Andrei V. Gurtov

Modeling wireless links for transport protocols

Wireless links have intrinsic characteristics that affect the performance of transport protocols; these include variable bandwidth, corruption, channel allocation delays, and asymmetry. In this paper we review simulation models for cellular, WLAN and satellite links used in the design of transport protocols, and consider the interplay between wireless links and transport. We argue that the design and evaluation of transport protocols can be improved by providing easily available models of wireless links that strike a balance between realism, generality, and detail.There is an ongoing tussle between wireless link design and transport protocol design, with papers about how wireless link designers should take into account the dynamics of TCP, and other papers about how TCP and other transport protocols can be designed or modified for better performance over current wireless link technologies. In this paper we consider how appropriate models for wireless links can help in this tussle, and in the general design and evaluation of transport protocols over wireless links.

Host Identity Protocol (HIP): Connectivity, Mobility, Multi-Homing, Security, and Privacy over IPv4 and IPv6 Networks

The Host Identity Protocol (HIP) is an inter-networking architecture and an associated set of protocols, developed at the IETF since 1999 and reaching their first stable version in 2007. HIP enhances the original Internet architecture by adding a name space used between the IP layer and the transport protocols. This new name space consists of cryptographic identifiers, thereby implementing the so-called identifier/locator split. In the new architecture, the new identifiers are used in naming application level end-points (sockets), replacing the prior identification role of IP addresses in applications, sockets, TCP connections, and UDP-based send and receive system calls. IPv4 and IPv6 addresses are still used, but only as names for topological locations in the network. HIP can be deployed such that no changes are needed in applications or routers. Almost all pre-compiled legacy applications continue to work, without modifications, for communicating with both HIP-enabled and non-HIP-enabled peer hosts. The architectural enhancement implemented by HIP has profound consequences. A number of the previously hard networking problems become suddenly much easier. Mobility, multi-homing, and baseline end-to-end security integrate neatly into the new architecture. The use of cryptographic identifiers allows enhanced accountability, thereby providing a base for easier build up of trust. With privacy enhancements, HIP allows good location anonymity, assuring strong identity only towards relevant trusted parties. Finally, the HIP protocols have been carefully designed to take middle boxes into account, providing for overlay networks and enterprise deployment concerns. This article provides an in-depth look at HIP, discussing its architecture, design, benefits, potential drawbacks, and ongoing work.

Responding to spurious timeouts in TCP

Delays on Internet paths, especially including wireless links, can be highly variable. On the other hand, a current trend for modern TCPs is to deploy a fine-grain retransmission timer with a lower minimum timeout value than 1 s suggested by RFC2988. Spurious TCP timeouts cause unnecessary retransmissions and congestion control back-off. The Eifel algorithm detects spurious TCP timeouts and recovers by restoring the connection state saved before the timeout. This paper presents an enhanced version of the Eifel response to spurious timeouts and illustrates its performance benefits on paths with a high delay-bandwidth product. The refinements concern the following issues (1) an efficient operation in presence of packet losses (2) appropriate restoration of congestion control, and (3) adapting the retransmit timer to avoid further spurious timeouts. In our simulations the Eifel algorithm on paths with a high delay-bandwidth product can increase throughput by up to 250% and at the same decrease the load on the network by 3%. The proposed response also shows adequate performance on heavily congested paths.

Effect of Delays on TCP Performance

This paper has several contributions. First, we report that long sudden delays during data transfers are not uncommon in the GPRS wireless WAN. Long sudden delays can lead to spurious TCP timeouts and unnecessary retransmissions. Second, we show that the New Reno algorithm increases the penalty of spurious TCP timeouts and that an aggressive TCP retransmission timer may trigger a chain of spurious retransmissions. Third, we test how four widely deployed TCP implementations recover from a spurious timeout and notice that two of them have severe problems to recover. Finally, we discuss several existing ways to alleviate the problems.

Security in Software Defined Networks: A Survey

Software defined networking (SDN) decouples the network control and data planes. The network intelligence and state are logically centralized and the underlying network infrastructure is abstracted from applications. SDN enhances network security by means of global visibility of the network state where a conflict can be easily resolved from the logically centralized control plane. Hence, the SDN architecture empowers networks to actively monitor traffic and diagnose threats to facilitates network forensics, security policy alteration, and security service insertion. The separation of the control and data planes, however, opens security challenges, such as man-in-the middle attacks, denial of service (DoS) attacks, and saturation attacks. In this paper, we analyze security threats to application, control, and data planes of SDN. The security platforms that secure each of the planes are described followed by various security approaches for network-wide security in SDN. SDN security is analyzed according to security dimensions of the ITU-T recommendation, as well as, by the costs of security solutions. In a nutshell, this paper highlights the present and future security challenges in SDN and future directions for secure SDN.

Measured performance of GSM, HSCSD and GPRS

In this paper we present results of measurements on the performance of GSM HSCSD and GPRS data transmission. We used a measurement tool that we have developed to study the performance of various wireless links as perceived by nomadic applications using TCP. The results show that in stationary connections the throughput and response time are stable and, in general, close to the theoretical values. However, the throughput and response time vary a lot when connections are used in motion. One of the reasons is that TCP is not capable to adapt itself properly to the variability of QoS of HSCSD and GPRS, and therefore, it does a lot of unnecessary retransmissions causing performance slowdown. The performance of HSCSD is better than the performance of GPRS. Reliability is adequate in stationary connections, but in moving connections there are unwanted disconnections or long pauses in data transfer.

Multi-layer protocol tracing in a GPRS network

The paper presents a performance evaluation of GPRS accomplished by a combination of measurement at the end hosts and tracing inside the network. The multi-layer tracing approach allows not only observing, but also understanding of, the network performance. With end-to-end measurements, we assess data rates, latency, and buffering experienced by users in a live GPRS network. Comparing the results to our previous measurements shows a notable improvement in the network and terminals over the previous two years. Mobility tests while driving in an urban environment quantify the interval, duration and data loss caused by cell reselections. In the test lab, multi-layer tracing of radio, link and transport protocols gives a closer picture of GPRS performance. For instance, TCP interacts inefficiently with resource allocation at the RLC (radio link control) layer and fragmentation at the LLC (logical link control) layer. Finally, we illustrate delay spikes and data losses during cell reselection by tracing signaling messages during cell update and routing area update procedures.

Deployment of Smart Spaces in Internet of Things: Overview of the Design Challenges

The smart spaces paradigm and the M3 concept have already showed their potential for constructing advanced service infrastructures. The Internet of Things (IoT) provides the possibility to make any “thing” a user or component of such a service infrastructure. In this paper, we consider the crucial design challenges that smart spaces meet for deploying in IoT: (1) interoperability, (2) information processing, (3) security and privacy. The paper makes a step toward a systematized view on smart spaces as a computing paradigm for IoT applications. We summarize the groundwork from pilot M3 implementations and discuss solutions to cope with the challenges. The considered solutions can be already used in advanced service infrastructures.

Analysis of the HIP base exchange protocol

The Host Identity Protocol (HIP) is an Internet security and multi-addressing mechanism specified by the IETF. HIP introduces a new layer between the transport and network layers of the TCP/IP stack that maps host identifiers to network locations, thus separating the two conflicting roles that IP addresses have in the current Internet. This paper analyzes the security and functionality of the HIP base exchange, which is a classic key exchange protocol with some novel features for authentication and DoS protection. The base exchange is the most stable part of the HIP specification with multiple existing implementations. We point out several security issues in the current protocol and propose changes that are compatible with the goals of HIP.

Hi3: An efficient and secure networking architecture for mobile hosts

The Host Identity Indirection Infrastructure (Hi3) is a networking architecture for mobile hosts, derived from the Internet Indirection Infrastructure (i3) and the Host Identity Protocol (HIP). Hi3 has efficient support for secure mobility and multihoming, which both are crucial for future Internet applications. In this paper, we describe and analyze Hi3 in detail. Compared to existing solutions, Hi3 achieves better resilience, scalability, and security. Both our analysis and early measurements support the notion that Hi3 preserves the best of both approaches while improving performance compared to i3 and enhancing flexibility and security compared to HIP.