Spelling suggestions: "subject:"samedata networking"" "subject:"samedata etworking""
1 |
A multifold approach to address the security issues of stateful forwarding mechanisms in Information-Centric Networks / Une approche multidimensionnelle pour aborder les problèmes de sécurité des mécanismes d'acheminement à états dans les réseaux orientés contenusSignorello, Salvatore 21 June 2018 (has links)
Ce travail illustre comment les tendances actuelles d'utilisation dominantes sur Internet motivent la recherche sur des architectures futures de réseau plus orientées vers le contenu. Parmi les architectures émergentes pour l'Internet du futur, le paradigme du Information-Centric Networking (ICN) est présenté. ICN vise à redéfinir les protocoles de base d'Internet afin d'y introduire un changement sémantique des hôtes vers les contenus. Parmi les architectures ICN, le Named-Data Networking (NDN) prévoit que les demandes nommées de contenus des utilisateurs soient transmises par leur nom dans les routeurs le long du chemin d'un consommateur à une ou plusieurs sources de contenus. Ces demandes de contenus laissent des traces dans les routeurs traversés qui sont ensuite suivis par les paquets de contenus demandés. La table d'intérêt en attente (PIT) est le composant du plan de données de l'NDN qui enregistre temporairement les demandes de contenus acheminés dans les routeurs. D'une part, ce travail explique que le mécanisme d'acheminement à états de la PIT permet des propriétés comme l'agrégation de requêtes, le multicast de réponses et le contrôle natif de flux hop-by-hop. D'autre part, ce travail illustre comment l'acheminement à états de la PIT peut facilement être mal utilisé par des attaquants pour monter des attaques de déni de service distribué (DDoS) disruptives, appelées Interest Flooding Attacks (IFAs). Dans les IFAs, des botnets vaguement coordonnés peuvent inonder le réseau d'une grande quantité de demandes difficiles à satisfaire dans le but de surcharger soit l'infrastructure du réseau soit les producteurs de contenus. Ce travail de thèse prouve que bien que des contre-mesures contre les IFAs aient été proposées, il manque une compréhension complète de leur efficacité réelle puisque celles-ci ont été testées sous des hypothèses simplistes sur les scénarios d'évaluation. Dans l'ensemble, le travail présenté dans ce manuscrit permet de mieux comprendre les implications des IFAs et les opportunités d'améliorer les mécanismes de défense existants contre ces attaques. Les principales contributions de ce travail de thèse tournent autour d'une analyse de sécurité du plan d'acheminement dans l'architecture NDN. En particulier, ce travail définit un modèle d'attaquant plus robuste pour les IFAs à travers l'identification des failles dans les contre-mesures IFA existantes. Ce travail introduit un nouvel ensemble d'IFAs basé sur le modèle d'attaquant proposé. Les nouveaux IFAs sont utilisés pour réévaluer les plus efficaces contre-mesures IFA existantes. Les résultats de cette évaluation réfutent l'efficacité universelle des mécanismes de défense existants contre l'IFA et, par conséquent, appellent à différentes contre-mesures pour protéger le NDN contre cette menace de sécurité. Pour surmonter le problème révélé, ce travail définit également des contre-mesures proactives contre l'IFA, qui sont de nouveaux mécanismes de défense contre les IFA inspirés par les problèmes rencontrés dans l'état de l'art. Ce travail présente Charon, une nouvelle contre-mesure proactive contre l'IFA, et la teste contre les nouvelles IFAs. Ce travail montre que Charon est plus efficace que les contre-mesures IFA réactives existantes. Enfin, ce travail illustre la conception NDN.p4, c'est-à-dire la première implémentation d'un protocole ICN écrit dans le langage de haut niveau pour les processeurs de paquets P4. Le travail NDN.p4 est la première tentative dans la littérature visant à tirer parti des nouveaux techniques de réseaux programmables pour tester et évaluer différentes conceptions de plan de données NDN. Cette dernière contribution classe également les mécanismes alternatifs d'acheminement par rapport à un ensemble de propriétés cardinales de la PIT. Le travail souligne qu'il vaut la peine d'explorer d'autres mécanismes d'acheminement visant à concevoir un plan de données NDN moins vulnérable à la menace IFA / This work illustrates how today's Internet dominant usage trends motivate research on more content-oriented future network architectures. Among the emerging future Internet proposals, the promising Information-Centric Networking (ICN) research paradigm is presented. ICN aims to redesign Internet's core protocols to promote a shift in focus from hosts to contents. Among the ICN architectures, the Named-Data Networking (NDN) envisions users' named content requests to be forwarded by their names in routers along the path from one consumer to 1-or-many sources. NDN's requests leave trails in traversed routers which are then followed backwards by the requested contents. The Pending Interest Table (PIT) is the NDN's data-plane component which temporarily records forwarded content requests in routers. On one hand, this work explains that the PIT stateful mechanism enables properties like requests aggregation, multicast responses delivery and native hop-by-hop control flow. On the other hand, this work illustrates how the PIT stateful forwarding behavior can be easily abused by malicious users to mount disruptive distributed denial of service attacks (DDoS), named Interest Flooding Attacks (IFAs). In IFAs, loosely coordinated botnets can flood the network with a large amount of hard to satisfy requests with the aim to overload both the network infrastructure and the content producers. This work proves that although countermeasures against IFAs have been proposed, a fair understanding of their real efficacy is missing since those have been tested under simplistic assumptions about the evaluation scenarios. Overall, the work presented in this manuscript shapes a better understanding of both the implications of IFAs and the possibilities of improving the state-of-the-art defense mechanisms against these attacks. The main contributions of this work revolves around a security analysis of the NDN's forwarding plane. In particular, this work defines a more robust attacker model for IFAs by identifying flaws in the state-of-the-art IFA countermeasures. This work introduces a new set of IFAs built upon the proposed attacker model. The novel IFAs are used to re-assess the most effective existing IFA countermeasures. Results of this evaluation disproves the universal efficacy of the state-of-the-art IFA defense mechanisms and so, call for different countermeasures to protect the NDN against this threat. To overcome the revealed issue, this work also defines proactive IFA countermeasures, which are novel defense mechanisms against IFAs inspired by the issues with the state-of-the-art ones. This work introduces Charon, a novel proactive IFA countermeasure, and tests it against the novel IFA attacks. This work shows Charon counteracts latest stealthy IFAs better than the state-of-the-art reactive countermeasures. Finally, this work illustrates the NDN.p4 design, that is, the first implementation of an ICN protocol written in the high-level language for packet processors P4. The NDN.p4 work is the first attempt in the related literature to leverage novel programmable-networks technologies to test and evaluate different NDN forwarding plane designs. This last contribution also classifies existing alternative forwarding mechanisms with respect to a set of PIT cardinal properties. The work outlines that it is worth to explore alternative forwarding mechanisms aiming to design an NDN forwarding plane less vulnerable to the IFA threat
|
2 |
Preventing information leakage in NDN with name and flow filters / Prévenir la fuite d'information dans les NDN grâce aux filtres de noms et de fluxKondo, Daishi 17 December 2018 (has links)
Au cours des dernières années, les réseaux de type (NDN) sont devenus une des architectures réseau les plus prometteuses. Pour être adopté à l'échelle d'Internet, NDN doit résoudre les problèmes inhérents à l'Internet actuel. La fuite d’informations fait partie de ces problèmes, et il est très important d’évaluer ce risque pour les réseaux de type NDN. La thèse se propose d'évaluer ce risque. En supposant (i) qu'un ordinateur appartient au réseau d'une entreprise basée sur une architecture NDN, (ii) que l'ordinateur a déjà été compromis par un support malveillant, et (iii) que la société installe un pare-feu, la thèse évalue la situation dans laquelle l’ordinateur infecté tente de divulguer des données à un attaquant externe à l'entreprise. Les contributions de cette thèse sont au nombre de cinq. Tout d'abord, cette thèse propose une attaque par fuite d'informations via un paquet donné et un paquet intérêt propres à NDN. Deuxièmement, afin de remédier à l'attaque fuite d'informations, cette thèse propose un pare-feu basé sur l'utilisation d'une liste blanche et d'une liste noire afin de surveiller et traiter le trafic NDN provenant des consommateurs. Troisièmement, cette thèse propose un filtre de noms NDN pour classifier un nom dans un paquet d'intérêt comme étant légitime ou non. Le filtre de noms peut ainsi réduire le débit par paquet d'intérêt. Cependant, pour adapter la vitesse de l'attaque, les logiciels malveillants peuvent envoyer de nombreux intérêts en très peu de temps. De même, le logiciel malveillant peut exploiter un intérêt avec une information explicite dans le nom (comme peut le faire un message véhiculé par un POST sur HTTP). Cela dépasse alors la portée du filtre de nom proposé et rend le filtre inefficace. Pour prendre en compte le flux de trafic analysé par le pare-feu NDN, cette thèse propose comme quatrième contribution la surveillance du flux NDN à travers le pare-feu. Enfin, afin de traiter les inconvénients du filtre de noms NDN, cette thèse propose un filtre de flux NDN permettant de classer un flux comme légitime ou non. L'évaluation des performances montre que le filtre de flux complète de manière tout à fait performante le filtre de nom et réduit considérablement le débit de fuite d'informations / In recent years, Named Data Networking (NDN) has emerged as one of the most promising future networking architectures. To be adopted at Internet scale, NDN needs to resolve the inherent issues of the current Internet. Since information leakage from an enterprise is one of the big issues even in the Internet and it is very crucial to assess the risk before replacing the Internet with NDN completely, this thesis investigates whether a new security threat causing the information leakage can happen in NDN. Assuming that (i) a computer is located in the enterprise network that is based on an NDN architecture, (ii) the computer has already been compromised by suspicious media such as a malicious email, and (iii) the company installs a firewall connected to the NDN-based future Internet, this thesis focuses on a situation that the compromised computer (i.e., malware) attempts to send leaked data to the outside attacker. The contributions of this thesis are fivefold. Firstly, this thesis proposes an information leakage attack through a Data and through an Interest in NDN. Secondly, in order to address the information leakage attack, this thesis proposes an NDN firewall which monitors and processes the NDN traffic coming from the consumers with the whitelist and blacklist. Thirdly, this thesis proposes an NDN name filter to classify a name in the Interest as legitimate or not. The name filter can, indeed, reduce the throughput per Interest, but to ameliorate the speed of this attack, malware can send numerous Interests within a short period of time. Moreover, the malware can even exploit an Interest with an explicit payload in the name (like an HTTP POST message in the Internet), which is out of scope in the proposed name filter and can increase the information leakage throughput by adopting a longer payload. To take traffic flow to the NDN firewall from the consumer into account, fourthly, this thesis proposes an NDN flow monitored at an NDN firewall. Fifthly, in order to deal with the drawbacks of the NDN name filter, this thesis proposes an NDN flow filter to classify a flow as legitimate or not. The performance evaluation shows that the flow filter complements the name filter and greatly chokes the information leakage throughput
|
3 |
Adaptive Forwarding in Named Data NetworkingYi, Cheng January 2014 (has links)
Named Data Networking (NDN) is a recently proposed new Internet architecture. By naming data instead of locations, it changes the very basic network service abstraction from "delivering packets to given destinations" to "retrieving data of given names." This fundamental change creates an abundance of new opportunities as well as many intellectual challenges in application development, network routing and forwarding, communication security and privacy. The focus of this dissertation is a unique feature introduced by NDN: its adaptive forwarding plane. Communication in NDN is done by exchanges of Interest and Data packets. Consumers send Interest packets to request desired Data, routers forward them based on data names, and producers answer with Data packets, which take the same path of Interests but in reverse direction. During this process, routers maintain state information of pending Interests. This state information, coupled with the symmetric exchange of Interest and Data, enables NDN routers to detect loops, observe data retrieval performance, and explore multiple forwarding paths, all at the forwarding plane. Since NDN is still in its early stage, however, none of these powerful features has been systematically designed, valuated, or explored. In this dissertation, we present a concrete design of NDN's forwarding plane to make the network resilient and efficient. First, we design the basic adaptation mechanism and evaluate its effectiveness in circumventing prefix hijack attacks. Second, we propose a novel NACK mechanism for fast failure detection and evaluate its benefits in handling network failures. We also show that a resilient forwarding plane makes routing more stable and more scalable. Third, we design a congestion control mechanism, Dynamic Interest Limiting, to adapt traffic rate in a hop-by-hop and multipath fashion, which is effective even with a large number of flows in a large network topology.
|
4 |
PDRM : a proactive data replication mechanism to improve content mobility support in NDN using location awarenessLehmann, Matheus Brenner January 2017 (has links)
O problema de lidar com a mobilidade dos usuários existe desde que os dispositivos móveis se tornaram capazes de lidar com conteúdo multimídia e ainda é um dos desafios mais relevantes na área de redes de computadores. A arquitetura de Internet convencional é inadequada em lidar com um número cada vez maior de dispositivos móveis que estão tanto consumindo quanto produzindo conteúdo. Named Data Networking (NDN) é uma arquitetura de rede que pode potencialmente superar este desafio de mobilidade. Ela suporta a mobilidade do consumidor nativamente, mas não oferece o mesmo nível de suporte para a mobilidade de conteúdo. A mobilidade de conteúdo exige garantir que os consumidores consigam encontrar e recuperar o conteúdo desejado mesmo quando o produtor correspondente (ou o hospedeiro principal) não estiver disponível. Nesta tese, propomos o PDRM (Proactive Data Replication Mechanism), um mecanismo de replicação de dados proativo e consciente de localização, que aumenta a disponibilidade de conteúdo através da redundância de dados no contexto da arquitetura NDN. Ele explora os recursos disponíveis dos usuários finais na vizinhança para melhorar a disponibilidade de conteúdo, mesmo no caso da mobilidade do produtor. Ao longo da tese, discutimos o projeto do PDRM, avaliamos o impacto do número de provedores disponíveis na vizinhança e a capacidade de cache na rede em sua operação e comparamos seu desempenho com NDN padrão e duas propostas do estado-da-arte. A avaliação indica que o PDRM melhora o suporte à mobilidade de conteúdo devido ao uso de informações de popularidade dos objetos e recursos extras na vizinhança para ajudar a replicação pró-ativa. Os resultados mostram que o PDRM pode reduzir os tempos de download até 53,55%, o carregamento do produtor até 71,6%, o tráfego entre domínios até 46,5% e a sobrecarga gerada até 25% em comparação com NDN padrão e os demais mecanismos avaliados. / The problem of handling user mobility has been around since mobile devices became capable of handling multimedia content and is still one of the most relevant challenges in networking. The conventional Internet architecture is inadequate in dealing with an ever-growing number of mobile devices that are both consuming and producing content. Named Data Networking (NDN) is a network architecture that can potentially overcome this mobility challenge. It supports consumer mobility by design but fails to offer the same level of support for content mobility. Content mobility requires guaranteeing that consumers manage to find and retrieve desired content even when the corresponding producer (or primary host) is not available. In this thesis, we propose PDRM, a Proactive and locality-aware Data Replication Mechanism that increases content availability through data redundancy in the context of the NDN architecture. It explores available resources from end-users in the vicinity to improve content availability even in the case of producer mobility. Throughout the thesis, we discuss the design of PDRM, evaluate the impact of the number of available providers in the vicinity and in-network cache capacity on its operation, and compare its performance to Vanilla NDN and two state-of-the-art proposals. The evaluation indicates that PDRM improves content mobility support due to using object popularity information and spare resources in the vicinity to help the proactive replication. Results show that PDRM can reduce the download times up to 53.55%, producer load up to 71.6%, inter-domain traffic up to 46.5%, and generated overhead up to 25% compared to Vanilla NDN and other evaluated mechanisms.
|
5 |
PDRM : a proactive data replication mechanism to improve content mobility support in NDN using location awarenessLehmann, Matheus Brenner January 2017 (has links)
O problema de lidar com a mobilidade dos usuários existe desde que os dispositivos móveis se tornaram capazes de lidar com conteúdo multimídia e ainda é um dos desafios mais relevantes na área de redes de computadores. A arquitetura de Internet convencional é inadequada em lidar com um número cada vez maior de dispositivos móveis que estão tanto consumindo quanto produzindo conteúdo. Named Data Networking (NDN) é uma arquitetura de rede que pode potencialmente superar este desafio de mobilidade. Ela suporta a mobilidade do consumidor nativamente, mas não oferece o mesmo nível de suporte para a mobilidade de conteúdo. A mobilidade de conteúdo exige garantir que os consumidores consigam encontrar e recuperar o conteúdo desejado mesmo quando o produtor correspondente (ou o hospedeiro principal) não estiver disponível. Nesta tese, propomos o PDRM (Proactive Data Replication Mechanism), um mecanismo de replicação de dados proativo e consciente de localização, que aumenta a disponibilidade de conteúdo através da redundância de dados no contexto da arquitetura NDN. Ele explora os recursos disponíveis dos usuários finais na vizinhança para melhorar a disponibilidade de conteúdo, mesmo no caso da mobilidade do produtor. Ao longo da tese, discutimos o projeto do PDRM, avaliamos o impacto do número de provedores disponíveis na vizinhança e a capacidade de cache na rede em sua operação e comparamos seu desempenho com NDN padrão e duas propostas do estado-da-arte. A avaliação indica que o PDRM melhora o suporte à mobilidade de conteúdo devido ao uso de informações de popularidade dos objetos e recursos extras na vizinhança para ajudar a replicação pró-ativa. Os resultados mostram que o PDRM pode reduzir os tempos de download até 53,55%, o carregamento do produtor até 71,6%, o tráfego entre domínios até 46,5% e a sobrecarga gerada até 25% em comparação com NDN padrão e os demais mecanismos avaliados. / The problem of handling user mobility has been around since mobile devices became capable of handling multimedia content and is still one of the most relevant challenges in networking. The conventional Internet architecture is inadequate in dealing with an ever-growing number of mobile devices that are both consuming and producing content. Named Data Networking (NDN) is a network architecture that can potentially overcome this mobility challenge. It supports consumer mobility by design but fails to offer the same level of support for content mobility. Content mobility requires guaranteeing that consumers manage to find and retrieve desired content even when the corresponding producer (or primary host) is not available. In this thesis, we propose PDRM, a Proactive and locality-aware Data Replication Mechanism that increases content availability through data redundancy in the context of the NDN architecture. It explores available resources from end-users in the vicinity to improve content availability even in the case of producer mobility. Throughout the thesis, we discuss the design of PDRM, evaluate the impact of the number of available providers in the vicinity and in-network cache capacity on its operation, and compare its performance to Vanilla NDN and two state-of-the-art proposals. The evaluation indicates that PDRM improves content mobility support due to using object popularity information and spare resources in the vicinity to help the proactive replication. Results show that PDRM can reduce the download times up to 53.55%, producer load up to 71.6%, inter-domain traffic up to 46.5%, and generated overhead up to 25% compared to Vanilla NDN and other evaluated mechanisms.
|
6 |
Named Data Networking in Local Area NetworksShi, Junxiao, Shi, Junxiao January 2017 (has links)
The Named Data Networking (NDN) is a new Internet architecture that changes the network semantic from packet delivery to content retrieval and promises benefits in areas such as content distribution, security, mobility support, and application development. While the basic NDN architecture applies to any network environment, local area networks (LANs) are of particular interest because of their prevalence on the Internet and the relatively low barrier to deployment.
In this dissertation, I design NDN protocols and implement NDN software, to make NDN communication in LAN robust and efficient. My contributions include: (a) a forwarding behavior specification required on every NDN node; (b) a secure and efficient self-learning strategy for switched Ethernet, which discovers available contents via occasional flooding, so that the network can operate without manual configuration, and does not require a routing protocol or a centralized controller; (c) NDN-NIC, a network interface card that performs name-based packet filtering, to reduce CPU overhead and power consumption of the main system during broadcast communication on shared media; (d) the NDN Link Protocol (NDNLP), which allows the forwarding plane to add hop-by-hop headers, and provides a fragmentation-reassembly feature so that large NDN packets can be sent directly over Ethernet with limited MTU.
|
7 |
PDRM : a proactive data replication mechanism to improve content mobility support in NDN using location awarenessLehmann, Matheus Brenner January 2017 (has links)
O problema de lidar com a mobilidade dos usuários existe desde que os dispositivos móveis se tornaram capazes de lidar com conteúdo multimídia e ainda é um dos desafios mais relevantes na área de redes de computadores. A arquitetura de Internet convencional é inadequada em lidar com um número cada vez maior de dispositivos móveis que estão tanto consumindo quanto produzindo conteúdo. Named Data Networking (NDN) é uma arquitetura de rede que pode potencialmente superar este desafio de mobilidade. Ela suporta a mobilidade do consumidor nativamente, mas não oferece o mesmo nível de suporte para a mobilidade de conteúdo. A mobilidade de conteúdo exige garantir que os consumidores consigam encontrar e recuperar o conteúdo desejado mesmo quando o produtor correspondente (ou o hospedeiro principal) não estiver disponível. Nesta tese, propomos o PDRM (Proactive Data Replication Mechanism), um mecanismo de replicação de dados proativo e consciente de localização, que aumenta a disponibilidade de conteúdo através da redundância de dados no contexto da arquitetura NDN. Ele explora os recursos disponíveis dos usuários finais na vizinhança para melhorar a disponibilidade de conteúdo, mesmo no caso da mobilidade do produtor. Ao longo da tese, discutimos o projeto do PDRM, avaliamos o impacto do número de provedores disponíveis na vizinhança e a capacidade de cache na rede em sua operação e comparamos seu desempenho com NDN padrão e duas propostas do estado-da-arte. A avaliação indica que o PDRM melhora o suporte à mobilidade de conteúdo devido ao uso de informações de popularidade dos objetos e recursos extras na vizinhança para ajudar a replicação pró-ativa. Os resultados mostram que o PDRM pode reduzir os tempos de download até 53,55%, o carregamento do produtor até 71,6%, o tráfego entre domínios até 46,5% e a sobrecarga gerada até 25% em comparação com NDN padrão e os demais mecanismos avaliados. / The problem of handling user mobility has been around since mobile devices became capable of handling multimedia content and is still one of the most relevant challenges in networking. The conventional Internet architecture is inadequate in dealing with an ever-growing number of mobile devices that are both consuming and producing content. Named Data Networking (NDN) is a network architecture that can potentially overcome this mobility challenge. It supports consumer mobility by design but fails to offer the same level of support for content mobility. Content mobility requires guaranteeing that consumers manage to find and retrieve desired content even when the corresponding producer (or primary host) is not available. In this thesis, we propose PDRM, a Proactive and locality-aware Data Replication Mechanism that increases content availability through data redundancy in the context of the NDN architecture. It explores available resources from end-users in the vicinity to improve content availability even in the case of producer mobility. Throughout the thesis, we discuss the design of PDRM, evaluate the impact of the number of available providers in the vicinity and in-network cache capacity on its operation, and compare its performance to Vanilla NDN and two state-of-the-art proposals. The evaluation indicates that PDRM improves content mobility support due to using object popularity information and spare resources in the vicinity to help the proactive replication. Results show that PDRM can reduce the download times up to 53.55%, producer load up to 71.6%, inter-domain traffic up to 46.5%, and generated overhead up to 25% compared to Vanilla NDN and other evaluated mechanisms.
|
8 |
Protocole de routage pour l’architecture NDN / Routing protocol for NDN architectureAubry, Elian 19 December 2017 (has links)
Parmi les architectures orientées contenu, l'architecture NDN (Named-Data Networking) a su agréger la plus importante communauté de chercheurs et est la plus aboutie pour un Internet du futur. Dans le cadre de l'architecture NDN, au cours de ce doctorat, nous nous sommes concentrés sur les mécanismes de routage adaptés à cette nouvelle vision du réseau. En effet, la capacité à acheminer une requête vers la destination est fondamentale pour qu'une architecture réseau soit fonctionnelle et cette problématique avait été très peu étudiée jusqu'alors. Ainsi, dans ce manuscrit, nous proposons le protocole de routage SRSC (SDN-based Routing Scheme for CCN/NDN), qui repose sur l'utilisation du paradigme des réseaux logiciels (Software-Defined Networks\\, SDN). SRSC utilise un contrôleur capable de gérer le plan de contrôle du réseau NDN. En centralisant l'ensemble des informations telles que la topologie du réseau, la localisation des différents contenus et le contenu des mémoires cache des nœuds du réseau, le contrôleur va pouvoir établir la meilleure route pour acheminer les requêtes vers le contenu. SRSC permet également un routage de type anycast, c'est à dire qu'il permet d'acheminer les requêtes vers le nœud le plus proche qui dispose des données, permettant d'optimiser la distribution des requêtes dans le réseau et de répartir la charge parmi tous les nœuds. De plus, SRSC utilise uniquement les messages Interest et Data de l'architecture NDN et tient son originalité du fait qu'il s'affranchit complètement de l'infrastructure TCP/IP existante. Dans un premier temps, SRSC a été évalué via simulation avec le logiciel NS-3 où nous l'avons comparé à la méthode d'inondation des requêtes, appelée flooding, initialement proposée par NDN. SRSC a ensuite été implanté dans NDNx, l'implantation open source de l'architecture NDN, puis déployé sur notre testbed utilisant la technologie Docker. Ce testbed permet de virtualiser des nœuds NDN et d'observer un réel déploiement de cette architecture réseau à large échelle. Nous avons ainsi évalué les performances de notre protocole SRSC sur notre testbed virtualisé et nous l'avons comparé au protocole NLSR, (Named-Data Link State Routing Protocol), le protocole de routage du projet NDN / Internet is a mondial content network and its use grows since several years. Content delivery such as P2P or video streaming generates the main part of the Internet traffic and Named Data Networks (NDN) appear as an appropriate architecture to satisfy the user needs. Named-Data Networking is a novel clean-slate architecture for Future Internet. It has been designed to deliver content at large scale and integrates several features such as in-network caching, security, multi-path. However, the lack of scalable routing scheme is one of the main obstacles that slow down a large deployment of NDN at an Internet-scale. As it relies on content names instead of host address, it cannot reuse the traditional routing scheme on the Internet. In this thesis, we propose to use the Software-Defined Networking (SDN) paradigm to decouple data plane and control plane and present SRSC, a new routing scheme for NDN based on SDN paradigm. Our solution is a clean-slate approach, using only NDN messages and the SDN paradigm. We implemented our solution into the NS-3 simulator and perform extensive simulations of our proposal. SRSC show better performances than the flooding scheme used by default in NDN. We also present a new NDN testbed and the implementation of our protocol SRSC, a Controlled-based Routing Scheme for NDN. We implemented SRSC into NDNx, the NDN implementation, and deployed it into a virtual environment through Docker. Our experiments demonstrate the ability of our proposal to forward Interest, while keeping a low computation time for the Controller and low delay to access Content. Moreover, we propose a solution to easily deploy and evaluate NDN network, and we compare SRSC with NLSR, the current routing protocol used in NDNx
|
9 |
Long-Term Location-Independent Research Data Dissemination Using Persistent IdentifiersWannenwetsch, Oliver 11 January 2017 (has links)
No description available.
|
10 |
Mecanismo de garantia de privacidade para aplicações em redes orientadas a conteúdoSilva, Roan Simões da 08 March 2016 (has links)
Submitted by Bruna Rodrigues (bruna92rodrigues@yahoo.com.br) on 2016-10-03T13:27:33Z
No. of bitstreams: 1
DissRSSmg.pdf: 2035358 bytes, checksum: 76edc68719ac3e1e9c8c6f0639d58365 (MD5) / Approved for entry into archive by Marina Freitas (marinapf@ufscar.br) on 2016-10-10T17:31:16Z (GMT) No. of bitstreams: 1
DissRSSmg.pdf: 2035358 bytes, checksum: 76edc68719ac3e1e9c8c6f0639d58365 (MD5) / Approved for entry into archive by Marina Freitas (marinapf@ufscar.br) on 2016-10-10T17:31:34Z (GMT) No. of bitstreams: 1
DissRSSmg.pdf: 2035358 bytes, checksum: 76edc68719ac3e1e9c8c6f0639d58365 (MD5) / Made available in DSpace on 2016-10-10T17:31:41Z (GMT). No. of bitstreams: 1
DissRSSmg.pdf: 2035358 bytes, checksum: 76edc68719ac3e1e9c8c6f0639d58365 (MD5)
Previous issue date: 2016-03-08 / Não recebi financiamento / The current use of the Internet differs greatly in relation to its initial design. Internet users
are becoming interested in accessing and sharing content regardless of their physical
location. For future Internet, information-centric networking is considered a potential
solution to many of its current problems. Information-centric networking treats content as
the main element in the architecture rather than the host location. Information-centric
networking is intended in becoming Internet most efficient and safe, however, as it is still
under development, it leaves open the solution to many privacy issues. The privacy concept
may cover many different aspects and must be respected by applications. In this work the
privacy is considered as the right of the user to control who can access your data. Thus,
this work aims to propose a mechanism for applications in Information-centric networking
that allow a publisher user to define which users can access their content. To ensure the
content confidentiality and hence the user's privacy publisher, the proposed mechanism
uses an attribute-based encryption technique, called CP-ABE, which allows the use of
access policies that are defined and stored in the content. To enable the immediate
revocation of privileges, it is inserted a proxy server that operates in the decryption process.
As a proof of concept of the feasibility of the proposed mechanism, an application to share
encrypted file was developed. The application adopts an access control policy that limits
the decryption only by authorized users. This application was performed on a simulator of
the Named-Data Networking architecture, called ndnSIM. Performance tests against major
system functions have been performed in order to determine the feasibility and limitations
of the mechanism. The tests analyzes the file size after encryption, processing time and
RAM memory consumption. The tests concluded that the mechanism is viable in terms of
performance. / A utilização atual da Internet difere muito em relação à sua concepção inicial. Em geral, os
usuários a utilizam para acessar e compartilhar conteúdos e não se importam pela
localidade física dos dados associados. As Redes Orientadas a Conteúdo surgem como
uma proposta para modificar o modo de operação da arquitetura atual da Internet, onde o
roteamento passa a ser baseado no conteúdo e não no endereçamento. As Redes
Orientadas a Conteúdo buscam tornar a Internet mais eficiente e segura, mas por estarem
ainda em desenvolvimento, deixam em aberto a solução para muitas questões de
privacidade. O direito à privacidade dos usuários deve ser respeitado pelas aplicações e
seu conceito pode abranger diferentes aspectos. Este trabalho considera a privacidade
como o direito do usuário controlar quem poderá acessar seus dados. Deste modo, este
trabalho tem como objetivo propor um mecanismo de garantia de privacidade para
aplicações em Redes Orientadas a Conteúdo, com o intuito de permitir que um usuário
publicador defina quais usuários poderão acessar seus conteúdos. Para garantir a
confidencialidade destes conteúdos e, consequentemente, a privacidade do usuário
publicador, o mecanismo proposto faz uso de uma técnica de criptografia baseada em
atributos, chamada CP-ABE, que permite que sejam definidas políticas de acesso que são
armazenadas no próprio conteúdo. Para viabilizar a revogação de privilégios imediata, é
inserido um servidor Proxy que atua no processo de descriptografia. Como prova de
conceito da viabilidade do mecanismo proposto, foi desenvolvida uma aplicação de troca
de arquivos criptografados de acordo com o mecanismo, adotando uma política de acesso
que limita a descriptografia somente a usuários autorizados. Esta aplicação foi executada
em um simulador da arquitetura Named-Data Networking, chamado ndnSIM, visando a
análise da viabilidade de sua implementação em termos de desempenho. Testes de
desempenho em relação às principais funções do sistema foram realizados, com o intuito
de determinar a viabilidade e limitações do mecanismo. Os testes analisaram o tamanho
dos arquivos após a criptografia, o tempo de processamento e o consumo de memória
RAM. Com os testes conclui-se que o mecanismo é viável em termos de desempenho.
|
Page generated in 0.0516 seconds