Computer Networks最新文献

Modern network services increasingly depend on the effective orchestration of the Service Function Chain (SFC) with stringent end-to-end delay guarantees. To achieve this, the Delay-Constrained Service Function Chain Placement and Routing (DC-SFCPR) problem must be addressed. This problem involves the optimal selection of nodes for placing network functions and routes that adhere to a specific sequence of service functions, to minimize network bandwidth and CPU costs while strictly adhering to stringent end-to-end delay constraints. The DC-SFCPR problem is NP-hard and existing algorithms either fail to guarantee strict delay constraints or are computationally expensive, making them unsuitable for expanding network topologies. We propose the LPulse algorithm, designed to efficiently solve the DC-SFCPR problem. This algorithm utilizes a layered graph to embed the requirements of service functions, transforming the DC-SFCPR problem into a Delay-Constrained Shortest Path (DCSP) problem. The LPulse algorithm then applies Pulse, a depth-first search framework enhanced with efficient pruning strategies, and incorporates two novel acceleration strategies to solve the DCSP problem. We prove that LPulse ensures the optimality of solutions. Evaluations conducted across various topologies, with node scales ranging from 22 to 10,000, show that LPulse surpasses existing algorithms in both solution quality and speed. For instance, the number of cases meeting strict delay constraints with LPulse is $1.9\times$ that of those solved by deep reinforcement learning algorithms; furthermore, its solving efficiency is $4.9\times$ that of the highest-performing existing optimal algorithm, the LagrangianKsp algorithm.

Quantum cryptography promises information theoretic security of several cryptographic primitives. Most of the proposed security proofs work in an ideal communication scenario where all messages are correctly delivered after the first attempt. However, real networks are subject to message losses and require retransmissions to cope with them. While the latter is hardly ever a problem in classical cryptography, with quantum communication copy-and-retransmit could be impossible due to the famous no-cloning theorem. In this work, we analyze some quantum cryptoschemes such as public-key encryption, authentication and quantum money, assuming that quantum messages may be lost as they travel through the communication medium. Although all these schemes are theoretically secure, we show that this degree of realism renders some protocols insecure or impractical, while others are completely unaffected. When possible, we provide mitigations such as teleportation or protocol modifications to circumvent these challenges.

This paper studies a dynamic reconfigurable intelligent surface (RIS)-assisted broadcast communication system where a transmitter broadcasts information to multiple receivers with time-varying locations via a RIS. The goal is to minimize the maximum bit error rate (BER) at the receivers by optimizing RIS phase shifts, subject to a given discrete phase shift constraint. Unlike most existing works where channel state information (CSI) is required, only location information of the receivers is needed in our work, due to the great challenge of instantaneous CSI estimation in RIS-assisted communications and the reason that statistical CSI does not apply to the dynamic scenario. The involved optimization problem is hard to tackle, because the BERs at the receivers cannot be calculated by classical CSI-dependent analytical expressions for lack of CSI and exhaustive searching is computationally prohibitive to achieve the optimal discrete phase shifts. To address this issue, a deep reinforcement learning (DRL) approach is proposed to solve the problem by reformulating the optimization problem as a Markov decision process (MDP), where the BERs are measured by the Monte Carlo method. Furthermore, to tackle the issue of the high-dimensional action space in the MDP, a novel action-composition based proximal policy optimization (PPO) algorithm is proposed to solve the MDP. Simulation results verify the effectiveness of the proposed PPO-based DRL approach.

This paper describes the integration of Terrestrial and Non-Terrestrial Networks, wherein space-based network entities collaborate with traditional and emerging terrestrial communication frameworks to furnish pervasive, resilient, and three-dimensional wireless connectivity worldwide toward the 6th Generation of communication networks. This integration supports heterogeneous services, such as enhancing coverage, user experience, system capacity, service reliability, and availability, while also providing high-speed connectivity in remote or disaster-affected areas, improving existing 5th Generation technologies. Various Use Cases are detailed, highlighting the pivotal roles that Non-Terrestrial Networks play in distinguishing between urban/suburban and rural environments, with particular emphasis on transportation ecosystems. Through this analysis, Key Performance Indicators and requirements are delineated to characterize the requisite service quality for these diverse Use Cases. The paper further presents an overview of potential and standards-compliant integrated Terrestrial/Non-Terrestrial architectures, delineating their roles both in backhauling and access across different layers of Non-Terrestrial systems and elements. These insights are derived from studies conducted within the Integrated Terrestrial And Non-Terrestrial Networks (ITA-NTN) project, part of the European Union initiative defined as the Italian National Recovery and Resilience Plan (NRRP) RESTART Research Program.

Anonymous communication protocols are integral tools for people to exercise the right to privacy in their online activities. Such tools are urged to offer maximum protection against various classes of adversaries, including rogue criminals, exploitative companies, and authoritarian or paternalistic regimes, while respecting the diversity of users’ activities, from e-mail and web browsing to file transfer and video streaming. In such a context, lightweight anonymity protocols are a promising solution to provide well-balanced anonymity and performance for daily use against a class of adversaries with a relaxed but realistic assumption of their capability. However, as the existing instantiations of these protocols solely target software implementation, they did not fully exhibit their advantages in performance by the relaxation of the adversarial model. This paper presents P⁵HI, a novel instantiation and implementation of a lightweight anonymity protocol on hardware programmable switches. Its realization requires a rethinking of all aspects of the system, beginning with the realization of bit-rotation on the switch, through the construction of a cryptographic scheme and attack prevention, to hardware-friendly procedures during path setup and data transmission. We deploy the full-fledged design of the lightweight anonymity protocol on an actual programmable switch, and our prototype demonstrates its operation at a speed of over 3.0 Tbps.

SDN controllers employ discovery protocols with LLDP packets to discover the network topology; however, this approach is susceptible to topology attacks due to the static reuse of LLDP packets without proper origin verification or integrity checks. This paper proposes a novel form of topology attack called the Round-trip time Confusion Onslaught (RCO) attack. Our findings showcase the capability of the RCO attack to mislead the discovery service of SDN controllers and bypass the Real-time Link Verification (RLV) defence mechanism, which depends on timing features in Machine Learning (ML) models. The RCO attack significantly reduces the effectiveness of the RLV mechanism in terms of True Positive Rate (TPR), Precision, F1-score, and Cohen’s Kappa and increases the False Positive Rate (FPR). These results underscore the difficulties in achieving dependable ML accuracy in topology attack detection. Accordingly, we propose the DIS-Guard framework, designed to protect and improve the efficiency of discovery protocols within SDN controllers. This framework utilizes the mutual Transport Layer Security (mTLS) protocol to discover hosts proactively. Moreover, it employs a novel combination of a chaos-tent map and the proposed statistical method for link discovery. Through extensive evaluation, we illustrate DIS-Guard’s superior performance and security over the established Ryu (switches.py) controller and the RLV defence mechanism. Notably, DIS-Guard reduces host-to-host access delays, decreases LLDP packet transmission and reception significantly, and improves control channel efficiency. Collectively, these quantifiable benefits manifest the efficacy of DIS-Guard as a significantly optimized solution for SDN security and performance.

Due to limitations in network coverage and capacity, terrestrial networks cannot meet the growing demand for widespread intelligent applications in recent years. The increasingly popular Satellite-based Internet of Things (S-IoT), with its extensive and boundless coverage, has emerged as the optimal solution. However, the large-scale distributed communication and services have led to significant challenges in scalability and security. Blockchain can help mitigate security and privacy issues in data sharing of S-IoT. To address these challenges, we propose StarCross, a secure and lightweight data sharing framework for S-IoT based on redactable blockchain. Firstly, we develop a space-ground collaborative sharding blockchain network architecture. Low Earth Orbit (LEO) satellite network serves as the communication intermediary between shards. Secondly, StarCross employs an improved Proof of Work (PoW) consensus based on dynamic difficulty to mitigate the challenges of uneven computing power and centralization within each shard. To ensure the atomicity of cross-shard transactions, StarCross introduces a blockchain rewriting mechanism called RBCVC, which combines chameleon hash and voting-based consensus. Thirdly, we conducted theoretical analysis and experimental evaluations of StarCross. The results indicate that compared to existing solutions, StarCross achieves better scalability and security in S-IoT. StarCross’s TPS increased to 260.9% of the baseline, while the transaction confirmation latency decreased by 79.7%.

Through extensive research and standardization efforts, mobile networks have rapidly evolved, offering improved services and allowing the establishment of new use cases, such as autonomous vehicles, smart cities, Industry 4.0, among others. While 5G networks have brought advancements that can support a broad spectrum of such new use cases, the requirements imposed by time-critical services as the eXtended Reality (XR) and Cloud Gaming (CG) applications still remain a challenge. Next generation networks are envisioned to adopt technologies that will allow them to surpass such barriers. Open Radio Access Network (RAN), utilizing the disaggregation paradigm, stands out as a pivotal technology thanks to its potential to endow the network with flexibility, automation, and intelligence. In fact, Open RAN is considered as one of the key enabling technologies for XR and CG applications. However, disaggregation of the RAN may result in bottlenecks in the links connecting the various parts of the network, like the Open Fronthaul link, especially when considering time-critical traffic. In this paper, we perform an analysis of the impact that the Open Fronthaul capacity limitations can have in the XR and CG traffic under 3GPP defined scenarios. Moreover, to address these limitations, we implement and extend a Fronthaul Control mechanism combined with modulation compression, using the open-source ns-3 based 5G-LENA network simulator. Results showcase that the Open Fronthaul capacity limitation can drastically reduce the performance of the XR and CG applications, and demonstrate the necessity for such mechanisms to be employed in order to meet their requirements in terms of latency and throughput.

Unmanned aerial vehicles, initially developed for military use, have evolved to play vital roles in civilian applications including photography, agriculture, disaster management, and delivery services. Their agility, precision, and ad-hoc formation make them indispensable, particularly in time-sensitive tasks such as search-and-rescue missions. However, the widespread use of UAVs has raised security concerns, including unauthorized access, cyberattacks, and physical threats. In addition, the dynamic nature of these networks provides adversaries with opportunities to exploit node failures leading to potential data breaches. To address these risks, implementing robust security measures such as authentication, encryption, physical security, and proactive monitoring is essential even amidst the inherent resource limitations faced by UAVs. This paper proposes a lightweight authentication and key agreement protocol for multi-UAV networks, incorporating physically unclonable technology for securing the data sent over the network. The protocol also addresses security risks during UAV failures and the unauthorized access to data. The scheme has been validated using the Scyther simulation tool, with the PUF implemented on the Xilinx FPGA platform. An informal security analysis is also presented that demonstrates its adherence to security requirements. Additionally, the performance of the proposed scheme is compared with state-of-the-art approaches by evaluating network latency in terms of computational and communication costs, affirming its effectiveness in resource-constrained applications.

The centralized management of IPsec Security Associations (SAs) by using Software Defined Network (SDN) paradigm has been already explored and standardized. Datacenters are some of the scenarios where the dynamic establishment of IPsec security associations among network nodes has been deemed relevant. In these scenarios, where nodes do not support protocols like IKEv2, applying solutions where the generation and distribution of keys for IPsec are delegated to the SDN controller. However, these scenarios have the issue that the controller itself generates the IPsec keys for the nodes, posing a higher risk to the system’s security in case the controller is compromised. For these scenarios, it would be necessary to define solutions that allow the distribution of this cryptographic material securely, while maintaining the capacity restrictions established by the nodes. To solve this risk, we propose the generation of the IPsec keys using key distribution through the Diffie–Hellman algorithm in such a manner, that the controller will never have access to the IPsec SAs session keys used by the network nodes, mitigating the aforementioned problem. In concrete, our approach makes the nodes responsible for generating their own Diffie–Hellman public and private keypair, while the controller is only in charge of distributing the public keys to the rest of nodes, as well as other parameters needed to install the IPsec SAs. As we will analyze, the distribution of the public keys will be enough to allow the network nodes to generate the session keys. This work presents the design, implementation and validation of this IPsec management solution based on Diffie–Hellman in SDN environments using asymmetric key distribution for negotiating encryption and integrity keys, focusing on the performance in key generation and installation of IPsec SAs.