Center for Measurement and Analysis of Network Data

Home | News | People | Projects | Papers | Data | Software : speakers
We have been honored to host several distinguished speakers.
  • K√©vin Vermeulen, University ofSorbonne (April 19, 2019):
    Title: Alias Resolution with ICMP(v6) Rate Limiting

    One of the biggest challenge in Internet cartography is to obtain from an IP level topology a router level topology. The process of grouping different IP addresses into routers is called alias resolution. Because active measurements reveal IP addresses but not the identities of routers, researchers have invented several techniques to discover common signatures shared among IP interfaces that provide evidence that these interfaces might be aliases. In this paper, we propose a new technique, based on ICMP(v6) rate limiting, a feature that is present on all modern routers, and mandatory in IPv6. More often considered as a constraint than an asset in Internet topology discovery, this feature has never been exploited to perform alias resolution. Our contributions are: (1) Limited Ltd., a new technique for alias resolution, which both works in IPv4 and IPv6. (2) A free, open source, and permissively licensed tool that implements the algorithm. (3) A survey of the types of rate limiting behavior that we have found that add new insights to previous survey work. We evaluate Limited Ltd. on Internet2 ground truth and on a larger scale survey by comparing its performance with two existing state-of-the-art techniques for alias resolution, showing that both for IPv4 and IPv6, we find new pairs of aliases that were not findable those techniques against which we compare, while maintaining a low false positive rate. In order to facilitate the reproducibility or our results and the usage of Limited Ltd., our code and the data that we collected are publicly available.

  • Dr. Matthew Luckie, University of Waikato, (November 17, 2016):
    Title: Don't Forget to Lock the Back Door! A Characterization of IPv6 Network Security Policy

    There is growing operational awareness of the challenges in securely operating IPv6 networks. Through a measurement study of 520,000 dual-stack servers and 25,000 dual-stack routers, we examine the extent to which security policy codified in IPv4 has also been deployed in IPv6. We find several high-value target applications with a comparatively open security policy in IPv6 including: (i) SSH, Telnet, SNMP, are more than twice as open on routers in IPv6 as they are in IPv4; (ii) nearly half of routers with BGP open were only open in IPv6; and (iii) in the server dataset, SNMP was twice as open in IPv6 as in IPv4. We conduct a detailed study of where port blocking policy is being applied and find that protocol openness discrepancies are consistent within network boundaries, suggesting a systemic failure in organizations to deploy consistent security policy. We successfully communicate our findings with twelve network operators and all twelve confirm that the relative openness was unintentional. Ten of the twelve immediately moved to deploy a congruent IPv6 security policy, reflecting real operational concern. Finally, we revisit the belief that the security impact of this comparative openness in IPv6 is mitigated by the infeasibility of IPv6 network-wide scanning-we find that, for both of our datasets, host addressing practices make discovering these high-value hosts feasible by scanning alone. To help operators accurately measure their own IPv6 security posture, we make our probing system publicly available.

  • Dr. Nicholas Weaver, ICSI & UC Berkeley, (July 18, 2013):
    Title: Down the BitCoin Rabbit Hole

    As part of our research into how attackers may monetize systems, we've begun investigating BitCoin as both mining and theft are potential revenue sources. This has lead us down the BitCoin rabbit hole, an amusing and weird world full of excellent cryptography, impossible finance, and bat-S@#)(* insane economics. Follow along on the fun tales of thefts, Winklevii, tracking, drug sales, bubbles, Ponzi schemes, and cave- dwelling goldbugism in a "currency" best described as a " stock without a sock puppet."

  • Chip Elliott, BBN Technologies, (April 19, 2012):
    Title: GENI -- Global Environment for Network Innovations

    The Global Environment for Network Innovations -- GENI -- is a suite of research infrastructure, sponsored by the National Science Foundation, that is rapidly taking shape within dozens of university campuses across the United States. GENI enables deep programmability throughout the network, promoting innovations in network security, technologies, services, and applications. Researchers can install their own software deep into GENI to try out large-scale experiments in future global systems that may or may not be compatible with today's Internet. These experiments run inside different GENI "slices," so that researchers can try out a variety of future internets at the same time. GENI is now supporting a range of experiments spanning the United States, and starting to ramp up for "at scale" growth to 100-200 university campuses.

  • Dr. Kang Shin, University of Michigan, (February 3, 2012):
    Title: E-MiLi: Energy-Minimizing Idle Listening in Wireless Networks

    The WiFi interface is a primary energy consumer in mobile devices, and idle listening (IL) is the dominant source of energy consumption in WiFi. Most existing protocols, such as 802.11 power-saving mode (PSM), attempt to reduce the time spent in IL by sleep scheduling. However, through an extensive analysis of real-world traffic, we found that more than 60% of energy is consumed in IL, even with PSM enabled. To remedy this problem, we propose E-MiLi (Energy-Minimizing idle Listening), which reduces the power consumption in IL, given that the time spent in IL has already been optimized by sleep scheduling. Since radio power consumption decreases proportionally to its clock-rate, E-MiLi adaptively down-clocks the radio during IL, and reverts to full clock-rate when an incoming packet is detected or a packet has to be transmitted. E-MiLi incorporates sampling rate invariant detection (SRID), ensuring accurate packet detection and address filtering even when the receiver's sampling clock-rate is much lower than the signal bandwidth. Further, it employs an opportunistic down-clocking mechanism to optimize the efficiency of switching clock-rate, based on a simple interface to existing MAC-layer scheduling protocols. We have implemented E-MiLi on the USRP software radio platform. Our experimental evaluation shows that E-MiLi can detect packets with close to 100% accuracy even with down-clocking by a factor of 16. When integrated with 802.11, E-MiLi can reduce energy consumption by around 44% for 92% of users in real- world wireless networks. Joint work with Xinyu Zhang presented at ACM MobiCom '11.

  • Dr. Nicholas Weaver, ICSI & UC Berkeley, (October 6, 2011):
    Title: Serendipy and Spam

    What happens when a large research group sets out read a billion spams? A voyage of discovery through the underground economy which provides a major economic driver for botnets, spam, and other malfeasance. This talk describes the trip, including how we could identify the major programs based on the internal structure of their web pages, evaluate the (in)effectiveness of computer-infrastructure takedown and effectiveness of financial disruption, learn how to manage the press, discover what people purchase from spamvertized pharmacies, and provide estimates on the total revenue derived from (the V-word) spam.

  • Dr. Arthur Berger, Akamai Technologies, (September 29, 2011):
    Title: Comparing Performance over IPv4 versus IPv6

    As IPv4 address space gets tighter, there is increasing pressure to deploy IPv6. The Internet Assigned Number Authority (IANA) allocated the last of the available /8?s of the v4 address space to the Regional Internet Registries (RIR?s) on February 3, 2011. Currently, the RIR's are restricting allocations to cover only about 3 months of growth. A market for legacy v4 address has begun: In March, 2011, as part of Nortel's bankruptcy, Microsoft bought 667,000 legacy v4 addresses for $11/address.

    Since the transition to IPv6 will be slow, there will be a long period where many end-points will be dual stack. Thus, the ability to pick the better performing path over v4 versus v6 will be a valuable feature. We have done a performance comparison of v4 versus v6 latency and loss, with results by continent, and by tunneled versus native v6 addresses. Although overall performance is better over v4, it is not always so; for example 10% of the time the latency between the U.S. and Europe is shorter over v6 by at least 10 ms, and to Asia is shorter by at least 38 ms. Latency and loss over v6 is in general higher to tunneled v6 destinations, as compared with native. Somewhat surprisingly, the latency and loss over _v4_ is also higher to nameservers whose v6 interface is tunneled, as compared with nameservers whose v6 interface is native. We conjecture that nameservers with a tunneled v6 interface are more likely to be in smaller networks, lower down in the hierarchy. Thus, the common observation that v6 latency is higher over tunnels is not due exclusively to the poorer v6 architecture of tunnels, but also is partially due to other factors, such as the topological location.

  • Dr. Grenville Armitage, Swinburne University, (June 9, 2011):
    Title: A mixed-bag -- Some thoughts on TCP, network monitoring using game engines, and helping online game players save their NATs from exploding

    The Centre for Advanced Internet Architectures at Swinburne University of Technology has been dabbling in a range of networking-related research projects in recent years. This talk will touch on the highlights of four projects -- experiments with "delay-gradient" TCP (to keep RTT down while being tolerant of non-congestion loss), using "statelessTCP" for HTTP (serving small objects while reducing server-side TCP state load), using consumer game engines to create 3D worlds for monitoring and controlling network devices, and using network coordinates to drastically reduce the UDP probe traffic emitted by home game players when performing server discovery (thus eliminating exhaustion of their gateway's NAT table).

  • Dr. Michal Pěchouček, Czech Technical University, (April 14, 2011):
    Title: Agent based computing in defense applications

    Our current complex, decentralized and in parts adversarial environment provide interesting research and technological challenges. The research field of multiagent systems and agent based computing, which is grounded in computer science, artificial intelligence and game theory, suggest a set of novel approaches, algorithms and methodologies. In Agent Technology Center (ATC), Czech Technical University, we study agent-based computing from theoretical and application perspective. During my talk I will provide a brief introduction into the four selected research activities in ATC: (i) free-flight oriented UAV collision avoidance, (ii) trajectory-based civilian air traffic management, (iii) maritime security applications and (iv) cybersecurity.

  • Dr. Craig Partridge, BBN Technologies, (October 19, 2010):
    Title: Realizing the Future of Wireless Data Communications

    Software radios will soon become cost-effective for commercial use. We, unfortunately, have not done the research necessary to inform regulators, technologists, manufacturers and consumers about their choices in the new world that software radios enable. This talk sketches the potential of software radios in a commercial marketplace and outlines the research that needs to happen.

Center for Measurement and Analysis of Network Data