Tag Archives: scientific

COSMOS educational toolkit: using experimental wireless networking to enhance middle/high school STEM education

P. Skrimponis, N. Makris, S. Rajguru, K. Cheng, J. Ostrometzky, E. Ford, Z. Kostic, G. Zussman, T. Korakis

Abstract

This paper focuses on the educational activities of COSMOS – __C__loud enhanced __O__pen __S__oftware defined __MO__bile wireless testbed for city __S__cale deployment. The COSMOS wireless research testbed is being deployed in West Harlem (New York City) as part of the NSF Platforms for Advanced Wireless Research (PAWR) program. COSMOS’ approach for K–12 education is twofold: (i) create an innovative and concrete set of methods/tools that allow teaching STEM subjects using live experiments related to wireless networks/IoT/cloud, and (ii) enhance the professional development (PD) of K–12 teachers and collaborate with them to create hands-on educational material for the students. The COSMOS team has already conducted successful pilot summer programs for middle and high school STEM teachers, where the team worked with the teachers and jointly developed innovative real-world experiments that were organized as automated and repeatable math, science, and computer science labs to be used in the classroom. The labs run on the COSMOS Educational Toolkit, a hardware and software system that offers a large variety of pre-orchestrated K–12 educational labs. The software executes and manages the experiments in the same operational philosophy as the COSMOS testbed. Specifically, since it is designed for use by non-technical middle and high school teachers/students, it adds easy-to-use enhancements to the experiments’ execution and the results visualization. The labs are also supported by Next Generation Science Standards (NGSS)-compliant teacher/student material. This paper describes the teachers’ PD program, the NGSS lessons created and the hardware and software system developed to support the initiative. Additionally, it provides an evaluation of the PD approach as well as the expected impact on K–12 STEM education. Current limitations and future work are also included as part of the discussion section.

Download the full article (from ACM)

Retrofitting Post-Quantum Cryptography in Internet Protocols: A Case Study of DNSSEC

M. Mueller, J. de Jong, M. van Heesch, B. Overeinder, R. van Rijswijk-Deij

Abstract

Quantum computing is threatening current cryptography, especially the asymmetric algorithms used in many Internet protocols. More secure algorithms, colloquially referred to as Post-Quantum Cryptography (PQC), are under active development. These new algorithms differ significantly from current ones. They can have larger signatures or keys, and often require more computational power. This means we cannot just replace existing algorithms by PQC alternatives, but need to evaluate if they meet the requirements of the Internet protocols that rely on them.

In this paper we provide a case study, analyzing the impact of PQC on the Domain Name System (DNS) and its Security Extensions (DNSSEC). In its main role, DNS translates human-readable domain names to IP addresses and DNSSEC guarantees message integrity and authenticity. DNSSEC is particularly challenging to transition to PQC, since DNSSEC and its underlying transport protocols require small signatures and keys and efficient validation. We evaluate current candidate PQC signature algorithms in the third round of the NIST competition on their suitability for use in DNSSEC. We show that three algorithms, partially, meet DNSSEC’s requirements but also show where and how we would still need to adapt DNSSEC. Thus, our research lays the foundation for making DNSSEC, and protocols with similar constraints ready for PQC.

Download the full article (from ACM)

Mobile Web Browsing Under Memory Pressure

I. Qazi, Z. Qazi, T. Benson, E. Latif, A. Manan, G. Murtaza, M. Tariq

Abstract

Mobile devices have become the primary mode of Internet access. Yet, differences in mobile hardware resources, such as device memory, coupled with the rising complexity of Web pages can lead to widely different quality of experience for users. In this work, we analyze how device memory usage affects Web browsing performance. We quantify the memory footprint of popular Web pages over different mobile devices, mobile browsers, and Android versions, analyze the induced memory distribution across different browser components (e.g., JavaScript engine and compositor), investigate how performance gets impacted under memory pressure and propose optimizations to reduce the memory footprint of Web browsing. We show that these optimizations can improve performance and reduce chances of browser crashes in low memory scenarios.

Download the full article (from ACM)

A first look at the IP eXchange ecosystem

A. Lutu, B. Jun, F. Bustamante, D. Perino, M. Braun, C. Bontje

Abstract

The IPX Network interconnects about 800 Mobile Network Operators (MNOs) worldwide and a range of other service providers (such as cloud and content providers). It forms the core that enables global data roaming while supporting emerging applications, from VoLTE and video streaming to IoT verticals. This paper presents the first characterization of this, so-far opaque, IPX ecosystem and a first-of-its-kind in-depth analysis of an IPX Provider (IPX-P). The IPX Network is a private network formed by a small set of tightly interconnected IPX-Ps. We analyze an operational dataset from a large IPX-P that includes BGP data as well as statistics from signaling. We shed light on the structure of the IPX Network as well as on the temporal, structural and geographic features of the IPX traffic. Our results are a first step in understanding the IPX Network at its core, key to fully understand the global mobile Internet.

Download the full article (from ACM)

LoRadar: LoRa Sensor Network Monitoring through Passive Packet Sniffing

K. Choi, H. Kolamunna, A. Uyanwatta, K. Thilakarathna, S. Seneviratne, R. Holz, M. Hassan, A. Zomaya

Abstract

IoT deployments targeting different application domains are being unfolded at various administrative levels such as countries, states, corporations, or even individual households. Facilitating data transfers between deployed sensors and back-end cloud services is an important aspect of IoT deployments. These data transfers are usually done using Low Power WAN technologies (LPWANs) that have low power consumption and support longer transmission ranges. LoRa (Long Range) is one such technology that has recently gained significant popularity due to its ease of deployment. In this paper, we present LoRadar, a passive packet sniffing framework for LoRa’s Medium Access Control (MAC) protocol, LoRaWAN. LoRadar is built using commodity hardware. By carrying out passive measurements at a given location, LoRadar provides key insights of LoRa deployments such as available LoRa networks, deployed sensors, their make, and transmission patterns. Since LoRa deployments are becoming more pervasive, this information is pivotal in characterizing network performance, comparing different LoRa operators, and in emergencies or tactical operations to quickly assess available sensing infrastructure at a given geographical location. We validate the performance of LoRadar in both laboratory and real network settings and conduct a measurement study at eight key locations distributed over a large city-wide geographical area to provide an in-depth analysis of the landscape of commercial IoT deployments. Furthermore, we show the usage of LoRadar in improving the network such as potential collision and jamming detection, device localization, as well as spectrum policing to identify devices that violate the daily duty-cycle quota. Our results show that most of the devices transmitting over the SF12 data rate at one of the survey location were violating the network provider’s quota.

Download the full article (from ACM)

Partitioning the Internet using Anycast Catchments

Kyle Schomp and Rami Al-Dalky

Abstract

In anycast deployments, knowing how traffic will be distributed among the locations is challenging. In this paper, we propose a technique for partitioning the Internet using passive measurements of existing anycast deployments such that all IP addresses within a partition are routed to the same location for an arbitrary anycast deployment. One IP address per partition may then represent the entire partition in subsequent measurements of specific anycast deployments. We implement a practical version of our technique and apply it to production traffic from an anycast authoritative DNS service of a major CDN and demonstrate that the resulting partitions have low error even up to 2 weeks after they are generated.

Download the full article (from ACM)

Open Educational Resources for Computer Networking

Olivier Bonaventure, Quentin De Coninck, Fabien Duchêne, Anthony Gego, Mathieu Jadin, François Michel, Maxime Piraux, Chantal Poncin, Olivier Tilmans

Abstract

To reflect the importance of network technologies, networking courses are now part of the core materials of Computer Science degrees. We report our experience in jointly developing an open-source ebook for the introductory course, and a series of open educational resources for both the introductory and advanced networking courses. These ensure students actively engage with the course materials, through a hands-on approach; and scale to the larger classrooms and limited teaching staff, by leveraging open-source resources and an automated grading platform to provide feedback. We evaluate the impact of these pedagogical innovations by surveying the students, who indicated that these were helpful for them to master the course materials.

Download the full article (from ACM)

Preprint

Using Application Layer Banner Data to Automatically Identify IoT Devices

Talha Javed, Muhammad Haseeb, Muhammad Abdullah, Mobin Javed

Abstract

In this paper, we re-implement a recent work published in Usenix Security 2018: “Acquistional Rule Based Engine for Discovering Internet-of-Things Devices”. The paper introduced an NLP-based engine for automatically identifying the type, vendor, and product of IoT devices given banner data as input. We report on our efforts to reproduce the original implementation of the engine, documenting ambiguities around implementation and evaluation details that we encountered, as well as how we addressed them in our work. We evaluate our implementation on two ground truth datasets, finding that it fails to achieve the accuracy reported by the original authors. Our findings highlight the importance of recent community efforts towards a culture of reproducibility by presenting an example of how ambiguities in a research paper combined with lack of access to the original datasets can significantly affect a faithful re-implementation and evaluation.

Download the full article (from ACM)

Preprint

Towards Declarative Self-Adapting Buffer Management

Pavel Chuprikov, Sergey Nikolenko, Kirill Kogan

Abstract

Buffering architectures and policies for their efficient management are one of the core ingredients of network architecture. However, despite strong incentives to experiment with and deploy new policies, opportunities for changing or automatically choosing anything beyond a few parameters in a predefined set of behaviors still remain very limited. We introduce a novel buffer management framework based on machine learning approaches which automatically adapts to traffic conditions changing over time and requires only limited knowledge from network operators about the dynamics and optimality of desired behaviors. We validate and compare various design options with a comprehensive evaluation study.

Download the full article (from ACM)

Preprint

Does Domain Name Encryption Increase Users’ Privacy?

Martino Trevisan, Francesca Soro, Idilio Drago, Marco Mellia, Ricardo Morla

Abstract

Knowing domain names associated with traffic allows eavesdroppers to profile users without accessing packet payloads. Encrypting domain names transiting the network is, therefore, a key step to increase network confidentiality. Latest efforts include encrypting the TLS Server Name Indication (eSNI extension) and encrypting DNS traffic, with DNS over HTTPS (DoH) representing a prominent proposal. In this paper, we show that an attacker able to observe users’ traffic relying on plain-text DNS can uncover the domain names of users relying on eSNI or DoH. By relying on large-scale network traces, we show that simplistic features and off-the-shelf machine learning models are sufficient to achieve surprisingly high precision and recall when recovering encrypted domain names. The triviality of the attack calls for further actions to protect privacy, in particular considering transient scenarios in which only a fraction of users will adopt these new privacy-enhancing technologies.

Download the full article (from ACM)

Preprint