Category Archives: CCR April 2018

The April 2018 Issue

This issue starts with two technical articles that provide artefacts. The first one, Scanning the Internet for Liveness, written by a team of eight researchers led by S. Bano uses the ZMap software to probe the IPv4 addressing space for Internet hosts that respond to different types of probes. They propose different liveness probes that use ICMP, TCP and UDP. Their scans of the IPv4 Internet revealed that different protocols (or ports for TCP/UDP) provide different results as different types of hosts respond or not to different types of probes. Furthermore, collecting ICMP error messages for the TCP and UDP probes is important to increase the coverage. The authors release their modification to ZMap that includes the proposed probes and data collected during their measurement campaigns.

The second technical paper that provides artefacts is A First Look at Certifi- cation Authority Authorization (CAA) was co-authored by eleven researchers led by Q. Scheitle. This is also a measurement paper that tries to understand how the Certification Authority Authorization (CAA) DNS record is actually used by Certification Authorities (CA), domain holders and DNS operators. This is a timely paper since RFC6844 mandates that CAs validate CAA records as of September 8, 2017. Their study reveals some anomalies for already-issued certificates and they provide some guidelines to improve the security impact of CAA. Their study continues and you can follow the updated results on https://caastudy. github.io. The authors release both the collected data and their analysis tools.

In our third technical paper, Towards Slack-Aware Networking, Fahad Dogar proposes a new architecture targeted at machine-to-machine communications where hosts could indicate some slack when transmitting packets to let the network optimise their delivery to reduce the consumption of network ressources. This new idea still needs to be implemented and validated but it could open new directions of research.

In addition to the technical papers, this issue also contains three editorial notes. In VANETs’ research over the past decade: overview, credibility, and trends, E. Caval- canti et al. provide a detailed survey of the research in Vehicular Ad hoc Networks (VANETs) during the last decade and analyse 283 papers according to different criterias. They release the collected data as paper artefacts. In Failures from the Environment, a Report on the First FAILSAFE workshop, M. Breza et al. summarise the FAILSAFE 2017 workshop held at the SenSys 2017 conference. Finally, I. Baldin et al. summarise in The Future of Distributed Network Research Infrastructure the lessons that they learned from the Global Environment for Network Innovations (GENI) infrastructure and provide several directions for future research projects.

I hope that you will enjoy reading this new issue and welcome comments and suggestions on CCR Online or by email at ccr-editor at sigcomm.org.

Olivier Bonaventure

CCR Editor

Scanning the Internet for Liveness

Shehar Bano, Philipp Richter, Mobin Javed, Srikanth Sundaresan, Zakir Durumeric, Steven J. Murdoch, Richard Mortier, Vern Paxson

Abstract

Internet-wide scanning depends on a notion of liveness: does a target IP address respond to a probe packet? However, the interpretation of such responses, or lack of them, is nuanced and depends on multiple factors, including: how we probed, how different protocols in the network stack interact, the presence of filtering policies near the target, and temporal churn in IP responsiveness. Although often neglected, these factors can significantly affect the results of active measurement studies. We develop a taxonomy of liveness which we employ to develop a method to perform concurrent IPv4 scans using ICMP, five TCP-based, and two UDP-based protocols, comprehensively capturing all responses to our probes, including negative and cross-layer responses. Leveraging our methodology, we present a systematic analysis of liveness and how it manifests in active scanning campaigns, yielding practical insights and methodological improvements for the design and the execution of active Internet measurement studies.

Download the full article DOI:10.1145/3213232.3213234

A First Look at Certification Authority Authorization (CAA)

Quirin Scheitle, Taejoong Chung, Jens Hiller, Oliver Gasser, Johannes Naab, Roland van Rijswijk-Deij, Oliver Hohlfeld, Ralph Holz, Dave Choffnes, Alan Mislove, Georg Carle

Abstract

Shaken by severe compromises, the Web’s Public Key Infrastructure has seen the addition of several security mechanisms over recent years. One such mechanism is the Certification Authority Authorization (CAA) DNS record, that gives domain name holders control over which Certification Authorities (CAs) may issue certificates for their domain. First defined in RFC 6844, adoption by the CA/B forum mandates that CAs validate CAA records as of September 8, 2017. The success of CAA hinges on the behavior of three actors: CAs, domain name holders, and DNS operators. We empirically study their behavior, and observe that CAs exhibit patchy adherence in issuance experiments, domain name holders configure CAA records in encouraging but error-prone ways, and only six of the 31 largest DNS operators enable customers to add CAA records. Furthermore, using historic CAA data, we uncover anomalies for already-issued certificates. We disseminated our results in the community. This has already led to specific improvements at several CAs and revocation of mis-issued certificates. Furthermore, in this work, we suggest ways to improve the security impact of CAA. To foster further improvements and to practice reproducible research, we share raw data and analysis tools.

Download the full article DOI:10.1145/3213232.3213235

Towards Slack-Aware Networking

Fahad R. Dogar

Abstract

We are moving towards an Internet where most of the packets may be consumed by machines — set-top-boxes or smart-phone apps prefetching content, Internet of Things (IoT) devices uploading their data to the cloud, or data centers doing geo-distributed replication. We observe that such machine centric communication can afford to have slack built into it: every packet can be marked as to when it will be consumed in future. Slack could be anywhere from seconds to hours or even days. In this paper, we make a case for slack-aware networking by illustrating slack opportunities that arise for a wide range of applications as they interact with the cloud and its pricing models (e.g., spot pricing). We also sketch the design of SlackStack, a network stack with explicit support for slack at multiple levels of the stack, from a slack-based interface to slack-aware optimizations at the transport and network layers.

Download the full article DOI:10.1145/3213232.3213236

VANETs’ research over the past decade: overview, credibility, and trends

Elmano Ramalho Cavalcanti, Jose Anderson Rodrigues de Souza, Marco Aurelio Spohn, Reinaldo Cezar de Morais Gomes, Anderson Fabiano Batista Ferreira da Costa

Abstract

Since its inception, Vehicular Ad hoc Networks (VANETs) have been attracting much attention from both academia and industry. As for other wireless networking areas, scientific advancements are mainly due to the employment of simulation tools and mathematical models. After surveying 283 papers published in the last decade on vehicular networking, we pinpoint the main studied topics as well the most employed tools, pointing out the changes in research subject preference over the years. As a key contribution, we also evaluate to what extent the research community has evolved concerning the principles of credibility in simulation-based studies, such as repeatability and replicability, comparing our results with previous studies.

Download the full article DOI:10.1145/3213232.3213237

Failures from the Environment, a Report on the First FAILSAFE workshop

Michael Breza, Ivana Tomic, Julie McCann

Abstract

This document presents the views expressed in the submissions and discussions at the FAILSAFE workshop about the common problems that plague embedded sensor system deployments in the wild. We present analysis gathered from the submissions and the panel session of the FAILSAFE 2017 workshop held at the SenSys 2017 conference. The FAILSAFE call for papers specifically asked for descriptions of wireless sensor network (WSN) deployments and their problems and failures. The submissions, the questions raised at the presentations, and the panel discussion give us a sufficient body of work to review, and draw conclusions regarding the effect that the environment has as the most common cause of embedded sensor system failures.

Download the full article DOI:10.1145/3213232.3213238

The Future of CISE Distributed Research Infrastructure

Ilya Baldin, Tilman Wolf, et al.

Abstract

The following paper represents an initial snapshot of the community vision for a possible future of CISE distributed research infrastructure aimed at enabling new types of research and discoveries. As such, it is only the first step in helping define this vision. It is expected that it will change over time as the research community contributes new ideas.

Download the full article DOI:10.1145/3213232.3213239