A DHT-based Peer-to-peer Architecture for Distributed Internet Applications

La tecnologia peer-to-peer é divenuta popolare soprattutto per applicazioni di file-sharing come Napster, Gnutella, Kazaa ed eMule, che sono state la componente principale del traffico di Internet per diversi anni. La tecnologia peer-to-peer, tuttavia, non é solo relativa al file-sharing. Molte applicazioni, utilizzate da milioni di utenti ogni giorno, come Skype, sono applicazioni basate sul paradigma peer-to-peer. Il paradigma peer-to-peer (P2P) é un modello di comunicazione in cui una moltitudine di dispositivi indipendenti ed eterogenei interagiscono come pari (peer). In una rete P2P pura, ogni nodo implementa le funzionalità sia di client che di server, e ciascun peer può instaurare una sessione di comunicazione in qualsiasi momento. I nodi sono disposti in un'overlay network, costruita sopra ad una rete esistente, come Internet. Molte applicazioni peer-to-peer sono basate su una particolare classe di reti peer-to-peer: le Distributed Hash Tables (DHT). Le DHT sono reti peer-to-peer strutturate che forniscono un servizio di memorizzazione e recupero di informazioni simile ad una classica hash table, in cui le chiavi sono mappate a valori, in modo scalabile, flessibile ed auto-configurante. Questa tesi riporta i risultati della ricerca sull'applicazione delle tecnologie peer-to-peer al di là del file sharing. Il lavoro é stato concentrato in primo luogo sullo studio ed analisi delle implementazioni esistenti di reti peer-to-peer, specialmente le Distributed Hash Tables, e le proposte per protocolli peer-to-peer definite dall'IETF P2PSIP Working Group. La principale attività di ricerca é stata la definizione di un'architettura peer-to-peer, chiamata Distributed Location Service (DLS), che permette di instaurare connessioni dirette tra gli estremi di una comunicazione senza la necessità di dipendere da server centralizzati. Il Distributed Location Server é un servizio peer-to-peer basato su DHT che può essere utilizzato per memorizzare e recuperare informazioni relative a dove e come accedere alle risorse, eliminando il bisogno di dipendere (parzialmente) dal sistema DNS e da servizi di localizzazione centralizzati, come il SIP Location Service. Le informazioni di accesso sono memorizzate nel DLS come coppie chiave-valore, che sono mantenute da una moltitudine di nodi che partecipano alla DHT su cui si basa il DLS. Il DLS é stato implementato come un framework, definendo un set di interfacce standard per la comunicazione tra i componenti del DLS, al fine di consentire la massima flessibilità sui componenti, come l'algoritmo di DHT e il protocollo di comunicazione in uso, in quanto nessuna ipotesi é stata formulata al riguardo nella definizione dell'architettura del DLS. L'algoritmo di DHT Kademlia e il protocollo di comunicazione dSIP sono stati implementati ed integrati nel framework DLS per creare applicazioni basate su DLS al fine di dimostrare la praticabilità dell'approccio DLS. Queste applicazioni dimostrative sono state realizzate altresì con l'intento di mostrare che il peer-to-peer non può essere ridotto al solo file sharing, ma che applicazioni di comunicazione real-time, come il VoIP, file system distribuiti, e Social Netowrks possono essere realizzati utilizzando come base un'architettura peer-to-peer. Sebbene l'attività di ricerca sia stata condotta in maniera indipendente dall'IETF P2PSIP Working Group, il Distributed Location Service si é rivelato molto simile alla proposta ufficiale, chiamata RELOAD, con la quale condivide diversi concetti ed idee. Un altro aspetto studiato é stato il problema del bootstrapping nelle reti peer-to-peer. Quando un nodo intende unirsi ad una rete P2P esistente, esso deve contattare un nodo che appartiene già all'overlay P2P, il quale ammetterà il nuovo nodo. Tipicamente, la scoperta di un nodo che partecipa già all'overlay avviene attraverso meccanismi quali l'utilizzo di cache, liste di nodi pre-configurate e l'interrogazione di server centralizzati. Sebbene questi approcci abbiano funzionato finora, essi non appartengono alla filosofia peer-to-peer, in cui la decentralizzazione, la scalabilità e l'auto-configurazione sono aspetti cruciali. Si é quindi definito e validato un approccio basato su Multicast, il cui scopo é quello di ottenere un servizio caratterizzato da scalabilità ed auto-configurazione.Peer-to-peer technology has become popular primarily due to file sharing applications, such as Napster, Gnutella, Kazaa, and eMule, which have been the dominant component of usage of Internet bandwidth for several years. However, peer-to-peer technology is not all about file sharing. Many famous applications used by millions of users every day, such as Skype, are applications based on the peer-to-peer paradigm. The peer-to-peer (P2P) paradigm is a communication model in which multiple independent and heterogeneous devices interact as equals (peers). In a pure P2P network each node implements functions of both client and server, and either peer can initiate a communication session at any moment. Nodes are arranged on an overlay network, built on top of an existing network, such as the Internet. Many peer-to-peer applications are based on a particular class of peer-to-peer networks: Distributed Hash Tables (DHT). DHTs are structured peer-to-peer networks which provide a service of information storage and retrieval similar to a regular hash table where keys are mapped to values, in a scalable, flexible, and self-organizing fashion. This thesis reports the results of the research activity on applying peer-to-peer technology beyond file sharing. The work has been focused first on the study and analysis of existing peer-to-peer network implementations, especially on Distributed Hash Tables, and the proposals for peer-to-peer protocols presented by the IETF P2PSIP Working Group. The main research activity has been the definition of a peer-to-peer architecture, called Distributed Location Service (DLS), which allows the establishment of direct connections among the endpoints of a communication without the need of central servers. The Distributed Location Service is a DHT-based peer-to-peer service which can be used to store and retrieve information about where resources can be accessed, thus eliminating the need to rely (partially) on the DNS system and on central location servers, such as SIP Location Services. Access information is stored in the DLS as key-to-value mappings, which are maintained by a number of nodes that participate in the DHT overlay the DLS is built upon. The DLS has been implemented as a framework, by defining a standard set of interfaces between the components of the DLS, in order to allow maximum flexibility on components such as the DHT algorithm and communication protocol in use, as no assumption has been made in the definition of the DLS architecture. The Kademlia DHT algorithm and the dSIP communication protocol have been implemented and integrated in the DLS framework in order to create real-world DLS-based application to show the feasibility of the DLS approach. These demonstrative DLS-based applications have been realized with the intent to show that peer-to-peer is not just about file sharing, but real-time communication applications, such as VoIP, distributed file systems, and Online Social Networks, can also be built on top of a peer-to-peer architecture. Even though the research activity has been conducted independently from the IETF P2PSIP Working Group, the Distributed Location Service has been eventually found quite similar to the official proposal, named RELOAD, with whom it shares several concepts and ideas. Another aspect that was studied is the issue of bootstrapping in peer-to-peer networks. When a node wants to join an existing P2P network, it needs to gather information about one node that already belongs to the P2P overlay network which will then admit the new node. Typically, the discovery of a node that is already participating in the overlay is made through mechanisms such as caching, pre-configured list of nodes, or the use of central servers. Even though these approaches have worked so far, they are not in the true philosophy of peer-to-peer networks, where decentralization, scalability, and self-organization are critical features. A Multicast-based approach has therefore been defined and validated, with the goal of achieving true scalability and self-organization

A novel batch-based group key management protocol applied to the Internet of Things

n/

Enforcing Security Mechanisms in the IP-Based Internet of Things: An Algorithmic Overview

The Internet of Things (IoT) refers to the Internet-like structure of billions of interconnected constrained devices, denoted as “smart objects”. Smart objects have limited capabilities, in terms of computational power and memory, and might be battery-powered devices, thus raising the need to adopt particularly energy efficient technologies. Among the most notable challenges that building interconnected smart objects brings about, there are standardization and interoperability. The use of IP has been foreseen as the standard for interoperability for smart objects. As billions of smart objects are expected to come to life and IPv4 addresses have eventually reached depletion, IPv6 has been identified as a candidate for smart-object communication. The deployment of the IoT raises many security issues coming from (i) the very nature of smart objects, e.g., the adoption of lightweight cryptographic algorithms, in terms of processing and memory requirements; and (ii) the use of standard protocols, e.g., the need to minimize the amount of data exchanged between nodes. This paper provides a detailed overview of the security challenges related to the deployment of smart objects. Security protocols at network, transport, and application layers are discussed, together with lightweight cryptographic algorithms proposed to be used instead of conventional and demanding ones, in terms of computational resources. Security aspects, such as key distribution and security bootstrapping, and application scenarios, such as secure data aggregation and service authorization, are also discussed

Lightweight Session Initiation for the Internet of Things

In the next few years the Internet of Things (IoT) is expected to bring together billions of devices, denoted as "smart objects", thus creating an extremely large-scale network of heterogeneous devices, which will provide an unprecedented opportunity to build new applications and forms of interactions that will shape the world. The heterogeneous and dynamic nature of smart objects that will form the IoT requires the design and adoption of standard communication models and protocols in order to enable interoperability and long-term evolution of deployed systems. Much attention must be therefore paid on the adoption of lightweight and low-overhead communications intended to minimize energy-consumption and processing load. While the Constrained Application Protocol (CoAP) is intended to bring the REST paradigm to smart objects, there are many application scenarios that might benefit from the use of sessions (i.e., an exchange of data between an association of participants). In this paper, we introduce a lightweight Session Initiation Protocol targeted to constrained environments, based on CoAP, which re-uses the syntax and semantics of CoAP in order to create, modify, and terminate sessions among smart objects with minimal overhead

Effective authorization for the Web of Things

The momentum gained by the Internet of Things (IoT) has lead technology to be sufficiently mature to finally reach the market. The expectations and concerns of users around new products are primarily related to the possibility to interact with things in a seamless and effective way and, above all, to do so securely. Within this context, the main pillars required to support a sustainable and practical IoT are: interoperability, discoverability, and authorization. Based on the concepts and experience gained with the traditional Internet, the Web of Things (WoT) paradigm is chartered to address the former two issues. However, fast-developed and simplistic vertical approaches, due to the rush to launch IoT products, have not considered authorization adequately. Access to smart objects typically occurs through product-bound Cloud platforms, which mediate between vendor-specific smartphone apps and objects. Notwithstanding, effective mechanisms to manage authorized access to resources are required to really make simple and safe to use and share things. In this paper, we propose a standard-based authorization framework for WoT applications, which allows to effectively enforce fine-grained access policies to authorized parties. An implementation is presented to highlight the simplicity of the proposed approach and the benefits that it can introduce

Wearable Computing for the Internet of Things

In the next few years, the Internet of Things (IoT) will become a reality, merging the social, physical, and cyber worlds to enable new applications and forms of interaction between humans and connected, smart sensing and actuating devices. As billions of smart objects become deployed pervasively in the environment, users should be able to discover and interact with objects in their proximity in a seamless and transparent way. Although smartphones have become an extremely popular computing device, smart wearable devices, such as Google Glass and the Apple watch, are now providing even more effective means to bridge the gap between humans and smart objects. The authors analyze the characteristics of wearable applications for IoT scenarios and describe the interaction patterns that should occur between wearable or mobile devices and smart objects. The authors also present an implementation of a wearable-based Web of Things application used to evaluate the described interaction patterns in a smart environment, deployed within their department's IoT testbed

Enforcing Security Mechanisms in the IP-Based Internet of Things: An Algorithmic Overview

algorithm

A session initiation protocol for the Internet of Things

The Internet of Things (IoT) refers to the interconnection of billions of constrained devices, denoted as “smart objects”, in an Internet-like structure. Smart objects typically feature limited capabilities in terms of computation and memory and operate in constrained environments, such as low-power lossy networks. As the Internet Protocol (IP) has been foreseen as the standard for communications in IoT, an effort to bring IP connectivity to smart objects and define suitable communication protocols (i.e. Constrained Application Protocol (CoAP)) is being carried out within standardization organizations, such as the Internet Engineering Task Force (IETF). In this paper, we propose a constrained version of the Session Initiation Protocol (SIP), named “CoSIP”, whose intent is to allow constrained devices to instantiate communication sessions in a lightweight and standard fashion. Session instantiation can include a negotiation phase of some parameters which will be used for all subsequent communication. CoSIP can be adopted in several application scenarios, such as service discovery and publish/subscribe applications, which are detailed. An evaluation of the proposed protocol is also presented, based on a Java implementation of CoSIP, to show the benefits that its adoption can bring about, in terms of compression rate with the existing SIP protocol and message overhead compared with the use of CoAP

mjCoAP: An open-source lightweight java CoAP library for internet of things applications

The Internet of Things (IoT) is expected to pervasively interconnect more than 50 billion devices, denoted as "smart objects", by 2020 in an Internet-like structure, which will extend the current Internet, enabling new forms of interaction between physical objects and people. The IoT will be made up of heterogeneous devices, featuring extremely diverse capabilities, in terms of computational power, connectivity, availability, and mobility. In such a scenario, characterized by the heterogeneity and large number of involved devices, in order to effectively allow and foster the growth of new applications and services, it is necessary to provide appropriate standards that can guarantee full interoperability among existing hosts and IoT nodes. Standardization organizations, such as the Internet Engineering Task Force (IETF), and research projects are chartered to bring IP to smart objects and to define suitable application-layer and security protocols for IoT scenarios. In order to cope with the limitations of smart objects, the IETF CoRE Working Group has defined the Constrained Application Protocol (CoAP), a standard application-layer protocol for use with constrained nodes and constrained networks. In this work, we present mjCoAP, an open source lightweight Java-based implementation of CoAP, which aims at simplifying the development of CoAP-based IoT applications. The mjCoAP library is fully RFC-compliant and integrates several IETF CoRE WG specifications, such as blockwise transfers, resource observing, and HTTP/CoAP mapping. We also present some application scenarios and we describe how they can be easily implemented based on mjCoAP

A session initiation protocol for the Internet of Things

The Internet of Things (IoT) refers to the interconnection of billions of constrained devices, denoted as “smart objects”, in an Internet-like structure. Smart objects typically feature limited capabilities in terms of computation and memory and operate in constrained environments, such as low-power lossy networks. As the Internet Protocol (IP) has been foreseen as the standard for communications in IoT, an effort to bring IP connectivity to smart objects and define suitable communication protocols (i.e. Constrained Application Protocol (CoAP)) is being carried out within standardization organizations, such as the Internet Engineering Task Force (IETF). In this paper, we propose a constrained version of the Session Initiation Protocol (SIP), named “CoSIP”, whose intent is to allow constrained devices to instantiate communication sessions in a lightweight and standard fashion. Session instantiation can include a negotiation phase of some parameters which will be used for all subsequent communication. CoSIP can be adopted in several application scenarios, such as service discovery and publish/subscribe applications, which are detailed. An evaluation of the proposed protocol is also presented, based on a Java implementation of CoSIP, to show the benefits that its adoption can bring about, in terms of compression rate with the existing SIP protocol and message overhead compared with the use of CoAP