Your search keyword '"Isabelle Chrisment"' showing total 52 results

1. Comparative Assessment of Process Mining for Supporting IoT Predictive Security

Author

Rémi Badonnel, Jerome Francois, Adrien Hemmer, Mohamed Abderrahim, Isabelle Chrisment, Resilience and Elasticity for Security and ScalabiliTy of dynamic networked systems (RESIST), Inria Nancy - Grand Est, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Networks, Systems and Services (LORIA - NSS), Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS), TELECOM Nancy, Université de Lorraine (UL), This work has been partially supported by the SecureIoT project, funded by the European Union’s Horizon 2020 research and innovation programme under grant agreement no. 779899, the exploited datasets have been provided by IDIADA UK, it’s OWL, which has worked with FUJITSU, and LuxAI., and European Project: 779899,H2020,SecureIoT(2018)

Subjects

Local outlier factor, Computer Networks and Communications, Computer science, Distributed computing, Complex system, Decision tree, Process mining, 020206 networking & telecommunications, 02 engineering and technology, Data modeling, Machine Learning, Security Management, Internet-of-Things, Process Mining, [INFO.INFO-LG]Computer Science [cs]/Machine Learning [cs.LG], Software deployment, 0202 electrical engineering, electronic engineering, information engineering, Data Mining, [INFO]Computer Science [cs], Security management, Isolation (database systems), Electrical and Electronic Engineering

Abstract

International audience; The growth of the Internet-of-Things (IoT) has been characterized by the large-scale deployment of sensors and connected objects. These ones are integrated with other Internet resources in order to elaborate more complex systems and applications. Security management is a major challenge for these systems due to their complexity, their heterogeneity and the limited resources of their devices. In this paper we evaluate the exploitability and performance of a process mining approach for detecting misbehaviors in such systems. We describe the considered architecture and detail its operation, from the generation of behavioral models to the detection of potential attacks. We formalize several alternative commonly-used detection methods, including elliptic envelope, support-vector machine, local outlier factor, and isolation forest techniques. After presenting a proofof-concept prototype, we quantify comparatively the benefits and limits of our process mining solution combined with data preprocessing, through extensive experiments based on different industrial datasets.

Published

2021

2. Capturing Privacy-Preserving User Contexts with IndoorHash

Author

Romain Rouvoy, Isabelle Chrisment, Lakhdar Meftah, Self-adaptation for distributed services and large software systems (SPIRALS), Inria Lille - Nord Europe, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre de Recherche en Informatique, Signal et Automatique de Lille - UMR 9189 (CRIStAL), Centrale Lille-Université de Lille-Centre National de la Recherche Scientifique (CNRS)-Centrale Lille-Université de Lille-Centre National de la Recherche Scientifique (CNRS), Institut Universitaire de France (IUF), Ministère de l'Education nationale, de l’Enseignement supérieur et de la Recherche (M.E.N.E.S.R.), Resilience and Elasticity for Security and ScalabiliTy of dynamic networked systems (RESIST), Inria Nancy - Grand Est, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Networks, Systems and Services (LORIA - NSS), Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS), Inria Project Lab BetterNet BetterNet, Anne Remke, Valerio Schiavoni, and ANR-15-CE25-0013,BottleNet,Comprendre et diagnostiquer les dégradations des communications de bout en bout dans l'Internet(2015)

Subjects

050101 languages & linguistics, Mobile computing, business.industry, Computer science, Scale (chemistry), 05 social sciences, [INFO.INFO-DS]Computer Science [cs]/Data Structures and Algorithms [cs.DS], Context (language use), 02 engineering and technology, Data science, Article, Environmental data, Privacy preserving, [INFO.INFO-IU]Computer Science [cs]/Ubiquitous Computing, User privacy, [INFO.INFO-MC]Computer Science [cs]/Mobile Computing, Order (business), 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, 0501 psychology and cognitive sciences, Location hash, Internet of Things, business

Abstract

International audience; IoT devices are ubiquitous and widely adopted by end-users to gather personal and environmental data that often need to be put into context in order to gain insights. In particular, location is often a critical context information that is required by third parties in order to analyse such data at scale. However, sharing this information is i) sensitive for the user privacy and ii) hard to capture when considering indoor environments.This paper therefore addresses the challenge of producing a new location hash, named IndoorHash, that captures the indoor location of a user, without disclosing the physical coordinates, thus preserving their privacy. This location hash leverages surrounding infrastructure, such as WiFi access points, to compute a key that uniquely identifies an indoor location.Location hashes are only known from users physically visiting these locations, thus enabling a new generation of privacy-preserving crowdsourcing mobile applications that protect from third parties re-identification attacks. We validate our results with a crowdsourcing campaign of 30 mobile devices during 4 weeks of data collection.

Published

2020

3. Mitigating TCP Protocol Misuse With Programmable Data Planes

Author

Raouf Boutaba, Shihabur Rahman Chowdhury, Abir Laraba, Isabelle Chrisment, Jerome Francois, Resilience and Elasticity for Security and ScalabiliTy of dynamic networked systems (RESIST), Inria Nancy - Grand Est, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Networks, Systems and Services (LORIA - NSS), Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS), University of Waterloo [Waterloo], TELECOM Nancy, and Université de Lorraine (UL)

Subjects

Monitoring, Computer Networks and Communications, Computer science, Transmission Control Protocol, Throughput, 02 engineering and technology, SDN, Stateful firewall, Programmable data plane, 0202 electrical engineering, electronic engineering, information engineering, Forwarding plane, [INFO]Computer Science [cs], Electrical and Electronic Engineering, Protocol (object-oriented programming), Explicit Congestion Notification, ECN, business.industry, Extended finite-state machine, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, P4, 020206 networking & telecommunications, EFSM, Programming paradigm, Security, business, Optimistic ACK, Computer network

Abstract

International audience; This paper proposes a new approach for detecting and mitigating the impact of misbehaving TCP end-hosts, specifically the Optimistic ACK attack, and Explicit Congestion Notification (ECN) abuse. In contrast to the state-of-the-art, we show that it is possible to mitigate such misbehavior leveraging emerging programmable data planes while not requiring any end-host or protocol modifications. A key challenge in doing so is to implement expressive, complex and stateful functions in the data plane within its restricted programming model. In this regard, we propose a security monitoring function that uses Extended Finite State Machine (EFSM) abstraction for monitoring stateful protocols in the data plane. We also design a mechanism for mapping a protocol's EFSM to programmable data plane primitives. Our evaluation results demonstrate that our approach can fully or partially restore the throughput loss caused by misbehaving end-hosts that manipulate TCP congestion control through misinformation.

Published

2021

4. Encrypted HTTP/2 Traffic Monitoring: Standing the Test of Time and Space

Author

Olivier Bettan, Pierre-Olivier Brissaud, Jerome Francois, Thibault Cholez, Isabelle Chrisment, Resilience and Elasticity for Security and ScalabiliTy of dynamic networked systems (RESIST), Inria Nancy - Grand Est, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Networks, Systems and Services (LORIA - NSS), Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL), Thales Services, THALES, Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS), THALES [France], ANR-19-CE39-0011,PRESTO,Traitement des flux chiffré s pour la gestion du trafic(2019), European Project: 830927,CONCORDIA(2019), and François, Jérôme

Subjects

Service (systems architecture), Traffic analysis, Computer science, 0211 other engineering and technologies, Cryptography, 02 engineering and technology, computer.software_genre, Encryption, Computer security, [INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI], Traffic Analysis, TLS, 0202 electrical engineering, electronic engineering, information engineering, Set (psychology), 021110 strategic, defence & security studies, [INFO.INFO-NI] Computer Science [cs]/Networking and Internet Architecture [cs.NI], business.industry, 020206 networking & telecommunications, Test (assessment), Privacy, Encrypted Traffic, Web service, business, computer

Abstract

International audience; Encrypted HTTP/2 (h2) has been worldwide adopted since its official release in 2015. The major services over Internet use it to protect the user privacy against traffic interception. However, under the guise of privacy, one can hide the abnormal or even illegal use of a service. It has been demonstrated that machine learning algorithms combined with a proper set of features are still able to identify the incriminated traffic even when it is encrypted with h2. However, it can also be used to track normal service use and so endanger privacy of Internet users. Independently of the final objective, it is extremely important for a security practitioner to understand the efficiency of such a technique and its limit. No existing research has been achieved to assess how generic is it to be directly applicable to any service or website and how long an acceptable accuracy can be maintained. This paper addresses these challenges by defining an experimental methodology applied on more than 3000 different websites and also over four months continuously. The results highlight that an off-the-shelf machine-learning method to classify h2 traffic is applicable to many websites but a weekly training may be needed to keep the model accurate.

Published

2020

5. Empowering Mobile Crowdsourcing Apps with User Privacy Control

Author

Lakhdar Meftah, Romain Rouvoy, Isabelle Chrisment, Self-adaptation for distributed services and large software systems (SPIRALS), Inria Lille - Nord Europe, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre de Recherche en Informatique, Signal et Automatique de Lille - UMR 9189 (CRIStAL), Centrale Lille-Université de Lille-Centre National de la Recherche Scientifique (CNRS)-Centrale Lille-Université de Lille-Centre National de la Recherche Scientifique (CNRS), Institut Universitaire de France (IUF), Ministère de l'Education nationale, de l’Enseignement supérieur et de la Recherche (M.E.N.E.S.R.), Resilience and Elasticity for Security and ScalabiliTy of dynamic networked systems (RESIST), Inria Nancy - Grand Est, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Networks, Systems and Services (LORIA - NSS), Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS), Inria Project Lab BetterNet BetterNet, and ANR-15-CE25-0013,BottleNet,Comprendre et diagnostiquer les dégradations des communications de bout en bout dans l'Internet(2015)

Subjects

Computer Networks and Communications, Computer science, media_common.quotation_subject, 02 engineering and technology, Crowdsourcing, Theoretical Computer Science, World Wide Web, [INFO.INFO-IU]Computer Science [cs]/Ubiquitous Computing, [INFO.INFO-MC]Computer Science [cs]/Mobile Computing, Software, Artificial Intelligence, Server, 0202 electrical engineering, electronic engineering, information engineering, Mobile Crowdsourcing, Quality (business), media_common, Distributed Applications, Data anonymization, business.industry, 020206 networking & telecommunications, Location Privacy Protection Mechanism, Metadata, Information sensitivity, Hardware and Architecture, 020201 artificial intelligence & image processing, Location Privacy, [INFO.INFO-DC]Computer Science [cs]/Distributed, Parallel, and Cluster Computing [cs.DC], business, Mobile device

Abstract

International audience; Mobile crowdsourcing is being increasingly used by industrial and research communities to build realistic datasets. By leveraging the capabilities of mobile devices, mobile crowdsourcing apps can be used to track participants’ activity and to collect insightful reports from the environment (e.g., air quality, network quality). However, most of existing crowdsourced datasets systematically tag data samples with metadata (e.g., time and location stamps), which may inevitably lead to user privacy leaks by discarding sensitive information in the wild.This article addresses this critical limitation of the state of the art by proposing a software library that empower legacy mobile crowsourcing apps to increase user privacy without compromising the overall quality of the crowdsourced datasets. We propose a decentralized approach, named FOUGERE, to convey data samples from user devices to third-party servers. By introducing an a priori data anonymization process, we show that FOUGERE defeats state-of-the-art location-based privacy attacks with little impact on the quality of crowdsourced datasets.

Published

2020

6. Detecting a Stealthy Attack in Distributed Control for Microgrids using Machine Learning Algorithms

Author

Isabelle Chrisment, Mingxiao Ma, Abdelkader Lahmadi, Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS), Resilience and Elasticity for Security and ScalabiliTy of dynamic networked systems (RESIST), Inria Nancy - Grand Est, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Networks, Systems and Services (LORIA - NSS), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS), Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria), Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), and Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)

Subjects

0209 industrial biotechnology, Microgrid, Computer science, Attack detection, 02 engineering and technology, Man-in-the-middle attack, Machine learning, computer.software_genre, [INFO.INFO-AI]Computer Science [cs]/Artificial Intelligence [cs.AI], [INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI], [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR], 020901 industrial engineering & automation, 0202 electrical engineering, electronic engineering, information engineering, [INFO.INFO-SY]Computer Science [cs]/Systems and Control [cs.SY], Leverage (statistics), 9. Industry and infrastructure, Network packet, business.industry, CPS systems, Telecommunications network, Random forest, Control system, Security, 020201 artificial intelligence & image processing, Artificial intelligence, Distributed control system, business, Algorithm, computer

Abstract

International audience; With the increasing penetration of inverter-based distributed generators (DG) into low-voltage distribution micro-grid systems, it is of great importance to guarantee their safe and reliable operations. These systems leverage communication networks to implement a distributed and cooperative control structure. However, the detection of stealthy attacks with a large impact and weak detection signals on such distributed control systems is rarely studied. In this paper, we address the problem of detecting a stealthy attack, named MaR, on the communication network of a microgrid while an attacker modifies the voltage measurement with the reference values. We collect datasets from a hardware platform modeled after a simplified microgrid and running the MaR attack performed with a Man-in-the-Middle (MitM) technique. We use the collected datasets to compare different attack detection algorithms based on multiple categories of machine learning algorithms. Our results show that the Random Forest algorithm outperforms the others to detect suspicious packets modified by a MitM attacker with an accuracy close to 97%.

Published

2020

7. A Process Mining Approach for Supporting IoT Predictive Security

Author

Isabelle Chrisment, Rémi Badonnel, Adrien Hemmer, Resilience and Elasticity for Security and ScalabiliTy of dynamic networked systems (RESIST), Inria Nancy - Grand Est, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Networks, Systems and Services (LORIA - NSS), Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS), TELECOM Nancy, Université de Lorraine (UL), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS), and European Project: 779899,H2020,SecureIoT(2018)

Subjects

Internet resources, Computer science, Distributed computing, 0211 other engineering and technologies, Process mining, Pro- cess Mining, 02 engineering and technology, Process Mining, Security Management, Order (exchange), 0202 electrical engineering, electronic engineering, information engineering, Data Mining, Security management, [INFO]Computer Science [cs], Architecture, ComputingMilieux_MISCELLANEOUS, 021110 strategic, defence & security studies, business.industry, 020206 networking & telecommunications, Index Terms-Security Management, Internet-of-Things, Software deployment, Anomaly Detection, Anomaly detection, Internet of Things, business

Abstract

International audience; The growing interest for the Internet-of-Things (IoT) is supported by the large-scale deployment of sensors and connected objects. These ones are integrated with other Internet resources in order to elaborate more complex and value-added systems and applications. While important efforts have been done for their protection, security management is a major challenge for these systems, due to their complexity, their heterogeneity and the limited resources of their devices. In this paper we introduce a process mining approach for detecting misbehaviors in such systems. It permits to characterize the behavioral models of IoT-based systems and to detect potential attacks, even in the case of heterogenous protocols and platforms. We then describe and formalize its underlying architecture and components, and detail a proof-of-concept prototype. Finally, we evaluate the performance of this solution through extensive experiments based on real industrial datasets.

Published

2020

8. A Process Mining Tool for Supporting IoT Security

Author

Isabelle Chrisment, Rémi Badonnel, Jerome Francois, Adrien Hemmer, Resilience and Elasticity for Security and ScalabiliTy of dynamic networked systems (RESIST), Inria Nancy - Grand Est, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Networks, Systems and Services (LORIA - NSS), Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS), TELECOM Nancy, Université de Lorraine (UL), Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), and Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)

Subjects

060201 languages & linguistics, Computer science, business.industry, Internet resources, Process mining, 06 humanities and the arts, 02 engineering and technology, Data science, 0602 languages and literature, Container (abstract data type), 0202 electrical engineering, electronic engineering, information engineering, Normalization (sociology), 020201 artificial intelligence & image processing, The Internet, Security management, [INFO]Computer Science [cs], Internet of Things, business, Cluster analysis

Abstract

International audience; The development of the Internet has been characterized by a growing interest for the Internet-of-Things (IoT). In particular, connected devices are integrated to other Internet resources (such as cloud resources) to elaborate value-added services. However, they pose important challenges with respect to security management due to their heterogeneity, their distribution , and their limited resources. In this demonstration, we present a process mining toool for supporting IoT security. This tool is capable to automate the detection of misbehaviours and attacks in large and heterogeneous IoT infrastructures, based on process mining techniques combined with normalization and clustering data pre-processing. We detail the different building blocks of this tool provided into a docker container, and illustrate its operations with different scenarios.

Published

2020

9. Transparent and Service-Agnostic Monitoring of Encrypted Web Traffic

Author

Olivier Bettan, Jerome Francois, Isabelle Chrisment, Pierre-Olivier Brissaud, Thibault Cholez, Resilience and Elasticity for Security and ScalabiliTy of dynamic networked systems (RESIST), Inria Nancy - Grand Est, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Networks, Systems and Services (LORIA - NSS), Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL), Thales Services, THALES, Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS), and THALES [France]

Subjects

Service (systems architecture), Traffic analysis, Computer Networks and Communications, Computer science, Cryptography, 02 engineering and technology, Security policy, computer.software_genre, Encryption, [INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI], Web traffic, Web page, TLS, 0202 electrical engineering, electronic engineering, information engineering, Electrical and Electronic Engineering, business.industry, 020206 networking & telecommunications, Privacy, Encrypted Traffic, Web service, business, computer, Computer network

Abstract

International audience; Nowadays, most of Web services are accessed through HTTPS. While preserving user privacy is important, it is also mandatory to monitor and detect specific users' actions, for instance, according to a security policy. This paper presents a solution to monitor HTTP/2 traffic over TLS. It highly differs from HTTP/1.1 over TLS traffic what makes existing monitoring techniques obsolete. Our solution, H2Classifier, aims at detecting if a user performs an action that has been previously defined over a monitored Web service, but without using any decryption. It is thus only based on passive traffic analysis and relies on random forest classifier. A challenge is to extract representative values of the loaded content associated to a Web page, which is actually customized based on the user action. Extensive evaluations with five top used Web services demonstrate the viability of our technique with an accuracy between 94% and 99%.

Published

2019

10. FOUGERE: User-Centric Location Privacy in Mobile Crowdsourcing Apps

Author

Isabelle Chrisment, Romain Rouvoy, Lakhdar Meftah, Self-adaptation for distributed services and large software systems (SPIRALS), Inria Lille - Nord Europe, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre de Recherche en Informatique, Signal et Automatique de Lille - UMR 9189 (CRIStAL), Centrale Lille-Université de Lille-Centre National de la Recherche Scientifique (CNRS)-Centrale Lille-Université de Lille-Centre National de la Recherche Scientifique (CNRS), Institut Universitaire de France (IUF), Ministère de l'Education nationale, de l’Enseignement supérieur et de la Recherche (M.E.N.E.S.R.), Resilience and Elasticity for Security and ScalabiliTy of dynamic networked systems (RESIST), Inria Nancy - Grand Est, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Networks, Systems and Services (LORIA - NSS), Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS), Inria Project Lab BetterNet BetterNet, José Pereira, Laura Ricci, IPL Betternet, TC 6, WG 6.1, ANR-15-CE25-0013,BottleNet,Comprendre et diagnostiquer les dégradations des communications de bout en bout dans l'Internet(2015), Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre de Recherche en Informatique, Signal et Automatique de Lille (CRIStAL) - UMR 9189 (CRIStAL), Ecole Centrale de Lille-Université de Lille-Centre National de la Recherche Scientifique (CNRS)-Ecole Centrale de Lille-Université de Lille-Centre National de la Recherche Scientifique (CNRS), and ANR-15-CE25-0013,BottleNet,Comprendre et diagnostiquer les dégradations des communications de bout en bout dans l’Internet(2015)

Subjects

050101 languages & linguistics, Computer science, media_common.quotation_subject, 02 engineering and technology, [INFO.INFO-SE]Computer Science [cs]/Software Engineering [cs.SE], Crowdsourcing, World Wide Web, [INFO.INFO-IU]Computer Science [cs]/Ubiquitous Computing, [INFO.INFO-MC]Computer Science [cs]/Mobile Computing, 0202 electrical engineering, electronic engineering, information engineering, 0501 psychology and cognitive sciences, Quality (business), [INFO]Computer Science [cs], Air quality index, media_common, User-centered design, Location privacy, business.industry, 05 social sciences, [INFO.INFO-WB]Computer Science [cs]/Web, Information sensitivity, User privacy, mobile crowdsourcing, 020201 artificial intelligence & image processing, [INFO.INFO-OS]Computer Science [cs]/Operating Systems [cs.OS], business, Mobile device, LPPM

Abstract

International audience; Mobile crowdsourcing is being increasingly used by industrial and research communities to build realistic datasets. By leveraging the capabilities of mobile devices, mobile crowdsourcing apps can be used to track participants' activity and to collect insightful reports from the environment (e.g., air quality, network quality). However, most of existing crowdsourced datasets systematically tag data samples with time and location stamps, which may inevitably lead to user privacy leaks by discarding sensitive information. This paper addresses this critical limitation of the state of the art by proposing a software library that improves user privacy without compromising the overall quality of the crowdsourced datasets. We propose a decentralized approach, named Fougere, to convey data samples from user devices to third-party servers. By introducing an a priori data anonymization process, we show that Fougere defeats state-of-the-art location-based privacy attacks with little impact on the quality of crowd-sourced datasets.

Published

2019

11. Testing Nearby Peer-to-Peer Mobile Apps at Large

Author

Isabelle Chrisment, Lakhdar Meftah, Romain Rouvoy, Self-adaptation for distributed services and large software systems (SPIRALS), Inria Lille - Nord Europe, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre de Recherche en Informatique, Signal et Automatique de Lille - UMR 9189 (CRIStAL), Centrale Lille-Université de Lille-Centre National de la Recherche Scientifique (CNRS)-Centrale Lille-Université de Lille-Centre National de la Recherche Scientifique (CNRS), Institut Universitaire de France (IUF), Ministère de l'Education nationale, de l’Enseignement supérieur et de la Recherche (M.E.N.E.S.R.), Resilience and Elasticity for Security and ScalabiliTy of dynamic networked systems (RESIST), Inria Nancy - Grand Est, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Networks, Systems and Services (LORIA - NSS), Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS), Inria Project Lab BetterNet BetterNet, Denys Poshyvanyk, Ivano Malavolta, BETTERNET, and ANR-15-CE25-0013,BottleNet,Comprendre et diagnostiquer les dégradations des communications de bout en bout dans l'Internet(2015)

Subjects

Integration testing, Computer science, Population, 02 engineering and technology, [INFO.INFO-SE]Computer Science [cs]/Software Engineering [cs.SE], Peer-to-peer, computer.software_genre, law.invention, Bluetooth, [INFO.INFO-IU]Computer Science [cs]/Ubiquitous Computing, [INFO.INFO-MC]Computer Science [cs]/Mobile Computing, law, 0202 electrical engineering, electronic engineering, information engineering, Wireless, education, Peer-to-peer communications, education.field_of_study, Multimedia, business.industry, 020207 software engineering, Software deployment, Mobile apps, 020201 artificial intelligence & image processing, The Internet, Integration Test, Google Nearby, business, computer, Mobile device

Abstract

International audience; While mobile devices are widely adopted across the population, most of their remote interactions usually go through Internet. However, this indirect interaction model can be assumed as inefficient and sensitive when considering communications with neighboring devices. To leverage such weaknesses, nearby peer-to-peer(P2P) communications are now included in mobile devices to enable device-to-device communications over standard wireless technologies (WiFi, Bluetooth). While this capability supports the design of collaborative whiteboards, local multiplayer gaming, multi-screen gaming, offline file transfers and many other applications, mobile apps using P2P are still suffering from app crashes, battery issues, and bad user reviews and ranking in app stores. We believe that this lack of quality can be partly attributed to the lack of tool support for testing P2P mobile apps at large. In this paper, we introduce a testing framework that allows developers to automate reproducible testing of nearby P2P apps. Beyond the identification of P2P-related bugs, our approach also helps to estimate the discovery settings to optimize the deployment of P2P apps.

Published

2019

12. A Distributed Monitoring Strategy for Detecting Version Number Attacks in RPL-Based Networks

Author

Isabelle Chrisment, Anthéa Mayzaud, Rémi Badonnel, Management of dynamic networks and services (MADYNES), Inria Nancy - Grand Est, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Networks, Systems and Services (LORIA - NSS), Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS), Department of Networks, Systems and Services (LORIA - NSS), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Inria Nancy - Grand Est, Institut National de Recherche en Informatique et en Automatique (Inria), Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), and Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)

Subjects

Routing protocol, Exploit, Computer Networks and Communications, business.industry, Computer science, Node (networking), Distributed computing, 020206 networking & telecommunications, 02 engineering and technology, Network topology, Maintenance engineering, [INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI], Scalability, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Electrical and Electronic Engineering, Routing (electronic design automation), business, Protocol (object-oriented programming), Computer network

Abstract

International audience; The Internet of Things is characterized by the large-scale deployment of low power and lossy networks (LLN), interconnecting pervasive objects. The routing protocol for LLN (RPL) protocol has been standardized by IETF to enable a lightweight and robust routing in these constrained networks. A versioning mechanism is incorporated into RPL in order to maintain an optimized topology. However, an attacker can exploit this mechanism to significantly damage the network and reduce its lifetime. After analyzing and comparing existing work, we propose in this paper a monitoring strategy with dedicated algorithms for detecting such attacks and identifying the involved malicious nodes. The performance of this solution is evaluated through extensive experiments, and its scalability is quantified with the support of a monitoring node placement optimization method.

Published

2017

13. Implementation and Evaluation of a Controller-Based Forwarding Scheme for NDN

Author

Isabelle Chrisment, Thomas Silverston, Elian Aubry, Management of dynamic networks and services (MADYNES), Inria Nancy - Grand Est, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Networks, Systems and Services (LORIA - NSS), Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS), and IEEE

Subjects

business.industry, Computer science, Distributed computing, 05 social sciences, Testbed, IP forwarding, [SCCO.COMP]Cognitive science/Computer science, 050801 communication & media studies, 020206 networking & telecommunications, 02 engineering and technology, computer.software_genre, Network topology, 0508 media and communications, Virtual machine, 0202 electrical engineering, electronic engineering, information engineering, The Internet, Routing (electronic design automation), business, computer, Host (network), Protocol (object-oriented programming), Computer network

Abstract

International audience; Named-Data Networking (NDN) is a novel clean-slate architecture for Future Internet. It has been designed to take into account a new use of the Internet and especially accessing content for a large number of users, and it integrates several features such as in-network caching, security or multipath. As NDN relies on content names instead of host address, it cannot rely on traditional Internet routing, and it is therefore essential to propose a routing scheme adapted for NDN. To this end, in this paper, we present SRSC, our SDN-based Routing Scheme for CCN/NDN and its implementation. SRSC relies on the SDN paradigm.A controller is responsible to forward decisions and to set up rules into NDN nodes. We implement SRSC into NDNx and we also deploy an NDN testbed within a virtual environment and real ISP topology in order to evaluate the performances of our proposal with real-world experiments. We demonstrate the feasibility of SRSC and its ability to forward Interest messages in a fully deployed NDN environment, while keeping low overhead and computation time and high caching performances.

Published

2017

14. Exploring Smartphone Application Usage Logs with Declared Sociological Information

Author

Simon Charneau, Vassili Rivron, Mohammad Irfan Khan, Isabelle Chrisment, Management of dynamic networks and services ( MADYNES ), Inria Nancy - Grand Est, Institut National de Recherche en Informatique et en Automatique ( Inria ) -Institut National de Recherche en Informatique et en Automatique ( Inria ) -Department of Networks, Systems and Services ( LORIA - NSS ), Laboratoire Lorrain de Recherche en Informatique et ses Applications ( LORIA ), Institut National de Recherche en Informatique et en Automatique ( Inria ) -Université de Lorraine ( UL ) -Centre National de la Recherche Scientifique ( CNRS ) -Institut National de Recherche en Informatique et en Automatique ( Inria ) -Université de Lorraine ( UL ) -Centre National de la Recherche Scientifique ( CNRS ) -Laboratoire Lorrain de Recherche en Informatique et ses Applications ( LORIA ), Institut National de Recherche en Informatique et en Automatique ( Inria ) -Université de Lorraine ( UL ) -Centre National de la Recherche Scientifique ( CNRS ) -Université de Lorraine ( UL ) -Centre National de la Recherche Scientifique ( CNRS ), Université de Lorraine ( UL ), Adaptive Distributed Applications and Middleware ( ADAM ), Laboratoire d'Informatique Fondamentale de Lille ( LIFL ), Université de Lille, Sciences et Technologies-Institut National de Recherche en Informatique et en Automatique ( Inria ) -Université de Lille, Sciences Humaines et Sociales-Centre National de la Recherche Scientifique ( CNRS ) -Université de Lille, Sciences et Technologies-Institut National de Recherche en Informatique et en Automatique ( Inria ) -Université de Lille, Sciences Humaines et Sociales-Centre National de la Recherche Scientifique ( CNRS ) -Inria Lille - Nord Europe, Institut National de Recherche en Informatique et en Automatique ( Inria ), IEEE, ANR : Understanding and Diagnosing End-to-end Communication Bottlenecks of the Internet,BOTTLENET, Management of dynamic networks and services (MADYNES), Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Networks, Systems and Services (LORIA - NSS), Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL), Université de Lorraine (UL), Inria Lille - Nord Europe, Institut National de Recherche en Informatique et en Automatique (Inria), ANR-15-CE25-0013,BottleNet,Comprendre et diagnostiquer les dégradations des communications de bout en bout dans l'Internet(2015), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), and Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)

Subjects

Multiple Correspondence Analysis MCA, Computer science, business.industry, media_common.quotation_subject, Crowdsensing, 020206 networking & telecommunications, Context (language use), 02 engineering and technology, Smartphone application, Mobile Applications, World Wide Web, [ INFO.INFO-CY ] Computer Science [cs]/Computers and Society [cs.CY], Incentive, [INFO.INFO-CY]Computer Science [cs]/Computers and Society [cs.CY], Server, Cultural diversity, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, The Internet, Use case, Sociology of Media, business, Diversity (politics), media_common

Abstract

International audience; In this paper we present an exploratory smartphone usage study with logs collected from users in the wild, combined with the sociodemographic, technological and cultural information provided by them. We observe a high diversity among users' most used applications, but by classifying applications into services we find significant correlations between service usage and socio-demographic profile. We discuss that sociological information has rich potential in characterizing smartphone usage and can be applied to interesting incentive strategies and use cases based on users' sociological context.

Published

2016

15. Improving SNI-based HTTPS Security Monitoring

Author

Thibault Cholez, Jerome Francois, Wazen M. Shbair, Isabelle Chrisment, Management of dynamic networks and services (MADYNES), Inria Nancy - Grand Est, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Networks, Systems and Services (LORIA - NSS), Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS), Flamingo, a Network of Excellence project (ICT-318488), and Cholez, Thibault

Subjects

SNi, SNI, Computer science, 02 engineering and technology, security, Computer security, computer.software_genre, Encryption, Firewall (construction), [INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI], Server, Web traffic, TLS, 0202 electrical engineering, electronic engineering, information engineering, [INFO.INFO-NI] Computer Science [cs]/Networking and Internet Architecture [cs.NI], business.industry, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, 020206 networking & telecommunications, Network monitoring, firewall, monitoring, Server Name Indication, 020201 artificial intelligence & image processing, Anomaly detection, business, computer, Computer network

Abstract

International audience; Recent surveys show that the proportion of encrypted web traffic is quickly increasing. On one side, it provides users with essential properties of security and privacy, but on the other side, it raises important challenges and issues for organizations, related to the security monitoring of encrypted traffic (filtering, anomaly detection, etc.). This paper proposes to improve a recent technique for HTTPS traffic monitoring that is based on the Server Name Indication (SNI) field of TLS and which has been implemented in many firewall solutions. This method currently has some weaknesses that can be used to bypass firewalls by overwriting the SNI value of new TLS connections. Our investigation shows that 92% of the HTTPS websites surveyed in this paper can be accessed with a fake SNI. Our approach verifies the coherence between the real destination server and the claimed value of SNI by relying on a trusted DNS service. Experimental results show the ability to overcome the shortage of SNI-based monitoring by detecting forged SNI values while having a very small false positive rate (1.7%). The overhead of our solution only adds negligible delays to access HTTPS websites. The proposed method opens the door to improve global HTTPS monitoring and firewall systems.

Published

2016

16. Green growth in NDN: Deployment of content stores

Author

Isabelle Chrisment, Thomas Silverston, Elian Aubry, Management of dynamic networks and services (MADYNES), Inria Nancy - Grand Est, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Networks, Systems and Services (LORIA - NSS), Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL), IEEE, Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), and Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)

Subjects

020203 distributed computing, CPU cache, business.industry, Computer science, Distributed computing, Node (networking), 05 social sciences, [SCCO.COMP]Cognitive science/Computer science, 02 engineering and technology, NDN, Network topology, Software deployment, Server, Architecture, 0502 economics and business, 0202 electrical engineering, electronic engineering, information engineering, Resource management, The Internet, Cache, 050207 economics, Evaluation, business, Simulation, Green Growth, Computer network

Abstract

International audience; Named-Data Networking architecture relies on cache networks, where nodes store the data for further requests. However, the memory needed at each node called Content Store represents the most significant part of the entire cost of the infrastructure that has to be supported by network providers, making difficult the change from the current Internet infrastructure to a Future Internet based on NDN. Thus, a legitimate question would be: "are all these Content Stores useful in a large-scale NDN network?" In this paper, we investigate theimpact of Content Stores in NDN network, and we evaluate the performances of the NDN architecture according to the number of Content Stores effectively deployed in the network. We show through extensive simulation experiments in NS-3 that only about 50% of nodes with Content Stores is enough to achieve higher level of performances than a fully-deployed NDN network. This result is very important for the deployment of NDN architecture as it shows that the infrastructure cost can be drastically reduced and it is an incentive for network providers that benefits directly from this result.

Published

2016

17. Using the RPL Protocol for Supporting Passive Monitoring in the Internet of Things

Author

Rémi Badonnel, Jürgen Schönwälder, Anthéa Mayzaud, Isabelle Chrisment, Anuj Sehgal, Management of dynamic networks and services (MADYNES), Inria Nancy - Grand Est, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Networks, Systems and Services (LORIA - NSS), Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL), Jacobs University [Bremen], European Project: 318488,EC:FP7:ICT,FP7-ICT-2011-8,FLAMINGO(2012), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), and Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)

Subjects

Routing protocol, Exploit, Computer science, business.industry, 010401 analytical chemistry, Passive monitoring, 020206 networking & telecommunications, 02 engineering and technology, Network monitoring, Network topology, Flow network, 01 natural sciences, 0104 chemical sciences, [INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI], 0202 electrical engineering, electronic engineering, information engineering, Anomaly detection, business, Protocol (object-oriented programming), Computer network

Abstract

International audience; Most devices deployed in the Internet of Things (IoT) are expected to suffer from resource constraints. Using specialized tools on such devices for monitoring IoT networks would take away precious resources that could otherwise be dedicated towards their primary task. In many IoT applications such as Advanced Metering Infrastructure (AMI) networks, higher order devices are expected to form the backbone infrastructure, to which the constrained nodes would connect. It would, as such, make sense to exploit the capabilities of these higher order devices to perform network monitoring tasks. We propose in this paper a distributed monitoring architecture that takes benefits from specificities of the IoT routing protocol RPL to passively monitor events and network flows without having impact upon the resource constrained nodes. We describe the underlying mechanisms of this architecture, quantify its performances through a set of experiments using the Cooja environment. We also evaluate its benefits and limits through a use case scenario dedicated to anomaly detection.

Published

2016

18. A Multi-Level Framework to Identify HTTPS Services

Author

Thibault Cholez, Isabelle Chrisment, Wazen M. Shbair, Jerome Francois, Management of dynamic networks and services (MADYNES), Department of Networks, Systems and Services (LORIA - NSS), Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Inria Nancy - Grand Est, Institut National de Recherche en Informatique et en Automatique (Inria), IEEE/IFIP, Inria Nancy - Grand Est, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Networks, Systems and Services (LORIA - NSS), Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL), and Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)

Subjects

Traffic analysis, Computer science, business.industry, 020206 networking & telecommunications, 02 engineering and technology, Web application security, Encryption, computer.software_genre, Computer security, Hypertext Transfer Protocol over Secure Socket Layer, Identification (information), monitoring, [INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI], fingerprinting, machine learning, traffic analysis, Server, Web page, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Web service, business, computer, Computer network

Abstract

International audience; The development of TLS-based encrypted traffic comes with new challenges related to the management and security analysis of encrypted traffic. There is an essential need for new methods to investigate, with a proper level of identification, the increasing number of HTTPS traffic that may hold security breaches. In fact, although many approaches detect the type of an application (Web, P2P, SSH, etc.) running in secure tunnels, and others identify a couple of specific encrypted web pages through website fingerprinting, this paper proposes a robust technique to precisely identify the services run within HTTPS connections, i.e. to name the services, without relying on specific header fields that can be easily altered. We have defined dedicated features for HTTPS traffic that are used as input for a multi-level identification framework based on machine learning algorithms. Our evaluation based on real traffic shows that we can identify encrypted web services with a high accuracy.

Published

2016

19. Refining smartphone usage analysis by combining crowdsensing and survey

Author

Mohammad Irfan Khan, Isabelle Chrisment, Vassili Rivron, Simon Charneau, Management of dynamic networks and services ( MADYNES ), Inria Nancy - Grand Est, Institut National de Recherche en Informatique et en Automatique ( Inria ) -Institut National de Recherche en Informatique et en Automatique ( Inria ) -Department of Networks, Systems and Services ( LORIA - NSS ), Laboratoire Lorrain de Recherche en Informatique et ses Applications ( LORIA ), Institut National de Recherche en Informatique et en Automatique ( Inria ) -Université de Lorraine ( UL ) -Centre National de la Recherche Scientifique ( CNRS ) -Institut National de Recherche en Informatique et en Automatique ( Inria ) -Université de Lorraine ( UL ) -Centre National de la Recherche Scientifique ( CNRS ) -Laboratoire Lorrain de Recherche en Informatique et ses Applications ( LORIA ), Institut National de Recherche en Informatique et en Automatique ( Inria ) -Université de Lorraine ( UL ) -Centre National de la Recherche Scientifique ( CNRS ) -Université de Lorraine ( UL ) -Centre National de la Recherche Scientifique ( CNRS ), Adaptive Distributed Applications and Middleware ( ADAM ), Laboratoire d'Informatique Fondamentale de Lille ( LIFL ), Université de Lille, Sciences et Technologies-Institut National de Recherche en Informatique et en Automatique ( Inria ) -Université de Lille, Sciences Humaines et Sociales-Centre National de la Recherche Scientifique ( CNRS ) -Université de Lille, Sciences et Technologies-Institut National de Recherche en Informatique et en Automatique ( Inria ) -Université de Lille, Sciences Humaines et Sociales-Centre National de la Recherche Scientifique ( CNRS ) -Inria Lille - Nord Europe, Institut National de Recherche en Informatique et en Automatique ( Inria ), Université de Lorraine ( UL ), Management of dynamic networks and services (MADYNES), Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Networks, Systems and Services (LORIA - NSS), Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL), Adaptive Distributed Applications and Middleware (ADAM), Laboratoire d'Informatique Fondamentale de Lille (LIFL), Université de Lille, Sciences et Technologies-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lille, Sciences Humaines et Sociales-Centre National de la Recherche Scientifique (CNRS)-Université de Lille, Sciences et Technologies-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lille, Sciences Humaines et Sociales-Centre National de la Recherche Scientifique (CNRS)-Inria Lille - Nord Europe, Institut National de Recherche en Informatique et en Automatique (Inria), Université de Lorraine (UL), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), and Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)

Subjects

[ INFO ] Computer Science [cs], Multimedia, Computer science, business.industry, media_common.quotation_subject, [ INFO.INFO-NI ] Computer Science [cs]/Networking and Internet Architecture [cs.NI], User perception, Usage analysis, 020206 networking & telecommunications, 020207 software engineering, Context (language use), Cognition, 02 engineering and technology, computer.software_genre, [INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI], Crowdsensing, Human–computer interaction, Perception, Server, 0202 electrical engineering, electronic engineering, information engineering, [INFO]Computer Science [cs], Mobile telephony, business, computer, media_common

Abstract

International audience; Crowdsensing has been used quite regularly in recent years to study smartphone usage. However context information associated with smartphone usage is mostly of the type geo-localisation, user mobility, temporal behavior etc. Furthermore most studies are not sufficiently user-centric i.e. don't consider the perception or cognitive aspects of the user. In this paper we collect data about social context and user perception via in-app and on-line questionnaires and show that when these are combined with crowdsensed data can help improve both sensing and survey and can be applied to interesting cases.

Published

2015

20. A Study of RPL DODAG Version Attacks

Author

Anthéa Mayzaud, Anuj Sehgal, Isabelle Chrisment, Jürgen Schönwälder, Rémi Badonnel, Management of dynamic networks and services (MADYNES), Inria Nancy - Grand Est, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Networks, Systems and Services (LORIA - NSS), Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL), Jacobs University [Bremen], INRIA Lorraine, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université Henri Poincaré - Nancy 1 (UHP)-Université Nancy 2-Institut National Polytechnique de Lorraine (INPL)-Centre National de la Recherche Scientifique (CNRS)-Université Henri Poincaré - Nancy 1 (UHP)-Université Nancy 2-Institut National Polytechnique de Lorraine (INPL)-Centre National de la Recherche Scientifique (CNRS), Anna Sperotto, Guillaume Doyen, Steven Latré, Marinos Charalambides, Burkhard Stiller, TC 6, WG 6.6, Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), and Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)

Subjects

Routing protocol, Exploit, business.industry, Computer science, Network packet, Node (networking), 020206 networking & telecommunications, 02 engineering and technology, Network topology, [INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI], 0202 electrical engineering, electronic engineering, information engineering, Overhead (computing), 020201 artificial intelligence & image processing, Routing (electronic design automation), business, Protocol (object-oriented programming), Computer network

Abstract

Best Paper Award; International audience; The IETF designed the Routing Protocol for Low power and Lossy Networks (RPL) as a candidate for use in constrained networks. Keeping in mind the different requirements of such networks, the protocol was designed to support multiple routing topologies, called DODAGs, constructed using different objective functions, so as to optimize routing based on divergent metrics. A DODAG versioning system is incorporated into RPL in order to ensure that the topology does not become stale and that loops are not formed over time. However, an attacker can exploit this versioning system to gain an advantage in the topology and also acquire children that would be forced to route packets via this node. In this paper we present a study of possible attacks that exploit the DODAG version system. The impact on overhead, delivery ratio, end-to-end delay, rank inconsistencies and loops is studied.

Published

2014

21. Improving Content Availability in the I2P Anonymous File-Sharing Environment

Author

Juan Pablo Timpanaro, Olivier Festor, Isabelle Chrisment, Management of dynamic networks and services (MADYNES), Inria Nancy - Grand Est, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Networks, Systems and Services (LORIA - NSS), Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS), Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), and Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)

Subjects

business.industry, Internet privacy, Data_MISCELLANEOUS, [SCCO.COMP]Cognitive science/Computer science, 020206 networking & telecommunications, 02 engineering and technology, computer.file_format, USable, World Wide Web, Geography, File sharing, 0202 electrical engineering, electronic engineering, information engineering, ComputingMilieux_COMPUTERSANDSOCIETY, 020201 artificial intelligence & image processing, Internet users, business, BitTorrent, computer, Anonymity

Abstract

International audience; Anonymous communication has gained more and more interest from Internet users as privacy and anonymity problems have emerged. Dedicated anonymous networks such as Freenet and I2P allow anonymous file-sharing among users. However, one major problem with anonymous file-sharing networks is that the available content is highly reduced, mostly with outdated files, and non-anonymous networks, such as the BitTorrent network, are still the major source of content: we show that in a 30-days period, 21648 new torrents were introduced in the BitTorrent community, whilst only 236 were introduced in the anonymous I2P network, for four different categories of content. Therefore, how can a user of these anonymous networks access this varied and non-anonymous content without compromising its anonymity? In this paper, we improve content availability in an anonymous environment by proposing the first internetwork model allowing anonymous users to access and share content in large public communities while remaining anonymous. We show that our approach can efficiently interconnect I2P users and public BitTorrent swarms without affecting their anonymity nor their performance. Our model is fully implemented and freely usable.

Published

2012

22. Detection and mitigation of localized attacks in a widely deployed P2P network

Author

Guillaume Doyen, Thibault Cholez, Isabelle Chrisment, Olivier Festor, Environnement de Réseaux Autonomes (ERA), Institut Charles Delaunay (ICD), Université de Technologie de Troyes (UTT)-Centre National de la Recherche Scientifique (CNRS)-Université de Technologie de Troyes (UTT)-Centre National de la Recherche Scientifique (CNRS), Management of dynamic networks and services (MADYNES), Inria Nancy - Grand Est, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Networks, Systems and Services (LORIA - NSS), Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL), GIS 3SGS ACDAP2P, INRIA MADYNES / UTT, Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), and Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)

Subjects

Computer Networks and Communications, Computer science, Sybil attack, Denial-of-service attack, 02 engineering and technology, security, Computer security, computer.software_genre, P2P networks, Distributed hash table, [INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI], 0202 electrical engineering, electronic engineering, information engineering, Distributed Hash Table, Computer communication networks, KAD, business.industry, 020206 networking & telecommunications, defense, monitoring, Software deployment, 020201 artificial intelligence & image processing, The Internet, business, computer, attack detection, Software, Computer network

Abstract

International audience; Several large scale P2P networks operating on the Internet are based on a Distributed Hash Table. These networks offer valuable services, but they all suffer from a critical issue allowing malicious nodes to be inserted in specific places on the DHT for undesirable purposes (monitoring, distributed denial of service, pollution, etc.). While several attacks and attack scenarios have been documented, few studies have measured the actual deployment of such attacks and none of the documented countermeasures have been tested for compatibility with an already deployed network. In this article, we focus on the KAD network. Based on large scale monitoring campaigns, we show that the world-wide deployed KAD network suffers large number of suspicious insertions around shared contents and we quantify them. To cope with these peers, we propose a new efficient protection algorithm based on analyzing the distribution of the peers' ID found around an entry after a DHT lookup. We evaluate our solution and show that it detects the most efficient configurations of inserted peers with a very small false-negative rate, and that the countermeasures successfully filter almost all the suspicious peers. We demonstrate the direct applicability of our approach by implementing and testing our solution in real P2P networks.

Published

2012

23. Content pollution quantification in large P2P networks : A measurement study on KAD

Author

Guillaume Doyen, Isabelle Chrisment, Rida Khatoun, Thibault Cholez, Guillaume Montassier, Olivier Festor, Environnement de Réseaux Autonomes (ERA), Institut Charles Delaunay (ICD), Université de Technologie de Troyes (UTT)-Centre National de la Recherche Scientifique (CNRS)-Université de Technologie de Troyes (UTT)-Centre National de la Recherche Scientifique (CNRS), Management of dynamic networks and services (MADYNES), INRIA Lorraine, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Centre National de la Recherche Scientifique (CNRS)-Institut National Polytechnique de Lorraine (INPL)-Université Nancy 2-Université Henri Poincaré - Nancy 1 (UHP)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Institut National Polytechnique de Lorraine (INPL)-Université Nancy 2-Université Henri Poincaré - Nancy 1 (UHP), Projet ANR MAPE et Projet GIS 3SGS ACDAP2P, IEEE Communications Society, LORIA - UTT, Institut National de Recherche en Informatique et en Automatique (Inria)-Université Henri Poincaré - Nancy 1 (UHP)-Université Nancy 2-Institut National Polytechnique de Lorraine (INPL)-Centre National de la Recherche Scientifique (CNRS)-Université Henri Poincaré - Nancy 1 (UHP)-Université Nancy 2-Institut National Polytechnique de Lorraine (INPL)-Centre National de la Recherche Scientifique (CNRS), Laboratoire Traitement et Communication de l'Information (LTCI), Institut Mines-Télécom [Paris] (IMT)-Télécom Paris, and Software Tools for Telecommunications and Distributed Systems (RESEDAS)

Subjects

Pollution, KAD, pollution detection, Index (economics), Database, Computer science, media_common.quotation_subject, 020206 networking & telecommunications, 02 engineering and technology, computer.software_genre, [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR], [INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI], File sharing, Measurement study, Content (measure theory), 0202 electrical engineering, electronic engineering, information engineering, Peer to peer computing, [INFO]Computer Science [cs], 020201 artificial intelligence & image processing, Tversky index, Metric (unit), pollution of contents, computer, ComputingMilieux_MISCELLANEOUS, media_common

Abstract

International audience; Content pollution is one of the major issues affecting P2P file sharing networks. However, since early studies on FastTrack and Overnet, no recent investigation has reported its impact on current P2P networks. In this paper, we present a method and the supporting architecture to quantify the pollution of contents in the KAD network. We first collect information on many popular files shared in this network. Then, we propose a new way to detect content pollution by analyzing all filenames linked to a content with a metric based on the Tversky index and which gives very low error rates. By analyzing a large number of popular files, we show that 2/3 of the contents are polluted, one part by index poisoning but the majority by a new, more dangerous, form of pollution that we call index falsification.

Published

2011

24. Détection de pairs suspects dans le réseau pair à pair KAD

Author

Christopher Henard, Thibault Cholez, Olivier Festor, Isabelle Chrisment, Rida Khatoun, Guillaume Doyen, Management of dynamic networks and services (MADYNES), INRIA Lorraine, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université Henri Poincaré - Nancy 1 (UHP)-Université Nancy 2-Institut National Polytechnique de Lorraine (INPL)-Centre National de la Recherche Scientifique (CNRS)-Université Henri Poincaré - Nancy 1 (UHP)-Université Nancy 2-Institut National Polytechnique de Lorraine (INPL)-Centre National de la Recherche Scientifique (CNRS), Environnement de Réseaux Autonomes (ERA), Institut Charles Delaunay (ICD), Université de Technologie de Troyes (UTT)-Centre National de la Recherche Scientifique (CNRS)-Université de Technologie de Troyes (UTT)-Centre National de la Recherche Scientifique (CNRS), Financement GIS - 3SGS - Projet ACDAP2P, IEEE, LORIA - UTT, Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS), Software Tools for Telecommunications and Distributed Systems (RESEDAS), Inria Nancy - Grand Est, Institut National de Recherche en Informatique et en Automatique (Inria), and Télécom ParisTech

Subjects

DHT, Network security, Computer science, Sybil attack, sécurité, réseaux P2P, Cryptography, Denial-of-service attack, security, 02 engineering and technology, Distributed hash table, supervision, [INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI], indexation des contenus, 0502 economics and business, 0202 electrical engineering, electronic engineering, information engineering, KAD, business.industry, détection d'attaque, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, 05 social sciences, attaque Sybil, 020206 networking & telecommunications, monitoring, Peer to peer computing, 050211 marketing, business, Web crawler, attack detection, Computer network

Abstract

National audience; Several large scale P2P networks are based on a distributed hash table. They all suffer from a critical issue allowing malicious nodes to be inserted in specific places on the DHT for undesirable purposes (monitoring, DDoS, pollution, etc.). However, no study so far considered the actual deployment of such attacks. We propose a first approach to detect suspicious peers in the KAD P2P network. First, we describe and evaluate our crawler which can get an accurate view of the network. Then, we analyze the distances between the peers and the contents indexed in the DHT to detect suspicious peers. Our results show that hundreds of KAD entries are clearly under attack during our measurements.; Les réseaux pair à pair (P2P), notamment ceux utilisant les tables de hachage distribuées, sont aujourd'hui des systèmes d'information majeurs comptant des dizaines de millions d'utilisateurs. Ils présentent cependant des vulnérabilités permettant l'insertion ciblée de nœuds pouvant réaliser plusieurs actions malveillantes (pollution, surveillance, déni de service). Nous présentons ici une étude visant à détecter les nœuds suspects dans un réseau P2P largement déployé à savoir KAD. Nous avons conçu pour cela un explorateur, dont nous détaillons la procédure et évaluons l'efficacité, permettant d'obtenir une vue précise du réseau. L'analyse des données collectées au travers de la répartition des identifiants pairs ainsi que de la distance entre les pairs et certains contenus nous a permis de mettre en évidence qu'au moins 2200 ressources du réseau sont attaquées durant nos observations.

Published

2011

25. BitTorrent's Mainline DHT Security Assessment

Author

Thibault Cholez, Isabelle Chrisment, Juan Pablo Timpanaro, Olivier Festor, Management of dynamic networks and services (MADYNES), INRIA Lorraine, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université Henri Poincaré - Nancy 1 (UHP)-Université Nancy 2-Institut National Polytechnique de Lorraine (INPL)-Centre National de la Recherche Scientifique (CNRS)-Université Henri Poincaré - Nancy 1 (UHP)-Université Nancy 2-Institut National Polytechnique de Lorraine (INPL)-Centre National de la Recherche Scientifique (CNRS), Projet GIS 3SGS ACDAP2P (Approche collaborative pour la détection d'attaques dans les réseaux pair à pair), TELECOM ParisTECH, CNRS/LIMOS Laboratory, LIP6, and Centre National de la Recherche Scientifique (CNRS)-Institut National Polytechnique de Lorraine (INPL)-Université Nancy 2-Université Henri Poincaré - Nancy 1 (UHP)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Institut National Polytechnique de Lorraine (INPL)-Université Nancy 2-Université Henri Poincaré - Nancy 1 (UHP)

Subjects

Computer science, BitTorrent tracker, business.industry, Digital content, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, BitTorrent protocol encryption, 020206 networking & telecommunications, 02 engineering and technology, computer.file_format, Distributed Tracker, Distributed hash table, [INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI], File sharing, 0202 electrical engineering, electronic engineering, information engineering, Mainline DHT, 020201 artificial intelligence & image processing, BitTorrent, Routing (electronic design automation), business, Security Assessment, Protection Mechanisms, Protocol (object-oriented programming), computer, Computer network

Abstract

ISBN: 978-1-4244-8704-2; International audience; BitTorrent is a widely deployed P2P file sharing protocol, extensively used to distribute digital content and software updates, among others. Recent actions against torrent and tracker repositories have fostered the move towards a fully distributed solution based on a distributed hash table to support both torrent search and tracker implementation. In this paper we present a security study of the main decentralized tracker in BitTorrent, commonly known as the Mainline DHT.We show that the lack of security in Mainline DHT allows very efficient attacks that can easily impact the operation of the whole network. We also provide a peer-ID distribution analysis of the network, so as to adapt previous protection schemes to the Mainline DHT. The mechanisms are assessed through large scale experiments on the real DHT-based BitTorrent tracker.

Published

2011

26. When KAD meets BitTorrent - Building a Stronger P2P Network

Author

Thibault Cholez, Olivier Festor, Isabelle Chrisment, Juan Pablo Timpanaro, Timpanaro, Juan Pablo, Management of dynamic networks and services (MADYNES), INRIA Lorraine, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), and Institut National de Recherche en Informatique et en Automatique (Inria)-Université Henri Poincaré - Nancy 1 (UHP)-Université Nancy 2-Institut National Polytechnique de Lorraine (INPL)-Centre National de la Recherche Scientifique (CNRS)-Université Henri Poincaré - Nancy 1 (UHP)-Université Nancy 2-Institut National Polytechnique de Lorraine (INPL)-Centre National de la Recherche Scientifique (CNRS)

Subjects

Service (systems architecture), DHT, Network security, Computer science, BitTorrent tracker, Performance, [SCCO.COMP]Cognitive science/Computer science, 050801 communication & media studies, 02 engineering and technology, P2P architecture, 0508 media and communications, [SCCO.COMP] Cognitive science/Computer science, 0202 electrical engineering, electronic engineering, information engineering, BitTorrent, Architecture, KAD, business.industry, 05 social sciences, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, BitTorrent protocol encryption, 020206 networking & telecommunications, computer.file_format, Performance comparison, Security, business, computer, Strengths and weaknesses, Computer network

Abstract

International audience; The current wave of evolution that leads BitTorrent towards a fully decentralized architecture is both promising and risky. Related work demonstrates that BitTorrent's Mainline DHT is exposed to several identified security issues. In parallel, the KAD DHT has been the core of intense research and was improved over years. In this paper, we present a study that motivates the integration of both worlds. We provide a performance comparison of both DHTs in terms of publishing efficiency. We investigate the security threats and show that the current BitTorrent Mainline DHT is much more vulnerable to attacks than KAD. On the other hand, we demonstrate that the file download service provided by BitTorrent outperforms the one of KAD. Given the strengths and weaknesses of both DHTs, we propose a design in which the two P2P networks can be merged to form a fully distributed, efficient and safe P2P eco-system.

Published

2011

27. Autonomic Renumbering in the Future Internet

Author

Frédéric Beck, Olivier Festor, Ralph Droms, Isabelle Chrisment, Management of dynamic networks and services (MADYNES), INRIA Lorraine, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université Henri Poincaré - Nancy 1 (UHP)-Université Nancy 2-Institut National Polytechnique de Lorraine (INPL)-Centre National de la Recherche Scientifique (CNRS)-Université Henri Poincaré - Nancy 1 (UHP)-Université Nancy 2-Institut National Polytechnique de Lorraine (INPL)-Centre National de la Recherche Scientifique (CNRS), Cisco Systems, and CISCO Systems, Inc

Subjects

Routing protocol, Exploit, Computer Networks and Communications, business.industry, Computer science, Process (engineering), Distributed computing, 020206 networking & telecommunications, 02 engineering and technology, Computer Science Applications, IPv6, [INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI], Server, 0202 electrical engineering, electronic engineering, information engineering, The Internet, Electrical and Electronic Engineering, business, Protocol (object-oriented programming), Block (data storage)

Abstract

International audience; IPv6 is an essential building block of the evolution towards the future Internet. To take the full benefit of this protocol and exploit all its features, the future Internet needs to gracefully couple it with autonomics. In this paper we demonstrate through our experience with network renumbering how the coupling of both IPv6 core functionality extended with major functions of the autonomic world can lead to fully autonomous activities of main management functions. We instantiate the notions of self-configuration, self-monitoring, self-protection and self-healing in the network renumbering process and show how they can altogether make renumbering a real success. We illustrate the various functions with the tools we implemented to support them over the last three years.

Published

2010

28. Monitoring and Controlling Content Access in KAD

Author

Thibault Cholez, O. Festor, Isabelle Chrisment, Management of dynamic networks and services (MADYNES), INRIA Lorraine, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université Henri Poincaré - Nancy 1 (UHP)-Université Nancy 2-Institut National Polytechnique de Lorraine (INPL)-Centre National de la Recherche Scientifique (CNRS)-Université Henri Poincaré - Nancy 1 (UHP)-Université Nancy 2-Institut National Polytechnique de Lorraine (INPL)-Centre National de la Recherche Scientifique (CNRS), IEEE, MAPE, ANR-07-TLCOM-24,MAPE, ANR-07-TLCOM-24, Cholez, Thibault, Télécommunications - Measurement and Analysis of Peer-to-peer Exchanges for paedocriminality fighting and traffic profiling - - MAPE2007 - ANR-07-TCOM-0024 - TCOM - VALID, and ANR-07-TCOM-0024,MAPE,Measurement and Analysis of Peer-to-peer Exchanges for paedocriminality fighting and traffic profiling(2007)

Subjects

KAD, Honeypot, [INFO.INFO-NI] Computer Science [cs]/Networking and Internet Architecture [cs.NI], DHT, Network security, business.industry, Computer science, Sybil attack, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Law enforcement, 020206 networking & telecommunications, 020207 software engineering, 02 engineering and technology, P2P networks, Distributed hash table, [INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI], 0202 electrical engineering, electronic engineering, information engineering, business, Computer network

Abstract

International audience; We propose a new distributed architecture that aims to investigate and control the spread of contents in the KAD P2P network through the indexation of keywords and files. Our solution can control the DHT at a local level with a new strategy bypassing the Sybil attack protections inserted in KAD. For the targeted DHT entries, we can monitor all requests emitted by the peers, from the initial content publication or search, to the final download request of fake files, assessing accurately peers interest to access it. We demonstrate the efficiency of our approach through experiments performed on the worldwide KAD network.

Published

2010

29. Efficient DHT attack mitigation through peers' ID distribution

Author

Isabelle Chrisment, Thibault Cholez, Olivier Festor, Management of dynamic networks and services (MADYNES), INRIA Lorraine, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université Henri Poincaré - Nancy 1 (UHP)-Université Nancy 2-Institut National Polytechnique de Lorraine (INPL)-Centre National de la Recherche Scientifique (CNRS)-Université Henri Poincaré - Nancy 1 (UHP)-Université Nancy 2-Institut National Polytechnique de Lorraine (INPL)-Centre National de la Recherche Scientifique (CNRS), IEEE International Parallel & Distributed Processing Symposium, ANR-07-TCOM-0024,MAPE,Measurement and Analysis of Peer-to-peer Exchanges for paedocriminality fighting and traffic profiling(2007), MAPE, ANR-07-TLCOM-24,MAPE, ANR-07-TLCOM-24, Cholez, Thibault, and Télécommunications - Measurement and Analysis of Peer-to-peer Exchanges for paedocriminality fighting and traffic profiling - - MAPE2007 - ANR-07-TCOM-0024 - TCOM - VALID

Subjects

Routing protocol, DHT, Computer science, Sybil attack, 02 engineering and technology, Intrusion detection system, Computer security, computer.software_genre, Distributed hash table, [INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI], attack mitigation, 0202 electrical engineering, electronic engineering, information engineering, Divergence (statistics), KAD, [INFO.INFO-NI] Computer Science [cs]/Networking and Internet Architecture [cs.NI], business.industry, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, 020206 networking & telecommunications, Geometric distribution, Filter (video), IDs distribution, 020201 artificial intelligence & image processing, Routing (electronic design automation), business, computer, attack detection, Computer network

Abstract

International audience; We present a new solution to protect the widely deployed KAD DHT against localized attacks which can take control over DHT entries. We show through measurements that the IDs distribution of the best peers found after a lookup process follows a geometric distribution. We then use this result to detect DHT attacks by comparing real peers' ID distributions to the theoretical one thanks to the Kullback-Leibler divergence. When an attack is detected, we propose countermeasures that progressively remove suspicious peers from the list of possible contacts to provide a safe DHT access. Evaluations show that our method detects the most efficient attacks with a very small false-negative rate, while countermeasures successfully filter almost all malicious peers involved in an attack. Moreover, our solution completely fits the current design of the KAD network and introduces no network overhead.

Published

2010

30. Formal Verification of Secure Group Communication Protocols Modelled in UML

Author

Isabelle Chrisment, Laurent Vigneron, S. Mota, P. de Saqui-Sannes, Mohamed Salah Bouassida, Benjamin Fontan, Najah Chridi, Thierry Villemur, Laboratoire d'analyse et d'architecture des systèmes (LAAS), Université Toulouse - Jean Jaurès (UT2J)-Université Toulouse 1 Capitole (UT1), Université Fédérale Toulouse Midi-Pyrénées-Université Fédérale Toulouse Midi-Pyrénées-Centre National de la Recherche Scientifique (CNRS)-Université Toulouse III - Paul Sabatier (UT3), Université Fédérale Toulouse Midi-Pyrénées-Institut National des Sciences Appliquées - Toulouse (INSA Toulouse), Institut National des Sciences Appliquées (INSA)-Institut National des Sciences Appliquées (INSA)-Institut National Polytechnique (Toulouse) (Toulouse INP), Université Fédérale Toulouse Midi-Pyrénées, Heuristique et Diagnostic des Systèmes Complexes [Compiègne] (Heudiasyc), Université de Technologie de Compiègne (UTC)-Centre National de la Recherche Scientifique (CNRS), Combination of approaches to the security of infinite states systems (CASSIS), Franche-Comté Électronique Mécanique, Thermique et Optique - Sciences et Technologies (UMR 6174) (FEMTO-ST), Université de Technologie de Belfort-Montbeliard (UTBM)-Ecole Nationale Supérieure de Mécanique et des Microtechniques (ENSMM)-Université de Franche-Comté (UFC), Université Bourgogne Franche-Comté [COMUE] (UBFC)-Université Bourgogne Franche-Comté [COMUE] (UBFC)-Centre National de la Recherche Scientifique (CNRS)-Université de Technologie de Belfort-Montbeliard (UTBM)-Ecole Nationale Supérieure de Mécanique et des Microtechniques (ENSMM)-Université de Franche-Comté (UFC), Université Bourgogne Franche-Comté [COMUE] (UBFC)-Université Bourgogne Franche-Comté [COMUE] (UBFC)-Centre National de la Recherche Scientifique (CNRS)-Inria Nancy - Grand Est, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Formal Methods (LORIA - FM), Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS), Management of dynamic networks and services (MADYNES), INRIA Lorraine, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Centre National de la Recherche Scientifique (CNRS)-Institut National Polytechnique de Lorraine (INPL)-Université Nancy 2-Université Henri Poincaré - Nancy 1 (UHP)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Institut National Polytechnique de Lorraine (INPL)-Université Nancy 2-Université Henri Poincaré - Nancy 1 (UHP), Université Toulouse Capitole (UT Capitole), Université de Toulouse (UT)-Université de Toulouse (UT)-Institut National des Sciences Appliquées - Toulouse (INSA Toulouse), Institut National des Sciences Appliquées (INSA)-Université de Toulouse (UT)-Institut National des Sciences Appliquées (INSA)-Université Toulouse - Jean Jaurès (UT2J), Université de Toulouse (UT)-Université Toulouse III - Paul Sabatier (UT3), Université de Toulouse (UT)-Centre National de la Recherche Scientifique (CNRS)-Institut National Polytechnique (Toulouse) (Toulouse INP), Université de Toulouse (UT), Université de Technologie de Belfort-Montbeliard (UTBM)-Ecole Nationale Supérieure de Mécanique et des Microtechniques (ENSMM)-Centre National de la Recherche Scientifique (CNRS)-Université de Franche-Comté (UFC), Université Bourgogne Franche-Comté [COMUE] (UBFC)-Université Bourgogne Franche-Comté [COMUE] (UBFC)-Université de Technologie de Belfort-Montbeliard (UTBM)-Ecole Nationale Supérieure de Mécanique et des Microtechniques (ENSMM)-Centre National de la Recherche Scientifique (CNRS)-Université de Franche-Comté (UFC), Université Bourgogne Franche-Comté [COMUE] (UBFC)-Université Bourgogne Franche-Comté [COMUE] (UBFC)-Inria Nancy - Grand Est, Institut National de Recherche en Informatique et en Automatique (Inria)-Université Henri Poincaré - Nancy 1 (UHP)-Université Nancy 2-Institut National Polytechnique de Lorraine (INPL)-Centre National de la Recherche Scientifique (CNRS)-Université Henri Poincaré - Nancy 1 (UHP)-Université Nancy 2-Institut National Polytechnique de Lorraine (INPL)-Centre National de la Recherche Scientifique (CNRS), Université Henri Poincaré-Nancy1 - UHP (FRANCE), Institut Supérieur de l'Aéronautique et de l'Espace - ISAE-SUPAERO (FRANCE), Thales (FRANCE), Instituto Tecnologico y de Estudios Superiores de Monterrey - ITESM (MEXICO), Université Toulouse III - Paul Sabatier - UT3 (FRANCE), Centre National de la Recherche Scientifique - CNRS (FRANCE), Université de Technologie de Compiègne – UTC (FRANCE), Université de Franche-Comté (FRANCE), Institut National de la Recherche en Informatique et en Automatique - INRIA (FRANCE), Institut National Polytechnique de Lorraine - INPL (FRANCE), and Institut National Polytechnique de Toulouse - Toulouse INP (FRANCE)

Subjects

Computer science, Réseaux et télécommunications, 02 engineering and technology, computer.software_genre, Time, [INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI], [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR], Unified Modeling Language, 0202 electrical engineering, electronic engineering, information engineering, Group communication systems, Formal vérification, Formal verification, computer.programming_language, Logique en informatique, Group protocols, Programming language, Computer Applications, 020206 networking & telecommunications, 020207 software engineering, Informatique et langage, Modélisation et simulation, UML, Communication in small groups, Security, Group management, Real-time, computer, Software, Protocols

Abstract

International audience; The paper discusses an experience in using Unified Modelling Language and two complementary verification tools in the framework of SAFECAST, a project on secured group communication systems design. AVISPA enabled detecting and fixing security flaws. The TURTLE toolkit enabled saving development time by eliminating design solutions with inappropriate temporal parameters.

Published

2010

31. Evaluation of Sybil Attacks Protection Schemes in KAD

Author

Isabelle Chrisment, Olivier Festor, Thibault Cholez, Management of dynamic networks and services (MADYNES), INRIA Lorraine, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Centre National de la Recherche Scientifique (CNRS)-Institut National Polytechnique de Lorraine (INPL)-Université Nancy 2-Université Henri Poincaré - Nancy 1 (UHP)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Institut National Polytechnique de Lorraine (INPL)-Université Nancy 2-Université Henri Poincaré - Nancy 1 (UHP), University of Twente, Ramin Sadre and Aiko Pras, ANR-07-TCOM-0024,MAPE,Measurement and Analysis of Peer-to-peer Exchanges for paedocriminality fighting and traffic profiling(2007), and Institut National de Recherche en Informatique et en Automatique (Inria)-Université Henri Poincaré - Nancy 1 (UHP)-Université Nancy 2-Institut National Polytechnique de Lorraine (INPL)-Centre National de la Recherche Scientifique (CNRS)-Université Henri Poincaré - Nancy 1 (UHP)-Université Nancy 2-Institut National Polytechnique de Lorraine (INPL)-Centre National de la Recherche Scientifique (CNRS)

Subjects

KAD, DHT, Computer science, business.industry, Network packet, Sybil attack, 020206 networking & telecommunications, 02 engineering and technology, security, Computer security, computer.software_genre, P2P networks, Security rule, Flooding (computer networking), Distributed hash table, [INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI], 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, business, computer, Limited resources, Ip address, Computer network

Abstract

The original publication is available at www.springerlink.com; International audience; In this paper, we assess the protection mechanisms entered into recent clients to fight against the Sybil attack in KAD, a widely deployed Distributed Hash Table. We study three main mechanisms: a protection against flooding through packet tracking, an IP address limitation and a verification of identities. We evaluate their efficiency by designing and adapting an attack for several KAD clients with different levels of protection. Our results show that the new security rules mitigate the Sybil attacks previously launched. However, we prove that it is still possible to control a small part of the network despite the new inserted defenses with a distributed eclipse attack and limited resources.

Published

2009

32. A Distributed and Adaptive Revocation Mechanism for P2P networks

Author

Isabelle Chrisment, Olivier Festor, Thibault Cholez, Management of dynamic networks and services (MADYNES), INRIA Lorraine, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université Henri Poincaré - Nancy 1 (UHP)-Université Nancy 2-Institut National Polytechnique de Lorraine (INPL)-Centre National de la Recherche Scientifique (CNRS)-Université Henri Poincaré - Nancy 1 (UHP)-Université Nancy 2-Institut National Polytechnique de Lorraine (INPL)-Centre National de la Recherche Scientifique (CNRS), and Centre National de la Recherche Scientifique (CNRS)-Institut National Polytechnique de Lorraine (INPL)-Université Nancy 2-Université Henri Poincaré - Nancy 1 (UHP)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Institut National Polytechnique de Lorraine (INPL)-Université Nancy 2-Université Henri Poincaré - Nancy 1 (UHP)

Subjects

Service (systems architecture), Computer science, media_common.quotation_subject, Cryptography, 02 engineering and technology, Computer security, computer.software_genre, P2P networks, 01 natural sciences, [INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI], 0202 electrical engineering, electronic engineering, information engineering, Quality (business), Protocol (object-oriented programming), media_common, KAD, Revocation, business.industry, 010401 analytical chemistry, reputation mechanism, 020206 networking & telecommunications, remote accounts, 0104 chemical sciences, revocation mechanism, Scalability, business, computer, Reputation, Computer network

Abstract

International audience; With the increasing deployment of P2P networks, supervising the malicious behaviours of participants, which degrade the quality and performance of the overall delivered service, is a real challenge. In this paper, we propose a fully distributed and adaptive revocation mechanism based on the reputation of the peers. The originality of our approach is that the revocation is integrated in the core of the P2P protocol and does not need complex consensus and cryptographic mechanisms, hardly scalable. The reputation criteria evolve with the contribution of a peer to the network in order to highlight and help fight against selfish or malicious behaviours. The preliminary results show that the user perceived delays are not highly impacted and that our solution is resistant to reputation and revocation attacks.

Published

2008

33. Automated Verification of a Key Management Architecture for Hierarchical Group Protocols

Author

Laurent Vigneron, Najah Chridi, Olivier Festor, Mohamed Salah Bouassida, Isabelle Chrisment, Heuristique et Diagnostic des Systèmes Complexes [Compiègne] (Heudiasyc), Université de Technologie de Compiègne (UTC)-Centre National de la Recherche Scientifique (CNRS), Combination of approaches to the security of infinite states systems (CASSIS), Franche-Comté Électronique Mécanique, Thermique et Optique - Sciences et Technologies (UMR 6174) (FEMTO-ST), Université de Technologie de Belfort-Montbeliard (UTBM)-Ecole Nationale Supérieure de Mécanique et des Microtechniques (ENSMM)-Université de Franche-Comté (UFC), Université Bourgogne Franche-Comté [COMUE] (UBFC)-Université Bourgogne Franche-Comté [COMUE] (UBFC)-Centre National de la Recherche Scientifique (CNRS)-Université de Technologie de Belfort-Montbeliard (UTBM)-Ecole Nationale Supérieure de Mécanique et des Microtechniques (ENSMM)-Université de Franche-Comté (UFC), Université Bourgogne Franche-Comté [COMUE] (UBFC)-Université Bourgogne Franche-Comté [COMUE] (UBFC)-Centre National de la Recherche Scientifique (CNRS)-Inria Nancy - Grand Est, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Formal Methods (LORIA - FM), Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS), Management of dynamic networks and services (MADYNES), INRIA Lorraine, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Centre National de la Recherche Scientifique (CNRS)-Institut National Polytechnique de Lorraine (INPL)-Université Nancy 2-Université Henri Poincaré - Nancy 1 (UHP)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Institut National Polytechnique de Lorraine (INPL)-Université Nancy 2-Université Henri Poincaré - Nancy 1 (UHP), Université de Technologie de Belfort-Montbeliard (UTBM)-Ecole Nationale Supérieure de Mécanique et des Microtechniques (ENSMM)-Centre National de la Recherche Scientifique (CNRS)-Université de Franche-Comté (UFC), Université Bourgogne Franche-Comté [COMUE] (UBFC)-Université Bourgogne Franche-Comté [COMUE] (UBFC)-Université de Technologie de Belfort-Montbeliard (UTBM)-Ecole Nationale Supérieure de Mécanique et des Microtechniques (ENSMM)-Centre National de la Recherche Scientifique (CNRS)-Université de Franche-Comté (UFC), Université Bourgogne Franche-Comté [COMUE] (UBFC)-Université Bourgogne Franche-Comté [COMUE] (UBFC)-Inria Nancy - Grand Est, and Institut National de Recherche en Informatique et en Automatique (Inria)-Université Henri Poincaré - Nancy 1 (UHP)-Université Nancy 2-Institut National Polytechnique de Lorraine (INPL)-Centre National de la Recherche Scientifique (CNRS)-Université Henri Poincaré - Nancy 1 (UHP)-Université Nancy 2-Institut National Polytechnique de Lorraine (INPL)-Centre National de la Recherche Scientifique (CNRS)

Subjects

Multicast, Computer science, 020206 networking & telecommunications, 020207 software engineering, 02 engineering and technology, Communications security, Computer security, computer.software_genre, [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR], [INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI], Formal language, 0202 electrical engineering, electronic engineering, information engineering, Hierarchical control system, Electrical and Electronic Engineering, Architecture, Key management, computer, Formal verification, Vulnerability (computing)

Abstract

International audience; Emerging applications require secure group communications involving hierarchical architecture protocols. Designing such secure hierarchical protocols is not straightforward, and their verification becomes a major issue in order to avoid any possible security attack and vulnerability. Several attempts have been made to deal with formal verification of group protocols, but to our knowledge, none of them did address the security of hierarchical ones. In this paper, we present the specific challenges and security issues of hierarchical secure group communications, and the work we did for their verification. We show how the AtSe back-end of the AVISPA tool was used to verify one of these protocols.; De nouvelles applications requièrent des communications de groupe, intégrant des protocoles hiérarchiques. La conception de ce genre de protocoles n'est pas aisée et leur vérification devient une véritable problématique pour éviter toute éventuelle attaque de sécurité. Plusieurs travaux de recherche se sont focalisés sur la vérification formelle des protocoles de groupe. Néanmoins, à notre connaissance, aucun d'eux n'a adressé les protocoles hiérarchiques. Ce papier présente les défis spécifiques et les problématiques de sécurité des communications de groupes hiérarchiques, ainsi que le travail effectué en vue de leur vérification. Nous montrons comment le back-end AtSe de l'outil de vérification des protocoles de sécurité AVISPA, a été utilisé pour valider l'un de ces protocoles.

Published

2007

34. Monitoring the Neighbor Discovery Protocol

Author

Isabelle Chrisment, Thibault Cholez, Frédéric Beck, Olivier Festor, Beck, Frédéric, Management of dynamic networks and services (MADYNES), INRIA Lorraine, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), and Institut National de Recherche en Informatique et en Automatique (Inria)-Université Henri Poincaré - Nancy 1 (UHP)-Université Nancy 2-Institut National Polytechnique de Lorraine (INPL)-Centre National de la Recherche Scientifique (CNRS)-Université Henri Poincaré - Nancy 1 (UHP)-Université Nancy 2-Institut National Polytechnique de Lorraine (INPL)-Centre National de la Recherche Scientifique (CNRS)

Subjects

[INFO.INFO-NI] Computer Science [cs]/Networking and Internet Architecture [cs.NI], computer.internet_protocol, business.industry, Computer science, 020209 energy, Distributed computing, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Service discovery, 02 engineering and technology, Neighbor Discovery Protocol, Task (project management), IPv6, law.invention, IP tunnel, [INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI], Internet protocol suite, law, Internet Protocol, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, business, computer, Computer network, NDPMon

Abstract

International audience; While IPv6 is increasingly being deployed in networks, including ISPs, the need to monitor and manage the associated protocols increases. In this paper we focus on the Neighbor Discovery Protocol and we motivate the importance to monitor it. We also present our approach for this task together with the functionalities we provide and the software, NDPMon, that we developed.

Published

2007

35. Efficient Group Key Management Protocol in MANETs using the Multipoint Relaying Technique

Author

Isabelle Chrisment, Mohamed Salah Bouassida, Olivier Festor, Management of dynamic networks and services (MADYNES), INRIA Lorraine, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université Henri Poincaré - Nancy 1 (UHP)-Université Nancy 2-Institut National Polytechnique de Lorraine (INPL)-Centre National de la Recherche Scientifique (CNRS)-Université Henri Poincaré - Nancy 1 (UHP)-Université Nancy 2-Institut National Polytechnique de Lorraine (INPL)-Centre National de la Recherche Scientifique (CNRS), IEEE Computer Society, and Bouassida, Mohamed Salah

Subjects

Computer science, computer.internet_protocol, Distributed computing, multicast, Key distribution, Distance Vector Multicast Routing Protocol, 02 engineering and technology, [INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI], 0202 electrical engineering, electronic engineering, information engineering, Session key, Xcast, Pragmatic General Multicast, Vehicular ad hoc network, [INFO.INFO-NI] Computer Science [cs]/Networking and Internet Architecture [cs.NI], Multicast, Protocol Independent Multicast, business.industry, Inter-domain, ad hoc, 020206 networking & telecommunications, Mobile ad hoc network, Energy consumption, Ad hoc wireless distribution service, key distribution, Source-specific multicast, Optimized Link State Routing Protocol, Geocast, IP multicast, 020201 artificial intelligence & image processing, MPRs, business, computer, clustering, Computer network

Abstract

In this paper, we present an efficient clustering scheme for application level multicast key distribution in mobile ad hoc networks. We show how our scheme can be combined with the Multipoint Relaying technique, in a very effective way, according to the localization of the group members and their mobility. The efficiency of this combination in terms of average latency of key delivery, energy consumption and key delivery ratio, is validated through simulation.

Published

2006

36. Mobility-Awareness in Group Key Management Protocols within MANETs

Author

Olivier Festor, Mohamed Salah Bouassida, Isabelle Chrisment, Management of dynamic networks and services (MADYNES), INRIA Lorraine, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Centre National de la Recherche Scientifique (CNRS)-Institut National Polytechnique de Lorraine (INPL)-Université Nancy 2-Université Henri Poincaré - Nancy 1 (UHP)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Institut National Polytechnique de Lorraine (INPL)-Université Nancy 2-Université Henri Poincaré - Nancy 1 (UHP), and Institut National de Recherche en Informatique et en Automatique (Inria)-Université Henri Poincaré - Nancy 1 (UHP)-Université Nancy 2-Institut National Polytechnique de Lorraine (INPL)-Centre National de la Recherche Scientifique (CNRS)-Université Henri Poincaré - Nancy 1 (UHP)-Université Nancy 2-Institut National Polytechnique de Lorraine (INPL)-Centre National de la Recherche Scientifique (CNRS)

Subjects

Mobility, Cloud computing security, Computer science, Wireless network, Wireless ad hoc network, 020302 automobile design & engineering, 020206 networking & telecommunications, 02 engineering and technology, Mobile ad hoc network, Computer security, computer.software_genre, [INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI], 0203 mechanical engineering, Security association, Security service, Software deployment, Group key Management, Ad Hoc networks, 0202 electrical engineering, electronic engineering, information engineering, Electrical and Electronic Engineering, Key management, computer

Abstract

Several sensitive applications deployed within wireless networks require group communications. A high level of security is often required in such applications, like military or public security applications. The most suitable solution to ensure security in these services is the deployment of a group key management protocol, adapted to the characteristics of MANETs, especially to mobility of nodes. In this paper, we present the OMCT (Optimized Multicast Cluster Tree) algorithm for dynamic clustering of multicast group, that takes into account both nodes localization and mobility, and optimizes the energy and bandwidth consumptions. Then, we show how we integrate OMCT within our group key management protocol BALADE, in a sequential multi-source model. The integration of BALADE and OMCT allows an efficient and fast key distribution process, validated through simulations, by applying various models of mobility (individual mobility and group mobility). The impact of the mobility model on the performance and the behaviour of the group key management protocol BALADE coupled with OMCT, is also evaluated.

Published

2006

37. Efficient Clustering for Multicast Key Distribution in MANETs

Author

Isabelle Chrisment, Olivier Festor, Mohamed Salah Bouassida, Management of dynamic networks and services (MADYNES), INRIA Lorraine, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université Henri Poincaré - Nancy 1 (UHP)-Université Nancy 2-Institut National Polytechnique de Lorraine (INPL)-Centre National de la Recherche Scientifique (CNRS)-Université Henri Poincaré - Nancy 1 (UHP)-Université Nancy 2-Institut National Polytechnique de Lorraine (INPL)-Centre National de la Recherche Scientifique (CNRS), Raouf Boutaba, Kevin Almeroth, Ramon Puigjaner, Sherman Shen, and James P. Black

Subjects

mobility aware, Wireless ad hoc network, Computer science, Mobile computing, Distance Vector Multicast Routing Protocol, 02 engineering and technology, group key management, [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR], [INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI], 0202 electrical engineering, electronic engineering, information engineering, Xcast, energy efficient, Pragmatic General Multicast, Vehicular ad hoc network, Multicast, Protocol Independent Multicast, Wireless network, business.industry, Inter-domain, 020208 electrical & electronic engineering, 020206 networking & telecommunications, Mobile ad hoc network, Energy consumption, Ad hoc wireless distribution service, Telecommunications network, Source-specific multicast, Optimized Link State Routing Protocol, Geocast, multicast security, ad hoc networks, business, Efficient energy use, Computer network

Abstract

http://www.springer.com/; Securing multicast communications in ad hoc networks must consider several challenging factors such as high nodes mobility, limited bandwidth and constrained energy. Moreover, the establishment of a key management protocol within ad hoc environment meets the "1 affects n" problem, which is more critical in such type of networks, due to the high dynamicity of groups. In this papers, we present an efficient clustering scheme for multicast key distribution in Mobile ad hoc networks. This scheme divides the multicast group into clusters, according to the localization of the group members and their mobility. Simulations indicate a valuable reduction in the average latency of keys distribution and a promising reduction in energy consumption. Analysis also shows that our scheme is scalable.

Published

2005

38. An Enhanced Hybrid Key Management Protocol for Secure Multicast in Ad Hoc Networks

Author

Olivier Festor, Isabelle Chrisment, Mohamed Salah Bouassida, Management of dynamic networks and services (MADYNES), INRIA Lorraine, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université Henri Poincaré - Nancy 1 (UHP)-Université Nancy 2-Institut National Polytechnique de Lorraine (INPL)-Centre National de la Recherche Scientifique (CNRS)-Université Henri Poincaré - Nancy 1 (UHP)-Université Nancy 2-Institut National Polytechnique de Lorraine (INPL)-Centre National de la Recherche Scientifique (CNRS), and N. Mitrou and K. Kontovasilis and G.N. Rouskas

Subjects

Computer science, Wireless ad hoc network, computer.internet_protocol, [INFO.INFO-OH]Computer Science [cs]/Other [cs.OH], Wireless Routing Protocol, Distance Vector Multicast Routing Protocol, réseaux ad hoc, 02 engineering and technology, group key management, 0202 electrical engineering, electronic engineering, information engineering, Multicast address, Wireless, Xcast, Key management, cryptographie à seuil, Pragmatic General Multicast, Secure multicast, Vehicular ad hoc network, Multicast, Protocol Independent Multicast, business.industry, Inter-domain, 05 social sciences, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, 050301 education, 020206 networking & telecommunications, Ad hoc wireless distribution service, sécurité multicast, gestion de clé de groupes, Source-specific multicast, Optimized Link State Routing Protocol, Internet Group Management Protocol, threshold cryptography, multicast security, ad hoc networks, IP multicast, Unicast, business, 0503 education, computer, Computer network

Abstract

Colloque avec actes et comité de lecture. internationale.; International audience; An ad hoc network is a collection of wireless mobile hosts forming a temporary network without the aid of any established infrastructure or centralized administration. This exibility in space and time induces new challenges towards the security infrastructure needed to support secure unicast and multicast communications. Especially, traditional group key management architectures meant for wired networks are not appropriate in such environment due to high dynamics and mobility of nodes. In this paper, we propose an enhanced hybrid key management protocol for secure multicast dedicated to operate in ad hoc networks. Built on a protocol called BAAL dedicated to key distribution in wired networks, our approach integrates threshold cryptography and the services of the AKMP protocol to deliver fast, efficient and mobility aware key distribution in a multicast service.

Published

2004

39. A secure SSM architecture

Author

Abdelkader Lahmadi, G. Chaddoud, Isabelle Chrisment, Software Tools for Telecommunications and Distributed Systems (RESEDAS), INRIA Lorraine, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), and Institut National de Recherche en Informatique et en Automatique (Inria)-Université Henri Poincaré - Nancy 1 (UHP)-Université Nancy 2-Institut National Polytechnique de Lorraine (INPL)-Centre National de la Recherche Scientifique (CNRS)-Université Henri Poincaré - Nancy 1 (UHP)-Université Nancy 2-Institut National Polytechnique de Lorraine (INPL)-Centre National de la Recherche Scientifique (CNRS)

Subjects

Routing protocol, computer.internet_protocol, Computer science, [INFO.INFO-OH]Computer Science [cs]/Other [cs.OH], clé de canal, 050801 communication & media studies, Access control, 02 engineering and technology, security unicast and multicast, Permission, 0508 media and communications, 0202 electrical engineering, electronic engineering, information engineering, protocole de sécurité, Authentication, diffusion multimédia, business.industry, 05 social sciences, security protocol, 020207 software engineering, Cryptographic protocol, channel key, Key (cryptography), IP multicast, multimedia braodcasin, The Internet, sécurité point-à-point et multipoint, business, computer, Computer network

Abstract

Colloque avec actes et comité de lecture. internationale.; International audience; The SSM model is appeared in order to overcome the problems of deployment of IP multicast. However, a real commercial deployment of SSM have to offer some security services. Our work proposes an architecture, called S-SSM, for securing the SSM model. S-SSM defines two mechanisms for access control and content protection. The first one is carried out through subscriber authentication and access permission. As for the second, it is realized through the management of a unique key, called the channel key, k_ch, shared among the sender and subscribers. We have implemented a prototype of S-SSM in order to prove the feasability and evaluate the performance of our design.

Published

2003

40. Dynamic group communication security

Author

G. Chaddoud, Isabelle Chrisment, A. Schaff, Software Tools for Telecommunications and Distributed Systems (RESEDAS), INRIA Lorraine, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), and Institut National de Recherche en Informatique et en Automatique (Inria)-Université Henri Poincaré - Nancy 1 (UHP)-Université Nancy 2-Institut National Polytechnique de Lorraine (INPL)-Centre National de la Recherche Scientifique (CNRS)-Université Henri Poincaré - Nancy 1 (UHP)-Université Nancy 2-Institut National Polytechnique de Lorraine (INPL)-Centre National de la Recherche Scientifique (CNRS)

Subjects

communications de groupes, Computer science, [INFO.INFO-OH]Computer Science [cs]/Other [cs.OH], 050801 communication & media studies, 02 engineering and technology, Computer security, computer.software_genre, Network simulation, 0508 media and communications, key management, 0202 electrical engineering, electronic engineering, information engineering, sécurité de groupe, Message authentication code, Key management, Authentication, Revocation, business.industry, 05 social sciences, Key distribution center, 020206 networking & telecommunications, gestion de clés, group communication, Communication in small groups, Key (cryptography), business, computer, group security, Computer network

Abstract

Colloque avec actes et comité de lecture. internationale.; International audience; If multicast communication appears as the most efficient way to send data to a group of participants, it presents also more vulnerabilities to attacks and requires services such as authentication, integrity and confidentiality to transport data securely. In this paper, we present the protocol Baal as a scalable solution to group key management problems and show how Baal resolves the user's revocation problem. This protocol is based on decentralized group key management with only one key shared among group members. We use then Network Simulator, ns-2, in order to evaluate the performance of our protocol in the case of group initialisation, and compare it with SKDC approaches.

Published

2002

41. Dynamic Group Key Management Protocol

Author

Ghassan Chaddoud, Isabelle Chrisment, André Schaff, Software Tools for Telecommunications and Distributed Systems (RESEDAS), INRIA Lorraine, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université Henri Poincaré - Nancy 1 (UHP)-Université Nancy 2-Institut National Polytechnique de Lorraine (INPL)-Centre National de la Recherche Scientifique (CNRS)-Université Henri Poincaré - Nancy 1 (UHP)-Université Nancy 2-Institut National Polytechnique de Lorraine (INPL)-Centre National de la Recherche Scientifique (CNRS), and Centre National de la Recherche Scientifique (CNRS)-Institut National Polytechnique de Lorraine (INPL)-Université Nancy 2-Université Henri Poincaré - Nancy 1 (UHP)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Institut National Polytechnique de Lorraine (INPL)-Université Nancy 2-Université Henri Poincaré - Nancy 1 (UHP)

Subjects

communications de groupes, Computer science, computer.internet_protocol, [INFO.INFO-OH]Computer Science [cs]/Other [cs.OH], Distance Vector Multicast Routing Protocol, 02 engineering and technology, Computer security, computer.software_genre, 03 medical and health sciences, key management, 0202 electrical engineering, electronic engineering, information engineering, sécurité de groupe, Xcast, Key management, Pragmatic General Multicast, 030304 developmental biology, 0303 health sciences, Protocol Independent Multicast, Multicast, Inter-domain, business.industry, Local area network, 020206 networking & telecommunications, gestion de clés, Source-specific multicast, group communication, Internet Group Management Protocol, Reliable multicast, IP multicast, business, computer, group security, Computer network

Abstract

Colloque avec actes et comité de lecture. internationale.; International audience; If multicast communication appears as the most efficient way to send data to a group of participants, it presents also more vulnerabilities to attacks and requires services such as authentication, integrity and confidentiality to transport data securely. In this paper, after introducting the research work related to securing multicast communication, we present the protocol Baal as a solution to the scalability problems of key management in dynamic multicast group and show how Baal resolves the user's revocation problem. This protocol is based on distributed group key management by local controllers within sub-networks.

Published

2001

42. A Management Platform for Tracking Cyber Predators in Peer-to-Peer Networks

Author

Radu State, Isabelle Chrisment, O. Festor, Rémi Badonnel, Management of dynamic networks and services (MADYNES), INRIA Lorraine, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université Henri Poincaré - Nancy 1 (UHP)-Université Nancy 2-Institut National Polytechnique de Lorraine (INPL)-Centre National de la Recherche Scientifique (CNRS)-Université Henri Poincaré - Nancy 1 (UHP)-Université Nancy 2-Institut National Polytechnique de Lorraine (INPL)-Centre National de la Recherche Scientifique (CNRS), and Centre National de la Recherche Scientifique (CNRS)-Institut National Polytechnique de Lorraine (INPL)-Université Nancy 2-Université Henri Poincaré - Nancy 1 (UHP)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Institut National Polytechnique de Lorraine (INPL)-Université Nancy 2-Université Henri Poincaré - Nancy 1 (UHP)

Subjects

Honeypot, business.industry, Computer science, Multi-agent system, Honeypots, 020207 software engineering, 02 engineering and technology, Peer-to-peer, 16. Peace & justice, Computer security, computer.software_genre, Application software, Network topology, Peer-To-Peer Networks, Electronic mail, [INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI], Network management, File sharing, Network Management, Security, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, business, computer, Computer network

Abstract

International audience; Peer-to-peer (p2p) networks have become a privileged communication infrastructure for file sharing applications. However, it can also provide support for cybercriminality activities performed by organized criminal groups that can voluntarily propagate strongly undesirable contents. We propose in this paper a management platform capable of tracking and identifying such cyberpredators in peer-to-peer networks. We describe the architecture consisting of a set of configurable honeypot agents and detail how a honeypot is capable of advertising strongly undesirable contents and of detecting network users that attempt to acquire them. The distributed tracking solution is experimented through an implementation prototype in realistic scenarios.

43. Decision Engine for SIP Based Dynamic Call Routing

Author

Sajjad Ali Musthaq, Annie Gravey, Christophe Lohr, Télécom Bretagne, Isabelle Chrisment, Alva Couch, Rémi Badonnel, Martin Waldburger, TC 6, Département informatique ( INFO ), Université européenne de Bretagne ( UEB ) -Télécom Bretagne-Institut Mines-Télécom [Paris], Lab-STICC_TB_CID_IHSEV, Laboratoire des sciences et techniques de l'information, de la communication et de la connaissance (UMR 3192) ( Lab-STICC ), Université européenne de Bretagne ( UEB ) -Université de Bretagne Sud ( UBS ) -Université de Brest ( UBO ) -Télécom Bretagne-Institut Brestois du Numérique et des Mathématiques ( IBNM ), Université de Brest ( UBO ) -Institut Mines-Télécom [Paris]-Centre National de la Recherche Scientifique ( CNRS ) -Université européenne de Bretagne ( UEB ) -Université de Bretagne Sud ( UBS ) -Université de Brest ( UBO ) -Télécom Bretagne-Institut Brestois du Numérique et des Mathématiques ( IBNM ), Université de Brest ( UBO ) -Institut Mines-Télécom [Paris]-Centre National de la Recherche Scientifique ( CNRS ), Département informatique (INFO), Université européenne de Bretagne - European University of Brittany (UEB)-Télécom Bretagne-Institut Mines-Télécom [Paris] (IMT), Laboratoire des sciences et techniques de l'information, de la communication et de la connaissance (UMR 3192) (Lab-STICC), Université européenne de Bretagne - European University of Brittany (UEB)-Université de Bretagne Sud (UBS)-Université de Brest (UBO)-Institut Brestois du Numérique et des Mathématiques (IBNM), Université de Brest (UBO)-Télécom Bretagne-Institut Mines-Télécom [Paris] (IMT)-Centre National de la Recherche Scientifique (CNRS)-Université européenne de Bretagne - European University of Brittany (UEB)-Université de Bretagne Sud (UBS)-Université de Brest (UBO)-Institut Brestois du Numérique et des Mathématiques (IBNM), Université de Brest (UBO)-Télécom Bretagne-Institut Mines-Télécom [Paris] (IMT)-Centre National de la Recherche Scientifique (CNRS), and Télécom Bretagne, Bibliothèque

Subjects

Decision support system, Computer science, computer.internet_protocol, [ INFO.INFO-NI ] Computer Science [cs]/Networking and Internet Architecture [cs.NI], Grey Relation Analysis (GRA), Call Dropping Probability, 02 engineering and technology, Multiple-criteria decision making, Grey relation analysis, Outsourcing, [INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI], Decision Engine, Multihoming, 0202 electrical engineering, electronic engineering, information engineering, Multi-Criteria Decision Making (MCDM), [INFO]Computer Science [cs], Session Initiation Protocol, [INFO.INFO-NI] Computer Science [cs]/Networking and Internet Architecture [cs.NI], business.industry, Quality of service, 020206 networking & telecommunications, Provisioning, TOPSIS, Multiple-criteria decision analysis, Throughput, 020201 artificial intelligence & image processing, business, computer, Computer network

Abstract

Part 3: Policy Management; International audience; Enterprises nowadays are subscribing access to several Internet Service Providers (ISPs) for reliability, redundancy and better revenues underlying the service extension, while providing good Quality of Service (QoS). In this paper, a dynamic decision-making framework is presented for Session Initiation Protocol (SIP) based voice/video call routing in multihomed network. The decision engine takes multiple criteria into account while computing the routing decision (attributes from context of the request, platform’s latest conditional parameters, business objectives of the company, etc.). Two Multi-Criteria Decision Making (MCDM) methods, namely Grey Relational Analysis (GRA) and an extended version of Technique for Order Preference by Similarity to Ideal Solution (TOPSIS) are used for decision calculation in outsourcing and provisioning enforcement modes respectively. The proposed solution gives higher throughput and lower call dropping probability while fulfilling the desired goals, taking into account the multiple attributes for choosing the best alternative.

Published

2011

44. Towards Self-Adaptive Monitoring Framework for Integrated Management

Author

Thierry Desprats, Audrey Moui, Service IntEgration and netwoRk Administration (IRIT-SIERA), Institut de recherche en informatique de Toulouse (IRIT), Université Toulouse 1 Capitole (UT1), Université Fédérale Toulouse Midi-Pyrénées-Université Fédérale Toulouse Midi-Pyrénées-Université Toulouse - Jean Jaurès (UT2J)-Université Toulouse III - Paul Sabatier (UT3), Université Fédérale Toulouse Midi-Pyrénées-Centre National de la Recherche Scientifique (CNRS)-Institut National Polytechnique (Toulouse) (Toulouse INP), Université Fédérale Toulouse Midi-Pyrénées-Université Toulouse 1 Capitole (UT1), Université Fédérale Toulouse Midi-Pyrénées, Université Toulouse III - Paul Sabatier (UT3), Isabelle Chrisment, Alva Couch, Rémi Badonnel, Martin Waldburger, and TC 6

Subjects

Process management, Knowledge management, Computer science, business.industry, media_common.quotation_subject, Complex system, 020206 networking & telecommunications, 020207 software engineering, Self adaptive, Context (language use), 02 engineering and technology, Work in process, Adaptability, [INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI], 0202 electrical engineering, electronic engineering, information engineering, [INFO]Computer Science [cs], Dimension (data warehouse), business, Autonomy, Integrated management, media_common

Abstract

Part 6: PhD Workshop: Monitoring and Security; International audience; Integrated management copes with management of heterogeneous and complex systems in a multi-level dimension (network, systems, services). In this context, monitoring activity has to be concerned with efficiency and autonomy. This paper presents work in progress to define a framework for self-adaptive monitoring relying on the characterization of governability, adaptability and configurability.

Published

2011

45. Econometric Feedback for Runtime Risk Management in VoIP Architectures

Author

Olivier Festor, Oussema Dabbebi, Rémi Badonnel, Management of dynamic networks and services (MADYNES), INRIA Lorraine, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université Henri Poincaré - Nancy 1 (UHP)-Université Nancy 2-Institut National Polytechnique de Lorraine (INPL)-Centre National de la Recherche Scientifique (CNRS)-Université Henri Poincaré - Nancy 1 (UHP)-Université Nancy 2-Institut National Polytechnique de Lorraine (INPL)-Centre National de la Recherche Scientifique (CNRS), Laboratoire Commun Alcatel Lucent INRIA, Isabelle Chrisment, Alva Couch, Rémi Badonnel, Martin Waldburger, TC 6, and Centre National de la Recherche Scientifique (CNRS)-Institut National Polytechnique de Lorraine (INPL)-Université Nancy 2-Université Henri Poincaré - Nancy 1 (UHP)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Institut National Polytechnique de Lorraine (INPL)-Université Nancy 2-Université Henri Poincaré - Nancy 1 (UHP)

Subjects

Service (systems architecture), Computer science, computer.internet_protocol, media_common.quotation_subject, 02 engineering and technology, security, risk management, [INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI], 0202 electrical engineering, electronic engineering, information engineering, Econometrics, Quality (business), [INFO]Computer Science [cs], Risk management, media_common, Session Initiation Protocol, Voice over IP, business.industry, 020206 networking & telecommunications, voice over IP, network management, Variety (cybernetics), Network management, Software deployment, 020201 artificial intelligence & image processing, business, computer

Abstract

Part 1: Security Management; International audience; VoIP infrastructures are exposed to a large variety of security attacks, but the deployment of security safeguards may deteriorate their performance. Risk management provides new perspectives for addressing this issue. Risk models permit to reduce these attacks while maintaining the quality of such a critical service. These models often suffer from their complexity due to the high number of parameters to be configured. We therefore propose in this paper a self-configuration strategy for support- ing runtime risk management in VoIP architectures. This strategy aims at automatically adapting these parameters based on an econometric feedback mechanism. We mathematically describe this self-configuration strategy, show how it can be integrated into our runtime risk model. We then evaluate its deployment based on a proof-of-concept prototype, and quantify its performance through an extensive set of simulation results.

Published

2011

46. Using Diffusive Load Balancing to Improve Performance of Peer-to-Peer Systems for Hosting Services

Author

Ying Qiao, Gregor von Bochmann, University of Ottawa [Ottawa], Isabelle Chrisment, Alva Couch, Rémi Badonnel, Martin Waldburger, and TC 6

Subjects

peer-to-peer systems, Computer science, business.industry, Distributed computing, distributed resource management, Overlay network, 020206 networking & telecommunications, 02 engineering and technology, Internet hosting service, Load balancing (computing), Peer-to-peer, computer.software_genre, [INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI], Network Load Balancing Services, Homogeneous, 0202 electrical engineering, electronic engineering, information engineering, diffusive load balancing, 020201 artificial intelligence & image processing, [INFO]Computer Science [cs], business, computer, Load balancing, Computer network

Abstract

Part 5: P2P and Aggregation Schemes; International audience; This paper presents a diffusive load balancing algorithm for peer-to-peer systems. The algorithm reduces the differences of the available capacities of the nodes in the system using service migrations between nodes in order to obtain similar performance for all nodes. We propose algorithms for handling homogeneous services, i.e., services with equal resource requirements, and for heterogeneous services, i.e., services with diverse resource requirements. We have investigated the effect of load balancing in a simulated peer-to-peer system with a skip-list overlay network. Our simulation results indicate that in case that the churn (nodes joining or leaving) is negligible, a system that hosts services with small resource requirements can maintain equal performance for all nodes with a small variance. In case that churn is high, a system that hosts homogeneous services with large resource requirements can maintain equal node performance within a reasonable variance requiring only few service migrations.

Published

2011

47. Impact of Dynamics on Situated and Global Aggregation Schemes

Author

Grégory Bonnet, Rafik Makhloufi, Guillaume Doyen, Dominique Gaïti, Environnement de Réseaux Autonomes (ERA), Institut Charles Delaunay (ICD), Université de Technologie de Troyes (UTT)-Centre National de la Recherche Scientifique (CNRS)-Université de Technologie de Troyes (UTT)-Centre National de la Recherche Scientifique (CNRS), Equipe MAD - Laboratoire GREYC - UMR6072, Groupe de Recherche en Informatique, Image et Instrumentation de Caen (GREYC), Centre National de la Recherche Scientifique (CNRS)-École Nationale Supérieure d'Ingénieurs de Caen (ENSICAEN), Normandie Université (NU)-Normandie Université (NU)-Université de Caen Normandie (UNICAEN), Normandie Université (NU)-Centre National de la Recherche Scientifique (CNRS)-École Nationale Supérieure d'Ingénieurs de Caen (ENSICAEN), Normandie Université (NU), Isabelle Chrisment, Alva Couch, Rémi Badonnel, Martin Waldburger, TC 6, Université de Caen Normandie (UNICAEN), Normandie Université (NU)-Normandie Université (NU)-École Nationale Supérieure d'Ingénieurs de Caen (ENSICAEN), Normandie Université (NU)-Centre National de la Recherche Scientifique (CNRS)-Université de Caen Normandie (UNICAEN), and Normandie Université (NU)-Centre National de la Recherche Scientifique (CNRS)

Subjects

agregation protocols, Computer science, Scale (chemistry), Distributed computing, 020206 networking & telecommunications, Context (language use), 0102 computer and information sciences, 02 engineering and technology, computer.software_genre, 01 natural sciences, [INFO.INFO-MO]Computer Science [cs]/Modeling and Simulation, [INFO.INFO-AI]Computer Science [cs]/Artificial Intelligence [cs.AI], Management information systems, Work (electrical), 010201 computation theory & mathematics, Order (exchange), [INFO.INFO-MA]Computer Science [cs]/Multiagent Systems [cs.MA], autonomic networking, Situated, experimentations, 0202 electrical engineering, electronic engineering, information engineering, Autonomic networking, Data mining, Decision-making, computer

Abstract

Part 5: P2P and Aggregation Schemes; International audience; Recently, numerous management approaches have emerged in order to manage networks and services in a decentralized and autonomous way. Some of them propose to minimize their cost by using a situated view when collecting aggregates for the decision making process, while others propose to improve their accuracy by using a more conventional approach which is global view. So far, little attention is given to the evaluation of situated view while many studies propose to evaluate global approaches. As a consequence, there is no work in the literature that compares the performance of situated and global aggregation schemes. Being able to choose the suitable approach for a given context is still a real challenge. Mastering it will ensure the e fficiency of the autonomous management system. In this paper, we present a comparative study of situated and global schemes deployed over large scale and dynamic networks. We consider two factors: network and information dynamics. We implement typical aggregation schemes from each category and then we compare them according to the accuracy of the estimated aggregates and the e ciency of the decision making process.

Published

2011

48. Using of Time Characteristics in Data Flow for Traffic Classification

Author

Pavel Piskac, Jiri Novotny, Masaryk University [Brno] (MUNI), Isabelle Chrisment, Alva Couch, Rémi Badonnel, Martin Waldburger, and TC 6

Subjects

Network packet, Computer science, time characteristics, Real-time computing, Behavioral pattern, 020206 networking & telecommunications, Deep packet inspection, 02 engineering and technology, pattern, protocol detection, 020202 computer hardware & architecture, Data flow diagram, [INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI], Traffic classification, flow, 0202 electrical engineering, electronic engineering, information engineering, [INFO]Computer Science [cs], State (computer science), Protocol (object-oriented programming), IPFIX, Statistic

Abstract

Part 6: PhD Workshop: Monitoring and Security; International audience; This paper describes a protocol detection using statistic information about a flow extended by packet sizes and time characteristics, which consist of packet inter-arrival times. The most common way of network traffic classification is a deep packet inspection (DPI). Our approach deals with the DPI disadvantage in power consumption using aggregated IPFIX data instead of looking into packet content. According to our previous experiments, we have found that applications have their own behavioral pattern, which can be used for the applications detection. With a respect to current state of development, we mainly present the idea, the results which we have achieved so far and of our future work.

Published

2011

49. Towards Vulnerability Prevention in Autonomic Networks and Systems

Author

Martín Barrère, Olivier Festor, Rémi Badonnel, Management of dynamic networks and services (MADYNES), INRIA Lorraine, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université Henri Poincaré - Nancy 1 (UHP)-Université Nancy 2-Institut National Polytechnique de Lorraine (INPL)-Centre National de la Recherche Scientifique (CNRS)-Université Henri Poincaré - Nancy 1 (UHP)-Université Nancy 2-Institut National Polytechnique de Lorraine (INPL)-Centre National de la Recherche Scientifique (CNRS), Isabelle Chrisment, Alva Couch, Rémi Badonnel, Martin Waldburger, TC 6, and European Project: 257513,EC:FP7:ICT,FP7-ICT-2009-5,UNIVERSELF(2010)

Subjects

Vulnerability Management, Standardization, Computer science, Distributed computing, Vulnerability, 020207 software engineering, Context (language use), 02 engineering and technology, Vulnerability management, Computer security, computer.software_genre, [INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI], Management plane, Safe Configuration, 0202 electrical engineering, electronic engineering, information engineering, Security, [INFO]Computer Science [cs], Architecture, Set (psychology), computer

Abstract

Part 2: PhD Workshop: Autonomic Network and Service Management; International audience; The autonomic paradigm has been introduced in order to cope with the growing complexity of management. In that context, autonomic networks and systems are in charge of their own configuration. However, the changes that are operated by these environments may generate vulnerable configurations. In the meantime, a strong standardization effort has been done for specifying the description of configuration vulnerabilities. We propose in this paper an approach for integrating these descriptions into the management plane of autonomic systems in order to ensure safe configurations. We describe the underlying architecture and a set of preliminary results based on the Cfengine configuration tool.

Published

2011

50. An SLA Support System for Cloud Computing

Author

Guilherme Sperb Machado, Burkhard Stiller, Department of Informatics [Zürich], Universität Zürich [Zürich] = University of Zurich (UZH), Isabelle Chrisment, Alva Couch, Rémi Badonnel, Martin Waldburger, and TC 6

Subjects

Computer science, business.industry, Distributed computing, Service level objective, 020302 automobile design & engineering, 020206 networking & telecommunications, Cloud computing, 02 engineering and technology, Computer security, computer.software_genre, Service-level agreement, [INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI], 0203 mechanical engineering, Order (exchange), Virtual machine, 0202 electrical engineering, electronic engineering, information engineering, Support system, [INFO]Computer Science [cs], Performance indicator, Specific performance, business, computer

Abstract

Part 2: PhD Workshop: Autonomic Network and Service Management; International audience; Nowadays, even with the existence of many Cloud Providers (CP) in the market, it is still impossible to see CPs who guarantee, or at least offer, an SLA specification to Cloud Users (CU) interests: not just offering percentage of availability, but also guaranteeing specific performance parameters for a certain Cloud application. Due to (1) the huge size of CPs’ IT infrastructures and (2) the high complexity with multiple inter-dependencies of resources (physical or virtual), the estimation of specific SLA parameters to compose Service Level Objectives (SLOs) with trustful Key Performance Indicators (KPIs) tends to be inaccurate. This paper proposes the initial design and preliminary approach for an SLA Support System for CC (SLACC) in order to estimate in a formalized methodology - based on available CC infrastructure parameters - what CPs will be able to offer/accept as SLOs or KPIs and, as a consequence, which increasing levels of SLA specificity for their customers can be reached.

Published

2011