Simon Pietro Romano

Real-Time Communications in the Web: Issues, Achievements, and Ongoing Standardization Efforts

Web Real-Time Communication (WebRTC) is an upcoming standard that aims to enable real-time communication among Web browsers in a peer-to-peer fashion. The IETF RTCWeb and W3C WebRTC working groups are jointly defining both the APIs and the underlying communication protocols for setting up and managing a reliable communication channel between any pair of next-generation Web browsers.

Cadenus: creation and deployment of end-user services in premium IP networks

Current trends in the information and communications technology industry clearly indicate the existence of a business requirement for a market-enabling technology that allows network operators to interact with users in a seamless, transparent manner for the sale and delivery of a wide range of services with guaranteed quality of service. In this context the need arises for the dynamic creation, configuration and delivery of services with QoS guarantees via the automated management of service level agreements. The aim of the Cadenus project is to bring theoretical and practical contributions to this area by defining a framework for the provisioning of advanced communication services in premium IP networks. Such networks might be characterized by a high degree of complexity, in terms not only of scale, but also of number of operators and technological heterogeneity. Our contribution is twofold, comprising both the design of the proposed framework and its actual implementation. An innovative approach was taken to framework design, based on the concept of mediation. With respect to the framework implementation, an example illustrating the realization of a virtual private network scenario is presented.

A Reputation-Based Metric for Secure Routing in Wireless Mesh Networks

The continuous growth of wireless networks calls for more and more sophisticated solutions for their security. In particular, mechanisms for limiting effects of routing protocol attacks are becoming a mandatory requirement: black-hole and gray-hole attacks can in fact seriously compromise the performance of a critical infrastructure like a Wireless Mesh Network. In this paper we present a new routing metric aimed at mitigating the effects of such attacks, based on an estimation of the trustworthiness level of network nodes. By applying the metric to existing wireless routing protocols we show that it is possible to increase both the security level and the performance of the overall network, even in the presence of routing attacks.

A distributed control law for load balancing in content delivery networks

In this paper, we face the challenging issue of defining and implementing an effective law for load balancing in Content Delivery Networks (CDNs). We base our proposal on a formal study of a CDN system, carried out through the exploitation of a fluid flow model characterization of the network of servers. Starting from such characterization, we derive and prove a lemma about the network queues equilibrium. This result is then leveraged in order to devise a novel distributed and time-continuous algorithm for load balancing, which is also reformulated in a time-discrete version. The discrete formulation of the proposed balancing law is eventually discussed in terms of its actual implementation in a real-world scenario. Finally, the overall approach is validated by means of simulations.

An open source traffic engineering toolbox

We present the TOTEM open source Traffic Engineering (TE) toolbox and a set of TE methods that we have designed and/or integrated. These methods cover intra-domain and inter-domain TE, IP-based and MPLS-based TE. They are suitable for network optimisation, better routing of traffic for providing QoS, load balancing, protection and restoration in case of failure, etc. The toolbox is designed to be deployed as an on-line tool in an operational network, or used off-line as an optimisation tool or as a traffic engineering simulator.

REAL TIME DETECTION OF NOVEL ATTACKS BY MEANS OF DATA MINING TECHNIQUES

Rule-based Intrusion Detection Systems (IDS) rely on a set of rules to discover attacks in network traffic. Such rules are usually hand-coded by a security administrator and statically detect one or few attack types: minor modifications of an attack may result in detection failures. For that reason, signature based classification is not the best technique to detect novel or slightly modified attacks. In this paper we approach this problem by extracting a set of features from network traffic and computing rules which are able to classify such traffic. Such techniques are usually employed in off line analysis, as they are very slow and resource-consuming. We want to assess the feasibility of a detection technique which combines the use of a common signature-based intrusion detection system and the deployment of a data mining technique. We will introduce the problem, describe the developed architecture and show some experimental results to demonstrate the usability of such a system.

On the seamless interaction between webRTC browsers and SIP-based conferencing systems

The growing interest in integrating interactive multimedia features into web applications has recently led to the creation of the W3C WebRTC and the IETF RTCWEB working groups. Such groups are jointly defining both the application programming interfaces and the underlying communication protocols for the setup and management of a reliable communication path between any pair of next-generation web browsers. While the ongoing work is focusing on peer-to-peer communication between browsers, engineers are also facing a new issue, associated with the coexistence of legacy SIPbased systems with the upcoming browserenabled architectures. We herein discuss how we tackled such an issue, by first identifying interoperability requirements and then presenting a real-world interoperability example dealing with the integration of RTCWEB clients into an existing standards-based collaboration platform.

A distributed IMS enabled conferencing architecture on top of a standard centralized conferencing framework [IP Multimedia Systems (IMS) Infrastructure and Services]

In this article we present an actual implementation of a distributed conferencing framework compliant with the IP multimedia core network subsystem specification. The architecture we describe has been realized by exploiting existing achievements in the field of conferencing. More precisely, starting from the IETF centralized conferencing (XCON) framework and based on an open source XCON implementation provided by our research group, we devised a distributed conferencing solution that was implemented as an overlay network of centralized conferencing clouds. The articles goal is to provide the reader with useful information about our experience with IMS implementation and deployment. We first describe our architecture from a high level design perspective and subsequently analyze it in detail by highlighting the most notable implementation choices

Energy- and Delay-Efficient Routing in Mobile Ad Hoc Networks

In this paper we discuss how we improved the MChannel group communication middleware for Mobile Ad-hoc Networks (MANETs) in order to let it become both delay- and energy-aware. MChannel makes use of the Optimized Link State Routing (OLSR) protocol, which is natively based on a simple hop-count metric for the route selection process. Based on such metric, OLSR exploits Dijkstra’s algorithm to find optimal paths across the network. We added a new module to MChannel, enabling unicast routing based on two alternative metrics, namely end-to-end delay and overall network lifetime. With such new module, we prove that network lifetime and average end-to-end delay improve, compared to the original OLSR protocol implementation included in the mentioned middleware. Thanks to MChannel’s approach, which implements routing in the user’s space, the improvements achieved in the unicast jOLSR routing protocol are transparently applied to the upstanding MChannel overlay multicast OMOLSR protocol. We also discuss how the proposed new module actually represents a general framework which can be used by programmers to introduce in MChannel novel metrics and path selection algorithms.

REFACING: An autonomic approach to network security based on multidimensional trustworthiness

Several research efforts have recently focused on achieving distributed anomaly detection in an effective way. As a result, new information fusion algorithms and models have been defined and applied in order to correlate information from multiple intrusion detection sensors distributed inside the network. In this field, an approach which is gaining momentum in the international research community relies on the exploitation of the Dempster-Shafer (D-S) theory. Dempster and Shafer have conceived a mathematical theory of evidence based on belief functions and plausible reasoning, which is used to combine separate pieces of information (evidence) to compute the probability of an event. However, the adoption of the D-S theory to improve distributed anomaly detection efficiency generally involves facing some important issues. The most important challenge definitely consists in sorting the uncertainties in the problem into a priori independent items of evidence. We believe that this can be effectively carried out by looking at some of the principles of autonomic computing in a self-adaptive fashion, i.e. by introducing support for self-management, self-configuration and self-optimization functionality. In this paper, we intend to tackle some of the above mentioned issues by proposing the application of the D-S theory to network information fusion. This will be done by proposing a model for a self-management supervising layer exploiting the innovative concept of multidimensional reputation, which we have called REFACING (RElationship-FAmiliarity-Confidence-INteGrity).