Ralph Droms

OnboardICNg: a Secure Protocol for On-boarding IoT Devices in ICN

Information-Centric Networking (ICN) is an emerging networking paradigm that focuses on content distribution and aims at replacing the current IP stack. Implementations of ICN have demonstrated its advantages over IP, in terms of network performance and resource requirements. Because of these advantages, ICN is also considered to be a good network paradigm candidate for the Internet-of-Things (IoT), especially in scenarios involving resource constrained devices. In this paper we propose OnboardICNg, the first secure protocol for on-boarding (authenticating and authorizing) IoT devices in ICN mesh networks. OnboardICNg can securely onboard resource constrained devices into an existing IoT network, outperforming the authentication protocol selected for the ZigBee-IP specification: EAP-PANA, i.e., the Protocol for carrying Authentication for Network Access (PANA) combined with the Extensible Authentication Protocol (EAP). In particular we show that, compared with EAP-PANA, OnboardICNg reduces the communication and energy consumption, by 87% and 66%, respectively.

Automated and secure IPv6 configuration in enterprise networks

Over the last decade, IPv6 has established itself as the most mature network protocol for the future Internet. Its recent deployment in core networks of operators, its availability to end customers of multiple ISPs together with the availability of native access to large services like Google assess the increasing penetration of IPv6.

Simulating Fixed Virtual Nodes for Adapting Wireline Protocols to MANET

The Virtual Node Layer (VNLayer) is a programming abstraction for Mobile Ad Hoc Networks (MANETs). It defines simple virtual servers at fixed locations in a network, addressing a central problem for MANETs, which is the absence of fixed infrastructure. Advantages of this abstraction are that persistent state is maintained in each region, even when mobile nodes move or fail, and that simple wireline protocols can be deployed on the infrastructure, thereby taming the difficulties inherent in MANET setting. The major disadvantage is the messaging overhead for maintaining the persistent state.In this paper, we use simulation to determine the magnitude of the messaging overhead and the impact on the performance of the protocol. The overhead of maintaining the servers and the persistent state is small in bytes, but the number of messages required is relatively large. In spite of this, the latency of address allocation is relatively small and almost all mobile nodes have an address for 99 percent of their lifetime. Our ns-2 based simulation package (VNSim) implements the VNLayer using a leader-based state replication strategy to emulate the virtual nodes. VNSim efficiently simulates a virtual node system with up to a few hundred mobile nodes. VNSim can be used to simulate any VNLayer-based application.

On the Cost of Secure Association of Information Centric Things

Information Centric Networking (ICN) paradigms nicely fit the world of wireless sensors, whose devices have tight constraints. In this poster, we compare two alternative designs for secure association of new IoT devices in existing ICN deployments, which are based on asymmetric and symmetric cryptography respectively. While the security properties of both approaches are equivalent, an interesting trade-off arises between properties of the protocol vs properties of its implementation in current IoT boards. Indeed, while the asymmetric-keys based approach incurs a lower traffic overhead (of about 30%), we find that its implementation is significantly more energy- and time-consuming due to the cost of cryptographic operations (it requires up to 41x more energy and 8x more time).

SLICT: Secure Localized Information Centric Things

While the potential advantages of geographic forwarding in wireless sensor networks (WSN) have been demonstrated for a while now, research in applying Information Centric Networking (ICN) has only gained momentum in the last few years. In this paper, we bridge these two worlds by proposing an ICN-compliant and secure implementation of geographic forwarding for ICN. We implement as a proof of concept the Greedy Perimeter Stateless Routing (GPSR) algorithm and compare its performance to that of vanilla ICN forwarding. We also evaluate the cost of security in 802.15.4 networks in terms of energy, memory and CPU footprint. We show that in sparse but large networks, GPSR outperforms vanilla ICN forwarding in both memory footprint and CPU consumption. However, GPSR is more energy intensive because of the cost of communications.

Autonomic renumbering in the future iInternet

IPv6 is an essential building block of the evolution toward the future Internet. To take the full benefit of this protocol and exploit all its features, the future Internet needs to gracefully couple it with autonomics. In this article we demonstrate through our experience with network renumbering how the coupling of both IPv6 core functionality extended with major functions of the autonomic world can lead to fully autonomous activities of main management functions. We instantiate the notions of self-configuration, self-monitoring, self-protection, and self-healing in the network renumbering process and show how all together they can make renumbering a real success. We illustrate the various functions with the tools we have implemented to support them.

Fair-RTT-DAS: A robust and efficient dynamic adaptive streaming over ICN

Abstract To sustain the adequate bandwidth demands over rapidly growing multimedia traffic and considering the effectiveness of Information-Centric Networking (ICN), recently, HTTP based Dynamic Adaptive Streaming (DASH) has been introduced over ICN, which significantly increases the network bandwidth utilisation. However, we identified that the inherent features of ICN also causes new vulnerabilities in the network. In this paper, we first propose a novel attack called as Bitrate Oscillation Attack (BOA), which exploits fundamental ICN characteristics: in-network caching and interest aggregation, to disrupt DASH functionality. In particular, the proposed attack forces the bitrate and resolution of video received by the attacked client to oscillate with high frequency and high amplitude during the streaming process. To detect and mitigate BOA, we design and implement a reactive countermeasure called Fair-RTT-DAS. Our solution ensures efficient bandwidth utilisation and improves the user perceived Quality of Experience (QoE) in the presence of varying content source locations. For this purpose, Fair-RTT-DAS consider DASH’s two significant features: round-trip-time (RTT) and throughput fairness. In the presence of BOA in a network, our simulation results show an increase in the annoyance factor in user’s spatial dimension, i.e., increase in oscillation frequency and amplitude. The results also show that our countermeasure significantly alleviates these adverse effects and makes dynamic adaptive streaming friendly to ICN’s implicit features.