Showing papers on "Protocol (object-oriented programming) published in 2012"

OpenRadio: a programmable wireless dataplane

Abstract: We present OpenRadio, a novel design for a programmable wireless dataplane that provides modular and declarative programming interfaces across the entire wireless stack. Our key conceptual contribution is a principled refactoring of wireless protocols into processing and decision planes. The processing plane includes directed graphs of algorithmic actions (eg. 54Mbps OFDM WiFi or special encoding for video). The decision plane contains the logic which dictates which directed graph is used for a particular packet (eg. picking between data and video graphs). The decoupling provides a declarative interface to program the platform while hiding all underlying complexity of execution. An operator only expresses decision plane rules and corresponding processing plane action graphs to assemble a protocol. The scoped interface allows us to build a dataplane that arguably provides the right tradeoff between performance and flexibility. Our current system is capable of realizing modern wireless protocols (WiFi, LTE) on off-the-shelf DSP chips while providing flexibility to modify the PHY and MAC layers to implement protocol optimizations.

MobilityFirst: a robust and trustworthy mobility-centric architecture for the future internet

Abstract: This paper presents an overview of the MobilityFirst network architecture, currently under development as part of the US National Science Foundation's Future Internet Architecture (FIA) program. The proposed architecture is intended to directly address the challenges of wireless access and mobility at scale, while also providing new services needed for emerging mobile Internet application scenarios. After briefly outlining the original design goals of the project, we provide a discussion of the main architectural concepts behind the network design, identifying key features such as separation of names from addresses, public-key based globally unique identifiers (GUIDs) for named objects, global name resolution service (GNRS) for dynamic binding of names to addresses, storage-aware routing and late binding, content- and context-aware services, optional in-network compute layer, and so on. This is followed by a brief description of the MobilityFirst protocol stack as a whole, along with an explanation of how the protocol works at end-user devices and inside network routers. Example of specific advanced services supported by the protocol stack, including multi-homing, mobility with disconnection, and content retrieval/caching are given for illustration. Further design details of two key protocol components, the GNRS name resolution service and the GSTAR routing protocol, are also described along with sample results from evaluation. In conclusion, a brief description of an ongoing multi-site experimental proof-of-concept deployment of the MobilityFirst protocol stack on the GENI testbed is provided.

HyperDex: a distributed, searchable key-value store

Abstract: Distributed key-value stores are now a standard component of high-performance web services and cloud computing applications. While key-value stores offer significant performance and scalability advantages compared to traditional databases, they achieve these properties through a restricted API that limits object retrieval---an object can only be retrieved by the (primary and only) key under which it was inserted. This paper presents HyperDex, a novel distributed key-value store that provides a unique search primitive that enables queries on secondary attributes. The key insight behind HyperDex is the concept of hyperspace hashing in which objects with multiple attributes are mapped into a multidimensional hyperspace. This mapping leads to efficient implementations not only for retrieval by primary key, but also for partially-specified secondary attribute searches and range queries. A novel chaining protocol enables the system to achieve strong consistency, maintain availability and guarantee fault tolerance. An evaluation of the full system shows that HyperDex is 12-13x faster than Cassandra and MongoDB for finding partially specified objects. Additionally, HyperDex achieves 2-4x higher throughput for get/put operations.

Frameworks and interfaces for offload device-based packet processing

Abstract: High-speed processing of packets to, and from, a virtualization environment can be provided while utilizing hardware-based segmentation offload and other such functionality. A hardware vendor such as a network interface card (NIC) manufacturer can enable the hardware to support open and proprietary stateless tunneling in conjunction with a protocol such as single root I/O virtualization (SR-IOV) in order to implement a virtualized overlay network. The hardware can utilize various rules, for example, that can be used by the NIC to perform certain actions, such as to encapsulate egress packets and decapsulate packets.

RFID security in the context of "internet of things"

Abstract: Internet has emerged as a medium to connect entities across the world for emailing, conferencing, trading, gaming and so on. Internet of Things (IoT) is emerging as a global network for connecting any objects (physical or virtual) across the globe, ranging applications from home appliances to consumer electronics. In IoT, physical objects such as home appliances, vehicles, supply-chain items, containers, etc. should have unique identities for interacting among themselves. As a result, unique identification of trillion of objects is a foremost requirement in IoT. RFID (Radio Frequency IDentification) technology plays an important role in IoT for solving identification issues of objects around us in a cost effective manner. The usage of low cost RFID tags draws greater attention from researchers in recent past, as the cost of supply-chain items should not exceed much because of embedded tag cost. The communication between tag and reader takes place over insecure channel. Therefore, security concern has become an important issue in RFID systems. In recent years, several light-weight protocols and improvements have been proposed for RFID security. Some of them have succeeded with their security claim, but many protocols suffer from security weaknesses or design flaws. In this paper, we discuss a recently proposed protocol's strengths and weaknesses and then proposed an improved protocol, retaining efficiency of the protocol intact.

Sso framework for multiple sso technologies

Abstract: Users desire useable security or a seamless means for accessing internet services whereby user interaction in the provisioning of credentials may be kept to a minimum or even eliminated entirely. The Single Sign-On identity management concept enables user- assisted and network- assisted authentication for access to desired services. To enable seamless authentication services to users, a unified framework and a protocol layer interface for managing multiple authentication methods may be used. A user equipment, UE, comprises a user application (202, 204) configured to communicate with a service provider to access a service and a plurality of network- assisted authentication modules (208 - 216), each network-assisted authentication module corresponding to a different network-assisted authentication protocol. The UE further comprises a single sign-on subsystem (206) configured to authenticate a user of the UE based on user-assisted authentication information at the UE and/or network and to select one of the network-assisted authentication modules based on one more policies.

Multiparty session c: safe parallel programming with message optimisation

Abstract: This paper presents a new efficient programming toolchain for message-passing parallel algorithms which can fully ensure, for any typable programs and for any execution path, deadlock-freedom, communication safety and global progress through a static checking. The methodology is embodied as a multiparty session-based programming environment for C and its runtime libraries, which we call Session C. Programming starts from specifying a global protocol for a target parallel algorithm, using a protocol description language. From this global protocol, the projection algorithm generates endpoint protocols, based on which each endpoint C program is designed and implemented with a small number of concise session primitives. The endpoint protocol can further be refined to a more optimised protocol through subtyping for asynchronous communication, preserving original safety guarantees. The underlying theory can ensure that the complexity of the toolchain stays in polynomial time against the size of programs. We apply this framework to representative parallel algorithms with complex communication topologies. The benchmark results show that Session C performs competitively against MPI.

Practical yet universally composable two-server password-authenticated secret sharing

Abstract: Password-authenticated secret sharing (PASS) schemes, first introduced by Bagherzandi et al. at CCS 2011, allow users to distribute data among several servers so that the data can be recovered using a single human-memorizable password, but no single server (or even no collusion of servers up to a certain size) can mount an off-line dictionary attack on the password or learn anything about the data. We propose a new, universally composable (UC) security definition for the two-server case (2PASS) in the public-key setting that addresses a number of relevant limitations of the previous, non-UC definition. For example, our definition makes no prior assumptions on the distribution of passwords, preserves security when honest users mistype their passwords, and guarantees secure composition with other protocols in spite of the unavoidable non-negligible success rate of online dictionary attacks. We further present a concrete 2PASS protocol and prove that it meets our definition. Given the strong security guarantees, our protocol is surprisingly efficient: in its most efficient instantiation under the DDH assumption in the random-oracle model, it requires fewer than twenty elliptic-curve exponentiations on the user's device. We achieve our results by careful protocol design and by exclusively focusing on the two-server public-key setting.

MAClets: active MAC protocols over hard-coded devices

Abstract: We introduce MAClets, software programs uploaded and executed on-demand over wireless cards, and devised to change the card's real-time medium access control operation. MAClets permit seamless reconfiguration of the MAC stack, so as to adapt it to mutated context and spectrum conditions and perform tailored performance optimizations hardly accountable by an once-for-all protocol stack design. Following traditional active networking principles, MAClets can be directly conveyed within data packets and executed on hard-coded devices acting as virtual MAC machines. Indeed, rather than executing a pre-defined protocol, we envision a new architecture for wireless cards based on a protocol interpreter (enabling code portability) and a powerful API. Experiments involving the distribution of MAClets within data packets, and their execution over commodity WLAN cards, show the flexibility and viability of the proposed concept.

A Gossip Protocol for Dynamic Resource Management in Large Cloud Environments

Abstract: We address the problem of dynamic resource management for a large-scale cloud environment. Our contribution includes outlining a distributed middleware architecture and presenting one of its key elements: a gossip protocol that (1) ensures fair resource allocation among sites/applications, (2) dynamically adapts the allocation to load changes and (3) scales both in the number of physical machines and sites/applications. We formalize the resource allocation problem as that of dynamically maximizing the cloud utility under CPU and memory constraints. We first present a protocol that computes an optimal solution without considering memory constraints and prove correctness and convergence properties. Then, we extend that protocol to provide an efficient heuristic solution for the complete problem, which includes minimizing the cost for adapting an allocation. The protocol continuously executes on dynamic, local input and does not require global synchronization, as other proposed gossip protocols do. We evaluate the heuristic protocol through simulation and find its performance to be well-aligned with our design goals.

Unify to bridge gaps: Bringing XMPP into the Internet of Things

Abstract: The Internet of Things vision states that sensors and actuators shall be integrated into the global Internet to facilitate an interaction with and integration of the physical environment. The development of enabling technologies like uIPv6 and 6LoWPAN provide the basic requirements for this interconnection. However, a seamless Internet-connection and interconnection between sensors and actuators can still only be provided with the help of protocols that use gateways, intermediate proxies, and protocol translators. We propose a solution to unify the world of sensors and actuators with the Internet through the use of the Extensible Messaging and Presence Protocol (XMPP) while omitting application protocol gateways and protocol translators at the same time. This article describes our ideas to boost the Internet of Things vision by using XMPP. We present our current work in progress and an outlook into our future working directions in this field.

Leakproofing the Singularity Artificial Intelligence Confinement Problem

Abstract: This paper attempts to formalize and to address the 'leakproofing' of the Singularity problem presented by David Chalmers. The paper begins with the definition of the Artificial Intelli- gence Confinement Problem. After analysis of existing solutions and their shortcomings, a protocol is proposed aimed at making a more secure confinement environment which might delay potential negative effect from the technological singularity while allowing humanity to benefit from the superintelligence.

An efficient protocol for oblivious DFA evaluation and applications

Abstract: In this paper, we design an efficient protocol for oblivious DFA evaluation between an input holder (client) and a DFA holder (server). The protocol runs in a single round, and only requires a small amount of computation by each party. The most efficient version of our protocol only requires O(k) asymmetric operations by either party, where k is the security parameter. Moreover, the client's total computation is only linear in his own input and independent of the size of the DFA. We prove the protocol fully-secure against a malicious client and private against a malicious server, using the standard simulation-based security definitions for secure two-party computation. We show how to transform our construction in order to solve multiple variants of the secure pattern matching problem without any computational overhead. The more challenging variant is when parties want to compute the number of occurrences of a pattern in a text (but nothing else). We observe that, for this variant, we need a protocol for counting the number of accepting states visited during the evaluation of a DFA on an input. We then introduce a novel modification to our original protocol in order to solve the counting variant, without any loss in efficiency or security. Finally, we fully implement our protocol and run a series of experiments on a client/server network environment. Our experimental results demonstrate the efficiency of our proposed protocol and, confirm the particularly low computation overhead of the client.

Integration of the OpenIGTLink Network Protocol for Image-Guided Therapy with the Medical Platform MeVisLab

Abstract: We present the integration of the OpenIGTLink network protocol for image-guided therapy (IGT) with the medical prototyping platform MeVisLab. OpenIGTLink is a new, open, simple and extensible network communication protocol for IGT. The protocol provides a standardized mechanism to connect hardware and software by the transfer of coordinate transforms, images, and status messages. MeVisLab is a framework for the development of image processing algorithms and visualization and interaction methods, with a focus on medical imaging. The integration of OpenIGTLink into MeVisLab has been realized by developing a software module using the C++ programming language. As a result, researchers using MeVisLab can interface their software to hardware devices that already support the OpenIGTLink protocol, such as the NDI Aurora magnetic tracking system. In addition, the OpenIGTLink module can also be used to communicate directly with Slicer, a free, open source software package for visualization and image analysis. The integration has been tested with tracker clients available online and a real tracking system. Background—OpenIGTLink is a new, open, simple and extensible network communication protocol for image-guided therapy (IGT). The protocol provides a standardized mechanism to connect hardware and software by the transfer of coordinate transforms, images, and status messages. MeVisLab is a framework for the development of image processing algorithms and visualization and interaction methods, with a focus on medical imaging.

Libtrace: a packet capture and analysis library

Abstract: This paper introduces libtrace, an open-source software library for reading and writing network packet traces. Libtrace offers performance and usability enhancements compared to other libraries that are currently used. We describe the main features of libtrace and demonstrate how the libtrace programming API enables users to easily develop portable trace analysis tools without needing to consider the details of the capture format, file compression or intermediate protocol headers. We compare the performance of libtrace against other trace processing libraries to show that libtrace offers the best compromise between development effort and program run time. As a result, we conclude that libtrace is a valuable contribution to the passive measurement community that will aid the development of better and more reliable trace analysis and network monitoring tools.

Internet of Things Virtual Networks: Bringing Network Virtualization to Resource-Constrained Devices

Abstract: Networks of smart resource-constrained objects, such as sensors and actuators, can support a wide range of application domains. In most cases these networks were proprietary and stand-alone. More recently, many efforts have been undertaken to connect these networks to the Internet using standard protocols. Current solutions that integrate smart resource-constrained objects into the Internet are mostly gateway-based. In these solutions, security, firewalling, protocol translations and intelligence are implemented by gateways at the border of the Internet and the resource-constrained networks. In this paper, we introduce a complementary approach to facilitate the realization of what is called the Internet of Things. Our approach focuses on the objects, both resource-constrained and non-constrained, that need to cooperate by integrating them into a secured virtual network, named an Internet of Things Virtual Network or IoTVN. Inside this IoT-VN full end-to-end communication can take place through the use of protocols that take the limitations of the most resource-constrained devices into account. We describe how this concept maps to several generic use cases and, as such, can constitute a valid alternative approach for supporting selected applications. A first implementation demonstrating the key concepts of this approach is described. It illustrates the feasibility of integrating resource-constrained devices into virtual networks, but also reveals open challenges.

Industry adoption of the Internet of Things: A constrained application protocol survey

Abstract: The Constrained Application Protocol (CoAP) has been designed for RESTful machine-to-machine communication, thereby enabling an Internet of Things. CoAP is based on the principles of the Web, but takes the limited resources of tiny embedded devices such as wireless sensor nodes into account. Despite being relatively new and only about to become an IETF Internet Standard, several implementations of the protocol already exist — each with its own background and supported set of features. In this paper, we give an overview of current CoAP implementations and discuss the results of the first formal interoperability meeting, organized by the European Telecommunications Standards Institute (ETSI) in March 2012. We note that, despite the young age of the protocol, interoperability between the participating implementations is very high, although the non-essential parts of the protocol currently receive significantly less coverage and exhibit slightly more interoperability problems.

Method and system for social media cooperation protocol

Abstract: Methods and systems for social media cooperation, via allowing inter-social network communications between users of different networks is provided. The inter-social network communications may be facilitated by sending inter-social network communications in a format determined by a protocol that is used by the social networks agreeing to allow inter-social network communications.

Method and apparatus for policy-based network access control with arbitrary network access control frameworks

Abstract: A method and apparatus for integrating various network access control frameworks under the control of a single policy decision point (PDP). The apparatus supports pluggable protocol terminators to interface to any number of access protocols or backend support services. The apparatus contains Trust and Identity Mediators to mediate between the protocol terminators and a canonical policy subsystem, translating attributes between framework representations, and a canonical representation using extensible data-driven dictionaries.

Dynamic specification of open agent systems

Abstract: Multi-Agent Systems (MAS) where the agents are developed by different parties and serve different interests, are often classified as ‘open’. The specification of open MAS is largely seen as a design-time activity. Moreover, there is no support for run-time specification modification. Due to environmental, social or other conditions, however, it is often required to revise the MAS specification during its execution. To address this requirement, we present an infrastructure for ‘dynamic’ open MAS specifications, that is, specifications that may be modified at run-time by the agents. We adopt a bird's eye view of an open MAS, as opposed to an agent's own perspective whereby it reasons about how it should act. The infrastructure consists of well-defined procedures for proposing a modification of the ‘rules of the game’, as well as decision-making over and enactment of proposed modifications. We evaluate proposals for rule modification by modelling a dynamic specification as a metric space, and by considering the effects of accepting a proposal on system utility. Furthermore, we constrain the enactment of proposals that do not meet the evaluation criteria. We employ the action language C+ to formalize dynamic specifications, and the ‘Causal Calculator’ implementation of C+ to execute the specifications. We illustrate our infrastructure by presenting a dynamic specification of a resource-sharing protocol.

Method and system for improved TCP performance over mobile data networks

Abstract: Performance of transport protocols over a mobile data network is improved by a mobile accelerator, which performs protocol optimizations on-the-fly without requiring any modification to server or client protocol implementations in the operating systems of the server or client. The proposed mobile accelerator is compatible with existing TCP protocol implementations at the server and the client device, without server/client OS modification.

Systems and Methods for Machine Learning Based Hanging Protocols

Abstract: Certain embodiments of the present invention provide methods and systems for determining a hanging protocol for display of clinical images in a study. Certain embodiments provide a method for determining a hanging protocol for clinical image display. The method includes capturing one or more high level characteristics for an image study based on relationships between images in the study. The method also includes identifying one or more low level characteristics for individual images in the image study. The method further includes classifying the image study based on a combination of the high level characteristics and the low level characteristics. The method additionally includes determining a hanging protocol for the image study based on the classifying. The method includes providing the hanging protocol for display of images in the image study.

Efficient protocols for distributed classification and optimization

Abstract: A recent paper [1] proposes a general model for distributed learning that bounds the communication required for learning classifiers with e error on linearly separable data adversarially distributed across nodes. In this work, we develop key improvements and extensions to this basic model. Our first result is a two-party multiplicative-weight-update based protocol that uses O(d2 log1/e) words of communication to classify distributed data in arbitrary dimension d, e-optimally. This extends to classification over k nodes with O(kd2 log1/e) words of communication. Our proposed protocol is simple to implement and is considerably more efficient than baselines compared, as demonstrated by our empirical results. In addition, we show how to solve fixed-dimensional and high-dimensional linear programming with small communication in a distributed setting where constraints may be distributed across nodes. Our techniques make use of a novel connection from multipass streaming, as well as adapting the multiplicative- weight-update framework more generally to a distributed setting.

Qualifying Information Leakage in Tree-Based Hash Protocols

Abstract: Radio Frequency Identification (RFID) systems promise large scale, automated tracking solutions but also pose a threat to customer privacy. The tree-based hash protocol proposed by Molnar and Wagner presents a scalable, privacy-preserving solution. Previous analyses of this protocol concluded that an attacker who can extract secrets from a large number of tags can compromise privacy of other tags. We propose a new metric for information leakage in RFID protocols along with a threat model that more realistically captures the goals and capabilities of potential attackers. Using this metric, we measure the information leakage in the tree-based hash protocol and estimate an attacker’s probability of success in tracking targeted individuals, considering scenarios in which multiple information sources can be combined to track an individual. We conclude that an attacker has a reasonable chance of tracking tags when the tree-based hash protocol is used.

Computational verification of C protocol implementations by symbolic execution

Abstract: We verify cryptographic protocols coded in C for correspondence properties with respect to the computational model of cryptography. The first step uses symbolic execution to extract a process calculus model from a C implementation of the protocol. The new contribution is the second step in which we translate the extracted model to a CryptoVerif protocol description, such that successful verification with CryptoVerif implies the security of the original C implementation. We implement our method and apply it to verify several protocols out of reach of previous work in the symbolic model (using ProVerif), either due to the use of XOR and Diffie-Hellman commitments, or due to the lack of an appropriate computational soundness result. We analyse only a single execution path, so our tool is limited to code following a fixed protocol narration. This is the first security analysis of C code to target a verifier for the computational model. We successfully verify over 3000 LOC. One example (about 1000 LOC) is independently written and currently in testing phase for industrial deployment; during its analysis we uncovered a vulnerability now fixed by its author.