Ricardo Macedo

Interoperability issues on heterogeneous wireless communication for smart cities

Smart cities have become a reality around the world. They rely on wireless communication technologies, and they have provided many benefits to society, such as monitoring road traffic in real-time, giving continuous healthcare assistance to residents and managing the environment. This article revisits key interoperability questions in heterogeneous wireless networks for smart cities, and outlines a simple, modular architecture to deal with these complex issues. The architecture is composed by sensing, access network, Internet/cloud and application layers. Different features provided by the architecture, such as interoperability among technologies, low cost, reliability and security, have been evaluated through experiments and simulations under different scenarios. The QoS support and the seamless connectivity between pairs of heterogeneous technologies are proposed through a policy-based management (PBM) framework and MIH (Media Independent Handover). Moreover, an 802.11 mesh backbone composed of different types of mesh routers has been deployed for interconnecting the sensors and actuators to the Internet. Key results from experiments in the backbone are examined. They compare: (i) the performance of a single-path routing protocol (OLSR) with a multipath one (MP-OLSR); (ii) the monitoring delays from the proposed low cost sunspot/mesh and arduino/mesh gateways; and (iii) the authentication mechanisms employed. Significant results from simulations allow the analysis of the reliability on vehicular/mesh networks under jamming attacks by applying the OLSR and MP-OLSR routing protocols. Finally, this article provides an overview of open research questions.

Self-Organized SDN Controller Cluster Conformations against DDoS Attacks Effects

Software Defined Networks (SDN) provide a high simplification of the network management by decoupling the control plane from the data plane through the use of controllers. Distributed-Denial-of-Service (DDoS) attacks can make SDN controllers unavailable to process legitimate flow requests from switches. The main approaches to protect controllers against DDoS attacks are essentially based on the attack detection, that still yield high rates of false negatives and/or false positives, highlighting the importance of mitigating DDoS attacks. Existing mitigation techniques are fundamentally based on external and additional resources or on the network traffic analysis, increasing computational cost or being prone to high rates of false negatives and/or false positives. This work presents PATMOS, a novel Protocol for DDoS Attack miTigation in Multi-contrOller SDN networkS through controllers clustering. PATMOS procedures are organized in three phases. The first one exchanges control messages to identify overloaded controllers, eliminating the dependence on the network traffic analysis. The second phase elects the best performance level controller to coordinate the mitigation process. The third phase minimizes the DDoS attacks effects using operational controllers in the network, differently from the works that employ external resources. Simulations results show PATMOS reducing 52.39% of CPU usage rate, increasing 192.74 fold more the throughput and decreasing 2.5 fold less the latency of flow requests to a target controller.

Mitigating DoS attacks in identity management systems through reorganizations

Ensuring identity management (IdM) systems availability plays a key role to support networked systems. Denial-of-Service (DoS) attacks can make IdM operations unavailable, preventing the use of computational resources by legitimate users. In the literature, the main countermeasures against DoS over IdM systems are based on either the application of external resources to extend the system lifetime (replication) or on DoS attacks detection. The first approach increases the solutions cost, and in general the second approach is still prone to high rates of false negatives and/or false positives. Hence, this work presents SAMOS, a novel and paradigm-shifting Scheme for DoS Attacks Mitigation by the reOrganization and optimization of the IdM System. SAMOS optimizes the reorganization of the IdM system components founded on optimization techniques, minimizing DoS effects and improving the system lifetime. SAMOS is based on the unavailabilities effects such as the exhaustion of processing and memory resources, eliminating the dependence of attacks detection. Furthermore, SAMOS employs operational IdPs from the IdM system to support the demand of the IdM system, differently from replication approaches. Results considering data from two real IdM systems indicate the scheme viability and improvements. As future works, SAMOS will be prototyped in order to allow performance evaluations in a real testbed.

Guard Mounting: Reorganizations to Mitigate DDoS Attacks over Identity Providers Clustering

Under the increasing popularization of portable and mobile devices, as well as the positive trends to the Internet of Everything, Identity Management systems gain a crucial role in integrating different administrative domains towards a global ubiquitous computing. Denial-of-Service (DoS) attacks can make IdM operations unavailable, preventing the use of computational resources by legitimate users. This work presents SAMOS, a novel Scheme for DoS Attacks Mitigation by the reOrganization and optimization of the IdM System. SAMOS optimizes the reorganization of the IdM system components founded on optimization techniques, minimizing DoS effects and improving the system lifetime. Results considering data from a real IdM system indicate the scheme viability and benefits.

A Survival Performance degrAdation fRamework for lArge-scale neTworked systems

Large scale networked systems, such as Identity Management (IdM) systems and software defined networks (SDN), have contributed to technological evolution. They simplify user and network device management. However, they strengthen Distributed Denial-of-Services (DDoS) attacks. These attacks are able to compromise system availability and harm legitimate users. The main approaches against DDoS attacks apply external resources (replication) or try to detect DDoS attacks. The first approach increases solution cost. The second is prone to high false positives. In other contexts, research into resilient approaches has increased for addressing emergent threats. In this work, we advocate that networked systems can self-manage to provide resilience. We propose a framework to guide the system design to follow the ideas defended in this thesis. The framework comprises the survival, collaboration, and analysis modules. Following the framework, networked systems can preserve their lifetime without external computer resources. The DDoS attack mitigation process starts when the system capacity overcomes a pre-established threshold. A protocol and a scheme showcase the framework over IdM systems and SDN. We conducted performance evaluations by experiments and simulations. Results show an increase in throughput and a decrease in latency of essential services when we use the proposed framework.

SPARTA: A survival performance degradation framework for identity federations

Abstract Identity federations simplify user’s access control across different networks, domains or systems. These federations allow users to seamlessly access data from another domain and they avoid the need of a completely redundant user administration. Federations rely on Identity Providers (IdPs) to manage user’s identities. However, IdPs are prone to Distributed Denial-of-Service (DDoS) attacks and flash crowd events. Those attacks and events can severely compromise the performance of IdPs, affecting legitimate users. Existing solutions either ignore such events, statically improving the performance of only specific IdP operations, or tolerate a predetermined number of failures, employing extra hardware resources purchased to replicate IdPs services. This article presents SPARTA, a Survival Performance degrAdation fRamework for idenTity federAtions. SPARTA offers identity federation survivability employing the collective intelligence principles. We showcase the framework over a real identity management system. Results from the experiments show the improvements of the system under attacks. We measure improvements by identity authentication latency (i.e., the time interval between the authentication request and its response) and throughput. As future works, we intend to evaluate our solution using large-scale identity federations.

Experimental performance comparison of single-path and multipath routing in VANETs

Vehicular ad hoc networks (VANETs) are envisioned to support Intelligent Transportation Systems, providing services to drivers. VANETs comprise of vehicles equipped with wireless communication devices, and access points spread over streets and roads. VANETs require multi-hop routing protocols to data tranmission, following two main approaches in relation to the number of discovered routes. However, simulations mainly analyze their performance individually, without considering issues in experimental environments. Hence, this work presents an experimental performance analysis comparison between the single-path and the multipath routing approaches, aiming to understand their behavior in order to assist the design of efficient routing protocols. Evaluation scenarios employ static and low mobility situations, applying two major protocols from the literature to represent the routing approaches. Results confirm the advantages of multipath routing, which has shown a packet loss ratio reduction of four fold related to the single-path one under static scenarios, and about three fold under low mobility.

A Management Model to Prevent Misuse of the Web

The Internet has brought benefits to companies. However, the misuse of this resource can cause losses in employee productivity. This paper proposes a management model to prevent misuse of the Web that provides a cycle of continuous improvement of access control policies based on contextual attributes and a software to minimize the cost of the management of access control polices. A case study in a public university demonstrated the applicability of the model in the management of wireless Internet access.