DNS++: Dynamic Name Resolution with Homomorphic Encryption Based Privacy

This paper presents DNS++, a re-design of the Internet's name resolution system that addresses dynamic information and privacy. DNS++ uses a pub/sub overlay to send updates about a given service to interested clients, allowing them to (re)select between replicas according to their requirements, as updates about services and their features dynamically change. Since third-party brokers in the overlay are not always trusted for the confidentiality of the content flowing through them, clients' privacy is preserved in DNS++ through homomorphic encryption. Brokers are prevented from accessing encrypted service information but can perform homomorphic match and forward service updates to relevant clients through the overlay accordingly. Assuming that forwarding tables in each broker are implemented via ordered data structures, the time required for adding a new client's subscription, and to perform homomorphic match between existing subscriptions and service updates, would grow logarithmically with the number of entries within a table. This is shown by our performance evaluation, which confirms that DNS++ is feasible to be deployed with an acceptable performance overhead

The Impact of Encoding and Transport for Massive Real-time IoT Data on Edge Resource Consumption

Edge microservice applications are becoming a viable solution for the execution of real-time IoT analytics, due to their rapid response and reduced latency. With Edge Computing, unlike the central Cloud, the amount of available resource is constrained and the computation that can be undertaken is also limited. Microservices are not standalone, they are devised as a set of cooperating tasks that are fed data over the network through specific APIs. The cost of processing these feeds of data in real-time, especially for massive IoT configurations, is however generally overlooked. In this work we evaluate the cost of dealing with thousands of sensors sending data to the edge with the commonly used encoding of JSON over REST interfaces, and compare this to other mechanisms that use binary encodings as well as streaming interfaces. The choice has a big impact on the microservice implementation, as a wrong selection can lead to excessive resource consumption, because using a less efficient encoding and transport mechanism results in much higher resource requirements, even to do an identical job

End-to-end slices to orchestrate resources and services in the cloud-to-edge continuum

Fog computing, combined with traditional cloud computing, offers an inherently distributed infrastructure – referred to as the cloud-to-edge continuum – that can be used for the execution of low-latency and location-aware IoT services. The management of such an infrastructure is complex: resources in multiple domains need to be accessed by several tenants, while an adequate level of isolation and performance has to be guaranteed. This paper proposes the dynamic allocation of end-to-end slices to perform the orchestration of resources and services in such a scenario. These end-to-end slices require a unified resource management approach that encompasses both data centre and network resources. Currently, fog orchestration is mainly focused on the management of compute resources, likewise, the slicing domain is specifically centred solely on the creation of isolated network partitions. A unified resource orchestration strategy, able to integrate the selection, configuration and management of compute and network resources, as part of a single abstracted object, is missing. This work aims to minimise the silo-effect, and proposes end-to-end slices as the foundation for the comprehensive orchestration of compute resources, network resources, and services in the cloud-to-edge continuum, as well acting as the basis for a system implementation. The concept of the end-to-end slice is formally described via a graph-based model that allows for dynamic resource discovery, selection and mapping via different algorithms and optimisation goals; and a working system is presented as the way to build slices across multiple domains dynamically, based on that model. These are independently accessible objects that abstract resources of various providers – traded via a Marketplace – with compute slices, allocated using the bare-metal cloud approach, being interconnected to each other via the connectivity of network slices. Experiments, carried out on a real testbed, demonstrate three features of the end-to-end slices: resources can be selected, allocated and controlled in a softwarised fashion; tenants can instantiate distributed IoT services on those resources transparently; the performance of a service is absolutely not affected by the status of other slices that share the same resource infrastructure

Private Routing in the Internet

Despite the breakthroughs in end-to-end encryption that keeps the content of Internet data confidential, the fact that packet headers contain source and IP addresses remains a strong violation of users' privacy. This paper describes a routing mechanism that allows for connections to be established where no provider, including the final destination, knows who is connecting to whom. The system makes use of inter-domain source routing with public key cryptography to establish connections and simple private symmetric encryption in the data path that allows for fully stateless packet transmission. We discuss the potential implications of real deployment of our routing mechanism in the Internet

DNS++: Dynamic Name Resolution with Homomorphic Encryption Based Privacy

This paper presents DNS++, a re-design of the Internet's name resolution system that addresses dynamic information and privacy. DNS++ uses a pub/sub overlay to send updates about a given service to interested clients, allowing them to (re)select between replicas according to their requirements, as updates about services and their features dynamically change. Since third-party brokers in the overlay are not always trusted for the confidentiality of the content flowing through them, clients' privacy is preserved in DNS++ through homomorphic encryption. Brokers are prevented from accessing encrypted service information but can perform homomorphic match and forward service updates to relevant clients through the overlay accordingly. Assuming that forwarding tables in each broker are implemented via ordered data structures, the time required for adding a new client's subscription, and to perform homomorphic match between existing subscriptions and service updates, would grow logarithmically with the number of entries within a table. This is shown by our performance evaluation, which confirms that DNS++ is feasible to be deployed with an acceptable performance overhead

Dynamic Monitoring of Data Center Slices

Slicing is a move towards segmentation of resources and deployment of NFV for the purpose of enhanced services and applications on globally shared resources. The slicing approach in this paper considers Data Center slicing and the VIM on-demand model. We focus on the monitoring of Data Center slices, showing what is needed from the monitoring perspective and how the monitoring should be done. The proposed monitoring approach is validated on a platform that supports the on-demand creation of lightweight VIM instances

Real-Time Management and Control of Monitoring Elements In Dynamic Cloud Network Systems

This paper explores new scenarios where Cloud Network Service Providers take advantage of using more flexible resource management and orchestration solutions in the form of dynamic virtualised compute, network and storage resources. The main focus of this work is to analyse how those challenges will considerably impact the requirements of the monitoring process. A framework in the context of 5G is here presented to support the dynamic on-demand management, configuration and control of a monitoring subsystem which: can easily scale up / down according to the number of running entities in the system as result of the instantiation / termination of multiple services; can provide mechanisms to dynamically activate / deactivate its constituent elements on-demand according to the type of services to be monitored; and can provide mechanisms to dynamically adjust the configuration if its elements. Experimental outcomes, where a Monitoring Controller was used to adjust the measurement collection / sending rate of the probes in the monitoring subsystem on the-fly are also presented. The paper shows how this prevented the transmission of vast amounts of data when the number of virtual entities and related monitoring probes in the system scaled up to hundreds of elements

Extending Slices into Data Centers: the VIM on-demand model

This paper explores some of the mechanisms, components, and abstractions that can be utilized in order to encompass network slicing into a bigger picture for NFV delivery. In particular, we make the case for Data Center (DC) infrastructure slicing, as part of the full NFVI foundation, to ensure that the attributes prescribed to network slices are propagated into the Data Center. We show how creating a VIM (Virtual Infrastructure Manager) on-demand and dynamically allocating a new VIM for each slice, rather than having one for the whole DC, which can be beneficial for various precision scenarios. Index Terms—infrastructure slicing, VIM, network slicing

Efficiency Enhancement for an S-Band Axial Vircator Using 5-Stage Two-Step Tapered Radiators

An S-band multistage axial virtual cathode oscillator with efficiency enhancement for high pulsed power electromagnetic applications is presented. The Particle-in-Cell (PIC) results of the designed 5-stage Vircator, with two-step negative tapering in the reflectors, carried out by CST Studio suite 2021 simulation code show a peak power value of 5.54 GW and an efficiency value of 13.65% at 2.45 GHz, under a beam voltage and current equal to 520 kV and 20 kA, respectively

Neutron tomography in modern archaeology

The search for non invasive and non destructive techniques is fundamental when dealing with samples of great historical, cultural and artistic value as well as with samples strongly degraded. Among different techniques, Neutron Tomography NT allows a close analysis of samples of Archaeological interest without damaging them. In what follows, a few cases in which the Neutron Tomography instrument of the BENSC at HMI Berlin has been successfully applied will be show