Category Archives: CCR July 2020

The July 2020 issue

This July 2020 issue contains four technical papers, the second paper of our education series, as well as two editorial notes.

The first technical paper, Tracking the deployment of TLS 1.3 on the Web: A story of experimentation and centralization, by Ralph Holz and his colleagues, deals with Transport Layer Security (TLS) 1.3, a redesign of the Web’s most important security protocol. TLS 1.3 was standardized in August 2018 after a four year-long, unprecedented design process involving many cryptographers and industry stakeholders. In their work, the authors track deployment, uptake, and use of TLS 1.3 from the early design phase until well over a year after standardization.

The second technical paper, Does Domain Name Encryption Increase Users’ Privacy?, by Martino Trevisan and colleagues, is on a topic related to the first technical paper. This work shows that DNS over HTTP (DoH) does not offer the privacy protection that many assume. For the purposes of reproducibility, the authors provide the data used under NDA with the institution owning the data. The authors also share config files and ML environment details in the interest of promoting replicability in other environments.

Our third paper, Using Application Layer Banner Data to Automatically Identify IoT Devices, by Talha Javed and his colleagues, is of the “repeatable technical papers” type, which are technical contributions that provide their artefacts, e.g., software, datasets. This paper attempts to replicate a Usenix Security 2018 paper. It describes the efforts of the authors at re-implementing the solution described in the Usenix Security paper, especially the challenges encountered when authors of the original paper are unwilling to respond to requests for artefacts. We hope it will encourage additional reproducibility studies.

The fourth paper, Towards Declarative Self-Adapting Buffer Management, by Pavel Chuprikov and his colleagues, introduces a novel machine learning based approach to buffer management. The idea is to provide a queue management infrastructure that automatically adapts to traffic changes and identifies the policy that is hypothetically best suited for current traffic patterns. The authors adopt a multi-armed bandits model, and given that different objectives and assumptions lead to different bandit algorithms, they discuss and explore the design space while providing an experimental evaluation that validates their recommendations. The authors provide a GitHub repository that allows for the reproducibility of their result through the NS-2 simulator.

The fifth paper, also our second paper in the new education series, Open Educational Resources for Computer Networking, by Olivier Bonaventure and his colleagues, describes an effort to create an online, interactive textbook for computer networking. What distinguishes this textbook from traditional ones is that it not only is it free and available for anyone in the world to use, but also, it is also interactive. Therefore, this goes way beyond what a textbook usually offers: it is an interactive learning platform for computer networking. The authors here report on about ten years of experience with it, that led to some interesting experiences and lessons learned.

Then, we have two editorial notes. The first, Lessons Learned Organizing the PAM 2020 Virtual Conference, by Chris Misa and his colleagues, reports on the experience from the organizing committee of the 2020 edition of the Passive and Active Measurement (PAM) conference, that took place as a virtual event. It provides important lessons learned for future conferences that decide to go for a virtual event. The second editorial note, Update on ACM SIGCOMM CCR reviewing process: making the review process more open, by the whole CCR editorial board, aims to inform the SIGCOMM community on the reviewing process in place currently at CCR, and to share our plans to make CCR a more open and welcoming venue, adding more value to the SIGCOMM community.

I hope that you will enjoy reading this new issue and welcome comments and suggestions on CCR Online (https: //ccronline.sigcomm.org) or by email at ccr-editor at sigcomm.org.

Update on ACM SIGCOMM CCR reviewing process: towards a more open review process

Ralph Holz, Marco Mellia, Olivier Bonaventure, Hamed Haddadi, Matthew Caesar, Sergey Gorinsky, Gianni Antichi, Joseph Camp, kc Klaffy, Bhaskaran Raman, Anna Sperotto, Aline Viana, Steve Uhlig

Abstract

This editorial note aims to first inform the SIGCOMM community on the reviewing process in place currently at CCR, and second, share our plans to make CCR a more open and welcoming venue by making changes to the review process, adding more value to the SIGCOMM community.

Download the full article (from ACM)

Preprint

Lessons learned organizing the PAM 2020 virtual conference

Chris Misa, Dennis Guse, Oliver Hohlfeld, Ramakrishnan Durairajan, Anna Sperotto, Alberto Dainotti, Reza Rejaie

Abstract

Due to the COVID-19 pandemic, the organizing committee of the 2020 edition of the Passive and Active Measurement (PAM) conference decided to organize it as a virtual event. Unfortunately, little is known about designing and organizing virtual academic conferences in the networking domain and their impacts on the participants’ experience. In this editorial note, we first provide challenges and rationale for various organizational decisions we made in designing the virtual format of PAM 2020. We then illustrate the key results from a questionnaire-based survey of participants’ experience showing that, while virtual conferences have the potential to broaden participation and strengthen focus on technical content, they face serious challenges in promoting social interactions and broadening the scope of discussions. We conclude with key takeaways, lessons learned, and suggestions for future virtual conferences distilled from this experience.

Download the full article (from ACM)

Preprint

Open Educational Resources for Computer Networking

Olivier Bonaventure, Quentin De Coninck, Fabien Duchêne, Anthony Gego, Mathieu Jadin, François Michel, Maxime Piraux, Chantal Poncin, Olivier Tilmans

Abstract

To reflect the importance of network technologies, networking courses are now part of the core materials of Computer Science degrees. We report our experience in jointly developing an open-source ebook for the introductory course, and a series of open educational resources for both the introductory and advanced networking courses. These ensure students actively engage with the course materials, through a hands-on approach; and scale to the larger classrooms and limited teaching staff, by leveraging open-source resources and an automated grading platform to provide feedback. We evaluate the impact of these pedagogical innovations by surveying the students, who indicated that these were helpful for them to master the course materials.

Download the full article (from ACM)

Preprint

Using Application Layer Banner Data to Automatically Identify IoT Devices

Talha Javed, Muhammad Haseeb, Muhammad Abdullah, Mobin Javed

Abstract

In this paper, we re-implement a recent work published in Usenix Security 2018: “Acquistional Rule Based Engine for Discovering Internet-of-Things Devices”. The paper introduced an NLP-based engine for automatically identifying the type, vendor, and product of IoT devices given banner data as input. We report on our efforts to reproduce the original implementation of the engine, documenting ambiguities around implementation and evaluation details that we encountered, as well as how we addressed them in our work. We evaluate our implementation on two ground truth datasets, finding that it fails to achieve the accuracy reported by the original authors. Our findings highlight the importance of recent community efforts towards a culture of reproducibility by presenting an example of how ambiguities in a research paper combined with lack of access to the original datasets can significantly affect a faithful re-implementation and evaluation.

Download the full article (from ACM)

Preprint

Towards Declarative Self-Adapting Buffer Management

Pavel Chuprikov, Sergey Nikolenko, Kirill Kogan

Abstract

Buffering architectures and policies for their efficient management are one of the core ingredients of network architecture. However, despite strong incentives to experiment with and deploy new policies, opportunities for changing or automatically choosing anything beyond a few parameters in a predefined set of behaviors still remain very limited. We introduce a novel buffer management framework based on machine learning approaches which automatically adapts to traffic conditions changing over time and requires only limited knowledge from network operators about the dynamics and optimality of desired behaviors. We validate and compare various design options with a comprehensive evaluation study.

Download the full article (from ACM)

Preprint

Does Domain Name Encryption Increase Users’ Privacy?

Martino Trevisan, Francesca Soro, Idilio Drago, Marco Mellia, Ricardo Morla

Abstract

Knowing domain names associated with traffic allows eavesdroppers to profile users without accessing packet payloads. Encrypting domain names transiting the network is, therefore, a key step to increase network confidentiality. Latest efforts include encrypting the TLS Server Name Indication (eSNI extension) and encrypting DNS traffic, with DNS over HTTPS (DoH) representing a prominent proposal. In this paper, we show that an attacker able to observe users’ traffic relying on plain-text DNS can uncover the domain names of users relying on eSNI or DoH. By relying on large-scale network traces, we show that simplistic features and off-the-shelf machine learning models are sufficient to achieve surprisingly high precision and recall when recovering encrypted domain names. The triviality of the attack calls for further actions to protect privacy, in particular considering transient scenarios in which only a fraction of users will adopt these new privacy-enhancing technologies.

Download the full article (from ACM)

Preprint

Tracking the deployment of TLS 1.3 on the Web: A story of experimentation and centralization

Ralph HolzJens Hiller, Johanna Amann, Abbas Razaghpanah, Thomas Jost, Narseo Vallina-Rodriguez, Oliver Hohlfeld

Abstract

Transport Layer Security (TLS) 1.3 is a redesign of the Web’s most important security protocol. It was standardized in August 2018 after a four year-long, unprecedented design process involving many cryptographers and industry stakeholders. We use the rare opportunity to track deployment, uptake, and use of a new mission-critical security protocol from the early design phase until well over a year after standardization. For a profound view, we combine and analyze data from active domain scans, passive monitoring of large networks, and a crowd-sourcing effort on Android devices. In contrast to TLS 1.2, where adoption took more than five years and was prompted by severe attacks on previous versions, TLS 1.3 is deployed surprisingly speedily and without security concerns calling for it. Just 15 months after standardization, it is used in about 20% of connections we observe. Deployment on popular domains is at 30% and at about 10% across the com/net/org top-level domains (TLDs). We show that the development and fast deployment of TLS 1.3 is best understood as a story of experimentation and centralization. Very few giant, global actors drive the development. We show that Cloudflare alone brings deployment to sizable numbers and describe how actors like Facebook and Google use their control over both client and server endpoints to experiment with the protocol and ultimately deploy it at scale. This story cannot be captured by a single dataset alone, highlighting the need for multi-perspective studies on Internet evolution.

Download the full article (from ACM)

Preprint