Georg Carle

Framework model for packet loss metrics based on loss runlengths

For the same long-term loss ratio, different loss patterns lead to different application-level Quality of Service (QoS) perceived by the users (short-term QoS). While basic packet loss measures like the mean loss rate are widely used in the literature, much less work has been devoted to capturing a more detailed characterization of the loss process. In this paper, we provide means for a comprehensive characterization of loss processes by employing a model that captures loss burstiness and distances between loss bursts. Model parameters can be approximated based on run-lengths of received/lost packets. We show how the model serves as a framework in which packet loss metrics existing in the literature can be described as model parameters and thus integrated into the loss process characterization. Variations of the model with different complexity are introduced, including the well-known Gilbert model as a special case. Finally we show how our loss characterization can be used by applying it to actual Internet loss traces.

Editorial: Wired/wireless internet communications

Mobile communications technologies have reached a significant penetration today and the development of technologies and applications is still emerging. The Internet has become the major core network around which several wireless access networks are inter-connected. These access networks are not just single wireless links, but are becoming diverse and complex. For example, sensors are connected via sensor networks, cars connect via mobile ad hoc networks, and users in areas without GSM/UMTS coverage might only be reached via satellites. Moreover, the requirements to mobile communications are increasing. Security is a major concern in such networks and small wireless/mobile devices need to save as much power as possible to ensure long lifetimes. The 4th International Conference on Wired/Wireless Internet Communications (WWIC 2006) took place at University of Bern (Switzerland) from May 10 to 12, 2006. WWIC 2006 addressed relevant research issues such wireless networks, UMTS and OFDM, mobile ad hoc networks, power saving and sensor networks, voice and video over wireless networks, mobility, transport protocol issues as well as signalling, charging, and security. The goal of the conference was to present high-quality results in the field. The international conference program committee selected 29 papers out of 142 submissions for conference presentation. Finally, five papers from the ones presented at the conference have been selected for this special issue. The selected papers have been improved based on the conference reviews and extended in order to present latest research results in more detail. The paper on ‘‘Simulating Mobile Ad Hoc Networks in City Scenarios’’ from Illya Stepanov and Kurt Rothermel argues that it is very important to use more realistic models for user mobility and wireless transmission as well as real applications. The authors developed a more realistic mobility and wireless transmission model for the city of Stuttgart and showed that simulation results differ significantly compared to models that are typically used for the evaluation of mobile ad hoc networks. The work is based on integrating new models into ns-2 and using the emulation facility of ns-2.

DTLS based security and two-way authentication for the Internet of Things

In this paper, we introduce the first fully implemented two-way authentication security scheme for the Internet of Things (IoT) based on existing Internet standards, specifically the Datagram Transport Layer Security (DTLS) protocol. By relying on an established standard, existing implementations, engineering techniques and security infrastructure can be reused, which enables easy security uptake. Our proposed security scheme is therefore based on RSA, the most widely used public key cryptography algorithm. It is designed to work over standard communication stacks that offer UDP/IPv6 networking for Low power Wireless Personal Area Networks (6LoWPANs). Our implementation of DTLS is presented in the context of a system architecture and the schemes feasibility (low overheads and high interoperability) is further demonstrated through extensive evaluation on a hardware platform suitable for the Internet of Things.

The SSL landscape: a thorough analysis of the x.509 PKI using active and passive measurements

The SSL and TLS infrastructure used in important protocols like HTTPs and IMAPs is built on an X.509 public-key infrastructure (PKI). X.509 certificates are thus used to authenticate services like online banking, shopping, e-mail, etc. However, it always has been felt that the certification processes of this PKI may lack in stringency, resulting in a deployment where many certificates do not meet the requirements of a secure PKI. This paper presents a comprehensive analysis of X.509 certificates in the wild. To shed more light on the state of the deployed and actually used X.509 PKI, we obtained and evaluated data from many different sources. We conducted HTTPs scans of a large number of popular HTTPs servers over a 1.5-year time span, including scans from nine locations distributed over the globe. To compare certification properties of highly ranked hosts with the global picture, we included a third-party scan of the entire IPv4 space in our analyses. Furthermore, we monitored live SSL/TLS traffic on a 10Gbps uplink of a large research network. This allows us to compare the properties of the deployed PKI with the part of the PKI that is being actively accessed by users. Our analysis reveals that the quality of certification lacks in stringency, due to a number of reasons among which incorrect certification chains or invalid certificate subjects give the most cause for concern. Similar concerns can be raised for the properties of certification chains and many self-signed certificates used in the deployed X.509 PKI. Our findings confirm what has long been believed -- namely that the X.509 PKI we often use in our everydays lives is in a sorry state.

How bad is reliable multicast without local recovery

We examine the impact of the loss recovery mechanisms on the performance of a reliable multicast protocol. Approaches to reliable multicast can be divided into two major classes: source-based recovery, and distributed recovery. For both classes we consider the state of the art: for source-based recovery, a type 2 hybrid ARQ scheme with parity retransmission; for distributed recovery, a scheme with local multicast retransmission and local feedback processing. We further show the benefits of combining the two approaches and consider a type 2 hybrid ARQ scheme with local retransmission. The schemes are compared for up to 10/sup 6/ receivers under different loss scenarios with respect to network bandwidth usage and completion time of a reliable transfer. We show that the protocol based on local retransmissions via type 2 hybrid ARQ performs best for bandwidth and latency. For networks, where local retransmission is not possible, we show that a protocol based on type 2 hybrid ARQ comes close to the performance of a protocol with local retransmissions.

A DTLS based end-to-end security architecture for the Internet of Things with two-way authentication

In this paper, we introduce the first fully implemented two way authentication security scheme for the Internet of Things (IoT) based on existing Internet standards, especially the Datagram Transport Layer Security (DTLS) protocol. The proposed security scheme is based on the most widely used public key cryptography (RSA), and works on top of standard low power communication stacks.We believe that by relying on an established standard, existing implementations, engineering techniques and security infrastructure can be reused, which enables easy security uptake. We present an implemented system architecture for the proposed scheme based on a low-power hardware platform suitable for the IoT. We further demonstrate its feasibility (low overheads and high interoperability) through extensive evaluation.

MoonGen: A Scriptable High-Speed Packet Generator

We present MoonGen, a flexible high-speed packet generator. It can saturate 10 GbE links with minimum-sized packets while using only a single CPU core by running on top of the packet processing framework DPDK. Linear multi-core scaling allows for even higher rates: We have tested MoonGen with up to 178.5 Mpps at 120 Gbit/s. Moving the whole packet generation logic into user-controlled Lua scripts allows us to achieve the highest possible flexibility. In addition, we utilize hardware features of commodity NICs that have not been used for packet generators previously. A key feature is the measurement of latency with sub-microsecond precision and accuracy by using hardware timestamping capabilities of modern commodity NICs. We address timing issues with software-based packet generators and apply methods to mitigate them with both hardware support and with a novel method to control the inter-packet gap in software. Features that were previously only possible with hardware-based solutions are now provided by MoonGen on commodity hardware. MoonGen is available as free software under the MIT license in our git repository at https://github.com/emmericp/MoonGen

Comparing and improving current packet capturing solutions based on commodity hardware

Capturing network traffic with commodity hardware has become a feasible task: Advances in hardware as well as soft- ware have boosted off-the-shelf hardware to performance levels that some years ago were the domain of expensive special-purpose hardware. However, the capturing hardware still needs to be driven by a well-performing software stack in order to minimise or avoid packet loss. Improving the capturing stack of Linux and FreeBSD has been an extensively covered research topic in the past years. Although the majority of the proposed enhancements have been backed by evaluations, these have mostly been conducted on different hardware platforms and software versions, which renders a comparative assessment of the various approaches difficult, if not impossible. This paper summarises and evaluates the performance of current packet capturing solutions based on commodity hardware. We identify bottlenecks and pitfalls within the capturing stack of FreeBSD and Linux, and give explanations for the observed effects. Based on our experiments, we provide guidelines for users on how to configure their capturing systems for optimal performance and we also give hints on debugging bad performance. Furthermore, we propose improvements to the operating systems capturing processes that reduce packet loss, and evaluate their impact on capturing performance.

Graph coloring based physical-cell-ID assignment for LTE networks

Autoconfiguration of the radio parameters is a key feature for next generation mobile networks. Especially for LTE the NGMN Forum has brought it up as a major requirement. It is indispensable that algorithms used for autoconfiguration terminate quickly and do not cause infinite iterative reconfigurations within the network. Reference signal sequences are among the most important radio parameters for LTE, which are comparable to scrambling codes in 3G networks. In LTE they additionally serve as Cell Identifiers on the Physical Layer. Each cell is assigned one of the 504 available Physical Cell Identifiers. For proper operation the assignment has to be as well collision as also confusion free. Due to the high number and the layered structure of the cells within the network such as assignment is a complex task. In addition to this complexity each change of the Physical Cell ID of an operational cell causes a service interruption in the cell, which has to be avoided. The approach presented maps the ID assignment problem to the well known and well understood problem of graph coloring. It is shown that an efficient initial assignment even for complex networks is possible. Cells added during the subsequent network growth, can already be confused when inserted into the network. In this case the IDs of the operational cells causing the confusion must be changed. As a next logical step the incremental approach shows how the properties of the colored graph can be used for extending the network with new cells, with only minimal interruption while still retaining the properties of a colored graph.

Performance characteristics of virtual switching

Virtual switches, like Open vSwitch, have emerged as an important part of cloud networking architectures. They connect interfaces of virtual machines and establish the connection to the outer network via physical network interface cards. Today, all important cloud frameworks support Open vSwitch as the default virtual switch. However, general understanding about the performance implications of Open vSwitch in different usage scenarios is missing. In this work we provide insights into the performance properties by systematically conducting measurements in virtual switching setups. We present quantitative and qualitative performance results of Open vSwitch in scenarios involving physical and virtual network interfaces.