COMM

Web security has been and remains a highly relevant field of security research, which has seen many additional features standardiazed at IETF over the past years.

This talk covers two papers, which in sum provide a conprehensive survey of quantity and ...

While the Transport Layer Security (TLS) protocol is typically used to authenticate servers, it also offers the possibility to use Client Certificates for to authenticate clients (CCA). We investigate the use of CCA based on two specific concerns:

First, ...

Infrastructure-as-a-Service (IaaS), more generally the "cloud," changed the landscape of system operations on the Internet. Clouds' elasticity allow operators to rapidly allocate and use resources as needed, from virtual machines, to storage, to IP ...

First standardized by the IETF in the 1990's, SSL/TLS is the most widely-used encryption protocol on the Internet. This makes it imperative to study its usage across different platforms and applications to ensure proper usage and robustness against ...

BGP prefix hijacking is a critical threat to Internet organizations and users. Despite the availability of several defense approaches (ranging from RPKI to popular third-party services), none of them solves the problem adequately in practice. They suffer ...

In this talk, we will report on our recent article "Towards a Rigorous Methodology for Measuring Adoption of RPKI Route Validation and Filtering", published in ACM Computer Communication Review, January 2018. We will also present new results that arise ...

Fiber optic cables are the workhorses of today's Internet services, but they are an expensive resource and require significant monetary investment. Their importance has driven a conservative deployment approach with redundancy baked into multiple layers ...

In this paper we consider the risks to Internet infrastructure in the US due to sea level rise. Our study is based on sea level incursion projections from the National Oceanic and Atmospheric Administration (NOAA) [12] and Internet infrastructure ...

The Domain Name System (DNS) is used to map human-friendly hostnames into network addresses that are in turn used to route traffic across the Internet. DNS lookups are a precursor to much of the communication that traverses the Internet. Therefore, the ...

The Network Time Protocol (NTP) synchronizes time across computer systems over the Internet. Unfortunately, NTP is highly vulnerable to "time shifting attacks", in which the attacker's goal is to shift forward/backward the local time at an NTP client. ...

We develop and validate Internet path measurement techniques to distinguish congestion experienced when a flow self-induces congestion in the path from when a flow is affected by an already congested path. One application of this technique is for speed ...

Congestion control schemes that are commonly deployed today are loss-based and were developed in the 2000s. The internet has changed dramatically since then, and these schemes are no longer suitable. This has prompted new research interest in this area, ...

The proliferation of networked devices, systems, and applications that we depend on every day makes managing networks more important than ever. The increasing security, availability, and performance demands of these applications suggest that these ...

Wide-area networks are expected to meet the competing objectives of high performance and reliability in the presence of various operational constraints and failures. Operators of such networks use traffic engineering (TE) to improve network performance ...

In this talk, we will report initial results from the world's first ISP-scale field trial of a refraction networking system. Refraction networking is a next-generation censorship circumvention approach that locates proxy functionality in the middle of ...

Facing undesired traffic from the Tor anonymity network, online service providers discriminate against Tor users. In this study we characterize the extent of discrimination faced by Tor users and the nature of undesired traffic exiting from the Tor ...

We present CommunityWatch, an open-source system that enables timely and accurate detection of BGP routing anomalies. CommunityWatch leverages meta-data encoded by AS operators on their advertised routes through the BGP Communities attribute. The BGP ...

The Congestion Control Plane (CCP) is a new way to structure congestion control functions at the sender by removing them from the datapath. With CCP, each datapath such as the Linux Kernel TCP, UDP-based QUIC, or kernel-bypass transports like mTCP/DPDK ...

In practice, a single TCP congestion control is often used to handle all TCP connections on a Web server, e.g., Cubic for Linux by default. Considering complex and ever-changing networking environment, the default congestion control algorithm may not ...

We tackle the problem of enabling Autonomous Systems to evaluate network providers on the basis of their adherence to Service Level Agreements (SLAs) regarding interconnection agreements. In current Internet practices, choices of interconnection partners ...

We have introduced a cost-sharing model for remote communities to share their limited access to the commercial Internet among community members using wireless mesh networks in the north-west of Thailand to expand the edge network coverage and to reduce ...

A huge number of Internet of Things (IoT) devices are expected to be connected to the Internet in the near future. The Constrained Application Protocol (CoAP) has been increasingly deployed for wide-area IoT communication. It is crucial to understand how ...

In this paper, we introduce DeadBolt, a new security framework for managing IoT network access. DeadBolt hides all of the devices in an IoT deployment behind an access point that implements deny-by-default policies for both incoming and outgoing traffic. ...

While software-based packet forwarding devices and middle-boxes are gaining momentum, also device diversity increases. This also challenges the area of device benchmarking. In this paper, we present our new benchmarking framework for OpenFlow switches ...

In this work we will present an implementation of the threshold cryptography system theoretically presented by Victor Shoup at EUROCRYPT 2000. Our implementation relies on the implementation of a standard PKCS#11 interface API, ZeroMQ messages over TCP, ...

Today, most mobile devices can connect to the Internet via multiple access networks. To make an informed choice of which network to use, a host requires accurate and up to date performance metrics. However, so far such network characteristics are ...

Authoritative DNS nameservers are vulnerable to being used in denial of service attacks whereby an attacker sends DNS queries while masquerading as a victim---hence coaxing the DNS server to send the responses to the victim. Reflecting off innocent DNS ...

This paper develops a technique to detect whether the cross traffic competing with a flow is elastic or not, and shows how to use the elasticity detector to improve congestion control. If the cross traffic is elastic, i.e., made up of buffer-filling ...

Over the past decade, the way that devices connect to the Internet has changed drastically. The introduction of high-speed mobile networks and the omnipresence of wireless access points led to a situation where most devices offer multiple network ...

Understanding the quality of Experience (QoE) of web browsing is key to optimize services and keep users' loyalty. This is crucial for both Content Providers and Internet Service Providers (ISPs). Quality is subjective, and the complexity of today's ...