-
A Quantum of QUIC: Dissecting Cryptography with Post-Quantum Insights
Authors:
Marcel Kempf,
Nikolas Gauder,
Benedikt Jaeger,
Johannes Zirngibl,
Georg Carle
Abstract:
QUIC is a new network protocol standardized in 2021. It was designed to replace the TCP/TLS stack and is based on UDP. The most current web standard HTTP/3 is specifically designed to use QUIC as transport protocol. QUIC claims to provide secure and fast transport with low-latency connection establishment, flow and congestion control, reliable delivery, and stream multiplexing. To achieve the secu…
▽ More
QUIC is a new network protocol standardized in 2021. It was designed to replace the TCP/TLS stack and is based on UDP. The most current web standard HTTP/3 is specifically designed to use QUIC as transport protocol. QUIC claims to provide secure and fast transport with low-latency connection establishment, flow and congestion control, reliable delivery, and stream multiplexing. To achieve the security goals, QUIC enforces the usage of TLS 1.3. It uses authenticated encryption with additional data (AEAD) algorithms to not only protect the payload but also parts of the header. The handshake relies on asymmetric cryptography, which will be broken with the introduction of powerful quantum computers, making the use of post-quantum cryptography inevitable. This paper presents a detailed evaluation of the impact of cryptography on QUIC performance. The high-performance QUIC implementations LSQUIC, quiche, and MsQuic are evaluated under different aspects. We break symmetric cryptography down to the different security features. To be able to isolate the impact of cryptography, we implemented a NOOP AEAD algorithm which leaves plaintext unaltered. We show that QUIC performance increases by 10 to 20% when removing packet protection. The header protection has negligible impact on performance, especially for AES ciphers. We integrate post-quantum cryptographic algorithms into QUIC, demonstrating its feasibility without major changes to the QUIC libraries by using a TLS library that implements post-quantum algorithms. Kyber, Dilithium, and FALCON are promising candidates for post-quantum secure QUIC, as they have a low impact on the handshake duration. Algorithms like SPHINCS+ with larger key sizes or more complex calculations significantly impact the handshake duration and cause additional issues in our measurements.
△ Less
Submitted 15 May, 2024;
originally announced May 2024.
-
Fast and Scalable Network Slicing by Integrating Deep Learning with Lagrangian Methods
Authors:
Tianlun Hu,
Qi Liao,
Qiang Liu,
Antonio Massaro,
Georg Carle
Abstract:
Network slicing is a key technique in 5G and beyond for efficiently supporting diverse services. Many network slicing solutions rely on deep learning to manage complex and high-dimensional resource allocation problems. However, deep learning models suffer limited generalization and adaptability to dynamic slicing configurations. In this paper, we propose a novel framework that integrates constrain…
▽ More
Network slicing is a key technique in 5G and beyond for efficiently supporting diverse services. Many network slicing solutions rely on deep learning to manage complex and high-dimensional resource allocation problems. However, deep learning models suffer limited generalization and adaptability to dynamic slicing configurations. In this paper, we propose a novel framework that integrates constrained optimization methods and deep learning models, resulting in strong generalization and superior approximation capability. Based on the proposed framework, we design a new neural-assisted algorithm to allocate radio resources to slices to maximize the network utility under inter-slice resource constraints. The algorithm exhibits high scalability, accommodating varying numbers of slices and slice configurations with ease. We implement the proposed solution in a system-level network simulator and evaluate its performance extensively by comparing it to state-of-the-art solutions including deep reinforcement learning approaches. The numerical results show that our solution obtains near-optimal quality-of-service satisfaction and promising generalization performance under different network slicing scenarios.
△ Less
Submitted 22 January, 2024;
originally announced January 2024.
-
Real-Time Performance of OPC UA
Authors:
Erkin Kirdan,
Filip Rezabek,
Nikolas Mülbauer,
Georg Carle,
Marc-Oliver Pahl
Abstract:
OPC UA is an industry-standard machine-to-machine communication protocol in the Industrial Internet of Things. It relies on time-sensitive networking to meet the real-time requirements of various applications. Time-sensitive networking is implemented through various queueing disciplines (qdiscs), including Time Aware Priority, Multiqueue Priority, Earliest TxTime First, and Credit-Based Shaper. De…
▽ More
OPC UA is an industry-standard machine-to-machine communication protocol in the Industrial Internet of Things. It relies on time-sensitive networking to meet the real-time requirements of various applications. Time-sensitive networking is implemented through various queueing disciplines (qdiscs), including Time Aware Priority, Multiqueue Priority, Earliest TxTime First, and Credit-Based Shaper. Despite their significance, prior studies on these qdiscs have been limited to a few. They have often been confined to point-to-point network topologies using proprietary software or specialized hardware. This study builds upon existing research by evaluating all these qdiscs in point-to-point and bridged topologies using open-source software on commercial off-the-shelf hardware. We first identify the optimal configuration for each qdisc and then compare their jitter, latency, and reliability through experiments. Our results show that open-source OPC UA on commercial off-the-shelf hardware can effectively meet the stringent real-time requirements of many industrial applications and provide a foundation for future research and practical deployments.
△ Less
Submitted 19 November, 2023; v1 submitted 25 October, 2023;
originally announced October 2023.
-
Packed to the Brim: Investigating the Impact of Highly Responsive Prefixes on Internet-wide Measurement Campaigns
Authors:
Patrick Sattler,
Johannes Zirngibl,
Mattijs Jonker,
Oliver Gasser,
Georg Carle,
Ralph Holz
Abstract:
Internet-wide scans are an important tool to evaluate the deployment of services. To enable large-scale application layer scans, a fast, stateless port scan (e.g., using ZMap) is often performed ahead of time to collect responsive targets. It is a common expectation that port scans on the entire IPv4 address space provide a relatively unbiased view as they cover the complete address space. Previou…
▽ More
Internet-wide scans are an important tool to evaluate the deployment of services. To enable large-scale application layer scans, a fast, stateless port scan (e.g., using ZMap) is often performed ahead of time to collect responsive targets. It is a common expectation that port scans on the entire IPv4 address space provide a relatively unbiased view as they cover the complete address space. Previous work, however, has found prefixes where all addresses share particular properties. In IPv6, aliased prefixes and fully responsive prefixes, i.e., prefixes where all addresses are responsive, are a well-known phenomenon. However, there is no such in-depth analysis for prefixes with these responsiveness patterns in IPv4. This paper delves into the underlying factors of this phenomenon in the context of IPv4 and evaluates port scans on a total of 161 ports (142 TCP & 19 UDP ports) from three different vantage points. To account for packet loss and other scanning artifacts, we propose the notion of a new category of prefixes, which we call highly responsive prefixes (HRPs). Our findings show that the share of HRPs can make up 70 % of responsive addresses on selected ports. Regarding specific ports, we observe that CDNs contribute to the largest fraction of HRPs on TCP/80 and TCP/443, while TCP proxies emerge as the primary cause of HRPs on other ports. Our analysis also reveals that application layer handshakes to targets outside HRPs are, depending on the chosen service, up to three times more likely to be successful compared to handshakes with targets located in HRPs. To improve future scanning campaigns conducted by the research community, we make our study's data publicly available and provide a tool for detecting HRPs. Furthermore, we propose an approach for a more efficient, ethical, and sustainable application layer target selection.
△ Less
Submitted 25 October, 2023;
originally announced October 2023.
-
Multilayer Environment and Toolchain for Holistic NetwOrk Design and Analysis
Authors:
Filip Rezabek,
Kilian Glas,
Richard von Seck,
Achraf Aroua,
Tizian Leonhardt,
Georg Carle
Abstract:
The recent developments and research in distributed ledger technologies and blockchain have contributed to the increasing adoption of distributed systems. To collect relevant insights into systems' behavior, we observe many evaluation frameworks focusing mainly on the system under test throughput. However, these frameworks often need more comprehensiveness and generality, particularly in adopting…
▽ More
The recent developments and research in distributed ledger technologies and blockchain have contributed to the increasing adoption of distributed systems. To collect relevant insights into systems' behavior, we observe many evaluation frameworks focusing mainly on the system under test throughput. However, these frameworks often need more comprehensiveness and generality, particularly in adopting a distributed applications' cross-layer approach. This work analyses in detail the requirements for distributed systems assessment. We summarize these findings into a structured methodology and experimentation framework called METHODA. Our approach emphasizes setting up and assessing a broader spectrum of distributed systems and addresses a notable research gap. We showcase the effectiveness of the framework by evaluating four distinct systems and their interaction, leveraging a diverse set of eight carefully selected metrics and 12 essential parameters. Through experimentation and analysis we demonstrate the framework's capabilities to provide valuable insights across various use cases. For instance, we identify that a combination of Trusted Execution Environments with threshold signature scheme FROST introduces minimal overhead on the performance with average latency around \SI{40}{\ms}. We showcase an emulation of realistic systems behavior, e.g., Maximal Extractable Value is possible and could be used to further model such dynamics. The METHODA framework enables a deeper understanding of distributed systems and is a powerful tool for researchers and practitioners navigating the complex landscape of modern computing infrastructures.
△ Less
Submitted 26 October, 2023; v1 submitted 24 October, 2023;
originally announced October 2023.
-
QUIC on the Highway: Evaluating Performance on High-rate Links
Authors:
Benedikt Jaeger,
Johannes Zirngibl,
Marcel Kempf,
Kevin Ploch,
Georg Carle
Abstract:
QUIC is a new protocol standardized in 2021 designed to improve on the widely used TCP / TLS stack. The main goal is to speed up web traffic via HTTP, but it is also used in other areas like tunneling. Based on UDP it offers features like reliable in-order delivery, flow and congestion control, streambased multiplexing, and always-on encryption using TLS 1.3. Other than with TCP, QUIC implements a…
▽ More
QUIC is a new protocol standardized in 2021 designed to improve on the widely used TCP / TLS stack. The main goal is to speed up web traffic via HTTP, but it is also used in other areas like tunneling. Based on UDP it offers features like reliable in-order delivery, flow and congestion control, streambased multiplexing, and always-on encryption using TLS 1.3. Other than with TCP, QUIC implements all these features in user space, only requiring kernel interaction for UDP. While running in user space provides more flexibility, it profits less from efficiency and optimization within the kernel. Multiple implementations exist, differing in programming language, architecture, and design choices.
This paper presents an extension to the QUIC Interop Runner, a framework for testing interoperability of QUIC implementations. Our contribution enables reproducible QUIC benchmarks on dedicated hardware. We provide baseline results on 10G links, including multiple implementations, evaluate how OS features like buffer sizes and NIC offloading impact QUIC performance, and show which data rates can be achieved with QUIC compared to TCP. Our results show that QUIC performance varies widely between client and server implementations from 90 Mbit/s to 4900 Mbit/s. We show that the OS generally sets the default buffer size too small, which should be increased by at least an order of magnitude based on our findings. Furthermore, QUIC benefits less from NIC offloading and AES NI hardware acceleration while both features improve the goodput of TCP to around 8000 Mbit/s. Our framework can be applied to evaluate the effects of future improvements to the protocol or the OS.
△ Less
Submitted 28 September, 2023;
originally announced September 2023.
-
EDGAR: An Autonomous Driving Research Platform -- From Feature Development to Real-World Application
Authors:
Phillip Karle,
Tobias Betz,
Marcin Bosk,
Felix Fent,
Nils Gehrke,
Maximilian Geisslinger,
Luis Gressenbuch,
Philipp Hafemann,
Sebastian Huber,
Maximilian Hübner,
Sebastian Huch,
Gemb Kaljavesi,
Tobias Kerbl,
Dominik Kulmer,
Tobias Mascetta,
Sebastian Maierhofer,
Florian Pfab,
Filip Rezabek,
Esteban Rivera,
Simon Sagmeister,
Leander Seidlitz,
Florian Sauerbeck,
Ilir Tahiraj,
Rainer Trauth,
Nico Uhlemann
, et al. (9 additional authors not shown)
Abstract:
While current research and development of autonomous driving primarily focuses on develo** new features and algorithms, the transfer from isolated software components into an entire software stack has been covered sparsely. Besides that, due to the complexity of autonomous software stacks and public road traffic, the optimal validation of entire stacks is an open research problem. Our paper targ…
▽ More
While current research and development of autonomous driving primarily focuses on develo** new features and algorithms, the transfer from isolated software components into an entire software stack has been covered sparsely. Besides that, due to the complexity of autonomous software stacks and public road traffic, the optimal validation of entire stacks is an open research problem. Our paper targets these two aspects. We present our autonomous research vehicle EDGAR and its digital twin, a detailed virtual duplication of the vehicle. While the vehicle's setup is closely related to the state of the art, its virtual duplication is a valuable contribution as it is crucial for a consistent validation process from simulation to real-world tests. In addition, different development teams can work with the same model, making integration and testing of the software stacks much easier, significantly accelerating the development process. The real and virtual vehicles are embedded in a comprehensive development environment, which is also introduced. All parameters of the digital twin are provided open-source at https://github.com/TUMFTM/edgar_digital_twin.
△ Less
Submitted 16 January, 2024; v1 submitted 27 September, 2023;
originally announced September 2023.
-
Evaluating the Benefits: Quantifying the Effects of TCP Options, QUIC, and CDNs on Throughput
Authors:
Simon Bauer,
Patrick Sattler,
Johannes Zirngibl,
Christoph Schwarzenberg,
Georg Carle
Abstract:
To keep up with increasing demands on quality of experience, assessing and understanding the performance of network connections is crucial for web service providers. While different measures, like TCP options, alternative transport layer protocols like QUIC, or the hosting of services in CDNs, are expected to improve connection performance, no studies are quantifying such impacts on connections on…
▽ More
To keep up with increasing demands on quality of experience, assessing and understanding the performance of network connections is crucial for web service providers. While different measures, like TCP options, alternative transport layer protocols like QUIC, or the hosting of services in CDNs, are expected to improve connection performance, no studies are quantifying such impacts on connections on the Internet.
This paper introduces an active Internet measurement approach to assess the impacts of mentioned measures on connection performance. We conduct downloads from public web servers considering different vantage points, extract performance indicators like throughput, RTT, and retransmission rate, and survey speed-ups due to TCP option usage. Further, we compare the performance of QUIC-based downloads to TCP-based downloads considering different option configurations.
Next to significant throughput improvements due to TCP option usage, in particular TCP window scaling, and QUIC, our study shows significantly increased performance for connections to domains hosted by different giant CDNs.
△ Less
Submitted 19 September, 2023;
originally announced September 2023.
-
A First Look at SVCB and HTTPS DNS Resource Records in the Wild
Authors:
Johannes Zirngibl,
Patrick Sattler,
Georg Carle
Abstract:
The Internet Engineering Task Force is standardizing new DNS resource records, namely SVCB and HTTPS. Both records inform clients about endpoint and service properties such as supported application layer protocols, IP address hints or Encrypted Client Hello (ECH) information. Therefore, they allow clients to reduce required DNS queries and potential retries during connection establishment and thus…
▽ More
The Internet Engineering Task Force is standardizing new DNS resource records, namely SVCB and HTTPS. Both records inform clients about endpoint and service properties such as supported application layer protocols, IP address hints or Encrypted Client Hello (ECH) information. Therefore, they allow clients to reduce required DNS queries and potential retries during connection establishment and thus help to improve the quality of experience and privacy of the client. The latter is achieved by reducing visible meta-data, which is further improved with encrypted DNS and ECH.
The standardization is in its final stages and companies announced support, e.g., Cloudflare and Apple. Therefore, we provide the first large-scale overview of actual record deployment by analyzing more than 400 M domains. We find 3.96 k SVCB and 10.5 M HTTPS records. As of March 2023, Cloudflare hosts and serves most domains, and most records only contain Application-Layer Protocol Negotiation (ALPN) and IP address hints. Besides Cloudflare, we see adoption by a variety of authoritative name servers and hosting providers indicating increased adoption in the near future. Lastly, we can verify the correctness of records for more than 93 % of domains based on three application layer scans.
△ Less
Submitted 19 September, 2023;
originally announced September 2023.
-
Advancing Federated Learning in 6G: A Trusted Architecture with Graph-based Analysis
Authors:
Wenxuan Ye,
Chendi Qian,
Xueli An,
Xueqiang Yan,
Georg Carle
Abstract:
Integrating native AI support into the network architecture is an essential objective of 6G. Federated Learning (FL) emerges as a potential paradigm, facilitating decentralized AI model training across a diverse range of devices under the coordination of a central server. However, several challenges hinder its wide application in the 6G context, such as malicious attacks and privacy snoo** on lo…
▽ More
Integrating native AI support into the network architecture is an essential objective of 6G. Federated Learning (FL) emerges as a potential paradigm, facilitating decentralized AI model training across a diverse range of devices under the coordination of a central server. However, several challenges hinder its wide application in the 6G context, such as malicious attacks and privacy snoo** on local model updates, and centralization pitfalls. This work proposes a trusted architecture for supporting FL, which utilizes Distributed Ledger Technology (DLT) and Graph Neural Network (GNN), including three key features. First, a pre-processing layer employing homomorphic encryption is incorporated to securely aggregate local models, preserving the privacy of individual models. Second, given the distributed nature and graph structure between clients and nodes in the pre-processing layer, GNN is leveraged to identify abnormal local models, enhancing system security. Third, DLT is utilized to decentralize the system by selecting one of the candidates to perform the central server's functions. Additionally, DLT ensures reliable data management by recording data exchanges in an immutable and transparent ledger. The feasibility of the novel architecture is validated through simulations, demonstrating improved performance in anomalous model detection and global model accuracy compared to relevant baselines.
△ Less
Submitted 27 September, 2023; v1 submitted 11 September, 2023;
originally announced September 2023.
-
QUIC Hunter: Finding QUIC Deployments and Identifying Server Libraries Across the Internet
Authors:
Johannes Zirngibl,
Florian Gebauer,
Patrick Sattler,
Markus Sosnowski,
Georg Carle
Abstract:
The diversity of QUIC implementations poses challenges for Internet measurements and the analysis of the QUIC ecosystem. While all implementations follow the same specification and there is general interoperability, differences in performance, functionality, but also security (e.g., due to bugs) can be expected. Therefore, knowledge about the implementation of an endpoint on the Internet can help…
▽ More
The diversity of QUIC implementations poses challenges for Internet measurements and the analysis of the QUIC ecosystem. While all implementations follow the same specification and there is general interoperability, differences in performance, functionality, but also security (e.g., due to bugs) can be expected. Therefore, knowledge about the implementation of an endpoint on the Internet can help researchers, operators, and users to better analyze connections, performance, and security. In this work, we improved the detection rate of QUIC scans to find more deployments and provide an approach to effectively identify QUIC server libraries based on CONNECTION CLOSE frames and transport parameter orders. We performed Internet-wide scans and identified at least one deployment for 18 QUIC libraries. In total, we can identify the libraries with 8.0 M IPv4 and 2.5 M IPv6 addresses. We provide a comprehensive view of the landscape of competing QUIC libraries.
△ Less
Submitted 19 March, 2024; v1 submitted 30 August, 2023;
originally announced August 2023.
-
Target Acquired? Evaluating Target Generation Algorithms for IPv6
Authors:
Lion Steger,
Liming Kuang,
Johannes Zirngibl,
Georg Carle,
Oliver Gasser
Abstract:
Internet measurements are a crucial foundation of IPv6-related research. Due to the infeasibility of full address space scans for IPv6 however, those measurements rely on collections of reliably responsive, unbiased addresses, as provided e.g., by the IPv6 Hitlist service. Although used for various use cases, the hitlist provides an unfiltered list of responsive addresses, the hosts behind which c…
▽ More
Internet measurements are a crucial foundation of IPv6-related research. Due to the infeasibility of full address space scans for IPv6 however, those measurements rely on collections of reliably responsive, unbiased addresses, as provided e.g., by the IPv6 Hitlist service. Although used for various use cases, the hitlist provides an unfiltered list of responsive addresses, the hosts behind which can come from a range of different networks and devices, such as web servers, customer-premises equipment (CPE) devices, and Internet infrastructure. In this paper, we demonstrate the importance of tailoring hitlists in accordance with the research goal in question. By using PeeringDB we classify hitlist addresses into six different network categories, uncovering that 42% of hitlist addresses are in ISP networks. Moreover, we show the different behavior of those addresses depending on their respective category, e.g., ISP addresses exhibiting a relatively low lifetime. Furthermore, we analyze different Target Generation Algorithms (TGAs), which are used to increase the coverage of IPv6 measurements by generating new responsive targets for scans. We evaluate their performance under various conditions and find generated addresses to show vastly differing responsiveness levels for different TGAs.
△ Less
Submitted 13 July, 2023;
originally announced July 2023.
-
Inter-Cell Network Slicing With Transfer Learning Empowered Multi-Agent Deep Reinforcement Learning
Authors:
Tianlun Hu,
Qi Liao,
Qiang Liu,
Georg Carle
Abstract:
Network slicing enables operators to efficiently support diverse applications on a common physical infrastructure. The ever-increasing densification of network deployment leads to complex and non-trivial inter-cell interference, which requires more than inaccurate analytic models to dynamically optimize resource management for network slices. In this paper, we develop a DIRP algorithm with multipl…
▽ More
Network slicing enables operators to efficiently support diverse applications on a common physical infrastructure. The ever-increasing densification of network deployment leads to complex and non-trivial inter-cell interference, which requires more than inaccurate analytic models to dynamically optimize resource management for network slices. In this paper, we develop a DIRP algorithm with multiple deep reinforcement learning (DRL) agents to cooperatively optimize resource partition in individual cells to fulfill the requirements of each slice, based on two alternative reward functions. Nevertheless, existing DRL approaches usually tie the pretrained model parameters to specific network environments with poor transferability, which raises practical deployment concerns in large-scale mobile networks. Hence, we design a novel transfer learning-aided DIRP (TL-DIRP) algorithm to ease the transfer of DIRP agents across different network environments in terms of sample efficiency, model reproducibility, and algorithm scalability. The TL-DIRP algorithm first centrally trains a generalized model and then transfers the "generalist" to each local agent as "specialist" with distributed finetuning and execution. TL-DIRP consists of two steps: 1) centralized training of a generalized distributed model, 2) transferring the "generalist" to each "specialist" with distributed finetuning and execution. The numerical results show that not only DIRP outperforms existing baseline approaches in terms of faster convergence and higher reward, but more importantly, TL-DIRP significantly improves the service performance, with reduced exploration cost, accelerated convergence rate, and enhanced model reproducibility. As compared to a traffic-aware baseline, TL-DIRP provides about 15% less violation ratio of the quality of service (QoS) for the worst slice service and 8.8% less violation on the average service QoS.
△ Less
Submitted 20 June, 2023;
originally announced June 2023.
-
Network Slicing via Transfer Learning aided Distributed Deep Reinforcement Learning
Authors:
Tianlun Hu,
Qi Liao,
Qiang Liu,
Georg Carle
Abstract:
Deep reinforcement learning (DRL) has been increasingly employed to handle the dynamic and complex resource management in network slicing. The deployment of DRL policies in real networks, however, is complicated by heterogeneous cell conditions. In this paper, we propose a novel transfer learning (TL) aided multi-agent deep reinforcement learning (MADRL) approach with inter-agent similarity analys…
▽ More
Deep reinforcement learning (DRL) has been increasingly employed to handle the dynamic and complex resource management in network slicing. The deployment of DRL policies in real networks, however, is complicated by heterogeneous cell conditions. In this paper, we propose a novel transfer learning (TL) aided multi-agent deep reinforcement learning (MADRL) approach with inter-agent similarity analysis for inter-cell inter-slice resource partitioning. First, we design a coordinated MADRL method with information sharing to intelligently partition resource to slices and manage inter-cell interference. Second, we propose an integrated TL method to transfer the learned DRL policies among different local agents for accelerating the policy deployment. The method is composed of a new domain and task similarity measurement approach and a new knowledge transfer approach, which resolves the problem of from whom to transfer and how to transfer. We evaluated the proposed solution with extensive simulations in a system-level simulator and show that our approach outperforms the state-of-the-art solutions in terms of performance, convergence speed and sample efficiency. Moreover, by applying TL, we achieve an additional gain over 27% higher than the coordinate MADRL approach without TL.
△ Less
Submitted 23 June, 2023; v1 submitted 9 January, 2023;
originally announced January 2023.
-
Rusty Clusters? Dusting an IPv6 Research Foundation
Authors:
Johannes Zirngibl,
Lion Steger,
Patrick Sattler,
Oliver Gasser,
Georg Carle
Abstract:
The long-running IPv6 Hitlist service is an important foundation for IPv6 measurement studies. It helps to overcome infeasible, complete address space scans by collecting valuable, unbiased IPv6 address candidates and regularly testing their responsiveness. However, the Internet itself is a quickly changing ecosystem that can affect longrunning services, potentially inducing biases and obscurities…
▽ More
The long-running IPv6 Hitlist service is an important foundation for IPv6 measurement studies. It helps to overcome infeasible, complete address space scans by collecting valuable, unbiased IPv6 address candidates and regularly testing their responsiveness. However, the Internet itself is a quickly changing ecosystem that can affect longrunning services, potentially inducing biases and obscurities into ongoing data collection means. Frequent analyses but also updates are necessary to enable a valuable service to the community.
In this paper, we show that the existing hitlist is highly impacted by the Great Firewall of China, and we offer a cleaned view on the development of responsive addresses. While the accumulated input shows an increasing bias towards some networks, the cleaned set of responsive addresses is well distributed and shows a steady increase.
Although it is a best practice to remove aliased prefixes from IPv6 hitlists, we show that this also removes major content delivery networks. More than 98% of all IPv6 addresses announced by Fastly were labeled as aliased and Cloudflare prefixes hosting more than 10M domains were excluded. Depending on the hitlist usage, e.g., higher layer protocol scans, inclusion of addresses from these providers can be valuable.
Lastly, we evaluate different new address candidate sources, including target generation algorithms to improve the coverage of the current IPv6 Hitlist. We show that a combination of different methodologies is able to identify 5.6M new, responsive addresses. This accounts for an increase by 174% and combined with the current IPv6 Hitlist, we identify 8.8M responsive addresses.
△ Less
Submitted 19 September, 2022;
originally announced September 2022.
-
Waiting for QUIC: On the Opportunities of Passive Measurements to Understand QUIC Deployments
Authors:
Jonas Mücke,
Marcin Nawrocki,
Raphael Hiesgen,
Patrick Sattler,
Johannes Zirngibl,
Georg Carle,
Thomas C. Schmidt,
Matthias Wählisch
Abstract:
In this paper, we study the potentials of passive measurements to gain advanced knowledge about QUIC deployments. By analyzing one month backscatter traffic of the /9 CAIDA network telescope, we are able to make the following observations. First, we can identify different off-net deployments of hypergiants, using packet features such as QUIC source connection IDs (SCID), packet coalescence, and pa…
▽ More
In this paper, we study the potentials of passive measurements to gain advanced knowledge about QUIC deployments. By analyzing one month backscatter traffic of the /9 CAIDA network telescope, we are able to make the following observations. First, we can identify different off-net deployments of hypergiants, using packet features such as QUIC source connection IDs (SCID), packet coalescence, and packet lengths. Second, Facebook and Google configure significantly different retransmission timeouts and maximum number of retransmissions. Third, SCIDs allow further insights into load balancer deployments such as number of servers per load balancer. We bolster our results by active measurements.
△ Less
Submitted 2 September, 2022;
originally announced September 2022.
-
Towards a Tectonic Traffic Shift? Investigating Apple's New Relay Network
Authors:
Patrick Sattler,
Juliane Aulbach,
Johannes Zirngibl,
Georg Carle
Abstract:
Apple recently published its first Beta of the iCloud Private Relay, a privacy protection service with promises resembling the ones of VPNs. The architecture consists of two layers (ingress and egress), operated by disjoint providers. The service is directly integrated into Apple's operating systems and therefore provides a low entry level barrier for a large user base. It seems to be set up for m…
▽ More
Apple recently published its first Beta of the iCloud Private Relay, a privacy protection service with promises resembling the ones of VPNs. The architecture consists of two layers (ingress and egress), operated by disjoint providers. The service is directly integrated into Apple's operating systems and therefore provides a low entry level barrier for a large user base. It seems to be set up for major adoption with its relatively moderate entry-level price. This paper analyzes the iCloud Private Relay from a network perspective and its effect on the Internet and future measurement-based research. We perform EDNS0 Client Subnet DNS queries to collect ingress relay addresses and find 1586 IPv4 addresses. Supplementary RIPE Atlas DNS measurements reveal 1575 IPv6 addresses. Knowledge about these addresses helps to passively detect clients communicating through the relay network. According to our scans, from January through April, ingress addresses grew by 20%. The analysis of our scans through the relay network verifies Apple's claim of rotating egress addresses. Nevertheless, it reveals that ingress and egress relays can be located in the same autonomous system, thus sharing similar routes, potentially allowing traffic correlation.
△ Less
Submitted 26 September, 2022; v1 submitted 5 July, 2022;
originally announced July 2022.
-
Active TLS Stack Fingerprinting: Characterizing TLS Server Deployments at Scale
Authors:
Markus Sosnowski,
Johannes Zirngibl,
Patrick Sattler,
Georg Carle,
Claas Grohnfeldt,
Michele Russo,
Daniele Sgandurra
Abstract:
Active measurements can be used to collect server characteristics on a large scale. This kind of metadata can help discovering hidden relations and commonalities among server deployments offering new possibilities to cluster and classify them. As an example, identifying a previously-unknown cybercriminal infrastructures can be a valuable source for cyber-threat intelligence. We propose herein an a…
▽ More
Active measurements can be used to collect server characteristics on a large scale. This kind of metadata can help discovering hidden relations and commonalities among server deployments offering new possibilities to cluster and classify them. As an example, identifying a previously-unknown cybercriminal infrastructures can be a valuable source for cyber-threat intelligence. We propose herein an active measurement-based methodology for acquiring Transport Layer Security (TLS) metadata from servers and leverage it for their fingerprinting. Our fingerprints capture the characteristic behavior of the TLS stack primarily caused by the implementation, configuration, and hardware support of the underlying server. Using an empirical optimization strategy that maximizes information gain from every handshake to minimize measurement costs, we generated 10 general-purpose Client Hellos used as scanning probes to create a large database of TLS configurations used for classifying servers. We fingerprinted 28 million servers from the Alexa and Majestic toplists and two Command and Control (C2) blocklists over a period of 30 weeks with weekly snapshots as foundation for two long-term case studies: classification of Content Delivery Network and C2 servers. The proposed methodology shows a precision of more than 99 % and enables a stable identification of new servers over time. This study describes a new opportunity for active measurements to provide valuable insights into the Internet that can be used in security-relevant use cases.
△ Less
Submitted 30 August, 2023; v1 submitted 27 June, 2022;
originally announced June 2022.
-
High-Throughput Secure Multiparty Computation with an Honest Majority in Various Network Settings
Authors:
Christopher Harth-Kitzerow,
Ajith Suresh,
Yonqing Wang,
Hossein Yalame,
Georg Carle,
Murali Annavaram
Abstract:
In this work, we present novel protocols over rings for semi-honest secure three-party computation (3PC) and malicious four-party computation (4PC) with one corruption. While most existing works focus on improving total communication complexity, challenges such as network heterogeneity and computational complexity, which impact MPC performance in practice, remain underexplored.
Our protocols add…
▽ More
In this work, we present novel protocols over rings for semi-honest secure three-party computation (3PC) and malicious four-party computation (4PC) with one corruption. While most existing works focus on improving total communication complexity, challenges such as network heterogeneity and computational complexity, which impact MPC performance in practice, remain underexplored.
Our protocols address these issues by tolerating multiple arbitrarily weak network links between parties without any substantial decrease in performance. Additionally, they significantly reduce computational complexity by requiring up to half the number of basic instructions per gate compared to related work. These improvements lead to up to twice the throughput of state-of-the-art protocols in homogeneous network settings and even larger performance improvements in heterogeneous settings. These advantages come at no additional cost: Our protocols maintain the best-known total communication complexity per multiplication, requiring 3 elements for 3PC and 5 elements for 4PC.
We implemented our protocols alongside several state-of-the-art protocols (Replicated 3PC, ASTRA, Fantastic Four, Tetrad) in a novel open-source C++ framework optimized for high throughput. Five out of six implemented 3PC and 4PC protocols achieve more than one billion 32-bit multiplications or over 32 billion AND gates per second using our implementation in a 25 Gbit/s LAN environment. This represents the highest throughput achieved in 3PC and 4PC so far, outperforming existing frameworks like MP-SPDZ, ABY3, MPyC, and MOTION by two to three orders of magnitude.
△ Less
Submitted 28 June, 2024; v1 submitted 8 June, 2022;
originally announced June 2022.
-
CRGC -- A Practical Framework for Constructing Reusable Garbled Circuits
Authors:
Christopher Harth-Kitzerow,
Georg Carle,
Fan Fei,
Andre Luckow,
Johannes Klepsch
Abstract:
In this work, we introduce two schemes to construct reusable garbled circuits (RGCs) in the semi-honest setting. Our completely reusable garbled circuit (CRGC) scheme allows the generator (party A) to construct and send an obfuscated boolean circuit along with an encoded input to the evaluator (party B). In contrast to Yao's Garbled Circuit protocol, B can securely evaluate the same CRGC with an a…
▽ More
In this work, we introduce two schemes to construct reusable garbled circuits (RGCs) in the semi-honest setting. Our completely reusable garbled circuit (CRGC) scheme allows the generator (party A) to construct and send an obfuscated boolean circuit along with an encoded input to the evaluator (party B). In contrast to Yao's Garbled Circuit protocol, B can securely evaluate the same CRGC with an arbitrary number of inputs. As a tradeoff, CRGCs predictably leak some input bits of A to B. We also propose a partially reusable garbled circuit (PRGC) scheme that divides a circuit into reusable and non-reusable sections. PRGCs do not leak input bits of A. We benchmark our CRGC implementation against the state-of-the-art garbled circuit libraries EMP SH2PC and TinyGarble2. Using our framework, evaluating a CRGC is up to twenty times faster, albeit with weaker privacy guarantees, than evaluating an equivalent garbled circuit constructed by the two existing libraries. Our open-source library can convert any C++ function to a CRGC at approx. 80 million gates per second and repeatedly evaluate a CRGC at approx. 350 million gates per second. Additionally, a compressed CRGC is approx. 75% smaller in file size than the unobfuscated boolean circuit.
△ Less
Submitted 6 May, 2022; v1 submitted 23 March, 2022;
originally announced March 2022.
-
Inter-Cell Slicing Resource Partitioning via Coordinated Multi-Agent Deep Reinforcement Learning
Authors:
Tianlun Hu,
Qi Liao,
Qiang Liu,
Dan Wellington,
Georg Carle
Abstract:
Network slicing enables the operator to configure virtual network instances for diverse services with specific requirements. To achieve the slice-aware radio resource scheduling, dynamic slicing resource partitioning is needed to orchestrate multi-cell slice resources and mitigate inter-cell interference. It is, however, challenging to derive the analytical solutions due to the complex inter-cell…
▽ More
Network slicing enables the operator to configure virtual network instances for diverse services with specific requirements. To achieve the slice-aware radio resource scheduling, dynamic slicing resource partitioning is needed to orchestrate multi-cell slice resources and mitigate inter-cell interference. It is, however, challenging to derive the analytical solutions due to the complex inter-cell interdependencies, interslice resource constraints, and service-specific requirements. In this paper, we propose a multi-agent deep reinforcement learning (DRL) approach that improves the max-min slice performance while maintaining the constraints of resource capacity. We design two coordination schemes to allow distributed agents to coordinate and mitigate inter-cell interference. The proposed approach is extensively evaluated in a system-level simulator. The numerical results show that the proposed approach with inter-agent coordination outperforms the centralized approach in terms of delay and convergence. The proposed approach improves more than two-fold increase in resource efficiency as compared to the baseline approach.
△ Less
Submitted 25 February, 2022;
originally announced February 2022.
-
A Distributed Intelligence Architecture for B5G Network Automation
Authors:
Sayantini Majumdar,
Riccardo Trivisonno,
Georg Carle
Abstract:
The management of networks is automated by closed loops. Concurrent closed loops aiming for individual optimization cause conflicts which, left unresolved, leads to significant degradation in performance indicators, resulting in sub-optimal network performance. Centralized optimization avoids conflicts, but impractical in large-scale networks for time-critical applications. Distributed, pervasive…
▽ More
The management of networks is automated by closed loops. Concurrent closed loops aiming for individual optimization cause conflicts which, left unresolved, leads to significant degradation in performance indicators, resulting in sub-optimal network performance. Centralized optimization avoids conflicts, but impractical in large-scale networks for time-critical applications. Distributed, pervasive intelligence is therefore envisaged in the evolution to B5G networks. In this letter, we propose a Q-Learning-based distributed architecture (QLC), addressing the conflict issue by encouraging cooperation among intelligent agents. We design a realistic B5G network slice auto-scaling model and validate the performance of QLC via simulations, justifying further research in this direction.
△ Less
Submitted 7 October, 2021; v1 submitted 28 July, 2021;
originally announced July 2021.
-
Decorrelating Adversarial Nets for Clustering Mobile Network Data
Authors:
Marton Kajo,
Janik Schnellbach,
Stephen S. Mwanje,
Georg Carle
Abstract:
Deep learning will play a crucial role in enabling cognitive automation for the mobile networks of the future. Deep clustering, a subset of deep learning, could be a valuable tool for many network automation use-cases. Unfortunately, most state-of-the-art clustering algorithms target image datasets, which makes them hard to apply to mobile network data due to their highly tuned nature and related…
▽ More
Deep learning will play a crucial role in enabling cognitive automation for the mobile networks of the future. Deep clustering, a subset of deep learning, could be a valuable tool for many network automation use-cases. Unfortunately, most state-of-the-art clustering algorithms target image datasets, which makes them hard to apply to mobile network data due to their highly tuned nature and related assumptions about the data. In this paper, we propose a new algorithm, DANCE (Decorrelating Adversarial Nets for Clustering-friendly Encoding), intended to be a reliable deep clustering method which also performs well when applied to network automation use-cases. DANCE uses a reconstructive clustering approach, separating clustering-relevant from clustering-irrelevant features in a latent representation. This separation removes unnecessary information from the clustering, increasing consistency and peak performance. We comprehensively evaluate DANCE and other select state-of-the-art deep clustering algorithms, and show that DANCE outperforms these algorithms by a significant margin on a mobile network dataset.
△ Less
Submitted 11 March, 2021;
originally announced March 2021.
-
Neural Network-based Quantization for Network Automation
Authors:
Marton Kajo,
Stephen S. Mwanje,
Benedek Schultz,
Georg Carle
Abstract:
Deep Learning methods have been adopted in mobile networks, especially for network management automation where they provide means for advanced machine cognition. Deep learning methods utilize cutting-edge hardware and software tools, allowing complex cognitive algorithms to be developed. In a recent paper, we introduced the Bounding Sphere Quantization (BSQ) algorithm, a modification of the k-Mean…
▽ More
Deep Learning methods have been adopted in mobile networks, especially for network management automation where they provide means for advanced machine cognition. Deep learning methods utilize cutting-edge hardware and software tools, allowing complex cognitive algorithms to be developed. In a recent paper, we introduced the Bounding Sphere Quantization (BSQ) algorithm, a modification of the k-Means algorithm, that was shown to create better quantizations for certain network management use-cases, such as anomaly detection. However, BSQ required a significantly longer time to train than k-Means, a challenge which can be overcome with a neural network-based implementation. In this paper, we present such an implementation of BSQ that utilizes state-of-the-art deep learning tools to achieve a competitive training speed.
△ Less
Submitted 4 March, 2021;
originally announced March 2021.
-
RAN Cognitive Controller
Authors:
Anubhab Banerjee,
Stephen S. Mwanje,
Georg Carle
Abstract:
Cognitive Autonomous Networks (CAN) deploys learning based Cognitive Functions (CF) instead of conventional rule-based SON Functions (SF) as Network Automation Functions (NAF) to increase the system autonomy. These CFs work in parallel sharing the same resources which give rise to conflicts among them which cannot be resolved using conventional rule based approach. Our main target is to design a C…
▽ More
Cognitive Autonomous Networks (CAN) deploys learning based Cognitive Functions (CF) instead of conventional rule-based SON Functions (SF) as Network Automation Functions (NAF) to increase the system autonomy. These CFs work in parallel sharing the same resources which give rise to conflicts among them which cannot be resolved using conventional rule based approach. Our main target is to design a Controller which can resolve any type of conflicts among the CFs in a dynamic way.
△ Less
Submitted 20 October, 2020;
originally announced October 2020.
-
Digital Contact Tracing Service: An improved decentralized design for privacy and effectiveness
Authors:
Kilian Holzapfel,
Martina Karl,
Linus Lotz,
Georg Carle,
Christian Djeffal,
Christian Fruck,
Christian Haack,
Dirk Heckmann,
Philipp H. Kindt,
Michael Köppl,
Patrick Krause,
Lolian Shtembari,
Lorenz Marx,
Stephan Meighen-Berger,
Birgit Neumair,
Matthias Neumair,
Julia Pollmann,
Tina Pollmann,
Elisa Resconi,
Stefan Schönert,
Andrea Turcati,
Christoph Wiesinger,
Giovanni Zattera,
Christopher Allan,
Esteban Barco
, et al. (12 additional authors not shown)
Abstract:
We propose a decentralized digital contact tracing service that preserves the users' privacy by design while complying to the highest security standards. Our approach is based on Bluetooth and measures actual encounters of people, the contact time period, and estimates the proximity of the contact. We trace the users' contacts and the possible spread of infectious diseases while preventing locatio…
▽ More
We propose a decentralized digital contact tracing service that preserves the users' privacy by design while complying to the highest security standards. Our approach is based on Bluetooth and measures actual encounters of people, the contact time period, and estimates the proximity of the contact. We trace the users' contacts and the possible spread of infectious diseases while preventing location tracking of users, protecting their data and identity. We verify and improve the impact of tracking based on epidemiological models. We compare a centralized and decentralized approach on a legal perspective and find a decentralized approach preferable considering proportionality and data minimization.
△ Less
Submitted 29 June, 2020;
originally announced June 2020.
-
Hardening X.509 Certificate Issuance using Distributed Ledger Technology
Authors:
Holger Kinkelin,
Richard von Seck,
Christoph Rudolf,
Georg Carle
Abstract:
The security of cryptographic communication protocols that use X.509 certificates depends on the correctness of those certificates. This paper proposes a system that helps to ensure the correct operation of an X.509 certification authority and its registration authorities. We achieve this goal by enforcing a policy-defined, multi-party validation and authorization workflow of certificate signing r…
▽ More
The security of cryptographic communication protocols that use X.509 certificates depends on the correctness of those certificates. This paper proposes a system that helps to ensure the correct operation of an X.509 certification authority and its registration authorities. We achieve this goal by enforcing a policy-defined, multi-party validation and authorization workflow of certificate signing requests. Besides, our system offers full accountability for this workflow for forensic purposes. As a foundation for our implementation, we leverage the distributed ledger and smart contract framework Hyperledger Fabric. Our implementation inherits the strong tamper-resistance of Fabric which strengthens the integrity of the computer processes that enforce the validation and authorization of the certificate signing request, and of the metadata collected during certificate issuance.
△ Less
Submitted 15 April, 2020;
originally announced April 2020.
-
Me Love (SYN-)Cookies: SYN Flood Mitigation in Programmable Data Planes
Authors:
Dominik Scholz,
Sebastian Gallenmüller,
Henning Stubbe,
Bassam Jaber,
Minoo Rouhi,
Georg Carle
Abstract:
The SYN flood attack is a common attack strategy on the Internet, which tries to overload services with requests leading to a Denial-of-Service (DoS). Highly asymmetric costs for connection setup - putting the main burden on the attackee - make SYN flooding an efficient and popular DoS attack strategy. Abusing the widely used TCP as an attack vector complicates the detection of malicious traffic a…
▽ More
The SYN flood attack is a common attack strategy on the Internet, which tries to overload services with requests leading to a Denial-of-Service (DoS). Highly asymmetric costs for connection setup - putting the main burden on the attackee - make SYN flooding an efficient and popular DoS attack strategy. Abusing the widely used TCP as an attack vector complicates the detection of malicious traffic and its prevention utilizing naive connection blocking strategies. Modern programmable data plane devices are capable of handling traffic in the 10 Gbit/s range without overloading. We discuss how we can harness their performance to defend entire networks against SYN flood attacks. Therefore, we analyze different defense strategies, SYN authentication and SYN cookie, and discuss implementation difficulties when ported to different target data planes: software, network processors, and FPGAs. We provide prototype implementations and performance figures for all three platforms. Further, we fully disclose the artifacts leading to the experiments described in this work.
△ Less
Submitted 6 March, 2020;
originally announced March 2020.
-
On the Necessity and Design of Coordination Mechanism for Cognitive Autonomous Networks
Authors:
Anubhab Banerjee,
Stephen S. Mwanje,
Georg Carle
Abstract:
Cognitive Autonomous Networks (CAN) are promoted to advance Self Organizing Network (SON), replacing rule-based SON Functions (SFs) with Cognitive Functions (CFs), which learn optimal behavior by interacting with the network. As in SON, CFs do encounter conflicts due to overlap in parameters or objectives. However, owing to the non-deterministic behavior of CFs, these conflicts cannot be resolved…
▽ More
Cognitive Autonomous Networks (CAN) are promoted to advance Self Organizing Network (SON), replacing rule-based SON Functions (SFs) with Cognitive Functions (CFs), which learn optimal behavior by interacting with the network. As in SON, CFs do encounter conflicts due to overlap in parameters or objectives. However, owing to the non-deterministic behavior of CFs, these conflicts cannot be resolved using rulebased methods and new solutions are required. This paper investigates the CF deployments with and without a coordination mechanism, and proves both heuristically and mathematically that a coordination mechanism is required. Using a two-CF Multi-Agent-System model with the possible types of conflicts, we show that the challenge is a typical bargaining problem, for which the optimal response is the Nash bargaining Solution (NBS). We use NBS to propose a coordination mechanism design that is capable of resolving the conflicts and show via simulations how implementation of the proposed solution is feasible in real life scenario.
△ Less
Submitted 20 January, 2020;
originally announced January 2020.
-
A Generalized TDoA/ToA Model for ToF Positioning
Authors:
Maximilian von Tschirschnitz,
Marcel Wagner,
Marc-Oliver Pahl,
Georg Carle
Abstract:
Many applications require positioning. Time of Flight (ToF) methods calculate distances by measuring the propagation time of signals. We present a novel ToF localization method. Our new approach works infrastructure-less, without pre-defined roles like Anchors or Tags. It generalizes existing synchronization-less Time Difference of Arrival (TDoA) and Time of Arrival (ToA) algorithms. We show how k…
▽ More
Many applications require positioning. Time of Flight (ToF) methods calculate distances by measuring the propagation time of signals. We present a novel ToF localization method. Our new approach works infrastructure-less, without pre-defined roles like Anchors or Tags. It generalizes existing synchronization-less Time Difference of Arrival (TDoA) and Time of Arrival (ToA) algorithms. We show how known algorithms can be derived from our new method. A major advantage of our approach is that it provides a comparable or better clock error robustness, i.e. the typical errors of crystal oscillators have negligible impact for TDoA and ToA measurements. We show that our channel usage is for most cases superior compared to the state-of-the art.
△ Less
Submitted 12 January, 2020; v1 submitted 20 September, 2019;
originally announced September 2019.
-
Clock Error Analysis of Common Time of Flight based Positioning Methods
Authors:
Maximilian von Tschirschnitz,
Marcel Wagner,
Marc-Oliver Pahl,
Georg Carle
Abstract:
Today, many applications such as production or rescue settings rely on highly accurate entity positioning. Advanced Time of Flight (ToF) based positioning methods provide highaccuracy localization of entities. A key challenge for ToF based positioning is to synchronize the clocks between the participating entities. This paper summarizes and analyzes ToA and TDoA methods with respect to clock error…
▽ More
Today, many applications such as production or rescue settings rely on highly accurate entity positioning. Advanced Time of Flight (ToF) based positioning methods provide highaccuracy localization of entities. A key challenge for ToF based positioning is to synchronize the clocks between the participating entities. This paper summarizes and analyzes ToA and TDoA methods with respect to clock error robustness. The focus is on synchronization-less methods, i.e. methods which reduce the infrastructure requirement significantly. We introduce a unified notation to survey and compare the relevant work from literature. Then we apply a clock error model and compute worst case location-accuracy errors. Our analysis reveals a superior error robustness against clock errors for so called Double-Pulse methods when applied to radio based ToF positioning
△ Less
Submitted 12 January, 2020; v1 submitted 20 September, 2019;
originally announced September 2019.
-
5G QoS: Impact of Security Functions on Latency
Authors:
Sebastian Gallenmüller,
Johannes Naab,
Iris Adam,
Georg Carle
Abstract:
Network slicing is considered a key enabler to 5th Generation (5G) communication networks. Mobile network operators may deploy network slices -- complete logical networks customized for specific services expecting a certain Quality of Service (QoS). New business models like Network Slice-as-a-Service offerings to customers from vertical industries require negotiated Service Level Agreement (SLA) c…
▽ More
Network slicing is considered a key enabler to 5th Generation (5G) communication networks. Mobile network operators may deploy network slices -- complete logical networks customized for specific services expecting a certain Quality of Service (QoS). New business models like Network Slice-as-a-Service offerings to customers from vertical industries require negotiated Service Level Agreement (SLA) contracts, and network providers need automated enforcement mechanisms to assure QoS during instantiation and operation of slices. In this paper, we focus on ultra-reliable low-latency communication (URLLC). We propose a software architecture for security functions based on off-the-shelf hardware and open-source software and demonstrate, through a series of measurements, that the strict requirements of URLLC services can be achieved. As a real-world example, we perform our experiments using the intrusion prevention system (IPS) Snort to demonstrate the impact of security functions on latency. Our findings lead to the creation of a model predicting the system load that still meets the URLLC latency requirement. We fully disclose the artifacts presented in this paper including pcap traces, measurement tools, and plotting scripts at https://gallenmu.github.io/low-latency.
△ Less
Submitted 18 September, 2019;
originally announced September 2019.
-
The Case for Writing Network Drivers in High-Level Programming Languages
Authors:
Paul Emmerich,
Simon Ellmann,
Fabian Bonk,
Alex Egger,
Esaú García Sánchez-Torija,
Thomas Günzel,
Sebastian Di Luzio,
Alexandru Obada,
Maximilian Stadlmeier,
Sebastian Voit,
Georg Carle
Abstract:
Drivers are written in C or restricted subsets of C++ on all production-grade server, desktop, and mobile operating systems. They account for 66% of the code in Linux, but 39 out of 40 security bugs related to memory safety found in Linux in 2017 are located in drivers. These bugs could have been prevented by using high-level languages for drivers. We present user space drivers for the Intel ixgbe…
▽ More
Drivers are written in C or restricted subsets of C++ on all production-grade server, desktop, and mobile operating systems. They account for 66% of the code in Linux, but 39 out of 40 security bugs related to memory safety found in Linux in 2017 are located in drivers. These bugs could have been prevented by using high-level languages for drivers. We present user space drivers for the Intel ixgbe 10 Gbit/s network cards implemented in Rust, Go, C#, Java, OCaml, Haskell, Swift, JavaScript, and Python written from scratch in idiomatic style for the respective languages. We quantify costs and benefits of using these languages: High-level languages are safer (fewer bugs, more safety checks), but run-time safety checks reduce throughput and garbage collection leads to latency spikes. Out-of-order CPUs mitigate the cost of safety checks: Our Rust driver executes 63% more instructions per packet but is only 4% slower than a reference C implementation. Go's garbage collector keeps latencies below 100 $μ$s even under heavy load. Other languages fare worse, but their unique properties make for an interesting case study.
All implementations are available as free and open source at https://github.com/ixy-languages/ixy-languages.
△ Less
Submitted 13 September, 2019;
originally announced September 2019.
-
Galois Field Arithmetics for Linear Network Coding using AVX512 Instruction Set Extensions
Authors:
Stephan M. Günther,
Nicolas Appel,
Georg Carle
Abstract:
Linear network coding requires arithmetic operations over Galois fields, more specifically over finite extension fields. While coding over GF(2) reduces to simple XOR operations, this field is less preferred for practical applications of random linear network coding due to high chances of linear dependencies and therefore redundant coded packets. Coding over larger fields such as GF(16) and GF(256…
▽ More
Linear network coding requires arithmetic operations over Galois fields, more specifically over finite extension fields. While coding over GF(2) reduces to simple XOR operations, this field is less preferred for practical applications of random linear network coding due to high chances of linear dependencies and therefore redundant coded packets. Coding over larger fields such as GF(16) and GF(256) does not have that issue, but is significantly slower. SIMD vector extensions of processors such as AVX2 on x86-based systems or NEON on ARM-based devices offer the potential to increase performance by orders of magnitude.
In this paper we present an implementation of different algorithms and Galois fields based on the AVX512 instruction set extension and integrate it into the finite field library libmoepgf. We compare the performance of the new implementation to the reference implementation based on AVX2, showing a significant increase in throughput. In addition, we provide a survey of the best possible coding performance offered by a variety of different platforms.
△ Less
Submitted 4 September, 2019;
originally announced September 2019.
-
Next Generation Resilient Cyber-Physical Systems
Authors:
Michel Barbeau,
Georg Carle,
Joaquin Garcia-Alfaro,
Vicenç Torra
Abstract:
Cyber-Physical Systems (CPS) consist of distributed engineered environments where the monitoring and surveillance tasks are governed by tightly integrated computing, communication and control technologies. CPS are omnipresent in our everyday life. Hacking and failures of such systems have impact on critical services with potentially significant and lasting consequences. In this paper, we review wh…
▽ More
Cyber-Physical Systems (CPS) consist of distributed engineered environments where the monitoring and surveillance tasks are governed by tightly integrated computing, communication and control technologies. CPS are omnipresent in our everyday life. Hacking and failures of such systems have impact on critical services with potentially significant and lasting consequences. In this paper, we review which requirements a CPS must meet to address the challenges of tomorrow. Two key challenges are understanding and reinforcing the resilience of CPS.
△ Less
Submitted 8 November, 2019; v1 submitted 20 July, 2019;
originally announced July 2019.
-
Optimally Self-Healing IoT Choreographies
Authors:
Jan Seeger,
Arne Bröring,
Georg Carle
Abstract:
In the industrial Internet of Things domain, applications are moving from the Cloud into the edge, closer to the devices producing and consuming data. This means applications move from the scalable and homogeneous cloud environment into a constrained heterogeneous edge network. Making edge applications reliable enough to fulfill Industrie 4.0 use cases is still an open research challenge. Maintain…
▽ More
In the industrial Internet of Things domain, applications are moving from the Cloud into the edge, closer to the devices producing and consuming data. This means applications move from the scalable and homogeneous cloud environment into a constrained heterogeneous edge network. Making edge applications reliable enough to fulfill Industrie 4.0 use cases is still an open research challenge. Maintaining operation of an edge system requires advanced management techniques to mitigate the failure of devices. This paper tackles this challenge with a twofold approach: (1) a policy-enabled failure detector that enables adaptable failure detection and (2) an allocation component for the efficient selection of failure mitigation actions. We evaluate the parameters and performance of our failure detection approach and the performance of an energy-efficient allocation technique, and present a vision for a complete system as well as an example use case.
△ Less
Submitted 10 July, 2019;
originally announced July 2019.
-
DTLS Performance - How Expensive is Security?
Authors:
Sebastian Gallenmüller,
Dominik Schöffmann,
Dominik Scholz,
Fabien Geyer,
Georg Carle
Abstract:
Secure communication is an integral feature of many Internet services. The widely deployed TLS protects reliable transport protocols. DTLS extends TLS security services to protocols relying on plain UDP packet transport, such as VoIP or IoT applications. In this paper, we construct a model to determine the performance of generic DTLS-enabled applications. Our model considers basic network characte…
▽ More
Secure communication is an integral feature of many Internet services. The widely deployed TLS protects reliable transport protocols. DTLS extends TLS security services to protocols relying on plain UDP packet transport, such as VoIP or IoT applications. In this paper, we construct a model to determine the performance of generic DTLS-enabled applications. Our model considers basic network characteristics, e.g., number of connections, and the chosen security parameters, e.g., the encryption algorithm in use. Measurements are presented demonstrating the applicability of our model. These experiments are performed using a high-performance DTLS-enabled VPN gateway built on top of the well-established libraries DPDK and OpenSSL. This VPN solution represents the most essential parts of DTLS, creating a DTLS performance baseline. Using this baseline the model can be extended to predict even more complex DTLS protocols besides the measured VPN. Code and measured data used in this paper are publicly available at https://git.io/MoonSec and https://git.io/Sdata.
△ Less
Submitted 25 April, 2019;
originally announced April 2019.
-
Multi-party authorization and conflict mediation for decentralized configuration management processes
Authors:
Holger Kinkelin,
Heiko Niedermayer,
Marc Müller,
Georg Carle
Abstract:
Configuration management in networks with highest security demands must not depend on just one administrator and her device. Otherwise, problems can be caused by mistakes or malicious behavior of this admin, or when her computer got compromised, which allows an attacker to abuse the administrator's far-reaching permissions.
Instead, we propose to use a reliable and resilient configuration manage…
▽ More
Configuration management in networks with highest security demands must not depend on just one administrator and her device. Otherwise, problems can be caused by mistakes or malicious behavior of this admin, or when her computer got compromised, which allows an attacker to abuse the administrator's far-reaching permissions.
Instead, we propose to use a reliable and resilient configuration management process orchestrated by a configuration management system (CMS). This can be achieved by separation of concerns (proposing a configuration vs. authorizing it), employing multi-party authorization (MPA), and enforcing that only authorized configurations can be deployed. This results in a configuration management process that is decentralized on a human, decision-making level, and a technical, device level.
However, due to different opinions or adversarial interference, the result of an MPA process can end in a conflict. This raises the question how such conflicts can be mediated in a better way than just employing majority voting, which is insufficient in certain situations. As an alternative, this paper introduces building blocks of customizable conflict mediation strategies which we integrated into our CMS TANCS . The conflict mediation functionality as well as the initial TANCS implementation run on top of the distributed ledger and smart contract framework Hyperledger Fabric which makes all processes resilient and tamper-resistant.
△ Less
Submitted 19 March, 2019;
originally announced March 2019.
-
Agile Network Access Control in the Container Age
Authors:
Cornelius Diekmann,
Johannes Naab,
Andreas Korsten,
Georg Carle
Abstract:
Linux Containers, such as those managed by Docker, are an increasingly popular way to package and deploy complex applications. However, the fundamental security primitive of network access control for a distributed microservice deployment is often ignored or left to the network operations team. High-level application-specific security requirements are not appropriately enforced by low-level networ…
▽ More
Linux Containers, such as those managed by Docker, are an increasingly popular way to package and deploy complex applications. However, the fundamental security primitive of network access control for a distributed microservice deployment is often ignored or left to the network operations team. High-level application-specific security requirements are not appropriately enforced by low-level network access control lists. Apart from coarse-grained separation of virtual networks, Docker neither supports the application developer to specify nor the network operators to enforce fine-grained network access control between containers.
In a fictional story, we follow DevOp engineer Alice through the lifecycle of a web application. From the initial design and software engineering through network operations and automation, we show the task expected of Alice and propose tool-support to help. As a full-stack DevOp, Alice is involved in high-level design decisions as well as low-level network troubleshooting. Focusing on network access control, we demonstrate shortcomings in today's policy management and sketch a tool-supported solution. We survey related academic work and show that many existing tools fail to bridge between the different levels of abstractions a full-stack engineer is operating on.
Our toolset is formally verified using Isabell/HOL and is available as Open Source.
△ Less
Submitted 2 March, 2019;
originally announced March 2019.
-
User Space Network Drivers
Authors:
Paul Emmerich,
Maximilian Pudelko,
Simon Bauer,
Stefan Huber,
Thomas Zwickl,
Georg Carle
Abstract:
The rise of user space packet processing frameworks like DPDK and netmap makes low-level code more accessible to developers and researchers. Previously, driver code was hidden in the kernel and rarely modified, or even looked at, by developers working at higher layers. These barriers are gone nowadays, yet developers still treat user space drivers as black-boxes magically accelerating applications…
▽ More
The rise of user space packet processing frameworks like DPDK and netmap makes low-level code more accessible to developers and researchers. Previously, driver code was hidden in the kernel and rarely modified, or even looked at, by developers working at higher layers. These barriers are gone nowadays, yet developers still treat user space drivers as black-boxes magically accelerating applications. We want to change this: every researcher building high-speed network applications should understand the intricacies of the underlying drivers, especially if they impact performance. We present ixy, a user space network driver designed for simplicity and educational purposes to show that fast packet IO is not black magic but careful engineering. ixy focuses on the bare essentials of user space packet processing: a packet forwarder including the whole NIC driver uses less than 1,000 lines of C code.
This paper is partially written in tutorial style on the case study of our implementations of drivers for both the Intel 82599 family and for virtual VirtIO NICs. The former allows us to reason about driver and framework performance on a stripped-down implementation to assess individual optimizations in isolation. VirtIO support ensures that everyone can run it in a virtual machine.
Our code is available as free and open source under the BSD license at https://github.com/emmericp/ixy
△ Less
Submitted 8 September, 2019; v1 submitted 29 January, 2019;
originally announced January 2019.
-
Data Querying and Access Control for Secure Multiparty Computation
Authors:
Marcel von Maltitz,
Dominik Bitzer,
Georg Carle
Abstract:
In the Internet of Things and smart environments data, collected from distributed sensors, is typically stored and processed by a central middleware. This allows applications to query the data they need for providing further services. However, centralization of data causes several privacy threats: The middleware becomes a third party which has to be trusted, linkage and correlation of data from di…
▽ More
In the Internet of Things and smart environments data, collected from distributed sensors, is typically stored and processed by a central middleware. This allows applications to query the data they need for providing further services. However, centralization of data causes several privacy threats: The middleware becomes a third party which has to be trusted, linkage and correlation of data from different context becomes possible and data subject lose control over their data.
Hence, other approaches than centralized processing should be considered. Here, Secure Multiparty Computation is a promising candidate for secure and privacy-preserving computation happening close to the sources of the data.
In order to make SMC fit for application in these contexts, we extend SMC to act as a service: We provide elements which allow third parties to query computed data from a group of peers performing SMC. Furthermore, we establish fine-granular access control on the level of individual data queries, yielding data protection of the computed results. By adding measures to inform data sources about requests and the usage of their data, we show how a fully privacy-preserving service can be built on the foundation of SMC.
△ Less
Submitted 9 January, 2019;
originally announced January 2019.
-
Design of a Networked Controller for a Two-Wheeled Inverted Pendulum Robot
Authors:
Zenit Music,
Fabio Molinari,
Sebastian Gallenmüller,
Onur Ayan,
Samuele Zoppi,
Wolfgang Kellerer,
Georg Carle,
Thomas Seel,
Jörg Raisch
Abstract:
The topic of this paper is to use an intuitive model-based approach to design a networked controller for a recent benchmark scenario. The benchmark problem is to remotely control a two-wheeled inverted pendulum robot via W-LAN communication. The robot has to keep a vertical upright position. Incorporating wireless communication in the control loop introduces multiple uncertainties and affects syst…
▽ More
The topic of this paper is to use an intuitive model-based approach to design a networked controller for a recent benchmark scenario. The benchmark problem is to remotely control a two-wheeled inverted pendulum robot via W-LAN communication. The robot has to keep a vertical upright position. Incorporating wireless communication in the control loop introduces multiple uncertainties and affects system performance and stability. The proposed networked control scheme employs model predictive techniques and deliberately extends delays in order to make them constant and deterministic. The performance of the resulting networked control system is evaluated experimentally with a predefined benchmarking experiment and is compared to local control involving no delays.
△ Less
Submitted 23 May, 2019; v1 submitted 7 December, 2018;
originally announced December 2018.
-
The Rise of Certificate Transparency and Its Implications on the Internet Ecosystem
Authors:
Quirin Scheitle,
Oliver Gasser,
Theodor Nolte,
Johanna Amann,
Lexi Brent,
Georg Carle,
Ralph Holz,
Thomas C. Schmidt,
Matthias Wählisch
Abstract:
In this paper, we analyze the evolution of Certificate Transparency (CT) over time and explore the implications of exposing certificate DNS names from the perspective of security and privacy. We find that certificates in CT logs have seen exponential growth. Website support for CT has also constantly increased, with now 33% of established connections supporting CT. With the increasing deployment o…
▽ More
In this paper, we analyze the evolution of Certificate Transparency (CT) over time and explore the implications of exposing certificate DNS names from the perspective of security and privacy. We find that certificates in CT logs have seen exponential growth. Website support for CT has also constantly increased, with now 33% of established connections supporting CT. With the increasing deployment of CT, there are also concerns of information leakage due to all certificates being visible in CT logs. To understand this threat, we introduce a CT honeypot and show that data from CT logs is being used to identify targets for scanning campaigns only minutes after certificate issuance. We present and evaluate a methodology to learn and validate new subdomains from the vast number of domains extracted from CT logged certificates.
△ Less
Submitted 21 September, 2018;
originally announced September 2018.
-
Leveraging Secure Multiparty Computation in the Internet of Things
Authors:
Marcel von Maltitz,
Georg Carle
Abstract:
Centralized systems in the Internet of Things---be it local middleware or cloud-based services---fail to fundamentally address privacy of the collected data. We propose an architecture featuring secure multiparty computation at its core in order to realize data processing systems which already incorporate support for privacy protection in the architecture.
Centralized systems in the Internet of Things---be it local middleware or cloud-based services---fail to fundamentally address privacy of the collected data. We propose an architecture featuring secure multiparty computation at its core in order to realize data processing systems which already incorporate support for privacy protection in the architecture.
△ Less
Submitted 6 June, 2018;
originally announced June 2018.
-
Clusters in the Expanse: Understanding and Unbiasing IPv6 Hitlists
Authors:
Oliver Gasser,
Quirin Scheitle,
Pawel Foremski,
Qasim Lone,
Maciej Korczynski,
Stephen D. Strowes,
Luuk Hendriks,
Georg Carle
Abstract:
Network measurements are an important tool in understanding the Internet. Due to the expanse of the IPv6 address space, exhaustive scans as in IPv4 are not possible for IPv6. In recent years, several studies have proposed the use of target lists of IPv6 addresses, called IPv6 hitlists.
In this paper, we show that addresses in IPv6 hitlists are heavily clustered. We present novel techniques that…
▽ More
Network measurements are an important tool in understanding the Internet. Due to the expanse of the IPv6 address space, exhaustive scans as in IPv4 are not possible for IPv6. In recent years, several studies have proposed the use of target lists of IPv6 addresses, called IPv6 hitlists.
In this paper, we show that addresses in IPv6 hitlists are heavily clustered. We present novel techniques that allow IPv6 hitlists to be pushed from quantity to quality. We perform a longitudinal active measurement study over 6 months, targeting more than 50 M addresses. We develop a rigorous method to detect aliased prefixes, which identifies 1.5 % of our prefixes as aliased, pertaining to about half of our target addresses. Using entropy clustering, we group the entire hitlist into just 6 distinct addressing schemes. Furthermore, we perform client measurements by leveraging crowdsourcing.
To encourage reproducibility in network measurement research and to serve as a starting point for future IPv6 studies, we publish source code, analysis tools, and data.
△ Less
Submitted 28 September, 2018; v1 submitted 5 June, 2018;
originally announced June 2018.
-
Trustworthy Configuration Management for Networked Devices using Distributed Ledgers
Authors:
Holger Kinkelin,
Valentin Hauner,
Heiko Niedermayer,
Georg Carle
Abstract:
Numerous IoT applications, like building automation or process control of industrial sites, exist today. These applications inherently have a strong connection to the physical world. Hence, IT security threats cannot only cause problems like data leaks but also safety issues which might harm people. Attacks on IT systems are not only performed by outside attackers but also insiders like administra…
▽ More
Numerous IoT applications, like building automation or process control of industrial sites, exist today. These applications inherently have a strong connection to the physical world. Hence, IT security threats cannot only cause problems like data leaks but also safety issues which might harm people. Attacks on IT systems are not only performed by outside attackers but also insiders like administrators. For this reason, we present ongoing work on a configuration management system (CMS) that provides control over administrators, restrains their rights, and enforces separation of concerns. We reach this goal by conducting a configuration management process that requires multi-party authorization for critical configurations to achieve Byzantine fault tolerance against attacks and faults by administrators. Only after a configuration has been authorized by multiple experts, it is applied to the targeted devices. For the whole configuration management process, our CMS guarantees accountability and traceability. Lastly, our system is tamper-resistant as we leverage Hyperledger Fabric, which provides a distributed execution environment for our CMS and a blockchain-based distributed ledger that we use to store the configurations. A beneficial side effect of this approach is that our CMS is also suitable to manage configurations for infrastructure shared across different organizations that do not need to trust each other.
△ Less
Submitted 8 May, 2018; v1 submitted 13 April, 2018;
originally announced April 2018.
-
A Management Framework for Secure Multiparty Computation in Dynamic Environments
Authors:
Marcel von Maltitz,
Stefan Smarzly,
Holger Kinkelin,
Georg Carle
Abstract:
Secure multiparty computation (SMC) is a promising technology for privacy-preserving collaborative computation. In the last years several feasibility studies have shown its practical applicability in different fields. However, it is recognized that administration and management overhead of SMC solutions are still a problem. A vital next step is the incorporation of SMC in the emerging fields of th…
▽ More
Secure multiparty computation (SMC) is a promising technology for privacy-preserving collaborative computation. In the last years several feasibility studies have shown its practical applicability in different fields. However, it is recognized that administration and management overhead of SMC solutions are still a problem. A vital next step is the incorporation of SMC in the emerging fields of the Internet of Things and (smart) dynamic environments. In these settings, the properties of these contexts make utilization of SMC even more challenging since some of its vital premises regarding environmental stability and preliminary configuration are not initially fulfilled. We bridge this gap by providing FlexSMC, a management and orchestration framework for SMC which supports the discovery of nodes, supports a trust establishment between them and realizes robustness of SMC session by handling nodes failures and communication interruptions. The practical evaluation of FlexSMC shows that it enables the application of SMC in dynamic environments with reasonable performance penalties and computation durations allowing soft real-time and interactive use cases.
△ Less
Submitted 11 April, 2018;
originally announced April 2018.
-
A Performance and Resource Consumption Assessment of Secure Multiparty Computation
Authors:
Marcel von Maltitz,
Georg Carle
Abstract:
In recent years, secure multiparty computation (SMC) advanced from a theoretical technique to a practically applicable technology. Several frameworks were proposed of which some are still actively developed.
We perform a first comprehensive study of performance characteristics of SMC protocols using a promising implementation based on secret sharing, a common and state-of-the-art foundation. The…
▽ More
In recent years, secure multiparty computation (SMC) advanced from a theoretical technique to a practically applicable technology. Several frameworks were proposed of which some are still actively developed.
We perform a first comprehensive study of performance characteristics of SMC protocols using a promising implementation based on secret sharing, a common and state-of-the-art foundation. Therefor, we analyze its scalability with respect to environmental parameters as the number of peers, network properties -- namely transmission rate, packet loss, network latency -- and parallelization of computations as parameters and execution time, CPU cycles, memory consumption and amount of transmitted data as variables.
Our insights on the resource consumption show that such a solution is practically applicable in intranet environments and -- with limitations -- in Internet settings.
△ Less
Submitted 10 April, 2018;
originally announced April 2018.
-
Structure and Stability of Internet Top Lists
Authors:
Quirin Scheitle,
Jonas Jelten,
Oliver Hohlfeld,
Luca Ciprian,
Georg Carle
Abstract:
Active Internet measurement studies rely on a list of targets to be scanned. While probing the entire IPv4 address space is feasible for scans of limited complexity, more complex scans do not scale to measuring the full Internet. Thus, a sample of the Internet can be used instead, often in form of a "top list". The most widely used list is the Alexa Global Top1M list. Despite their prevalence, use…
▽ More
Active Internet measurement studies rely on a list of targets to be scanned. While probing the entire IPv4 address space is feasible for scans of limited complexity, more complex scans do not scale to measuring the full Internet. Thus, a sample of the Internet can be used instead, often in form of a "top list". The most widely used list is the Alexa Global Top1M list. Despite their prevalence, use of top lists is seldomly questioned. Little is known about their creation, representativity, potential biases, stability, or overlap between lists. As a result, potential consequences of applying top lists in research are not known. In this study, we aim to open the discussion on top lists by investigating the aptness of frequently used top lists for empirical Internet scans, including stability, correlation, and potential biases of such lists.
△ Less
Submitted 7 February, 2018;
originally announced February 2018.
-
Software Distribution Transparency and Auditability
Authors:
Benjamin Hof,
Georg Carle
Abstract:
A large user base relies on software updates provided through package managers. This provides a unique lever for improving the security of the software update process. We propose a transparency system for software updates and implement it for a widely deployed Linux package manager, namely APT. Our system is capable of detecting targeted backdoors without producing overhead for maintainers. In add…
▽ More
A large user base relies on software updates provided through package managers. This provides a unique lever for improving the security of the software update process. We propose a transparency system for software updates and implement it for a widely deployed Linux package manager, namely APT. Our system is capable of detecting targeted backdoors without producing overhead for maintainers. In addition, in our system, the availability of source code is ensured, the binding between source and binary code is verified using reproducible builds, and the maintainer responsible for distributing a specific package can be identified. We describe a novel "hidden version" attack against current software transparency systems and propose as well as integrate a suitable defense. To address equivocation attacks by the transparency log server, we introduce tree root cross logging, where the log's Merkle tree root is submitted into a separately operated log server. This significantly relaxes the inter-operator cooperation requirements compared to other systems. Our implementation is evaluated by replaying over 3000 updates of the Debian operating system over the course of two years, demonstrating its viability and identifying numerous irregularities.
△ Less
Submitted 20 November, 2017;
originally announced November 2017.