References of "Computer Networks"
     in
Bookmark and Share    
Full Text
Peer Reviewed
See detailSlow Denial-of-Service Attacks on Software Defined Networks
Pascoal, Tulio UL; E. Fonseca, Iguatemi; Nigam, Vivek

in Computer Networks (2020)

Software Defined Networking (SDN) is a network paradigm that decouples the network’s control plane, delegated to the SDN controller, from the data plane, delegated to SDN switches. For increased ... [more ▼]

Software Defined Networking (SDN) is a network paradigm that decouples the network’s control plane, delegated to the SDN controller, from the data plane, delegated to SDN switches. For increased efficiency, SDN switches use a high-performance Ternary Content-Addressable memory (TCAM) to install rules. However, due to the TCAM’s high cost and power consumption, switches have a limited amount of TCAM memory. Consequently, a limited number of rules can be installed. This limitation has been exploited to carry out Distributed Denial of Service (DDoS) attacks, such as Saturation attacks, that generate large amounts of traffic. Inspired by slow application layer DDoS attacks, this paper presents and investigates DDoS attacks on SDN that do not require large amounts of traffic, thus bypassing existing defenses that are triggered by traffic volume. In particular, we offer two slow attacks on SDN. The first attack, called Slow TCAM Exhaustion attack (Slow-TCAM), is able to consume all SDN switch’s TCAM memory by forcing the installation of new forwarding rules and maintaining them indeterminately active, thus disallowing new rules to be installed to serve legitimate clients. The second attack, called Slow Saturation attack, combines Slow-TCAM attack with a lower rate instance of the Saturation attack. A Slow Saturation attack is capable of denying service using a fraction of the traffic of typical Saturation attacks. Moreover, the Slow Saturation attack can also impact installed legitimate rules, thus causing a greater impact than the Slow-TCAM attack. In addition, it also affects the availability of other network’s components, e.g., switches, even the ones not being directly targeted by the attack, as has been proven by our experiments. We propose a number of variations of these attacks and demonstrate their effectiveness by means of an extensive experimental evaluation. The Slow-TCAM is able to deny service to legitimate clients requiring only 38 seconds and sending less than 40 packets per second without abruptly changing network resources, such as CPU and memory. Moreover, besides denying service as a Slow-TCAM attack, the Slow Saturation attack can also disrupt multiple SDN switches (not only the targeted ones) by sending a lower-rate traffic when compared to current known Saturation attacks. [less ▲]

Detailed reference viewed: 43 (5 UL)
Full Text
Peer Reviewed
See detailMulti-Gbps HTTP traffic analysis in commodity hardware based on local knowledge of TCP streams
Vega Moreno, Carlos Gonzalo UL; Roquero, Paula; Aracil, Javier

in Computer Networks (2017), 113

In this paper we propose and implement novel techniques for performance evaluation of web traffic (response time, response code, etc.), with no reassembly of the underlying TCP connection, which severely ... [more ▼]

In this paper we propose and implement novel techniques for performance evaluation of web traffic (response time, response code, etc.), with no reassembly of the underlying TCP connection, which severely restricts the traffic analysis throughput. Furthermore, our proposed software for HTTP traffic analysis runs in standard hardware, which is very cost-effective. Besides, we present sub-TCP connection load balancing techniques that significantly increase throughput at the expense of losing very few HTTP transactions. Such techniques provide performance evaluation statistics which are indistinguishable from the single-threaded alternative with full TCP connection reassembly. © 2017 Elsevier B.V. [less ▲]

Detailed reference viewed: 61 (0 UL)
Full Text
Peer Reviewed
See detailJITeR: Just-in-time application-layer routing
Bessani, Alysson; Neves, Nuno F.; Verissimo, Paulo UL et al

in Computer Networks (2016), (104), 122-136

The paper addresses the problem of providing message latency and reliability assurances for control traf- fic in wide-area IP networks. This is an important problem for cloud services and other geo ... [more ▼]

The paper addresses the problem of providing message latency and reliability assurances for control traf- fic in wide-area IP networks. This is an important problem for cloud services and other geo-distributed information infrastructures that entail inter-datacenter real-time communication. We present the design and validation of JITeR ( Just-In-Time Routing ), an algorithm that timely routes messages at application- layer using overlay networking and multihoming, leveraging the natural redundancy of wide-area IP net- works. We implemented a prototype of JITeR that we evaluated experimentally by placing nodes in sev- eral regions of Amazon EC2. We also present a scenario-based (geo-distributed utility network) evalua- tion comparing JITeR with alternative overlay/multihoming routing algorithms that shows that it provides better timeliness and reliability guarantees. [less ▲]

Detailed reference viewed: 270 (15 UL)
Full Text
Peer Reviewed
See detailSecure and Reliable Clustering in Wireless Sensor Networks: A Critical Survey
Schaffer, Peter UL; Farkas, Károly; Horváth, Ádám et al

in Computer Networks (2012), 56(11), 27262741

In the past few years, research interest has been increased towards wireless sensor networks (WSNs) and their application in both the military and civil domains. To support scalability in WSNs and ... [more ▼]

In the past few years, research interest has been increased towards wireless sensor networks (WSNs) and their application in both the military and civil domains. To support scalability in WSNs and increase network lifetime, nodes are often grouped into disjoint clusters. However, secure and reliable clustering, which is critical in WSNs deployed in hostile environments, has gained modest attention so far or has been limited only to fault tolerance. In this paper, we review the state-of-the-art of clustering protocols in WSNs with special emphasis on security and reliability issues. First, we define a taxonomy of security and reliability for cluster head election and clustering in WSNs. Then, we describe and analyze the most relevant secure and reliable clustering protocols. Finally, we propose countermeasures against typical attacks and show how they improve the discussed protocols. [less ▲]

Detailed reference viewed: 83 (0 UL)
Peer Reviewed
See detailOn the difficulty of achieving anonymity for Vehicle-2-X communication
Troncoso, Carmela; Costa-Montenegro, Enrique; Diaz, Claudia et al

in Computer Networks (2011)

Detailed reference viewed: 87 (1 UL)
Full Text
Peer Reviewed
See detailEfficient probabilistic communication protocol for the private identification of RFID tags by means of collaborative readers
Trujillo Rasua, Rolando UL; Solanas, Agusti

in Computer Networks (2011), 55(15), 3211--3223

Detailed reference viewed: 83 (1 UL)
Full Text
Peer Reviewed
See detailLogarithmic Window Increase for TCP Westwood+ for Improvement in High Speed, Long Distance Networks
Kliazovich, Dzmitry UL; Granelli, Fabrizio; Miorandi, Daniele

in Computer Networks (2008), 52(12), 2395-2410

The majority of current Internet applications uses Transmission Control Protocol (TCP) for ensuring reliable end-to-end delivery of data over IP networks. The resulting path is, generally speaking ... [more ▼]

The majority of current Internet applications uses Transmission Control Protocol (TCP) for ensuring reliable end-to-end delivery of data over IP networks. The resulting path is, generally speaking, characterized by fairly large propagation delays (of the order of tens to hundreds of milliseconds) and increasing available bandwidth. Current TCP performance is far from representing an optimal solution in such operating conditions. The main reason lies in the conservative congestion control strategy employed, which does not let TCP to exploit the always increasing available path capacity. As a consequence, TCP optimization has been an active research topic in the research community over the last 25 years, boosted in the last few years by the widespread adoption of high-speed optical fiber links in the backbone and the emergence of supercomputing networked applications from one side and tremendous growth of wireless bandwidth in network access from another. This has led to the introduction of several alternative proposals for performing congestion control. Most of them focus on the effectiveness of bandwidth utilization, introducing more ‘‘aggressive” congestion control strategies. However, such approaches result often in unfairness among flows with substantially different RTTs, or do not present the inter-protocol fairness features required for incremental network deployment. In this paper, we propose TCP LogWestwood+, a TCP Westwood+ enhancement based on a logarithmic increase function, targeting adaptation to the high-speed wireless environment. The algorithm shows low sensitivity with respect to RTT value, while maintaining high network utilization in a wide range of network settings. The performance, fairness and stability properties of the proposed TCP LogWestwood+ are studied analytically, and then validated by means of an extensive set of experiments including computer simulations and wide area Internet measurements. [less ▲]

Detailed reference viewed: 100 (0 UL)
Full Text
Peer Reviewed
See detailPerformance Improvement in Wireless Networks using Cross-layer ARQ
Kliazovich, Dzmitry UL; Granelli, Fabrizio; Gerla, Mario

in Computer Networks (2007), 51(15), 4396-4411

This paper presents a novel cross-layer approach (LLE-TCP) designed for performance enhancement of TCP over a large variety of wireless networks. LLE-TCP avoids TCP ACK packet transmission over the ... [more ▼]

This paper presents a novel cross-layer approach (LLE-TCP) designed for performance enhancement of TCP over a large variety of wireless networks. LLE-TCP avoids TCP ACK packet transmission over the wireless channel. As a result, the saved time can be utilized by the nodes for data packet delivery. The proposed scheme enhances the protocol stacks of the wireless sender (or a base station) and the receiver with cross-layer ARQ agents which support ACK suppression. ARQ agent suppresses the outgoing ACKs at the receiver side and generates them locally at the sender or base station. The performance evaluation of the proposed approach is performed via simulations as well as IEEE 802.11 testbed experiments for single-hop and infrastructure network scenarios. LLE-TCP demonstrates the performance improvement in the range of 20–100% depending on the transmitted TCP/IP datagram size. Among the factors contributing to performance enhancement are: medium busy time reduction, reduced sensibility to link errors, reduced round trip time (RTT), and improved congestion control. A good level of throughput fairness as well as a fair coexistence with state-of-the-art TCP modifications ensures proper functionality of the proposed approach, while performance advantages extended even on non-LLE-TCP users favor an incremental deployment of the technique in existing networks. [less ▲]

Detailed reference viewed: 117 (0 UL)