The Dynamic Community of Interest and Its Realization in ZODIAC

The ZODIAC project has been exploring a security first approach to networking based on a new idea, the dynamic community of interest, based on groups of users with a demonstrable need to know. ZODIAC uses the most challenging network setting (the mobile ad hoc network) as a target, since each node must incorporate functions of both hosts and routers. The realization of the DCoI is a work in progress, but initial implementation results have shown that DCoI concepts can be translated into working systems. The current system applies virtual machine containers, extensive use of cryptography and digital signatures, dispersity routing, DHT-based naming, and explicit rate control among other advanced techniques. Putting security to the forefront in the design has led to interesting consequences for naming, authorization, and connection setup. In particular, it has demanded a hierarchical structure for DCoIs that may initially appear somewhat alien to Internet users. Nonetheless, our implementation has illustrated that a highly available network that provides confidentiality and integrity can be constructed and made usable.     

Adaptive proportional routing: a localized QoS routing approach

Most of the QoS routing schemes proposed so far require periodic exchange of QoS state information among routers, imposing both communication overhead on the network and processing overhead on core routers. Furthermore, stale QoS state information causes the performance of these QoS routing schemes to degrade drastically. In order to circumvent these problems, we focus on localized QoS routing schemes where the edge routers make routing decisions using only local information and thus reducing the overhead at core routers. We first describe virtual capacity based routing (vcr), a theoretical scheme based on the notion of virtual capacity of a route. We then propose proportional sticky routing, an easily realizable approximation of vcr and analyze its performance. We demonstrate through extensive simulations that adaptive proportional routing is indeed a viable alternative to the global QoS routing approach.     

Dissemination of routing information in broadcast networks: OSPFversus IS-IS

OSPF and IS-IS are two main standard link state routing protocols designed to operate in various complex network topologies. One aspect that both protocols handle is the reliable dissemination of routing information over broadcast networks such as Ethernet and FDDI. Both protocols suggest different schemes for this purpose and in this article we compare the two. The performance criteria being checked are: the longest arrival time of a routing update packet at all the routers; the average arrival time of routing update packets at all the routers; the total required bandwidth; and the number of memory accesses a router performs, which is evidence of the amount of internal work it performs. We find that in our model of broadcast networks the scheme suggested in IS-IS is more efficient than that of OSPF in terms of the arrival times of routing update packets. In particular, the average arrival time of routing update packets in OSPF is 2-10 times longer than in IS-IS. In terms of the bandwidth each scheme consumes, there are scenarios where OSPF outperforms IS-IS and vice versa. In terms of the number of memory accesses routers perform in each scheme, IS-IS outperforms OSPF     

Cross-layer adaptive control for wireless mesh networks

This paper investigates optimal routing and adaptive scheduling in a wireless mesh network composed of mesh clients and mesh routers. The mesh clients are power constrained mobile nodes with relatively little knowledge of the overall network topology. The mesh routers are stationary wireless nodes with higher transmission rates and more capabilities. We develop a notion of instantaneous capacity regions, and construct algorithms for multi-hop routing and transmission scheduling that achieve network stability and fairness with respect to these regions. The algorithms are shown to operate under arbitrary client mobility models (including non-ergodic models with non-repeatable events), and provide analytical delay guarantees that are independent of the timescales of the mobility process. Our control strategies apply techniques of backpressure, shortest path routing, and Lyapunov optimization.     

Socially-aware routing for publish-subscribe in delay-tolerant mobile ad hoc networks

Applications involving the dissemination of information directly relevant to humans (e.g., service advertising, news spreading, environmental alerts) often rely on publish-subscribe, in which the network delivers a published message only to the nodes whose subscribed interests match it. In principle, publish- subscribe is particularly useful in mobile environments, since it minimizes the coupling among communication parties. However, to the best of our knowledge, none of the (few) works that tackled publish-subscribe in mobile environments has yet addressed intermittently-connected human networks. Socially-related people tend to be co-located quite regularly. This characteristic can be exploited to drive forwarding decisions in the interest-based routing layer supporting the publish-subscribe network, yielding not only improved performance but also the ability to overcome high rates of mobility and long-lasting disconnections. In this paper we propose SocialCast, a routing framework for publish-subscribe that exploits predictions based on metrics of social interaction (e.g., patterns of movements among communities) to identify the best information carriers. We highlight the principles underlying our protocol, illustrate its operation, and evaluate its performance using a mobility model based on a social network validated with real human mobility traces. The evaluation shows that prediction of colocation and node mobility allow for maintaining a very high and steady event delivery with low overhead and latency, despite the variation in density, number of replicas per message or speed.     

基于CPK组合公钥的电子签章技术研究

随着中国电子政务与电子商务的发展,电子文档已经逐渐取代传统的纸质文档。因此,如何保证电子文档的安全已经成为电子政务与电子商务进一步深入与成功应用的关键。采用组合公钥密码体制（Combined Public Key,CPK）设计电子签章系统,利用ID证书来进行数字签名与验证,使任何两个用户之间仅通过对方身份标识即可确认公钥信息,不依靠可信第三方验证,并简化了密钥交换协议,保证了文档的完整性、机密性和不可抵赖性,实现了高效安全的电子签章系统。     

Extending P2PMesh: topology‐aware schemes for efficient peer‐to‐peer data sharing in wireless mesh networks

Wireless mesh networks (WMNs) have emerged as a promising technology that provides low‐cost broadband access to the Internet for fixed and mobile wireless end users. An orthogonal evolution in computer networking has been the rise of peer‐to‐peer (P2P) applications such as P2P data sharing. It is of interest to enable effective P2P data sharing in this type of networks. Conventional P2P data sharing systems are not cognizant of the underlying network topology and therefore suffer from inefficiency. We argue for dual‐layer mesh network architecture with support from wireless mesh routers for P2P applications. The main contribution of this paper is P2PMesh: a topology‐aware system that provides combined architecture and efficient schemes for enabling efficient P2P data sharing in WMNs. The P2PMesh architecture utilizes three schemes: (i) an efficient content lookup that mitigates traffic load imbalance at mesh routers; (ii) an efficient establishment of download paths; and (iii) a data transfer protocol for multi‐hop wireless networks with limited capacity. We note here that the path establishment and data transfer schemes are specific to P2P traffic and that other traffic would use routes determined by the default routing protocol in the WMN. Simulation results suggest that P2PMesh has the potential to improve the performance of P2P applications in a wireless multi‐hop setting; specifically, we focused on data sharing, but other P2P applications can also be supported by this approach. Copyright © 2011 John Wiley & Sons, Ltd.     

Detecting Network-Wide and Router-Specific Misconfigurations Through Data Mining

Recent studies have shown that router misconfigurations are common and can have dramatic consequences to the operations of a network. Misconfigurations can compromise the security of an entire network or even cause global disruptions to Internet connectivity. Several solutions have been proposed. They can detect a number of problems in real configuration files. However, these solutions share a common limitation: they are based on rules which need to be known beforehand. Violations of these rules are deemed misconfigurations. As policies typically differ among networks, these approaches are limited in the scope of mistakes they can detect. In this paper, we address the problem of router misconfigurations using data mining. We apply association rules mining to the configuration files of routers across an administrative domain to discover local, network-specific policies. Deviations from these local policies are potential misconfigurations. We have evaluated our scheme on configuration files from a large state-wide network provider, a large university campus and a high-performance research network. In this evaluation, we focused on three aspects of the configurations: user accounts, interfaces and BGP sessions. User accounts specify the users that can access the router and define the authorized commands. Interfaces are the ports used by routers to connect to different networks. Each interface may support a number of services and run various routing protocols. BGP sessions are the connections with neighboring autonomous systems (AS). BGP sessions implement the routing policies which select the routes that are filtered and the ones that are advertised to the BGP neighbors. We included the routing policies in our study. The results are promising. We discovered a number of errors that were confirmed and corrected by the network administrators. These errors would have been difficult to detect with current predefined rule-based approaches.      

Delayed Internet routing convergence

This paper examines the latency in Internet path failure, failover, and repair due to the convergence properties of interdomain routing. Unlike circuit-switched paths which exhibit failover on the order of milliseconds, our experimental measurements show that interdomain routers in the packet-switched Internet may take tens of minutes to reach a consistent view of the network topology after a fault. These delays stem from temporary routing table fluctuations formed during the operation of the border gateway protocol (BGP) path selection process on the Internet backbone routers. During these periods of delayed convergence, we show that end-to-end Internet paths will experience intermittent loss of connectivity, as well as increased packet loss and latency. We present a two-year study of Internet routing convergence through the experimental instrumentation of key portions of the Internet infrastructure, including both passive data collection and fault-injection machines at major Internet exchange points. Based on data from the injection and measurement of several hundred thousand interdomain routing faults, we describe several unexpected properties of convergence and show that the measured upper bound on Internet interdomain routing convergence delay is an order of magnitude slower than previously thought. Our analysis also shows that the upper theoretic computational bound on the number of router states and control messages exchanged during the process of BGP convergence is factorial with respect to the number of autonomous systems in the Internet. Finally, we demonstrate that much of the observed convergence delay stems from specific router vendor implementation decisions and ambiguity in the BGP specification     

Explicit Multicast Extension (Xcast+) for Efficient Multicast Packet Delivery

In this letter, we propose a new multicast scheme, named Xcast+, which is an extension of Explicit Multicast (Xcast) for an efficient delivery of multicast packets. The mechanism incorporates the host group model and a new control plane into existing Xcast, and not only does it provide the transparency of traditional multicast schemes to senders and receivers, but it also enhances the routing efficiency in networks. Since intermediate routers do not have to maintain any multicast states, it results in a more efficient and scalable mechanism to deliver multicast packets. Our simulation results show distinct performance improvements of our approach compared to Xcast, particularly as the number of receivers in a subnet increases.     

基于内容的发布订阅系统路由算法

 本文综合评述了基于内容的P/S系统路由机制和算法.根据客户的移动性和网络结构的变化对路由算法进行了分类和归纳,分别论述了静态和变化拓扑环境下、支持客户移动情况下P/S系统各种路由算法的基本思想和优缺点等.在此基础上,针对P/S系统的动态、松耦合、多对多通信的特征,分析和提出了有待解决的问题以及进一步的研究方向.     

An Efficient Selective Encryption of Fingerprint Images for Embedded Processors

Biometric‐based authentication can provide a strong security guarantee of the identity of users. However, the security of biometric data is particularly important as any compromise of the biometric data will be permanent. In this paper, we propose a secure and efficient protocol to transmit fingerprint images from a fingerprint sensor to a client by exploiting the characteristics of the fingerprint images. Because the fingerprint sensor is computationally limited, a standard encryption algorithm may not be applied to the full fingerprint images in real‐time to guarantee the integrity and confidentiality of the fingerprint images transmitted. To reduce the computational workload on the resource‐constrained sensor, we apply the encryption algorithm to a nonce for integrity and to a specific bitplane of each pixel of the fingerprint image for confidentiality. Experimental results show that the integrity and confidentiality of the fingerprint images can be guaranteed without any leakage of the fingerprint ridge information and can be completed in real‐time on embedded processors.     

Scalable Multicasting: The Core-Assisted Mesh Protocol

Most of the multicast routing protocols for ad hoc networks today are based on shared or source-based trees; however, keeping a routing tree connected for the purpose of data forwarding may lead to a substantial network overhead. A different approach to multicast routing consists of building a shared mesh for each multicast group. In multicast meshes, data packets can be accepted from any router, as opposed to trees where data packets are only accepted from routers with whom a tree branch has been established. The difference among multicast routing protocols based on meshes is in the method used to build these structures. Some mesh-based protocols require the flooding of sender or receiver announcements over the whole network. This paper presents the Core-Assisted Mesh Protocol, which uses meshes for data forwarding, and avoids flooding by generalizing the notion of core-based trees introduced for internet multicasting. Group members form the mesh of a group by sending join requests to a set of cores. Simulation experiments show that meshes can be used effectively as multicast routing structures without the need for flooding control packets.     

Fast coupled noise estimation for crosstalk avoidance in the MCGmultichip module autorouter

A multilayer, multichip module (MCM) router, called MCG, is introduced for x-y routing. An efficient method has been derived to allow candidate routes for the nets to be considered simultaneously for compatibility rather than incrementally extending routes or routing one net at a time as in many other techniques. This allows incorporation of accurate models for determining the potential for crosstalk problems during the routing process. MCG incorporates a crosstalk avoidance procedure which facilitates correct-by-design routing in systems susceptible to noise problems. In comparisons with other routers on industrial benchmarks, the MCG router has shown substantial improvement in routing density, number of layers, number of vias, and total interconnect length over routers such as V4R and SLICE. Our test results show up to 18% improvement in via count and up to 33% improvement in the required number of routing layers for these examples over V4R. One of the benchmarks presented contains 37 VHSIC gate arrays, over 7000 nets, and over 14000 pins (pads). Routing at finer pitches with crosstalk avoidance shows a further improvement in interconnect density     

Managing routing tables for URL routers in content distribution networks

Large‐scale content distribution networks (CDNs) can be built using URL routers to redirect client HTTP requests to the nearest content source. URL routers employ very large routing tables. To improve the manageability of CDNs, we propose to use URL signatures to reduce the size of routing tables and aggressive hashing to speed‐up routing look‐ups. Copyright © 2004 John Wiley & Sons, Ltd.     

A learning automata and clustering-based routing protocol for named data networking

Named data networking (NDN) is a new information-centric networking architecture in which data or content is identified by a unique name and saved pieces of the content are used in the cache of routers. Certainly, routing is one of the major challenges in these networks. In NDN, to achieve the required data for users, interest messages containing the names of data are sent. Because the source and destination addresses are not included in this package, routers forward them using the names that carried in packages. This forward will continue until the interest package is served. In this paper, we propose a routing algorithm for NDN. The purpose of this protocol is to choose a path with the minimum cost in order to enhance the quality of internet services. This is done using learning automata with multi-level clustering and the cache is placed in each cluster head. Since the purpose of this paper is to provide a routing protocol and one of the main rules of routing protocol in NDN is that alternative paths should be found in each path request, so, we use multicast trees to observe this rule. One way of making multicast trees is by using algorithms of the Steiner tree construction in the graph. According to the proposed algorithm, the content requester and content owners are the Steiner tree root and terminal nodes, respectively. Dijkstra’s algorithm is one of the proper algorithms in routing which is used for automata convergence. The proposed algorithm has been simulated in NS2 environment and proved by mathematical rules. Experimental results show the excellence of the proposed method over the one of the most common routing protocols in terms of the throughput, control message overhead, packet delivery ratio and end-to-end delay.     

Network-coding based event diffusion for wireless networks using semi-broadcasting

Publish/subscribe is a well known and powerful distributed programming paradigm with many potential applications. Publish/subscribe content dissemination techniques based on opportunistic networking and network coding-based epidemic routing are key techniques for optimizing network resources, simplifying network architecture, and providing a platform for realizing innovative networking applications and service.In this paper we consider the central problem of any pub/sub implementation, namely the problem of event dissemination, in the case of a wireless mesh network. We propose a new dissemination strategy based on the notion of semi-broadcast. In a semi-broadcast based protocol the actual content is disseminated in two phases. In the first phase only a fraction of the content is broadcasted (pushed) over the network and stored inside any node, whereas in the second phase the missed part is retried (pulled) on demand from other nodes. Thanks to network coding the partial content stored in each node at the end of the first phase is a set of random linear combinations over the whole content. This allows a very efficient recovery strategy as the missed part is found in nearby nodes with a high probability.The benefit of this approach is that only the interested subscribers, which can vary in number and position over time, can engage the pulling phase.We propose several protocols based on non-trivial forwarding mechanisms that employ network coding as a central tool for supporting adaptive event dissemination while exploiting the broadcast nature of wireless transmissions and guided to the semi-broadcast principle. We show a considerable enhancement in term of total flooding costs and full decoding rates by a self parameter control deployment during the dissemination procedure.     

A distributed and scalable routing table manager for the next generation of IP routers

In recent years, the exponential growth of Internet users with increased bandwidth requirements has led to the emergence of the next generation of IP routers. Distributed architecture is one of the promising trends providing petabit routers with a large switching capacity and high-speed interfaces. Distributed routers are designed with an optical switch fabric interconnecting line and control cards. Computing and memory resources are available on both control and line cards to perform routing and forwarding tasks. This new hardware architecture is not efficiently utilized by the traditional software models where a single control card is responsible for all routing and management operations. The routing table manager plays an extremely critical role by managing routing information and in particular, a forwarding information table. This article presents a distributed architecture set up around a distributed and scalable routing table manager. This architecture also comes provides improvements in robustness and resiliency. The proposed architecture is based on a sharing mechanism between control and line cards and is able to meet the scalability requirements for route computations, notifications, and advertisements. A comparative scalability evaluation is made between distributed and centralized architectures in terms of required memory and computing resources.     

A ring-based multicast routing topology with QoS support in wireless mesh networks

Wireless mesh networking (WMN) is an emerging technology for future broadband wireless access. The proliferation of the mobile computing devices that are equipped with cameras and ad hoc communication mode creates the possibility of exchanging real-time data between mobile users in wireless mesh networks. In this paper, we argue for a ring-based multicast routing topology with support from infrastructure nodes for group communications in WMNs. We study the performance of multicast communication over a ring routing topology when 802.11 with RTS/CTS scheme is used at the MAC layer to enable reliable multicast services in WMNs. We propose an algorithm to enhance the IP multicast routing on the ring topology. We show that when mesh routers on a ring topology support group communications by employing our proposed algorithms, a significant performance enhancement is realized. We analytically compute the end-to-end delay on a ring multicast routing topology. Our results show that the end-to-end delay is reduced about 33 %, and the capacity of multicast network (i.e., maximum group size that the ring can serve with QoS guarantees) is increased about 50 % as compared to conventional schemes. We also use our analytical results to develop heuristic algorithms for constructing an efficient ring-based multicast routing topology with QoS guarantees. The proposed algorithms take into account all possible traffic interference when constructing the multicast ring topology. Thus, the constructed ring topology provides QoS guarantees for the multicast traffic and minimizes the cost of group communications in WMNs.     

SIAR: Customized real-time interactive router for analog circuits

As analog and mixed-signal (AMS) circuitry gains increasing portions in modern SoCs, automatic analog routing is becoming more and more important. However, routing for analog circuits has always been an extremely challenging task due to complicated electrical and geometrical constraints. Due to these constraints, current analog routers often fail to obtain a routing solution that the designer wants. To incorporate the designer׳s expertise during routing, a customized real-time interactive analog router is attracting increasing concerns in industry.This paper presents a fast customized real-time interactive analog router called SIAR. A key feature of SIAR is that it allows for real-time interactions between the router and the designer. The designer can try different guiding points by moving the cursor in the user window and SIAR will return and display the corresponding routing solution in real-time, such that the designer could choose the most satisfactory one. The guiding points are very important for the designer to obtain satisfactory routing solutions, even for routing solutions with analog matching constraints by setting symmetric guiding points. A new splitting graph based routing model is presented to efficiently search the routing path and record the number of turns/vias during searching by efficient tile splitting operations. SIAR supports different routing modes such as point-to-point, point-to-module and module-to-module. An efficient connecting point selection method is presented such that an optimal routing solution is preserved when connecting to a module. Different design rules such as variable wire and via width/spacing rules, along with the same-net spacing rules, are supported in SIAR. Moreover, a global routing stage is presented to speedup the routing process for large designs. Experimental results are promising.