IRT Research Overview

IRT research

IRT Research OverviewFall 2009OverviewPI + 12 PhD students + ~4 visitors + 1 staff researcherNetwork infrastructurePBS: Permission-Based SendingNetServ for programmable networksMobile networks7DSPetriNet for modeling mobility protocolsLocation-based servicesModeling human mobilityNetwork management & measurementDYSWIS: distributed fault diagnosis & correctionVdelay: Video delay measurement toolApplications & middlewareRELOAD: P2P infrastructureSIP overload controlSPIT preventionNG911Selected other recent projectsMobile networksfast 802.11 hand-off802.11 MAC layers for VoIP802.11 measurement-based admission controlcooperative wireless nodesLoST: location + service URL + areaTransport layerTCP for multimedia applicationsApplications & middlewareDNS performanceDotSlash: self-scaling LAMP infrastructureNetwork infrastructurePermission-based sending (PBS)Objective Preventing DoS attacks and other forms of unauthorized traffic.Network traffic authorizationPermission is granted by the intended receiver.Permission represents the authority to send data.Deny-by-defaultUnauthorized traffic without permission is dropped at the first router by default.Hybrid approachProactive approachExplicit permission by on-path signalingNSIS protocol suites (GIST and PBS NSLP)Reactive approachMonitoring traffics using periodic signalingPBS detection algorithm (PDA)Secure mechanismSecure permission state setup using public key cryptographyProtect the authentication of data packets using IPsec

SeGi HongPermission-based sending (PBS)

Q (FID,PKey,Auth)SenderR1R2Receiver

Data flow (size = 1MB) / IPsecAttack flow(w/o IPsec)IPsec verification failedP (10MB, FID, Pkey, Skey, Auth)IPsec verification successQ ( FID,Pkey,Auth)Q (FID,Pkey,Auth)P (10MB, FID,Pkey, Skey, Auth)P (10MB, FID, Pkey, Skey, Auth)

Auth verification successAuth verification successInstall permission stateFID: 5-tuple based flow identificationTTL: permission state time limit for the flow T: Soft-state periodV: total volume of data that the sender has sent

P (10MB, FID, Pkey, Skey, Auth)P (10MB, FID,Pkey, Skey, Auth)P (10MB, FID, Pkey, Skey, Auth)Q (FID,PKey,Auth, V=1MB)TPkey: public keyAuth: authentication field for the signaling messageSkey: shared key for IPsecData flow (size = 1MB) / IPsecData flow (size = 1MB) / IPsecRV = Total 1MBQ (FID,PKey,Auth, V=1MB)Q (FID,PKey,Auth, V=1MB)Monitoring traffic (RV=V=1 MB)6NetServ: programming network elementsProblem: Ossification in the InternetApproach:Extensible architecture for core network servicesModularity: Building Blocks, Service ModulesVirtual services framework: security, portabilityCurrent results: Prototype using Click router & Java OSGi frameworkMeasurements indicating overhead from Java is acceptableFuture Work: Content Distribution Network (CDN) applicationSecurity and resource control (AAA)Implementation on a real routerJae Woo Lee &Suman SrinivasanNetServ - prototypePrototypeJava OSGi on top of ClickClick: Modular router platformOSGi: dynamic loading and unloading of modulesMeasurementBare Linux vs. Plain ClickPenalty for kernel-user transitionPlain Click vs. NetServJava overhead2) is small compared to 1)

AAA on virtualized environmentProblemTraditional user access to one servicetheory model consider access to centralized resource only Now and futureApplication integration: mashupCloud computingNetServ: may need many building blocks to build a serviceApproach and resultEstablish theory modelSpecial problems to be solvedperformanceauthoritative modelSecure AAA protocol

userresourceTraditionaluserresourceNow and futureTraditional: although AAA server and user database may be distributed, but the access model is user authorized access to one service ( resource)Now and future: may need to be authorized by several organization, access to several resource.

Performance: such as delay

Authoritative model including:1)Decision mechanism: with resource R1, R2, R3, access may allowed only when R1 and R2 and R3, or maybe R1 and (R2 or R3).2)Trust model

9Mobile networks & applicationsMobility systems modeling using Timed Petri netProblemMechanisms and design principles for optimized handover are poorly understoodLack of formal methodology to systematically discover or evaluate mobility optimizationsApproachIdentification of the fundamental properties that are rebound during a handover operationSystematic analysis of the primitive operations during handoverModeling of the handover processes that allows performance predictions to be made for both an un-optimized handover and for specific optimization techniques under systems resource constraintsResultsTimed Petri net-based mobility models for handoff processes using MATLAB and Time Net toolsAbility to predict systems behavior such as deadlocksVerification of optimization techniquesPrediction of handover performance under specific resource constraints (e.g., battery, CPU and network bandwidth)

Ashutosh DuttaPetri net modeling results

Figure 1: Timed Petri net modeling for handoffFigure 3: Concurrent handoff operations Figure 2: Sequential handoff operations Figure 4: Coverability tree a) sequential, b) concurrent(a)(b)7DS Disruption-tolerant networks

In the absence of the Internet: nodes can exchange information amongst themselvesConcept7DS application suite

Internet

Local P2P wireless networks to exchange information Get information they do not have from another peer Uses Getting web pages from peers Sending e-mails Query self for results Searches the cache index using: Swish-e library Presents results in three formats: HTML, XML and plain text Similar concept to Google Desktop

Exchange information among peers Requesting peer broadcasts query to network Responding peers reply if they have information Send encoded string with list of matching items Requesting peer retrieves suitable informationSearch engineQuery multicast engineInteresting problem: Service discovery protocols dont work well in opportunistic networks We looked at different ways of solving this problemSuman SrinivasanBonAHA framework for opportunistic networks

Mobile nodes; highly mobile networks No infrastructure OLPC; mesh networks Ad-hoc applications/ Mobile P2P applications Applications need to Be aware of network transitions State/metadata of nodes in the networkOpportunistic Networks Really localized applications Work in cloud or opportunistic networks Examples File synchronization Bulletin Board system We have a framework for this: BonAHA And applications built using itBonAHA framework

For registrationservice = new BService(loc", "tcp");service.set("Latitude", lat);service.register();service.setListener(this);For network transitionsnodeUpdated()nodeExited()BonAHA API

Runs on iPod/iPhone Allows users to upload posts Other users can pick up posts and share their own Information on events, etc that they are interested in sharing BBS application Allows users to discover peers in local network and chat Rooms can be set up for private chats Group Chat Users can share files with each other by dragging and dropping files onto peers computers Handles peers entering and leaving networkFile SharingApplications written using BonAHA Papers published: CCNC 2009, NGMAST 2008,CoNEXT student workshop 2007Mobility behaviorWhat are mobility models good for?Disruption-tolerant (store-move-forward) networksQoS in cellular networksProblem: Current synthetic and trace-based mobility models inadequateWe are using Sense Networks tracesGPS traces of a wide-spectrum of mobile usersCitysense application

Arezu MoghadamPeriodic Model to Predict Users next LocationLearning probability distribution of a users movement from the training set up to time T

Learning users pattern by mapping timestamps to hourly timeslots of the week

For example timestamp t > T maps to timeslot j

User k012346716858Weektimestamp ijj+1tNetwork management & measurementDYSWIS: Whats wrong with the network?Traditional Diagnostics ToolsEnd-user diagnostics: Difficult to obtain information about what is happening beyond the local networkCentralized management: Hard to determine failure causes because it does not know end-users personal environment such as network device, wireless router, and firewall.

New ApproachDYSWIS : Distributed, End-to-end, and Intelligent

Why I cannot send an email???

ZZZzzz....

Traditional tools: Neither end-users nor central tools can detect misbehavior of a router.Kyung Hwa KimDYSWISDYSWIS = automatic network fault diagnosis system Distributed: ask other nodes what they see & remote probing.End-to-end: end-user knows his situation best.Users collaborate with others to collect informationSecurity: Continuously monitor network packets.Auto-detection: Detect faults automatically and start to diagnose.Current implementation statusDYSWIS framework and protocol developedSeveral probing modules (NAT, Firewall, SIP, RTP, and DNS)DYSWISDHTNetwork

What happened to the web server?

ProbeProbeRequest

vDelay: Measuring capture-to-display latency and frame rateMeasures capture-to-display latency and frame rate of a video chat sessionDoes not require access to source code or network streamJava-based platform independent

vDelay

Performance of video chat applications under congestionPerformance of video chat under congestionPerformance of video chat applications under congestionResidential area networks (DSL and cable)Limited uplink speeds (around 1Mbit/s)Big queues in the cable/DSL modem(600ms to 6sec)Shared more than one user/applicationInvestigate applications behavior under congestionWhether they are increasing the overall congestionOr trying to maintain a fair share of bandwidth among flows

Experimental Setup

Results: X-Lite

X-Lite with 10kb-10sec step functionVideo chatAnalyzed Skype, Live Messenger, X-Lite and EyebeamSkype behaved the best by adapting its codec parameters based not only on packet loss but also on RTT and jitter. This allowed Skype to closely follow the changes in bandwidth without causing any packet loss. Eyebeam performed the worst with high fluctuations in the transmission speed of its video traffic and with poor adaptation to bandwidth fluctuations.Due to limited upstream bandwidth, video clients must have bandwidth adaptation mechanisms and must be able to differentiate between wireless losses and congestion losses.Applications & middleware28Peer-to-peer communication systems

P2P-SIP / PSTN gateway

NATFirewallnetwork addressof node E?CallCallmediaWhat is distributed?directory servicecall signalingmedia session and conferencingpresencenode Cnode Bmedia relay (or relay)

node Anode Dnode ESalman BasetPeer-to-peer communication systems

29ReliabilitySession qualityProtocol and system designMeasurementApproachAnalytical modelingSimulationsBuilding systemMeasurement

ChallengesVideo conferencing

CURESPIT: Controlling Unsolicited Requests against SPITBlack/white-list SPIT filtering incurs false positivesThe more convenient communications we have, the more vulnerable to unsolicited bulk communications we are. It is crucial to differentiate incoming requests from those with weak social ties from SPIT.

Callee

Address book:List of caller IDs of those with strong ties- family- friends- colleagues etc.Strong social tiesINVITEFrom: AcceptCallersINVITEFrom: ?Weak social tiesINVITEFrom: No social ties?Kumiko OnoCURESPIT: Controlling Unsolicited Requests against SPIT Label incoming requests using cross-media relations from earlier communications

2. Store cross-media relationsas references to prior comm.

Cross-media relations:- Message-ID of emails- Call-ID of dialogs- email on web pageCallers with weak social ties3.INVITEFrom: with reference to prior comm.1. An outgoing message via HTTP, email or SIP Callee4. Labeling by referencing prior comm.SIP Server Overload Control (I)10/05/200932

RE

SE

Special connection for INVITE requestsNormal connection for non-INVITE requests UACUASSmart INVITE request forwardingProblem statement: SIP server overload during emergency, call-in TV programs, etc. Default TCP configurations cause performance collapse Approach: Virtually split the TCP connection into two Upstream server conducts smart forwarding to release pressure SIP Server Overload Control (II)10/05/200933Results: Under our mechanism, the throughput under heavy overload remains close to the capacity

NG911: Emergency calling using IPProblemIs it possible to offer emergency calling services on an all-IP network?

Benefits of an all-IP networkMultimediaData integration Flexible routing during massive disastersChallengesHow to determine the location of the calling device?How to route calls based on location information?How to use multimedia and add data to call?* Figure: NYC PSAP in Brooklyn

NG911

A SIP-based emergency calling infrastructure

Location determination at the call sourceLocation-based routingusing LoSTIP-based PSAPsformultimediaanddataLocation-based servicesLocation-based services: services bound to a user physical location (gas stations, restaurants, indoor directions, )Location determinationGPS, cellular triangulationLocation deliveryHELD, PIDF-LOService type representationService URNs (draft-forte-ecrit-service-classification-02)Service discoveryLoST, LoST extensions (draft-forte-ecrit-lost-extensions-02)

36LoST ExtensionsLoST: particular attention given to emergency service requirements

We define two new queries Within distance XNew use of circular shape used in queriesN closestNew attribute limit to element37Service URNsHow to describe services?List of service URNs (draft-forte-ecrit-service-classification-02)How to define new top-level service labels?Non standard action (draft-forte-ecrit-service-urn-policy-00)EXAMPLE:

urn:service:cultural cultural.art-gallery cultural.library cultural.monument cultural.museum cultural.theater urn:service:education education.classroom education.day-care-center education.nursery education.school38Presence-enabled rule languageThe future Fixed Mobile Convergence will provide ubiquitous always-on communication services

User personalization is a key factor in the success of FMC services Presence information: preferences on communications, device capabilities, privacy rules, calendar information, location information

IETF SIP for Instant Messaging and Presence Leveraging Extensions (SIMPLE ) framework:Users publish their presence documents to a Presence Server (PS) The PS notifies the proper presence information to the users watchers

Our objective: The design of a rule-based language enhanced with presence information and the implementation of a prototype.

Presence-enabled rule languageThe language allows users to set rules based on their presence information just some examples.Accept only calls from my boss when I am workingSend me an instant message when my son get homeReject any call from a friend when I am in a meeting, and send him or her the message I am busy, I will call you back later

The language allows to save memory and processing resources on the client devices and bandwidthIf I am connected to my self phone, send me any presence notification as an email but dont notify meIf my memory resources are scarce, save only the most important presence information about my work matesIf the bandwidth is limited, publish only my activity and status information

Other functions are also possible: filtering information, privacy filtering, remote control of applications.Backup slidesDoS attacks42From 40,000 sensors monitoring networks in over 180 countries through Symantec products and services and third-party sources.The largest DDoS attack size: 40 Gb/sec, 2007

CyberweaponsPolitical and military conflictsPolitical fight between Estonia and Russia, 2007Georgian-Russian war, 2008Internet Attacks Grow More Potent, NY Times, Nov 9, 2008

43PBS implementation structure43User levelKernel levelOn-path signalingPBS NSLPProcessing(OpenSSL)NTLP (GIST)ProcessingLinux kernel routing table(route)Netfilter IP packet filtering(iptables)Control and configurationData flowSignal flowState table: permission state, IPsec state(Hashtable)Userspace IPsec module(netfilter queue module, libiptc, OpenSSL)NetworkdeviceNetworkdeviceAuthorizationTraffic managementTestbedAMD Opteron 2.2GHz CPU and 2GB RAMLinux kernel version 2.6.23

44

DoS attackInternetAny one can inject any IP packets into the networkResource are shared by all usersDenial-of-Service (DoS) attacks are possibleDoS attacks Aim to disrupt the service provided by a network or serverAttacker might spoof the source addressBotnets: The attacker controls the compromised computer by IRC channel

BotnetThe attacker controls the compromised computer by IRC (Internet Relay Chat) channelSYN flood, ICMP flood and HTTP flood

45Attack

Attack

AttackAttackDATA

AttackAttack

DATA45CPU usage for signaling46

Number of concurrent sessions that can be handled 600 (Q, P) messages /sec 36,000 concurrent flows with 60 sec refresh period with fair queue

NetworkResourceDiscovery
ConfigurationProcess
NetworkAttached
MobileConfigured
NetworkDetectionProcess
P1
P2
P3
P0
t2
t3
p01
p02
p03
t01
t02
t03
ChannelDiscovery
Subnet discovery
Serverdiscovery
P11
P12
P13
t11
t12
t13
NetworkDiscovered
p21
p22
p23
L2association
Routersolicitation
DomainAdvertisement
t22
t21
t23
t1
Identifieracquisition
DuplicateAddressDetection
Addressresolution

ResourcesM available

scanning

Authentication

4-way Handshake

t2

t3

t4

t5

P2

P3

P4

Association

Connected

MobileDisconnected

Resources B available

Resources P available

P1

PB

PM

PP

P0

t1

Disconnection

NetworkDiscovered

Mobileauthenticated

1 token

PA
CPU
MemoryPB
4-way handshakecomplete
t2
t3
t4
P2
P3
t1
Scanning
Authentication
NetworkDiscovered
4-wayHandshakeOperation
P1
ResourcesNetwork b/w
MobileAuthenticated
Connected
Association
P0
P01
P02
2
2

PSTN / MobileP2PText

Server

Emergency Services Network (ESN)

Emergency Services Routing Proxy (ESRP)

Chart127.27526.97526.5627.4426.76535.3334.97534.6235.99534.4841.641.45542.15544.3543.4748.6970070070070057.295800800800800

Q:UDP, P:UDPQ:TCP, P:TCPQ:UDP, P:TLSQ:TCP, P:TLSQ:TLS, P:TLSRate: # of (Q, P) messages/secCPU usage (%)CPU usage of PBS NSLP

Sheet11002003004005006007008009001000udp+udpnslp25.834.241.54859.825.937.739.148.157.325.536.843.349.557.229.535.841.74858.527.533.844.147.156.526.235.140.349.157.327.234.442.650.156.327.63640.746.457.228.833.639.546.958.728.131.840.546.254.829.135.940.749.654.225.934.640.648.257.226.535.242.950.157.826.93342.250.25925.536.541.34959.927.534.342.946.65829.135.440.150.857.826.638.443.547.557.327.936.441.94956.428.437.742.653.454.727.27535.3341.648.6957.295tcp+tcp25.932.841.424.235.141.927.27535.3341.658.6957.29524.633.739.926.97534.97541.45525.936.444.625.535.541.625.635.14026.234.44225.234.842.627.735.437.927.232.843.126.53439.725.93843.326.234.844.527.834.141.228.935.443.529.536.341.331.234.339.629.834.939.328.536.340.727.235.44126.97534.97541.455tls+tls28.13544.424.534.74427.234.744.325.833.542.827.736.34625.135.941.124.435.143.530.134.841.724.233.542.326.534.441.729.53244.426.43145.127.835.44226.934.14427.234.543.627.236.243.427.932.942.727.635.244.925.634.94425.635.543.526.76534.4843.4727.27535.3341.658.6957.29526.97534.97541.455tcp+tls28.236.547.126.76534.4843.4729.237.243.625.935.845.731.236.547.127.234.547.524.936.842.229.835.844.526.236.543.329.536.145.126.934.542.925.834.542.227.436.443.627.833.743.729.137.745.926.735.742.424.836.542.826.532.943.127.236.647.427.838.244.327.27535.3341.648.6957.29526.737.542.626.97534.97541.45527.4435.99544.3526.5634.6242.15527.4435.99544.35udp+tls26.76534.4843.4728.133.141.526.936.144.526.63740.627.535.344.324.834.74327.133.443.927.534.443.125.935.240.627.234.742.126.834.143.926.233.842.924.934.142.127.835.141.628.834.540.725.133.341.525.633.142.127.433.839.927.235.442.626.335.840.623.535.541.626.5634.6242.155

Sheet10000000000000000000000000


Sheet21002003004005006007008009001000udp+udpgist8.611.912.611.813.27.66510.01511.22513.5815.4858.68.310.912.915.415.4557.38.610.311.9165.610.311.612.815.16.911.98.614.815.76.610.610.214.215.18.312.69.612.515.77.39.911.613.21789.511.812.214.27.99.911.514.515.96.98.614.614.816.88.37.910.914.514.987.911.513.217.18.610.611.212.915.27.910.612.214.9167.39.910.616.815.57.311.911.813.914.78.38.911.513.515.57.310.610.613.814.58.39.910.912.516.27.66510.01511.22513.5815.485tcp+tcp17.221.528.313.921.227.114.324.829.714.920.924.414.320.929.214.619.528.415.921.529.115.620.626.77.66510.01511.22513.5815.48515.522.829.715.45521.5427.615.320.925.714.620.529.513.620.526.417.6202615.920.927.315.322.826.115.621.228.115.321.828.414.923.129.717.22226.117.623.426.115.45521.5427.6tcp/tls+tcp/tls27.529.740.529.130.7417.66510.01511.22513.5815.48525.931.841.115.45521.5427.628.131.641.52730.739.127.8304226.82532.58541.1528.732.740.824.234.142.128.831.842.327.833.942.723.535.342.425.131.139.125.533.541.326.233.24126.932.942.326.535.541.126.234.241.124.233.939.328.932.940.428.632.241.926.82532.58541.15tcp+tls22.925.531.122.225.432.524.924.232.321.224.52920.925.928.725.224.833.820.924.53124.523.5337.66510.01511.22513.5815.48521.925.930.915.45521.5427.623.924.933.722.825.533.622.9425.10531.621.824.831.426.82532.58541.1521.827.131.822.523.130.723.424.834.125.125.731.523.826.633.224.224.428.221.524.930.423.426.131.122.9425.10531.6udp+tls17.925.530.919.624.526.517.623.83016.924.428.818.524.430.17.66510.01511.22513.5815.48519.525.526.415.45521.5427.619.5243019.49524.43529.8120.924.427.122.9425.10531.618.925.130.326.82532.58541.1519.223.53019.924.528.816.524.228.121.524.231.718.324.732.520.523.231.618.525.231.921.725.131.722.223.528.120.123.93122.225.130.719.49524.43529.81

Sheet20000000000000000000000000

Q:UDP, P:UDPQ:TCP, P:TCPQ:UDP, P:TLSQ:TCP, P:TLSQ:TLS, P:TLSRate: # of (Q, P) messages/secCPU usage (%)CPU usage of GIST

Sheet37.66510.01511.22513.5815.48515.45521.5427.619.49524.43529.8122.9425.10531.626.82532.58541.1527.27535.3341.648.6957.29526.97534.97541.45526.5634.6242.15527.4435.99544.3526.76534.4843.477.66510.01511.22513.5815.48527.27535.3341.648.6957.29534.9445.34552.82562.2772.7834.9445.34552.82562.2772.7842.4356.51569.05546.05559.05571.96515.45521.5427.650.3861.175.9526.97534.97541.45553.50967.06584.6242.4356.51569.05519.49524.43529.8126.5634.6242.15546.05559.05571.96522.9425.10531.627.4435.99544.3550.3861.175.9526.82532.58541.1526.76534.4843.4753.5967.06584.62

Sheet30000000000000000000000000

Q:UDP, P:UDPQ:TCP, P:TCPQ:UDP, P:TLSQ:TCP, P:TLSQ:TLS, P:TLSRate: # of (Q, P) messages/secCPU usage (%)CPU usage of PBS

Chart27.66515.45519.49522.9426.82510.01521.5424.43525.10532.58511.22527.629.8131.641.1513.5870070070070015.485800800800800



Sheet10000000000000000000000000



Sheet20000000000000000000000000


Sheet37.66510.01511.22513.5815.48515.45521.5427.619.49524.43529.8122.9425.10531.626.82532.58541.1527.27535.3341.648.6957.29526.97534.97541.45526.5634.6242.15527.4435.99544.3526.76534.4843.477.66510.01511.22513.5815.48527.27535.3341.648.6957.29534.9445.34552.82562.2772.7834.9445.34552.82562.2772.7842.4356.51569.05546.05559.05571.96515.45521.5427.650.3861.175.9526.97534.97541.45553.50967.06584.6242.4356.51569.05519.49524.43529.8126.5634.6242.15546.05559.05571.96522.9425.10531.627.4435.99544.3550.3861.175.9526.82532.58541.1526.76534.4843.4753.5967.06584.62

Sheet30000000000000000000000000


Chart334.9442.4346.05550.3853.50945.34556.51559.05561.167.06552.82569.05571.96575.9584.6262.2770070070070072.78800800800800

Q:UDP, P:UDPQ:TCP, P:TCPQ:UDP, P:TLSQ:TCP, P:TLSQ:TLS, P:TLSRate: # of (Q, P) messages/secCPU usage (%)CPU usage of PBS (GIST and PBS NSLP)


Sheet1400400400400400500500500500500600600600600600700700700700700800800800800800



Sheet2400400400400400500500500500500600600600600600700700700700700800800800800800


Sheet37.66510.01511.22513.5815.48515.45521.5427.619.49524.43529.8122.9425.10531.626.82532.58541.1527.27535.3341.648.6957.29526.97534.97541.45526.5634.6242.15527.4435.99544.3526.76534.4843.477.66510.01511.22513.5815.48527.27535.3341.648.6957.29534.9445.34552.82562.2772.7834.9445.34552.82562.2772.7842.4356.51569.05546.05559.05571.96515.45521.5427.650.3861.175.9526.97534.97541.45553.50967.06584.6242.4356.51569.05519.49524.43529.8126.5634.6242.15546.05559.05571.96522.9425.10531.627.4435.99544.3550.3861.175.9526.82532.58541.1526.76534.4843.4753.5967.06584.62

Sheet3400400400400400500500500500500600600600600600700700700700700800800800800800


IRT Research Overview

Documents

Transcript of IRT Research Overview