Your search keyword '"Srikanth V"' showing total 198 results

1. MLSNet: A Policy Complying Multilevel Security Framework for Software Defined Networking

Author

Thomas F. La Porta, Stefan Achleitner, Patrick McDaniel, Trent Jaeger, Srikanth V. Krishnamurthy, and Quinn K. Burke

Subjects

Exploit, Computer Networks and Communications, Computer science, Heuristic (computer science), business.industry, 020206 networking & telecommunications, Eavesdropping, 02 engineering and technology, Attack surface, Adversary, 0202 electrical engineering, electronic engineering, information engineering, Information flow (information theory), Electrical and Electronic Engineering, Multilevel security, Software-defined networking, business, Computer network

Abstract

Ensuring that information flowing through a network is secure from manipulation and eavesdropping by unauthorized parties is an important task for network administrators. Many cyber attacks rely on a lack of network-level information flow controls to successfully compromise a victim network. Once an adversary exploits an initial entry point, they can eavesdrop and move laterally within the network (e.g., scan and penetrate internal nodes) to further their malicious goals. In this article, we propose a novel multilevel security (MLS) framework to enforce a secure inter-node information flow policy within the network and therein vastly reduce the attack surface available to an adversary who has penetrated it. In contrast to prior work on multilevel security in computer networks which relied on enforcing the policy at network endpoints, we leverage the centralization of software-defined networks (SDNs) by moving the task to the controller and providing this service transparently to all network nodes. Our framework, MLSNet , formalizes the generation of a policy compliant network configuration (i.e., set of flow rules on the SDN switches) as network optimization problems, with the objectives of (1) maximizing the number of flows satisfying all security constraints and (2) minimizing the security cost of routing any remaining flows to guarantee availability. We demonstrate that MLSNet can securely and efficiently route flows that satisfy the security constraints and route the remaining flows with a minimal security cost (e.g., route >85% of flows, where the heuristic achieves 89% and 87% of the optimal solutions for the optimization problems).

Published

2021

2. Packet Header Obfuscation Using MIMO

Author

Shailendra Singh, Yue Cao, Srikanth V. Krishnamurthy, Prashant Krishnamurthy, Thomas F. La Porta, Ahmed Osama Fathy Atya, Zhiyun Qian, and Lisa M. Marvel

Subjects

Interleaving, Computer Networks and Communications, Computer science, Network packet, business.industry, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, MIMO, 020206 networking & telecommunications, Throughput, 02 engineering and technology, Computer Science Applications, Obfuscation (software), PHY, Header, 0202 electrical engineering, electronic engineering, information engineering, Bit error rate, Electrical and Electronic Engineering, business, Software, Computer network

Abstract

Eavesdroppers can exploit exposed packet headers towards attacks that profile clients and their data flows. In this paper, we propose FOG, a framework for effective full and partial header blinding using MIMO, to thwart eavesdroppers. FOG effectively tracks header bits as they traverse physical (PHY) layer sub-systems that perform functions like scrambling and interleaving. It combines multiple blinding signals for more effective and less predictable obfuscation, as compared to using a fixed blinding signal. We implement FOG on the WARP platform and demonstrate via extensive experiments that it yields better obfuscation than prior schemes that deploy full packet blinding. It causes a bit error rate (BER) of > 40 % at an eavesdropper if two blinding streams are sent during header transmissions. Furthermore, even with full header blinding, FOG incurs a very small throughput hit of $\approx ~5$ % with one blinding stream (and 9 % with two streams). Full packet blinding incurs much higher throughput hits (25 % with one stream and 50 % with two streams).

Published

2020

3. Low-Complexity, Real-Time Joint Neural Echo Control and Speech Enhancement Based On Percepnet

Author

Arvindh Krishnaswamy, Karim Helwani, Jean-Marc Valin, Umut Isik, and Srikanth V. Tenneti

Subjects

Signal processing, Artificial neural network, business.industry, Computer science, Speech recognition, Deep learning, Echo (computing), Communications system, Speech enhancement, Noise, Audio and Speech Processing (eess.AS), FOS: Electrical engineering, electronic engineering, information engineering, Artificial intelligence, business, Digital signal processing, Electrical Engineering and Systems Science - Audio and Speech Processing

Abstract

Speech enhancement algorithms based on deep learning have greatly surpassed their traditional counterparts and are now being considered for the task of removing acoustic echo from hands-free communication systems. This is a challenging problem due to both real-world constraints like loudspeaker non-linearities, and to limited compute capabilities in some communication systems. In this work, we propose a system combining a traditional acoustic echo canceller, and a low-complexity joint residual echo and noise suppressor based on a hybrid signal processing/deep neural network (DSP/DNN) approach. We show that the proposed system outperforms both traditional and other neural approaches, while requiring only 5.5% CPU for real-time operation. We further show that the system can scale to even lower complexity levels., Comment: Accepted for ICASSP 2021, 5 pages

Published

2021

4. Catch Me if You Can: A Closer Look at Malicious Co-Residency on the Cloud

Author

Patrick McDaniel, Zhiyun Qian, Lisa M. Marvel, Srikanth V. Krishnamurthy, Thomas F. La Porta, and Ahmed Osama Fathy Atya

Subjects

Computer Networks and Communications, Computer science, business.industry, 020206 networking & telecommunications, Cloud computing, 02 engineering and technology, Computer security, computer.software_genre, Computer Science Applications, 0202 electrical engineering, electronic engineering, information engineering, Bandwidth (computing), Side channel attack, Electrical and Electronic Engineering, Set (psychology), business, computer, Software, Countermeasure (computer), Live migration

Abstract

VM migration is an effective countermeasure against attempts at malicious co-residency. In this paper, our overarching objectives are: (a) to get an in-depth understanding of the ways and effectiveness with which an attacker can launch attacks toward achieving co-residency and (b) to design migration policies that are very effective in thwarting malicious co-residency, but are thrifty in terms of the bandwidth and downtime costs that are incurred with live migration. Toward achieving our goals, we first undertake an experimental study on Amazon EC2 to obtain an in-depth understanding of the side-channels, through which an attacker can use to ascertain co-residency with a victim. Here, in this paper, we identify a new set of stealthy side-channel attacks which we show to be more effective than the currently available attacks toward verifying co-residency. We also build a simple model that can be used for estimating co-residency times based on very few measurements on a given cloud platform, to account for varying attacker capabilities. Based on the study, we develop a set of guidelines to determine under what conditions the victim VM migrations should be triggered, given the performance costs in terms of bandwidth and downtime, which a user is willing to bear. Through extensive experiments on our private in-house cloud, we show that the migrations, using our guidelines, can limit the fraction of the time that an attacker VM co-resides with a victim VM to about 1% of the time with the bandwidth costs of a few MB and downtimes of a few seconds per day per VM migrated.

Published

2019

5. You Do (Not) Belong Here: Detecting DPI Evasion Attacks with Context Learning

Author

Zhiyun Qian, Ananthram Swami, Kevin S. Chan, Srikanth V. Krishnamurthy, Shitong Zhu, Shasha Li, Zhongjie Wang, and Xun Chen

Subjects

Networking and Internet Architecture (cs.NI), FOS: Computer and information sciences, Computer Science - Cryptography and Security, Exploit, business.industry, Network packet, Computer science, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Middlebox, Evasion (network security), 020206 networking & telecommunications, Deep packet inspection, Context (language use), 02 engineering and technology, Computer Science - Networking and Internet Architecture, Header, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, business, Communications protocol, Cryptography and Security (cs.CR), Computer network

Abstract

As Deep Packet Inspection (DPI) middleboxes become increasingly popular, a spectrum of adversarial attacks have emerged with the goal of evading such middleboxes. Many of these attacks exploit discrepancies between the middlebox network protocol implementations, and the more rigorous/complete versions implemented at end hosts. These evasion attacks largely involve subtle manipulations of packets to cause different behaviours at DPI and end hosts, to cloak malicious network traffic that is otherwise detectable. With recent automated discovery, it has become prohibitively challenging to manually curate rules for detecting these manipulations. In this work, we propose CLAP, the first fully-automated, unsupervised ML solution to accurately detect and localize DPI evasion attacks. By learning what we call the packet context, which essentially captures inter-relationships across both (1) different packets in a connection; and (2) different header fields within each packet, from benign traffic traces only, CLAP can detect and pinpoint packets that violate the benign packet contexts (which are the ones that are specially crafted for evasion purposes). Our evaluations with 73 state-of-the-art DPI evasion attacks show that CLAP achieves an Area Under the Receiver Operating Characteristic Curve (AUC-ROC) of 0.963, an Equal Error Rate (EER) of only 0.061 in detection, and an accuracy of 94.6% in localization. These results suggest that CLAP can be a promising tool for thwarting DPI evasion attacks., 12 pages, 12 figures; accepted to ACM CoNEXT 2020

Published

2020

6. WOLT: Auto-Configuration of Integrated Enterprise PLC-WiFi Networks

Author

Jiasi Chen, Kittipat Apicharttrisorn, Karthikeyan Sundaresan, Hisham A. Alhulayyil, Samet Oymak, and Srikanth V. Krishnamurthy

Subjects

Ethernet, business.industry, Computer science, Testbed, ComputerApplications_COMPUTERSINOTHERSYSTEMS, 020206 networking & telecommunications, Throughput, 02 engineering and technology, Backhaul (telecommunications), Power-line communication, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Network performance, Auto-configuration, business, Computer network, Communication channel

Abstract

Power Line Communication (PLC) based WiFi extenders can improve WiFi coverage in homes and enterprises. Unlike in traditional WiFi networks which use an underlying high data rate Ethernet backhaul, a PLC backhaul may not support high data rates. Specifically, our measurements show that arbitrarily affiliating users to PLC-WiFi extenders or based on their WiFi channel qualities alone may lead to poor network performance due to the differences in PLC link capacities. Thus, in this paper we build a framework, WOLT, to solve the problem of assigning users to the appropriate PLC-WiFi extenders to increase the aggregate network throughput in an enterprise setting, where one may expect a relatively large number of power outlets. WOLT accounts for both the qualities of the two concatenated links viz., the PLC and WiFi links. It hinges on estimating the best capacity offered by the PLC links, and accounting for these while assigning users. It incorporates a polynomial-time algorithm that assigns only a subset of the users to maximize the aggregate throughput on the PLC links, and then assigns the remaining users such that the degradation in the aggregate throughput is minimized. WOLT is evaluated through simulations and real testbed experiments with commodity PLCWiFi extenders, and improves aggregate throughput by more than 2.5x compared to a greedy user association baseline.

Published

2020

7. Characterization of Multi-User Augmented Reality over Cellular Networks

Author

Yi-Zhen Tsai, Bharath Balasubramanian, Rittwik Jana, Tuyen X. Tran, Srikanth V. Krishnamurthy, Kittipat Apicharttrisorn, Jiasi Chen, Yu Zhou, and Rajarajan Sivaraj

Subjects

Radio access network, Computer science, business.industry, Goodput, Quality of service, Testbed, 020206 networking & telecommunications, 02 engineering and technology, 0202 electrical engineering, electronic engineering, information engineering, Cellular network, 020201 artificial intelligence & image processing, Network performance, Augmented reality, Latency (engineering), business, Computer network

Abstract

Augmented reality (AR) apps where multiple users interact within the same physical space are gaining in popularity (e.g., shared AR mode in Pokemon Go, virtual graffiti in Google’s Just a Line). However, multi-user AR apps running over the cellular network can experience very high end-to-end latencies (measured at 12.5 s median on a public LTE network). To characterize and understand the root causes of this problem, we perform a first-of-its-kind measurement study on both public LTE and industry LTE testbed for two popular multi-user AR applications, yielding several insights: (1) The radio access network (RAN) accounts for a significant fraction of the end-to-end latency (31.2%, or 3.9 s median), resulting in AR users experiencing high, variable delays when interacting with a common set of virtual objects in off-the-shelf AR apps; (2) AR network traffic is characterized by large intermittent spikes on a single uplink TCP connection, resulting in frequent TCP slow starts that can increase user-perceived latency; (3) Applying a common traffic management mechanism of cellular operators, QoS Class Identifiers (QCI), can help by reducing AR latency by 33% but impacts non-AR users. Based on these insights, we propose network-aware and network-agnostic AR design optimization solutions to intelligently adapt IP packet sizes and periodically provide information on uplink data availability, respectively. Our solutions help ramp up network performance, improving the end-to-end AR latency and goodput by ~40-70%.

Published

2020

8. Connecting the Dots: Detecting Adversarial Perturbations Using Context Inconsistency

Author

Shitong Zhu, Kevin S. Chan, Srikanth V. Krishnamurthy, Amit K. Roy-Chowdhury, Chengyu Song, Ananthram Swami, Sudipta Paul, and Shasha Li

Subjects

021110 strategic, defence & security studies, business.industry, Machine vision, Computer science, 0211 other engineering and technologies, Perturbation (astronomy), Context (language use), 02 engineering and technology, Pascal (programming language), Object (computer science), Object detection, Set (abstract data type), Adversarial system, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Artificial intelligence, business, computer, computer.programming_language

Abstract

There has been a recent surge in research on adversarial perturbations that defeat Deep Neural Networks (DNNs) in machine vision; most of these perturbation-based attacks target object classifiers. Inspired by the observation that humans are able to recognize objects that appear out of place in a scene or along with other unlikely objects, we augment the DNN with a system that learns context consistency rules during training and checks for the violations of the same during testing. Our approach builds a set of auto-encoders, one for each object class, appropriately trained so as to output a discrepancy between the input and output if an added adversarial perturbation violates context consistency rules. Experiments on PASCAL VOC and MS COCO show that our method effectively detects various adversarial attacks and achieves high ROC-AUC (over 0.95 in most cases); this corresponds to over 20% improvement over a state-of-the-art context-agnostic method.

Published

2020

9. SymTCP: Eluding Stateful Deep Packet Inspection with Automated Discrepancy Discovery

Author

Tracy D. Braun, Shitong Zhu, Srikanth V. Krishnamurthy, Yue Cao, Zhongjie Wang, Chengyu Song, Kevin S. Chan, and Zhiyun Qian

Subjects

Stateful firewall, business.industry, Computer science, Deep packet inspection, business, Computer network

Published

2020

10. Characterization of Interference in OFDMA Small-Cell Networks

Author

Mustafa Y. Arslan, Suman Banerjee, Karthikeyan Sundaresan, Jongwon Yoon, and Srikanth V. Krishnamurthy

Subjects

Computer Networks and Communications, Computer science, business.industry, Orthogonal frequency-division multiple access, Air interface, Testbed, Aerospace Engineering, 020206 networking & telecommunications, 02 engineering and technology, Automotive Engineering, Synchronization (computer science), 0202 electrical engineering, electronic engineering, information engineering, Cellular network, Femtocell, 020201 artificial intelligence & image processing, Small cell, Electrical and Electronic Engineering, business, Computer network

Abstract

The increase in mobile Internet access is pushing mobile network operators toward deploying smaller cells ( femtocells ) and sophisticated air interface technologies, Orthogonal Frequency Division Multiple Access (OFDMA). The expected high density of deployment and uncoordinated operations of femtocells, however, make interference management both critical and extremely challenging. A significant challenge stems from the fact that femtocells have to use the same synchronous access technology as traditional macrocells. Given this, understanding the impact of the multitude of design choices (originally tailored to well-planned macrocellular networks) on interference management forms an essential first step toward designing efficient solutions for next-generation femtocell networks. This in turn is the focus of our paper. With the help of extensive measurements from our femtocell testbed, we characterize the impact of various system design choices on interference in OFDMA femtocell deployments. The design choices that we examine are categorized across three broad dimensions: 1) resource isolation at the logical (MAC) level across femtocells, 2) resource mapping through sub-channelization at the physical (PHY) level within each femtocell, and 3) synchronization (or lack thereof) between interfering cells. Based on the insights from our measurement study, we discuss several implications on the choice of system design features for multicell operations. We also provide guidelines for the design of efficient interference management solutions for femtocell networks.

Published

2018

11. Off-Path TCP Exploits of the Challenge ACK Global Rate Limit

Author

Tuan Dao, Lisa M. Marvel, Zhiyun Qian, Yue Cao, Srikanth V. Krishnamurthy, and Zhongjie Wang

Subjects

Rate limiting, Exploit, Computer Networks and Communications, business.industry, Computer science, 020206 networking & telecommunications, Linux kernel, 02 engineering and technology, Computer Science Applications, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, The Internet, Electrical and Electronic Engineering, business, Software, Computer network

Abstract

In this paper, we report a subtle yet serious side channel vulnerability (CVE-2016-5696) introduced in a recent transmission control protocol (TCP) specification. The specification is faithfully implemented in Linux kernel version 3.6 (from 2012) and beyond, and affects a wide range of devices and hosts. In a nutshell, the vulnerability allows a blind off-path attacker to infer if any two arbitrary hosts on the Internet are communicating using a TCP connection. Further, if the connection is present, such an off-path attacker can also infer the TCP sequence numbers in use, from both sides of the connection; this in turn allows the attacker to cause connection termination and perform data injection attacks. We illustrate how the attack can be leveraged to disrupt or degrade the privacy guarantees of an anonymity network such as Tor, and perform web connection hijacking. Through extensive experiments, we show that the attack is fast and reliable. On average, it takes about 40 to 60 s to finish and the success rate is 88% to 97%. Finally, we propose changes to both the TCP specification and implementation to eliminate the root cause of the problem.

Published

2018

12. Deceiving Network Reconnaissance Using SDN-Based Virtual Topologies

Author

Stefan Achleitner, Srikanth V. Krishnamurthy, Ritu Chadha, Thomas F. La Porta, Patrick McDaniel, and Shridatt Sugrim

Subjects

021110 strategic, defence & security studies, Computer Networks and Communications, Process (engineering), Computer science, business.industry, media_common.quotation_subject, 0211 other engineering and technologies, 020206 networking & telecommunications, 02 engineering and technology, Limiting, Deception, Computer security, computer.software_genre, Network topology, Adversarial system, Server, 0202 electrical engineering, electronic engineering, information engineering, Malware, Electrical and Electronic Engineering, Software-defined networking, business, computer, Computer network, media_common

Abstract

Advanced targeted cyber attacks often rely on reconnaissance missions to gather information about potential targets, their characteristics and location to identify vulnerabilities in a networked environment. Advanced network scanning techniques are often used for this purpose and are automatically executed by malware infected hosts. In this paper, we formally define network deception to defend reconnaissance and develop a reconnaissance deception system, which is based on software defined networking, to achieve deception by simulating virtual topologies. Our system thwarts network reconnaissance by delaying the scanning techniques of adversaries and invalidating their collected information, while limiting the performance impact on benign network traffic. By simulating the topological as well as physical characteristics of networks, we introduce a system which deceives malicious network discovery and reconnaissance techniques with virtual information, while limiting the information an attacker is able to harvest from the true underlying system. This approach shows a novel defense technique against adversarial reconnaissance missions which are required for targeted cyber attacks such as advanced persistent threats in highly connected environments. The defense steps of our system aim to invalidate an attackers information, delay the process of finding vulnerable hosts and identify the source of adversarial reconnaissance within a network.

Published

2017

13. On the radio capacity of TDMA and CDMA for broadband wireless packet communications

Author

Krishnamurthy, Srikanth V., Acampora, Anthony S., and Zorzi, Michele

Subjects

Automobile industry -- Equipment and supplies, Broadband transmission, Automobile Industry, Broadband Internet, Business, Electronics, Electronics and electrical industries, Transportation industry

Abstract

Studies of the capacity of cellular systems, stated in terms of the admissible number of remote users, have generally been limited to voice telephony. In this paper, we address the problem of comparing the interference-limited performance of code-division multiple-access (CDMA) and time-division multiple-access (TDMA) systems in a packet-switched environment. The objective is to determine whether the capacity advantages claimed for circuit-switched CDMA still apply in a packet-switched environment, where the natural time diversity of bursty transmission may be a significant factor. Under a set of specific assumptions about the wireless environment (including path loss, shadow fading, multipath delay spread, cochannel interference, power control, and coding), we evaluate the number of users that can be admitted to the system while maintaining some desired quality-of-service (QoS) level. Four different classes of users with different characteristics and requirements are considered. The system capacity is found to significantly depend on the QoS objectives, which might be stated in terms of availability of some specified signal-to-interference level, packet-loss rate, or mean tolerable delay. The main finding is that strict requirements imposed on the radio access level tend to favor CDMA, whereas if some form of packet recovery at the higher layers is allowed (implying a relaxed set of requirements on the radio interface), then a somewhat higher capacity may be achieved by TDMA. Index Terms--Capacity, code-division multiple access (CDMA), packet communications, quality-of-service (QoS), TDMA.

Published

2003

14. Importance of rapid photothermal processing in defect reduction and process integration

Author

Singh, Rajendra, Parihar, Vijay, Chen, Yuanning, Poole, Kevin F., Nimmagadda, Srikanth V., and Vedula, Lakshmi

Subjects

Production control -- Methods, Semiconductor wafers -- Quality management, Semiconductor industry -- Quality management, Quality control -- Methods, Business, Computers, Electronics, Electronics and electrical industries

Abstract

The use of rapid photothermal processing (RPP) enhances thermal processing in terms of reduced time and lower temperature. At the same time, RPP increases the performance and reliability of the processed device. The inherent optimization characteristics of RPP shows its potential in meeting the thermal processing needs of next-generation integrated circuits. Hence, the development of processing tools based on RPP should be established.

Published

1999

15. TIDE: A User-Centric Tool for Identifying Energy Hungry Applications on Smartphones

Author

Srikanth V. Krishnamurthy, Tuan Dao, Indrajeet Singh, Guohong Cao, Harsha V. Madhyastha, and Prasant Mohapatra

Subjects

ComputerSystemsOrganization_COMPUTERSYSTEMIMPLEMENTATION, Computer Networks and Communications, Computer science, Energy management, business.industry, Testbed, 020206 networking & telecommunications, 02 engineering and technology, Energy consumption, Computer security, computer.software_genre, GeneralLiterature_MISCELLANEOUS, Computer Science Applications, World Wide Web, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, Wireless, Electrical and Electronic Engineering, Android (operating system), business, computer, Software, User-centered design

Abstract

Today, many smartphone users are unaware of what applications (apps) they should stop using to prevent their battery from running out quickly. The problem is identifying such apps is hard due to the fact that there exist hundreds of thousands of apps and their impact on the battery is not well understood. We show via extensive measurement studies that the impact of an app on battery consumption depends on both environmental (wireless) factors and usage patterns. Based on this, we argue that there exists a critical need for a tool that allows a user to (a) identify apps that are energy hungry, and (b) understand why an app is consuming energy, on her phone. Towards addressing this need, we present TIDE, a tool to detect high energy apps on any particular smartphone. TIDE's key characteristic is that it accounts for usage-centric information while identifying energy hungry apps from among a multitude of apps that run simultaneously on a user's phone. Our evaluation of TIDE on a testbed of Android-based smartphones, using weeklong smartphone usage traces from 17 real users, shows that TIDE correctly identifies over 94% of energy-hungry apps and has a false positive rate of < 6%.

Published

2017

16. TRINITY: Tailoring Wireless Transmission Strategies to User Profiles in Enterprise Wireless Networks

Author

Xinyu Zhang, Srikanth V. Krishnamurthy, Mohammad A. Khojastepour, Sampath Rangarajan, Karthikeyan Sundaresan, and Shailendra Singh

Subjects

3G MIMO, Beamforming, Computer Networks and Communications, business.industry, Computer science, Wireless network, Quality of service, MIMO, Testbed, 020206 networking & telecommunications, 02 engineering and technology, Multi-user MIMO, Multiplexing, Computer Science Applications, Spatial multiplexing, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Quality of experience, Mobile telephony, Electrical and Electronic Engineering, business, Software, Computer network, Communication channel

Abstract

The proliferation of smartphones and tablet devices is changing the landscape of user connectivity and data access from predominantly static users to a mix of static and mobile users. While significant advances have been made in wireless transmission strategies (e.g., beamforming and network MIMO) to meet the increased demand for capacity, such strategies primarily cater to static users. To cope with growing heterogeneity in data access, it is critical to identify and optimize strategies that can cater to users of various profiles to maximize system performance and more importantly, improve users’ quality of experience. Toward this goal, we first show that users can be profiled into three distinct categories based on their data access (mobility) and channel coherence characteristics. Then, with real-world experiments, we show that the strategy that best serves users in these categories varies distinctly from one profile to another and belongs to the class of strategies that emphasize either multiplexing (e.g., network MIMO), diversity (e.g., distributed antenna systems) or reuse (e.g., conventional CSMA). Two key challenges remain in translating these inferences to a practical system, namely: 1) how to profile users and 2) how to combine strategies to communicate with users of different profiles simultaneously. In addressing these challenges, we present the design of TRINITY —a practical system that effectively caters to a heterogeneous set of users. We implement and evaluate a prototype of TRINITY on our WARP radio testbed. Our extensive experiments show that TRINITY’s intelligent combining of transmission strategies improves the total network rate by 50%–150%, satisfies the QoS requirements of thrice as many users, and improves PSNR for video traffic by 10 dB compared with individual transmission strategies.

Published

2017

17. DSP-Inspired Deep Learning: A Case Study Using Ramanujan Subspaces

Author

P.P. Vaidyanathan and Srikanth V. Tenneti

Subjects

Computer science, business.industry, Deep learning, 020206 networking & telecommunications, 02 engineering and technology, 01 natural sciences, Linear subspace, Graph, Ramanujan's sum, symbols.namesake, 0103 physical sciences, 0202 electrical engineering, electronic engineering, information engineering, symbols, Graph (abstract data type), Artificial intelligence, 010306 general physics, business, Digital signal processing

Abstract

Can Deep Learning be used to augment DSP techniques? Algorithms in DSP are typically developed starting from a mathematical model of an application. In some cases however, simplicity of the model can result in deterioration of performance when there is a severe modeling mis-match. This paper explores the idea of implementing a DSP technique as a computational graph, so that hundreds of parameters can jointly be trained to adapt to any given dataset. Using the specific example of period estimation by Ramanujan Subspaces, significant improvement in estimation accuracies under high noise and very short datalengths is demonstrated.1

Published

2019

18. Employing attack graphs for intrusion detection

Author

Frank Capobianco, Paul Yu, Zhiyun Qian, Kaiming Huang, Rahul George, Srikanth V. Krishnamurthy, Mathias Payer, and Trent Jaeger

Subjects

Exploit, Computer science, business.industry, intrusion detection, 05 social sciences, 020207 software engineering, 02 engineering and technology, Intrusion detection system, Attack surface, Modular design, Adversary, Computer security, computer.software_genre, attack surface, Component (UML), 0202 electrical engineering, electronic engineering, information engineering, Leverage (statistics), 0501 psychology and cognitive sciences, business, Host (network), computer, 050107 human factors, attack graphs

Abstract

Intrusion detection systems are a commonly deployed defense that examines network traffic, host operations, or both to detect attacks. However, more attacks bypass IDS defenses each year, and with the sophistication of attacks increasing as well, we must examine new perspectives for intrusion detection. Current intrusion detection systems focus on known attacks and/or vulnerabilities, limiting their ability to identify new attacks, and lack the visibility into all system components necessary to confirm attacks accurately, particularly programs. To change the landscape of intrusion detection, we propose that future IDSs track how attacks evolve across system layers by adapting the concept of attack graphs. Attack graphs were proposed to study how multi-stage attacks could be launched by exploiting known vulnerabilities. Instead of constructing attacks reactively, we propose to apply attack graphs proactively to detect sequences of events that fulfill the requirements for vulnerability exploitation. Using this insight, we examine how to generate modular attack graphs automatically that relate adversary accessibility for each component, called its attack surface, to flaws that provide adversaries with permissions that create threats, called attack states, and exploit operations from those threats, called attack actions. We evaluate the proposed approach by applying it to two case studies: (1) attacks on file retrieval, such as TOCTTOU attacks, and (2) attacks propagated among processes, such as attacks on Shell-shock vulnerabilities. In these case studies, we demonstrate how to leverage existing tools to compute attack graphs automatically and assess the effectiveness of these tools for building complete attack graphs. While we identify some research areas, we also find several reasons why attack graphs can provide a valuable foundation for improving future intrusion detection systems.

Published

2019

19. PAPP

Author

Nael Abu-Ghazaleh, Zhiyun Qian, Daimeng Wang, and Srikanth V. Krishnamurthy

Subjects

Hardware_MEMORYSTRUCTURES, business.industry, CPU cache, Computer science, 0102 computer and information sciences, 02 engineering and technology, 01 natural sciences, Prime (order theory), 010201 computation theory & mathematics, Embedded system, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Cache, Side channel attack, business, Vulnerability (computing)

Abstract

CPU memory prefetchers can substantially interfere with prime and probe cache side-channel attacks, especially on in-order CPUs which use aggressive prefetching. This interference is not accounted for in previous attacks. In this paper, we propose PAPP, a Prefetcher-Aware Prime Probe attack that can operate even in the presence of aggressive prefetchers. Specifically, we reverse engineer the prefetcher and replacement policy on several CPUs and use these insights to design a prime and probe attack that minimizes the impact of the prefetcher. We evaluate PAPP using Cache Side-channel Vulnerability (CSV) metric and demonstrate the substantial improvements in the quality of the channel under different conditions.

Published

2019

20. Edge-Assisted Detection and Summarization of Key Global Events from Distributed Crowd-Sensed Data

Author

Tarek Abdelzaher, Ajaya Neupane, Evangelos E. Papalexakis, Lance M. Kaplan, Srikanth V. Krishnamurthy, and Abdulrahman Fahim

Subjects

Distributed database, Computer science, business.industry, Microblogging, Cloud computing, 02 engineering and technology, Automatic summarization, Metadata, 020204 information systems, Server, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Social media, business, Precision and recall, Raw data, Computer network

Abstract

This paper introduces a novel service for distributed detection and summarization of crowd-sensed events. The work is motivated by the proliferation of microblogging media, such as Twitter, that can be used to detect and describe events in the physical world, such as protests, disasters, or civil unrest. Since crowd-sensed data is likely to be distributed, we consider an architecture, where the data first accumulates across a plurality of edge servers (e.g. cloudlets or repositories) and is then summarized, rather than being shipped directly to its ultimate destination (e.g., in a remote cloud). The architecture allows graceful handling of overload and bandwidth limitations (e.g., in scenarios where capacity is impaired, as the case might be after a disaster). When bandwidth is scarce, our service, BigEye, only transfers very limited metadata from the distributed edge repositories to the central summarizer and yet supports highly accurate detection and concise summarization of key events of global interest. These summaries can then be sent to consumers (e.g., rescue personnel). Our emulations show that BigEye achieves the same precision and recall values in detecting key events as a system where all data is available centrally, while consuming only 1% of the bandwidth needed to transmit all raw data.

Published

2019

21. Role of rapid photothermal processing in process integration

Author

Singh, R., Nimmagadda, Srikanth V., Parihar, Vijay, Chen, Yuanning, and Poole, Kelvin F.

Subjects

Manufacturing processes -- Methods, Integrated circuits -- Design and construction, Business, Electronics, Electronics and electrical industries

Abstract

Research was conducted to study the role of rapid thermal processing (RTP) in process integration. The increasing scales of integration and smaller dimension devices provide a constant demand for the reduction of the macroscopic and microscopic defects in the manufacture of silicon integrated circuits. Results demonstrate that rapid thermal processing (RTP) can provide materials with better performance than other thermal processes.

Published

1998

22. IotSan

Author

Zhiyun Qian, Patrick McDaniel, Edward Colbert, Srikanth V. Krishnamurthy, Chengyu Song, and Dang Tu Nguyen

Subjects

FOS: Computer and information sciences, Model checking, Computer Science - Cryptography and Security, Computer science, business.industry, Vulnerability, 020206 networking & telecommunications, 02 engineering and technology, Computer security, computer.software_genre, 020204 information systems, Component (UML), 0202 electrical engineering, electronic engineering, information engineering, State (computer science), Internet of Things, business, Cryptography and Security (cs.CR), computer, Block (data storage)

Abstract

Today's IoT systems include event-driven smart applications (apps) that interact with sensors and actuators. A problem specific to IoT systems is that buggy apps, unforeseen bad app interactions, or device/communication failures, can cause unsafe and dangerous physical states. Detecting flaws that lead to such states, requires a holistic view of installed apps, component devices, their configurations, and more importantly, how they interact. In this paper, we design IoTSan, a novel practical system that uses model checking as a building block to reveal "interaction-level" flaws by identifying events that can lead the system to unsafe states. In building IoTSan, we design novel techniques tailored to IoT systems, to alleviate the state explosion associated with model checking. IoTSan also automatically translates IoT apps into a format amenable to model checking. Finally, to understand the root cause of a detected vulnerability, we design an attribution mechanism to identify problematic and potentially malicious apps. We evaluate IoTSan on the Samsung SmartThings platform. From 76 manually configured systems, IoTSan detects 147 vulnerabilities. We also evaluate IoTSan with malicious SmartThings apps from a previous effort. IoTSan detects the potential safety violations and also effectively attributes these apps as malicious., Comment: Proc. of the 14th ACM CoNEXT, 2018

Published

2018

23. On the Detection of Adaptive Side-Channel Attackers in Cloud Environments

Author

Derya Cansever, Karim Khalil, Hisham A. Alhulayyil, Srikanth V. Krishnamurthy, Thomas F. La Porta, and Ananthram Swami

Subjects

021110 strategic, defence & security studies, Computer science, business.industry, 0211 other engineering and technologies, Cloud computing, 0102 computer and information sciences, 02 engineering and technology, Service provider, Computer security, computer.software_genre, 01 natural sciences, Measure (mathematics), 010201 computation theory & mathematics, Information leakage, Side channel attack, business, computer

Abstract

Malicious coresidency is a precursor to side-channel attacks that target information leakage. In this paper, we seek to understand the interactions between a defender (the cloud service provider) who tries to detect malicious coresidency by an attacker, who in turn attempts to co-reside its VM with a victim VM on the same physical machine by exploiting the VM allocation policy employed by the cloud service provider while at the same time, trying to evade detection. The problem is modeled as a two-player game. Specifically, the attacker chooses how long to keep its VM operational before terminating and relaunching it to increase its odds of success. On the other hand, the defender attempts to detect and penalize malicious VMs based on their activity in a given time window. The defender estimates a maliciousness measure for all active VMs which then modulates the likelihood of a specific VM being migrated to a different physical machine. We study the equilibrium strategies for both players for different ranges of environment parameters and show the non-existence of equilibrium with pure strategies. Subsequently, we characterize the equilibrium of the game with mixed strategies.

Published

2018

24. A Policy-Aware Enforcement Logic for Appropriately Invoking Network Coding

Author

Shailendra Singh, Thomas F. La Porta, Srikanth V. Krishnamurthy, Ahmed Osama Fathy Atya, Dimitris Syrivelis, and Ioannis Broustis

Subjects

Computer Networks and Communications, Computer science, Distributed computing, Network delay, 050801 communication & media studies, Throughput, 02 engineering and technology, Network topology, Network simulation, 0508 media and communications, 0202 electrical engineering, electronic engineering, information engineering, Wireless, Network performance, Electrical and Electronic Engineering, Network architecture, Wireless network, business.industry, 05 social sciences, Testbed, 020206 networking & telecommunications, Wireless WAN, Network traffic control, Computer Science Applications, Intelligent computer network, Linear network coding, Maximum throughput scheduling, business, Software, Network management station, Heterogeneous network, Computer network

Abstract

Network coding has been shown to offer significant throughput benefits over certain wireless network topologies. However, the application of network coding may not always improve the network performance. In this paper, we first provide an analytical study, which helps in assessing when network coding is preferable to a traditional store-and-forward approach. Interestingly, our study reveals that in many topological scenarios, network coding can in fact hurt the throughput performance; in such scenarios, applying the store-and-forward approach leads to higher network throughput. We validate our analytical findings via extensive testbed experiments. Guided by our findings as our primary contribution, we design and implement PACE, a Policy-Aware Coding Enforcement logic that enables network coding only when it is expected to offer performance benefits. Specifically, PACE leverages a minimal set of periodic link quality measurements in order to make per-flow online decisions with regards to when network coding should be activated, and when store-and-forward is preferable. It can be easily embedded into network-coding-aware routers as a user-level or kernel-level software utility. We evaluate the efficacy of PACE via: 1) ns-3 simulations, and 2) experiments on a wireless testbed. We observe that our scheme wisely activates network coding only when appropriate, thereby improving the total network throughput by as much as 350% in some scenarios.

Published

2016

25. Jammer localization in wireless networks: An experimentation-driven approach

Author

Konstantinos Pelechrinis, Iordanis Koutsopoulos, Ioannis Broustis, and Srikanth V. Krishnamurthy

Subjects

020203 distributed computing, Computer Networks and Communications, business.industry, Computer science, Network packet, Wireless network, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Testbed, Real-time computing, ComputerApplications_COMPUTERSINOTHERSYSTEMS, 020206 networking & telecommunications, Jamming, 02 engineering and technology, Network topology, 0202 electrical engineering, electronic engineering, information engineering, Key (cryptography), Wireless, business, Computer network

Abstract

Jamming attacks have become prevalent during the last few years facilitated by the open access to the shared wireless medium as well as the increased motivation and easiness to create damage as a result of sophistication of wireless devices, both legitimate and jamming ones. Among the challenges that a wireless network faces while trying to confront the jammer, jammer localization is of utmost importance. This entails estimating the physical location of the jammer. Successful jammer localization can trigger a series of corrective measures to ensure sustainable network operation. However, locating the jammer is a difficult problem. Our primary goal in this paper is to design a simple, lightweight and generic approach for localizing a jamming device through a set of measurable parameters. The key observation guiding our design, is that the Packet Delivery Ratio (PDR) that can be readily measured locally by a device decreases as a receiver moves closer to the jammer. Further, we draw on the gradient-descent principle from optimization theory, and we adapt it to operate on the discrete plane of the network topology so that the jamming device location can be estimated. The very nature of the gradient-descent algorithm allows the distributed execution of our localization scheme. In this paper, we compute and experimentally validate the impact of jammer on the PDR of a link and we show that this impact decreases as the link moves away from the jammer. We further design a distributed, lightweight jammer localization system, which does not require any modifications to the driver/firmware of commercial NICs, while we implement a prototype system to evaluate our scheme on our 802.11 indoor testbed. Finally, we evaluate the performance of our system via extensive simulations in larger scale settings. Its performance in terms of average location estimation error in combination with its simplicity and distributed operations hold great promise.

Published

2016

26. FluidNet: A Flexible Cloud-Based Radio Access Network for Small Cells

Author

Mustafa Y. Arslan, Sampath Rangarajan, Shailendra Singh, Karthikeyan Sundaresan, and Srikanth V. Krishnamurthy

Subjects

Radio access network, Computer Networks and Communications, Computer science, business.industry, Testbed, 020206 networking & telecommunications, Cloud computing, 02 engineering and technology, WiMAX, Multiplexing, Remote radio head, Computer Science Applications, 020210 optoelectronics & photonics, Transmission (telecommunications), Scalability, Baseband, 0202 electrical engineering, electronic engineering, information engineering, Electrical and Electronic Engineering, business, Software, Computer network

Abstract

Cloud-based radio access networks (C-RAN) have been proposed as a cost-efficient way of deploying small cells. Unlike conventional RANs, a C-RAN decouples the baseband processing unit (BBU) from the remote radio head (RRH), allowing for centralized operation of BBUs and scalable deployment of light-weight RRHs as small cells. In this work, we argue that the intelligent configuration of the front-haul network between the BBUs and RRHs, is essential in delivering the performance and energy benefits to the RAN and the BBU pool, respectively. We then propose FluidNet - a scalable, light-weight framework for realizing the full potential of C-RAN. FluidNet deploys a logically re-configurable front-haul to apply appropriate transmission strategies in different parts of the network and hence cater effectively to both heterogeneous user profiles and dynamic traffic load patterns. FluidNet's algorithms determine configurations that maximize the traffic demand satisfied on the RAN, while simultaneously optimizing the compute resource usage in the BBU pool. We prototype FluidNet on a 6 BBU, 6 RRH WiMAX C-RAN testbed. Prototype evaluations and large-scale simulations reveal that FluidNet's ability to re-configure its front-haul and tailor transmission strategies provides a 50% improvement in satisfying traffic demands, while reducing the compute resource usage in the BBU pool by 50% compared to baseline transmission schemes.

Published

2016

27. iBUS: An Integrated Beamformer and Uplink Scheduler for OFDMA Small Cells

Author

Karthikeyan Sundaresan, Mustafa Y. Arslan, Srikanth V. Krishnamurthy, and Sampath Rangarajan

Subjects

Beamforming, Schedule, Computer Networks and Communications, Computer science, Real-time computing, 050801 communication & media studies, Throughput, Data_CODINGANDINFORMATIONTHEORY, 02 engineering and technology, Scheduling (computing), 0508 media and communications, Telecommunications link, 0202 electrical engineering, electronic engineering, information engineering, Wireless, Electrical and Electronic Engineering, Omnidirectional antenna, WSDMA, Signal processing, business.industry, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, 05 social sciences, 020206 networking & telecommunications, WiMAX, Computer Science Applications, Computer engineering, business, Software

Abstract

Beamforming is a signal processing technique with numerous benefits in wireless communication. Unlike traditional omnidirectional communication, it focuses the energy of the transmitted and/or the received signal in a particular direction. Although beamforming has been extensively studied on conventional systems such as WiFi, little is known about its practical impact on performance in orthogonal frequency-domain multiple access (OFDMA) small-cell deployments. Since OFDMA schedules multiple clients (users) in the same frame in contrast to WiFi, designing intelligent scheduling mechanisms and at the same time leveraging beamforming is a challenging task. Unlike downlink, we show that the integration of beamforming with uplink scheduling projects an interesting tradeoff between beamforming gain on the one hand, and the power-pooling gain resulting from joint multiuser scheduling on the other hand. This, in turn, makes the uplink scheduling problem even hard to approximate. To address this, we propose algorithms that are simple to implement, yet provably efficient with a worst-case guarantee of 1/2. We implement our algorithms on a real WiMAX small-cell platform integrated with an eight-element phased-array beamforming antenna. Evaluations from both prototype implementation and trace-driven simulations show that the algorithms deliver throughput gains of over 40% compared to an omnidirectional scheme.

Published

2016

28. Exploiting Subcarrier Agility to Alleviate Active Jamming Attacks in Wireless Networks

Author

Srikanth V. Krishnamurthy, Ahmed Osama Fathy Atya, Karthikeyan Sundaresan, Shailendra Singh, Ioannis Broustis, and Azeem Aqil

Subjects

Near-far problem, Computer Networks and Communications, Wireless network, business.industry, Computer science, Orthogonal frequency-division multiplexing, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Transmitter, Jamming, Data_CODINGANDINFORMATIONTHEORY, Interference (wave propagation), Subcarrier, Transmission (telecommunications), Wireless, Fading, Electrical and Electronic Engineering, Wideband, business, Software, Computer network

Abstract

Malicious interference injection or jamming is one of the simplest ways to disrupt wireless communications. Prior approaches can alleviate jamming interference to a limited extent; they are especially vulnerable to a reactive jammer i.e., a jammer that injects noise upon sensing a legitimate transmission or wideband jamming. In this paper, we leverage the inherent features of OFDM (Orthogonal Frequency Division Multiplexing) to cope with such attacks. Specifically, via extensive experiments, we observe that the jamming signal experiences differing levels of fading across the composite sub-carriers in its transmission bandwidth. Thus, if the legitimate transmitter were to somehow exploit the relatively unaffected sub-carriers to transmit data to the receiver, it could achieve reasonable throughputs, even in the presence of the active jammer. We design and implement JIMS , a Jamming Interference Mitigation Scheme that exploits the above characteristic by overcoming key practical challenges. Via extensive testbed experiments and simulations we show that JIMS achieves a throughput restoration of up to 75 percent in the presence of an active jammer.

Published

2015

29. Absence Seizure Detection Using Ramanujan Filter Banks

Author

P.P. Vaidyanathan and Srikanth V. Tenneti

Subjects

medicine.diagnostic_test, business.industry, Computer science, Spike-and-wave, 020206 networking & telecommunications, Pattern recognition, 02 engineering and technology, Filter (signal processing), Electroencephalography, Filter bank, medicine.disease, Time–frequency analysis, Ramanujan's sum, symbols.namesake, Absence seizure, 0202 electrical engineering, electronic engineering, information engineering, medicine, symbols, lipids (amino acids, peptides, and proteins), 020201 artificial intelligence & image processing, Artificial intelligence, business, Digital signal processing

Abstract

Absence seizures are a type of generalized seizures characterized by a 3 Hz periodic spike and wave discharge pattern in the Electroencephalogram (EEG). The most common way to diagnose them is by detecting such periodic patterns in a patient’s EEG. Recently, a new method known as Ramanujan Filter Bank (RFB) was proposed for identifying, estimating and localizing periodicities in data. The RFB was shown to offer important advantages over traditional period estimation techniques in DSP. In this work, we demonstrate that the RFB offers very useful diagnostic information when applied to EEG signals from absence-seizure patients.

Published

2018

30. Droid M+

Author

Zhiyun Qian, Azeem Aqil, Ioannis Gasparis, Rajiv Gupta, Edward Colbert, Chengyu Song, and Srikanth V. Krishnamurthy

Subjects

business.industry, Status quo, Computer science, media_common.quotation_subject, 020207 software engineering, 02 engineering and technology, Permission, computer.software_genre, World Wide Web, User experience design, Code refactoring, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, Android (operating system), business, Legacy code, computer, media_common

Abstract

In Android 6.0, Google revamped its long criticized permission model to prompt the user during runtime, and allow her to dynamically revoke granted permissions. Towards steering developers to this new model and improve user experience, Google also provides guidelines on (a) how permission requests should be formulated (b) how to educate users on why a permission is needed and (c) how to provide feedback when a permission is denied. In this paper we perform, to the best of our knowledge, the first measurement study on the adoption of Android's new model on recently updated apps from the official Google Play Store. We find that, unfortunately, (1) most apps have not been migrated to this new model and (2) for those that do support the model, many do not adhere to Google's guidelines. We attribute this unsatisfying status quo to the lack of automated transformation tools that can help developers refactor their code; via an IRB approved study we find that developers felt that there was a non-trivial effort involved in migrating their apps to the new model. Towards solving this problem, we develop Droid M+, a system that helps developers to easily retrofit their legacy code to support the new permission model and adhere to Google's guidelines. We believe that Droid M+ offers a significant step in preserving user privacy and improving user experience.

Published

2018

31. A Framework for MIMO-based Packet Header Obfuscation

Author

Zhiyun Qian, Srikanth V. Krishnamurthy, Yue Cao, Thomas F. La Porta, Lisa M. Marvel, Ahmed Osama Fathy Atya, Prashant Krishnamurthy, and Shailendra Singh

Subjects

Interleaving, business.industry, Network packet, Computer science, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, 05 social sciences, MIMO, 050801 communication & media studies, 020206 networking & telecommunications, Throughput, 02 engineering and technology, Obfuscation (software), 0508 media and communications, PHY, Header, 0202 electrical engineering, electronic engineering, information engineering, Bit error rate, business, Computer network

Abstract

Eavesdroppers can exploit exposed packet headers towards attacks that profile clients and their data flows. In this paper, we propose FOG, a framework for effective header blinding using MIMO, to thwart eavesdroppers. FOG effectively tracks header bits as they traverse physical (PHY) layer sub-systems that perform functions like scrambling and interleaving. It combines multiple blinding signals for more effective and less predictable obfuscation, as compared to using a fixed blinding signal. We implement FOG on the WARP platform and demonstrate via extensive experiments that it yields better obfuscation than prior schemes that deploy full packet blinding. It causes a bit error rate (BER) of > 40 % at an eavesdropper if two blinding streams are sent during header transmissions. Furthermore, FOG incurs a very small throughput hit of ≈ 5 % with one blinding stream (and 9 % with two streams). Full packet blinding incurs much higher throughput hits (25 % with one stream and 50 % with two streams).

Published

2018

32. Arbitrarily Shaped Periods in Multidimensional Discrete Time Periodicity

Author

P.P. Vaidyanathan and Srikanth V. Tenneti

Subjects

Pure mathematics, Plane (geometry), business.industry, Applied Mathematics, Space (mathematics), Signal, Escher, Combinatorics, Parallelepiped, Discrete time and continuous time, visual_art, Signal Processing, visual_art.visual_art_medium, Tile, Electrical and Electronic Engineering, business, computer, Digital signal processing, computer.programming_language, Mathematics

Abstract

Traditionally, most of the analysis of discrete time multidimensional periodicity in DSP is based on defining the period as a parallelepiped. In this work, we study whether this framework can incorporate signals that are repetitions of more general shapes than parallelepipeds. For example, the famous Dutch artist M. C. Escher constructed many interesting shapes such as fishes, birds and animals, which can tile the continuous 2-D plane. Inspired from Escher’s tilings, we construct discrete time signals that are repetitions of various kinds of shapes. We look at periodicity in the following way - a given shape repeating itself along fixed directions to tile the entire space. By transcribing this idea into a mathematical framework, we explore its relationship with the traditional analysis of periodicity based on parallelepipeds. Our main result is that given any such signal with an arbitrarily shaped period, we can always find an equivalent parallelepiped shaped period that has the same number of points as the original period.

Published

2015

33. CWC: A Distributed Computing Infrastructure Using Smartphones

Author

Shailendra Singh, Karthikeyan Sundaresan, Srikanth V. Krishnamurthy, Mustafa Y. Arslan, Harsha V. Madhyastha, and Indrajeet Singh

Subjects

Job shop scheduling, Computer Networks and Communications, business.industry, Computer science, Testbed, Mobile computing, Processor scheduling, computer.software_genre, Scheduling (computing), Idle, ComputerSystemsOrganization_MISCELLANEOUS, Server, Operating system, Wireless, Electrical and Electronic Engineering, Android (operating system), business, computer, Software, Computer network

Abstract

Every night, many smartphones are plugged into a power source for recharging the battery. Given the increasing computing capabilities of smartphones, these idle phones constitute a sizeable computing infrastructure. Therefore, for an enterprise which supplies its employees with smartphones, we argue that a computing infrastructure that leverages idle smartphones being charged overnight is an energy-efficient and cost-effective alternative to running certain tasks on traditional servers. While parallel execution models and schedulers exist for servers, smartphones face a unique set of technical challenges due to the heterogeneity in CPU clock speed, variability in network bandwidth, and lower availability than servers. In this paper, we address many of these challenges to develop CWC—a distributed computing infrastructure using smartphones. We implement and evaluate a prototype of CWC that employs a novel scheduling algorithm to minimize the makespan of a set of computing tasks. Our evaluations using a testbed of $18$ Android phones show that CWC’s scheduler yields a makespan that is 1.6x faster than other simpler approaches.

Published

2015

34. A Distortion-Resistant Routing Framework for Video Traffic in Wireless Multihop Networks

Author

Shailendra Singh, Ramesh Govindan, George Papageorgiou, Thomas F. La Porta, and Srikanth V. Krishnamurthy

Subjects

Static routing, Zone Routing Protocol, Dynamic Source Routing, Computer Networks and Communications, Computer science, Wireless network, Equal-cost multi-path routing, business.industry, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Policy-based routing, Enhanced Interior Gateway Routing Protocol, Testbed, ComputingMethodologies_IMAGEPROCESSINGANDCOMPUTERVISION, Wireless Routing Protocol, Computer Science Applications, Link-state routing protocol, Multipath routing, Wireless, Electrical and Electronic Engineering, business, Software, Computer network

Abstract

Traditional routing metrics designed for wireless networks are application-agnostic. In this paper, we consider a wireless network where the application flows consist of video traffic. From a user perspective, reducing the level of video distortion is critical. We ask the question "Should the routing policies change if the end-to-end video distortion is to be minimized?" Popular link-quality-based routing metrics (such as ETX) do not account for dependence (in terms of congestion) across the links of a path; as a result, they can cause video flows to converge onto a few paths and, thus, cause high video distortion. To account for the evolution of the video frame loss process, we construct an analytical framework to, first, understand and, second, assess the impact of the wireless network on video distortion. The framework allows us to formulate a routing policy for minimizing distortion, based on which we design a protocol for routing video traffic. We find via simulations and testbed experiments that our protocol is efficient in reducing video distortion and minimizing the user experience degradation.

Published

2015

35. Self-Organizing Resource Management Framework in OFDMA Femtocells

Author

Jongwon Yoon, Srikanth V. Krishnamurthy, Mustafa Y. Arslan, Suman Banerjee, and Karthikeyan Sundaresan

Subjects

Computer Networks and Communications, Orthogonal frequency-division multiplexing, Wireless network, Computer science, business.industry, Femto, Orthogonal frequency-division multiple access, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Testbed, Throughput, Spectral efficiency, WiMAX, Femtocell, Resource allocation, Resource management, Electrical and Electronic Engineering, business, Software, Computer network

Abstract

Next generation wireless networks (i.e., WiMAX, LTE) provide higher bandwidth and spectrum efficiency leveraging smaller (femto) cells with orthogonal frequency division multiple access (OFDMA). The uncoordinated, dense deployments of femtocells however, pose several unique challenges relating to interference and resource management in OFDMA femtocell networks. Towards addressing these challenges, we propose RADION, a distributed resource management framework that effectively manages interference across femtocells. RADION’s core building blocks enable femtocells to opportunistically determine the available resources in a completely distributed and efficient manner. Further, RADION’s modular nature paves the way for different resource management solutions to be incorporated in the framework. We implement RADION on a real WiMAX femtocell testbed deployed in a typical indoor setting. Two distributed solutions are enabled through RADION and their performance is studied to highlight their quick self-organization into efficient resource allocations.

Published

2015

36. Jaal

Author

Karim Khalil, Ahmed Osama Fathy Atya, Trent Jaeger, Evangelos E. Papalexakis, Srikanth V. Krishnamurthy, Azeem Aqil, Kadangode K. Ramakrishnan, Ananthram Swami, and Paul Yu

Subjects

Computer science, business.industry, Network packet, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Testbed, 020206 networking & telecommunications, 0102 computer and information sciences, 02 engineering and technology, Intrusion detection system, 01 natural sciences, 010201 computation theory & mathematics, Wide area network, 0202 electrical engineering, electronic engineering, information engineering, Key (cryptography), Overhead (computing), Network performance, Inference engine, business, Computer network

Abstract

We have recently seen an increasing number of attacks that are distributed, and span an entire wide area network (WAN). Today, typically, intrusion detection systems (IDSs) are deployed at enterprise scale and cannot handle attacks that cover a WAN. Moreover, such IDSs are implemented at a single entity that expects to look at all packets to determine an intrusion. Transferring copies of raw packets to centralized engines for analysis in a WAN can significantly impact both network performance and detection accuracy. In this paper, we propose Jaal, a framework for achieving accurate network intrusion detection at scale. The key idea in Jaal is to monitor traffic and construct in-network packet summaries. The summaries are then processed centrally to detect attacks with high accuracy. The main challenges that we address are (a) creating summaries that are concise, but sufficient to draw highly accurate inferences and (b) transforming traditional IDS rules to handle summaries instead of raw packets. We implement Jaal on a large scale SDN testbed. We show that on average Jaal yields a detection accuracy of about 98%, which is the highest reported for ISP scale network intrusion detection. At the same time, the overhead associated with transferring summaries to the central inference engine is only about 35% of what is consumed if raw packets are transferred.

Published

2017

37. Your state is not mine

Author

Yue Cao, Zhiyun Qian, Srikanth V. Krishnamurthy, Zhongjie Wang, and Chengyu Song

Subjects

Engineering, business.industry, media_common.quotation_subject, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Internet privacy, Censorship, 020206 networking & telecommunications, 02 engineering and technology, Computer security, computer.software_genre, Internet censorship, Firewall (construction), Stateful firewall, Measurement study, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, business, computer, media_common

Abstract

Understanding the behaviors of, and evading state-level Internet-scale censorship systems such as the Great Firewall (GFW) of China, has emerged as a research problem of great interest. One line of evasion is the development of techniques that leverage the possibility that the TCP state maintained on the GFW may not represent the state at end-hosts. In this paper we undertake, arguably, the most extensive measurement study on TCP-level GFW evasion techniques, with several vantage points within and outside China, and with clients subscribed to multiple ISPs. We find that the state-of-the art evasion techniques are no longer very effective on the GFW. Our study further reveals that the primary reason that causes these failures is the evolution of GFW over time. In addition, other factors such as the presence of middleboxes on the route from the client to the server also contribute to previously unexpected behaviors. Our measurement study leads us to new understandings of the GFW and new evasion techniques. Evaluations of our new evasion strategies show that our new techniques provide much higher success rates of (compared to prior schemes) ≈ 90% or higher. Our results further validate our new understandings of the GFW's evolved behaviors. We also develop a measurement-driven tool INTANG, that systematically looks for and finds the best strategy that works with a server and network path. Our measurements show that INTANG can yield near perfect evasion rates and is extremely effective in aiding various protocols such as HTTP, DNS over TCP, and Tor in evading the GFW.

Published

2017

38. Accurate and Timely Situation Awareness Retrieval from a Bandwidth Constrained Camera Network

Author

Amit K. Roy-Chowdhury, Tuan Dao, Prasant Mohapatra, Srikanth V. Krishnamurthy, Nasser M. Nasrabadi, and Lance M. Kaplan

Subjects

Situation awareness, Computer science, business.industry, Controller (computing), Real-time computing, Feature extraction, Disaster recovery, 020206 networking & telecommunications, 02 engineering and technology, Metadata, 0202 electrical engineering, electronic engineering, information engineering, Bandwidth (computing), Wireless, 020201 artificial intelligence & image processing, Computer vision, Artificial intelligence, Greedy algorithm, business

Abstract

Wireless cameras can be used to gather situation awareness information (e.g., humans in distress) in disaster recovery scenarios. However, blindly sending raw video streams from such cameras, to an operations center or controller can be prohibitive in terms of bandwidth. Further, these raw streams could contain either redundant or irrelevant information. Thus, we ask "how do we extract accurate situation awareness information from such camera nodes and send it in a timely manner, back to the operations center?" Towards this, we design ACTION, a framework that (a) detects objects of interest (e.g., humans) from the video streams, (b) combines these streams intelligently to eliminate redundancies and (c) transmits only parts of the feeds that are sufficient in achieving a desired detection accuracy to the controller. ACTION uses small amounts of metadata to determine if the objects from different camera feeds are the same. A resource-aware greedy algorithm is used to select a subset of video feeds that are associated with the same object, so as to provide a desired accuracy, for being sent to the operations center. Our evaluations show that ACTION helps reduce the network usage up to threefold, and yet achieves a high detection accuracy of ≈ 90%.

Published

2017

39. Malicious co-residency on the cloud: Attacks and defense

Author

Patrick McDaniel, Lisa M. Marvel, Zhiyun Qian, Thomas F. La Porta, Ahmed Osama Fathy Atya, and Srikanth V. Krishnamurthy

Subjects

021110 strategic, defence & security studies, business.industry, Computer science, 0211 other engineering and technologies, 020206 networking & telecommunications, Cloud computing, 02 engineering and technology, Computer security, computer.software_genre, Information leakage, 0202 electrical engineering, electronic engineering, information engineering, Bandwidth (computing), Side channel attack, business, computer, Countermeasure (computer), Computer network

Abstract

Attacker VMs try to co-reside with victim VMs on the same physical infrastructure as a precursor to launching attacks that target information leakage. VM migration is an effective countermeasure against attempts at malicious co-residency. In this paper, we first undertake an experimental study on Amazon EC2 to obtain an in-depth understanding of the side-channels an attacker can use to ascertain co-residency with a victim. Here, we identify a new set of stealthy side-channel attacks which, we show to be more effective than currently available attacks towards verifying co-residency. Based on the study, we develop a set of guidelines to determine under what conditions victim VM migrations should be triggered given performance costs in terms of bandwidth and downtime, that a user is willing to bear. Via extensive experiments on our private in-house cloud, we show that migrations using our guidelines can limit the fraction of the time that an attacker VM co-resides with a victim VM to about 1 % of the time with bandwidth costs of a few MB and downtimes of a few seconds, per day per VM migrated.

Published

2017

40. Stealth migration: Hiding virtual machines on the network

Author

Patrick McDaniel, T. La Porta, Stefan Achleitner, Alexander Poylisher, Srikanth V. Krishnamurthy, and Constantin Serban

Subjects

business.industry, Computer science, 020206 networking & telecommunications, Denial-of-service attack, Cloud computing, 02 engineering and technology, Internet traffic, Adversary, Load balancing (computing), Computer security, computer.software_genre, Fault management, Virtual machine, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, business, computer, Computer network

Abstract

Live virtual machine (VM) migration is commonly used for enabling dynamic resource or fault management, or for load balancing in datacenters or cloud platforms. A service hosted by a VM may also be migrated to prevent its visibility to an external adversary who may seek to disrupt its operation by launching a DDoS attack against it. We first show that current systems cannot adequately hide a VM migration from an external adversary. The key reason for this is that a migration typically manifests a traffic pattern with distinguishable statistical properties. We introduce two new attacks that can allow an adversary to effectively track a migration in progress, by leveraging observations of these properties. As our primary contribution, we design and implement a stealth migration framework that causes migration traffic to be indistinguishable from regular Internet traffic, with a negligible latency overhead of approximately 0.37 seconds, on average.

Published

2017

41. Developing consensus measures for global programs: lessons from the Global Alliance for Chronic Diseases Hypertension research program

Author

Riddell, MA, Edwards, N, Thompson, SR, Bernabe-Ortiz, A, Praveen, D, Johnson, C, Kengne, AP, Liu, P, McCready, T, Ng, E, Nieuwlaat, R, Ovbiagele, B, Owolabi, M, Peiris, D, Thrift, AG, Tobe, S, Yusoff, K, De Villiers, A, He, F, MacGregor, G, Jan, S, Neal, B, Chow, C, Joshi, R, MacMahon, S, Patel, A, Rodgers, A, Webster, R, Keat, NK, Attaran, A, Mills, E, Muldoon, K, Yaya, S, Featherstone, A, Mukasa, B, Forrest, J, Kalyesubula, R, Kamwesiga, J, Lopez, PC, Tayari, JC, Lopez, P, Casas, JL, McKee, M, Zainal, AO, Yusuf, S, Campbell, N, Kilonzo, K, Marr, M, Yeates, K, Feng, X, Yuan, J, Li, X, Lin, CP, Yan, L, Zhang, J, Wu, Y, Ma, J, Wang, H, Ma, Y, Nowson, C, Moodie, M, Goudge, J, Kabudula, C, Limbani, F, Masilela, N, Myakayaka, N, Gómez-Olivé, FX, Thorogood, M, Arabshahi, S, Evans, R, Mahal, A, Oldenburg, B, Riddell, M, Srikanth, V, Heritier, S, Kalyanram, K, Kartik, K, Suresh, O, Maulik, P, Salam, A, Sudhir, T, Thankappan, K, Thirunavukkarasu, S, Varma, R, Thomas, N, Clifford, G, Prabhakaran, D, Thom, S, Shivashankar, R, Mohan, S, Reddy, KS, Krishnan, A, and MacMahon, S

Subjects

Chronic Disease/therapy, Research program, medicine.medical_specialty, Consensus, purl.org/pe-repo/ocde/ford#3.03.05 [https], Low and middle income countries, Implementation Context, Context (language use), 030204 cardiovascular system & hematology, Global Health, 1117 Public Health and Health Services, 03 medical and health sciences, 0302 clinical medicine, General & Internal Medicine, Global health, Humans, Medicine, 030212 general & internal medicine, Cooperative Behavior, Medical education, Data collection, business.industry, Research, Public health, Health Policy, Health services research, Public Health, Environmental and Occupational Health, Data dictionary, Public relations, Research Personnel, 3. Good health, 1117 Public Health And Health Services, Implementation, Scale (social sciences), Hypertension, Chronic Disease, Consensus Measures, business

Abstract

12 p., Background: The imperative to improve global health has prompted transnational research partnerships to investigate common health issues on a larger scale. The Global Alliance for Chronic Diseases (GACD) is an alliance of national research funding agencies. To enhance research funded by GACD members, this study aimed to standardise data collection methods across the 15 GACD hypertension research teams and evaluate the uptake of these standardised measurements. Furthermore we describe concerns and difficulties associated with the data harmonisation process highlighted and debated during annual meetings of the GACD funded investigators. With these concerns and issues in mind, a working group comprising representatives from the 15 studies iteratively identified and proposed a set of common measures for inclusion in each of the teams’ data collection plans. One year later all teams were asked which consensus measures had been implemented. Results: Important issues were identified during the data harmonisation process relating to data ownership, sharing methodologies and ethical concerns. Measures were assessed across eight domains; demographic; dietary; clinical and anthropometric; medical history; hypertension knowledge; physical activity; behavioural (smoking and alcohol); and biochemical domains. Identifying validated measures relevant across a variety of settings presented some difficulties. The resulting GACD hypertension data dictionary comprises 67 consensus measures. Of the 14 responding teams, only two teams were including more than 50 consensus variables, five teams were including between 25 and 50 consensus variables and four teams were including between 6 and 24 consensus variables, one team did not provide details of the variables collected and two teams did not include any of the consensus variables as the project had already commenced or the measures were not relevant to their study. Conclusions: Deriving consensus measures across diverse research projects and contexts was challenging. The major barrier to their implementation was related to the time taken to develop and present these measures. Inclusion of consensus measures into future funding announcements would facilitate researchers integrating these measures within application protocols. We suggest that adoption of consensus measures developed here, across the field of hypertension, would help advance the science in this area, allowing for more comparable data sets and generalizable inferences.

Published

2017

42. Enhancing WiFi Throughput with PLC Extenders: A Measurement Study

Author

Srikanth V. Krishnamurthy, Karthikeyan Sundaresan, Ahmed Osama Fathy Atya, Jiasi Chen, and Kittipat Apicharttrisorn

Subjects

Ethernet, Router, business.industry, Computer science, 020206 networking & telecommunications, 02 engineering and technology, Poor quality, Saturation throughput, Backhaul (telecommunications), Power-line communication, Measurement study, 020204 information systems, Embedded system, 0202 electrical engineering, electronic engineering, information engineering, Wireless, business, Computer network

Abstract

Today, power line communications (PLC) based WiFi extenders are emerging in the market. By simply plugging an extender to a power outlet, a user can create a second access point which connects to a master AP/router using the power line infrastructure. The underlying belief is that this can enhance the throughput that a user can achieve at certain locations (closer to the extender) and potentially increase wireless capacity. In this paper, we conduct an in-depth measurement study to first see if this belief always holds true, and if it does, the extent to which the end-to-end throughput improves. Our measurement study covers both homes and enterprise settings, as well as single and multi-user (or multi-device) settings. Surprisingly, we find that in 46% of cases in an office environment, using a PLC extender does not result in an increase in throughput, even when a single client accesses the network and is located close to the extender. This is because unlike in the case of an Ethernet backhaul, the PLC backhaul could consist of poor quality links (49% of the time in an office environment). We also find that the further away the extender is from the master router, the more likely this possibility becomes. We find that sharing of the PLC backhaul across devices could also be undesirable in some cases, and certain users should connect directly to the master AP in order to improve total throughput. Our study sheds light on when these effects manifest themselves, and discusses challenges that will need to be overcome if PLC extenders can be effectively used to enhance wireless capacity.

Published

2017

43. Quantifying Model Risk

Author

Srikanth V. Krishnamurthy

Subjects

Econometrics, Business, Model risk

Published

2014

44. Optimal Monitor Placement for Detection of Persistent Threats

Author

Ananthram Swami, Zhiyun Qian, Karim Khalil, Srikanth V. Krishnamurthy, and Paul Yu

Subjects

business.industry, Computer science, Network packet, Stochastic game, Process (computing), 02 engineering and technology, Intrusion detection system, Computer security, computer.software_genre, Telecommunications network, 020204 information systems, Server, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, State (computer science), business, computer, Computer network

Abstract

We study optimal monitor placement for intrusion detection in networks with persistent attackers. The problem is modeled as a stochastic game in which the attacker attempts to control targets by delivering malicious packets while the defender tries to detect such attempts. The state of the game is determined by the target end-systems in the network, each of which can be in either a healthy or a compromised state. Compromised targets are controlled by the attacker and may be used to inject malicious packets into the network to attack healthy targets. In addition, a random re-imaging process is deployed on all targets to regain control of compromised targets. We find the game value and the equilibrium strategies for both players under different assumptions on the knowledge of the state at the defender.

Published

2016

45. Reconfigurable Processor for Energy-Efficient Computational Photography

Author

Nathan Ickes, Srikanth V. Tenneti, Rahul Rithe, Priyanka Raina, Anantha P. Chandrakasan, Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science, Massachusetts Institute of Technology. Microsystems Technology Laboratories, Chandrakasan, Anantha P., Rithe, Rahul, Raina, Priyanka, and Ickes, Nathan J.

Subjects

Computational photography, CMOS, Computer science, business.industry, Embedded system, Low-power electronics, Photography, ComputingMethodologies_IMAGEPROCESSINGANDCOMPUTERVISION, Hardware_INTEGRATEDCIRCUITS, Bilateral filter, Electrical and Electronic Engineering, business, Efficient energy use

Abstract

This paper presents an on-chip implementation of a scalable reconfigurable bilateral filtering processor for computational photography applications such as HDR imaging, low-light enhancement, and glare reduction. Careful pipelining and scheduling has minimized the local storage requirement to tens of kB. The 40-nm CMOS test chip operates from 98 MHz at 0.9 V to 25 MHz at 0.5 V. The test chip processes 13 megapixels/s while consuming 17.8 mW at 98 MHz and 0.9 V, achieving significant energy reduction compared with software implementations on recent mobile processors., Foxconn International Holdings Ltd.

Published

2013

46. A Resource Management System for Interference Mitigation in Enterprise OFDMA Femtocells

Author

Mustafa Y. Arslan, Srikanth V. Krishnamurthy, Suman Banerjee, Karthikeyan Sundaresan, and Jongwon Yoon

Subjects

Computer Networks and Communications, business.industry, Orthogonal frequency-division multiplexing, Computer science, Orthogonal frequency-division multiple access, Air interface, Pooling, Resource Management System, Throughput, Link adaptation, WiMAX, Computer Science Applications, Scheduling (computing), Femtocell, Cellular network, Resource allocation, Electrical and Electronic Engineering, business, Software, Computer network, Efficient energy use

Abstract

To meet the capacity demands from ever-increasing mobile data usage, mobile network operators are moving toward smaller cell structures. These small cells, called femtocells, use sophisticated air interface technologies such as orthogonal frequency division multiple access (OFDMA). While femtocells are expected to provide numerous benefits such as energy efficiency and better throughput, the interference resulting from their dense deployments prevents such benefits from being harnessed in practice. Thus, there is an evident need for a resource management solution to mitigate the interference that occurs between collocated femtocells. In this paper, we design and implement one of the first resource management systems, FERMI, for OFDMA-based femtocell networks. As part of its design, FERMI: 1) provides resource isolation in the frequency domain (as opposed to time) to leverage power pooling across cells to improve capacity; 2) uses measurement-driven triggers to intelligently distinguish clients that require just link adaptation from those that require resource isolation; 3) incorporates mechanisms that enable the joint scheduling of both types of clients in the same frame; and 4) employs efficient, scalable algorithms to determine a fair resource allocation across the entire network with high utilization and low overhead. We implement FERMI on a prototype four-cell WiMAX femtocell testbed and show that it yields significant gains over conventional approaches.

Published

2013

47. ACORN: An Auto-Configuration Framework for 802.11n WLANs

Author

Sateesh Addepalli, Konstantina Papagiannaki, Srikanth V. Krishnamurthy, Shailendra Singh, Konstantinos Pelechrinis, Ioannis Broustis, and Mustafa Y. Arslan

Subjects

Channel allocation schemes, Computer Networks and Communications, business.industry, Computer science, Node (networking), Testbed, MIMO, Throughput, Interference (wave propagation), Computer Science Applications, Wireless lan, Electrical and Electronic Engineering, business, Throughput (business), Software, Communication channel, Computer network

Abstract

The wide channels feature combines two adjacent channels to form a new, wider channel to facilitate high-data-rate transmissions in multiple-input-multiple-output (MIMO)-based IEEE 802.11n networks. Using a wider channel can exacerbate interference effects. Furthermore, contrary to what has been reported by prior studies, we find that wide channels do not always provide benefits in isolation (i.e., one link without interference) and can even degrade performance. We conduct an in-depth, experimental study to understand the implications of wide channels on throughput performance. Based on our measurements, we design an auto-configuration framework called ACORN for enterprise 802.11n WLANs. ACORN integrates the functions of user association and channel allocation since our study reveals that they are tightly coupled when wide channels are used. We show that the channel allocation problem with the constraints of wide channels is NP-complete. Thus, ACORN uses an algorithm that provides a worst-case approximation ratio of O(1/Δ + 1), with Δ being the maximum node degree in the network. We implement ACORN on our 802.11n testbed. Our evaluations show that ACORN: 1) outperforms previous approaches that are agnostic to wide channels constraints; it provides per-AP throughput gains ranging from 1.5 × 6×; and 2) in practice, its channel allocation module achieves an approximation ratio much better than the theoretically predicted O(1/Δ + 1).

Published

2013

48. Resource Allocation for QoS Support in Wireless Mesh Networks

Author

Yong Yang, Srikanth V. Krishnamurthy, J. C. Hou, and Tae-Suk Kim

Subjects

Schedule, Wireless mesh network, Computer science, Wireless network, business.industry, Applied Mathematics, Quality of service, Admission control, Shared mesh, Computer Science Applications, Next-generation network, Resource allocation, Electrical and Electronic Engineering, Radio resource management, business, Communication channel, Computer network

Abstract

Many next generation applications (such as video flows) are likely to have associated minimum data rate requirements in order to ensure satisfactory quality as perceived by end-users. In this paper, we develop a framework to address the problem of maximizing the aggregate utility of traffic flows in a multi-hop wireless network, with constraints imposed both due to self-interference and minimum rate requirements. The parameters that are tuned in order to maximize the utility are (i) transmission powers of individual nodes and (ii) the channels assigned to the different communication links. Our framework is based on using a cross-decomposition technique that takes both inter-flow interference and self-interference into account. The output of our framework is a schedule that dictates what links are to be activated in each slot and the parameters associated with each of those links. If the minimum rate constraint cannot be satisfied for all of the flows, the framework intelligently rejects a sub-set of the flows and recomputes a schedule for the remaining flows. We also design an admission control module that determines if new flows can be admitted without violating the rate requirements of the existing flows in the network. We provide numerical results to demonstrate the efficacy of our framework.

Published

2013

49. Twitsper: Tweeting privately

Author

Michael Butkiewicz, Indrajeet Singh, Harsha V. Madhyastha, Srikanth V. Krishnamurthy, and Sateesh Addepalli

Subjects

Information privacy, Social network, Computer Networks and Communications, business.industry, Computer science, Internet privacy, Control (management), Cryptography, World Wide Web, Server, Communication in small groups, The Internet, Electrical and Electronic Engineering, business, Law

Abstract

Although today's online social networks provide some privacy controls to protect a user's shared content from other users, these controls aren't sufficiently expressive to provide fine-grained protection. Twitsper offers fine-grained control over who sees a Twitter user's messages, enabling private group communication while preserving Twitter's commercial interests.

Published

2013

50. Secret Key Extraction from Wireless Signal Strength in Real Environments

Author

Sriram Nandha Premnath, Srikanth V. Krishnamurthy, Suman Jana, Neal Patwari, Michael R. Clark, Jessica Croft, P. L. Gowda, and Sneha Kumar Kasera

Subjects

Key generation, Computer Networks and Communications, business.industry, Wireless network, Computer science, MIMO, Real-time computing, Cryptography, Adversary, Wireless, Pre-shared key, Randomness tests, Electrical and Electronic Engineering, business, Wireless sensor network, Software, Computer network

Abstract

We evaluate the effectiveness of secret key extraction, for private communication between two wireless devices, from the received signal strength (RSS) variations on the wireless channel between the two devices. We use real world measurements of RSS in a variety of environments and settings. The results from our experiments with 802.11-based laptops show that in certain environments, due to lack of variations in the wireless channel, the extracted bits have very low entropy making these bits unsuitable for a secret key, an adversary can cause predictable key generation in these static environments, and in dynamic scenarios where the two devices are mobile, and/or where there is a significant movement in the environment, high entropy bits are obtained fairly quickly. Building on the strengths of existing secret key extraction approaches, we develop an environment adaptive secret key generation scheme that uses an adaptive lossy quantizer in conjunction with Cascade-based information reconciliation and privacy amplification. Our measurements show that our scheme, in comparison to the existing ones that we evaluate, performs the best in terms of generating high entropy bits at a high bit rate. The secret key bit streams generated by our scheme also pass the randomness tests of the NIST test suite that we conduct. We also build and evaluate the performance of secret key extraction using small, low-power, hand-held devices-Google Nexus One phones-that are equipped 802.11 wireless network cards. Last, we evaluate secret key extraction in a multiple input multiple output (MIMO)-like sensor network testbed that we create using multiple TelosB sensor nodes. We find that our MIMO-like sensor environment produces prohibitively high bit mismatch, which we address using an iterative distillation stage that we add to the key extraction process. Ultimately, we show that the secret key generation rate is increased when multiple sensors are involved in the key extraction process.

Published

2013