To NACK or not to NACK? Negative Acknowledgments in Information-Centric Networking

Information-Centric Networking (ICN) is an internetworking paradigm that offers an alternative to the current IP\nobreakdash-based Internet architecture. ICN's most distinguishing feature is its emphasis on information (content) instead of communication endpoints. One important open issue in ICN is whether negative acknowledgments (NACKs) at the network layer are useful for notifying downstream nodes about forwarding failures, or requests for incorrect or non-existent information. In benign settings, NACKs are beneficial for ICN architectures, such as CCNx and NDN, since they flush state in routers and notify consumers. In terms of security, NACKs seem useful as they can help mitigating so-called Interest Flooding attacks. However, as we show in this paper, network-layer NACKs also have some unpleasant security implications. We consider several types of NACKs and discuss their security design requirements and implications. We also demonstrate that providing secure NACKs triggers the threat of producer-bound flooding attacks. Although we discuss some potential countermeasures to these attacks, the main conclusion of this paper is that network-layer NACKs are best avoided, at least for security reasons.Comment: 10 pages, 7 figure

Poseidon: Mitigating Interest Flooding DDoS Attacks in Named Data Networking

Content-Centric Networking (CCN) is an emerging networking paradigm being considered as a possible replacement for the current IP-based host-centric Internet infrastructure. In CCN, named content becomes a first-class entity. CCN focuses on content distribution, which dominates current Internet traffic and is arguably not well served by IP. Named-Data Networking (NDN) is an example of CCN. NDN is also an active research project under the NSF Future Internet Architectures (FIA) program. FIA emphasizes security and privacy from the outset and by design. To be a viable Internet architecture, NDN must be resilient against current and emerging threats. This paper focuses on distributed denial-of-service (DDoS) attacks; in particular we address interest flooding, an attack that exploits key architectural features of NDN. We show that an adversary with limited resources can implement such attack, having a significant impact on network performance. We then introduce Poseidon: a framework for detecting and mitigating interest flooding attacks. Finally, we report on results of extensive simulations assessing proposed countermeasure.Comment: The IEEE Conference on Local Computer Networks (LCN 2013

De Novo Donor-Specific HLA Antibodies Developing Early or Late after Transplant Are Associated with the Same Risk of Graft Damage and Loss in Nonsensitized Kidney Recipients

De novo posttransplant donor-specific HLA-antibody (dnDSA) detection is now recognized as a tool to identify patients at risk for antibody-mediated rejection (AMR) and graft loss. It is still unclear whether the time interval from transplant to DSA occurrence influences graft damage. Utilizing sera collected longitudinally, we evaluated 114 consecutive primary pediatric kidney recipients grafted between 2002 and 2013 for dnDSA occurrence by Luminex platform. dnDSAs occurred in 39 patients at a median time of 24.6 months. In 15 patients, dnDSAs developed within 1 year (early-onset group), while the other 24 seroconverted after the first posttransplant year (late-onset group). The two groups were comparable when considering patient- and transplant-related factors, as well as DSA biological properties, including C1q and C3d complement-binding ability. Only recipient age at transplant significantly differed in the two cohorts, with younger patients showing earlier dnDSA development. Late AMR was diagnosed in 47% of the early group and in 58% of the late group. Graft loss occurred in 3/15 (20%) and 4/24 (17%) patients in early- and late-onset groups, respectively (p = ns). In our pediatric kidney recipients, dnDSAs predict AMR and graft loss irrespective of the time elapsed between transplantation and antibody occurrence

Glicômica da resposta imune: o universo de glicanos e lectinas em microambientes inflamatórios e neoplásicos

Las galectinas, una familia de lectinas que reconocen glico-conjugados específicos en la superficie celular y la matriz, participan en diversos procesos biológicos como reguladores de la ho-meostasis de la respuesta inmune y de la progresión tumoral. Considerando el papel inmunomodulador de Galectina-1 (Gal-1) en modelos de inflamación crónica y su contribución a la creación de microambientes tolerogénicos, durante los últimos años exploramos el impacto de esta proteína sobre el balance de células T y la funcionalidad de células dendríticas (CDs). Mientras las células Th1 y Th17 poseen el repertorio de glicanos necesarios para la unión de Gal-1, los linfocitos Th2 son resistentes a la unión de esta proteína, lo cual explicaría el incremento en la susceptibilidad de los linfocitos Th1 y Th17 a la apoptosis inducida por Gal-1 y la consecuente desviación en el balance de la respuesta inmune hacia un perfil Th2. Además, identificamos un circuito tolerogénico en el que Gal‐1 induce la diferenciación de CDs tolerogénicas productoras de IL‐27, la consecuente expansión de células T regulatorias productoras de IL‐10 y la supresión de la inflamación mediada por células Th1 y Th17. Postulamos un nuevo mecanismo de regulación homeostática de la respuesta inmune basado en la interacción entre Gal‐1 y sus gli-canos específicos, el cual permite anticipar nuevos horizontes terapéuticos, en los que la modulación de la expresión de Gal‐1 o sus glicanos nos permitiría regular la respuesta inmune.Galectins, a family of endogenous glycan-binding proteins able to recognize specific glycoconjugates on cell surface and extracellular matrix, control critical immunological processes involved in immune homeostasis and tumor progression. Given the immunosuppressive role of Galectin-1 (Gal-1) in different models of chronic inflammation and its contribution to the creation of tolerogenic microenvironments in cancer and pregnancy models, the impact of this protein on T helper cell balance and dendritic cells (DCs) functionality was explored. A novel mechanism, based on the differential glycosylation of T helper cell subsets, by which Gal-1 preferentially eliminates antigen-specific Th1 and Th17 cells, leading to a shift toward a Th2 profile was identified. While Th1- and Th-17-differentiated cells expressed the repertoire of cell surface glycans that are critical for Gal-1-induced cell death, Th2 cells are protected from Gal-1 through differential sialylation of cell surface glycoproteins. More recently, the ability of Gal-1 to trigger the differentiation of tolerogenic dendritic cells (DCs), which promote resolution of autoimmune inflammation, was demonstrated. A tolerogenic circuit linking Gal-1 signaling, IL-27-producing DCs and IL-10-secreting T cells was identified. It can be postulated that molecular interactions between endogenous galectins and specific glycans constitute a novel mechanism of homeostatic regulation of immune responses. Understanding the role of protein-glycan interactions in the establishment of tolerogenic or inflammatory programs will enable the design of more rational immunotherapeutic strategies with broad biomedical implications.As galectinas, uma família de lectinas que reconhecem gli-coconjugados específicos na superfície celular e a matriz, participam em diversos processos biológicos como reguladores da homeostase da resposta imune e da progressão tu-moral. Considerando o papel imunomodulador de Galec-tina-1 (Gal-1) em modelos de inflamação crônica e sua contribuição à criação de microambientes tolerogênicos, durante os últimos anos exploramos o impacto desta proteína sobre o balanço de células T e a funcionalidade de células dendríticas (CDs). Enquanto as células Th1 e Th17 possuem o repertório de glicanos necessários para a união de Gal-1, os linfócitos Th2 são resistentes à união desta proteína, o qual explicaria o incremento na suscetibilidade dos linfóci-tos Th1 e Th17 à apoptose induzida por Gal-1 e o conse-guinte desvio no balanço da resposta imune para um perfil Th2. Além disso, identificamos um circuito tolerogênico no qual Gal‐1 induz a diferenciação de CDs tolerogênicas pro-dutoras de IL‐27, a conseguinte expansão de células T re-gulatórias produtoras de IL‐10 e a supressão da inflamação mediada por células Th1 e Th17. Postulamos um novo mecanismo de regulação homeostática da resposta imune ba-seado na interação entre Gal‐1 e seus glicanos específicos, que permite antecipar novos horizontes terapêuticos, nos quais a modulação da expressão de Gal‐1 ou seus glicanos nos permitiria regular a resposta imune.Fil: Sundblad, Victoria. Consejo Nacional de Investigaciones Científicas y Técnicas. Instituto de Biología y Medicina Experimental (i); Argentina; ArgentinaFil: Cerliani, Juan Pablo. Consejo Nacional de Investigaciones Científicas y Técnicas. Instituto de Biología y Medicina Experimental (i); Argentina; ArgentinaFil: Compagno, Daniel Georges. Consejo Nacional de Investigaciones Científicas y Técnicas. Oficina de Coordinación Administrativa Ciudad Universitaria. Instituto de Química Biológica de la Facultad de Ciencias Exactas y Naturales; ArgentinaFil: Croci Russo, Diego Omar. Consejo Nacional de Investigaciones Científicas y Técnicas. Instituto de Biología y Medicina Experimental (i); Argentina; ArgentinaFil: D'alotto Moreno, Tomas. Consejo Nacional de Investigaciones Científicas y Técnicas. Instituto de Biología y Medicina Experimental (i); Argentina; ArgentinaFil: Dergan Dylon, Leonardo Sebastian. Consejo Nacional de Investigaciones Científicas y Técnicas. Instituto de Biología y Medicina Experimental (i); Argentina; ArgentinaFil: Di Lella, Santiago. Consejo Nacional de Investigaciones Científicas y Técnicas. Instituto de Biología y Medicina Experimental (i); Argentina; ArgentinaFil: Gatto, Claudia. Consejo Nacional de Investigaciones Científicas y Técnicas. Instituto de Investigaciones en Ingeniería Genética y Biología Molecular; ArgentinaFil: Gentilini, Lucas Daniel. Consejo Nacional de Investigaciones Científicas y Técnicas. Instituto de Biología y Medicina Experimental (i); Argentina; ArgentinaFil: Giribaldi, María Laura. Universidad de Buenos Aires. Facultad de Cs.exactas y Naturales. Departamento de Quimica Biologica. Laboratorio de Analisis Biologicos E Inmunoquimica; ArgentinaFil: Guardia, Carlos Manuel Alberto. Consejo Nacional de Investigaciones Científicas y Técnicas. Instituto de Biología y Medicina Experimental (i); Argentina; ArgentinaFil: Ilarregui, Juan Martin. Consejo Nacional de Investigaciones Científicas y Técnicas. Instituto de Biología y Medicina Experimental (i); Argentina; ArgentinaFil: Laderach, Diego Jose. Consejo Nacional de Investigaciones Científicas y Técnicas. Oficina de Coordinación Administrativa Ciudad Universitaria. Instituto de Química Biológica de la Facultad de Ciencias Exactas y Naturales; ArgentinaFil: Martínez Allo, Verónica Candela. Consejo Nacional de Investigaciones Científicas y Técnicas. Instituto de Biología y Medicina Experimental (i); Argentina; ArgentinaFil: Mascanfroni, Ivan Darío. Consejo Nacional de Investigaciones Científicas y Técnicas. Instituto de Biología y Medicina Experimental (i); Argentina; ArgentinaFil: Mendez Huergo, Santiago Patricio. Consejo Nacional de Investigaciones Científicas y Técnicas. Instituto de Biología y Medicina Experimental (i); Argentina; ArgentinaFil: Salatino, Mariana. Consejo Nacional de Investigaciones Científicas y Técnicas. Instituto de Biología y Medicina Experimental (i); Argentina; ArgentinaFil: Stupirski, Juan Carlos. Consejo Nacional de Investigaciones Científicas y Técnicas. Instituto de Biología y Medicina Experimental (i); Argentina; ArgentinaFil: Toscano, Marta Alicia. Consejo Nacional de Investigaciones Científicas y Técnicas. Instituto de Biología y Medicina Experimental (i); Argentina; ArgentinaFil: Rabinovich, Gabriel Adrian. Consejo Nacional de Investigaciones Científicas y Técnicas. Instituto de Biología y Medicina Experimental (i); Argentina; Argentin

OnboardICNg: a Secure Protocol for On-boarding IoT Devices in ICN

none3sinoneCompagno, Alberto; Conti, Mauro; Droms, RalphCompagno, Alberto; Conti, Mauro; Droms, Ralp

An ICN-Based Authentication Protocol for a Simplified LTE Architecture

Nowadays, theCompagno, Alberto mostConti, Mauro diffusedKhan, Muhammad Hassan approach for supporting device mobility is to implement specific mechanisms at link-layer (e.g., tunneling) supported by a dedicated architecture (e.g., LTE architecture). While this approach can handle mobility well within a singular network, it fails to provide a seamless Internet connectivity when mobility occurs among different networks. To achieve inter-networks mobility, researchers proposed to implement mobility management protocols at the network layer. However, the current IP network layer has not been designed for handling mobility, with the result that none of the proposed IP-based methodologies is able to provide a satisfactory solution. Information Centric Networking (ICN) is an emerging networking paradigm that provides a better support for mobility than IP, enabling full mobility management at network layer. In this paper, we take a fresh look on mobility management and propose a simplified LTE infrastructure that exploits the mobility support provided at the ICN network layer. We revise the current device authentication protocol for LTE, and we present a novel handover protocol that exploits the ICN communication style. Compared to the protocol adopted in the current LTE, our proposals are able to reduce the number of messages required to authenticate or re-authenticate a device during mobility

GATE and FENCE: Geo-Blocking Protocols for Named Data Networking

Named Data Networking (NDN) is a novel Internet architecture which focuses on content distribution by exploiting in-network caching and name-based forwarding. Contrary to today’s Internet, NDN has been designed from the ground up to be secure. From a content provider perspective (e.g., YouTube, Netflix), NDN offers appealing advantages in terms of network load and traffic reduction at producer side through in-network requests aggregation and content caching. As a side effect, content providers lose control on content dissemination when consumers’ requests are aggregated or satisfied by the network. This hinders the correct application of copyright and licensing agreements: only specific regions are allowed to consume a subset of the distributed contents. In attempt to address this problem, the existing TCP/IP approaches exploit requests’ source addresses (at server side) to identify the geographic origin of each request. In NDN these solutions are unfeasible for two reasons: consumers’ requests do not carry any source address, and a request will never reach content providers when aggregated or satisfied in the network. We solve this problem by proposing two lightweight and distributed geo-blocking protocols (GATE and FENCE) which use packet marking to identify and validate network regions at network edges. We perform experiments both on a network simulator and by extending the NDN implementation. Through our results we prove the proposed protocols are feasible, i.e., all the regions blacklisted by content providers are blocked and their network costs, in terms of space and router processing overhead, are negligible

Tumor necrosis factor (TNF) inhibitors for the treatment of psoriatic arthritis

Objectives: This is a protocol for a Cochrane Review (intervention). The objectives are as follows:. To assess the benefits and harms of TNF inhibitors in comparison with placebo and other treatment strategies in adult patients affected by psoriatic arthritis