Dheeraj Sanghi

Location determination of a mobile device using IEEE 802.11b access point signals

Wireless LANs are becoming increasingly popular today, particularly those based on IEEE 802.11b standard. We study the problem of determining the location of a mobile device, which is communicating through a WLAN. We exploit the fact that the strength of the signals that a device will receive from different access points will vary with location. We build a database of signal strength information for various locations, and use this information to determine which location a given test data comes from. The problem is complicated because RF signals are affected by the noise, interference, multi-path effect, and random movement in the environment. We find that in spite of this randomness, the signal information is sufficient to detect the position of mobile device with certain error margin.

Turning 802.11 inside-out

The past decade has seen communication revolution in the form of cellular telephony as well as the Internet, but much of it has been restricted to the developed world and metro pockets in the developing world. While the use of cellular technologies can cut down on the time to deploy access networks, the cost economics make this non-viable in growing telecom economies. In the Digital Gangetic Plains (DGP) project, we are exploring the use of 802.11 as a long-distance access technology. 802.11 is currently cost-priced due to competitive mass production and hence is attractive for low cost and rapid deployment in rural areas.We have built an extensive testbed in a rural setting consisting of multi-hop directional 802.11 links, the testbed spanning up to 80km at its longest. To our knowledge such a long-distance, multi-hop testbed based on 802.11 is unique thus far. While 802.11 is attractive in terms of cost economics, it was inherently designed for indoor use. Our novel use of the technology for outdoor, long-distance access links presents several challenges. Our experience with the testbed has brought several research as well as operational issues to the fore. In this paper, we describe the novel technical challenges that lie ahead in using 802.11 to bridge the digital divide.

Experimental assessment of end-to-end behavior on Internet

A simple experiment designed to capture the end-to-end behavior of the Internet is described. The measurements indicate that the IP level service provided in the network yields high losses, duplicates, and reorderings of packets. In addition, the round-trip transit delay varies significantly. These measurements indicate that the network may have several problems which still need to be analyzed in order to improve the efficiency of protocols and control mechanisms that it uses.<<ETX>>

DDoS attacks in cloud computing

The effects of distributed denial-of-service (DDoS) attacks on cloud computing are not very similar to those in traditional fixed on-premise infrastructure. In the context of DDoS attacks in multi-tenant clouds, we argue that, instead of just the victim server, multiple other stakeholders are also involved. Some of these important stakeholders are co-hosted virtual servers, physical servers, network resources, and cloud service providers. In this paper, we show through system analysis, experiments, and simulations that these stakeholders are collaterally affected, even though they are not the real targets of the attack. Damages/effects to these stakeholders include performance interference, web service performance, resource race, indirect EDoS (economic denial of sustainability), service downtime, and business losses. The result of our cloud-scale experiment revealed that overall energy consumption and the number of VM migrations are adversely affected owing to DDoS/EDoS attacks. To the best of our knowledge, this work is the first novel contribution in regard to the effect characterization on non-targets in the cloud computing space. We make an effort to identify the targets of these effects and their origins, such as auto-scaling, multi-tenancy, and accounting in the cloud. We argue that there is an immense need to relook at the DDoS solutions in the cloud space where efforts are needed to minimize these effects. Finally, we have identified the detailed requirements of mitigation solutions to DDoS attacks in the cloud with an aim to minimize these effects. We provide an ideal solution design by taking characterization outcomes as important building blocks.

Study of network dynamics

Abstract Over the last few years Internet has grown from few a thousand hosts to well over a million hosts. It is supporting millions of users all over the world who use it for several different applications. In such a complex environment, it becomes difficult to detect problems with the design and implementation of various components. We have developed a tool, NetDyn, to study the performance of the network from the perspective of users. Using NetDyn, we have been able to detect a number of performance problems. The problems include large variation in round-trip times and high loss rates.

Network dynamics: an experimental study of the Internet

A characterization of network dynamics in terms of transit times and losses is examined. The applicability of this characterization is established through experimental evaluation of connections on the Internet, using instrumentation at the kernel level as well as at the application level. The results of this study indicate that this characterization is useful and yield several surprising outcomes, which are presented.<<ETX>>

WebCaL - a domain specific language for web caching

Web caching aims to improve the performance of the Internet in three ways - by improving client latency, alleviating network traffic and reducing server load. A web cache is basically a limited store of information which helps in presenting a faster web-access environment to the clients. The performance of a cache depends on proper management of this information and effective inter-cache communication. The existing web caches have simple and hard-coded policies which are not best suited for all environments. They offer limited flexibility just in the form of changing some simple parameters such as cache size, peer caches, etc. This drawback motivates the need for a framework for building new web caches tailored to specific environments. In this paper, we describe a domain specific language based on an event-action model using which new local web cache policies and inter-cache protocols can be easily specified. This should make it possible to write a new policy or protocol quickly, evaluate its performance and test it thoroughly using the complete program-execute-debug cycle.

DDoS/EDoS attack in cloud: affecting everyone out there!

DDoS attacks have become fatal attacks in recent times. There are large number of incidents which have been reported recently and caused heavy downtime and economic losses. Evolution of utility computing models like cloud computing and its adoption across enterprises is visible due to many promising features. Effects of DDoS attacks in cloud are no more similar to what they were in traditional fixed or on premise infrastructure. In addition to effects on the service, economic or sustainability effects are significant in the form of Economic Denial of Sustainability (EDoS) attacks. We argue that in a multi-tenant public cloud, multiple stakeholders are involved other than the victim server. Some of these important stakeholders are co-hosted virtual servers, physical server(s), network and, cloud service providers. We have shown through system analysis, experiments and simulations that these stakeholders are indeed affected though they are not the actual targets. Effects to other stakeholders include performance interference, web service performance, resource race, indirect EDoS, downtime and, business losses. Cloud scale simulations have revealed that overall energy consumption and no. of VM migrations are adversely affected due to DDoS/EDoS attacks. Losses to these stakeholders should be properly accounted and there is a need to devise methods to isolate these components well.

Secure multicast model for ad-hoc military networks

Multicasting is an efficient way to deliver real time data to a large group of users in the battle field military applications. The very nature of military applications necessitates the use of security features such as data confidentiality, source/group authentication etc., which are not readily offered by multicast. Further, the mobile ad hoc network (MANET) characteristics of the close collaborative military systems induce additional unpredictability into the design of an effective protocol for secure multicast. The energy expenditure in such an environment also poses a supplementary performance bottleneck in achieving scalability of mechanisms employed. This work tries to capture all such secure ad-hoc multicast features and attempts to integrate them with multilevel security. Multilevel security is the ability to distinguish subjects according to classification levels, which determines the degree to which they can access confidential objects. In the case of groups, this means that some members can exchange messages at a higher sensitivity level than others. Our work, also intends to highlight how the two issues of routing and security can be subtly merged into one not affecting each others performance, rather complementing each other to make the protocol more efficient in terms of computation.

A code allocation protocol for maximizing throughput in CDMA based ad hoc networks

We consider here the problem of allocating variable length orthogonal codes in an ad hoc network based on CDMA. We consider a snapshot version of the problem at some instant. It had been proved earlier than even for a static set of communications and topology the problem is intractable. A greedy algorithm is stated to provide a bounded approximation to the throughput maximizing optimal allocation. We present a simple distributed code allocation protocol based on the greedy approximation. Simulation experiments show the enhanced throughput obtained by our protocol as compared to other code allocation schemes.