-
An Open-Source Experimentation Framework for the Edge Cloud Continuum
Authors:
Georgios Koukis,
Sotiris Skaperas,
Ioanna Angeliki Kapetanidou,
Vassilis Tsaoussidis,
Lefteris Mamatas
Abstract:
The CODECO Experimentation Framework is an open-source solution designed for the rapid experimentation of Kubernetes-based edge cloud deployments. It adopts a microservice-based architecture and introduces innovative abstractions for (i) the holistic deployment of Kubernetes clusters and associated applications, starting from the VM allocation level; (ii) declarative cross-layer experiment configu…
▽ More
The CODECO Experimentation Framework is an open-source solution designed for the rapid experimentation of Kubernetes-based edge cloud deployments. It adopts a microservice-based architecture and introduces innovative abstractions for (i) the holistic deployment of Kubernetes clusters and associated applications, starting from the VM allocation level; (ii) declarative cross-layer experiment configuration; and (iii) automation features covering the entire experimental process, from the configuration up to the results visualization. We present proof-of-concept results that demonstrate the above capabilities in three distinct contexts: (i) a comparative evaluation of various network fabrics across different edge-oriented Kubernetes distributions; (ii) the automated deployment of EdgeNet, which is a complex edge cloud orchestration system; and (iii) an assessment of anomaly detection (AD) workflows tailored for edge environments.
△ Less
Submitted 16 March, 2024;
originally announced March 2024.
-
ClusterSlice: A Zero-touch Deployment Platform for the Edge Cloud Continuum
Authors:
Lefteris Mamatas,
Sotiris Skaperas,
Ilias Sakellariou
Abstract:
We demonstrate ClusterSlice, an open-source solution for automated Kubernetes-center deployments for the edge continuum. ClusterSlice is an infrastructure-as-a-service, platform-as-a-service, and application-as-a-service solution, supporting: (i) declarative deployment slice definitions; (ii) infrastructure-on-demand capabilities over multiple heterogeneous domains; (iii) composable Kubernetes dep…
▽ More
We demonstrate ClusterSlice, an open-source solution for automated Kubernetes-center deployments for the edge continuum. ClusterSlice is an infrastructure-as-a-service, platform-as-a-service, and application-as-a-service solution, supporting: (i) declarative deployment slice definitions; (ii) infrastructure-on-demand capabilities over multiple heterogeneous domains; (iii) composable Kubernetes deployments, supporting multi-clustering as well as various Kubernetes flavors and intra-cluster/inter-cluster network plugins; (iv) configurable application deployment; and (v) experimentation automation.
△ Less
Submitted 16 March, 2024;
originally announced March 2024.
-
A Pragmatical Approach to Anomaly Detection Evaluation in Edge Cloud Systems
Authors:
Sotiris Skaperas,
George Koukis,
Ioanna Angeliki Kapetanidou,
Vassilis Tsaoussidis,
Lefteris Mamatas
Abstract:
Anomaly detection (AD) has been recently employed in the context of edge cloud computing, e.g., for intrusion detection and identification of performance issues. However, state-of-the-art anomaly detection procedures do not systematically consider restrictions and performance requirements inherent to the edge, such as system responsiveness and resource consumption. In this paper, we attempt to inv…
▽ More
Anomaly detection (AD) has been recently employed in the context of edge cloud computing, e.g., for intrusion detection and identification of performance issues. However, state-of-the-art anomaly detection procedures do not systematically consider restrictions and performance requirements inherent to the edge, such as system responsiveness and resource consumption. In this paper, we attempt to investigate the performance of change-point based detectors, i.e., a class of lightweight and accurate AD methods, in relation to the requirements of edge cloud systems. Firstly, we review the theoretical properties of two major categories of change point approaches, i.e., Bayesian and cumulative sum (CUSUM), also discussing their suitability for edge systems. Secondly, we introduce a novel experimental methodology and apply it over two distinct edge cloud test-beds to evaluate the performance of such mechanisms in real-world edge environments. Our experimental results reveal important insights and trade-offs for the applicability and the online performance of the selected change point detectors.
△ Less
Submitted 15 January, 2024;
originally announced January 2024.
-
Performance Evaluation of Kubernetes Networking Approaches across Constraint Edge Environments
Authors:
Georgios Koukis,
Sotiris Skaperas,
Ioanna Angeliki Kapetanidou,
Lefteris Mamatas,
Vassilis Tsaoussidis
Abstract:
Kubernetes (K8s) serves as a mature orchestration system for the seamless deployment and management of containerized applications spanning across cloud and edge environments. Since high-performance connectivity and minimal resource utilization become critical factors as we approach the edge, evaluating the performance of K8s networking in this context is essential. This paper contributes to this e…
▽ More
Kubernetes (K8s) serves as a mature orchestration system for the seamless deployment and management of containerized applications spanning across cloud and edge environments. Since high-performance connectivity and minimal resource utilization become critical factors as we approach the edge, evaluating the performance of K8s networking in this context is essential. This paper contributes to this effort, by conducting a qualitative and quantitative performance evaluation of diverse Container Network Interface (CNI) plugins within different K8s environments, incorporating lightweight implementations designed for the Edge. Our experimental assessment was conducted in two distinct (intra- and inter-host) scenarios, revealing interesting insights for both researchers and practitioners. For example, the deployment of plugins across lightweight distributions does not necessarily lead to resource utilization improvements, e.g., in terms of CPU/memory or throughput.
△ Less
Submitted 15 January, 2024;
originally announced January 2024.
-
Smart Channel State Information Pre-processing for Joint Authentication and Secret Key Distillation
Authors:
Muralikrishnan Srinivasan,
Sotiris Skaperas,
Arsenia Chorti,
Mahdi Shakiba Herfeh,
Muhammad K. Shehzad,
Philippe Sehier
Abstract:
While the literature on RF fingerprinting-based authentication and key distillation is vast, the two topics have customarily been studied separately. In this paper, starting from the observation that the wireless channel is a composite, deterministic / stochastic process, we propose a power domain decomposition that allows performing the two tasks simultaneously. We devise intelligent pre-processi…
▽ More
While the literature on RF fingerprinting-based authentication and key distillation is vast, the two topics have customarily been studied separately. In this paper, starting from the observation that the wireless channel is a composite, deterministic / stochastic process, we propose a power domain decomposition that allows performing the two tasks simultaneously. We devise intelligent pre-processing schemes to decompose channel state information (CSI) observation vectors into "predictable" and "unpredictable" components. The former, primarily due to large-scale fading, can be used for node authentication through RF fingerprinting. The latter, primarily due to small-scale fading, could be used for semantically secure secret key generation (SKG). To perform the decomposition, we propose: (i) a fingerprint "separability" criterion, expressed through the maximisation of the total variation distance between the empirical fingerprint measures; (ii) a statistical independence metric for observations collected at different users, expressed through a normalised version of the $d$-dimensional Hilbert Schmidt independence criterion (dHSIC) test statistic. We propose both explicit implementations, using principal component analysis (PCA) and kernel PCA and black-box, unsupervised learning, using autoencoders. Our experiments on synthetic and real CSI datasets showcase that the incorporation of RF fingerprinting and SKG, with explicit security guarantees, is tangible in future generations of wireless.
△ Less
Submitted 1 June, 2022;
originally announced June 2022.
-
On the Use of CSI for the Generation of RF Fingerprints and Secret Keys
Authors:
Muralikrishnan Srinivasan,
Sotiris Skaperas,
Arsenia Chorti
Abstract:
This paper presents a systematic approach to use channel state information for authentication and secret key distillation for physical layer security (PLS). We use popular machine learning (ML) methods and signal processing-based approaches to disentangle the large scale fading and be used as a source of uniqueness, from the small scale fading, to be treated as a source of shared entropy secret ke…
▽ More
This paper presents a systematic approach to use channel state information for authentication and secret key distillation for physical layer security (PLS). We use popular machine learning (ML) methods and signal processing-based approaches to disentangle the large scale fading and be used as a source of uniqueness, from the small scale fading, to be treated as a source of shared entropy secret key generation (SKG). The ML-based approaches are completely unsupervised and hence avoid exhaustive measurement campaigns. We also propose using the Hilbert Schmidt independence criterion (HSIC); our simulation results demonstrate that the extracted stochastic part of the channel state information (CSI) vectors are statistically independent.
△ Less
Submitted 28 October, 2021;
originally announced October 2021.
-
Denial of Service Attacks Detection in Software-Defined Wireless Sensor Networks
Authors:
Gustavo A. Nunez Segura,
Sotiris Skaperas,
Arsenia Chorti,
Lefteris Mamatas,
Cintia Borges Margi
Abstract:
Software-defined networking (SDN) is a promising technology to overcome many challenges in wireless sensor networks (WSN), particularly with respect to flexibility and reuse. Conversely, the centralization and the planes' separation turn SDNs vulnerable to new security threats in the general context of distributed denial of service (DDoS) attacks. State-of-the-art approaches to identify DDoS do no…
▽ More
Software-defined networking (SDN) is a promising technology to overcome many challenges in wireless sensor networks (WSN), particularly with respect to flexibility and reuse. Conversely, the centralization and the planes' separation turn SDNs vulnerable to new security threats in the general context of distributed denial of service (DDoS) attacks. State-of-the-art approaches to identify DDoS do not always take into consideration restrictions in typical WSNs e.g., computational complexity and power constraints, while further performance improvement is always a target. The objective of this work is to propose a lightweight but very efficient DDoS attack detection approach using change point analysis. Our approach has a high detection rate and linear complexity, so that it is suitable for WSNs. We demonstrate the performance of our detector in software-defined WSNs of 36 and 100 nodes with varying attack intensity (the number of attackers ranges from 5% to 20% of nodes). We use change point detectors to monitor anomalies in two metrics: the data packets delivery rate and the control packets overhead. Our results show that with increasing intensity of attack, our approach can achieve a detection rate close to100% and that the type of attack can also be inferred.
△ Less
Submitted 26 March, 2020;
originally announced March 2020.