Pub Date : 2003-11-04DOI: 10.1109/ICNP.2003.1249783
M. Narasimha, G. Tsudik, J. Yi
Peer-to-peer systems enable efficient resource aggregation and are inherently scalable since they do not depend on any centralized authority. However, lack of a centralized authority prompts many security-related challenges. Providing efficient security services in these systems is an active research topic which is receiving much attention in the security research community. In this paper, we explore the use of threshold cryptography in peer-to-peer settings (both Internet- and MANET-based) to provide, in a robust and fault tolerant fashion, security services such as authentication, certificate issuance and access control. Threshold cryptography provides high availability by distributing trust throughout the group and is, therefore, an attractive solution for secure peer-groups. Our work investigates the applicability of threshold cryptography for membership control in peer-to-peer systems. In the process, we discover that one interesting proposed scheme contains an unfortunate (yet serious) flaw. We then present an alternative solution and its performance measurements. More importantly, our preliminary work casts a certain degree of skepticism on the practicality and even viability of using (seemingly attractive) threshold cryptography in certain peer-to-peer settings.
{"title":"On the utility of distributed cryptography in P2P and MANETs: the case of membership control","authors":"M. Narasimha, G. Tsudik, J. Yi","doi":"10.1109/ICNP.2003.1249783","DOIUrl":"https://doi.org/10.1109/ICNP.2003.1249783","url":null,"abstract":"Peer-to-peer systems enable efficient resource aggregation and are inherently scalable since they do not depend on any centralized authority. However, lack of a centralized authority prompts many security-related challenges. Providing efficient security services in these systems is an active research topic which is receiving much attention in the security research community. In this paper, we explore the use of threshold cryptography in peer-to-peer settings (both Internet- and MANET-based) to provide, in a robust and fault tolerant fashion, security services such as authentication, certificate issuance and access control. Threshold cryptography provides high availability by distributing trust throughout the group and is, therefore, an attractive solution for secure peer-groups. Our work investigates the applicability of threshold cryptography for membership control in peer-to-peer systems. In the process, we discover that one interesting proposed scheme contains an unfortunate (yet serious) flaw. We then present an alternative solution and its performance measurements. More importantly, our preliminary work casts a certain degree of skepticism on the practicality and even viability of using (seemingly attractive) threshold cryptography in certain peer-to-peer settings.","PeriodicalId":179873,"journal":{"name":"11th IEEE International Conference on Network Protocols, 2003. Proceedings.","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2003-11-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124938935","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2003-11-04DOI: 10.1109/ICNP.2003.1249763
Prashanth Pappu, J. Turner
Practical crossbar scheduling algorithms for CIOQ switches such as PIM and i-SLIP, can perform poorly under extreme traffic conditions, frequently failing to be work-conserving. The common practice of evaluating crossbar scheduling algorithms according to the packet delay under random admissible traffic tends to obscure significant differences that affect the robustness of different algorithms when exposed to extreme conditions. On the other hand, algorithms such as LOOFA with provably good worst-case performance, don't lend themselves readily to high performance implementation. We advocate evaluating crossbar scheduling algorithms using targeted stress tests which seek to probe the performance boundaries of competing alternatives. Appropriately designed stress tests can reveal key-differences among algorithms and can provide the insight needed to spur the development of better solutions. In this paper, we introduce the use of stress testing for crossbar scheduling and use it to evaluate the performance of PIM, i-SLIP and LOOFA. Our results show that PlM and i-SLIP need large speedups in order to perform well on stress tests, while LOOFA can deliver excellent performance, even for speedups less than 1.5. We then develop improved versions of PIM and i-SLIP, which take output queue lengths into account, making them much more robust. We also develop an algorithm which closely approximates the behavior (and performance) of LOOFA, but which admits a straightforward, high performance hardware implementation.
{"title":"Stress resistant scheduling algorithms for CIOQ switches","authors":"Prashanth Pappu, J. Turner","doi":"10.1109/ICNP.2003.1249763","DOIUrl":"https://doi.org/10.1109/ICNP.2003.1249763","url":null,"abstract":"Practical crossbar scheduling algorithms for CIOQ switches such as PIM and i-SLIP, can perform poorly under extreme traffic conditions, frequently failing to be work-conserving. The common practice of evaluating crossbar scheduling algorithms according to the packet delay under random admissible traffic tends to obscure significant differences that affect the robustness of different algorithms when exposed to extreme conditions. On the other hand, algorithms such as LOOFA with provably good worst-case performance, don't lend themselves readily to high performance implementation. We advocate evaluating crossbar scheduling algorithms using targeted stress tests which seek to probe the performance boundaries of competing alternatives. Appropriately designed stress tests can reveal key-differences among algorithms and can provide the insight needed to spur the development of better solutions. In this paper, we introduce the use of stress testing for crossbar scheduling and use it to evaluate the performance of PIM, i-SLIP and LOOFA. Our results show that PlM and i-SLIP need large speedups in order to perform well on stress tests, while LOOFA can deliver excellent performance, even for speedups less than 1.5. We then develop improved versions of PIM and i-SLIP, which take output queue lengths into account, making them much more robust. We also develop an algorithm which closely approximates the behavior (and performance) of LOOFA, but which admits a straightforward, high performance hardware implementation.","PeriodicalId":179873,"journal":{"name":"11th IEEE International Conference on Network Protocols, 2003. Proceedings.","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2003-11-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124981785","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2003-11-04DOI: 10.1109/ICNP.2003.1249773
Zihui Ge, P. Ji, J. Kurose, D. Towsley
The publish/subscribe (pub/sub) paradigm provides content-oriented data dissemination in which communication channels are established between content publishers and content subscribers based on a matching of subscribers interest in the published content provided - a process we refer to as "matchmaking". Once an interest match has been made, content forwarding state can be installed at intermediate nodes (e.g., active routers, application-level relay nodes) on the path between a content provider and an interested subscriber. In dynamic pub/sub applications, where published content and subscriber interest change frequently the signaling overhead needed to perform matchmaking can be a significant overhead. We first formalize the matchmaking process as an optimization problem, with the goal of minimizing the amount of matchmaking signaling messages. We consider this problem for both shared and per-source multicast data (content) distribution topologies. We characterize the fundamental complexity of the problem, and then describe several efficient solution approaches. The insights gained through our analysis are then embodied in a novel active matchmaker signaling protocol (AMSP). AMSP dynamically adapts to applications' changing publication and subscription requests through a link-marking approach. We simulate AMSP and two existing broadcast-based approaches for conducting matchmaking, and find that AMSP significantly reduces signaling overhead.
{"title":"Matchmaker: signaling for dynamic publish/subscribe applications","authors":"Zihui Ge, P. Ji, J. Kurose, D. Towsley","doi":"10.1109/ICNP.2003.1249773","DOIUrl":"https://doi.org/10.1109/ICNP.2003.1249773","url":null,"abstract":"The publish/subscribe (pub/sub) paradigm provides content-oriented data dissemination in which communication channels are established between content publishers and content subscribers based on a matching of subscribers interest in the published content provided - a process we refer to as \"matchmaking\". Once an interest match has been made, content forwarding state can be installed at intermediate nodes (e.g., active routers, application-level relay nodes) on the path between a content provider and an interested subscriber. In dynamic pub/sub applications, where published content and subscriber interest change frequently the signaling overhead needed to perform matchmaking can be a significant overhead. We first formalize the matchmaking process as an optimization problem, with the goal of minimizing the amount of matchmaking signaling messages. We consider this problem for both shared and per-source multicast data (content) distribution topologies. We characterize the fundamental complexity of the problem, and then describe several efficient solution approaches. The insights gained through our analysis are then embodied in a novel active matchmaker signaling protocol (AMSP). AMSP dynamically adapts to applications' changing publication and subscription requests through a link-marking approach. We simulate AMSP and two existing broadcast-based approaches for conducting matchmaking, and find that AMSP significantly reduces signaling overhead.","PeriodicalId":179873,"journal":{"name":"11th IEEE International Conference on Network Protocols, 2003. Proceedings.","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2003-11-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129686681","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2003-11-04DOI: 10.1109/ICNP.2003.1249780
Wensheng Zhang, G. Cao, T. L. Porta
In current sensor networks, sensor nodes are capable of not only measuring real world phenomena, but also storing, processing and transferring these measurements. Many data dissemination techniques have been proposed for sensor networks. However, these techniques may not work well in a large scale sensor network where a huge amount of sensing data are generated, but only a small portion of them are queried. In this paper, we propose an index-based data dissemination scheme to address the problem. This scheme is based on the idea that sensing data are collected, processed and stored at the nodes close to the detecting nodes, and the location information of these storing nodes is pushed to some index nodes, which act as the rendezvous points for sinks and sources. We further extend the scheme with an adaptive ring-based index (ARI) technique, in which the index nodes for one event type form a ring surrounding the location which is determined by the event type, and the ring can be dynamically reconfigured for fault tolerance and load balance. Analysis and simulations are conducted to evaluate the performance of the proposed index-based scheme. The results show that the index-based scheme outperforms the external storage-based scheme, the DCS scheme, and the local storage-based schemes with flood-response style. The results also show that using ARI can tolerate clustering failures and achieve load balance.
{"title":"Data dissemination with ring-based index for wireless sensor networks","authors":"Wensheng Zhang, G. Cao, T. L. Porta","doi":"10.1109/ICNP.2003.1249780","DOIUrl":"https://doi.org/10.1109/ICNP.2003.1249780","url":null,"abstract":"In current sensor networks, sensor nodes are capable of not only measuring real world phenomena, but also storing, processing and transferring these measurements. Many data dissemination techniques have been proposed for sensor networks. However, these techniques may not work well in a large scale sensor network where a huge amount of sensing data are generated, but only a small portion of them are queried. In this paper, we propose an index-based data dissemination scheme to address the problem. This scheme is based on the idea that sensing data are collected, processed and stored at the nodes close to the detecting nodes, and the location information of these storing nodes is pushed to some index nodes, which act as the rendezvous points for sinks and sources. We further extend the scheme with an adaptive ring-based index (ARI) technique, in which the index nodes for one event type form a ring surrounding the location which is determined by the event type, and the ring can be dynamically reconfigured for fault tolerance and load balance. Analysis and simulations are conducted to evaluate the performance of the proposed index-based scheme. The results show that the index-based scheme outperforms the external storage-based scheme, the DCS scheme, and the local storage-based schemes with flood-response style. The results also show that using ARI can tolerate clustering failures and achieve load balance.","PeriodicalId":179873,"journal":{"name":"11th IEEE International Conference on Network Protocols, 2003. Proceedings.","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2003-11-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128503561","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2003-11-04DOI: 10.1109/ICNP.2003.1249765
Swaminathan Sundaramurthy, E. Belding-Royer
Mobile ad hoc networks are autonomous self-organized networks in which each node relies on the other nodes in the network to perform routing on its behalf. Proper functioning of the network is dependent on participation and cooperation of the nodes in routing and packet forwarding. Unfortunately, providing these services may not be in the best interest of a mobile node, since it results in the depletion of the node's resources. Selfish behavior by a node may result in degraded network performance due to denial of service, decrease in network throughput and partitioning of the network. Because it is in a node's interest to not forward traffic, nodes should be given some form of incentive for the services they provide. In this paper, we address the problem of selfishness in mobile ad hoc networks by proposing a protocol called AD-MIX that encourages participation. AD-MIX discourages selfishness by concealing the true destination of packets from intermediate nodes along the path, forcing a node to participate or risk dropping packets destined for itself. Simulation results show that employing AD-MIX encourages participation without a significant increase in overhead. In addition to encouraging participation, AD-MIX also facilitates anonymization and secure communication between nodes.
{"title":"The AD-MIX protocol for encouraging participation in mobile ad hoc networks","authors":"Swaminathan Sundaramurthy, E. Belding-Royer","doi":"10.1109/ICNP.2003.1249765","DOIUrl":"https://doi.org/10.1109/ICNP.2003.1249765","url":null,"abstract":"Mobile ad hoc networks are autonomous self-organized networks in which each node relies on the other nodes in the network to perform routing on its behalf. Proper functioning of the network is dependent on participation and cooperation of the nodes in routing and packet forwarding. Unfortunately, providing these services may not be in the best interest of a mobile node, since it results in the depletion of the node's resources. Selfish behavior by a node may result in degraded network performance due to denial of service, decrease in network throughput and partitioning of the network. Because it is in a node's interest to not forward traffic, nodes should be given some form of incentive for the services they provide. In this paper, we address the problem of selfishness in mobile ad hoc networks by proposing a protocol called AD-MIX that encourages participation. AD-MIX discourages selfishness by concealing the true destination of packets from intermediate nodes along the path, forcing a node to participate or risk dropping packets destined for itself. Simulation results show that employing AD-MIX encourages participation without a significant increase in overhead. In addition to encouraging participation, AD-MIX also facilitates anonymization and secure communication between nodes.","PeriodicalId":179873,"journal":{"name":"11th IEEE International Conference on Network Protocols, 2003. Proceedings.","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2003-11-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126373952","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2003-11-04DOI: 10.1109/ICNP.2003.1249762
Edward W. Spitznagel, David E. Taylor, J. Turner
CAMs are the most popular practical method for implementing packet classification in high performance routers. Their principal drawbacks are high power consumption and inefficient representation of filters with port ranges. A recent paper [Narlikar, et al., 2003] showed how partitioned TCAMs could be used to implement IP route lookup with dramatically lower power consumption. We extend the ideas in [Narlikar, et al., 2003] to address the more challenging problem of general packet classification. We describe two extensions to the standard TCAM architecture. The first organizes the TCAM as a two level hierarchy in which an index block is used to enable/disable the querying of the main storage blocks. The second incorporates circuits for range comparisons directly within the TCAM memory array. Extended TCAMs can deliver high performance (100 million lookups per second) for large filter sets (100,000 filters), while reducing power consumption by a factor of ten and improving space efficiency by a factor of three.
在高性能路由器中,CAMs是实现分组分类最常用的实用方法。它们的主要缺点是高功耗和端口范围滤波器的低效表示。最近的一篇论文[Narlikar, et al., 2003]展示了如何使用分区tcam来实现IP路由查找,同时显著降低功耗。我们扩展了[Narlikar, et ., 2003]中的思想,以解决更具有挑战性的一般数据包分类问题。我们描述了标准TCAM体系结构的两个扩展。第一个将TCAM组织为一个两级层次结构,其中索引块用于启用/禁用对主存储块的查询。第二种包括直接在TCAM存储器阵列内进行范围比较的电路。扩展tcam可以为大型滤波器集(100,000个滤波器)提供高性能(每秒1亿次查找),同时将功耗降低10倍,并将空间效率提高3倍。
{"title":"Packet classification using extended TCAMs","authors":"Edward W. Spitznagel, David E. Taylor, J. Turner","doi":"10.1109/ICNP.2003.1249762","DOIUrl":"https://doi.org/10.1109/ICNP.2003.1249762","url":null,"abstract":"CAMs are the most popular practical method for implementing packet classification in high performance routers. Their principal drawbacks are high power consumption and inefficient representation of filters with port ranges. A recent paper [Narlikar, et al., 2003] showed how partitioned TCAMs could be used to implement IP route lookup with dramatically lower power consumption. We extend the ideas in [Narlikar, et al., 2003] to address the more challenging problem of general packet classification. We describe two extensions to the standard TCAM architecture. The first organizes the TCAM as a two level hierarchy in which an index block is used to enable/disable the querying of the main storage blocks. The second incorporates circuits for range comparisons directly within the TCAM memory array. Extended TCAMs can deliver high performance (100 million lookups per second) for large filter sets (100,000 filters), while reducing power consumption by a factor of ten and improving space efficiency by a factor of three.","PeriodicalId":179873,"journal":{"name":"11th IEEE International Conference on Network Protocols, 2003. Proceedings.","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2003-11-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131621999","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2003-11-04DOI: 10.1109/ICNP.2003.1249781
Guiling Wang, G. Cao, T. L. Porta
In some harsh environments, manually deploying sensors is impossible. Alternative methods may lead to imprecise placement resulting in coverage holes. To provide the required high coverage in these situations, we propose to deploy sensor networks composed of a mixture of mobile and static sensors in which mobile sensors can move from dense areas to sparse areas to improve the overall coverage. This paper presents a bidding protocol to assist the movement of mobile sensors. In the protocol, static sensors detect coverage holes locally by using Voronoi diagrams, and bid for mobile sensors based on the size of the detected hole. Mobile sensors choose coverage holes to heal based on the bid. Simulation results show that our algorithm provides suitable tradeoff between coverage and sensor cost.
{"title":"A bidding protocol for deploying mobile sensors","authors":"Guiling Wang, G. Cao, T. L. Porta","doi":"10.1109/ICNP.2003.1249781","DOIUrl":"https://doi.org/10.1109/ICNP.2003.1249781","url":null,"abstract":"In some harsh environments, manually deploying sensors is impossible. Alternative methods may lead to imprecise placement resulting in coverage holes. To provide the required high coverage in these situations, we propose to deploy sensor networks composed of a mixture of mobile and static sensors in which mobile sensors can move from dense areas to sparse areas to improve the overall coverage. This paper presents a bidding protocol to assist the movement of mobile sensors. In the protocol, static sensors detect coverage holes locally by using Voronoi diagrams, and bid for mobile sensors based on the size of the detected hole. Mobile sensors choose coverage holes to heal based on the bid. Simulation results show that our algorithm provides suitable tradeoff between coverage and sensor cost.","PeriodicalId":179873,"journal":{"name":"11th IEEE International Conference on Network Protocols, 2003. Proceedings.","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2003-11-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122335208","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2003-11-04DOI: 10.1109/ICNP.2003.1249774
A. Bradley, Azer Bestavros, A. Kfoury
Formal correctness of complex multi-party protocols can be difficult to verify. While models of specific sign constraints, protocols which lend themselves to arbitrarily many compositions of agents -such as the chaining of proxies or the peering of routers- are more difficult to verify because they represent potentially infinite state spaces and may exhibit emergent behaviors which may not materialize under particular fixed compositions. We address this challenge by developing an algebraic approach that enables us to reduce arbitrary compositions of network agents into a behaviorally-equivalent (with respect to some correctness property) compact, conical representation, which is amenable to mechanical verification. Our approach consists of an algebra and a set of property-preserving rewrite rules for the canonical homomorphic abstraction of infinite network protocol composition (CHAIN). Using CHAIN, an expression over our algebra (i.e., a set of configurations of network protocol agents) can be reduced to another behaviorally-equivalent expression (i.e., a smaller set of configurations). Repeated applications of such rewrite rules produce a canonical expression which can be checked mechanically. We demonstrate our approach by characterizing deadlock-prone configurations of HTTP agents, as well as establishing useful properties of an overlay protocol for scheduling MPEG frames, and of a protocol for Web intracache consistency.
{"title":"Systematic verification of safety properties of arbitrary network protocol compositions using CHAIN","authors":"A. Bradley, Azer Bestavros, A. Kfoury","doi":"10.1109/ICNP.2003.1249774","DOIUrl":"https://doi.org/10.1109/ICNP.2003.1249774","url":null,"abstract":"Formal correctness of complex multi-party protocols can be difficult to verify. While models of specific sign constraints, protocols which lend themselves to arbitrarily many compositions of agents -such as the chaining of proxies or the peering of routers- are more difficult to verify because they represent potentially infinite state spaces and may exhibit emergent behaviors which may not materialize under particular fixed compositions. We address this challenge by developing an algebraic approach that enables us to reduce arbitrary compositions of network agents into a behaviorally-equivalent (with respect to some correctness property) compact, conical representation, which is amenable to mechanical verification. Our approach consists of an algebra and a set of property-preserving rewrite rules for the canonical homomorphic abstraction of infinite network protocol composition (CHAIN). Using CHAIN, an expression over our algebra (i.e., a set of configurations of network protocol agents) can be reduced to another behaviorally-equivalent expression (i.e., a smaller set of configurations). Repeated applications of such rewrite rules produce a canonical expression which can be checked mechanically. We demonstrate our approach by characterizing deadlock-prone configurations of HTTP agents, as well as establishing useful properties of an overlay protocol for scheduling MPEG frames, and of a protocol for Web intracache consistency.","PeriodicalId":179873,"journal":{"name":"11th IEEE International Conference on Network Protocols, 2003. Proceedings.","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2003-11-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129582054","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2003-11-04DOI: 10.1109/ICNP.2003.1249771
A. Shaikh, Dongmei Wang, Guangzhi Li, J. Yates, C. Kalmanek
Multiple addresses within an OSPF area can be aggregated and advertised together to other areas. This process is known as address aggregation and is used to reduce router computational overheads and memory requirements and to reduce the network bandwidth consumed by OSPF messages. The downside of address aggregation is that it leads to information loss and consequently sub-optimal (non-shortest path) routing of data packets. The resulting difference (path selection error) between the length of the actual forwarding path and the shortest path varies between different sources and destinations. This paper proves that the path selection error from any source to any destination can be bounded using only parameters describing the destination area. Based on this, the paper presents an efficient algorithm that generates the minimum number of aggregates subject to a maximum allowed path selection error. A major operational benefit of our algorithm is that network administrators can select aggregates for an area based solely on the topology of the area without worrying about remaining areas of the OSPF network. The other benefit is that the algorithm enables trade-offs between the number of aggregates and the bound on the path selection error. The paper also evaluates the algorithm's performance on random topologies. Our results show that in some cases, the algorithm is capable of reducing the number of aggregates by as much as 50% with only a relatively small introduction of maximum path selection error.
{"title":"An efficient algorithm for OSPF subnet aggregation","authors":"A. Shaikh, Dongmei Wang, Guangzhi Li, J. Yates, C. Kalmanek","doi":"10.1109/ICNP.2003.1249771","DOIUrl":"https://doi.org/10.1109/ICNP.2003.1249771","url":null,"abstract":"Multiple addresses within an OSPF area can be aggregated and advertised together to other areas. This process is known as address aggregation and is used to reduce router computational overheads and memory requirements and to reduce the network bandwidth consumed by OSPF messages. The downside of address aggregation is that it leads to information loss and consequently sub-optimal (non-shortest path) routing of data packets. The resulting difference (path selection error) between the length of the actual forwarding path and the shortest path varies between different sources and destinations. This paper proves that the path selection error from any source to any destination can be bounded using only parameters describing the destination area. Based on this, the paper presents an efficient algorithm that generates the minimum number of aggregates subject to a maximum allowed path selection error. A major operational benefit of our algorithm is that network administrators can select aggregates for an area based solely on the topology of the area without worrying about remaining areas of the OSPF network. The other benefit is that the algorithm enables trade-offs between the number of aggregates and the bound on the path selection error. The paper also evaluates the algorithm's performance on random topologies. Our results show that in some cases, the algorithm is capable of reducing the number of aggregates by as much as 50% with only a relatively small introduction of maximum path selection error.","PeriodicalId":179873,"journal":{"name":"11th IEEE International Conference on Network Protocols, 2003. Proceedings.","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2003-11-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129717245","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2003-11-04DOI: 10.1109/ICNP.2003.1249782
Sencun Zhu, Shouhuai Xu, Sanjeev Setia, S. Jajodia
A prerequisite for a secure communication between two nodes in an ad hoc network is that the nodes share a key to bootstrap their trust relationship. In this paper, we present a scalable and distributed protocol that enables two nodes to establish a pairwise shared key on the fly, without requiring the use of any on-line key distribution center. The design of our protocol is based on a novel combination of two techniques - probabilistic key sharing and threshold secret sharing. Our protocol is scalable since every node only needs to possess a small number of keys, independent of the network size, and it is computationally efficient because it only relies on symmetric key cryptography based operations. We show that a pairwise key established between two nodes using our protocol is secure against a collusion attack by up to a certain number of compromised nodes. We also show through a set of simulations that our protocol can be parameterized to meet the desired levels of performance, security and storage for the application under consideration.
{"title":"Establishing pairwise keys for secure communication in ad hoc networks: a probabilistic approach","authors":"Sencun Zhu, Shouhuai Xu, Sanjeev Setia, S. Jajodia","doi":"10.1109/ICNP.2003.1249782","DOIUrl":"https://doi.org/10.1109/ICNP.2003.1249782","url":null,"abstract":"A prerequisite for a secure communication between two nodes in an ad hoc network is that the nodes share a key to bootstrap their trust relationship. In this paper, we present a scalable and distributed protocol that enables two nodes to establish a pairwise shared key on the fly, without requiring the use of any on-line key distribution center. The design of our protocol is based on a novel combination of two techniques - probabilistic key sharing and threshold secret sharing. Our protocol is scalable since every node only needs to possess a small number of keys, independent of the network size, and it is computationally efficient because it only relies on symmetric key cryptography based operations. We show that a pairwise key established between two nodes using our protocol is secure against a collusion attack by up to a certain number of compromised nodes. We also show through a set of simulations that our protocol can be parameterized to meet the desired levels of performance, security and storage for the application under consideration.","PeriodicalId":179873,"journal":{"name":"11th IEEE International Conference on Network Protocols, 2003. Proceedings.","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2003-11-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121397328","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: