Yajuan Qin

A DHT-Based Identifier-to-Locator Mapping Approach for a Scalable Internet

It is commonly recognized that todays Internet routing and addressing system is facing serious scaling problems, which are mainly caused by the overloading of IP address semantics. That is, an IP address represents not only the location but also the identity of a host. To address this problem, several recent schemes propose to replace the IP namespace in todays Internet with a locator namespace and an identity namespace. The locator namespace consists of locators that are used to represent the locations of hosts. On the other hand, the identity namespace consists of identifiers that are used to represent the identities of hosts. For these schemes to work, there must be a mapping system that can supply an appropriate locator for any given end point identifier (EID). While prior related works mainly focus on aggregable EIDs, several recent works proposed the use of self-certifying EIDs for purpose of security and privacy. However, self-certifying EIDs are flat, unstructured and prior proposals cannot be used to deal with flat EIDs. In this paper, we propose a Distributed hash table (DHT)-based identifier-to-locator mapping scheme to resolve a locator for a flat identifier. We evaluate the performance of the proposed scheme. We show that, besides the capability to support flat EIDs, the scheme has good scalability and low resolution delay. We also show that the scheme is robust and can efficiently support mobility.

Implementation and analysis of proxy MIPv6

Mobile IPv6 (MIPv6) is a host-based mobility support specification which has been approved by the IETF as the standardized solution of global mobility management in IPv6 network for Mobile Node (MN). However, MIPv6 handover procedure results in a large handover delay. To improve its performance, some MIPv6 variants such as Fast Handover for MIPv6 (FMIPv6) and Hierarchical MIPv6 (HMIPv6) were proposed. However, they all require the MN to support the mobility management protocols which increase the difficulty of management and deployment. Recently, IETF NETLMM workgroup published the Proxy Mobile IPv6 (PMIPv6) which is a network-based localized mobility management to provide the mobility support for mobile host without the involvement of the mobility signaling. In this paper, we analyze the singling cost of PMIPv6 and implement it in our test-bed to evaluate its performance. The results show that the PMIPv6 has lower signaling cost and packet delivery cost, and it can improve the handover performance of UDP and TCP than the other mobility management protocols under low-delay networks, as for the wide area networks, it needs to introduce some mechanism like fast handover to further improve its performance. Copyright

A Proxy Mobile IPv6 Based Global Mobility Management Architecture and Protocol

This paper specifies a global mobility management architecture and protocol procedure called GPMIP, which is based on Proxy Mobile IPv6. In GPMIP, mobility management is performed by the network entity rather than individual mobile nodes. The benefit is the elimination of the wireless link data delivery tunnel overhead between a mobile node and the access router. To compare with the well known Hierarchical Mobile IPv6 mobility management protocol, the location update, packet delivery, and total cost functions generated by a mobile node during its average domain residence time are formulated for each protocol based on fluid flow mobility model. Then, the impacts of various system parameters on the cost functions are analyzed. The analytical results indicate that the proposed global mobility management protocol can guarantee lower total costs. Furthermore, a qualitative comparison between GPMIP and some other global management protocols is also investigated.

SHIP: Cross-layer mobility management scheme based on Session Initiation Protocol and Host Identity Protocol

In the all-IP wireless networks, mobility management is a crucial issue, and it can be operated at different layers in the traditional Transmission Control Protocol/Internet Protocol (TCP/IP) stack. Session Initiation Protocol (SIP) is an application layer protocol used for the signaling and the mobility management without any modifications of the lower layer protocols, especially in the voice over IP environment. However, since it always gets the lowest priority in the networking model, it will produce the large handoff latency, the packet loss, and the handoff blocking probability. To provide an efficient mobility management, SIP can be combined with other protocols. In this paper, we propose a cross-layer mobility management scheme based on SIP and the Host Identity Protocol (HIP) which is a new protocol designed to provide secure and continuous communications between two nodes by separating the identifier and the locator roles of the traditional IP address. In the proposed scheme, the mobile node and the correspondent node use their host identity tags to establish the session connections, and the mobile nodes uses the HIP location update scheme instead of the SIP location update scheme to update its IP address when it moves to a new subnet. We discuss the proposed scheme’s architecture and the major mobility procedures, including the session setup, the handoff and the location update in this paper. We also develop an analytical model to study the handoff performance of the proposed scheme, the typical SIP, and the hybrid SIP/Mobile IP, respectively. The analytical results demonstrate that the proposed scheme outperforms the typical SIP and the hybrid SIP/Mobile IP in terms of the handoff latency, the packet loss, and the handoff blocking probability.

An authentication method for proxy mobile IPv6 and performance analysis

Proxy mobile IPv6 (PMIPv6) is a network-based mobility protocol where the mobility management signaling is performed by a network entity on behalf of the node requiring mobility itself. To the best of our knowledge, no studies have been conducted in the area of proxy MIPv6 authentication method. This paper proposes an authentication method in proxy MIPv6. In addition to providing access authentication, the proposed authentication method prevents threats such as replay attack and key exposure. Also, we develop analytic models for the authentication latency and cost analysis. Then, the impacts of mobility and traffic parameters on the authentication cost and latency are analyzed, respectively. Copyright

A practical deployment of Intelligent Building Wireless Sensor Network for environmental monitoring and air-conditioning control

Wireless sensor network is the core support technology in the framework of the Internet of Things. Environmental monitoring and devices control of intelligent building based on wireless sensor network is considered as one of the most crucial applications. It can perceive several environmental parameters and feedback control information to devices to provide more comfortable environment for people. However, it is difficult to ensure performance of wireless sensor network deployed in the buildings, because there usually are several serious disturbances from coexistence wireless systems and human actions. In this paper, we deploy a practical Intelligent Building Wireless Sensor Network (IBWSN) based on the analysis of actual spectrum, Link Quality Indicator, Received Signal Strength Indicator and Package Loss Rate. Performance evaluation proves that the presented system can satisfy the needs of the proposed applications for environmental monitoring and air-conditioning control.

Modeling denial-of-service against pending interest table in named data networking

Named data networking NDN has attracted much attention on the design for next generation Internet architecture. Although it embeds some security primitives in its original architecture, it may suffer from denial-of-service DoS attacks. In this paper, we model one representative type of NDN-specific DoS attacks named DoS against pending interest table PIT, or DoS-PIT, which floods malicious Interests that request nonexistent content to bypass cached content at routers and to exhaust the memory resource for PIT, bringing in severe service degradation. In our proposed analytical model, the closed-form expressions for the DoS probability for users suffering DoS-PIT are derived, while considering several important factors of NDN networks such as PIT size, time-to-live of each PIT entry, popularity of content, and cache size. Moreover, extensive simulation experiments demonstrate the accuracy of the proposed model on evaluating the damage effect of DoS-PIT. In addition, the proposed model can be chosen to guide designing effective countermeasures for DoS-PIT or attacks with similar way to harm NDN by properly setting the values of some parameters e.g., cache size of each NDN router. Copyright

Implementation and analysis of network-based mobility management protocol in WLAN environments

Mobile IPv6 (MIPv6) has been approved by the IETF as the standardized solution for mobility management in IPv6 network. MIPv6 is a host-based mobility support specification, and it can provide the global mobility support for mobile terminal. However, MIPv6 handover procedure results in a long handover delay. To improve the handover performance, some MIPv6 variants such as Fast Handover for MIPv6 (FMIPv6) and Hierarchical MIPv6 (HMIPv6) were proposed. However, they all require the mobile terminal to support the mobility management protocols. Recently, the Proxy Mobile IPv6 (PMIPv6) was proposed in IETF NETLMM workgroup, which is a network-based localized mobility management and it can provide the mobility support for mobile node without an involvement in the mobility signaling. The previous work about the performance evaluation of PMIPv6 is mainly based on the analysis and lacks of evaluation in a real system. So, in this paper, we study the PMIPv6 and implement it in the WLAN environments. We set up a test-bed to evaluate its performance and compare it with the other mobility specifications including the MIPv6, FMIPv6 and HMIPv6. The results show that the PMIPv6 can improve the handover performance under low-delay networks, as for the wide are networks, it needs to introduce some mechanism like fast handover needs to further improve its performance.

Cooperative-Filter: countering Interest flooding attacks in named data networking

Named data networking (NDN) is an emerging networking paradigm that is considered as one of the promising candidates for next-generation Internet architecture. To be a viable Internet architecture, NDN must be resilient against current and emerging threats. This paper focuses on how to detect and mitigate the Interest flooding attack (IFA) in NDN, which can excessively consume the resource of each involved router by flooding too many malicious Interest packets with fake names. In this paper, to counter IFA, an architecture called Cooperative-Filter is proposed. It detects IFA using fuzzy logic, and mitigates it based on the cooperation between routers at the granularity of per-prefix-per-interface, by taking advantages of the state statistics of each router. Moreover, the performance of Cooperative-Filter is evaluated, based on both effect of it on reducing memory resource consumption of each involved router and the effect on increasing Interest satisfaction rate for legitimate users when suffering IFA as well as on decreasing the Interest-retrieving delay. Simulation results demonstrate that Cooperative-Filter can detect IFA and effectively mitigate its damage effect on NDN. To the best of our knowledge, this is the first attempt to design an IFA countermeasure embedding with fuzzy logic as well as countering IFA at the granularity of per-prefix-per-interface.

Detecting and mitigating interest flooding attacks in content-centric network

The original architecture of content-centric network CCN may suffer from interest flooding attacks. In this paper, we focus on one type of interest flooding attacks called denial of service against content source DACS attack. To damage CCN, it floods a large number of malicious interests requesting content that does not exist, which guarantees that no cache hit can occur at routers until these malicious interests reach the target content source. Thus, it can directly exhaust the resource of the victim. To counter it, we propose a threshold-based detecting and mitigating TDM scheme. The basic idea is to detect DACS attack on the basis of the frequency that pending interest table items in CCN routers expire recording this frequency by introducing two counters with their corresponding thresholds and one indicator for counter mode and to mitigate it by implementing the rate limiter in each router. From the viewpoint of a CCN router, we analyze the performance of TDM in terms of detection ability and effect on mitigating malicious traffic. In addition, we briefly analyze the overhead of TDM. The results show that TDM achieves high detection ability and good effect on mitigating malicious traffic while bringing in small overhead on countering DACS attack. To the best of our knowledge, this is the first attempt to design a detailed scheme embedded with corresponding algorithms on countering this attack. Copyright