173 research outputs found
: Open Identity Certification with OpenID Connect
OpenID Connect (OIDC) is a widely used authentication standard for the Web.
In this work, we define a new Identity Certification Token (ICT) for OIDC. An
ICT can be thought of as a JSON-based, short-lived user certificate for
end-to-end user authentication without the need for cumbersome key management.
A user can request an ICT from his OpenID Provider (OP) and use it to prove his
identity to other users or services that trust the OP. We call this approach
and compare it to other well-known end-to-end authentication methods.
Unlike certificates, does not require installation and can be easily
used on multiple devices, making it more user-friendly. We outline protocols
for implementing based on existing standards. We discuss the trust
relationship between entities involved in , propose a classification of
OPs' trust level, and propose authentication with multiple ICTs from different
OPs. We explain how different applications such as videoconferencing, instant
messaging, and email can benefit from ICTs for end-to-end authentication and
recommend validity periods for ICTs. To test , we provide a simple
extension to existing OIDC server software and evaluate its performance
Accuracy and Dynamics of Hash-Based Load Balancing Algorithms for Multipath Internet Routing
This paper studies load balancing for multipath Internet routing. We focus on hash-based load balancing algorithms that work on the flow level to avoid packet reordering which is detrimental for the throughput of transport layer protocols like TCP. We propose a classification of hash-based load balancing algorithms, review existing ones and suggest new ones. Dynamic algorithms can actively react to load imbalances which causes route changes for some flows and thereby again packet reordering. Therefore, we investigate the load balancing accuracy and flow reassignment rate of load balancing algorithms. Our exhaustive simulation experiments show that these performance measures depend significantly on the traffic properties and on the algorithms themselves. As a consequence, our results should be taken into account for the application of load balancing in practice
P4-PSFP: P4-Based Per-Stream Filtering and Policing for Time-Sensitive Networking
Time-Sensitive Networking (TSN) extends Ethernet to enable real-time
communication, including the Credit-Based Shaper (CBS) for prioritized
scheduling and the Time-Aware Shaper (TAS) for scheduled traffic. Generally,
TSN requires streams to be explicitly admitted before being transmitted. To
ensure that admitted traffic conforms with the traffic descriptors indicated
for admission control, Per-Stream Filtering and Policing (PSFP) has been
defined. For credit-based metering, well-known token bucket policers are
applied. However, time-based metering requires time-dependent switch behavior
and time synchronization with sub-microsecond precision. While TSN-capable
switches support various TSN traffic shaping mechanisms, a full implementation
of PSFP is still not available. To bridge this gap, we present a P4-based
implementation of PSFP on a 100 Gb/s per port hardware switch. We explain the
most interesting aspects of the PSFP implementation whose code is available on
GitHub. We demonstrate credit-based and time-based policing and synchronization
capabilities to validate the functionality and effectiveness of P4-PSFP. The
implementation scales up to 35840 streams depending on the stream
identification method. P4-PSFP can be used in practice as long as appropriate
TSN switches lack this function. Moreover, its implementation may be helpful
for other P4-based hardware implementations that require time synchronization
Performance Comparison of VPN Solutions
Virtual Private Networks (VPN) is the state-of-the-art method to build secure connections between remote hosts over public networks. In times of high-speed connections to the internet, a need for personal information security and business cases, like cloud computing, high data throughput and a stable connection are increasingly important.
Benchmarks of VPN solutions have been discussed in related work, but the data is quite old or uses other setups. Furthermore, we noticed that the benchmarks from the WireGuard whitepaper seem unrealistic, even if we take protocol overhead into account. In this work, we have decided to conduct VPN benchmarks ourselves. In the following paragraphs we describe our setup and look at three heavily used VPN solutions: OpenVPN, IPsec and WireGuard
Firewall-as-a-Service for Campus Networks Based on P4-SFC
Taking care of security is a crucial task for every operator of a campus network. One of the most fundamental security-related network functions that can be found in most networks for this purpose are stateful firewalls. However, deploying firewalls in large campus networks, e.g., at a university, can be challenging. Hardware appliances that can cope with today's high data rates at the border of a campus network are not cost-effective enough for most deployments. Shifting the responsibility to run firewalls to single departments at a university is not feasible because the expertise to manage these devices is not available there. For this reason, we propose a cloud-like infrastructure based on service function chaining (SFC) and network function virtualization (NFV) that allows users to deploy network functions like firewalls at a central place while hiding most technical details from the users
A Survey of Scheduling in Time-Sensitive Networking (TSN)
TSN is an enhancement of Ethernet which provides various mechanisms for
real-time communication. Time-triggered (TT) traffic represents periodic data
streams with strict real-time requirements. Amongst others, TSN supports
scheduled transmission of TT streams, i.e., the transmission of their packets
by edge nodes is coordinated in such a way that none or very little queuing
delay occurs in intermediate nodes. TSN supports multiple priority queues per
egress port. The TAS uses so-called gates to explicitly allow and block these
queues for transmission on a short periodic timescale. The TAS is utilized to
protect scheduled traffic from other traffic to minimize its queuing delay. In
this work, we consider scheduling in TSN which comprises the computation of
periodic transmission instants at edge nodes and the periodic opening and
closing of queue gates.
In this paper, we first give a brief overview of TSN features and standards.
We state the TSN scheduling problem and explain common extensions which also
include optimization problems. We review scheduling and optimization methods
that have been used in this context. Then, the contribution of currently
available research work is surveyed. We extract and compile optimization
objectives, solved problem instances, and evaluation results. Research domains
are identified, and specific contributions are analyzed. Finally, we discuss
potential research directions and open problems.Comment: 34 pages, 19 figures, 9 tables 110 reference
Implementation and Evaluation of Activity-Based Congestion Management Using P4 (P4-ABC)
Activity-Based Congestion management (ABC) is a novel domain-based QoS mechanism providing more fairness among customers on bottleneck links. It avoids per-flow or per-customer states in the core network and is suitable for application in future 5G networks. However, ABC cannot be configured on standard devices. P4 is a novel programmable data plane specification which allows defining new headers and forwarding behavior. In this work, we implement an ABC prototype using P4 and point out challenges experienced during implementation. Experimental validation of ABC using the P4-based prototype reveals the desired fairness results
A Master Course on Network Softwarization: Lectures and Practical Assignments
A Master Course on Network Softwarization: Lectures and Practical Assignment
An SDN Architecture for Automotive Ethernets
Road vehicles are equipped with a rising number of driver assistance systems resulting in increasing bandwidth demand and need for reconfiguration that are difficult to satisfy with traditional in-vehicle networks. As a result, automotive Ethernet networks become more common. With rising complexity of in-vehicle networks, new requirements emerge and call for more flexible automotive network architectures. In this work, we give examples of how Ethernet-based automotive network architectures can profit from software-defined networking (SDN) and present an SDN-based architecture that allows to reconfigure the network dynamically
A Survey on Data Plane Programming with P4: Fundamentals, Advances, and Applied Research
With traditional networking, users can configure control plane protocols to
match the specific network configuration, but without the ability to
fundamentally change the underlying algorithms. With SDN, the users may provide
their own control plane, that can control network devices through their data
plane APIs. Programmable data planes allow users to define their own data plane
algorithms for network devices including appropriate data plane APIs which may
be leveraged by user-defined SDN control. Thus, programmable data planes and
SDN offer great flexibility for network customization, be it for specialized,
commercial appliances, e.g., in 5G or data center networks, or for rapid
prototyping in industrial and academic research. Programming
protocol-independent packet processors (P4) has emerged as the currently most
widespread abstraction, programming language, and concept for data plane
programming. It is developed and standardized by an open community and it is
supported by various software and hardware platforms. In this paper, we survey
the literature from 2015 to 2020 on data plane programming with P4. Our survey
covers 497 references of which 367 are scientific publications. We organize our
work into two parts. In the first part, we give an overview of data plane
programming models, the programming language, architectures, compilers,
targets, and data plane APIs. We also consider research efforts to advance P4
technology. In the second part, we analyze a large body of literature
considering P4-based applied research. We categorize 241 research papers into
different application domains, summarize their contributions, and extract
prototypes, target platforms, and source code availability.Comment: Submitted to IEEE Communications Surveys and Tutorials (COMS) on
2021-01-2
- …