Search

Your search keyword '"Cristian Hesselman"' showing total 12 results
Start Over Author "Cristian Hesselman" Language english
12 results on '"Cristian Hesselman"'

2. Addressing the challenges of modern DNS

Author

Olivier van der Toorn, Moritz Müller, Sara Dickinson, Cristian Hesselman, Anna Sperotto, and Roland van Rijswijk-Deij

Subjects
ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Software_OPERATINGSYSTEMS, General Computer Science, DNSSEC, DNS, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Security, UT-Hybrid-D, Availability, Internet abuse, Theoretical Computer Science
Abstract

TheDomain Name System(DNS) plays a crucial role in connecting services and users on the Internet. Since its first specification, DNS has been extended in numerous documents to keep it fit for today’s challenges and demands. And these challenges are many. Revelations of snooping on DNS traffic led to changes to guarantee confidentiality of DNS queries. Attacks to forge DNS traffic led to changes to shore up the integrity of the DNS. Finally, denial-of-service attack on DNS operations have led to new DNSoperations architectures. All of these developments make DNS a highly interesting, but also highly challenging research topic. This tutorial – aimed at graduate students and early-career researchers – provides a overview of the modern DNS, its ongoing development and its open challenges. This tutorial has four major contributions. We first provide a comprehensive overview of the DNS protocol. Then, we explain how DNS is deployed in practice. This lays the foundation for the third contribution: a review of the biggest challenges the modern DNS faces today and how they can be addressed. These challenges are (i) protecting the confidentiality and (ii) guaranteeing the integrity of the information provided in the DNS, (iii) ensuring the availability of the DNS infrastructure, and (iv) detecting and preventing attacks that make use of the DNS. Last, we discuss which challenges remain open, pointing the reader towards new research areas.

Published
2022
Full Text
View/download PDF

3. Clouding up the Internet

Author

Wes Hardaker, Giovane C. M. Moura, Maarten Wullink, Sebastian Castro, Cristian Hesselman, and Design and Analysis of Communication Systems

Subjects
business.industry, Computer science, computer.internet_protocol, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, 020206 networking & telecommunications, Cloud computing, 02 engineering and technology, Computer security, computer.software_genre, IPv4, n/a OA procedure, IPv6, Root name server, Consolidation (business), Cloud provider, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, The Internet, business, computer
Abstract

Concern has been mounting about Internet centralization over the few last years -- consolidation of traffic/users/infrastructure into the hands of a few market players. We measure DNS and computing centralization by analyzing DNS traffic collected at a DNS root server and two country-code top-level domains (ccTLDs) -- one in Europe and the other in Oceania -- and show evidence of concentration. More than 30% of all queries to both ccTLDs are sent from 5 large cloud providers. We compare the clouds resolver infrastructure and highlight a discrepancy in behavior: some cloud providers heavily employ IPv6, DNSSEC, and DNS over TCP, while others simply use unsecured DNS over UDP over IPv4. We show one positive side to centralization: once a cloud provider deploys a security feature -- such as QNAME minimization -- it quickly benefits a large number of users.

Published
2020
Full Text
View/download PDF

4. COMAR: Classification of Compromised versus Maliciously Registered Domains

Author

Benoit Ampeau, Maciej Korczynski, Andrzej Duda, Cristian Hesselman, Sourena Maroofi, Drakkar, Laboratoire d'Informatique de Grenoble (LIG), Centre National de la Recherche Scientifique (CNRS)-Université Grenoble Alpes (UGA)-Institut polytechnique de Grenoble - Grenoble Institute of Technology (Grenoble INP ), Université Grenoble Alpes (UGA)-Centre National de la Recherche Scientifique (CNRS)-Université Grenoble Alpes (UGA)-Institut polytechnique de Grenoble - Grenoble Institute of Technology (Grenoble INP ), Université Grenoble Alpes (UGA), Institut polytechnique de Grenoble - Grenoble Institute of Technology (Grenoble INP ), ANR-15-IDEX-0002,UGA,IDEX UGA(2015), ANR-11-LABX-0025,PERSYVAL-lab,Systemes et Algorithmes Pervasifs au confluent des mondes physique et numérique(2011), and ANR-19-CE25-0009,DiNS,Nommage et services DNS pour IoT sécurisé et sans couture(2019)

Subjects
Computer science, media_common.quotation_subject, 020206 networking & telecommunications, 02 engineering and technology, Notification system, Computer security, computer.software_genre, Phishing, Domain (software engineering), Set (abstract data type), ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, [INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI], 0202 electrical engineering, electronic engineering, information engineering, Malware, 020201 artificial intelligence & image processing, computer, ComputingMilieux_MISCELLANEOUS, Reputation, media_common
Abstract

Miscreants abuse thousands of domain names every day by launching large-scale attacks such as phishing or malware campaigns. While some domains are solely registered for malicious purposes, others are benign but get compromised and misused to serve malicious content. Existing methods for their detection can either predict malicious domains at the time of registration or identify indicators of an ongoing malicious activity conflating maliciously registered and compromised domains into common blacklists. Since the mitigation actions for these two types domains are different, we propose COMAR, an approach to differentiate between compromised and maliciously registered domains, complementary to previously proposed domain reputation systems. We start the paper with a thorough analysis of the domain life cycle to determine the relationship between each step and define its associated features. COMAR uses a set of 38 features costly to evade. We evaluate COMAR using phishing and malware blacklists and show that it can achieve high accuracy (97% accuracy with a 2.5% false-positive rate) without using any privileged or non-publicly available data, which makes it suitable for the use by any organization. We plan to deploy COMAR at two domain registry operators of the European country-code TLDs and set up an early notification system to facilitate the remediation of blacklisted domains.

Published
2020
Full Text
View/download PDF

5. A Responsible Internet to Increase Trust in the Digital World

Author

Mattijs Jonker, Aiko Pras, Cees de Laat, Fernando A. Kuipers, Anna Sperotto, Cristian Hesselman, Giovane C. M. Moura, Janet Hui Xue, Paola Grosso, Joeri de Ruiter, Ralph Holz, Roland van Rijswijk-Deij, Design and Analysis of Communication Systems, Multiscale Networked Systems (IvI, FNWI), and System and Network Engineering (IVI, FNWI)

Subjects
Controllability, Cybersecurity, Computer Networks and Communications, Computer science, Strategy and Management, Cloud computing, 02 engineering and technology, Computer security, computer.software_genre, Transparency, Trust, Article, Sovereignty, 0202 electrical engineering, electronic engineering, information engineering, Digital economy, Accountability, business.industry, Digital sovereignty, 020206 networking & telecommunications, Service provider, Transparency (behavior), Hardware and Architecture, 020201 artificial intelligence & image processing, The Internet, business, computer, Responsible Internet, Information Systems
Abstract

Policy makers in regions such as Europe are increasingly concerned about the trustworthiness and sovereignty of the foundations of their digital economy, because it often depends on systems operated or manufactured elsewhere. To help curb this problem, we propose the novel notion of a responsible Internet, which provides higher degrees of trust and sovereignty for critical service providers (e.g., power grids) and all kinds of other users by improving the transparency, accountability, and controllability of the Internet at the network-level. A responsible Internet accomplishes this through two new distributed and decentralized systems. The first is the Network Inspection Plane (NIP), which enables users to request measurement-based descriptions of the chains of network operators (e.g., ISPs and DNS and cloud providers) that handle their data flows or could potentially handle them, including the relationships between them and the properties of these operators. The second is the Network Control Plane (NCP), which allows users to specify how they expect the Internet infrastructure to handle their data (e.g., in terms of the security attributes that they expect chains of network operators to have) based on the insights they gained from the NIP. We discuss research directions and starting points to realize a responsible Internet by combining three currently largely disjoint research areas: large-scale measurements (for the NIP), open source-based programmable networks (for the NCP), and policy making (POL) based on the NIP and driving the NCP. We believe that a responsible Internet is the next stage in the evolution of the Internet and that the concept is useful for clean slate Internet systems as well.

Published
2020

6. Anycast vs. DDoS: Evaluating the November 2015 Root DNS Event

Author

Wouter B. de Vries, Giovane C. M. Moura, Moritz Müller, Cristian Hesselman, Ricardo de Oliveira Schmidt, Lan Wei, and John Heidemann

Subjects
Service (business), Engineering, DNS, business.industry, Level of service, Event (computing), Domain Name System, Application layer DDoS attack, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, 020206 networking & telecommunications, Denial-of-service attack, 02 engineering and technology, Computer security, computer.software_genre, Anycast, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, The Internet, DDoS, business, computer, Computer network
Abstract

Distributed Denial-of-Service (DDoS) attacks continue to be a major threat in the Internet today. DDoS attacks over- whelm target services with requests or other traffic, causing requests from legitimate users to be shut out. A common defense against DDoS is to replicate the service in multiple physical locations or sites. If all sites announce a common IP address, BGP will associate users around the Internet with a nearby site, defining the catchment of that site. Anycast ad- dresses DDoS both by increasing capacity to the aggregate of many sites, and allowing each catchment to contain attack traffic leaving other sites unaffected. IP anycast is widely used for commercial CDNs and essential infrastructure such as DNS, but there is little evaluation of anycast under stress. This paper provides the first evaluation of several anycast services under stress with public data. Our subject is the Internet’s Root Domain Name Service, made up of 13 inde- pendently designed services (“letters‿, 11 with IP anycast) running at more than 500 sites. Many of these services were stressed by sustained traffic at 100× normal load on Nov. 30 and Dec. 1, 2015. We use public data for most of our anal- ysis to examine how different services respond to the these events. We see how different anycast deployments respond to stress, and identify two policies: sites may absorb attack traffic, containing the damage but reducing service to some users, or they may withdraw routes to shift both good and bad traffic to other sites. We study how these deployments policies result in different levels of service to different users. We also show evidence of collateral damage on other services located near the attacks.

Published
2016

7. Sharing Enriched Multimedia Experiences across Heterogeneous Network Infrastructures

Author

Dietwig Lowet, Josip Zoric, Keir Shepherd, Wouter Van Der Beek, Daniele Abbadessa, Sander Smit, Robert de Groote, Mark Gülbahar, Daniel Martin Görgen, Ishan Vaishnavi, John F. O'Connell, Cristian Hesselman, Oliver Friedrich, Distributed and Interactive Systems, and Publica

Subjects
Service (business), Ubiquitous computing, Multimedia, Computer Networks and Communications, Computer science, computer.internet_protocol, business.industry, Interoperability, Services computing, IPTV, computer.software_genre, Identity management, Computer Science Applications, World Wide Web, Internet protocol suite, Intelligent Network, The Internet, Electrical and Electronic Engineering, business, computer, Interactive media, Heterogeneous network
Abstract

Today's consumers have a wide variety of interactive media and services at their disposal, for instance, through IPTV networks, the Internet, and in-home and mobile networks. A major problem, however, is that media and services do not interoperate across networks because they use different user identities, metadata formats, and signaling protocols, for example. As a result, users cannot easily combine media and services from different network infrastructures and share them in an integrated manner with their family and friends. In addition to limiting people's media experience, this also hinders the introduction of new services and business models as providers cannot easily develop and operate cross-network services. The goal of our work is to overcome this problem by means of an open and intelligent service platform that allows applications to easily combine media and services from different network infrastructures, and enables consumers to easily share them in an integrated way. The platform includes support for managing multi-user sessions across networks, context-aware recommendations, and cross-network identity management. While there has been prior work on platforms for converged media, our platform is unique in that it provides open, intelligent, and interoperable facilities for sharing media and services across network infrastructures. In addition, our work involves several specific innovations, for instance, pertaining to cross-network session management and synchronization. In this article we discuss the platform, its most important enabling services, and some of the applications we have built on top of it. We also briefly consider the new kinds of business models our platform makes possible.

Published
2010

8. Intelligent multimedia presentation in ubiquitous multidevice scenarios

Author

Stefan Meissner, Pablo Cesar, Ishan Vaishnavi, Cristian Hesselman, R. Kernchen, Klaus Moessner, Matthieu Boussard, and Distributed and Interactive Systems

Subjects
Flexibility (engineering), Ubiquitous computing, Multimedia, Computer science, business.industry, media_common.quotation_subject, computer.software_genre, Computer Science Applications, Personalization, Presentation, Interactivity, User experience design, Hardware and Architecture, Human–computer interaction, Technical Presentation, Signal Processing, Media Technology, Adaptation (computer science), business, computer, Software, media_common
Abstract

This intelligent multimedia adaptation and delivery framework tailors to ubiquitous environments, so that users can experience multimedia content using multiple devices in various mobility situations. Multidevice environments offer the potential to enhance the user experience in terms of flexibility and interactivity and will enable novel applications in education, entertainment, collaboration, and communication. We analyzed the different processing steps and defined related framework functionalities such as the generation of the presentation schedule, the computation of the presentation-environment matches, personalization through situation learning, and device(s)-tailored presentation delivery.

Published
2010

9. Managing Personal Communication Environments in Next Generation Service Platforms

Author

Ralf Kernchen, Anna V. Zhdanova, Claudia Villalonga, Mathieu Boussard, Cristian Hesselman, E. Clavier, Pablo Cesar, and Distributed and Interactive Systems

Subjects
Service (systems architecture), Multimedia, business.industry, Service delivery framework, Computer science, Service design, Service discovery, Mobile computing, Differentiated service, computer.software_genre, Context awareness, Mobile telephony, business, computer, Computer network
Abstract

The current access to mobile services a user has, is defined by the user's mobile terminal as the single entry point to an operators network. This comes along with a set of limitations. Although performance and multimedia capabilities of mobile devices are constantly increasing, user-service interaction is still limited due to physical constraints imposed by the form factor. Another drawback is the varying ability of devices to download and execute new services. At the same time it is not possible to synchronise, exchange or share the user's data and media content among different devices. In order to overcome these limitations this paper presents the concept of the Distributed Communication Sphere and the according architectural framework that allows its management. This framework defines functional components to enable multi-device delivery of communication and media service sessions, user input interpretation, terminal management and resource discovery. It also provides flexible service delivery through the dynamic desktop component and relies on intelligent service enablers of the underlying service platform architecture, such as context-awareness, service provisioning and personal profile enablers. The work has been performed as part of the EU IST-SPICE (027617) project targeting intelligent extensions for next generation service platforms.

Published
2007

10. Mobile Wireless Middleware, Operating Systems and Applications - Workshops : Mobilware 2009 Workshops, Berlin, Germany, April 28-29, 2009, Revised Selected Papers

Author

Cristian Hesselman and Cristian Hesselman

Subjects
Mobile computing--Congresses, Wireless communication systems--Congresses, Middleware--Congresses
Abstract

Software systems for wireless and mobile communications are a key component in pervasive computing and are crucial for the materialization of easy-to-use and intel- gent services that people can use ubiquitously. As indicated by its acronym (MOBILe Wireless MiddleWARE, Operating Systems, and Applications), these are the type of systems that form the topic of the MOBILWARE conferencing series. In particular, the goal of MOBILWARE is to provide a forum for researchers and practitioners to disseminate and discuss recent advances in software systems for wireless and mobile communications, ranging from work on communication middleware and operating systems to networking protocols and applications. For its second edition, held in Berlin in April 2009, the MOBILWARE Organizing Committee decided to add a full day of workshops on topics related to the main c- ference. Our goals were threefold: 1. Put together a high-quality workshop program consisting of a few focused wo- shops that would provide ample time for discussion, thus enabling presenters to quickly advance their work and workshop attendees to quickly get an idea of - going work in selected research areas. 2. Provide a more complete picture of ongoing work by not only including technical workshops, but also workshops on business and user aspects. We expected that this multi-viewpoint approach would be an added value as technology, business m- els, and user experiences are usually interrelated. 3. Create a breeding ground for submissions for MOBILWARE 2010 and beyond.

Published
2009

11. Delivering Live Multimedia Streams to Mobile Hosts in a Wireless Internet with Multiple Content Aggregators.

Author

Cristian Hesselman, Henk Eertink, Ing Widya, and Erik Huizer

Subjects
MOBILE communication systems, WIRELESS communications, INTERNET service providers, INTERNET industry
Abstract

Abstract We consider the distribution of channels of live multimedia content (e.g., radio or TV broadcasts) via multiple content aggregators. In our work, an aggregator receives channels from content sources and redistributes them to a potentially large number of mobile hosts. Each aggregator can offer a channel in various configurations to cater for different wireless links, mobile hosts, and user preferences. As a result, a mobile host can generally choose from different configurations of the same channel offered by multiple alternative aggregators, which may be available through different interfaces (e.g., in a hotspot). A mobile host may need to handoff to another aggregator once it receives a channel. To prevent service disruption, a mobile host may for instance need to handoff to another aggregator when it leaves the subnets that make up its current aggregators service area (e.g., a hotspot or a cellular network). [ABSTRACT FROM AUTHOR]

Published
2005

Catalog

Books, media, physical & digital resources
See catalog results