities by delegating the advanced packet processing to a cluster of assistants , which greatly simpli es the development and dynamic deployment of new network services. A key aspect of this distributed architecture is the need of several coordination mechanisms between the router and the assistants, and among assistant themselves. Therefore, the Router-Assistant Protocol (RAP) has been proposed, which is a control protocol based on ForCES, that allows assistants to con gure the router's data plane, to notify events, as well as to divert signalling packets and data ows to the assistants. As network application requirements could be very heterogeneous, it is necessary to provide several mechanisms in order to load-balance the assistant cluster. Thus, this Thesis presents two novel Fast Robust Hashing algorithms that provides a permanent and fair mapping of ows to assistants, and improves existing Robust Hash techniques as it is e cient enough to be implemented in the data plane of a commercial router. Moreover this research work also de - nes the eXtensible Service Discovery Framework (XSDF), which integrates in a single process: scalable service location, and load-sharing among lightly-coupled servers

Off-line incentive mechanism for long-term P2P backup storage

This paper presents a micro-payment-based incentive mechanism for long-term peer-to-peer storage systems. The main novelty of the proposed incentive mechanism is to allow users to be off-line for extended periods of time without updating or renewing their information by themselves. This feature is enabled through a digital cheque, issued by the user, which is later employed by the peers to get a gratification for storing the user's information when the user is off-line. The proposed P2P backup system also includes a secure and lightweight data verification mechanism. Moreover, the proposed incentive also contributes to improve the availability of the stored information and the scalability of the whole system. The paper details the verification and cheque-based incentive mechanisms in the context of a P2P backup service and analyzes its scalability and security properties. The system is furthermore validated by means of simulation, proving the effectiveness of the proposed incentive.This work has been funded by the Regional Government of Madrid under the MEDIANET project (S2009/TIC-1468) and has also received funding from the Ministry of Science and Innovation of Spain, under the QUARTET project (TIN2009-13992-C02-01).Publicad

Security architecture for law enforcement agencies

In order to carry out their duty to serve and protect, law enforcement agencies (LEAs) must deploy new tools and applications to keep up with the pace of evolving technologies. However, police information and communication technology (ICT) systems have stringent security requirements that may delay the deployment of these new applications, since necessary security measures must be implemented first. This paper presents an integrated security architecture for LEAs that is able to provide common security services to novel and legacy ICT applications, while fulfilling the high security requirements of police forces. By reusing the security services provided by this architecture, new systems do not have to implement custom security mechanisms themselves, and can be easily integrated into existing police ICT infrastructures. The proposed LEA security architecture features state-of-the-art technologies, such as encrypted communications at network and application levels, or multifactor authentication based on certificates stored in smart cards.Web of Science7517107321070

Analysis of privacy vulnerabilities in single sign-on mechanisms for multimedia websites

This paper studies the privacy risks for the users of two popular single sign-on platforms for web-based content access: OpenID and Facebook Connect. In particular we describe in detail a privacy vulnerability of the OpenID Authentication Protocol that leads to the exposure of the OpenID user identifier to third parties. We illustrate how OpenID agents leak the (potentially unique) OpenID identifiers of their users to third parties, like advertisement and traffic analysis corporations. This vulnerability is a real and widespread privacy risk for OpenID users. This paper also analyzes the privacy of Facebook Connect --the proprietary single sign-on platform that is gaining a lot of popularity recently-- and, we conclude that it is not affected by the same vulnerability but other important privacy issues remain. Finally, this paper studies the solution space of these problems and defines a number of possible countermeasures. In the case of the OpenID vulnerability, we propose three solutions to this problem: one for the long term to avoid the root cause of the vulnerability, and another two short-term mitigations.The work presented in this paper has been funded by the INDECT project (Ref 218086) of the 7th EU Framework Programme.Publicad

Evaluación del rendimiento de la arquitectura de seguridad INDECT

This paper evaluates the performance of the key elements of the security architecture developed by the INDECT project. In particular it first evaluates three different concurrent error detection mechanism (parity check, Berger code, and cyclic redundancy check) developed in software- and hardware-based implementations of the INDECT block cipher. It also analyses the performance hit in secure web servers when enabling TLS/SSL with mutual authentication. Finally, it evaluates the throughput and delay of traffic in the virtual private network based on the OpenVPN software package with the implemented INDECT block cipher. The results of these evaluations demonstrate that the proposed mechanisms, and by extension the whole INDECT security architecture, are viable and can be used in high-performance Police information and communication systems.Este artículo evalúa el rendimiento de los principales elementos de la arquitectura de seguridad desarrollada por el proyecto INDECT. En particular, en primer lugar evalúa tres mecanismos diferentes de detección concurrente de errores (comprobación de paridad, códigos Berger y verificación por redundancia cíclica) desarrollados en las implementaciones software y hardware del algoritmo de cifrado de bloque INDECT. También se analiza el impacto en el rendimiento de los servidores web seguros cuando se activa TLS/SSL con autenticación mutua. Por último, evalúa el rendimiento y el retardo del tráfico en una red privada virtual, basada en el software OpenVPN con el algoritmo de cifrado INDECT. Los resultados de estas evaluaciones demuestran que los mecanismos propuestos, y el algoritmo de cifrado INDECT, son viables y pueden usarse en sistemas de información y comunicaciones de alto rendimiento para la Policía

An empirical study of Cloud Gaming

This work is at: 11th Annual Workshop on Network and Systems Support for Games (NetGames), took place November 22-23, 2012 in Venice (Italy)Online gaming connects players from all over the world together for fun and entertainment, and has been regarded as one of the most profitable and popular Internet services. Besides, there is a growing trend towards moving local applications to remote data centers: this is often referred to as the cloud. With the purpose of studying the impact of Cloud Gaming on the access network load, in this paper we carry out an empirical network traffic analysis of two well-known cloud gaming platforms: On-Live and Gaikai. Traffic traces have been collected and analysed from five different games of both platforms. Cloud gaming has been observed to be remarkably different from traditional online gaming in terms of network load and traffic characteristics. Moreover, the traces have revealed similarities between the two platforms regarding the packet size distribution, and differences concerning the packet inter-arrival times. However, each platform shows a similar traffic pattern for most of the games it serves. Nonetheless, the racing and shooter games considered in this work demand more bandwidth than other game-genres.This work is partly supported by the projects TRION (TEC 2009-10724), FIERRO (TEC 2010- 12250-E) and Medianet (S-2009/TIC-1468); and by the Generalitat de Catalunya through the research support program project SGR-1202 and AGAUR FI-DGR 2012 grant.Publicad

STARR-DCS: Spatio-temporal adaptation of random replication for data-centric storage

This article presents a novel framework for data-centric storage (DCS) in a wireless sensor and actor network (WSAN) that employs a randomly selected set of data replication nodes, which also change over time. This enables reductions in the average network traffic and energy consumption by adapting the number of replicas to applications' traffic, while balancing energy burdens by varying their locations. To that end, we propose and validate a simple model to determine the optimal number of replicas, in terms of minimizing average traffic/energy consumption, based on measurements of applications' production and consumption traffic. Simple mechanisms are proposed to decide when the current set of replication nodes should be changed, to enable new applications and nodes to efficiently bootstrap into a working WSAN, to recover from failing nodes, and to adapt to changing conditions. Extensive simulations demonstrate that our approach can extend a WSAN's lifetime by at least 60%, and up to a factor of 10× depending on the lifetime criterion being considered. The feasibility of the proposed framework has been validated in a prototype with 20 resource-constrained motes, and the results obtained via simulation for large WSANs have been also corroborated in that prototype.The research leading to these results has been partially funded by the Spanish MEC under the CRAMNET project (TEC2012-38362-C03-01) and the FIERRO project (TEC 2010- 12250-E), and by the General Directorate of Universities and Research of the Regional Government of Madrid under the MEDIANET Project (S2009/TIC-1468). G. de Veciana was supported by the National Science Foundation under Award CNS-0915928Publicad