DCNET 2014 Abstracts


Short Papers
Paper Nr: 3
Title:

Routing Strategy of a Prioritized Limited Multi-Server Processor-Sharing System

Authors:

Yoshiaki Shikata and Nobutane Hanayama

Abstract: In this work, routing strategies of an arriving request to a server in a prioritized limited multi-server processor-sharing (PS) system are studied in order to optimize a given performance criterion. In this system, an arriving request enters the dispatcher, which routes this request to each server according to a predetermined strategy. In the prioritized limited PS server, a high-priority request is allocated a service ratio that is m (called the priority ratio) times greater than that of a low-priority request. Moreover, the sum of the number of the requests receiving service is restricted to a fixed value. The arriving request which cannot receive service will be queued (waiting system) or rejected (loss system). In this server, at the arrival (or departure) of a request, the extension (or shortening) of the remaining sojourn time of each request that is receiving service can be calculated using the number of requests and priority ratio. Employing a simulation program to execute these events and calculations enables us to analyze the performance of this system, such as the loss probability, mean sojourn time, and mean waiting time. Based on the evaluation results, the most suitable routing strategy for the loss or waiting system is clarified.

Paper Nr: 8
Title:

AVP - An Android Virtual Playground

Authors:

François Gagnon, Frédéric Lafrance, Simon Frenette and Simon Hallé

Abstract: This paper presents a virtual test-bed for the Android platform named AVP - Android Virtual Playground. The focus of AVP is the automatization of the manipulations required to perform a network experiment, in a very broad sense, involving Android virtual devices. A central objective of AVP is data collection during experiments. Together with describing the different steps of using AVP, from the specification of the experiment to the visualization of the results, the paper presents the current capabilities of AVP.

Paper Nr: 9
Title:

Towards Identification of Operating Systems from the Internet Traffic - IPFIX Monitoring with Fingerprinting and Clustering

Authors:

Petr Matoušek, Ondřej Ryšavý, Matěj Grégr and Martin Vymlátil

Abstract: This paper deals with identification of operating systems (OSs) from the Internet traffic. Every packet injected on the network carries a specific information in its packet header that reflects the initial settings of a host’s operating system. The set of such features forms a fingerprint. The OS fingerprint usually includes an initial TTL time, a TCP initial window time, a set of specific TCP options, and other values obtained from IP and TCP headers. Identification of OSs can be useful for monitoring a traffic on a local network and also for security purposes. In our paper we focus on the passive fingerprinting using TCP SYN packets that is incorporated to a IPFIX probe. Our tool enhances standard IPFIX records by additional information about OSs. Then, it sends the records to an IPFIX collector where network statistics are stored and presented to the network administrator. If identification is not successful, a further HTTP header check is employed and the fingerprinting database in the probe is updated. Our fingerprinting technique can be extended using cluster analysis as presented in this paper. As we show the clustering adds flexibility and dynamics to the fingerprinting. We also discuss the impact of IPv6 protocol on the passive fingerprinting.

Paper Nr: 13
Title:

Papers, Please... - X.509 Certificate Revocation in Practice

Authors:

Manuel Koschuch and Ronald Wagner

Abstract: X.509v3 certificates are the current standard of verifiable associating an entity with a public key, and are widely used in different networking applications: from HTTPS in browsers, SSH connections, to e-mail, PDF and code signing. This wide usage also necessitates the existence of a robust, reliable way to detect and deal with compromised or otherwise invalid certificates. Certificate Revocation Lists (CRLs) and the Online Certificate Status Protocol (OCSP) are the two mechanisms currently deployed to handle revoked certificates. In this position paper we present preliminary results of our research into the practical use of these protocols, using an existing data-set to show that almost 85% of certificates currently in use contain no revocation information, and compare different browsers under different operating systems as to their dealing with unreachable OCSP servers. We find that browser behaviour in this case ranges from opening the site without any warnings whatsoever to totally blocking it, indicating no clear default reaction and no reliable behaviour.

Paper Nr: 18
Title:

A SCTP-based Authentication Protocol: SCTPAP

Authors:

Malek Rekik, Amel Meddeb-Makhlouf, Faouzi Zarai, Mohammad S. Obaidat and K. F. Hsiao

Abstract: Multihoming is among the features of SCTP (Stream Control Transmission Protocol), which makes it more robust and efficient than TCP (Transmission Control Protocol) but more vulnerable under attack. Nevertheless, a strong security can degrade the QoS(Quality of Service) by adding additional delay. Therefore, we propose in this paper, a secure authentication protocol that supports the establishment of multiple connections to protect multihoming networks with the least number of messages, number of parameters in each message and number of communicating nodes. The proposed scheme provides lower delay of authentication and protects against several attacks. Our devised protocol is analyzed using SPAN (Security Protocol Animator) for AVISPA (Automated Validation of Internet Security Protocols and Applications) tool. The obtained validation results show that the scheme is safe

Posters
Paper Nr: 12
Title:

Remote Laboratory for Computer Networks

Authors:

Ladislav Balik, Josef Horalek, Vladimir Sobeslav and Ondrej Hornig

Abstract: The article introduces the reasons for realisation of the remote laboratory of computer networks which originate from the comparisons of the alternatives of working with the specialised networking hardware. These use the principle of virtualisation or simulation of such devices as an alternative for obtaining competencies from the area of computer networks. Due to this reason, this article discusses other technical solutions and the analysis of usability of such solutions is conducted. For a maximal efficiency of the networking hardware utilization in laboratories it is necessary to make it fully available for students which is the 24/7 regime. This option can be executed using secure technologies and protocols for distant accessing of laboratory hardware. This solution, which is based on using console controllers and single utility interface, is introduced and described in detail in the following paragraphs. Moreover, from the analysis of the pilot operation of remote access to the laboratory equipment of the networking laboratory, suggestions for improvement of the current solution and its usage in fully working condition – access to a greater number of students in unlimited regime – can be obtained.

Paper Nr: 15
Title:

The Bio-Inspired and Social Evolution of Node and Data in a Multilayer Network

Authors:

Marialisa Scatà, Alessandro Di Stefano, Evelina Giacchi, Aurelio La Corte and Pietro Liò

Abstract: Following a bio-inspired approach, applied to multilayer social networks, the idea is to build a novel paradigm aimed to improve methodologies and analysis in the Information and Communication Technologies. The social network and the multilayer structure allow to carry out an analysis of the complex patterns, in terms of the dynamics involving the main entities, nodes and data. The nodes represent the basic kernel from which generating ties, interactions, flow of information, influences and action strategies that affect the communities. The data, gathered from multiple sources, after their integration, will become complex objects, enclosing different kinds of information. The proposed approach introduces a level of abstraction that originates from the evolution of nodes and data transformed in “social objects”. This new paradigm consists of a multilayer social network, divided into three layers, generating an increasing awareness, from “things” to “knowledge”, extracting as much “knowledge” as possible. This paradigm allows to redesign the ICT in a bio-networks driven approach.