Search

Your search keyword '"Sadre, Ramin"' showing total 308 results
Start Over Author "Sadre, Ramin"

Refine your results

more »

more »

more »

more »
308 results on '"Sadre, Ramin"'

55. Chaos Duck: Towards Automatic IoT Software Fault-Tolerance Analysis

Author

Zavalyshyn, Igor, Given-Wilson, Thomas, Legay, Axel, Sadre, Ramin, Riviere, Etienne, and UCL - SST/ICTM/INGI - Pôle en ingénierie informatique

Abstract

Internet of Things (IoT) device software frequently handles sensitive data. This software has to be resistant to faults to prevent leakage and ensure data privacy and security. Source code hardening is a common way to make software fault- tolerant. However, the effectiveness and performance impact of a chosen hardening technique are not always obvious. Moreover, it becomes increasingly difficult to predict potential attack vectors and implement proper countermeasures. To assist in this task, we developed Chaos Duck, an automatic tool for IoT software fault-tolerance analysis. Chaos Duck emulates various fault types and provides statistics on their impact on software security and stability. We present a case study in which we use Chaos Duck to compare five software hardening techniques applied to the PRESENT block cipher implementation. We show that some simple hardening techniques may improve fault-tolerance, while others can instead reduce overall security and introduce new vulnerabilities. Our contributions are twofold: we offer a software fault-tolerance analysis tool to IoT developers seeking to make their software secure and robust, and we shed light on the efficiency of various hardening techniques.

Published
2021

56. PyDPLib: Python Differential Privacy Library for Private Medical Data Analytics

Author

UCL - SST/ICTM/INGI - Pôle en ingénierie informatique, Imtiaz, Sana, Matthies, Philipp, Pinto, Francisco, Maros, Máté, Wenz, Holger, Sadre, Ramin, Vlassov, Vladimir, UCL - SST/ICTM/INGI - Pôle en ingénierie informatique, Imtiaz, Sana, Matthies, Philipp, Pinto, Francisco, Maros, Máté, Wenz, Holger, Sadre, Ramin, and Vlassov, Vladimir

Abstract

Pharmaceutical and medical technology companies accessing real-world medical data are not interested in personally identifiable data but rather in cohort data such as statistical aggregates, patterns, and trends. These companies cooperate with medical institutions that collect medical data and want to share it but they need to protect the privacy of individuals on the shared data. We present PyDPLib, a Python Differential Privacy library for private medical data analytics. We illustrate an application of differential privacy using PyDPLib in our platform for visualizing private statistics on a database of prostate cancer patients. Our experimental results show that PyDPLib allows creating statistical data plots without compromising patients’ privacy while preserving underlying data distributions. Even though PyDPLib has been developed to be used in our platform for reporting the radiological examinations and procedures, it is general enough to be used to provide differential privacy on data in any data analytics and visualization platform, service or application.

Published
2021

57. Privacy preserving behaviour learning for the IoT ecosystem

Author

UCL - SST/ICTM/INGI - Pôle en ingénierie informatique, UCL - Ecole Polytechnique de Louvain, Sadre, Ramin, Vlassov, Vladimir, Pecheur, Charles, Nijssen, Siegfried, Buchegger, Sonja, Guo, Yao, Bhuyan, Monowar, Imtiaz, Sana, UCL - SST/ICTM/INGI - Pôle en ingénierie informatique, UCL - Ecole Polytechnique de Louvain, Sadre, Ramin, Vlassov, Vladimir, Pecheur, Charles, Nijssen, Siegfried, Buchegger, Sonja, Guo, Yao, Bhuyan, Monowar, and Imtiaz, Sana

Abstract

IoT has enabled the creation of a multitude of personal applications and services for a better understanding and improvement of urban environments and our personal lives. These services are driven by the continuous collection and analysis of sensitive and private user data to provide personalised experiences. Among the different application areas of IoT, smart health care, in particular, necessitates the usage of privacy preservation techniques in order to guarantee protection from user privacy-breaching threats such as identification, profiling, localization and tracking, and information linkage. Traditional privacy preservation techniques such as pseudonymization are no longer sufficient to cater to the requirements of privacy preservation in the fast-growing smart health care domain due to the challenges offered by big data volume, velocity, and variety. On the other hand, there is a number of modern privacy preservation techniques with respective overheads that may have a negative impact on application performance such as reduced accuracy, reduced data utility, and increased device resource usage. There is a need to select appropriate privacy preservation techniques (and solutions) according to the nature of data, system performance requirements, and resource constraints, in order to find proper trade-offs between providing privacy preservation, data utility, and acceptable system performance in terms of accuracy, runtime, and resource consumption. In this work, we investigate different privacy preservation solutions and measure the impact of introducing our selected privacy preservation solutions on the performance of different components of the IoT ecosystem in terms of data utility and system performance. We implement, illustrate, and evaluate the results of our proposed approaches using real-world and synthetic privacy-preserving smart health care datasets. First, we provide a detailed taxonomy and analysis of the privacy preservation techniques and solution, (FSA - Sciences de l'ingénieur) -- UCL, 2021

Published
2021

58. Reverse-Engineering the Physical Configuration of Smart Homes

Author

UCL - SST/ICTM/INGI - Pôle en ingénierie informatique, Vivian, Martin, Sadre, Ramin, UCL - SST/ICTM/INGI - Pôle en ingénierie informatique, Vivian, Martin, and Sadre, Ramin

Abstract

A major concern with cyber-security for Smart Homes are attacks against the privacy of their residents. Unfortunately, as has been shown in recent years, traditional cyber-security techniques, such a authentication, firewalls, and encrypted communication, are not sufficient to protect against privacy-invasion attacks. Researchers have shown that an attacker can detect the activities of the occupants by passively monitoring the encrypted wireless network traffic of the smart devices.In this paper, we focus on the question how the smart devices in a Smart Home are physically arranged. More specifically, we want to identify devices that are located in the same room or at least in close proximity. Similar to other works, we will only rely on information obtained through passive network measurements. We present techniques to determine whether a smart lamp and an IP camera are located in the same room. We then extend those techniques to cameras that have an automatic infrared mode switch. Finally, we show how the relative position and orientation of multiple cameras can be estimated.

Published
2021

59. Machine Learning with Reconfigurable Privacy on Resource-Limited Computing Devices

Author

UCL - SST/ICTM/INGI - Pôle en ingénierie informatique, Imtiaz, Sana, Tania, Zannatun N., Nazeer Chaudhry, Hassan, Arsalan, Muhammad, Sadre, Ramin, Vlassov, Vladimir, UCL - SST/ICTM/INGI - Pôle en ingénierie informatique, Imtiaz, Sana, Tania, Zannatun N., Nazeer Chaudhry, Hassan, Arsalan, Muhammad, Sadre, Ramin, and Vlassov, Vladimir

Abstract

Ensuring user privacy while learning from the acquired Internet of Things sensor data, using limited available compute resources on edge devices, is a challenging task. Ideally, it is desirable to make all the features of the collected data private but due to resource limitations, it is not always possible as it may cause overutilization of resources, which in turn affects the performance of the whole system. In this work, we use the generalization techniques for data anonymization and provide customized injective privacy encoder functions to make data features private. Regardless of the resource availability, some data features must be essentially private. All other data features that may pose low privacy threat are termed as nonessential features. We propose Dynamic Iterative Greedy Search (DIGS), a novel approach with corresponding algorithms to select the set of optimal data features to be private for machine learning applications provided device resource constraints. DIGS selects the necessary and the most private version of data for the application, where all essential and a subset of nonessential features are made private on the edge device without resource overutilization. We have implemented DIGS in Python and evaluated it on Raspberry Pi model A (an edge device with limited resources) for an SVM-based classification on real-life health care data. Our evaluation results show that, while providing the required level of privacy, DIGS allows to achieve up to 26.21% memory, 16.67% CPU instructions, and 30.5% of network bandwidth savings as compared to making all the data private. Moreover, our chosen privacy encoding method has a positive impact on the accuracy of the classification model for our chosen application.

Published
2021

60. Machine Learning with Reconfigurable Privacy on Resource-Limited Computing Devices

Author

Imtiaz, Sana, Tania, Zannatun N., Chaudhry, Hassan Nazeer, Arsalan, Muhammad, Sadre, Ramin, Vlassov, Vladimir, Imtiaz, Sana, Tania, Zannatun N., Chaudhry, Hassan Nazeer, Arsalan, Muhammad, Sadre, Ramin, and Vlassov, Vladimir

Abstract

Ensuring user privacy while learning from the acquired Internet of Things sensor data, using limited available compute resources on edge devices, is a challenging task. Ideally, it is desirable to make all the features of the collected data private but due to resource limitations, it is not always possible as it may cause overutilization of resources, which in turn affects the performance of the whole system. In this work, we use the generalization techniques for data anonymization and provide customized injective privacy encoder functions to make data features private. Regardless of the resource availability, some data features must be essentially private. All other data features that may pose low privacy threat are termed as nonessential features. We propose Dynamic Iterative Greedy Search (DIGS), a novel approach with corresponding algorithms to select the set of optimal data features to be private for machine learning applications provided device resource constraints. DIGS selects the necessary and the most private version of data for the application, where all essential and a subset of nonessential features are made private on the edge device without resource overutilization. We have implemented DIGS in Python and evaluated it on Raspberry Pi model A (an edge device with limited resources) for an SVM-based classification on real-life health care data. Our evaluation results show that, while providing the required level of privacy, DIGS allows to achieve up to 26.21% memory, 16.67% CPU instructions, and 30.5% of network bandwidth savings as compared to making all the data private. Moreover, our chosen privacy encoding method has a positive impact on the accuracy of the classification model for our chosen application., QC 20220425Part of proceedings: ISBN 978-1-6654-3574-1Not duplicate with diva-292105

Published
2021
Full Text
View/download PDF

61. Synthetic and Private Smart Health Care Data Generation using GANs

Author

Imtiaz, Sana, Arsalan, Muhammad, Vlassov, Vladimir, Sadre, Ramin, Imtiaz, Sana, Arsalan, Muhammad, Vlassov, Vladimir, and Sadre, Ramin

Abstract

With the rapid advancements in machine learning, the health care paradigm is shifting from treatment towards prevention. The smart health care industry relies on the availability of large-scale health datasets in order to benefit from machine learning-based services. As a consequence, preserving the individuals' privacy becomes vital for sharing sensitive personal information. Synthetic datasets with generative models are considered to be one of the most promising solutions for privacy-preserving data sharing. Among the generative models, generative adversarial networks (GANs) have emerged as the most impressive models for synthetic data generation in recent times. However, smart health care data is attributed with unique challenges such as volume, velocity, and various data types and distributions. We propose a GAN coupled with differential privacy mechanisms for generating a realistic and private smart health care dataset. The proposed approach is not only able to generate realistic synthetic data samples but also the differentially private data samples under different settings: learning from a noisy distribution or noising the learned distribution. We tested and evaluated our proposed approach using a real-world Fitbit dataset. Our results indicate that our proposed approach is able to generate quality synthetic and differentially private dataset that preserves the statistical properties of the original dataset., Part of proceedings: ISBN 978-1-6654-1278-0, QC 20230117

Published
2021
Full Text
View/download PDF

62. Synthetic and Private Smart Health Care Data Generation using GANs

Author

UCL - SST/ICTM/INGI - Pôle en ingénierie informatique, Imtiaz, Sana, Arsalan, Muhammad, Vlassov, Vladimir, Sadre, Ramin, UCL - SST/ICTM/INGI - Pôle en ingénierie informatique, Imtiaz, Sana, Arsalan, Muhammad, Vlassov, Vladimir, and Sadre, Ramin

Abstract

With the rapid advancements in machine learning, the health care paradigm is shifting from treatment towards prevention. The smart health care industry relies on the availability of large-scale health datasets in order to benefit from machine learning-based services. As a consequence, preserving the individuals’ privacy becomes vital for sharing sensitive personal information. Synthetic datasets with generative models are considered to be one of the most promising solutions for privacy-preserving data sharing. Among the generative models, generative adversarial networks (GANs) have emerged as the most impressive models for synthetic data generation in recent times. However, smart health care data is attributed with unique challenges such as volume, velocity, and various data types and distributions. We propose a GAN coupled with differential privacy mechanisms for generating a realistic and private smart health care dataset. The proposed approach is not only able to generate realistic synthetic data samples but also the differentially private data samples under different settings: learning from a noisy distribution or noising the learned distribution. We tested and evaluated our proposed approach using a real-world Fitbit dataset. Our results indicate that our proposed approach is able to generate quality synthetic and differentially private dataset that preserves the statistical properties of the original dataset.

Published
2021

63. Chaos Duck: Towards Automatic IoT Software Fault-Tolerance Analysis

Author

UCL - SST/ICTM/INGI - Pôle en ingénierie informatique, Zavalyshyn, Igor, Given-Wilson, Thomas, Legay, Axel, Sadre, Ramin, Riviere, Etienne, UCL - SST/ICTM/INGI - Pôle en ingénierie informatique, Zavalyshyn, Igor, Given-Wilson, Thomas, Legay, Axel, Sadre, Ramin, and Riviere, Etienne

Abstract

Internet of Things (IoT) device software frequently handles sensitive data. This software has to be resistant to faults to prevent leakage and ensure data privacy and security. Source code hardening is a common way to make software fault- tolerant. However, the effectiveness and performance impact of a chosen hardening technique are not always obvious. Moreover, it becomes increasingly difficult to predict potential attack vectors and implement proper countermeasures. To assist in this task, we developed Chaos Duck, an automatic tool for IoT software fault-tolerance analysis. Chaos Duck emulates various fault types and provides statistics on their impact on software security and stability. We present a case study in which we use Chaos Duck to compare five software hardening techniques applied to the PRESENT block cipher implementation. We show that some simple hardening techniques may improve fault-tolerance, while others can instead reduce overall security and introduce new vulnerabilities. Our contributions are twofold: we offer a software fault-tolerance analysis tool to IoT developers seeking to make their software secure and robust, and we shed light on the efficiency of various hardening techniques.

Published
2021

64. OPENPOSLIB: A library to achieve centimetric geo-spatial positioning on a budget

Author

UCL - SST/ICTM/INGI - Pôle en ingénierie informatique, Metongnon, Lionel, Strebelle, Sébastien, Duchêne, Fabien, Legay, Axel, Sadre, Ramin, UCL - SST/ICTM/INGI - Pôle en ingénierie informatique, Metongnon, Lionel, Strebelle, Sébastien, Duchêne, Fabien, Legay, Axel, and Sadre, Ramin

Abstract

Positioning systems can be found everywhere, from the navigation system of a car to the smart watch that tracks the running performances of its wearer. With the generalization of positioning systems, new use cases have begun to emerge that require or could benefit from increased accuracy. While the technology has been detailed in the literature for several years, the deployment of positioning techniques at the centimeter level has proved challenging. In this paper we propose OpenPosLib, an open source library that aims to fill the gap between all the components needed to achieve a centimetric accuracy and the user-facing application. Our objective is to remove most of the complexity needed to obtain centimetric accuracy from the developer so as to enable end-users to reap the benefits of more applications that leverage centimetric accuracy. Our results show that when coupled with inexpensive hardware, OpenPosLib enables users to get centimetric precision on a budget.

Published
2021

65. Building private-by-design IoT systems

Author

UCL - SST/ICTM/INGI - Pôle en ingénierie informatique, UCL - Ecole Polytechnique de Louvain, Sadre, Ramin, Legay, Axel, Pecheur, Charles, Haddadi, Hamed, Domingos, Henrique, Zavalyshyn, Igor, UCL - SST/ICTM/INGI - Pôle en ingénierie informatique, UCL - Ecole Polytechnique de Louvain, Sadre, Ramin, Legay, Axel, Pecheur, Charles, Haddadi, Hamed, Domingos, Henrique, and Zavalyshyn, Igor

Abstract

With the rapid adoption of Internet of Things (IoT) technologies and a growing amount and variety of sensitive data collected by various IoT systems, the mechanisms commonly used to ensure individual privacy and security are still insufficient. Numerous security breaches and sensitive data leaks have become a commonplace. This is mainly due to the fact that traditional security mechanisms can only restrict access to a given IoT data source, but not what can be done with that data after the access has been granted. In this thesis, we reimagine the concept of IoT systems design which aims to give users full control of sensor data generated by their devices, and to provide mechanisms for users to specify and enforce their privacy and security preferences regarding sensor data collection, processing and sharing. To achieve these goals, we propose several novel systems that collectively span across several domains: local, cloud and mobile. For the local domain, we present HomePad, a privacy-aware smart hub for home environment which allows users to determine how various IoT applications (apps) access and process sensitive data collected by smart devices, and to block those apps that violate the privacy preferences specified by the users. To this end, HomePad introduces two key design concepts: (1) a novel dataflow programming model which makes sensitive data flows within apps explicit, and (2) an element-based app structure which allows to model any smart home app as a directed graph and automatically verify its data flows against user-defined privacy policies using Prolog predicates. For the cloud domain, we propose PatrIoT, a private-by-design IoT platform that extends HomePad's dataflow programming model to the cloud. It leverages Intel SGX to prevent unauthorized access to the sensor data by untrusted cloud providers, and offers homeowners an intuitive security abstraction named flowwall which allows them to specify easy-to-use policies for controlling sensitive sens, (FSA - Sciences de l'ingénieur) -- UCL, 2021

Published
2021

66. PyDPLib : Python Differential Privacy Library for Private Medical Data Analytics

Author

Imtiaz, Sana, Matthies, Philipp, Pinto, Francisco, Maros, Mate, Wenz, Holger, Sadre, Ramin, Vlassov, Vladimir, Imtiaz, Sana, Matthies, Philipp, Pinto, Francisco, Maros, Mate, Wenz, Holger, Sadre, Ramin, and Vlassov, Vladimir

Abstract

Pharmaceutical and medical technology companies accessing real-world medical data are not interested in personally identifiable data but rather in cohort data such as statistical aggregates, patterns, and trends. These companies cooperate with medical institutions that collect medical data and want to share it but they need to protect the privacy of individuals on the shared data. We present PyDPLib, a Python Differential Privacy library for private medical data analytics. We illustrate an application of differential privacy using PyDPLib in our platform for visualizing private statistics on a database of prostate cancer patients. Our experimental results show that PyDPLib allows creating statistical data plots without compromising patients' privacy while preserving underlying data distributions. Even though PyDPLib has been developed to be used in our platform for reporting the radiological examinations and procedures, it is general enough to be used to provide differential privacy on data in any data analytics and visualization platform, service or application., Part of proceeings: ISBN 978-1-6654-1685-6QC 20220603

Published
2021
Full Text
View/download PDF

70. NetSheriff: sheltering software-defined networks from rogue switches

Author

Laffranchini, Paolo, Miranda, Joao, Machado, Nuno, Rodrigues, Luis, Riviere, Etienne, Sadre, Ramin, 8th International Conference, NETYS 2019, and UCL - SST/ICTM/INGI - Pôle en ingénierie informatique

Abstract

We present NetSheriff – a system to automatically isolate faulty switches in Software-Defined Networks. To pinpoint the devices responsible for network misbehaviors, NetSheriff performs a differential analysis between expected paths of packets (obtained from a formal model of the network forwarding specification) and the corresponding observed paths taken by flows (obtained through network monitoring). We have built a prototype of NetSheriff supporting both OpenFlow and P4 Programmable devices and evaluated it on different network topologies, simulating real traffic behavior following recent data center studies. Our results show that NetSheriff is able to accurately identify the switch(es) responsible for different types of errors.

Published
2020

71. Understanding the performance of container execution environments

Author

Everarts de Velp, Guillaume, Riviere, Etienne, Sadre, Ramin, 6th Workshop on Container Technologies and Container Clouds, and UCL - SST/ICTM/INGI - Pôle en ingénierie informatique

Subjects
Computer science, Application server, Distributed computing, Benchmarking, computer.software_genre, virtualization, Task (computing), Container (abstract data type), Leverage (statistics), Cloud computing, containers, Latency (engineering), Visibility, Throughput (business), computer, performance
Abstract

Many application server backends leverage container technologies to support workloads formed of short-lived, but potentially I/O-intensive, operations. The latency at which container-supported operations complete impacts both the users' experience and the throughput that the platform can achieve. This latency is a result of both the bootstrap and execution time of the containers and is impacted greatly by the performance of the I/O subsystem. Configuring appropriately the container environment and technology stack to obtain good performance is not an easy task, due to the variety of options, and poor visibility on their interactions. We present in this paper a benchmarking tool for the multi-parametric study of container bootstrap time and I/O performance, allowing us to understand such interactions within a controlled environment. We report the results obtained by evaluating a large number of environment configurations. Our conclusions highlight differences in support and performance between container runtime environments and I/O subsystems.

Published
2020

72. Brief Announcement: Effectiveness of Code Hardening for Fault-Tolerant IoT Software

Author

UCL - SST/ICTM/INGI - Pôle en ingénierie informatique, Zavalyshyn, Igor, Given-Wilson, Thomas, Legay, Axel, Sadre, Ramin, SSS 2020: Stabilization, Safety, and Security of Distributed Systems, UCL - SST/ICTM/INGI - Pôle en ingénierie informatique, Zavalyshyn, Igor, Given-Wilson, Thomas, Legay, Axel, Sadre, Ramin, and SSS 2020: Stabilization, Safety, and Security of Distributed Systems

Abstract

Internet of Things (IoT) device software has to be resistant to faults to ensure data privacy and security. In this work, we examine five common software hardening techniques and study their impact on software fault-tolerance and security. We experimentally show that some of these techniques may improve fault-tolerance, while the others can reduce overall security. We offer a guideline for IoT developers seeking to make their software robust, and propose a tool for automatic software fault-tolerance evaluation.

Published
2020

73. Network trace generation for flow-based IDS evaluation in control and automation systems

Author

UCL - SST/ICTM/INGI - Pôle en ingénierie informatique, Kabasele Ndonda, Gorby, Sadre, Ramin, UCL - SST/ICTM/INGI - Pôle en ingénierie informatique, Kabasele Ndonda, Gorby, and Sadre, Ramin

Abstract

The increasing number of attacks against Industrial Control Systems (ICS) have demonstrated that there is a need to secure such systems. Unfortunately, directly applying existing ICT security mechanisms is hard due to constraints of ICS, such as availability requirements or resource limitations of the field devices. Thus, the solution preferred by researchers is the use of network-based intrusion detection systems (N-IDS). An issue that many researchers encounter is how to validate and evaluate their N-IDS since it is very difficult to get access to real and large ICS for experimentation. The few public traffic datasets that could be used for off-line experiments are either synthetic, collected at small testbeds or not suited for network experimentations. In this paper, we present a tool to generate network traces based on statistical properties that the tool extracts from empirical traces. We demonstrate its usability by applying it to an empirical trace collected at the Heating, Ventilation and Air Conditioning (HVAC) management system of a university campus and using the generated traces to evaluate several IDS published in the literature. We make the original trace available to other researchers. To our knowledge, we are the first to publish a network dataset collected at a real and operational control and automation system.

Published
2020

74. GateSelect: A novel Internet gateway selection algorithm for client nodes

Author

UCL - SST/ICTM/INGI - Pôle en ingénierie informatique, Batbayar, Khulan, Meseguer, Roc, Sadre, Ramin, Subramaniam, Suresh, 2020 16th International Conference on Network and Service Management (CNSM), UCL - SST/ICTM/INGI - Pôle en ingénierie informatique, Batbayar, Khulan, Meseguer, Roc, Sadre, Ramin, Subramaniam, Suresh, and 2020 16th International Conference on Network and Service Management (CNSM)

Abstract

The Internet gateway selection problem is becoming very important as the number of Internet-connected devices increases and stresses the limited number of Internet gateway nodes. The gateway nodes often experience frequent performance fluctuations, and the best gateway selection candidate changes frequently with growing network dynamics. We propose GateSelect, a customized selection algorithm for each client node that not only provides the best-effort selection candidate but also ensures the global, balanced distribution of the gateway nodes. We utilize over the counter, lightweight calculations to optimize the client-side selection algorithm by combining classification, short term performance prediction, and randomized selection. We compare our algorithm with several baseline algorithms, and the experiment results show that our proposal provides better performance and balanced distribution of gateway nodes.

Published
2020

75. On the Performance of QUIC over Wireless Mesh Networks

Author

UCL - SST/ICTM/INGI - Pôle en ingénierie informatique, Manzoor, Jawad, Cerdà-Alabern, Llorenç, Sadre, Ramin, Drago, Idilio, UCL - SST/ICTM/INGI - Pôle en ingénierie informatique, Manzoor, Jawad, Cerdà-Alabern, Llorenç, Sadre, Ramin, and Drago, Idilio

Abstract

The exponential growth in adoption of mobile phones and the widespread availability of wireless networks has caused a paradigm shift in the way we access the Internet. It has not only eased access to the Internet, but also increased users’ appetite for responsive services. New protocols to speed up Internet applications have naturally emerged. The QUIC transport protocol is one prominent case. Initially developed by Google as an experiment, the protocol has already made phenomenal strides, thanks to its support in Google’s servers and Chrome browser. Since QUIC is still a relatively new protocol, there is a lack of sufficient understanding about its behavior in real network scenarios, particularly in the case of wireless networks. In this paper we present a comprehensive study on the performance of QUIC in Wireless Mesh Networks (WMN). We perform a measurement campaign on a production WMN to compare the performance of QUIC against TCP when retrieving files from the Internet. Our results show that while QUIC outperforms TCP in wired networks, it exhibits significantly lower performance than TCP in the WMN. We investigate the reasons for this behavior and identify the root causes of the performance issues. We find that some design choices of QUIC may penalize the protocol in WiFi, e.g., uncovering sub-optimal interactions of QUIC with MAC layer features, such as frame aggregation. Finally, we implement and evaluate our solution and demonstrate up to 28% increase in throughput of QUIC.

Published
2020

76. GateSelect: A novel Internet gateway selection algorithm for client nodes

Author

Universitat Politècnica de Catalunya. Doctorat Erasmus Mundus en Computació Distribuïda, Universitat Politècnica de Catalunya. Departament d'Arquitectura de Computadors, Universitat Politècnica de Catalunya. CNDS - Xarxes de Computadors i Sistemes Distribuïts, Batbayar, Khulan, Meseguer Pallarès, Roc, Sadre, Ramin, Subramaniam, Suresh, Universitat Politècnica de Catalunya. Doctorat Erasmus Mundus en Computació Distribuïda, Universitat Politècnica de Catalunya. Departament d'Arquitectura de Computadors, Universitat Politècnica de Catalunya. CNDS - Xarxes de Computadors i Sistemes Distribuïts, Batbayar, Khulan, Meseguer Pallarès, Roc, Sadre, Ramin, and Subramaniam, Suresh

Abstract

The Internet gateway selection problem is becoming very important as the number of Internet-connected devices increases and stresses the limited number of Internet gateway nodes. The gateway nodes often experience frequent performance fluctuations, and the best gateway selection candidate changes frequently with growing network dynamics. We propose GateSelect, a customized selection algorithm for each client node that not only provides the best-effort selection candidate but also ensures the global, balanced distribution of the gateway nodes. We utilize over the counter, lightweight calculations to optimize the client-side selection algorithm by combining classification, short term performance prediction, and randomized selection. We compare our algorithm with several baseline algorithms, and the experiment results show that our proposal provides better performance and balanced distribution of gateway nodes., This project has received funding from the European Union’s Horizon 2020 research and Next Generation Internet (NGI) Explorers innovation programme under the Grant Agreement No 825183 and by the EMJD-DC program and by the Spanish Government under contract PID2019-106774RB-C21., Peer Reviewed, Postprint (author's final draft)

Published
2020

77. On the performance of QUIC over wireless mesh networks

Author

Universitat Politècnica de Catalunya. Doctorat Erasmus Mundus en Computació Distribuïda, Universitat Politècnica de Catalunya. Departament d'Arquitectura de Computadors, Universitat Politècnica de Catalunya. CNDS - Xarxes de Computadors i Sistemes Distribuïts, Manzoor, Jawad, Cerdà Alabern, Llorenç, Sadre, Ramin, Drago, Idilio, Universitat Politècnica de Catalunya. Doctorat Erasmus Mundus en Computació Distribuïda, Universitat Politècnica de Catalunya. Departament d'Arquitectura de Computadors, Universitat Politècnica de Catalunya. CNDS - Xarxes de Computadors i Sistemes Distribuïts, Manzoor, Jawad, Cerdà Alabern, Llorenç, Sadre, Ramin, and Drago, Idilio

Abstract

The exponential growth in adoption of mobile phones and the widespread availability of wireless networks has caused a paradigm shift in the way we access the Internet. It has not only eased access to the Internet, but also increased users’ appetite for responsive services. New protocols to speed up Internet applications have naturally emerged. The QUIC transport protocol is one prominent case. Initially developed by Google as an experiment, the protocol has already made phenomenal strides, thanks to its support in Google’s servers and Chrome browser. Since QUIC is still a relatively new protocol, there is a lack of sufficient understanding about its behavior in real network scenarios, particularly in the case of wireless networks. In this paper we present a comprehensive study on the performance of QUIC in Wireless Mesh Networks (WMN). We perform a measurement campaign on a production WMN to compare the performance of QUIC against TCP when retrieving files from the Internet. Our results show that while QUIC outperforms TCP in wired networks, it exhibits significantly lower performance than TCP in the WMN. We investigate the reasons for this behavior and identify the root causes of the performance issues. We find that some design choices of QUIC may penalize the protocol in WiFi, e.g., uncovering sub-optimal interactions of QUIC with MAC layer features, such as frame aggregation. Finally, we implement and evaluate our solution and demonstrate up to 28% increase in throughput of QUIC., This work was supported by the Erasmus Mundus Joint Doctorate in Distributed Computing EMJD-DC program, the Spanish grant TIN2016-77836-C2-2-R, and Generalitat de Catalunya through 2017-SGR-990. This research was conducted as part of the PhD thesis which is available online at upcommons.upc.edu., Peer Reviewed, Postprint (author's final draft)

Published
2020

92. Collaborative informed gateway selection in large-scale and heterogeneous

Author

Batbayar, Khulan, Dimogerontakis, Emmanouil|||0000-0003-0910-3404, Meseguer Pallarès, Roc|||0000-0002-9414-646X, Navarro Moldes, Leandro|||0000-0003-4775-5526, Sadre, Ramin, Universitat Politècnica de Catalunya. Doctorat Erasmus Mundus en Computació Distribuïda, Universitat Politècnica de Catalunya. Departament d'Arquitectura de Computadors, and Universitat Politècnica de Catalunya. CNDS - Xarxes de Computadors i Sistemes Distribuïts

Subjects
Telecommunication traffic, Internet, Enginyeria de la telecomunicació::Telemàtica i xarxes d'ordinadors [Àrees temàtiques de la UPC], Telecommunication network topology, Wireless LANs, Network servers, Radio access networks, Xarxes locals sense fil Wi-Fi, Internet (Computer network), Internetworking
Abstract

In wireless community access networks, clients tend to reach the Internet through multiple gateway nodes instead of a single default gateway. The mapping of gateways to clients should take into account the perception of network performance from each client node. Network conditions and traffic load can fluctuate and make repeated client-gateway measurements necessary. However, frequent measurements would result in a high communication overhead as well as high processing overhead in gateways and clients. We propose a lightweight client-side gateway selection algorithm by crowd-sourcing monitoring information from neighbor clients, without requiring explicit topology information or a detailed view of the network, while providing an accurate selection as compared to an ideal omniscient approach. Our collaborative gateway selection algorithm achieves good end-to-end performance, such as low latency perceived at client nodes, and fair distribution of the measurements over the gateway nodes. The number of performance measurements triggered by clients are reduced drastically, from n down to 2 measurements per node in each period. An experimental evaluation of our approach shows more than 80% similarity estimation of the gateway performance in the majority of the considered cases. We propose two variants of the gateway selection algorithm, collaborative-best and collaborative-fair, which yield near optimal gateway selection while utilizing partial information.

Published
2019

93. Collaborative informed gateway selection in large-scale and heterogeneous networks

Author

Batbayar, Khulan, Emmanouil Dimogerontakis, Roc Meseguer, Leandro Navarro, Sadre, Ramin, 2019 IFIP/IEEE Symposium on Integrated Network and Service Management (IM), and UCL - SST/ICTM/INGI - Pôle en ingénierie informatique

Abstract

In wireless community access networks, clients tend to reach the Internet through multiple gateway nodes instead of a single default gateway. The mapping of gateways to clients should take into account the perception of network performance from each client node. Network conditions and traffic load can fluctuate and make repeated client-gateway measurements necessary. However, frequent measurements would result in a high communication overhead as well as high processing overhead in gateways and clients. We propose a lightweight client-side gateway selection algorithm by crowd-sourcing monitoring information from neighbor clients, without requiring explicit topology information or a detailed view of the network, while providing an accurate selection as compared to an ideal omniscient approach. Our collaborative gateway selection algorithm achieves good end-to-end performance, such as low latency perceived at client nodes, and fair distribution of the measurements over the gateway nodes. The number of performance measurements triggered by clients are reduced drastically, from n down to 2 measurements per node in each period. An experimental evaluation of our approach shows more than 80% similarity estimation of the gateway performance in the majority of the considered cases. We propose two variants of the gateway selection algorithm, collaborative-best and collaborative-fair, which yield near optimal gateway selection while utilizing partial information.

Published
2019

94. A Public Network Trace of a Control and Automation System

Author

Gorby Kabasele Ndonda, Sadre, Ramin, and UCL - SST/ICTM/INGI - Pôle en ingénierie informatique

Abstract

The increasing number of attacks against automation systems such as SCADA and their network infrastructure have demonstrated that there is a need to secure those systems. Unfortunately, directly applying existing ICT security mechanisms to automation systems is hard due to constraints of the latter, such as availability requirements or limitations of the hardware. Thus, the solution privileged by researchers is the use of network-based intrusion detection systems (N-IDS). One of the issue that many researchers encounter is how to validate and evaluate their N-IDS. Having access to a real and large automation systems for experimentation is almost impossible as companies are not inclined to give access to their systems due to obvious concerns. The few public traffic datasets that could be used for off-line experiments are either synthetic or collected at small testbeds. In this paper, we will describe and characterize a public traffic dataset collected at the HVAC management system of a university campus. Although the dataset contains only packet headers, we believe that it can help researchers, in particular designers of flow-based IDS, to validate their solutions under more realistic conditions.

Published
2019

98. On the case of privacy in the iot ecosystem : a survey

Author

Imtiaz, Sana, Sadre, Ramin, Vlassov, Vladimir, Imtiaz, Sana, Sadre, Ramin, and Vlassov, Vladimir

Abstract

IoT has enabled the creation of a multitude of personal applications and services for a better understanding of urban environments and our personal lives. These services are driven by the continuous collection and analysis of user data in order to provide personalized experiences. However, there is a strong need to address user privacy concerns as most of the collected data is of sensitive nature. This paper provides an overview of privacy preservation techniques and solutions proposed so far in literature along with the IoT levels at which privacy is addressed by each solution as well as their robustness to privacy breaching attacks. An analysis of functional and non-functional limitations of each solution is done, followed by a short survey of machine learning applications designed with these solutions. We identify open issues in the privacy preserving solutions when used in IoT environments. Moreover, we note that most of the privacy preservation solutions need to be adapted in the light of GDPR to accommodate the right to privacy of the users., QC 20210609

Published
2019
Full Text
View/download PDF

99. Improving network flexibility

Author

UCL - SST/ICTM/INGI - Pôle en ingénierie informatique, UCL - Ecole Polytechnique de Louvain, Bonaventure, Olivier, Feldmann, Anja, Sadre, Ramin, Pecheur, Charles, Vanbever, Laurent, Tilmans, Olivier, UCL - SST/ICTM/INGI - Pôle en ingénierie informatique, UCL - Ecole Polytechnique de Louvain, Bonaventure, Olivier, Feldmann, Anja, Sadre, Ramin, Pecheur, Charles, Vanbever, Laurent, and Tilmans, Olivier

Abstract

Computer networks are deeply ingrained in our daily lives. We rely on them to place audio calls, to watch movies, or even to automate parts of our houses. Each of these use-cases comes with its own requirements to ensure its proper operation and generates unique traffic patterns. For example, video streams require a large amount of bandwidth from a server to the client, for the duration of the video. Efficiently supporting many requirements, potentially changing over time, requires networks to be flexible. In this thesis, we study and improve two key aspects of network flexibility. First, we tackle the issue of flexible network control by introducing Fibbing, a technique which achieves a central control over distributed routing protocols. We present the theory behind Fibbing using provably-correct algorithms, as well as a prototype controller which is compatible with unmodified commercial routers. Our algorithms scale to large Internet Service Provider (ISP) topologies, and measurements confirmed that Fibbing’s overhead on real routers is negligible. Second, we explore how to improve the flexibility of network monitoring systems from two vantage points. On one hand, we present how ISPs can use Stroboscope to combine the visibility of traffic mirroring with the scalability of sampling. Stroboscope achieves deterministic traffic sampling by simultaneously (de)activating traffic mirroring on specific routers, for specific flows, at specific moments in time. As a result, Stroboscope enables network-wide path tracing while adhering to a strict monitoring budget. On the other hand, we present how enterprise networks can monitor their networks with Flowcorder. Flowcorder records performance profile of connections by instrumenting the protocol implementations of the end hosts. Doing so, it transparently supports encrypted and multipath protocols. We demonstrate the feasibility of the approach by presenting measurement collected with a prototype in a campus network., (FSA - Sciences de l'ingénieur) -- UCL, 2019

Published
2019

100. Dissecting HTTP/2 and QUIC : measurement, evaluation and optimization

Author

UCL - SST/ICTM/INGI - Pôle en ingénierie informatique, UCL - Polytechnic School of Leuven, Sadre, Ramin, Cerdà-Alabern , Llorenc, Bonaventure, Olivier, Pecheur, Charles, Plà Bosca , Vicent, Hohlfeld, Oliver, Manzoor, Jawad, UCL - SST/ICTM/INGI - Pôle en ingénierie informatique, UCL - Polytechnic School of Leuven, Sadre, Ramin, Cerdà-Alabern , Llorenc, Bonaventure, Olivier, Pecheur, Charles, Plà Bosca , Vicent, Hohlfeld, Oliver, and Manzoor, Jawad

Abstract

The Internet is evolving from the perspective of both usage and connectivity. The meteoric rise of smartphones has not only facilitated connectivity for the masses, it has also increased their appetite for more responsive applications. The widespread availability of wireless networks has caused a paradigm shift in the way we access the Internet. This shift has resulted in a new trend where traditional applications are getting migrated to the cloud, e.g., Microsoft Office 365, Google Apps etc. As a result, modern web content has become extremely complex and requires efficient web delivery protocols to maintain users’ experience regardless of the technology they use to connect to the Internet and despite variations in the quality of users’ Internet connectivity. To achieve this goal, efforts have been put into optimizing existing web and transport protocols, designing new low latency transport protocols and introducing enhance- ments in the WiFi MAC layer. In recent years, several improvements have been introduced in the HTTP protocol resulting in the HTTP/2 standard which allows more efficient use of network resources and a reduced perception of latency. QUIC transport protocol is another example of these ambitious efforts. Initially developed by Google as an experiment, the protocol has already made phenomenal strides, thanks to its support in Google’s servers and Chrome browser. However there is a lack of sufficient understanding and evaluation of these new protocols across a range of environments, which opens new opportunities for research in this direction. This thesis provides a comprehensive study on the behavior, usage and performance of HTTP/2 and QUIC, and advances them by implementing several optimizations. First, in order to understand the behavior of HTTP/1 and HTTP/2 traffic we analyze datasets of passive measurements collected in various operational networks and discover that they have very different characteristics. This calls for a reappraisal of traf, (FSA - Sciences de l'ingénieur) -- UCL, 2019

Published
2019

Catalog

Books, media, physical & digital resources
See catalog results