MMPTCP : a novel transport protocol for data centre networks

Kheirkhah Sabetghadam, Morteza

January 2016

Modern data centres provide large aggregate capacity in the backbone of networks so that servers can theoretically communicate with each other at their maximum rates. However, the Transport Control Protocol (TCP) cannot efficiently use this large capacity even if Equal-Cost Multi-Path (ECMP) routing is enabled to exploit the existence of parallel paths. MultiPath TCP (MPTCP) can effectively use the network resources of such topologies by performing fast distributed load balancing. MPTCP is an appealing technique for data centres that are very dynamic in nature. However, it is ill-suited for handling short flows since it increases their flow completion time. To mitigate these problems, we propose Maximum MultiPath TCP (MMPTCP), a novel transport protocol for modern data centres. Unlike MPTCP, it provides high performance for all network flows. It also decreases the bursty nature of data centres, which is essentially rooted in traffic patterns of short flows. MMPTCP achieves these nice features by randomising a flow's packets via all parallel paths to a destination during the initial phase of data transmission until a certain amount of data is delivered. It then switches to MPTCP with several subflows in which data transmission is governed by MPTCP congestion control. In this way, short flows are delivered very fast via the initial phase only, and long flows are delivered by MPTCP with several subflows. We evaluate MMPTCP in a FatTree topology under various network conditions. We found that MMPTCP decreases the loss rate of all the links throughout the network and helps competing flows to achieve a better performance. Unlike MPTCP with a fixed number of subflows, MMPTCP offers high burst tolerance and low-latency for short flows while it maintains high overall network utilisation. MMPTCP is incrementally deployable in existing data centres because it does not require any modification to the network and application layers.

004.6

Trusted content-based publish/subscribe trees

Naicken, Stephen Murugapa

January 2012

Publish/Subscribe systems hold strong assumptions of the expected behaviour of clients and routers, as it is assumed they all abide by the matching and routing protocols. Assumptions of implicit trust between the components of the publish/subscribe infrastructure are acceptable where the underlying event distribution service is under the control of a single or multiple co-operating administrative entities and contracts between clients and these authorities exist, however there are application contexts where these presumptions do not hold. In such environments, such as ad hoc networks, there is the possibility of selfish and malicious behaviour that can lead to disruption of the routing and matching algorithms. The most commonly researched approach to security in publish/subscribe systems is role-based access control (RBAC). RBAC is suitable for ensuring confidentiality, but due to the assumption of strong identities associated with well defined roles and the absence of monitoring systems to allow for adaptable policies in response to the changing behaviour of clients, it is not appropriate for environments where: identities can not be assigned to roles in the absence of a trusted administrative entity; long-lived identities of entities do not exist; and where the threat model consists of highly adaptable malicious and selfish entities. Motivated by recent work in the application of trust and reputation to Peer-to-Peer networks, where past behaviour is used to generate trust opinions that inform future transactions, we propose an approach where the publish/subscribe infrastructure is constructed and re-configured with respect to the trust preferences of clients and routers. In this thesis, we show how Publish/Subscribe trees (PSTs) can be constructed with respect to the trust preferences of publishers and subscribers, and the overhead costs of event dissemination. Using social welfare theory, it is shown that individual trust preferences over clients and routers, which are informed by a variety of trust sources, can be aggregated to give a social preference over the set of feasible PSTs. By combining this and the existing work on PST overheads, the Maximum Trust PST with Overhead Budget problem is defined and is shown to be in NP-complete. An exhaustive search algorithm is proposed that is shown to be suitable only for very small problem sizes. To improve scalability, a faster tabu search algorithm is presented, which is shown to scale to larger problem instances and gives good approximations of the optimal solutions. The research contributions of this work are: the use of social welfare theory to provide a mechanism to establish the trustworthiness of PSTs; the finding that individual trust is not interpersonal comparable as is considered to be the case in much of the trust literature; the Maximum Trust PST with Overhead Budget problem; and algorithms to solve this problem.

004

Making it personal : web users and algorithmic personalisation

Kant, Tanya

January 2016

This thesis investigates how web users negotiate and engage with contemporary algorithmic personalisation practices; that is, practices which seek to infer (via data tracking mechanisms and other algorithmic means) a user's habits, preferences or identity categorisations in order to ‘make personal' some component of that user's web experience. Drawing on thirty-six semi-structured interviews, I employ a qualitative methodology that seeks to bridge the gap between critical theorisations of algorithmic personalisation and the negotiations of web users themselves who encounter algorithmic personalisation in everyday life. To do this I focus on three sites of investigation. I first examine privacy tool Ghostery and the ways in which Ghostery users' negotiate their positions as data-tracked subjects, especially in relation to privacy, knowledge and their sense of self. I then investigate Facebook's autoposting apps as examples of algorithmic personalisation that act on the user's behalf, and draw on the accounts of Facebook app users to explore themes such as identity performance, autonomous control and algorithmic governance. Finally I examine users' engagement with the ‘predictive powers' (Google Now, 2014) of the personalisation app Google Now, specifically in regards to notions of user trust, expectation and speculation. My critical enquiries produced a number of themes that tie this thesis together. Central were: the epistemic uncertainties that emerged as trust and anxiety in participant responses; the implications for a performative understanding of selfhood when algorithmic personalisation intervenes in user self-articulation; the (asymmetrical) data-for-services exchange which web users must negotiate with commercial data trackers; and the struggle for autonomy between user and system that algorithmic personalisation creates. The thesis also argues that algorithmic personalisation demands that web users' identities be constituted as both a stable and fixable ‘single identity', but also as recursively reworkable, dividualised and endlessly expressable entities.

384.3

Participant Domain Name Token Profile for security enhancements supporting service oriented architecture

Cheong, Chi Po

January 2014

This research proposes a new secure token profile for improving the existing Web Services security standards. It provides a new authentication mechanism. This additional level of security is important for the Service-Oriented Architecture (SOA), which is an architectural style that uses a set of principles and design rules to shape interacting applications and maintain interoperability. Currently, the market push is towards SOA, which provides several advantages, for instance: integration with heterogeneous systems, services reuse, standardization of data exchange, etc. Web Services is one of the technologies to implement SOA and it can be implemented using Simple Object Access Protocol (SOAP). A SOAP-based Web Service relies on XML for its message format and common application layer protocols for message negotiation and transmission. However, it is a security challenge when a message is transmitted over the network, especially on the Internet. The Organization for Advancement of Structured Information Standards (OASIS) announced a set of Web Services Security standards that focus on two major areas. “Who” can use the Web Service and “What” are the permissions. However, the location or domain of the message sender is not authenticated. Therefore, a new secure token profile called: Participant Domain Name Token Profile (PDNT) is created to tackle this issue. The PDNT provides a new security feature, which the existing token profiles do not address. Location-based authentication is achieved if adopting the PDNT when using Web Services. In the performance evaluation, PDNT is demonstrated to be significantly faster than other secure token profiles. The processing overhead of using the PDNT with other secure token profiles is very small given the additional security provided. Therefore all the participants can acquire the benefits of increased security and performance at low cost.

620

Formal specification and verification of peer-to-peer network protocols.

Konga, Yannick Lokombo Kala.

January 2011

M. Tech. Electrical Engineering. / This research presented an integrated formal model of the JXTA protocol suite. The integrated model is constructed from the individual models describing the behaviours of protocols entities. Written in the PROMELA specification language, the finite state automata of these models are shown instead. The SPIN-based formal verification revealed that this studys integrated model was too large to perform for the computational resources available. This was in spite of the application of multiple complexity reduction techniques. Subsequently, as final recourse, the research resorted to the formal verification of individual protocols by making further abstraction of the interaction and dependencies between protocols. A number of errors were found including an invalid end state in the routing protocols and multiple non-progress cycles.

Dissertations, Academic -- South Africa.

JXTA (Computer network protocol)

Computer network protocols -- Standards.

PROMELA

A MAC protocol for IP-based CDMA wireless networks.

Mahlaba, Simon Bonginkosi.

January 2005

The evolution of the intemet protocol (IP) to offer quality of service (QoS) makes it a suitable core network protocol for next generation networks (NGN). The QoS features incorporated to IP will enable future lP-based wireless networks to meet QoS requirements of various multimedia traffic. The Differentiated Service (Diffserv) Architecture is a promising QoS technology due to its scalability which arises from traffic flow aggregates. For this reason, in this dissertation a network infrastructure based on DiffServ is assumed. This architecture provides assured service (AS) and premium service (PrS) classes in addition to best-effort service (BE). The medium access control (MAC) protocol is one of the important design issues in wireless networks. In a wireless network carrying multimedia traffic, the MAC protocol is required to provide simultaneous support for a wide variety of traffic types, support traffic with delay and jitter bounds, and assign bandwidth in an efficient and fair manner among traffic classes. Several MAC protocols capable of supporting multimedia services have been proposed in the literature, the majority of which were designed for wireless A1M (Asynchronous Transfer Mode). The focus of this dissertation is on time division multiple access and code division multiple access (TDMAlCDMA) based MAC protocols that support QoS in lP-based wireless networks. This dissertation begins by giving a survey of wireless MAC protocols. The survey considers MAC protocols for centralised wireless networks and classifies them according to their multiple access technology and as well as their method of resource sharing. A novel TDMAlCDMA based MAC protocol incorporating techniques from existing protocols is then proposed. To provide the above-mentioned services, the bandwidth is partitioned amongst AS and PrS classes. The BE class utilizes the remaining bandwidth from the two classes because it does not have QoS requirements. The protocol employs a demand assignment (DA) scheme to support traffic from PrS and AS classes. BE traffic is supported by a random reservation access scheme with dual multiple access interference (MAl) admission thresholds. The performance of the protocol, i.e. the AS or PrS call blocking probability, and BE throughput are evaluated through Markov analytical models and Monte-Carlo simulations. Furthermore, the protocol is modified and incorporated into IEEE 802.16 broadband wireless access (BWA) network. / Thesis (M.Sc.)-University of KwaZulu-Natal, Durban, 2005.

Code division multiple access.

Theses--Electronic engineering.

Prototyping a peer-to-peer session initiation protocol user agent

Tsietsi, Mosiuoa Jeremia

10 March 2008

The Session Initiation Protocol (SIP) has in recent years become a popular protocol for the exchange of text, voice and video over IP networks. This thesis proposes the use of a class of structured peer to peer protocols - commonly known as Distributed Hash Tables (DHTs) - to provide a SIP overlay with services such as end-point location management and message relay, in the absence of traditional, centralised resources such as SIP proxies and registrars. A peer-to-peer layer named OverCord, which allows the interaction with any specific DHT protocol via the use of appropriate plug-ins, was designed, implemented and tested. This layer was then incorporated into a SIP user agent distributed by NIST (National Institute of Standards and Technology, USA). The modified user agent is capable of reliably establishing text, audio and video communication with similarly modified agents (peers) as well as conventional, centralized SIP overlays.

Computer networks

Computer network protocols -- Standards

Data transmission systems -- Standards

Computer network architectures

An investigation of the XMOS XSl architecture as a platform for development of audio control standards

Dibley, James

January 2014

This thesis investigates the feasiblity of using a new microcontroller architecture, the XMOS XS1, in the research and development of control standards for audio distribution networks. This investigation is conducted in the context of an emerging audio distribution network standard, Ethernet Audio/Video Bridging (`Ethernet AVB'), and an emerging audio control standard, AES-64. The thesis describes these emerging standards, the XMOS XS1 architecture (including its associated programming language, XC), and the open-source implementation of an Ethernet AVB streaming audio device based on the XMOS XS1 architecture. It is shown how the XMOS XS1 architecture and its associated features, focusing on the XC language's mechanisms for concurrency, event-driven programming, and integration of C software modules, enable a powerful implementation of the AES-64 control standard. Feasibility is demonstrated by the implementation of an AES-64 protocol stack and its integration into an XMOS XS1-based Ethernet AVB streaming audio device, providing control of Ethernet AVB features and audio hardware, as well as implementations of advanced AES-64 control mechanisms. It is demonstrated that the XMOS XS1 architecture is a compelling platform for the development of audio control standards, and has enabled the implementation of AES-64 connection management and control over standards-compliant Ethernet AVB streaming audio devices where no such implementation previously existed. The research additionally describes a linear design method for applications based on the XMOS XS1 architecture, and provides a baseline implementation reference for the AES-64 control standard where none previously existed.

Microcontrollers -- Research

Streaming audio -- Standards -- Research

Computer sound processing -- Research

An investigation into the control of audio streaming across networks having diverse quality of service mechanisms

Foulkes, Philip James

January 2012

The transmission of realtime audio data across digital networks is subject to strict quality of service requirements. These networks need to be able to guarantee network resources (e.g., bandwidth), ensure timely and deterministic data delivery, and provide time synchronisation mechanisms to ensure successful transmission of this data. Two open standards-based networking technologies, namely IEEE 1394 and the recently standardised Ethernet AVB, provide distinct methods for achieving these goals. Audio devices that are compatible with IEEE 1394 networks exist, and audio devices that are compatible with Ethernet AVB networks are starting to come onto the market. There is a need for mechanisms to provide compatibility between the audio devices that reside on these disparate networks such that existing IEEE 1394 audio devices are able to communicate with Ethernet AVB audio devices, and vice versa. The audio devices that reside on these networks may be remotely controlled by a diverse set of incompatible command and control protocols. It is desirable to have a common network-neutral method of control over the various parameters of the devices that reside on these networks. As part of this study, two Ethernet AVB systems were developed. One system acts as an Ethernet AVB audio endpoint device and another system acts as an audio gateway between IEEE 1394 and Ethernet AVB networks. These systems, along with existing IEEE 1394 audio devices, were used to demonstrate the ability to transfer audio data between the networking technologies. Each of the devices is remotely controllable via a network neutral command and control protocol, XFN. The IEEE 1394 and Ethernet AVB devices are used to demonstrate the use of the XFN protocol to allow for network neutral connection management to take place between IEEE 1394 and Ethernet AVB networks. User control over these diverse devices is achieved via the use of a graphical patchbay application, which aims to provide a consistent user interface to a diverse range of devices.

Streaming audio -- Testing

Data transmission systems -- Testing

Computer networks -- Management

Computer networks -- Evaluation

Computer network protocols -- Standards

Secure web applications against off-line password guessing attack : a two way password protocol with challenge response using arbitrary images

Lu, Zebin

14 August 2013

Indiana University-Purdue University Indianapolis (IUPUI) / The web applications are now being used in many security oriented areas, including online shopping, e-commerce, which require the users to transmit sensitive information on the Internet. Therefore, to successfully authenticate each party of web applications is very important. A popular deployed technique for web authentication is the Hypertext Transfer Protocol Secure (HTTPS) protocol. However the protocol does not protect the careless users who connect to fraudulent websites from being trapped into tricks. For example, in a phishing attack, a web user who connects to an attacker may provide password to the attacker, who can use it afterwards to log in the target website and get the victim’s credentials. To prevent phishing attacks, the Two-Way Password Protocol (TPP) and Dynamic Two-Way Password Protocol (DTPP) are developed. However there still exist potential security threats in those protocols. For example, an attacker who makes a fake website may obtain the hash of users’ passwords, and use that information to arrange offline password guessing attacks. Based on TPP, we incorporated challenge responses with arbitrary images to prevent the off-line password guessing attacks in our new protocol, TPP with Challenge response using Arbitrary image (TPPCA). Besides TPPCA, we developed another scheme called Rain to solve the same problem by dividing shared secrets into several rounds of negotiations. We discussed various aspects of our protocols, the implementation and experimental results.

Web Security

Web sites -- Security measures

World Wide Web -- Security measures

Computer network protocols -- Standards

Computer hackers

Computers -- Access control -- Passwords

Internet -- Security measures

Phishing -- Security measures