Rupinder Makkar

Security advances and challenges in 4G wireless networks

This paper presents a study of security advances and challenges associated with emergent 4G wireless technologies. The paper makes a number of contributions to the field. First, it studies the security standards evolution across different generations of wireless standards. Second, the security-related standards, architecture and design for the LTE and WiMAX technologies are analyzed. Third, security issues and vulnerabilities present in the above 4G standards are discussed. Finally, we point to potential areas for future vulnerabilities and evaluate areas in 4G security which warrant attention and future work by the research and advanced technology industry.

BECN for congestion control in TCP/IP networks: study and comparative evaluation

This paper evaluates the suitability of Backward Explicit Congestion Notification (BECN) for IP networks. The BECN mechanism has previously been used in non-IP networks, but there has been limited experimental investigation into the application of the BECN scheme as congestion control mechanism in IP networks. In this paper, we consider an enhanced algorithm for BECN which uses Internet Control Message Protocol (ICMP) Source Quenches for backward congestion notification in IP networks and undertake comparative performance evaluation of Random Early Detection (RED), Explicit Congestion Notification (ECN) and our enhanced BECN mechanism using both long-lived TCP bulk transfers and short-lived Web traffic workloads. Our results show that for Web traffic workloads, BECN offers only slight improvement in transfer delay while average goodput for bulk transfers is no worse than that of ECN. For paths that have a high bandwidth delay product our results show that not only can BECN offer significant improvement in average goodput for bulk transfers over the ECN mechanism, but packet drops and transfer delay for short-lived Web traffic connections are also comparatively reduced. Additional observations show that on such paths TCP (NewReno) with RED can offer higher goodput for bulk transfers compared to ECN. We investigate the overhead due to Source Quenches in a BECN capable network and find that for scenarios considered in this paper it does not significantly impact performance of BECN.

Congestion control in TCP/IP networks: a combined ECN and BECN approach

In this paper a novel algorithm is proposed which combines the merits of explicit congestion notification (ECN) and backward explicit congestion notification (BECN) mechanisms for congestion control in TCP/IP networks. A comparative performance evaluation of the combined ECN and BECN mechanism is carried out using both long-lived FTP flows and short-lived Web traffic. The simulation results show that the combined ECN+BECN mechanism benefits from BECNs early notification under heavy congestion and ECNs reliable delivery of congestion notification. It is observed that the ECN+BECN mechanism significantly reduces queue fluctuations due to early congestion indication compared to ECN. The loss of BECN Internet control message protocol (ICMP) source quenches on the reverse path does not adversely impact performance due to this combined approach. It is also shown that the ECN+BECN scheme can significantly reduce the ICMP source quench reverse traffic in a network compared to a BECN only network. Experiments with Web traffic workloads show measurable improvement in both average object transfer delay and fairness over ECN.

Evaluating a modified PCA approach on network anomaly detection

As the number, complexity and diversity of cyber threats continues to increase, anomaly detection techniques have proven to be a powerful technique to augment existing methods of security threat detection. Research has shown that Principal Component Analysis (PCA) is an anomaly detection method known to be viable for pinpointing the existence of anomalies in network traffic. Despite its recognized utility in detecting cyber threats, previous relevant research work has highlighted certain inconsistencies when the classical PCA method is used to detect anomalies in network traffic, resulting in false positives and false negatives. Specifically, it has been shown that the efficiency of the results are highly dependent on the nature of the input data and the calibration of its parameters. In classical PCA, the parameters have to be carefully selected in order to correctly define the normal and abnormal space. By obtaining real network traffic traces from a small enterprise and artificially injecting anomalies, we experiment with a modified PCA method to address the above shortcomings. The results of our experimentation are encouraging. The results indicate our modified PCA method may possess promising capabilities to efficiently detect network anomalies while addressing some of the limitations of the classic PCA approach.

Gateway algorithm for fair bandwidth sharing

In this paper we propose a Virtual Round Robin (VRR) gateway algorithm to enforce per-flow fair bandwidth allocation by keeping per-flow information. This mechanism achieves reasonably fair bandwidth allocation and is easily amenable to high-speed implementations. It uses a single FIFO queue with probabilistic drop-on-arrival. In our simulation study, we compare the performance VRR with other two algorithms, Random Early Detection (RED) and Flow Random Early Drop (FRED) (D. Lin and R. Morris, 1997). Our simulation results show that VRR outperforms RED and FRED in wide variety of scenarios.

IPCA for network anomaly detection

As the number, complexity and diversity of cyber threats continue to increase in network infrastructures, anomaly detection techniques constitute a crucial alternative towards enhancing network security. Principal Component Analysis (PCA) is a widely used network anomaly detection statistical methodology. Despite its ability in detecting traffic anomalies, relevant research has highlighted certain drawbacks of this technique. In our work we develop the Iterative PCA (IPCA) method to address those shortcomings. We aim at providing a useful tool that will enable a network administrator to identify network anomalies. The results of our experimentation are encouraging. They indicate that IPCA possesses promising capabilities in efficiently detecting anomalies while mitigating the limitations of the classical PCA approach.

Improving Network Infrastructure Security using Geospatial Technology

Advanced network management systems (NMS) have made tremendous strides in terms of visualization, monitoring, and vulnerability analysis for Layer 2 and Layer 3 data networks. However, they are unable to take into account geographic considerations and vulnerability of the network to physical threats and hazards. This paper summarizes our recent work on utilizing geospatial mapping and technology for improving network infrastructure security. We propose a novel architecture and requirements for integrating NMS and GIS (geographic information systems) technology to address issues such as the one mentioned above. A prototype system was developed to validate the architecture. We conclude the paper with a discussion of challenges encountered during development and testing of the prototype on an emulation test-bed

An enhanced algorithm for fair traffic conditioning in Differentiated Services networks

Fair bandwidth sharing among traffic flows with different characteristics in Differentiated Service (DiffServ) networks is the focus of the current research. This paper examines and enhances an algorithm developed to enforce fairness among disparate TCP flows in the assured forwarding (AF) service in DiffServ. equation based marking (EBM) was introduced (M. El-Gendy and K. Shin (2002)) to enforce fairness in AF by monitoring existing network conditions used in marking decisions. The estimation of packet losses by the algorithm is integral to marking. The loss rates of different connections were demonstrated to converge hence enforcing a fair marking regardless of the metrics of individual flows. In this paper, EBM is analyzed for fairness and enhanced by implementing a more efficient technique for loss rate estimation. Comparison is made between EBM and the enhanced technique with results showing appreciable improvements in the maintenance of fairness. Furthermore, a service definition required by QoS standards is met with the implementation of the additional algorithm to EBM.

Comparison between BECN-capable TCP new-Reno and TCP Vegas

TCP is the most important transport protocol in the Internet. In this research, the backward explicit congestion notification (BECN) option is enabled for TCP New-Reno flows and then the performance of this combination is compared with that of TCP Vegas. In all the cases, the bottleneck router has random early detection (RED) capability. The comparisons are made for connections with equal and unequal round trip times (RTTs), in environments that can be homogeneous or heterogeneous. Also, two different types of traffic, FTP and Web are analyzed in the experiments