Diego Montero

Key ingredients in an IoT recipe: Fog Computing, Cloud computing, and more Fog Computing

This paper examines some of the most promising and challenging scenarios in IoT, and shows why current compute and storage models confined to data centers will not be able to meet the requirements of many of the applications foreseen for those scenarios. Our analysis is particularly centered on three interrelated requirements: 1) mobility; 2) reliable control and actuation; and 3) scalability, especially, in IoT scenarios that span large geographical areas and require real-time decisions based on data analytics. Based on our analysis, we expose the reasons why Fog Computing is the natural platform for IoT, and discuss the unavoidable interplay of the Fog and the Cloud in the coming years. In the process, we review some of the technologies that will require considerable advances in order to support the applications that the IoT market will demand.

A New Era for Cities with Fog Computing

In this article, the authors dissect the technical challenges that cities face when implementing smart city plans and outlines the design principles and lessons learned after they carried out a flagship initiative on fog computing in Barcelona. In particular, they analyze what they call the Quadruple Silo (QS) problem -- that is, four categories of silos that cities confront after deploying commercially available solutions. Those silo categories are: physical (hardware) silos, data silos, and service management silos, and the implications of the three silos in administrative silos. The authors show how their converged cloud/fog paradigm not only helps solve the QS problem, but also meets the requirements of a growing number of decentralized services -- an area in which traditional cloud models fall short. The article exposes cases in which fog computing is a must, and shows that the reasons for deploying fog are centered much more on operational requirements than on performance issues related to the cloud.

A survey on the recent efforts of the Internet Standardization Body for securing inter-domain routing

The Border Gateway Protocol (BGP) is the de facto inter-domain routing protocol in the Internet, thus it plays a crucial role in current communications. Unfortunately, it was conceived without any internal security mechanism, and hence is prone to a number of vulnerabilities and attacks that can result in large scale outages in the Internet. In light of this, securing BGP has been an active research area since its adoption. Several security strategies, ranging from a complete replacement of the protocol up to the addition of new features in it were proposed, but only minor tweaks have found the pathway to be adopted. More recently, the IETF Secure Inter-Domain Routing (SIDR) Working Group (WG) has put forward several recommendations to secure BGP. In this paper, we survey the efforts of the SIDR WG including, the Resource Public Key Infrastructure (RPKI), Route Origin Authorizations (ROAs), and BGP Security (BGPSEC), for securing the BGP protocol. We also discuss the post SIDR inter-domain routing unresolved security challenges along with the deployment and adoption challenges of SIDRs proposals. Furthermore, we shed light on future research directions in managing the broader security issues in inter-domain routing. The paper is targeted to readers from the academic and industrial communities that are not only interested in an updated article accounting for the recent developments made by the Internet standardization body toward securing BGP (i.e., by the IETF), but also for an analytical discussion about their pros and cons, including promising research lines as well.

Network coding-based protection scheme for Elastic Optical Networks

Optical technologies are the foundations supporting the current telecommunication network backbones due to the high speed transmissions achieved in fiber optical networks. Traditional optical networks consist of a fixed 50 GHz grid, resulting in a low optical spectrum (OS) utilization, specifically with transmission rates above 100 Gbps. This issue is magnified when network resilience capabilities are required. For instance, proactive protection solutions such as Dedicated Protection (DP) are widely used because of their low recovery time. However, a significant drawback of DP is its high utilization of optical bandwidth. Recently, optical networks are undergoing significant changes with the purpose of providing a flexible grid that can fully exploit the potential of optical networks. This has led to a new network paradigm termed as Elastic Optical Networks (EON). Moreover, a novel strategy referred to as network coding (NC) has been proposed with the aim of improving network throughput. In this paper, we propose a proactive protection scheme so-called E-DPNC* that combines both the advantages concerning network throughput offered by EON and NC, and the low recovery time of a DP scheme, in order to enable network resilience against optical link failures while also reducing the optical spectrum utilization. Our evaluation results show that our solution reduces the OS utilization by 41% compared with conventional protection schemes deployed on fixed grid scenarios.

Route leak identification: A step toward making inter-domain routing more reliable

Route leaks are one of the anomalies of inter-domain routing that have the capacity to produce large Internet service disruptions. Route leaks are caused because of violation of routing policies among Autonomous Systems. Unfortunately, there are not many studies that formally and thoroughly analyze the route leak problem. There exist few conventional solutions that can be used as a first line of defense, such as route filters. However, these palliatives become unfeasible in terms of scalability, mainly due to the administrative overhead and cost of maintaining the filters updated. As a result, a significant part of the Internet is defenseless against route leak attacks. In this paper, we define, describe, and examine the different types of route leaks that threaten the security and reliability of the routing system. Our main contributions can be summarized as follows. We develop a rather basic theoretical framework, which, under realistic assumptions, enables a domain to autonomously determine if a particular route advertisement received corresponds to a route leak. We reason the possible occurrence of route leaks in different scenarios, with the aim of formulating requirements for their identification, and hence thereof prevention to improve routing reliability.

Self-reliant detection of route leaks in inter-domain routing

Route leaks are among the several inter-domain routing anomalies that have the potential to cause large scale service disruptions on the Internet. The reason behind the occurrence of route leaks is the violation of routing policies among Autonomous Systems (ASes). There exist a few rudimentary solutions that can be used as a first line of defense, such as the utilization of route filters, but these palliatives become unfeasible in large domains due to the administrative overhead and the cost of maintaining the filters updated. As a result, a significant part of the Internet is defenseless against route leak attacks. In this paper, we examine the different types of route leaks and propose detection methodologies for improving the reliability of the routing system. Our main contributions can be summarized as follows. We develop a relatively basic theoretical framework, which, under realistic assumptions, enables a domain to autonomously determine if a particular route advertisement received from a neighbor corresponds to a route leak. Based on this, we propose three incremental methodologies, namely Cross-Path (CP), Benign Fool Back (BFB), and Reverse Benign Fool Back (R-BFB), for autonomously detecting route leaks. Our strength resides in the fact that these detection techniques solely require the analysis of control and data plane information available within the domain. We analyze the performance of the proposed route leak identification techniques both through real-time experiments as well as simulations at large scale. Our results show that the proposed detection techniques achieve high success rates for countering route leaks in different scenarios.

Securing the LISP map registration process

The motivation behind the Locator/Identifier Separation Protocol (LISP) has shifted over time from routing scalability issues in the core Internet to a set of use cases for which LISP stands as a technology enabler. Among these are the mobility of physical and virtual appliances without breaking their TCP connections, seamless migration and fast deployments of IPv6, multihoming, and data-center applications. However, LISP was born without security, and therefore is susceptible to attacks in its control-plane. The IETFs LISP working group has recently started to work in this direction, but the protocol still lacks end-to-end mechanisms for securing the overall registration process on the mapping system. In this paper, we address this issue and propose a solution that counters the attacks. We have deployed LISP in a real testbed, and compared the performance of our proposal with current LISP implementations, in terms of both messaging and packet size overhead. Our preliminary results prove that our solution offers much higher security with minimum overhead.