Amir R. Khakpour

Quantifying and Querying Network Reachability

Quantifying and querying network reachability is important for security monitoring and auditing as well as many aspects of network management such as troubleshooting, maintenance, and design. Although attempts to model network reachability have been made, feasible solutions to computing network reachability have remained unknown. In this paper, we propose a suite of algorithms for quantifying reachability based on network configurations (mainly ACLs) as well as solutions for querying network reachability. We present a comprehensive network reachability model that considers connectionless and connection-oriented transport protocols, stateless and stateful routers/firewalls, static and dynamic NAT, PAT, etc. We implemented the algorithms in our network reachability analysis tool called Quarnet and conducted experiments on a university network. Experimental results show that the offline computation of reachability matrices takes a few hours and the online processing of a reachability query takes 0.075 seconds on average.

First Step toward Cloud-Based Firewalling

With the explosive growth of network-based services and attacks, the complexity and cost of firewall deployment and management have been increasing rapidly. Yet, each private network, no matter big or small, has to deploy and manage its own firewall, which is the critical first line of defense. To reduce the complexity and cost in deploying and managing firewalls, businesses have started to outsource the firewall service to their Internet Service Providers (ISPs), such as AT&T, which provide cloud-based firewal service. Such fire walling model saves businesses in managing, deploying, and upgrading firewalls. The current firewall service outsourcing model requires businesses fully trust their ISPs and give ISPs their firewall policies. However, businesses typically need to keep their firewall policies confidential. In this paper, we propose the first privacy preserving firewall outsourcing approach where businesses outsource their firewall services to ISPs without revealing their firewall policies to the ISPs. The basic idea is that businesses first anonymize their firewall policies and send the anonymized policies to their ISP, then the ISP performs packet filtering based on the anonymized firewall policies. For anonymizing firewall policies, we use Firewall Decision Diagrams to cope with the multi-dimensionality of policies and Bloom Filters for the anonymization purpose. This paper deals with a hard problem. By no means that we claim our scheme is perfect, however, this effort represents the first step towards privacy preserving outsourcing of firewall services. We implemented our scheme and conducted extensive experiments. Our experimental results show that our scheme is efficient in terms of both memory usage and packet lookup time. The firewall throughput of our scheme running at ISPs is comparable to that of software firewalls running at businesses themselves.

Quantifying and verifying reachability for access controlled networks

Quantifying and querying network reachability is important for security monitoring and auditing as well as many aspects of network management such as troubleshooting, maintenance, and design. Although attempts to model network reachability have been made, feasible solutions to computing network reachability have remained unknown. In this paper, we propose a suite of algorithms for quantifying reachability based on network configurations [mainly Access Control Lists (ACLs)] as well as solutions for querying network reachability. We present a network reachability model that considers connectionless and connection-oriented transport protocols, stateless and stateful routers/firewalls, static and dynamic NAT, PAT, IP tunneling, etc. We implemented the algorithms in our network reachability tool called Quarnet and conducted experiments on a university network. Experimental results show that the offline computation of reachability matrices takes a few hours, and the online processing of a reachability query takes 0.075 s on average.

Revisiting caching in content delivery networks

Content Delivery Networks (CDNs) differ from other caching systems in terms of both workload characteristics and performance metrics. However, there has been little prior work on large-scale measurement and characterization of content requests and caching performance in CDNs. For workload characteristics, CDNs deal with extremely large content volume, high content diversity, and strong temporal dynamics. For performance metrics, other than hit ratio, CDNs also need to minimize the disk operations and the volume of traffic from origin servers. In this paper, we conduct a large-scale measurement study to characterize the content request patterns using real-world data from a commercial CDN provider.

An information-theoretical approach to high-speed flow nature identification

This paper concerns the fundamental problem of identifying the content nature of a flow, namely text, binary, or encrypted, for the first time. We propose Iustitia, a tool for identifying flow nature on the fly. The key observation behind Iustitia is that text flows have the lowest entropy and encrypted flows have the highest entropy, while the entropy of binary flows stands in between. The basic idea of Iustitia is to classify flows using machine learning techniques where a feature is the entropy of every certain number of consecutive bytes. The key features of Iustitia are high speed (10% of average packet inter-arrival time) and high accuracy (86%).

High-Speed Flow Nature Identification

This paper concerns the fundamental problem of identifying the content nature of a flow, namely text, binary, or encrypted, for the first time. We propose Iustitia, a tool for identifying flow nature on the fly. The key observation behind Iustitia is that text flows have the lowest entropy and encrypted flows have the highest entropy, while the entropy of binary flows stands in between. The basic idea of Iustitia is to classify flows using machine learning techniques where a feature is the entropy of every certain number of consecutive bytes. The key features of Iustitia are high speed (10% of average packet inter-arrival time) and high accuracy (86%).

Characterizing caching workload of a large commercial Content Delivery Network

Content Delivery Networks (CDNs) have emerged as a dominant mechanism to deliver content over the Internet. Despite their importance, to our best knowledge, large-scale analysis of CDN cache performance is lacking in prior literature. A CDN serves many content publishers simultaneously and thus has unique workload characteristics; it typically deals with extremely large content volume and high content diversity from multiple content publishers. CDNs also have unique performance metrics; other than hit ratio, CDNs also need to minimize network and disk load on cache servers. In this paper, we present measurement and analysis of caching workload at a large commercial CDN. Using detailed logs from four geographically distributed CDN cache servers, we analyze over 600 million content requests accounting for more than 1.3 petabytes worth of traffic. We analyze CDN workload from a wide range of perspectives, including request composition, size, popularity, and temporal dynamics. Using real-world logs, we also evaluate cache replacement algorithms, including two enhancements designed based on our CDN workload analysis: N-hit and content-aware caching. The results show that these enhancements achieve substantial performance gains in terms of cache hit ratio, disk load, and origin traffic volume.

Collaborative firewalling in wireless networks

Firewalls are one of the essential security elements to enforce access policies in computer networks. Open network architecture, shared wireless medium, stringent resource constraints, and highly dynamic network topology impose a new set of challenges on deploying firewalls in a mobile wireless environment. The current state-of-the-art demands for self protection by personal (i.e. local) firewalls for each node; however, this requires that all unwanted traffic travels all the way to the node before it is discarded at the destination. This wastes considerable bandwidth and power of all of the nodes in a network with multi-hop routing, specially if a node is under a denial of service (DoS) attack. In this paper, we develop a novel distributed firewalling scheme for wireless networks in which nodes collaboratively perform packet filtering to address resource squandering. The proposed scheme introduces techniques to distribute discarding rules based on both proactive and reactive routing protocols. It also proposes efficient rule placement mechanisms to maximize the number of packets discarded remotely before they reach the destination and minimize the number of unwanted packet forwardings. The scheme is evaluated through various simulation scenarios. The simulation results show that by distributing only 1% of the rules, about 42% of the unwanted traffic is discarded before it reaches the destination, which significantly saves the network resources. Saving about 30% of the wasted bandwidth can be crucial for the performance of a wireless network.

QoE Analysis of a Large-Scale Live Video Streaming Event

Streaming video has received a lot of attention from industry and academia. In this work, we study the characteristics and challenges associated with large-scale live video delivery. Using logs from a commercial Content Delivery Network (CDN), we study live video delivery for a major entertainment event that was streamed by hundreds of thousands of viewers in North America. We analyze Quality-of-Experience (QoE) for the event and note that a significant number of users suffer QoE impairments. As a consequence of QoE impairments, these users exhibit lower engagement metrics.

Peering vs. transit: Performance comparison of peering and transit interconnections

The economic aspects of peering and transit interconnections between ISPs have been extensively studied in prior literature. Prior research primarily focuses on the economic issues associated with establishing peering and transit connectivity among ISPs to model interconnection strategies. Performance analysis, on the other hand, while understood intuitively, has not been empirically quantified and incorporated in such models. To fill this gap, we conduct a large scale measurement based performance comparison of peering and transit interconnection strategies. We use JavaScript to conduct application layer latency measurements between 510K clients in 900 access ISPs and multi-homed CDN servers located at 33 IXPs around the world. Overall, we find that peering paths outperformed transit paths for 91% Autonomous Systems (ASes) in our data. Peering paths have smaller propagation delays as compared to transit paths for more than 95% ASes. Peering paths outperform transit paths in terms of propagation delay due to shorter path lengths. Peering paths also have smaller queueing delays as compared to transit paths for more than 50% ASes.