Ahmed Osama Fathy Atya

Wireless network coding: Deciding when to flip the switch

Network coding has been shown to offer significant throughput benefits over store-and-forward routing in certain wireless network topologies. However, the application of network coding may not always improve the network performance. In this paper1, we provide a comprehensive analytical study, which helps in assessing when network coding is preferable to a traditional store-and-forward approach. Interestingly, our study reveals that in many topological scenarios, network coding can in fact hurt the throughput performance; in such scenarios, applying the store-and-forward approach leads to higher network throughput. We validate our analytical findings via extensive testbed experiments, and we extract guidelines on when network coding should be applied instead of store-and-forward.

Exploiting Subcarrier Agility to Alleviate Active Jamming Attacks in Wireless Networks

Malicious interference injection or jamming is one of the simplest ways to disrupt wireless communications. Prior approaches can alleviate jamming interference to a limited extent; they are especially vulnerable to a reactive jammer i.e., a jammer that injects noise upon sensing a legitimate transmission or wideband jamming. In this paper, we leverage the inherent features of OFDM (Orthogonal Frequency Division Multiplexing) to cope with such attacks. Specifically, via extensive experiments, we observe that the jamming signal experiences differing levels of fading across the composite sub-carriers in its transmission bandwidth. Thus, if the legitimate transmitter were to somehow exploit the relatively unaffected sub-carriers to transmit data to the receiver, it could achieve reasonable throughputs, even in the presence of the active jammer. We design and implement JIMS, a Jamming Interference Mitigation Scheme that exploits the above characteristic by overcoming key practical challenges. Via extensive testbed experiments and simulations we show that JIMS achieves a throughput restoration of up to 75 percent in the presence of an active jammer.

Performance of visible light communications with dimming controls

Visible light communications (VLC) have gained popularity as an alternative to RF. Understanding the underlying communications is key to the design of MAC protocols for arbitrating access across lights in multiple rooms. We consider the interference across two rooms from VLC emitters. The emitters use Binary Pulse Position Modulation (BPPM); the pulse width is varied to provide different dimming levels. We use a modified ray-tracing algorithm to calculate the channel impulse response between the emitters and receivers that are located at different positions within a room. We analyze the performance observed at the receivers in the presence of (i) illumination and (ii) transmissions from an interfering VLC emitter. We find that in the former case, the VLC emissions from the interferer do not impact the reception at the target receiver. In the latter case, the performance is degraded and it depends on the position of the receiver.

BOLT: realizing high throughput power line communication networks

Power line communications (PLC) offer an immediate means of providing high bandwidth connectivity in settings where there is no in-built network infrastructure. While there is recent work on understanding physical and MAC layer artifacts of PLC, its applicability and performance in multi-flow settings is not well understood. We first undertake an extensive measurement study that sheds light on the properties of PLC that significantly affect performance in multi-flow settings. Using the understanding gained, we design BOLT, a framework that adopts a learning-based approach to effectively manage and orchestrate flows in a PLC network. BOLT is flexible and is agnostic to standards; it can be used to implement scheduling algorithms that target different performance goals. We implement BOLT on three different testbeds using off-the-shelf PLC adapters and showcase its ability to effectively manage flows, delivering several folds throughput improvement over state-of-the-art solutions.

On the flow anonymity problem in Network Coding

In this paper, we aim at protecting the privacy of the communicating parties while ensuring the authenticity of source nodes. In particular, we exploit intra-flow network coding to preserve the anonymity of communicating parties. Towards this objective, we propose an anonymity preservation scheme, namely closed group anonymity (CGA) that preserves the anonymity of the communicating parties via mixing their flows. Afterwards, we explore an instance of the Authentication-Privacy Trade-off in the context of Network Coding. We analyze the trade-off with the aid of the proposed anonymity scheme and a previously proposed Source Authentication Scheme using Network Coding (SANC). We present simulation results showing that the proposed algorithm successfully leverages network coding to preserve anonymity against traffic analysis attacks. Finally, we not only confirm the fundamental authentication-privacy trade-off in the context of intra-flow network coding but also parameterize it via introducing a tunable parameter to dynamically control, and potentially balance, this trade-off depending on the security provisions dictated by the operational scenario and application of interest.

Malicious co-residency on the cloud: Attacks and defense

Attacker VMs try to co-reside with victim VMs on the same physical infrastructure as a precursor to launching attacks that target information leakage. VM migration is an effective countermeasure against attempts at malicious co-residency. In this paper, we first undertake an experimental study on Amazon EC2 to obtain an in-depth understanding of the side-channels an attacker can use to ascertain co-residency with a victim. Here, we identify a new set of stealthy side-channel attacks which, we show to be more effective than currently available attacks towards verifying co-residency. Based on the study, we develop a set of guidelines to determine under what conditions victim VM migrations should be triggered given performance costs in terms of bandwidth and downtime, that a user is willing to bear. Via extensive experiments on our private in-house cloud, we show that migrations using our guidelines can limit the fraction of the time that an attacker VM co-resides with a victim VM to about 1 % of the time with bandwidth costs of a few MB and downtimes of a few seconds, per day per VM migrated.

Detection of stealthy TCP-based DoS attacks

Denial of service (DoS) attacks are among the most crippling of network attacks because they are easy to orchestrate and usually cause an immediate shutdown of whatever resource is targeted. Todays intrusion detection systems check if specific single scalar features exceed a threshold to determine if a specific TCP-based DoS attack is underway. To defeat such systems we demonstrate that an attacker can simply launch a combination of attack threads, each of which on its own does not break a system down but together can be very potent. We demonstrate that such attacks cannot be detected by simple threshold based statistical anomaly detection techniques that are used in todays intrusion detection systems. We argue that an effective way to detect such attacks is by jointly considering multiple features that are affected by such attacks. Based on this, we identify a possible set of such features and design a new detection approach that jointly examines these features with regards to whether each exceeds a high threshold or is below a low threshold. We demonstrate that this approach is extremely effective in detecting stealthy DoS attacks; the true positive rate is close to 100 % and the false positive rate is decreased by about 66 % as compared to traditional detectors.

Mitigating malicious interference via subcarrier-level radio agility in wireless networks

Malicious interference injection or jamming is one of the simplest ways to disrupt wireless communications. Prior approaches can alleviate jamming interference to a limited extent; they are especially vulnerable to a reactive jammer i.e., a jammer that injects noise upon sensing a legitimate transmission or wideband jamming. In this paper, we leverage the inherent features of OFDM (Orthogonal Frequency Division Multiplexing) to cope with such attacks. Specifically, via extensive experiments, we observe that the jamming signal experiences differing levels of fading across the composite sub-carriers in its transmission bandwidth. Thus, if the legitimate transmitter were to somehow exploit the relatively unaffected sub-carriers to transmit data to the receiver, it could achieve reasonable throughputs, even in the presence of the active jammer. We design and implement JIMS, a Jamming Interference Mitigation Scheme that exploits the above characteristic by overcoming key practical challenges. Via extensive testbed experiments and simulations we show that JIMS achieves a throughput restoration of up to 75% in the presence of an active jammer.

RUFC: A flexible framework for reliable UDP with flow control

Various reliable UDP with flow control schemes have been widely adopted to enhance the native UDP protocol. However, all existing schemes exhibit one or more drawbacks that prevent them from achieving the optimal performance in practice. For example, some schemes under-utilize the available bandwidth; some schemes enforce high overhead logic; and some schemes have rigid policies and parameters that do not adapt to ever-changing system runtime and network conditions. In this paper, we propose RUFC, an efficient and flexible framework to support Reliable UDP with Flow Control. Our framework fits between the transport layer employing UDP and the application layer. While providing the common functionalities and interfaces for both layers, RUFC is capable of supporting policy customization and parameter tuning to achieve the optimal application performance. Extensive experimental data shows that RUFC significantly outperforms the native UDP protocol as well as the two state-of-the-art UDP-based protocols (UDT and Tsunami) in terms of throughput and error rate.

Enhancing WiFi Throughput with PLC Extenders: A Measurement Study

Today, power line communications (PLC) based WiFi extenders are emerging in the market. By simply plugging an extender to a power outlet, a user can create a second access point which connects to a master AP/router using the power line infrastructure. The underlying belief is that this can enhance the throughput that a user can achieve at certain locations (closer to the extender) and potentially increase wireless capacity. In this paper, we conduct an in-depth measurement study to first see if this belief always holds true, and if it does, the extent to which the end-to-end throughput improves. Our measurement study covers both homes and enterprise settings, as well as single and multi-user (or multi-device) settings. Surprisingly, we find that in 46% of cases in an office environment, using a PLC extender does not result in an increase in throughput, even when a single client accesses the network and is located close to the extender. This is because unlike in the case of an Ethernet backhaul, the PLC backhaul could consist of poor quality links (49% of the time in an office environment). We also find that the further away the extender is from the master router, the more likely this possibility becomes. We find that sharing of the PLC backhaul across devices could also be undesirable in some cases, and certain users should connect directly to the master AP in order to improve total throughput. Our study sheds light on when these effects manifest themselves, and discusses challenges that will need to be overcome if PLC extenders can be effectively used to enhance wireless capacity.