Generating efficient protocol code from an abstract specification

A protocol compiler takes as input an abstract specification of a protocol and generates an implementation of that protocol. Protocol compilers usually produce inefficient code both in terms of code speed and code size. We show that the combination of two techniques makes it possible to build protocol compilers that generate efficient code. These techniques are: (i) the use of a compiler that generates from the specification a unique tree-shaped automation (rather than multiple independent automata) and (ii) the use of optimization techniques applied at the automation level, i.e., on the branches of the trees. We have developed a protocol compiler that uses both these techniques. The compiler takes as the input a protocol specification written in the synchronous language Esterel. The specification is compiled into a unique automation by the Esterel front end compiler. The automation is then optimized and converted into C code by our protocol optimizer called HIPPCO. HIPPCO improves the code performance and reduces the code size by simultaneously optimizing the performance of the common path and optimizing the size of the uncommon path. We evaluate the gain expected with our approach on a real-life example, namely a working subset of the TCP protocol generated from an Esterel specification. We compare the protocol code generated with our approach to that derived from the standard BSD TCP implementation. The results are very encouraging. HIPPCO-generated code executes up to 25% fewer instructions than the BSD code for input packet processing while only increasing the code size by 25%     

Detecting privacy leaks in the RATP App: how we proceeded and what we found

We analyzed the RATP App, both Android and iOS versions, using our instrumented versions of these mobile OSs. Our analysis reveals that both versions of this App leak private data to third-party servers, which is in total contradiction to the In-App privacy policy. The iOS version of this App doesn’t even respect Apple guidelines on cross-App user tracking for advertising purposes and employs various other cross-App tracking mechanisms that are not supposed to be used by Apps. Even if this work is illustrated with a single App, we describe an approach that is generic and can be used to detect privacy leaks from other Apps. In addition, our findings are representative of a trend in Advertising and Analytics (A&A) libraries that try to collect as much information as possible regarding the smartphone and its user to have a better profile of the user’s interests and behaviors. In fact, in case of iOS, these libraries even generate their own persistent identifiers and share it with other Apps through covert channels to better track the user, and this happens even if the user has opted-out of device tracking for advertising purposes. Above all, this happens without the user knowledge, and sometimes even without the App developer’s knowledge who might have naively included these libraries during the App development. Therefore this article raises many questions concerning both the bad practices employed in the world of smartphones and the limitations of the privacy control features proposed by Android/iOS Mobile OSs.     

A Survey on the Encryption of Convergecast Traffic with In-Network Processing

We present an overview of end-to-end encryption solutions for convergecast traffic in wireless sensor networks that support in-network processing at forwarding intermediate nodes. Other than hop-by-hop based encryption approaches, aggregator nodes can perform in-network processing on encrypted data. Since it is not required to decrypt the incoming ciphers before aggregating, substantial advantages are 1) neither keys nor plaintext is available at aggregating nodes, 2) the overall energy consumption of the backbone can be reduced, 3) the system is more flexible with respect to changing routes, and finally 4) the overall system security increases. We provide a qualitative comparison of available approaches, point out their strengths, respectively weaknesses, and investigate opportunities for further research.     

Flexible Network Support for Mobile Hosts

Fueled by the large number of powerful light-weight portable computers, the expanding availability of wireless networks, and the popularity of the Internet, there is an increasing demand to connect portable computers to the Internet at any time and in any place. However, the dynamic nature of a mobile host's connectivity and its use of multiple network interfaces require more flexible network support than has typically been available for stationary workstations.This paper introduces two flow-oriented mechanisms, in the context of Mobile IP , to ensure a mobile host's robust and efficient communication with other hosts in a changing environment. One mechanism supports multiple packet delivery methods (such as regular IP or Mobile IP) and adaptively selects the most appropriate one to use according to the characteristics of each traffic flow. The other mechanism enables a mobile host to make use of multiple network interfaces simultaneously and to control the selection of the most desirable network interfaces for both outgoing and incoming packets for different traffic flows. We demonstrate the usefulness of these two network layer mechanisms and describe their implementation and performance.     

Cryptographically Generated Addresses for Constrained Devices*

Cryptographically Generated Addresses (CGAs) have been designed to solve the so-called IPv6 Address Ownership problem. The current IETF CGA proposal relies on RSA signature. Generating an RSA signature is quite expensive and might be prohibitive for small devices with limited capacities. For example, a 1024-RSA signature requires approximately 1536 modular multiplications. In this paper, we propose a new CGA scheme whose verification requires fewer than 10 modular multiplications. We achieve this performance gain by (1) selecting an efficient signature scheme, namely the small prime variation of the Feige-Fiat-Shamir scheme and (2) tuning the cryptographic parameters of this signature scheme to the security strength of the CGA (i.e. the size of the hash function used to generate it).     

Hash-Based Paging and Location Update Using Bloom Filters

We develop and analyze a hash-based paging and location update technique that reduces the paging cost in cellular systems. By applying a Bloom filter, the terminal identifier field of a paging message is coded to page a number of terminals concurrently. A small number of terminals may wake up and send what we call false location updates although they are not being paged. We compare the total number of paging and false location update messages with the cost of the standard paging procedure. Fortunately, the false location update probabilities can be made very small, and important bandwidth gains can be expected. The larger the size of the terminal identifier, the less probable are false location updates. Therefore, hash-based paging especially shows promise for IP paging in mobile IPv6 networks with 128-bit mobile host addresses.     

EnhancingIEEE 802.11 performance in congested environments

IEEE 802.11 is the most deployed wireless local area networking standard nowadays. It uses carrier sense multiple access with collision avoldance (CSMA/CA) to, resolve contention between nodes. Contention windows (CW) change dynamically to adapt to the contention level: Upon each collision a node doubles itsCW to, reduce further collision risks. Upon a successful transmission theCW is reset, assuming the contention level dropped. However, contention level is more likely to change slowly, and resetting theCW causes new collisions and retransmissions before reaching the optimal value again. This wastes bandwidth and increases delays. In this paper we propose simple slowCW decrease functions and compare their performances to the legacy standard. We analyze them through simulation and show their considerable enhancement at all congestion levels and transient phases.     

On the uniqueness of Web browsing history patterns

We present the results of the first large-scale study of the uniqueness of Web browsing histories, gathered from a total of 368,284 Internet users who visited a history detection demonstration website. Our results show that for a majority of users (69 %), the browsing history is unique and that users for whom we could detect at least four visited websites were uniquely identified by their histories in 97 % of cases. We observe a significant rate of stability in browser history fingerprints: for repeat visitors, 38 % of fingerprints are identical over time, and differing ones were correlated with original history contents, indicating static browsing preferences (for history subvectors of size 50). We report a striking result that it is enough to test for a small number of pages in order to both enumerate users’ interests and perform an efficient and unique behavioral fingerprint; we show that testing 50 Web pages is enough to fingerprint 42 % of users in our database, increasing to 70 % with 500 Web pages.     

WAVer: A Model Checking-based Tool to Verify Web Application Design

Web Applications are becoming more and more widespread and efficient, then an increase of their reliability is now strongly required. Hence methods to support design and automatically perform validation of a Web Application (WA) could be helpful. In this paper we present WAVer, a prototype tool for performing the verification of a WA design by means of Symbolic Model Checking techniques. The tool first performs the modeling of the WA and furthermore verify it by means of a model checker. Specifically, the mathematical model of the WA is represented by a Finite State Machine (FSM). Then, by using the CTL formal language, we formalize basic criteria to establish correctness of the application. The prototype system we have implemented embeds a component which automatically imports WA design from a UML tool; CTL specifications are added and translated as source code for NuSMV model checker. Finally, the checker performs verification: if there is a violation of specifications, NuSMV allows to locate errors in WA design and appropriate adjustments are carried out.