Ilya Nikolaevskiy

Service Intelligence Support for Medical Sensor Networks in Personalized Mobile Health Systems

Mobile health (m-Health) scenarios form an important direction for enhancing “traditional” healthcare systems. The latter implement backend services for use primarily by medical personnel and typically at hospitals. Current development meets with the challenge of personal data inclusion to the whole healthcare system with subsequent “smart” service construction and delivery. This paper makes a step towards the concept development of intelligence support in personalized m-Health systems. We study a reference architectural model that aims at intelligent utilization of personal mobile data in generic health services. Each personalized m-Health system contains the patient’s medical sensor network (MSN). To support the service intelligence we employ the smart spaces paradigm with its prominent technologies adopted from the Internet of Things (IoT) and Semantic Web.

isBF: Scalable in-packet bloom filter based multicast

Abstract Bloom filter (BF) based forwarding was proposed recently in several protocol alternatives to IP multicast. Some of these protocols avoid the state in intermediate routers and leave the burden of scalability management to the multicast source and end-hosts. Still, the existing BF-based protocols have scalability limitations and require explicit network management as well as non-trivial functionality from the network components. In this work we address the scalability limitations of the BF-based forwarding protocols by partitioning end-hosts into clusters. We propose several algorithms to do the partitioning so as to decrease the overall traffic in the network. We evaluate our algorithms in a real Internet topology, demonstrating the ability of the proposed design to save up to 70% of traffic volume in the large-scale topology for big groups of subscribers, and up to 30% for small groups.

On the Resiliency of Randomized Routing Against Multiple Edge Failures

We study the Static-Routing-Resiliency problem, motivated by routing on the Internet: Given a graph G = (V,E), a unique destination vertex d, and an integer constant c > 0, does there exist a static and destination-based routing scheme such that the correct delivery of packets from any source s to the destination d is guaranteed so long as (1) no more than c edges fail and (2) there exists a physical path from s to d? We embark upon a study of this problem by relating the edge-connectivity of a graph, i.e., the minimum number of edges whose deletion partitions G, to its resiliency. Following the success of randomized routing algorithms in dealing with a variety of problems (e.g., Valiant load balancing in the network design problem), we embark upon a study of randomized routing algorithms for the Static-Routing-Resiliency problem. For any k-connected graph, we show a surprisingly simple randomized algorithm that has expected number of hops O(|V|k) if at most k-1 edges fail, which reduces to O(|V|) if only a fraction t of the links fail (where t < 1 is a constant). Furthermore, our algorithm is deterministic if the routing does not encounter any failed link.

Security for medical sensor networks in mobile health systems

Emerging Internet of Things (IoT) technologies and mobile health scenarios provide opportunities for enhancing traditional healthcare systems. Yet current development meets the challenge of sensing patients health data with strong security guarantees in mobile and resource-constrained settings as well as in emergency situations. This paper presents a generic IoT-aware system architecture that enables security of personal mobile data and their transfer to healthcare services. Our security solutions apply the Host Identity Protocol. We validate the efficiency using a prototype implementation.

The quest for resilient (static) forwarding tables

Fast Reroute (FRR) and other forms of immediate failover have long been used to recover from certain classes of failures without invoking the network control plane. While the set of such techniques is growing, the level of resiliency to failures that this approach can provide is not adequately understood. We embark upon a systematic algorithmic study of the resiliency of immediate failover in a variety of models (with/without packet marking/duplication, etc.). We leverage our findings to devise new schemes for immediate failover and show, both theoretically and experimentally, that these outperform existing approaches.

STEM+: Allocating bandwidth fairly to tasks

Fair sharing of bandwidth among tenants in datacenters is important to guarantee prompt execution while providing isolation between different jobs. Existing bandwidth allocation methods lack a concept of a task reflecting the dependency between allocations on links. Moreover, existing approaches do not consider the tenants to be smart individuals and lack understanding of a threat that strategic players can produce. In this work we introduce a Strategy-proof Task-Enforcement Mechanism (STEM) which is the only strategy-proof mechanism for datacenter allocation. It seamlessly utilizes task-aware models. While tenants are able to improve their allocations by relocating demands among links, it also improves the global allocation resulting into a strong Nash equilibrium among tenants. This is in contrast to pricing or Competitive Equilibrium from Equal Incomes (CEEI) which permits tenants to inflate their demands and in some cases loosing sharing-incentives. We extend STEM with STEM+ - a work-conserving allocation mechanism.

Secure lightweight protocols for medical device monitoring

In the present days, the health care costs are sky-rocketing and most developed nations, including EU and US, are struggling to keep the costs under control. One of the areas is related to monitoring and control of medical appliances embedded to human bodies, such as insulin pumps as heart pacers. Fortunately, recent technology advances make it possible to monitor the medical appliances remotely, greatly decreasing the need for personal doctor visits. Naturally, remote wireless monitoring of such crucial appliances poses several formidable technological challenges including security of data communication, device authentication, attack resistance, and seamless connectivity. A remote monitoring protocol must be executed in a resource-constrained environment with energy efficiency. The recently proposed Diet Exchange for Host Identity Protocol (HIP) could solve most of security issues of remote appliance monitoring. However, it has to be developed to run in an embedded device environment; its security properties must be triple-checked against the stringent requirements; potential privacy issues must be addressed; protocol messages and cryptographic mechanisms must be adopted to wireless sensor standards. Although bearing high risks of provable security and patient faith, remote monitoring of health appliances could create breakthroughs in healthcare cost reduction and bring great benefits of individuals and the society.

isBF: scalable in-packet bloom filter based multicast

Bloom filter based forwarding was proposed recently in several protocol alternatives to IP multicast. Even though some of these protocols avoid the state in intermediate routers, they still have scalability limitations and require explicit network management as well as non-trivial functionality from the network components. In this work we propose an architecture based on in-packet Bloom filter forwarding, in which the burden of scalability management is left to the multicast source and end-hosts. We present several algorithms to improve the scalability of multicast transmission and evaluate them in a real Internet topology. Our evaluation confirms the ability of the proposed stateless design to save up to 70% of traffic volume in the large scale topology for big groups of subscribers, and up to 30% for small groups.

Nash Bargaining Solution Allocation is Not Suitable for Datacenter Jobs

The Nash Bargaining Solution (NBS) has been broadly suggested as an effective solution for the problem of fair allocation of multiple resources, namely bandwidth allocation in datacenters. In spite of being thoroughly studied, and provably strategy-proof for most scenarios, NBS-based allocation methods lack research on the strategic behavior of tenants in the case of proportionality of resource demands, which is common in datacenter workloads. We found that misbehavior is beneficial: by lying about bandwidth demands tenants can improve their allocations. We show that a sequence of selfish improvements leads to trivial demand vectors for all tenants. It essentially removes sharing incentives which are very important for datacenter networks. In this paper, we analytically prove that tenants can misbehave in 2- and 3- tenants cases. We show that misbehavior is possible in one recently proposed NBS-based allocation system if proportionality of demands is taken into account. Monte Carlo simulations were done for 2–15 tenants to show a misbehavior possibility and its impact on aggregated bandwidth. We propose to use another game-theoretic approach, namely Dominant Resource Fairness (DRF) to allocate bandwidth in the case of proportional demands. We show that this method performs significantly better than NBS after misbehavior.

Smart-M3 security: Authentification anc authorization mechanisms

Smart spaces are dynamic environments for sharing device information. Key challenges for smart spaces include security and interoperability between heterogeneous devices. Thus, smart spaces and its environments must provide feasible solutions for authentication, access control and privacy. Open source Smart Space platform Smart-M3 is actively developed but does not have a sufficient security mechanism yet. The main focus of this paper is analysis and development of security mechanisms for Smart-M3 platform.