Diego Perino

Augustus: a CCN router for programmable networks

Despite the considerable attention that the ICN paradigm received so far, its deployment has been hindered by the scale of upgrades required to the existing infrastructure. Software programmable networking frameworks would constitute a remarkable opportunity for ICN as they enable fast deployment of novel technologies on commodity hardware. However, a software ICN router implementation for commodity platforms guaranteeing adequate packet processing performance is not available yet. This paper introduces Augustus, a software architecture for ICN routers, and detail two implementations, stand-alone and modular, released as open-source code. We deployed both implementations on a state-of-the-art hardware platform and analyzed their performance under different configurations. Our analysis shows that with both implementations it is possible to achieve a throughput of approximately 10 Mpps, saturating 10 Gbit/s links with packet as small as 100 bytes. However, to achieve such performance, routers must be carefully configured to fully exploit the capabilities of the hardware platforms they run on.

AFV: enabling application function virtualization and scheduling in wearable networks

Smart wearable devices are widely available today and changing the way mobile applications are being developed. Applications can dynamically leverage the capabilities of wearable devices worn by the user for optimal resource usage and information accuracy, depending on the user/device context and application requirements. However, application developers are not yet taking advantage of these cross-device capabilities. We thus design AFV (Application Function Virtualization), a framework enabling automated dynamic function virtualization/scheduling across devices, simplifying context-aware application development. AFV provides a simple set of APIs hiding complex framework tasks and continuously monitors context/application requirements, to enable the dynamic invocation of functions across devices. We show the feasibility of our design by implementing AFV on Android, and the benefits for the user in terms of resource efficiency and quality of experience with relevant use cases.

ProxyTorrent: Untangling the Free HTTP(S) Proxy Ecosystem

Free web proxies promise anonymity and censorship circumvention at no cost. Several websites publish lists of free proxies organized by country, anonymity level, and performance. These lists index hundreds of thousand of hosts discovered via automated tools and crowd-sourcing. A complex free proxy ecosystem has been forming over the years, of which very little is known. In this paper we shed light on this ecosystem via ProxyTorrent, a distributed measurement platform that leverages both active and passive measurements. Active measurements discover free proxies, assess their performance, and detect potential malicious activities. Passive measurements relate to proxy performance and usage in the wild, and are collected by free proxies users via a Chrome plugin we developed. ProxyTorrent has been running since January 2017, monitoring up to 180,000 free proxies and totaling more than 1,500 users over a 10 months period. Our analysis shows that less than 2% of the proxies announced on the Web indeed proxy traffic on behalf of users; further, only half of these proxies have decent performance and can be used reliably. Around 10% of the working proxies exhibit malicious behaviors, e.g., ads injection and TLS interception, and these proxies are also the ones providing the best performance. Through the analysis of more than 2 Terabytes of proxied traffic, we show that web browsing is the primary user activity. Geo-blocking avoidance is not a prominent use-case, with the exception of proxies located in countries hosting popular geo-blocked content.

CliMB: Enabling Network Function Composition with Click Middleboxes

Click has significant advantages for middlebox development, including modularity, extensibility, and reprogrammability. Despite these features, Click still has no native TCP support and only uses nonblocking I/O, preventing its applicability to middleboxes that require access to application data and blocking I/O. In this paper, we attempt to bridge this gap by introducing Click middleboxes (CliMB). CliMB provides a full-fledged modular TCP layer supporting TCP options, congestion control, both blocking and nonblocking I/O, as well as socket and zero-copy APIs to applications. As a result, any TCP network function may now be realized in Click using a modular L2-L7 design. As proof of concept, we develop a zero-copy SOCKS proxy using CliMB that shows up to 4x gains compared to an equivalent implementation using the Linux in-kernel network stack.

Are Wearables Ready for HTTPS? On the Potential of Direct Secure Communication on Wearables

The majority of available wearable computing devices require communication with Internet servers for data analysis and storage, and rely on a paired smartphone to enable secure communication. However, many wearables are equipped with WiFi network interfaces, enabling direct communication with the Internet. Secure communication protocols could then run on these wearables themselves, yet it is not clear if they can be efficiently supported.,,,,In this paper, we show that wearables are ready for direct and secure Internet communication by means of experiments with both controlled local web servers and Internet servers. We observe that the overall energy consumption and communication delay can be reduced with direct Internet connection via WiFi from wearables compared to using smartphones as relays via Bluetooth. We also show that the additional HTTPS cost caused by TLS handshake and encryption is closely related to the number of parallel connections, and has the same relative impact on wearables and smartphones.

FreeLab: A Free Experimentation Platform

As researchers, we are aware of how hard it is to obtain access to vantage points in the Internet. Experimentation platforms are useful tools, but they are also: 1) paid, either via a membership fee or by resource sharing, 2) unreliable, nodes come and go, 3) outdated, often still run on their original hardware and OS. While one could build yet-another platform with up-to-date and reliable hardware and software, it is hard to imagine one which is free. This is the goal of this paper: we set out to build FreeLab, a free experimentation platform which also aims to be reliable and up-to-date. The key idea behind FreeLab is that experiments run directly at its user machines, while traffic is relayed by free vantage points in the Internet (web and SOCKS proxies, and DNS resolvers). FreeLab is thus free of access by design and up-to-date as far as its users maintain their experimenting machines. Reliability is a key challenge due to the volatile nature of free resources, and the introduction of errors (path inflation, header manipulation, bandwidth shrinkage) caused by traffic relays.

Dissecting DNS Stakeholders in Mobile Networks

The functioning of mobile apps involves a large number of protocols and entities, with the Domain Name System (DNS) acting as a predominant one. Despite being one of the oldest Internet systems, DNS still operates with semi-obscure interactions among its stakeholders: domain owners, network operators, operating systems, and app developers. The goal of this work is to holistically understand the dynamics of DNS in mobile traffic along with the role of each of its stakeholders. We use two complementary (anonymized) datasets: traffic logs provided by a European mobile network operator (MNO) with 19M customers, and traffic logs from 5,000 users of Lumen, a traffic monitoring app for Android. We complement such passive traffic analysis with active measurements at four European MNOs. Our study reveals that 10k domains (out of 198M) account for 87% of total network flows. The time to live (TTL) values for such domains are mostly short (< 1min), despite domain-to-IPs mapping tends to change on a longer time-scale. Further, depending on the operators recursive resolver architecture, end-user devices receive even smaller TTL values leading to suboptimal effectiveness of the on-device DNS cache. Despite a number of on-device and in-network optimizations available to minimize DNS overhead, which we find corresponding to 10% of page load time (PLT) on average, we have not found wide evidence of their adoption in the wild.

Are Wearables Ready for Secure and Direct Internet Communication

Recent advances in wearable technology tend towards standalone wearables. Most of todays wearable devices and applications still rely on a paired smartphone for secure Internet communication, even though many current generation wearables are equipped with Wi-Fi and 3G/4G network interfaces that provide direct Internet access. Yet it is not clear if such communication can be efficiently and securely supported through existing protocols. Our findings show that it is possible to use secure and efficient direct communication between wearables and the Internet

AFit: adaptive fitness tracking by application function virtualization

The popularity of wearables is exponentially growing and it is expected that individuals will utilize more than one wearable device at a time in the near future. Efficient resource usage between the devices worn by the same person has not yet been effectively addressed by the current wearable applications. In this paper, we demonstrate the feasibility of application function virtualization by utilizing common capabilities of multiple wearables on the body through a cross-platform Android application - AFit. AFit is developed in a way that it can opportunistically leverage the resources of smartphone, smartwatch and smartglass depending on the context of the user, which is user activity. In this demonstration, AFit shows that it is possible to adaptively select the device to track the user movement for fitness tracking, rather than using randomly selected device or all devices, utilizing the common sensor of accelerometer on all devices.