1,720,986 research outputs found
A Tutorial On Privacy, RCM and Its Implications in WLAN
No full textThe proliferation of Wi-Fi devices has led to the rise of privacy concerns related to MAC Address-based systems used for people tracking and localization across various applications, such as smart cities, intelligent transportation systems, and marketing. These systems have highlighted the necessity for mobile device manufacturers to implement Randomized And Changing MAC address (RCM) techniques as a countermeasure for device identification. In response to the challenges posed by diverse RCM implementations, the IEEE has taken steps to standardize RCM operations through the 802.11aq Task Group (TG). However, while RCM implementation addresses some concerns, it can disrupt services that span both Layer 2 and upper-layers, which were originally designed assuming static MAC addresses. To address these challenges, the IEEE has established the 802.11bh TG, focusing on defining new device identification methods, particularly for Layer 2 services that require pre-association identification. Simultaneously, the IETF launched the MAC Address Device Identification for Network and Application Services (MADINAS) Working Group to investigate the repercussions of RCM on upper-layer services, including the Dynamic Host Configuration Protocol (DHCP). Concurrently, derandomization techniques have emerged to counteract RCM defense mechanisms. The exploration of these techniques has suggested the need for a broader privacy enhancement framework for WLANs that goes beyond simple MAC address randomization. These findings have prompted the inception of the 802.11bi TG, which aims to compile an exhaustive list of potential privacy vulnerabilities and prerequisites for a more private IEEE 802.11 standard. In this context, this tutorial aims to provide insights into the motivations behind RCM, its implementation, and its evolution over the years. It elucidates the influence of RCM on network processes and services. Furthermore, the tutorial delves into the recent progress made within the domains of 802.11bh, 802.11bi, and MADINAS. It offers a thorough analysis of the initial work undertaken by these groups, along with an overview of the relevant research challenges. The tutorial objective is to inspire the research community to explore innovative approaches and solutions that contribute to the ongoing efforts to enhance WLAN privacy through standardization initiatives
MultiLayer compressed counting bloom filters
No full textBloom filters are efficient randomized data structures for membership queries on a set with a certain known false positive probability. Counting bloom filters (CBFs) allow the same operation on dynamic sets that can be updated via insertions and deletions with larger memory requirements. This paper first presents a new upper bound for counters overflow probability in CBFs. This bound is much tighter than that usually adopted in literature and it allows for designing more efficient CBFs. Three novel data structures are proposed, which introduce the idea of a hierarchical structure as well as the use of Huffman code. Our algorithms improve standard CBFs in terms of fast access and limited memory consumption (up to 50% of memory saving): the target could be the implementation of the compressed data structures in the small (but fast) local memory or "on-chip SRAM" of devices such as network processors
Counting bloom filters for pattern matching and anti-evasion at the wire speed
No full textStandard pattern-matching methods used for deep packet inspection and network security can be evaded by means of TCP and IP fragmentation. To detect such attacks, intrusion detection systems must reassemble packets before applying matching algorithms, thus requiring a large amount of memory and time to respond to the threat. In the literature, only a few efforts proposed a method to detect evasion attacks at high speed without reassembly. The aim of this article is to introduce an efficient system for anti-evasion that can be implemented in real devices. It is based on counting bloom filters and exploits their capabilities to quickly update the string set and deal with partial signatures. In this way, the detection of attacks and almost all of the traffic processing is performed in the fast data path, thus improving the scalability of intrusion detection systems
Blooming trees: Space-efficient structures for data representation
No full textA Bloom Filter is an efficient randomized data structure for membership queries on a set with a certain known false positive probability. A Counting Bloom Filter (CBF) allows the same operations on dynamical sets that can be updated via insertions and deletions with larger memory requirements. This paper presents a novel hierarchical data structure, called Blooming Tree, that replicates the functionalities of a CBF with lower memory consumption and tunable false positive probability. The hierarchical multi-layer design of Blooming Trees allows for distributing the structure in different memory levels, thus exploiting small but fast on-chip memories for most frequently accessed substructures. The proposed algorithm is compared to previous existing schemes on a target platform: Intel IXP2XXX Network Processors (NPs)
A Cooperative PC/Network-Processor Architecture for Multi Gigabit Traffic Analysis
No full textThe extensive availability of cost effective commodity PC hardware pushed the development of flexible and versatile traffic monitoring software such as protocol analyzers, protocol dissectors, traffic sniffers, traffic characterizers and IDSs (Intrusion Detection Systems). The largest part of these pieces of software is based on the well known libpcap API, which in the last few years has become a de facto standard for PC based packet capturing. Many improvements have been applied to this library but it still suffers from several performance flaws that are due not to the software itself but rather to the underlying hardware bottlenecks. In this paper we present a new traffic monitoring device, implemented by an Intel IXP2400 Network Processor PCI-X card connected to a gigabit ethernet LAN hosting a cluster of common personal computers running any libpcap based application. This architecture outperforms the previous solutions in terms of packet capturing power and timestamp accuracy
AMBER SCHED: An Analytical Model BasEd Resource Scheduler for programmable routers
No full texthe growth of the Internet in the last years has been pushed by increasing requirements in terms of capacity, security and reliability. Moreover, improvements in multimedia applications need mechanisms and architectures to accomplish quality of service (QoS) and differentiated services. Technology development has shown that the evolution of processing power cannot cope with the link capacity growth. Therefore a link capacity scheduler is no longer sufficient to assure efficient service differentiation to end-users, but a proper computing power allocation for packet processing must be adopted. In this paper a processing scheduling scheme for Intelreg IXP2XXX Network Processors is proposed. A model of the architecture is defined and an ad-hoc simulator is developed to help the comprehension of the system and the re-design of the application. Finally experimental results show the performance of the proposed algorithm
Blooming trees for minimal perfect hashing
No full textHash tables are used in many networking applications, such as lookup and packet classification. But the issue of collisions resolution makes their use slow and not suitable for fast operations. Therefore, perfect hash functions have been introduced to make the hashing mechanism more efficient. In particular, a minimal perfect hash function is a function that maps a set of n keys into a set of n integer numbers without collisions. In literature, there are many schemes to construct a minimal perfect hash function, either based on mathematical properties of polynomials or on graph theory. This paper proposes a new scheme which shows remarkable results in terms of space consumption and processing speed. It is based on an alternative to Bloom Filters and requires about 4 bits per key and 12.8 seconds to construct a MPHF with 3.8 x 10(9) elements
Network topology discovery based on a finite set of hypotheses
No full textTomographic techniques allow for the reconstruction of network topologies with no need for cooperation from internal routers. Traditional tomographic techniques infer the internal network layout by clustering nodes into tree structures that, in many cases, reveal only a partial graph structure of the network. This paper proposes a novel approach to network topology discovery by means of packet sandwich probes; the underlying theoretical basis relies on the application of Decision Theory to a finite set of possible topological hypotheses. The decision process is however disturbed by the interaction of probes with regular cross traffic, which results in a background noise that afflicts the measurements. To cope with this phenomenon, a model-free noise reduction technique is also used. The algorithms presented in the paper are validated through extensive simulations in several network scenarios. The results show that such a methodology allows to retrieve a complete picture of the network that includes the detection of all the internal nodes along with the values of capacities of the interconnecting links
- …
