Hani Salah

CoMon: An architecture for coordinated caching and cache-aware routing in CCN

The autonomous cache management in Content-Centric Networking (CCN) results in suboptimal caching decisions and implies cache-ignorant routing. Cache coordination and similar improvements hence have been the subject of several recent studies. The proposed solutions, however, are either impractical due to their massive coordination overhead, or of limited benefit since they cannot realize perfect coordination. We present CoMon, an architecture for network-wide coordinated caching. CoMon realizes an affordable, yet highly effective, coordination by assigning monitoring and cache-aware (re)routing tasks to only a few nodes, through which the majority of traffic is expected or enforced to pass. CoMon, by design, maximizes the diversity of cached contents and reduces cache replacements. In addition, our simulation study using ISP topologies, shows that CoMon under several scenarios, when coordinates through a small ratio of the nodes, reduces the server hit ratio (i.e. the ratio of requests consumed by the origin content providers) of both CCN and notable related work, remarkably.

Coordination supports security: A new defence mechanism against interest flooding in NDN

Named-Data Networking (NDN) is a promising architecture for future Internet. Its design, however, can be misused to perform a new DDoS attack known as the Interest Flooding Attack (IFA). In IFA, the attacker issues non-satisfiable interest packets, aiming to drop legitimate interest packets by overwhelming pending interest tables in NDN routers. Prior defence mechanisms are not highly effective, harm legitimate interest packets, and/or incur high overhead. We propose a coordinated defence mechanism against IFAs. We realize our solution by adapting CoMon, a framework that we developed previously to coordinate caching-related decisions in NDN, motivated by its effective, yet affordable, coordination. In our solution, IFAs are detected and mitigated by few routers based on aggregated knowledge of traffic and forwarding states. These routers are selected by a novel heuristic enabling them to observe the entire traffic at an early stage. Extensive simulations confirm the feasibility and effectiveness of our solution.

Evaluating and mitigating a Collusive version of the Interest Flooding Attack in NDN

Named-Data Networking (NDN) is a promising architecture for the future Internet. However, it is hampered by interest flooding, an NDN-tailored DDoS attack which has been shown to cause dropping majority of legitimate packets. While several defence mechanisms have been suggested against it, they cannot protect NDN against the Collusive Interest Flooding Attack (CIFA), a previously disregarded version of interest flooding. In CIFA, malicious clients issue interest packets that can be satisfied only by a malicious server. The server, in turn, responds with data packets just before expiration of the corresponding PIT entries. We study the effect of CIFA. Extensively simulating CIFA, we show that it affects the network and legitimate users almost as badly as an extensively researched version of interest flooding. Subsequently, we develop a generic defence mechanism against interest flooding attacks. The mechanism is based on CoMon, our framework for coordination in NDN. Thanks to CoMon, the attacks are detected and mitigated at an early stage by only a few routers. Via realistic simulations, we show that our defence decreases the amount of dropped legitimate packets remarkably, incurring a very low signalling overhead.

Lightweight coordinated defence against interest flooding attacks in NDN

Named-Data Networking (NDN) is a promising architecture for future Internet. However, routers and content providers in NDN can be targets for a new DDoS attack called the Interest Flooding Attack (IFA). As a consequence, affected routers drop legitimate interest packets. We argue that IFA can be defended effectively when it is detected and mitigated, at early stage, based on timely and aggregated information of exchanged packets and forwarding states. Towards this end, we adapt CoMon, a framework that we developed formerly to coordinate caching-related decisions in NDN. This choice is motivated by CoMons proven ability to realize efficient, yet lightweight, coordination. A preliminary evaluation confirms the effectiveness of our solution against IFAs.

On the Impact of Incentives in eMule {Analysis and Measurements of a Popular File-Sharing Application}

Motivated by the popularity of content distribution and file sharing applications that nowadays dominate Internet traffic, we focus on the incentive mechanism of a very popular, yet not very well studied, peer-to-peer application, eMule. In our work, we recognize that the incentive scheme of eMule is more sophisticated than current alternatives (e.g., BitTorrent) as it uses a general, priority-based, time-dependent queuing discipline to differentiate service among cooperative users and free-riders. In this paper, we describe a general model of such an incentive mechanism and analyze its properties in terms of application performance. We validate our model using both numerical simulations (when analytical techniques become prohibitive) and with a measurement campaign of the live eMule system. Our results, in addition to validating our model, indicate that the incentive scheme of eMule suffers from starvation. Therefore, we present an alternative scheme that mitigates this problem, and validate it through numerical simulations and a second measurement campaign.

Characterizing Graph-Theoretic Properties of a Large-Scale DHT: Measurements vs. Simulations

The widely used distributed hash table (DHT) in KAD is commonly analyzed and optimized based on partial measurements and simulation results, which are limited in scope and subject to simplification. An accurate characterization, however, is vital for a thorough understanding and effective enhancement. Analyzing and comparing complete real graphs collected from a large-scale measurement campaign as well as synthetic graphs generated by a novel simulation model, we study their degree distributions as well as resilience in face of random departure and targeted attacks. Our results show that the online KAD graph, although scale-free, is highly robust not only to random departure, but also to targeted attacks, making it suitable for distributed applications requiring a high resilience. Resilience to random departure and shape of degree distribution are well modelled by the simulations. However, due to a greatly increased ratio of stale routing information, the complete graph in the real system is much more vulnerable to targeted attacks compared to estimations based on simulative results.

CoMon: A system architecture for improving caching in CCN

Content-Centric Networking (CCN) promises to yield large efficiency gains for Internet content distribution. Its autonomous cache management, however, raises doubts about achieving the intended goals optimally. A coordinated cache management, based on timely usage information, will help to fully leverage the cache efficiency. In this poster we introduce CoMon, a system architecture that implements Coordinated caching based on Monitoring of content usage and its stability. CoMon aims at improving CCN caching with low monitoring and communication overheads.

CoMon++: Preventing Cache Pollution in NDN Efficiently and Effectively

Defending against cache pollution attacks, highly detrimental attacks that are easy to implement in Named-Data Networking (NDN), currently suffers from the lack of coordination. Solving cache pollution attacks is a prerequisite for the deployment of NDN, which is widely considered to be the basis for the future Internet. We present CoMon++ to this end, a framework for lightweight coordination that protects from cache pollution and further attacks in NDN. Our simulation studies demonstrate that CoMon++ efficiently and effectively prevents cache pollution, remarkably outperforming a very notable state-of-the-art solution.

Lilliput: A Storage Service for Lightweight Peer-to-Peer Online Social Networks

P2P-based social networking services are severely challenged by churn and the lack of reliable service providers, especially considering the high frequency of posts and profile updates of their users. Improved consistency and data availability shall facilitate better acceptance, which in turn will enhance privacy, an inherent benefit of this class of systems. We present Lilliput, a P2P storage primitive designed with the characteristics of Online Social Network workloads in mind. Lilliput separates the storage of static bulk data (videos and photo albums) from the essential social glue (e.g. basic profile information, frequent updates, notifications, and personal messages): it provides the latter through agile, lightweight replica groups. Extensive simulations show that Lilliput ensures high data availability (99.07% to 99.64%) and consistency, with a small bandwidth usage under realistic usage and load models.