Marcus Schöller

Resilience and survivability in communication networks: Strategies, principles, and survey of disciplines

The Internet has become essential to all aspects of modern life, and thus the consequences of network disruption have become increasingly severe. It is widely recognised that the Internet is not sufficiently resilient, survivable, and dependable, and that significant research, development, and engineering is necessary to improve the situation. This paper provides an architectural framework for resilience and survivability in communication networks and provides a survey of the disciplines that resilience encompasses, along with significant past failures of the network infrastructure. A resilience strategy is presented to defend against, detect, and remediate challenges, a set of principles for designing resilient networks is presented, and techniques are described to analyse network resilience.

Redundancy, diversity, and connectivity to achieve multilevel network resilience, survivability, and disruption tolerance invited paper

Communication networks are constructed as a multilevel stack of infrastructure, protocols, and mechanisms: links and nodes, topology, routing paths, interconnected realms (ASs), end-to-end transport, and application interaction. The resilience of each one of these levels provides a foundation for the next level to achieve an overall goal of a resilient, survivable, disruption-tolerant, and dependable Future Internet. This paper concentrates on three critical resilience disciplines and the corresponding mechanisms to achieve multilevel resilience: redundancy for fault tolerance, diversity for survivability, and connectivity for disruption tolerance. Cross-layering and the mechanisms at each level are described, including richly connected topologies, multipath diverse routing, and disruption-tolerant end-to-end transport.

Introducing QoS mechanisms into the IPsec packet processing

The deployment and use of IPsec has consistently increased in recent years. IPsec is a protocol that allows, besides other things, secure branch offices connectivity and secure VPN access for road warriors. The limitations of IPsec are much better understood today, and efforts to improve IPsec are still underway. One aspect of improvement is the integration of IPsec with other functions and protocols of the network. Quality of Service (QoS) is one example. QoS is used to prioritize demanding traffic like Voice over IP, network control messages, and traffic for other mission-critical systems. QoS can be used to mitigate risks of DoS attacks, ill-behaving hosts, and other attacks by separating traffic classes and treating packets according to the respective class. In order to facilitate all the advantages QoS can offer, an IPsec implementation must not only be superficially changed, but needs thorough modifications or, even better, should be designed with QoS support as an objective. The current IPsec standard does hardly offer any guidance to do this. In this paper, we detail our QoS-capable IPsec and compare it with a widely-used regular IPsec implementation. Furthermore, we show that these QoS extensions prove to be valuable, even in difficult scenarios, e.g. using host CPUs for packet processing.Secure group communication has various applications. Requirements for an application differ in various parameters such as tolerance times for join and leave, arrival rate, departure rate, staying period and group life time. Existing group key agreement protocols do not harness knowledge of application requirements. In this paper we present scheme for tunable group key agreement. We introduce an application class awareness concept, rekeying algorithms and novel key tree structure. We simulated periodic refresh mode, periodic batch mode and controlled periodic refresh mode. Simulation experiment clearly shows that controlled periodic refresh mode outperforms periodic refresh mode and periodic batch mode.

AMnet 2.0: An Improved Architecture for Programmable Networks

AMnet 2.0 is an improved architecture for programmable networks that is based on the experiences from the previous implementation of AMnet. This paper gives an overview of the AMnet architecture and Linux-based implementation of this software router. It also discusses the differences to the previous version of AMnet. AMnet 2.0 complements application services with net-centric services in an integrated system that provides the fundamental building blocks both for an active node itself and the operation of a larger set of nodes, including code deployment decisions, service relocation, resource management.

An Architectural Model for Deploying Critical Infrastructure Services in the Cloud

The Cloud Computing operational model is a major recent trend in the IT industry, which has gained tremendous momentum. This trend will likely also reach the IT services that support Critical Infrastructures (CI), because of the potential cost savings and benefits of increased resilience due to elastic cloud behaviour. However, realizing CI services in the cloud introduces security and resilience requirements that existing offerings do not address well. For example, due to the opacity of cloud environments, the risks of deploying cloud-based CI services are difficult to assess, especially at the technical level, but also from legal or business perspectives. This paper discusses challenges and objectives related to bringing CI services into cloud environments, and presents an architectural model as a basis for the development of technical solutions with respect to those challenges.

Strategies for network resilience: capitalising on policies

Networked systems are subject to a wide range of challenges whose nature changes over time, including malicious attacks and operational overload. Numerous mechanisms can be used to ensure the resilience of networked systems, but it can be difficult to define how these mechanisms should be configured in networks that support many services that have differing and shifting requirements. In this paper, we explore the potential benefits of using policies for defining the configuration of mechanisms for resilience. We discuss some of the difficulties of defining configurations, such as identifying conflicts, and highlight how existing policy frameworks could be used or extended to manage this complexity.

30. A Peer-to-Peer Framework for Electronic Markets

Markets – in their ideal form – naturally represent Peer-to-Peer (P2P) systems: market participants can be both client and server when exchanging offers, general messages, or goods. They can directly address each other, and interact in a decentralized and autonomous fashion. Most market implementations in history, however, were far from this ideal form.

PktAnon - A Generic Framework for Profile-based Traffic Anonymization

ABSTRACT Computer network researchers, system engineers and network operators have an increasing need for network traces. These are necessary to build and evaluate communication systems. This ranges from developing intrusion detection systems over evaluating network protocols or system design decisions, up to education in network security. Unfortunately, availability of real-world traces is very scarce, mainly due to privacy and security concerns. Making recorded data anonymous helps to mitigate this problem. Available anonymization systems, however, do not provide sufficient flexibility, extensibility or ease of use. Therefore, we developed a generic framework for traffic anonymization that can easily be configured by anonymization profiles. Such profiles ensure an easy adaptation of the information actually being made anonymous to different environments or local legislation. Furthermore, our framework supports flexible application of arbitrary anonymization primitives to every protocol field. Due to its extensibility our framework provides an easy incorporation of new anonymity-enhancing techniques, too. Additionally, it prevents accidental disclosure of private data by applying a technique called defensive transformation. Finally, it can be used for online as well as offline anonymization of network traffic.

An extensible and flexible system for network anomaly detection

Network hazards like attacks or misbehaving nodes are still a great obstacle for network operators. Distributed denial of service attacks and worm propagations do not only affect the attacked nodes but also the network itself by wasting network resources. In wireless ad hoc networks even more hazards exist due to its self-organizing characteristic. A detection of such network hazards as early as possible enables a fast deployment of appropriate countermeasures and thereby significantly improves network operation. Our proposed detection system uses programmable network technology to deploy such a system within the network itself. Doing this without influencing the routing performance seriously demands a resource saving architecture. We therefore propose to use a hierarchical architecture which runs a very small basic stage all the time and loads specialized detection modules on demand to verify the network hazard. In this paper we introduce our system which can detect DDoS attacks, worm propagations, and wormhole attacks.

An Extension to Packet Filtering of Programmable Networks

Several projects proposed to use active or programmable networks to implement attack detection systems for detecting distributed denial of service attacks or worm propagation. In order to distinguish legal traffic from the attack traffic bypassing packets need to be inspected deeply which is resource consuming. Such an inspection can be realized either with additional and expensive special hardware or in software. But due to resource limitations inspection of all bypassing packets in software is not feasible if the packet rate is high. Therefore we propose to add packet selection mechanisms to the NodeOS reference architecture for programmable networks. A packet selector reduces the rate of packets which are inspected. In this paper we detail on various packet selectors and evaluate their suitability for an attack detection system. The results of our implementation show significant advantages by using packet sampling methods compared to packet filtering.