Showing papers on "Handshake published in 2022"

One to Rule them All? A First Look at DNS over QUIC

Abstract: The DNS is one of the most crucial parts of the Internet. Since the original DNS specifications defined UDP and TCP as the underlying transport protocols, DNS queries are inherently unencrypted, making them vulnerable to eavesdropping and on-path manipulations. Consequently, concerns about DNS privacy have gained attention in recent years, which resulted in the introduction of the encrypted protocols DNS over TLS (DoT) and DNS over HTTPS (DoH). Although these protocols address the key issues of adding privacy to the DNS, they are inherently restrained by their underlying transport protocols, which are at strife with, e.g., IP fragmentation or multi-RTT handshakes - challenges which are addressed by QUIC. As such, the recent addition of DNS over QUIC (DoQ) promises to improve upon the established DNS protocols. However, no studies focusing on DoQ, its adoption, or its response times exist to this date - a gap we close with our study. Our active measurements show a slowly but steadily increasing adoption of DoQ and reveal a high week-over-week fluctuation, which reflects the ongoing development process: As DoQ is still in standardization, implementations and services undergo rapid changes. Analyzing the response times of DoQ, we find that roughly 40% of measurements show considerably higher handshake times than expected, which traces back to the enforcement of the traffic amplification limit despite successful validation of the client's address. However, DoQ already outperforms DoT as well as DoH, which makes it the best choice for encrypted DNS to date.

Handshake Logic-Based Event-Triggered Load Frequency Control for Smart Grids Under DoS Attacks

Abstract: This article investigates the load frequency control (LFC) problem for smart grids with denial-of-service (DoS) attacks via a novel event-triggered control method. In order to sustain the stable operation of the smart grids, a handshake logic-based event-triggered communication scheme is proposed. The targets of the designed controller are twofold. First, an event-triggered mechanism with a handshake logic-based concept is proposed to save network resources. In this triggering method, a handshake protocol is used to detect DoS attacks in the communication networks. Second, by employing Lyapunov stability theory, sufficient stabilization criteria ensuring the uncertain LFC systems being asymptotically stable are deduced. Based on these conditions, the corresponding state-feedback controller design method is given. Finally, a simulation of a two-area power system with electric vehicles is given as an example to substantiate the proposed method of this article.

A Symbolic Analysis of Privacy for TLS 1.3 with Encrypted Client Hello

Abstract: TLS 1.3, the newest version of the Transport Layer Security (TLS) protocol, provides strong authentication and confidentiality guarantees that have been comprehensively analyzed in a variety of formal models. However, despite its controversial use of handshake meta-data encryption, the privacy guarantees of TLS 1.3 remain weak and poorly understood. For example, the protocol reveals the identity of the target server to network attackers, allowing the passive surveillance and active censorship of TLS connections. To close this gap, the IETF TLS working group is standardizing a new privacy extension called Encrypted Client Hello (ECH, previously called ESNI), but the absence of a formal privacy model makes it hard to verify that this extension works. Indeed, several early drafts of ECH were found to be vulnerable to active network attacks. In this paper, we present the first mechanized formal analysis of privacy properties for the TLS 1.3 handshake. We study all standard modes of TLS 1.3, with and without ECH, using the symbolic protocol analyzer ProVerif. We discuss attacks on ECH, some found during the course of this study, and show how they are accounted for in the latest version. Our analysis has helped guide the standardization process for ECH and we provide concrete privacy recommendations for TLS implementors. We also contribute the most comprehensive model of TLS 1.3 to date, which can be used by designers experimenting with new extensions to the protocol. Ours is one of the largest privacy proofs attempted using an automated verification tool and may be of general interest to protocol analysts.

On IND-qCCA Security in the ROM and Its Applications - CPA Security Is Sufficient for TLS 1.3

Abstract: Bounded IND-CCA security (IND-qCCA) is a notion similar to the traditional IND-CCA security, except the adversary is restricted to a constant number q of decryption/decapsulation queries. We show in this work that IND-qCCA is easily obtained from any passively secure PKE in the (Q)ROM. That is, simply adding a confirmation hash or computing the key as the hash of the plaintext and ciphertext holds an IND-qCCA KEM. In particular, there is no need for derandomization or re-encryption as in the Fujisaki-Okamoto (FO) transform [15]. This makes the decapsulation process of such IND-qCCA KEM much more efficient than its FO-derived counterpart. In addition, IND-qCCA KEMs could be used in the recently proposed KEMTLS protocol [29] that requires IND-1CCA ephemeral key-exchange mechanisms, or in TLS 1.3. Then, using similar proof techniques, we show that CPA-secure KEMs are sufficient for the TLS 1.3 handshake to be secure, solving an open problem in the ROM. In turn, this implies that the PRF-ODH assumption used to prove the security of TLS 1.3 is not necessary and can be replaced by the CDH assumption in the ROM. We also highlight and briefly discuss several use cases of IND-1CCA KEMs in protocols and ratcheting primitives.

Encrypted Malicious Traffic Detection Based on Word2Vec

Abstract: Network-based intrusion detections become more difficult as Internet traffic is mostly encrypted. This paper introduces a method to detect encrypted malicious traffic based on the Transport Layer Security handshake and payload features without waiting for the traffic session to finish while preserving privacy. Our method, called TLS2Vec, creates words from the extracted features and uses Long Short-Term Memory (LSTM) for inference. We evaluated our method using traffic from three malicious applications and a benign application that we obtained from two publicly available datasets. Our results showed that TLS2Vec is promising as a tool to detect such malicious traffic.

Post-quantum Asynchronous Deniable Key Exchange and the Signal Handshake

Abstract: The key exchange protocol that establishes initial shared secrets in the handshake of the Signal end-to-end encrypted messaging protocol has several important characteristics: (1) it runs asynchronously (without both parties needing to be simultaneously online), (2) it provides implicit mutual authentication while retaining deniability (transcripts cannot be used to prove either party participated in the protocol), and (3) it retains security even if some keys are compromised (forward secrecy and beyond). All of these properties emerge from clever use of the highly flexible Diffie–Hellman protocol. While quantum-resistant key encapsulation mechanisms (KEMs) can replace Diffie–Hellman key exchange in some settings, there is no replacement for the Signal handshake solely from KEMs that achieves all three aforementioned properties, in part due to the inherent asymmetry of KEM operations. In this paper, we show how to construct asynchronous deniable key exchange by combining KEMs and designated verifier signature (DVS) schemes, matching the characteristics of Signal. There are several candidates for post-quantum DVS schemes, either direct constructions or via ring signatures. This yields a template for an efficient post-quantum realization of the Signal handshake with the same asynchronicity and security properties as the original Signal protocol.

Post-Quantum Cryptography in Use: Empirical Analysis of the TLS Handshake Performance

Abstract: With the increasing speed in the development of quantum computers, secure communication is at risk. A promising candidate to replace existing cryptographic patterns with quantum-secure variants is Post-Quantum Cryptography (PQC). This paper presents an empirical analysis of how Post-Quantum Cryptography affects real-world performance compared to classical cryptography. Therefore we analyze the Transport Layer Security (TLS) handshake performance showing that Post-Quantum Cryptography can be as fast or even faster than classical cryptography, depending on the specific encryption and signature algorithms used.

On the Concrete Security of TLS 1.3 PSK Mode

Abstract: The pre-shared key (PSK) handshake modes of TLS 1.3 allow for the performant, low-latency resumption of previous connections and are widely used on the Web and by resource-constrained devices, e.g., in the Internet of Things. Taking advantage of these performance benefits with optimal and theoretically-sound parameters requires tight security proofs. We give the first tight security proofs for the TLS 1.3 PSK handshake modes. Our main technical contribution is to address a gap in prior tight security proofs of TLS 1.3 which modeled either the entire key schedule or components thereof as independent random oracles to enable tight proof techniques. These approaches ignore existing interdependencies in TLS 1.3’s key schedule, arising from the fact that the same cryptographic hash function is used in several components of the key schedule and the handshake more generally. We overcome this gap by proposing a new abstraction for the key schedule and carefully arguing its soundness via the indifferentiability framework. Interestingly, we observe that for one specific configuration, PSK-only mode with hash function SHA-384, it seems difficult to argue indifferentiability due to a lack of domain separation between the various hash function usages. We view this as an interesting insight for the design of protocols, such as future TLS versions. For all other configurations however, our proofs significantly tighten the security of the TLS 1.3 PSK modes, confirming standardized parameters (for which prior bounds provided subpar or even void guarantees) and enabling a theoretically-sound deployment.

Linking Haptic Parameters to the Emotional Space for Mediated Social Touch

Abstract: Social touch is essential for creating and maintaining strong interpersonal bonds amongst humans. However, when distance separates users, they often rely on voice and video communication technologies to stay connected with each other, and the lack of tactile interactions between users lowers the quality of the social interactions. In this research, we investigated haptic patterns to communicate five tactile messages comprising of four types of social touch (high five, handshake, caress, and asking for attention) and one physiological signal (the pulse of a heartbeat), delivered on the hand through a haptic glove. Since social interactions are highly dependent on their context, we conceived two interaction scenarios for each of the five tactile messages, conveying distinct emotions being spread across the circumplex model of emotions. We conducted two user studies: in the first one participants tuned the parameters of haptic patterns to convey tactile messages in each scenario, and a follow up study tested naïve participants to assess the validity of these patterns. Our results show that all haptic patterns were recognized above chance level, and the well-defined parameter clusters had a higher recognition rate, reinforcing the hypothesis that some social touches have more universal patterns than others. We also observed parallels between the parameters' levels and the type of emotions they conveyed based on their mapping in the circumplex model of emotions.

KEMTLS vs. Post-quantum TLS: Performance on Embedded Systems

Abstract: TLS is ubiquitous in modern computer networks. It secures transport for high-end desktops and low-end embedded devices alike. However, the public key cryptosystems currently used within TLS may soon be obsolete as large-scale quantum computers, once realized, would be able to break them. This threat has led to the development of post-quantum cryptography (PQC). The U.S. standardization body NIST is currently in the process of concluding a multi-year search for promising post-quantum signature schemes and key encapsulation mechanisms (KEMs). With the first PQC standards around the corner, TLS will have to be updated soon. However, especially for small microcontrollers, it appears the current NIST post-quantum signature finalists pose a challenge. Dilithium suffers from very large public keys and signatures; while Falcon has significant hardware requirements for efficient implementations. KEMTLS is a proposal for an alternative TLS handshake protocol that avoids authentication through signatures in the TLS handshake. Instead, it authenticates the peers through long-term KEM keys held in the certificates. The KEMs considered for standardization are more efficient in terms of computation and/or bandwidth than the post-quantum signature schemes. In this work, we compare KEMTLS to TLS 1.3 in an embedded setting. To gain meaningful results, we present implementations of KEMTLS and TLS 1.3 on a Cortex-M4-based platform. These implementations are based on the popular WolfSSL embedded TLS library and hence share a majority of their code. In our experiments, we consider both protocols with the remaining NIST finalist signature schemes and KEMs, except for Classic McEliece which has too large public keys. Both protocols are benchmarked and compared in terms of run-time, memory usage, traffic volume and code size. The benchmarks are performed in network settings relevant to the Internet of Things, namely low-latency broadband, LTE-M and Narrowband IoT. Our results show that KEMTLS can reduce handshake time by up to 38%, can lower peak memory consumption and can save traffic volume compared to TLS 1.3.

Measuring the Accessibility of Domain Name Encryption and Its Impact on Internet Filtering

Abstract: Most online communications rely on DNS to map domain names to their hosting IP address(es). Previous work has shown that DNS-based network interference is widespread due to the unencrypted and unauthenticated nature of the original DNS protocol. In addition to DNS, accessed domain names can also be monitored by on-path observers during the TLS handshake when the SNI extension is used. These lingering issues with exposed plaintext domain names have led to the development of a new generation of protocols that keep accessed domain names hidden. DNS-over-TLS (DoT) and DNS-over-HTTPS (DoH) hide the domain names of DNS queries, while Encrypted Server Name Indication (ESNI) encrypts the domain name in the SNI extension. We present DNEye, a measurement system built on top of a network of distributed vantage points, which we used to study the accessibility of DoT/DoH and ESNI, and to investigate whether these protocols are tampered with by network providers (e.g., for censorship). Moreover, we evaluate the efficacy of these protocols in circumventing network interference when accessing content blocked by traditional DNS manipulation. We find evidence of blocking efforts against domain name encryption technologies in several countries, including China, Russia, and Saudi Arabia. At the same time, we discover that domain name encryption can help with unblocking more than 55% and 95% of censored domains in China and other countries where DNS-based filtering is heavily employed.

Secure Authentication in WLAN Using Modified Four-Way Handshake Protocol

Abstract: This paper presents a brief description of the wireless networks, their advantages over wired networks and security issues requiring immediate attention. It is then followed by 802.11 architecture and various services offered by it and then the motivation for conducting the research. Thereafter, a problem statement outlining the inherent flaws in the present IEEE 802.11i standard is presented. Hence, a method is proposed to overcome the denial of service using the handshaking approach. Finally, the results are discussed and concluded.

Dragonshield : An Authentication Enhancement for Mitigating Side-Channel Attacks and High Computation Overhead in WPA3-SAE Handshake Protocol

Abstract: The wireless protocol WPA2 (Wi-Fi protected access version 2) personal, introduced in 2004, uses a passphrase, which in many cases is of low entropy, to authenticate clients and access points with each other. But the way the encryption keys derived from the passphrase are used makes it susceptible to offline dictionary attack using the captured handshake messages. This weakness has been handled in the protocol WPA3-personal, introduced in 2018, using a more secure protocol known as WPA3-SAE handshake, which essentially consists of Dragonfly handshake followed by WPA2 4-way handshake. However, in 2019, researchers pointed out that, for a specific pair of client and access point, the Dragonfly handshake uses a fixed number of iterations to find a generator of a prime order cyclic group from the passphrase. This information leads to timing leaks which can be used by an adversary to launch offline dictionary partitioning attack. To prevent this timing based offline dictionary attack, a constant number of iterations (which is fairly large) is used to get a generator of a prime order cyclic group using actual and dummy iterations for any pair of client and access point, but this may lead to cache based timing leaks. Besides, a large number of iterations results in high computation overhead which may lead to Denial of Service attacks. In this paper, we propose a Block Encryption based Password Authenticated Diffie-Hellman Key Establishment (BEPAKE) protocol to derive a high entropy shared secret between a client and an access point using the standard generator for the cyclic group under consideration. The BEPAKE protocol is then prepended to WPA3-SAE handshake protocol to design three modified WPA3-SAE handshake protocols, viz. BEPAKE-WPA3-M1, BEPAKE-WPA3-M2 and BEPAKE-WPA3-M3. The shared secret derived in the BEPAKE protocol is used to ensure that the adversary cannot launch any kind of timing based offline dictionary attack even if timing information to derive a generator of a group with correct passphrase is available to it. We give a detailed security analysis of the proposed protocols, and a comparison of their performance with that of WPA3-SAE handshake protocol using an experimental testbed.

Asynchronous NoC with Fault tolerant mechanism: A Comprehensive Review

Abstract: The Network on Chip (NoC) is a cost-effective alternative to bus-based connectivity in most multi-core networks. The NoC system solves the drawbacks of bus-based networks by providing higher scalability and dependability. The NoCs are modeled synchronously with the help of global clocks in general. These global clocks are disseminated over vast distances in synchronous NoCs with a modest degree of skew. For high-performance NoC designs that need an expensive customized calibration procedure, a significant global tree is required. As a result, asynchronous NoCs provide an alternate solution to the global clock distribution difficulties. NoC is represented using asynchronous circuits and managed through handshake protocols to tackle global clock difficulties. The Quasi-Delay Insensitive (QDI) circuits are different from DI circuits with time relaxation. The wire delays in QDI circuits are rapidly regulated and incorporated in most practical asynchronous systems, unlike DI-based designs. This manuscript discusses existing ANoC based architecture with fault tolerant mechanisms in detail. The Summary of the current approach, and its performance metrics realization, is highlighted. The challenges and possible solutions for ANoC and its fault-tolerant mechanism are discussed.

KEMTLS with Delayed Forward Identity Protection in (Almost) a Single Round Trip

Abstract: The recent KEMTLS protocol (Schwabe, Stebila and Wiggers, CCS’20) is a promising design for a quantum-safe TLS handshake protocol. Focused on the web setting, wherein clients learn server public-key certificates only during connection establishment, a drawback of KEMTLS compared to TLS 1.3 is that it introduces an additional round trip before the server can send data, and an extra one for the client as well in the case of mutual authentication. In many scenarios, including IoT and embedded settings, client devices may however have the targeted server certificate pre-loaded, so that such performance penalty seems unnecessarily restrictive. This work proposes a variant of KEMTLS tailored to such scenarios. Our protocol leverages the fact that clients know the server public keys in advance to decrease handshake latency while protecting client identities. It combines medium-lived with long-term server public keys to enable a delayed form of forward secrecy even from the first data flow on, and full forward secrecy upon the first round trip. The new protocol is proved to achieve strong security guarantees, based on the security of the underlying building blocks, in a new model for multi-stage key exchange with medium-lived keys.

Impact and Vulnerability Analysis of IEC61850 in Smartgrids Using Multiple HIL Real-Time Testbeds

Abstract: Due to the increasing use of smart components in smart grids, interoperability among them is a crucial aspect to address. IEC61850 is a communication standard that has been already used in substations because of its instant data transfer and the ability to enable data exchange between a variety of smart energy-related digital technologies. This article studies the application of the communication protocols defined by the IEC61850 standard in Intelligent Electronic Devices (IEDs) by using a prototype testbed architecture running on a real-time digital device. The goal of this activity is to study the impact of smart simulations and the vulnerability in terms of cyber-security. This testbed includes the supervisor, the substation bus, and the process bus communication layer creating a local network exchanging data at distinct levels. Different fault protection scenarios are discussed using both physical and emulated IEDs, and the communication protocols implemented in each scenario are explained showing that additional delays are introduced. In the first two scenarios, the operation of the testbed using physical versus emulated IEDs is analyzed and compared, ensuring the robustness of this methodology in situations where the use of a physical IED would be unfeasible. In these scenarios, the functionality and robustness of the protection mechanisms and communication protocols are confirmed. In the third scenario vulnerability of smart grids that use IEC61850 as their primary communication protocol to data injection attacks is studied. Sniffing the local network, packets are captured and monitored. Spoofed data with the same structure are injected into the network to conduct false data injection attacks on the supervisory unit. Vulnerability to cyber attacks of the IEC61850 protocol in specific situations is shown.

Faster Post-Quantum TLS Handshakes Without Intermediate CA Certificates

Abstract: Traditionally, the most data-heavy part of a (D)TLS handshake has been authentication which includes a handshake signature and digital certificates. Although most common (D)TLS usecases are not significantly affected, some constrained ones such as low bandwidth environments or delay sensitive applications can see drastic performance degradation due to big certificates or certificate chains. That has led the security community to seek options to alleviate the issue. Post-quantum signatures and keys, on the other hand, have been proven to noticeably slow down handshakes even for common Internet (D)TLS or QUIC applications due to the significantly higher amounts of post-quantum authentication data they include. In this work, we quantify the size issue of post-quantum certificates in (D)TLS and QUIC and make the case for speeding up (D)TLS and QUIC handshakes by omitting the intermediate certificate authority certificates in the handshake. We present how that can be achieved along with the usecases that will mostly benefit from such a mechanism. We offer quantitative analyses to show that this approach is relatively straightforward, backwards compatible and with little overhead introduced for caching the certificates. We also discuss caching mechanisms based on different optimization goals.

A Minimal Buffer Router with Level Encoded Dual Rail-Based Design of Network-on-Chip Architecture

Abstract: Asynchronous NOCs are most prominent in present SOC designs, due to their low dynamic power consumption, modularity, heterogeneous nature, and robustness to the process variations. Though asynchronous designs are proved efficient over synchronous counterparts, they have some severe drawbacks when area and speed are considered, due to complex handshake control circuits which increase the static power loss. Quasidelay insensitive (QDI) class of asynchronous NOCs based on 2-phase encoding is proved beneficial for speed and throughput enhancement but with complex design. The work has introduced lightweight minimal buffer router based on LEDR encoding to design a low power, high speed with compact NOC architecture. Then, minimal buffer router with FSM-based arbiter and priority assigner block is designed to enhance the speed, power, and area. This proposed work achieves zero dynamic power consumption with a total power consumption of less than 0.082 W with a router latency of 0.8 ns.

Storage Space Allocation and Twin Automated Stacking Cranes Scheduling in Automated Container Terminals

Abstract: To solve the problem of storage space allocation for both inbound and outbound containers and twin automated stacking cranes scheduling in the automated container terminals, a new repositioning strategy is designed and a cooperative optimization model is established. The model considers the constraints of safety distance and handshake area capacity. The objective of the model is to minimize the makespan of all storage requests and the total rehandling time during the retrieval process, which is calculated according to the priority of inbound and outbound containers defined by the early retrieval and early loading rule respectively. A variable neighborhood search based hybrid genetic algorithm is designed to solve the model. Numerical experiments show that the sum of the makespan of all storage requests and the total rehandling time during the retrieval process is reduced by approximately 10% compared to the traditional repositioning strategy by optimizing the sequence of container repositioning from the handshake area to the seaside or landside designated storage space. The research is beneficial to improve the operation efficiency of automated container terminal yards.

Modified handshake protocol-based secure authentication using blockchain technology in WLAN

Abstract: In recent years, the development of the wireless local area network (WLAN) seems to have interesting facts about the security as this technology holds high speed, wide coverage, and high capacity. Several applications are using blockchain technology as a key framework to enhance the security features for the improvement of preventing various attacks when integrating with existing authentication protocols. This paper presents a brief description of the wireless networks, their advantages over wired networks and security issues requiring immediate attention. It is then followed with blockchain feature integrated with 802.11 architecture and various services offered by it as the motivation for conducting the research. Thereafter, a problem statement outlining the inherent flaws in the present IEEE 802.11i standard is presented. Hence a method is proposed to overcome the denial of service using modified three-way handshaking approach. Finally, results are discussed and concluded.

Guidelines for Robot-to-Human Handshake From the Movement Nuances in Human-to-Human Handshake

Abstract: The handshake is the most acceptable gesture of greeting in many cultures throughout many centuries. To date, robotic arms are not capable of fully replicating this typical human gesture. Using multiple sensors that detect contact forces and displacements, we characterized the movements that occured during handshakes. A typical human-to-human handshake took around 3.63 s (SD = 0.45 s) to perform. It can be divided into three phases: reaching (M = 0.92 s, SD = 0.45 s), contact (M = 1.96 s, SD = 0.46 s), and return (M = 0.75 s, SD = 0.12 s). The handshake was further investigated to understand its subtle movements. Using a multiphase jerk minimization model, a smooth human-to-human handshake can be modelled with fifth or fourth degree polynomials at the reaching and return phases, and a sinusoidal function with exponential decay at the contact phase. We show that the contact phase (1.96 s) can be further divided according to the following subphases: preshake (0.06 s), main shake (1.31 s), postshake (0.06 s), and a period of no movement (0.52 s) just before both hands are retracted. We compared these to the existing handshake models that were proposed for physical human-robot interaction (pHRI). From our findings in human-to-human handshakes, we proposed guidelines for a more natural handshake movement between humanoid robots and their human partners.

Cyber Secure Framework for Smart Containers Based on Novel Hybrid DTLS Protocol

Abstract: The Internet of Things (IoTs) is apace growing, billions of IoT devices are connected to the Internet which communicate and exchange data among each other. Applications of IoT can be found in many fields of engineering and sciences such as healthcare, traffic, agriculture, oil and gas industries, and logistics. In logistics, the products which are to be transported may be sensitive and perishable, and require controlled environment. Most of the commercially available logistic containers are not integrated with IoT devices to provide controlled environment parameters inside the container and to transmit data to a remote server. This necessitates the need for designing and fabricating IoT based smart containers. Due to constrained nature of IoT devices, these are prone to different cyber security attacks such as Denial of Service (DoS), Man in Middle (MITM) and Replay. Therefore, designing efficient cyber security framework are required for smart container. The Datagram Transport Layer Security (DTLS) Protocol has emerged as the de facto standard for securing communication in IoT devices. However, it is unable to minimize cyber security attacks such as Denial of Service and Distributed Denial of Service (DDoS) during the handshake process. The main contribution of this paper is to design a cyber secure framework by implementing novel hybrid DTLS protocol in smart container which can efficiently minimize the effects of cyber attacks during handshake process. The performance of our proposed framework is evaluated in terms of energy efficiency, handshake time, throughput and packet delivery ratio. Moreover, the proposed framework is tested in IoT based smart containers. The proposed framework decreases handshake time more than 9% and saves 11% of energy efficiency for transmission in compare of the standard DTLS, while increases packet delivery ratio and throughput by 83% and 87% respectively.

Extending the Reach of Antimicrobial Stewardship to Pediatric Patients

Abstract: Guidance for developing and implementing antimicrobial stewardship programs for children is lacking. This review article describes unique considerations for planning antimicrobial management of children that may impact stewardship strategies. A variety of methods and training tools are described along with metrics specific to measuring antibiotic use and outcomes in children. Handshake stewardship is specifically explained and is considered a best practice. Information on stewardship in unique settings, including the neonatal intensive care unit and outpatient settings, are included.

Positioning a Handshake Bay for Twin Stacking Cranes in an Automated Container Terminal Yard Block

Abstract: At automated container terminals (ACTs), twin automated stacking cranes (ASCs) can carry out the tasks—store and retrieve containers simultaneously in a yard block using a handshake bay, where a primary ASC stacks the container at the handshake bay and the other crane carries it to the destination bay. Although the handshake bay increases the degree of crane utilization, the ASCs will interfere with each other at the bay, decreasing the stacking efficiency. This study formulates a mixed-integer linear program (MILP) to position the handshake bay and simultaneously schedule the twin ASCs to minimize the tasks’ makespan. The proposed formulation considers the safe time interval to avoid crane collisions during adjacent crane movements. To solve the model, we developed a random-key genetic algorithm with a priority-based decoding scheme to optimize the task sequences and tasks assigned to the cranes. The priority-based GA can always generate feasible solutions by ranking the container-handling tasks. Numerical experiments prove that the safe temporal interval affects the makespan and the handshake bay’s position. An optimal handshake bay reduces 35% of the makespan compared with a nonoptimal bay, and the proposed algorithm is competitive compared with the on-the-shelf MILP solver and can solve medium- and large-scale instances in short computing time with gaps lower than 5% compared with ideal solutions.

Artemis: A Latency-Oriented Naming and Routing System

Abstract: Today, Internet service deployment is typically implemented with server replication at multiple locations. Domain name system (DNS), which translates human-readable domain names into network-routable IP addresses, is typically used for distributing users to different server replicas. However, DNS relies on several network-based queries and the queries delay the connection setup process between the client and the server replica. In this article, we propose Artemis, a practical low-latency naming and routing system that supports optimal server (replica) selection based on user-defined policies and provides lower query latencies than DNS. Artemis uses a DNS-like domain name-IP mapping for replica selection and achieves low query latency by combining the name resolution process with the transport layer handshake process. In Artemis, all server replicas at different locations share the same anycast IP address, called Service Address. Clients use the Service Address to establish a transport layer connection with the server. The client's initial handshake packet is routed over an overlay network to reach the optimal server. Then the server migrates the transport layer connection to its original unicast IP address after finishing the handshake process. After that, service discovery is completed, and the client communicates with the server directly via IP addresses. To validate the effectiveness of Artemis, we evaluate its performance via both real trace-driven simulation and real-world deployment. The result shows that Artemis can handle a large number of connections and reduce the connection setup latency compared with state-of-the-art solutions. More specifically, our deployment across 11 Google data centers shows that Artemis reduces the connection setup latency by 39.4% compared with DNS.