James T. Yu

Reliability measurement: from theory to practice

The gap between theory and practice of reliability measurement in software design is discussed, and key issues that underlie reliability measurements evolution from theory to practice are presented. A panel discussion in which reliability measurements salient issues, basic concepts, and underlying theory are outlined is included. Reliability measurements role in the development life cycle is also discussed.<<ETX>>

Rogue Access Point Based DoS Attacks against 802.11 WLANs

The growing popularity of the 802.11-based Wireless LAN (WLAN) also increases its risk of security attacks. This paper presents an analysis and solution to two Denial of Service (DoS) attacks: Deauthentication flooding (DeauthF) and disassociation flooding (DisassF) attacks. We conducted experiments to understand the impact of the attacks, and applied the Markov chain model to study the transition probabilities under attacks. We then follow the newly proposed 802.11 w standard and implement a solution to prevent the attacks. Our results show that 802.11 w is effective for low rate deauthentication and disassociation attacks but fails to protect against the flooding attacks because it takes significant resources to authenticate frames. We propose an integrated approach to applying traffic pattern filtering (TPF) over 802.11 w to resolve DeauthF and DisassF DoS attacks. The simulation results yields satisfactory performance for the integrated approach.

An Empirical Study of the NETCONF Protocol

This paper presents an overview and empirical study of NETCONF, which is a new network management protocol approved by IETF in December 2006. The traditional approaches of CLI, SNMP, and CORBA are discussed, along with their deficiencies in network management. In this paper we present an empirical study based on a standard NETCONF implementation. We highlight the major capabilities of NETCONF, which is a document-oriented approach based on XML, and how these capabilities could be used to address the challenges of configuration management in a complex network environment. To demonstrate the NETCONF capability, we installed an open source implementation of NETCONF, EnSuite (Yencap), on our lab Linux environment. Our preliminary results show that NETCONF provides more functionality (more advanced features), and is more efficient (single transaction for complex configuration data), more secure (embedded in the transport protocol), and easier to develop new services than CLI and SNMP.

Call Admission Control and Traffic Engineering of VoIP

This paper presents an extension of the Erlang-B model for traffic engineering of voice over IP (VoIP). The Erlang-B model uses traffic intensity and grade of service (GoS) to determine the number of trunks in circuit-switched networks. VoIP traffic, however, is carried over packet-switched networks, and network capacity is measured in bits per second instead of the number of trunks. In this paper, we propose a new measurement scheme to translate network bandwidth into the maximum call load. With this new metric, the Erlang-B model is applicable to VoIP. We conducted experiments to measure the maximum call loads based on various voice codec schemes, including G.711, G.729A, and G.723.1. Our results show that call capacity is most likely constrained by network devices rather than physical connections. Based on this result, we recommend considering both packet throughput (pps) and bit throughput (bps) in determining the max call load. If network capacity is constrained by pps, codec schemes would have almost no effect on the maximum call load, while the sampling rate could easily double or half the call load.

Improving Network Services Configuration Management

This paper proposes a configuration management framework to improve the configuration of network services. Configuring a network service is difficult and error-prone especially when dealing with hundreds or thousands of various networking devices. Misconfiguration is common and leads to dramatic impacts on network stability. The existing configuration frameworks such as NETwork CONFiguration (NETCONF) protocol focuses on the interaction patterns between managers and agents with limited support for high-level functionalities. This makes hard for network developers to build effective management systems. Our proposed framework complements NETCONF framework by introducing a middle-level abstraction called Configuration Semantic Model (CSM) that provides a global view of service configuration process and coordinates the configuration of inter-dependent network devices. In this paper, we provide an overview of our configuration semantic modeling and then describe two case studies to evaluate the proposed framework.

Empirical studies and queuing modeling of denial of service attacks against 802.11 WLANs

The growing popularity of 802.11-based wireless LANs (WLAN) also increases the risk of security attacks. Most studies of WLAN security are on the protection of data integrity, and few studies are addressing the issue of Denial of Service (DoS) attacks. This paper studies two major DoS attacks of authentication request flooding (AuthRF) and association request flooding (AssRF). Our studies show that these DoS attacks cause significant performance degradations and may disconnect the communications. A queuing model is presented to study the attacking mechanisms, and the causes of performance degradations. The analytical results of the queuing model are validated by the simulation model, and both results are consistent with the empirical data. The queuing model analysis leads to the development of four solutions: Request Authentication (RA), Reduction of Duplicate Requests (RDR), Reduction of Response Retransmissions (RRR), and Round Robin Transmission (RRT). We tested these four solutions and collected empirical data to validate the effectiveness of the solutions. A comparison of these four solutions is presented to show their strengths and weaknesses in resolving the attacks.

High Level Abstraction Modeling for Network Configuration Validation

This paper presents our design and implementation of a Configuration Validation System (ConfVS) which uses a high-level language to help system operators verify network configurations based on formal requirements. In contrast to many existing solutions, ConfVS uses a comprehensive model to formalize the network specification and utilizes the NETCONF protocol to collect configuration data from network devices. In addition, ConfVS uses binary decision diagrams to model the behavior of network devices and provides a prototype to query the device configuration. Requirements and specifications are written in the Erlang language, a general-purpose concurrent programming language. To validate ConfVS, we present a case study to show the features and the expressiveness of ConfVS by performing different types of reasoning with network requirements.

Framework for Modeling Call Holding Time for VoIP Tandem Networks: Introducing the Call Cease Rate Function

This paper presents a new approach to modeling call holding time of VoIP traffic on tandem networks. Call holding time is a key variable of traffic engineering models, and the traditional Erlang-B model uses the negative exponential function to model call holding time. Our study of hundreds of millions of telephone calls shows that the exponential assumption is not valid for modern large-scale VoIP networks. We propose to use time-to-event analysis which consists of fitting a parametric model to the call cease rate. Then we study several probability distribution functions and compare their capability to model the VoIP call departure rate. We find that both the log-logistic and the generalized gamma distributions provide a good fit for the data. Our statistical analysis shows that the approach of call cease rate provides more accurate results than the traditional exponential and log-normal holding time models.

Applications and Performance Analysis of Bridging with Layer-3 Forwarding on Wireless LANs

This paper presents an in-depth study of applying the bridging technology with layer-3 forwarding (L3F) in Wireless Local Area Networks (WLAN). L3F addresses a limitation of wireless communications at the Medium Access Control (MAC) layer, and uses the information at the network layer (IP address) to forward packets. It has the flexibility of IP routing without the complexity of routing and subnet configurations. The detailed procedure of L3F is presented in this paper, along with thorough performance analysis using a high capability traffic generator and analyzer. The performance results, as measured by throughput and latency, show that the L3F performance is comparable to traditional layer-2 bridging and significantly better than IP routing. This paper also presents two practical applications of using L3F: one is in the Small Office and Home Office (SOHO) to interconnect multiple LAN segments, and the other is in the multi-hop ad hoc wireless networks.

A practical and effective approach to implementing High Availability Seamless Redundancy (HSR)

High availability Ethernets are being used for many industrial automation applications, and the adoption of High Availability Seamless Redundancy (HSR) is gaining strong interests from both the industry and academics as it is able to achieve zero recovery time. This paper presents a simple, practical, and effective implementation of HSR based on Add-Drop-Multiplexer (ADM). A major contribution of the paper is to use polling, instead of the legacy MAC learning process, to build the MAC forwarding table on RedBox and QuadBox. Through our simulation model, we demonstrate the effectiveness of this approach to (1) avoid loops of broadcast messages, (2) identify redundant packets, and (3) achieve zero recovery time.