More Like this

1. How would you like your packets delivered? An SDN-enabled open platform for QoS routing

   Chenfei Gao, Vahid Rajabian-Schwart ( June 2018 , IEEE.org IEEE Xplore Digital Library IEEE Standards IEEE Spectrum More Sites IEEE/ACM International Symposium on Quality of Service 4-6 June 2018 – Banff, Alberta, Canada)

   Traditional Internet routing is simple, scalable and robust, but cannot provide perfect QoS support due to the current completely distributed hop-by-hop routing architecture. Software defined networking (SDN) opens up the door to traffic engineering innovation and makes possible QoS routing with a broader picture of overall network resources. We further argue that SDN can provide more opportunity for the network users to make their own routing selections with network programmability. In this paper, we propose OpenMCR, a general framework for network users to make their own choice of routing given various requirements. OpenMCR provides routing subject to several additive QoS constraints, which is NP-hard when the number of constraints is two or more. By composing various necessary conditions with different path extension schemes, our platform can customize routing solutions for each network user based on their own requirements. Through experiments in an SDN emulated environment, we evaluate multiple aspects of OpenMCR, demonstrate its effectiveness compared with several baselines and validate our theoretical analysis. 

   more » « less
2. Joint Link-level and Network-level Reconfiguration for mmWave Backhaul Survivability in Urban Environments

   https://doi.org/10.1145/3345768.3355913  

   Liu, Yuchen ; Hu, Qiang ; Blough, Douglas M. ( January 2019 , Proceedings of the 22nd International ACM Conference on Modeling, Analysis and Simulation of Wireless and Mobile Systems)

   mmWave communication has been recognized as a highly promising technology for 5G wireless backhaul, which is capable of providing multi-gigabit per second transmission rates. However, in urban wireless backhaul environments, unforeseen events can cause short-term blockages or node failures and, therefore, network survivability is extremely important. In this paper, we investigate a novel relay-assisted mmWave backhaul network architecture, where a number of small-cell BSs and relays are deployed, e.g. on the lampposts of urban streets. Relays are used to provide multi-hop line-of-sight paths between small-cell BSs, which form logical links of the network. In this scenario, the interconnected logical links make up a mesh network, which offers opportunities for both link-level and network-level reconfiguration. We propose two joint link-network level reconfiguration schemes for recovery after exceptional events. One prioritizes relay path (link-level) reconfiguration and uses alternate network-level paths only if necessary. The other splits traffic on both reconfigured links and backup paths to improve network throughput. Simulation results demonstrate that the proposed schemes significantly outperform purely link-level and purely network-level reconfiguration schemes. The proposed approaches are shown to not only maintain high network throughput but to also provide robust blockage/fault tolerance across a range of scenarios for urban mmWave backhaul networks. 

   more » « less
3. Anonymous Multi-Hop Locks for Blockchain Scalability and Interoperability

   https://doi.org/10.14722/ndss.2019.23330  

   Malavolta, Giulio ; Moreno-Sanchez, Pedro ; Schneidewind, Clara ; Kate, Aniket ; Maffei, Matteo. ( February 2019 , 26th Annual Network and Distributed System Security Symposium, NDSS 2019)

   Tremendous growth in cryptocurrency usage is exposing the inherent scalability issues with permissionless blockchain technology. Payment-channel networks (PCNs) have emerged as the most widely deployed solution to mitigate the scalability issues, allowing the bulk of payments between two users to be carried out off-chain. Unfortunately, as reported in the literature and further demonstrated in this paper, current PCNs do not provide meaningful security and privacy guarantees [30], [40]. In this work, we study and design secure and privacy-preserving PCNs. We start with a security analysis of existing PCNs, reporting a new attack that applies to all major PCNs, including the Lightning Network, and allows an attacker to steal the fees from honest intermediaries in the same payment path. We then formally define anonymous multi-hop locks (AMHLs), a novel cryptographic primitive that serves as a cornerstone for the design of secure and privacy-preserving PCNs. We present several provably secure cryptographic instantiations that make AMHLs compatible with the vast majority of cryptocurrencies. In particular, we show that (linear) homomorphic one-way functions suffice to construct AMHLs for PCNs supporting a script language (e.g., Ethereum). We also propose a construction based on ECDSA signatures that does not require scripts, thus solving a prominent open problem in the field. AMHLs constitute a generic primitive whose usefulness goes beyond multi-hop payments in a single PCN and we show how to realize atomic swaps and interoperable PCNs from this primitive. Finally, our performance evaluation on a commodity machine finds that AMHL operations can be performed in less than 100 milliseconds and require less than 500 bytes of communication overhead, even in the worst case. In fact, after acknowledging our attack, the Lightning Network developers have implemented our ECDSA-based AMHLs into their PCN. This demonstrates the practicality of our approach and its impact on the security, privacy, interoperability, and scalability of today’s cryptocurrencies. 

   more » « less
4. Your Phone is My Proxy: Detecting and Understanding Mobile Proxy Networks

   https://doi.org/10.14722/ndss.2021.24008  

   Mi, Xianghang ; Tang, Siyuan ; Li, Zhengyi ; Liao, Xiaojing ; Qian, Feng ; Wang, XiaoFeng ( January 2021 , Proceeding of ISOC Network and Distributed System Security Symposium (NDSS), 2021)

   null (Ed.)

   Residential proxy has emerged as a service gaining popularity recently, in which proxy providers relay their customers’ network traffic through millions of proxy peers under their control. We find that many of these proxy peers are mobile devices, whose role in the proxy network can have significant security implications since mobile devices tend to be privacy and resource-sensitive. However, little effort has been made so far to understand the extent of their involvement, not to mention how these devices are recruited by the proxy network and what security and privacy risks they may pose. In this paper, we report the first measurement study on the mobile proxy ecosystem. Our study was made possible by a novel measurement infrastructure, which enabled us to identify proxy providers, to discover proxy SDKs (software development kits), to detect Android proxy apps built upon the proxy SDKs, to harvest proxy IP addresses, and to understand proxy traffic. The information collected through this infrastructure has brought to us new understandings of this ecosystem and important security discoveries. More specifically, 4 proxy providers were found to offer app developers mobile proxy SDKs as a competitive app monetization channel, with $50K per month per 1M MAU (monthly active users). 1,701 Android APKs (belonging to 963 Android apps) turn out to have integrated those proxy SDKs, with most of them available on Google Play with at least 300M installations in total. Furthermore, 48.43% of these APKs are flagged by at least 5 anti-virus engines as malicious, which could explain why 86.60% of the 963 Android apps have been removed from Google Play by Oct 2019. Besides, while these apps display user consent dialogs on traffic relay, our user study indicates that the user consent texts are quite confusing. We even discover a proxy SDK that stealthily relays traffic without showing any notifications. We also captured 625K cellular proxy IPs, along with a set of suspicious activities observed in proxy traffic such as ads fraud. We have reported our findings to affected parties, offered suggestions, and proposed the methodologies to detect proxy apps and proxy traffic. 

   more » « less
5. Multi-hop routing protocols for RFID systems with tag-to-tag communication

   https://doi.org/10.1109/MILCOM.2017.8170764  

   Liu, Chang ; Haas, Zygmunt J. ( October 2017 , IEEE Military Communications Conference)

   Radio frequency identification (RFID) is a technology for automated identification of objects and people. RFID technology is expected to find extensive use in applications related to the Internet of Things, and in particular applications of Internet of Battlefield Things. Of particular interest are passive RFID tags due to a number of their salient advantages. Such tags, lacking energy sources of their own, use backscattering of the power of an RF source (a reader) to communicate. Recently, passive RFID tag-to-tag (T2T) communication has been demonstrated, via which tags can directly communicate with each other and share information. This opens the possibility of building a Network of Tags (NeTa), in which the passive tags communicate among themselves to perform data processing functions. Among possible applications of NeTa are monitoring services in hard-to-reach locations. As an essential step toward implementation of NeTa, we consider a novel multi-hop network architecture; in particular, with the proposed novel turbo backscattering operation, inter-tag distances can be significantly increased. Due to the interference among tags’ transmissions, one of the main technical challenges of implementing such the NeTa architecture is the routing protocol design. In this paper, we introduce a design of a routing protocol, which is based on a solution of a non-linear binary optimization problem. We study the performance of the proposed protocol and investigate impacts of several network factors, such as the tag density and the transmit power of the reader. 

   more » « less