Periódicos, Publicação

A real-time video quality estimator for emerging wireless multimedia systems

/

Wireless Mesh Networks (WMNs) are increasingly deployed to enable thousands of users to share, create, and access live video streaming with different characteristics and content, such as video surveillance and football matches. In this context, there is a need for new mechanisms for assessing the quality level of videos because operators are seeking to control their delivery process and optimize their network resources, while increasing the user’s satisfaction. However, the development of in-service and non-intrusive Quality of Experience assessment schemes for real-time Internet videos with different complexity and motion levels, Group of Picture lengths, and characteristics, remains a significant challenge. To address this issue, this article proposes a non-intrusive parametric real-time video quality estimator, called MultiQoE that correlates wireless networks’ impairments, videos’ characteristics, and users’ perception into a predicted Mean Opinion Score. An instance of MultiQoE was implemented in WMNs and performance evaluation results demonstrate the efficiency and accuracy of MultiQoE in predicting the user’s perception of live video streaming services when compared to subjective, objective, and well-known parametric solutions.

Periódicos, Publicação

Securing light clients in blockchain with DLCP

/

In blockchain, full nodes (FNs) are peers that store and verify entire chains of transactions. In contrast, light clients (LCs) are those with limited resources, and for this reason, they request only block headers from FNs for transaction verification—using protocols like Simple Payment Verification (SPV). In an approach to prevent FN tampering on transaction verification (byzantine fault), LCs request block headers from multiple FNs and compare received responses. One problem with this approach is that an LC must connect to each FN and perform the same cryptographic operations with each one repeatedly, which leads to client-side complexity and slower response. We propose an alternate approach to tackle this issue, in which LCs can encrypt a request for block headers only once, and send that request to a predetermined set of FNs to access, process, and reply back in a single response. Our approach, called Distributed Lightweight Client Protocol (DLCP), enables LCs to verify with little effort if FNs have agreed on a response. From an experimental evaluation, we observed that DLCP provided lower latency and reduced computing and communication overhead in comparison with the existing conventional approach.

Periódicos, Publicação

vSDNEmul: A Software-Defined Network Emulator Based on Container Virtualization

/

The main issue related to Software-Defined Network emulators is how to replicate real behavior in experiments. Mininet and others SDN emulators have an architecture that limits both the scope of experiments and the fidelity of networking tests. Consequently, the serialization, contention, and load of background processes may produce delays that compromise the operation of events such as transmitting a packet or completing a computation, possibly invalidating the performance evaluation of a network emulation. To address these problems, this paper presents vSDNEmul, a network emulator based on Docker container virtualization. Different from Mininet, vSDNEmul isolates each node in a container and interconnects the nodes through virtual or tunnel links. By using containers, vSDNEmul allows autonomous and flexible creation of independent network elements, resulting in more realistic emulations. This paper reports performance evaluations comparing vSDNEmul and Mininet. The results obtained with the vSDNEmul emulator are more realistic and present higher accuracy.

Periódicos, Publicação

Classification and evaluation of IoT brokers: A methodology

/

Since the term Internet of Things (IoT) was coined by Kevin Ashton in 1999, a number of middleware platforms have been developed to cope with important challenges such as the integration of different technologies. In this context of heterogeneous technologies, IoT message brokers become critical elements for the proper function of smart systems and wireless sensor networks (WSN) infrastructures. There are several evaluations made on IoT messaging middleware performance. Nevertheless, most of them ignore crucial aspects of the IoT context that also need to be included, such as reliability and other qualitative aspects. Thus, in this article, we propose a methodology for classification and evaluation of IoT brokers to help the scientific community and technology industry on evaluating them according to their interests, without leaving out important aspects for the context of smart environments. Our methodology bases its qualitative evaluations on the ISO/IEC 25000 (SQuaRE) set of standards and its quantitative evaluations on Jain’s process for performance evaluation. We developed a case study to illustrate our proposal with 12 different open-source brokers, validating the feasibility of our methodological approach.

Periódicos, Publicação

AN EVALUATION OF SECURITY FEATURES BASED ON ISO/IEC 25023 FOR A DISTRIBUTED AUTONOMIC SCIENTIFIC PUBLISHER TOOL ON A PERMISSIONED BLOCKCHAIN

/

In the development of projects that aim at management and editorial evaluation methods, mechanisms that foster the product’s quality final have great importance. In this scenario, several areas are working together in search of better adequacy and standardization in software development. A basic example is the adequations of evaluation of software engineering and computer networks, which work, so that distributed applications are developed following evaluation criteria and standardized quality standards. In this context, we present the DASP software, an open-source distributed autonomous scientific publisher executed through an allowed blockchain network, automatically organized through intelligent contracts, an alternative to the decentralized management of editorial models. As a form of evaluation, one of the most current standards used by the international organization for standardization (ISO) to perform software quality measurements, ISO/IEC 25023, is adopted. Furthermore, we focused on the security aspect, which is one of the categories of ISO/IEC. This aspect was chosen because it was based on the main features that underpin blockchain technology. The quality measurement was carried out following several steps, such as the definition of ISO/IEC 25023, an adaptation of metrics for DASP software evaluation, calculations of the quality value of each functionality, and determination of recommendations for improvements in the software according to the estimates made.

Periódicos, Publicação

Management of Caching Policies and Redundancy over Unreliable Channels

/

Caching plays a central role in networked systems, reducing the load on servers and the delay experienced by users. Despite their relevance, networked caching systems still pose a number of challenges pertaining their long term behavior. In this paper, we formally show and experimentally evidence conditions under which networked caches tend to synchronize over time. Such synchronization, in turn, leads to performance degradation and aging, motivating the monitoring of caching systems for eventual rejuvenation, as well as the deployment of diverse cache replacement policies across caches to promote diversity and preclude synchronization and its aging effects. Based on trace-driven simulations with real workloads, we show how hit probability is sensitive to varying channel reliability, cache sizes, and cache separation, indicating that the mix of simple policies, such as Least Recently Used (LRU) and Least Frequently Used (LFU), provide competitive performance against state-of-art policies. Indeed, our results suggest that diversity in cache replacement policies, rejuvenation and intentional dropping of requests are strategies that build diversity across caches, preventing or mitigating performance degradation due to caching aging.

Periódicos, Publicação

Enhancing Network Slicing Architectures With Machine Learning, Security, Sustainability and Experimental Networks Integration

/

Network Slicing (NS) is an essential technique extensively used in 5G networks computing strategies, mobile edge computing, mobile cloud computing, and verticals like the Internet of Vehicles and industrial IoT, among others. NS is foreseen as one of the leading enablers for 6G futuristic and highly demanding applications since it allows the optimization and customization of scarce and disputed resources among dynamic, demanding clients with highly distinct application requirements. Various standardization organizations, like 3GPP’s proposal for new generation networks and state-of-the-art 5G/6G research projects, are proposing new NS architectures. However, new NS architectures have to deal with an extensive range of requirements that inherently result in having NS architecture proposals typically fulfilling the needs of specific sets of domains with commonalities. The Slicing Future Internet Infrastructures (SFI2) architecture proposal explores the gap resulting from the diversity of NS architectures target domains by proposing a new NS reference architecture with a defined focus on integrating experimental networks and enhancing the NS architecture with Machine Learning (ML) native optimizations, energy-efficient slicing, and slicing-tailored security functionalities. The SFI2 architectural main contribution includes the utilization of the slice-as-a-service paradigm for end-to-end orchestration of resources across multi-domains and multi-technology experimental networks. In addition, the SFI2 reference architecture instantiations will enhance the multi-domain and multi-technology integrated experimental network deployment with native ML optimization, energy-efficient aware slicing, and slicing-tailored security functionalities for the practical domain.

Periódicos, Publicação

Survey on Machine Learning-Enabled Network Slicing: Covering the Entire Life Cycle

/

Network slicing (NS) is becoming an essential element of service management and orchestration in communication networks, starting from mobile cellular networks and extending to a global initiative. NS can reshape the deployment and operation of traditional services, support the introduction of new ones, vastly advance how resource allocation performs in networks, and notably change the user experience. Most of these promises still need to reach the real world, but they have already demonstrated their capabilities in many experimental infrastructures. However, complexity, scale, and dynamism are pressuring for a Machine Learning (ML)-enabled NS approach in which autonomy and efficiency are critical features. This trend is relatively new but growing fast and attracting much attention. This article surveys Artificial Intelligence-enabled NS and its potential use in current and future infrastructures. We have covered state-of-the-art ML-enabled NS for all network segments and organized the literature according to the phases of the NS life cycle. We also discuss challenges and opportunities in research on this topic.

Periódicos, Publicação

Sec-Health: A Blockchain-Based Protocol for Securing Health Records

/

Storing and sharing health records through electronic systems pose security risks. To address them, several countries’ regulations have established that healthcare information systems must fulfill security properties (confidentiality, access control, integrity, revocation and anonymity) and complementary ones (emergency access and interoperability). Upon tackling these issues, several proposals present security limitations and/or address specific properties only. We propose Sec-Health, a blockchain-based protocol that secures health records, addressing all of the main security and complementary properties defined in current regulations. We show that Sec-Health is a suitable solution by analyzing it under several attack scenarios and describing how it overcomes the problems of existing solutions. Furthermore, we evaluate a Sec-Health Proof of Concept, showing that it can reduce from 26% up to 90% the time to access health records, and reduce up to 50% client-side memory overhead, compared to related work.

Artigos de Conferência, Publicação

Caching policies over unreliable channels

/

Recently, there has been substantial progress in the formal understanding of how caching resources should be allocated when multiple caches each deploy the common LRU policy. Nonetheless, the role played by caching policies beyond LRU in a networked setting where content may be replicated across multiple caches and where channels are unreliable is still poorly understood. In this paper, we investigate this issue by first analyzing the cache miss rate in a system with two caches of unit size each, for the LRU, and the LFU caching policies, and their combination. Our analytical results show that joint use of the two policies outperforms LRU, while LFU outperforms all these policies whenever resource pooling is not optimal. We provide empirical results with larger caches to show that simple alternative policies, such as LFU, provide superior performance compared to LRU even if the space allocation is not fine tuned. We envision that fine tuning the cache space used by such policies may lead to promising additional gains.

Artigos de Conferência, Publicação

Levantamento das Estruturas Organizacionais em Organizaçoes Autônomas Descentralizadas Baseadas em Blockchain

/

As Organizações Autônomas Descentralizadas Baseadas em Blockchain (Blockchain-Based Decentralized Autonomous Organizations-BCDAO) são sistemas que realizam tomadas de decisões visando a segurança. A estrutura organizacional é um aspecto que pode contribuir para a eficiência (eg, reduzindo gastos redundantes de recursos, esforços e tempo), no entanto, este aspecto não é explicito no desenvolvimento de BCDAO. Neste estudo é apresentado um levantamento das estruturas organizacionais baseadas na literatura de Sistema Multiagente (Multiagent System-MAS) BCDAO, que incluem hierarquia, holarquia, sociedade e mercados. O estudo descreve cada uma das estruturas organizacionais e como elas são empregadas em BCDAO, com o intuito de facilitar a avaliação comparativa de estilos organizacionais. Com isso, objetiva-se permitir a projetistas conhecer o espectro de possibilidades atual e, então, guiar a seleção de uma estrutura organizacional apropriada para um domínio de aplicação particular.

Artigos de Conferência, Publicação

Seleção de características por clusterização para melhorar a detecção de ataques de rede

/

Sistemas de Detecção de Intrusão (IDSs) baseados em aprendizado de máquina (AM) vêm sendo amplamente utilizados para detectar tráfego malicioso e ataques às redes. Entretanto, essas abordagens ainda apresentam grandes dificuldades para detectar os diferentes tipos de ataques que vêm se aprimorando. Neste contexto, dentre os passos requeridos para uma avaliação baseada em AM, a seleção de características tem grande importância para propiciar maior eficiência na detecção de anomalias e ataques de rede, sendo ainda um problema em aberto. Este artigo propõe uma abordagem que realiza a seleção de características baseada em clusters para melhorar a detecção de ataques e tráfegos anômalos na rede. A proposta cria também um ranque com as características de tráfego que mais contribuíram para o incremento nos acertos dos algoritmos. Os resultados mostraram um desempenho superior às demais propostas avaliadas para cinco diferentes tipos de ataques, considerando a métrica F1 score.

Artigos de Conferência, Publicação

vsdnemul: Emulando de redes definidas por softwares através de contêineres docker

/

O maior desafio no desenvolvimento de emuladores de redes SDN é torná-los mais realistas, versáteis e abertos. Além disso, eles também devem oferecer aplicações reais em seus experimentos, porém, devido à complexidade de integrá-las ao emulador, estas características nem sempre são desenvolvidas. Para oferecer uma solução mais diversificada e flexível que as atuais (ex. Mininet ou vEmulab), este artigo apresenta o vSDNEmul, um emulador de redes SDN onde os nós são baseados em contêineres Docker.

Artigos de Conferência, Publicação

Padroes de Projetos para Organizaçoes de Contratos Inteligentes

/

Atualmente diferentes campos estão utilizando blockchain e contratos inteligentes para prover segurança aos sistemas. Esses sistemas podem utilizar múltiplos contratos inteligentes que se coordenam e cooperam entre si para alcançar seus objetivos, ou seja, formam uma organização de contratos inteligentes (Smart Contracts Organization-SCO). Portanto, esse estudo apresenta padrões de projetos de diferentes estruturas organizacionais baseadas na literatura de Sistema Multiagente (Multiagent System-MAS) e na de SCO, que incluem hierarquia, holarquia, sociedade e mercado. Os padrões de projetos são descritos, os sistemas que os apresentam são expostos e uma forma de avaliação e validação é proposta.

Artigos de Conferência, Publicação

vSDNLight: Uma Proposta de Arquitetura Leve para Provisionamento de Redes Virtuais Definidas por Software

/

Para construção de redes virtuais definidas por softwares (vSDN), também conhecidas como slices da infraestrutura física, é necessário a utilização de soluções de hipervisores SDN. No entanto, essas soluções vêm apresentando grandes limitações de escalabilidade e desempenho, por causa de sua arquitetura baseada em proxy de serviços. Este artigo apresenta uma proposta de orquestração diferente do modelo atual provendo redes virtuais definidas por softwares através da alocação de instancias de switches virtuais sob demanda diretamente em dispositivos de comutação de baixo custo.

Artigos de Conferência, Publicação

Soluçao de Nodos de Baixo Armazenamento para o Futuro da Internet

/

Em blockchain, os nodos completos (NCs) armazenam todas as transações existentes e são responsáveis por validar novos blocos. A quantidade de dados armazenados por NCs vem aumentando significativamente nas principais blockchains, como a do Bitcoin. O excesso de dados de blockchains aumenta a sobrecarga de armazenamento e processamento nos NCs, podendo causar a redução de validadores e armazenadores dos dados e colocando em risco o princípio de descentralização em blockchain. Este artigo propõe um mecanismo de armazenamento dos dados menos custoso para NCs de blockchain. O mecanismo visa diminuir a sobrecarga de armazenamento e processamento nos NCs, e garantir a característica de descentralização da rede.

Artigos de Conferência, Publicação

Projeto NECOS: Rumo ao Fatiamento Leve de Recursos em Infraestruturas de Nuvens Federadas

/

O projeto Novel Enablers for Cloud Slicing (NECOS) propouma solução que visa automatizar o processo de configuração otimizada de nuvem e rede, fornecendo um gerenciamento uniforme com um alto nível de autonomia para os recursos de computação conectividade e armazenamento atualmente separados, baseado no conceito LSDC (Lightweight Slice Defined Cloud). Neste artigo, discute-se a motivação, objetivos, arquitetura, desafios de pesquisa e esforços iniciais do projeto NECOS através dos casos de uso definidos.

Artigos de Conferência, Publicação

Desenvolvimento de redes comunitárias na região amazônica com uso de redes em malha sem fio através da plataforma LibreMesh

/

Currently, there are about 3.6 billion people in the world without any kind of Internet access. Parallel to this, we have the connectivity as a funda-mental part for insertion of the individual in a globalized society. Thus, with the understanding of Internet access as a basic right of citizenship, the con-cept of community networks arises. This network is characterized by low cost, minimal complexity, ease of deployment and expansion, as well as the active participation of the beneficiary community in its development. This study in-tends to describe the process of implementation of a community network with application of wireless mesh network using the LibreMesh free platform in the community of Boa Vista do Acarain Para.

Artigos de Conferência, Publicação

Slices como serviço sobre um centro de dados itinerante aplicado ao cenário amazônico

/

A virtualização e o fatiamento de recursos vêm se tornando abordagens chaves para automatizar, tornar mais eficiente e econômico o processo de configuração de nuvens, habilitando a oferta de serviços ágeis e dinâmicos. Este artigo apresenta o Centro de Dados Itinerante (Itinerant Data Center IDC), com o objetivo de levar serviços essenciais para regiões sem ou com pouca infraestrutura, utilizando a plataforma NECOS, para fornecer uma solução sustentável, de baixo custo e com pouco consumo de energia, que utiliza computação em nuvem, virtualização e fatiamento como serviço.

Artigos de Conferência, Publicação

A decentralized protocol for securely storing and sharing health records

/

Cloud computing allows for on demand storage and sharing of records with high degree of availability. However, storing a health record in a cloud provider requires trusting it for the record security. By mitigating it, current approaches focus on confidentiality and access control while not properly handling data integrity. This paper presents a protocol that employs attribute-based cryptography and decentralized networks for secure storage and sharing of health records. The solution addresses confidentiality, access control and integrity of records. A proof of concept of the protocol was implemented and load tests were executed in order to demonstrate its practical feasibility.

Artigos de Conferência, Publicação

A Methodology for Classification and Evaluation of IoT Brokers

/

Since the term Internet of Things (IoT) was coined by Kevin Ashton on 1999, a bundle of middleware platforms has been developed to cope with important challenges such as the integration of different technologies. Is in this context of heterogeneous technologies that IoT message brokers become key elements for the proper function of smart systems and wireless sensor networks (WSN) infrastructures. This article proposes a methodology for classification and evaluation of brokers by using qualitative analysis, so to help in the selection of the more suitable brokers according to the given scenario and needs. The methodology uses the quality reference model described on the ISO/IEC 25010 normative from the SQuaRE set of standards published by the ISO/IEC conjunction. In the implementation case we developed the proposal with 9 different open source brokers so to validate the applicability and feasibility of our methodology.

Artigos de Conferência, Publicação

Topology Resilience Evaluation and Enhancement in Software Defined Networks

/

Software Defined Networks separates the control and forwarding planes, facilitating and flexibilizing the management of networking. However, the interaction between these planes introduces different vulnerabilities to the network, raising new resilience concerns. To assist the planning phase of a Software Defined Network deployment, this paper proposes the application of topological augmentation algorithms to increase the resilience of topologies as indicated by a resilience factor, through optimizations on both control and forwarding planes. In parallel, a brute force controller placement algorithm is applied, for performance comparisons. Tests results demonstrate that the improvement on the test topologies’ resilience characteristics obtained by the joint optimization of both planes surpasses even the most optimal controller placement.

Artigos de Conferência, Publicação

Content Placement Aware Cache Decision: A Caching Policy Based on the Content Replacement Ratio for Information-Centric Network

/

Information-Centric Network (ICN) has been an emerging network paradigm for Future Internet based on a host-to-content approach. In this model, both router and users devices are able to store content. One of the key features of ICN is in-network content caching, reducing bandwidth consumption, server load and even enhancing QoE of end-users. ICN behavior is determined by a 3-tuple, which are routing, content insertion and content replacement. Besides, Routing algorithms influence content insertion performance and, which in turn, influences in replacement policies performance. Furthermore, it is proven that content insertion policies influence routing performance and there is no work regarded to analyze the impact of replacement algorithms in content insertion. Therefore this paper proposed a new caching metric called Replacement Ratio and a dynamic content insertion strategy named RatioCache to prove that content replacement, which is strongly bounded to caching system, also influence the caching process. Our results improved up to 110% cache hit ratio, and reduced up to 30% server load and latency up to 10%, thus RatioCache performance shows replacement policies influence caching policies and enhances network performance.

Artigos de Conferência, Publicação

Compartilhamento Seguro de Arquivos de Saúde usando Criptografia Baseada em Atributos e Redes Descentralizadas

/

A computação em nuvem possibilita o armazenamento e o compartilhamento de arquivos sob demanda com alta taxa de disponibilidade para aárea da saúde. Contudo, utilizar um provedor de nuvem para armazenar um arquivo de saúde significa confiar a ele a segurança do arquivo. Ao mitigar isso, as abordagens da literatura preocupam-se apenas com a confidencialidade e o controle de acesso, não tratando adequadamente a integridade dos dados. Esse trabalho apresenta o protocolo Decentralized Sharing of Health Records (DSHR), que utiliza criptografia baseada em atributos e redes descentralizadas para o compartilhamento seguro de arquivos de saúde, tratando a confidencialidade, o controle de acesso e a integridade dos arquivos. Uma prova de conceito do DSHR foi implementada e testes de carga foram executados para demonstrar a sua viabilidade prática.

Artigos de Conferência, Publicação

Uma Política de Inserção de Conteúdo baseada na Correlação entre Medidas de Centralidade para Redes Centradas em Conteúdo

/

O cache em rede é uma importante característica de Redes Centrada em Conteúdo (RCCs). A escolha dos nodos que armazenarão o conteúdo é um grande desafio e uma boa maneira de fazer isso é através de medidas de centralidade de rede, que descrevem a importância de um nodo, dada uma característica. Entretanto, o grande número de medidas torna a escolha dos nodos ainda mais desafiadora, pois é incerto se uma medida escolhida resultará num alto desempenho em diferentes cenários, dada a sua forte dependência da estrutura topológica. Por conta disso, uma boa alternativa seria considerar a correlação entre elas para selecioná-los. Neste trabalho, propõe-se uma política de inserção de conteúdo baseada na correlação entre medidas de centralidade para selecionaráquelas forte ou mais fortemente correlacionadas para armazenar o conteúdo nos seus nodos correspondentes. Por meio de simulação e utilizando uma boa variedade de topologias nos testes, nossa proposta superou o desempenho das políticas de inserção em termos de taxa de acertos de conteúdo e tempo médio de download.

Artigos de Conferência, Publicação

NECOS Project: Towards Lightweight Slicing of Cloud Federated Infrastructures

/

The Novel Enablers for Cloud Slicing (NECOS) project addresses the limitations of current cloud computing infrastructures to respond to the demand for new services, as presented in two use-cases, that will drive the whole execution of the project. The first use-case is focused on Telco service provider and is oriented towards the adoption of cloud computing in their large networks. The second use-case is targeting the use of edge clouds to support devices with low computation and storage capacity. The envisaged solution is based on a new concept, the Lightweight Slice Defined Cloud (LSDC), as an approach that extends the virtualization to all the resources in the involved networks and data centers and provides uniform management with a high-level of orchestration. In this position paper, we discuss the motivation, objectives, architecture, research challenges (and how to overcome them) and initial efforts for the NECOS project.

Artigos de Conferência, Publicação

vSDNEmul: Emulador de Redes Definidas Por Software Usando Contêineres

/

Um dos maiores desafios para emuladores de redes SDN são faze-los cada vez mais realistas, versáteis e abertos. Além disso, eles também devem oferecer aplicações reais em seus experimentos, porém, devido a complexidade de integra-los ao emulador estas características não são desenvolvidas. Portanto, para oferecer uma solução mais diversificada que as atuais (ex. Mininet ou vEmulab). Este artigo propõe o vSDNEmul, uma alternativa de emulador de redes SDN onde os nós são baseados em contêineres. Além disso, o artigo também descreve a sua arquitetura e API.

Artigos de Conferência, Publicação

DLCP: Um Protocolo para a Operação Segura de Clientes Leves em Blockchains

/

Em blockchains, nodos completos (NCs) são pares que armazenam e verificam todas as transações contidas nos blocos, enquanto clientes leves (CLs) são aqueles que solicitam apenas os cabeçalhos dos blocosá um NC, realizando verificações mais simples. Para lidar com comportamentos maliciosos, a abordagem convencional para garantir o recebimento dos cabeçalhos originais é solicitá-losá múltiplos NCs e comparar as respostas recebidas. Essa abordagem, contudo, requer que um CL estabeleça conexões seguras com cada NC, o que resulta em maior sobrecarga e tempo de resposta. Nesse contexto, esse trabalho propõe o Distributed Lightweight Client Protocol (DLCP), que demanda criptografar uma requisição de cabeçalhos apenas uma vez para um conjunto de NCs, que, por sua vez, retornam umaúnica resposta para o CL. Avaliações preliminares mostraram que o DLCP provê menor latência que a abordagem convencional e reduz a sobrecarga nos CLs.

Artigos de Conferência, Publicação

vSDNBox: Um Hardware Especializado de Baixo Custo Gerenciado via SDN

/

Os switches whitebox vêm sendo uma alternativa vantajosa para o plano de dados SDN. Eles permitem tanto a redução nas despesas como também a ampliação dos níveis de heterogeneidade de fabricantes na infraestrutura de rede. Recentes ferramentas possibilitaram que os whiteboxes baseados em software-switches pudessem ampliar seus desempenhos apenas com otimizações feitas via softwares abertos em hardwares genéricos. A partir disso, propõe-se o vSDNBox, uma alternativa de whitebox software-switched para redes definidas por software, capaz de reduzir ainda mais os custos e ampliar o desempenho através de seu gerenciamento e otimizações feitas via software no espaço do usuário. Os resultados obtidos comprovam que a proposta consegue ter um desempenho igual ou aproximado de um whitebox hardwareswitched através de avaliações de vazão e latência.

Artigos de Conferência, Publicação

DLCP: A protocol for securing light client operation in blockchains

/

In blockchain, full nodes (FNs) are peers that store and verify entire chains of transactions, and light clients (LCs) are those which outsource chain verification to FNs (as they lack computing resources required to do so). In general, LCs perform simpler verification protocols, e.g. Simple Payment Verification (SPV), by offloading the execution of blockchain operations to FNs. To cope with byzantine faults (like malicious behavior), a current approach for blockchain transaction verification is requiring that LCs outsource their requests to multiple FNs, and compare received results. This approach, however, requires that LCs establish secure connections to each FN, which leads to client-side complexity and slower verification. To tackle this issue, we propose Distributed Lightweight Client Protocol (DLCP), a protocol for secure verification in blockchain. In summary, DLCP requires LCs to encrypt a request once, allowing a pre-determined set of FNs to access and process it. Through DLCP, LCs become able to verify whether FNs have agreed on the operation outcome. From some preliminary evaluation, we observed that DLCP decreased computing and communication overhead in LCs, while providing lower latency.

Artigos de Conferência, Publicação

Topology resilience enhancement for software defined networks

/

Software Defined Networks is a paradigm that flexibilizes the management of networking, separating the control and forwarding planes. This separation introduces new concerns towards the resilience of the network, which now presents different vulnerabilities related to the interaction between these planes. A resilience factor for Software Defined Networks is proposed, using multiple metrics to analyze intrinsic features of its architecture, serving as an indication for its resilience. Beyond that, topological augmentation algorithms are employed to increase the resilience of test topologies, as indicated by the proposed factor. Tests results demonstrate an improvement of the topologies’ resilience characteristics.

Artigos de Conferência, Publicação

FI-MApp: a web application for managing FI-WARE environments in internet of things

/

The FI-WARE project aims to create a core platform for the Future Internet. However, such a platform has failed to promote the centralization of its services, since it did not offer a unified development framework. In addition, it demands a great effort to use the platform, due to extensive, disordered and scattered documentation. In this context, the present work explored the FI-WARE service for enabling the Internet of Things (IoT). The main goal was to develop a Web application for an integrated visualization and management of the resources offered by FI-WARE IoT enabling services. Called FI-MApp, the proposed Web application acts as a bridge (middleware) between the FI-WARE IoT service and its managers. FI-MApp is shown as suitable solution in this scenario because the FI-WARE APIs have already been implemented following the RESTful Web service architecture. Through its simple and intuitive user interface, the FI-MApp Web application make it easy for both managing and visualizing FI-WARE IoT environments from different parts of the world by offering features, such as registering new IoT devices and data collection from both real and virtual sensors.

Artigos de Conferência, Publicação

Securing light clients in blockchain with DLCP

/

In blockchain, full nodes (FNs) are peers that store and verify entire chains of transactions. In contrast, light clients (LCs) are those with limited resources, and for this reason, they request only block headers from FNs for transac- tion verification—using protocols like Simple Payment Verification (SPV). In an approach to prevent FN tampering on transaction verification (byzantine fault), LCs request block headers from multiple FNs and compare received responses. One problem with this approach is that an LC must connect to each FN and per- form the same cryptographic operations with each one repeatedly, which leads to client-side complexity and slower response. We propose an alternate approach to tackle this issue, in which LCs can encrypt a request for block headers only once, and send that request to a predetermined set of FNs to access, process, and reply back in a single response. Our approach, called Distributed Lightweight Client Protocol (DLCP), enables LCs to verify with little effort if FNs have agreed on a response. From an experimental evaluation, we observed that DLCP pro- vided lower latency and reduced computing and communication overhead in comparison with the existing conventional approach.

Artigos de Conferência, Publicação

Fator de Resiliência para Aprimoramento Topológico em Redes Definidas por Software

/

Redes Definidas por Software é um paradigma que exibilizaa gerência de redes de computadores ao separar os planos de controle e de dados. Essa separação introduz novas preocupações quanto a resiliência da rede, que passa a apresentar diferentes vulnerabilidades relacionadas a interação entre os planos. É proposto um fator de resiliência para Redes Definidas por Software, utilizando múltiplas métricas para analisar características intrínsecas da arquitetura, servindo como indicativo de resiliência da rede. Além disso, algoritmos de aprimoramento topológico são empregados para aperfeiçoar a resiliência das topologias utilizadas. Os resultados de monstram melhoria nas características de resiliência.

Artigos de Conferência, Publicação

Busca de caminhos como serviço em vSDNs

/

As Redes virtuais Definidas por Software (vSDNs) são a junção de SDN e Virtualização. Neste contexto, o hipervisor de rede é responsável pela gestão da rede física, enquanto a rede SDN não virtualizada mantém esta função no controlador. Este artigo apresenta o Search Path, um buscador de caminhos baseado em grafos que evita traduções desnecessárias entre o hipervisor de rede e os controladores no contexto de vSDNs. A fatia encaminhada pelo hipervisor de rede é recebida pelo Search Path em forma de grafos, facilitando o desenvolvimento de lógicas de encaminhamento específicas para cada rede, através da manipulação de grafos. Os testes realizados demonstram que o Search Path possui resultados melhores quando comparado com hipervisor de rede e controlador tradicionais.

Artigos de Conferência, Publicação

Tag-and-Forward: A source-routing enabled data plane for OpenFlow Fat-Tree Networks

/

Software-Defined Networking (SDN) has turned the Data Center Network (DCN) environment into a more flexible one by decoupling control plane from data plane, allowing an innovative and easily extensible network management solutions. Nowadays, OpenFlow is the most successful protocol for SDN. However, SDN based on OpenFlow protocol presents performance issues on forwarding table increasing and packet match cost. Our proposal named Tag-and-Forward (TF) is a data plane that reduces the number of flow table required in the Fat-Tree software-defined DCNs to optimize forwarding. The results noticebly outperformed RTT and packet transmission rate when compared to usual OpenFlow data plane.

Artigos de Conferência, Publicação

Cache-Aware Interest Routing: Impact Analysis on Cache Decision Strategies in Content-Centric Networking

/

Information-Centric Networking (ICN) is one of the most promising model for dealing with the cern of the current Internet scenario, that is content. In this model, either routers or user devices in the network are capable of storing content in cache, where a client device pull a content by expressing an interest of the desired content name. One of the most sucessfull implementation of ICN is Content-Centric Networking (CCN) proposed by PARC. In CCN, the forwarding strategy pushes interest packets torwards a content server through a route determined by the Shortest-Path Route (SPR) strategy. However, SPR cannot fully exploit the network caching benefits, because the caching process only happens within the path without considering cache saturation level. Therefore, we propose Least Cache Routing (LCR) cache-aware strategy. Besides being based on SPR, LCR is constantly looking for the least saturated paths. The results shows that, a slight improvement on forwarding strategy is capable of improving LCE and LCD cache decision policies. Our results shows 150% and 53% performance gain on cache hit probability when LCR is jointly running with, respectively, LCE and LCD on Torus network.

Artigos de Conferência, Publicação

On the Benchmarking Mainstream Open Software-Defined Networking Controllers

/

Software-Defined Networking (SDN) has been one of the most successfull networking model over the past few years. The model decouples the network control and forwarding functions enabling the underlying infrastructure complexity to be programmed by applications. Although control plane is the cern for all the benefits, it is also the most crucial drawback of the SDN model to keep up working. Therefore, this paper presents a performance analysis on mainstream open-source SDN controllers. The results show that a well-perfomed control plane not only depends on controller throughput and response time, but also relies on topology discovery time. Our results show that Beacon controller has the highest performance on controller troughput because it uses multicore feature better than others. However, there is a few difference on topology building delay when compared to ONOS, Floodlight and OpenDaylight, which are also Java-based controllers. The worst one is Ryu for building network topology.

Periódicos, Publicação

Uma estratégia para o serviço de cálculo de caminhos em redes definidas por software

/

O paradigma de redes definidas por software (SDN) está sendo investigado como a solução mais promissora para o atual engessamento da internet, uma vez que propõe a dissociação entre o plano de dados e o plano de controle, proporcionando maior programabilidade às redes de computadores. No entanto, ainda há lacunas em serviços disponíveis nessa arquitetura, dentre as quais se observa o serviço de cálculos de caminhos, que não está evoluindo consideravelmente entre os controladores. Por exemplo, a reserva de recursos, a partir dos requisitos necessários de cada aplicação, permanece como um desafio a ser vencido. Este artigo apresenta uma estratégia de cálculo de caminhos para redes SDN. O objetivo é oferecer um serviço mais flexível no estabelecimento de fluxos OpenFlow, além de possibilitar restrições determinísticas de qualidade vindas das aplicações. A proposta contribui também com uma arquitetura que pode ser aplicada a controladores SDN, um algoritmo de busca, baseado em uma métrica de qualidade de serviço (QoS), e uma análise de desempenho, mostrando que o algoritmo é capaz de minimizar o tempo de busca, processamento e consumo de memória pelo controlador na rede SDN.

Periódicos, Publicação

NVP: A Network Virtualization Proxy for Software Defined Networking

/

The combination of Network Function Virtualization (NFV) and Software Defined Networking (SDN) can improve the control and utilization of network resources. However, this issue still requires proper solutions to virtualize large-scale networks, which would allow the use of SDN and Virtualization in real environments.Thus, this paper proposes a virtualization architecture for SDN that relies on a proxy-based approach. The NVP (Network Virtualization Proxy) is a virtualization proxy that intercepts messages exchanged between controllers and switches SDN enabling network virtualization. An implementation of the proposal was developed as a proof of concept and load testing was performed showing that the solution can provide network virtualization in a scalable manner, using less than 2.5 MB of memory to manage 100 switches performing simultaneous requests, whereas FlowVisor requires more than 200 MB.