Your search keyword '"Isabelle Chrisment"' showing total 42 results

1. Encrypted HTTP/2 Traffic Monitoring: Standing the Test of Time and Space

Author

Olivier Bettan, Pierre-Olivier Brissaud, Jerome Francois, Thibault Cholez, Isabelle Chrisment, Resilience and Elasticity for Security and ScalabiliTy of dynamic networked systems (RESIST), Inria Nancy - Grand Est, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Networks, Systems and Services (LORIA - NSS), Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL), Thales Services, THALES, Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS), THALES [France], ANR-19-CE39-0011,PRESTO,Traitement des flux chiffré s pour la gestion du trafic(2019), European Project: 830927,CONCORDIA(2019), and François, Jérôme

Subjects

Service (systems architecture), Traffic analysis, Computer science, 0211 other engineering and technologies, Cryptography, 02 engineering and technology, computer.software_genre, Encryption, Computer security, [INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI], Traffic Analysis, TLS, 0202 electrical engineering, electronic engineering, information engineering, Set (psychology), 021110 strategic, defence & security studies, [INFO.INFO-NI] Computer Science [cs]/Networking and Internet Architecture [cs.NI], business.industry, 020206 networking & telecommunications, Test (assessment), Privacy, Encrypted Traffic, Web service, business, computer

Abstract

International audience; Encrypted HTTP/2 (h2) has been worldwide adopted since its official release in 2015. The major services over Internet use it to protect the user privacy against traffic interception. However, under the guise of privacy, one can hide the abnormal or even illegal use of a service. It has been demonstrated that machine learning algorithms combined with a proper set of features are still able to identify the incriminated traffic even when it is encrypted with h2. However, it can also be used to track normal service use and so endanger privacy of Internet users. Independently of the final objective, it is extremely important for a security practitioner to understand the efficiency of such a technique and its limit. No existing research has been achieved to assess how generic is it to be directly applicable to any service or website and how long an acceptable accuracy can be maintained. This paper addresses these challenges by defining an experimental methodology applied on more than 3000 different websites and also over four months continuously. The results highlight that an off-the-shelf machine-learning method to classify h2 traffic is applicable to many websites but a weekly training may be needed to keep the model accurate.

Published

2020

2. Detecting a Stealthy Attack in Distributed Control for Microgrids using Machine Learning Algorithms

Author

Isabelle Chrisment, Mingxiao Ma, Abdelkader Lahmadi, Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS), Resilience and Elasticity for Security and ScalabiliTy of dynamic networked systems (RESIST), Inria Nancy - Grand Est, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Networks, Systems and Services (LORIA - NSS), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS), Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria), Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), and Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)

Subjects

0209 industrial biotechnology, Microgrid, Computer science, Attack detection, 02 engineering and technology, Man-in-the-middle attack, Machine learning, computer.software_genre, [INFO.INFO-AI]Computer Science [cs]/Artificial Intelligence [cs.AI], [INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI], [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR], 020901 industrial engineering & automation, 0202 electrical engineering, electronic engineering, information engineering, [INFO.INFO-SY]Computer Science [cs]/Systems and Control [cs.SY], Leverage (statistics), 9. Industry and infrastructure, Network packet, business.industry, CPS systems, Telecommunications network, Random forest, Control system, Security, 020201 artificial intelligence & image processing, Artificial intelligence, Distributed control system, business, Algorithm, computer

Abstract

International audience; With the increasing penetration of inverter-based distributed generators (DG) into low-voltage distribution micro-grid systems, it is of great importance to guarantee their safe and reliable operations. These systems leverage communication networks to implement a distributed and cooperative control structure. However, the detection of stealthy attacks with a large impact and weak detection signals on such distributed control systems is rarely studied. In this paper, we address the problem of detecting a stealthy attack, named MaR, on the communication network of a microgrid while an attacker modifies the voltage measurement with the reference values. We collect datasets from a hardware platform modeled after a simplified microgrid and running the MaR attack performed with a Man-in-the-Middle (MitM) technique. We use the collected datasets to compare different attack detection algorithms based on multiple categories of machine learning algorithms. Our results show that the Random Forest algorithm outperforms the others to detect suspicious packets modified by a MitM attacker with an accuracy close to 97%.

Published

2020

3. Transparent and Service-Agnostic Monitoring of Encrypted Web Traffic

Author

Olivier Bettan, Jerome Francois, Isabelle Chrisment, Pierre-Olivier Brissaud, Thibault Cholez, Resilience and Elasticity for Security and ScalabiliTy of dynamic networked systems (RESIST), Inria Nancy - Grand Est, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Networks, Systems and Services (LORIA - NSS), Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL), Thales Services, THALES, Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS), and THALES [France]

Subjects

Service (systems architecture), Traffic analysis, Computer Networks and Communications, Computer science, Cryptography, 02 engineering and technology, Security policy, computer.software_genre, Encryption, [INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI], Web traffic, Web page, TLS, 0202 electrical engineering, electronic engineering, information engineering, Electrical and Electronic Engineering, business.industry, 020206 networking & telecommunications, Privacy, Encrypted Traffic, Web service, business, computer, Computer network

Abstract

International audience; Nowadays, most of Web services are accessed through HTTPS. While preserving user privacy is important, it is also mandatory to monitor and detect specific users' actions, for instance, according to a security policy. This paper presents a solution to monitor HTTP/2 traffic over TLS. It highly differs from HTTP/1.1 over TLS traffic what makes existing monitoring techniques obsolete. Our solution, H2Classifier, aims at detecting if a user performs an action that has been previously defined over a monitored Web service, but without using any decryption. It is thus only based on passive traffic analysis and relies on random forest classifier. A challenge is to extract representative values of the loaded content associated to a Web page, which is actually customized based on the user action. Extensive evaluations with five top used Web services demonstrate the viability of our technique with an accuracy between 94% and 99%.

Published

2019

4. Testing Nearby Peer-to-Peer Mobile Apps at Large

Author

Isabelle Chrisment, Lakhdar Meftah, Romain Rouvoy, Self-adaptation for distributed services and large software systems (SPIRALS), Inria Lille - Nord Europe, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre de Recherche en Informatique, Signal et Automatique de Lille - UMR 9189 (CRIStAL), Centrale Lille-Université de Lille-Centre National de la Recherche Scientifique (CNRS)-Centrale Lille-Université de Lille-Centre National de la Recherche Scientifique (CNRS), Institut Universitaire de France (IUF), Ministère de l'Education nationale, de l’Enseignement supérieur et de la Recherche (M.E.N.E.S.R.), Resilience and Elasticity for Security and ScalabiliTy of dynamic networked systems (RESIST), Inria Nancy - Grand Est, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Networks, Systems and Services (LORIA - NSS), Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS), Inria Project Lab BetterNet BetterNet, Denys Poshyvanyk, Ivano Malavolta, BETTERNET, and ANR-15-CE25-0013,BottleNet,Comprendre et diagnostiquer les dégradations des communications de bout en bout dans l'Internet(2015)

Subjects

Integration testing, Computer science, Population, 02 engineering and technology, [INFO.INFO-SE]Computer Science [cs]/Software Engineering [cs.SE], Peer-to-peer, computer.software_genre, law.invention, Bluetooth, [INFO.INFO-IU]Computer Science [cs]/Ubiquitous Computing, [INFO.INFO-MC]Computer Science [cs]/Mobile Computing, law, 0202 electrical engineering, electronic engineering, information engineering, Wireless, education, Peer-to-peer communications, education.field_of_study, Multimedia, business.industry, 020207 software engineering, Software deployment, Mobile apps, 020201 artificial intelligence & image processing, The Internet, Integration Test, Google Nearby, business, computer, Mobile device

Abstract

International audience; While mobile devices are widely adopted across the population, most of their remote interactions usually go through Internet. However, this indirect interaction model can be assumed as inefficient and sensitive when considering communications with neighboring devices. To leverage such weaknesses, nearby peer-to-peer(P2P) communications are now included in mobile devices to enable device-to-device communications over standard wireless technologies (WiFi, Bluetooth). While this capability supports the design of collaborative whiteboards, local multiplayer gaming, multi-screen gaming, offline file transfers and many other applications, mobile apps using P2P are still suffering from app crashes, battery issues, and bad user reviews and ranking in app stores. We believe that this lack of quality can be partly attributed to the lack of tool support for testing P2P mobile apps at large. In this paper, we introduce a testing framework that allows developers to automate reproducible testing of nearby P2P apps. Beyond the identification of P2P-related bugs, our approach also helps to estimate the discovery settings to optimize the deployment of P2P apps.

Published

2019

5. Implementation and Evaluation of a Controller-Based Forwarding Scheme for NDN

Author

Isabelle Chrisment, Thomas Silverston, Elian Aubry, Management of dynamic networks and services (MADYNES), Inria Nancy - Grand Est, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Networks, Systems and Services (LORIA - NSS), Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS), and IEEE

Subjects

business.industry, Computer science, Distributed computing, 05 social sciences, Testbed, IP forwarding, [SCCO.COMP]Cognitive science/Computer science, 050801 communication & media studies, 020206 networking & telecommunications, 02 engineering and technology, computer.software_genre, Network topology, 0508 media and communications, Virtual machine, 0202 electrical engineering, electronic engineering, information engineering, The Internet, Routing (electronic design automation), business, computer, Host (network), Protocol (object-oriented programming), Computer network

Abstract

International audience; Named-Data Networking (NDN) is a novel clean-slate architecture for Future Internet. It has been designed to take into account a new use of the Internet and especially accessing content for a large number of users, and it integrates several features such as in-network caching, security or multipath. As NDN relies on content names instead of host address, it cannot rely on traditional Internet routing, and it is therefore essential to propose a routing scheme adapted for NDN. To this end, in this paper, we present SRSC, our SDN-based Routing Scheme for CCN/NDN and its implementation. SRSC relies on the SDN paradigm.A controller is responsible to forward decisions and to set up rules into NDN nodes. We implement SRSC into NDNx and we also deploy an NDN testbed within a virtual environment and real ISP topology in order to evaluate the performances of our proposal with real-world experiments. We demonstrate the feasibility of SRSC and its ability to forward Interest messages in a fully deployed NDN environment, while keeping low overhead and computation time and high caching performances.

Published

2017

6. Comparing Pedophile Activity in Different P2P Systems

Author

Thibault Cholez, Isabelle Chrisment, Ivan Daniloff, Olivier Festor, Clémence Magnien, Matthieu Latapy, Raphaël Fournier, Laboratoire de Traitement et Transport de l'Information (L2TI), Université Paris 13 (UP13)-Institut Galilée-Université Sorbonne Paris Cité (USPC), Management of dynamic networks and services (MADYNES), Inria Nancy - Grand Est, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Networks, Systems and Services (LORIA - NSS), Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS), ComplexNetworks, Laboratoire d'Informatique de Paris 6 (LIP6), Université Pierre et Marie Curie - Paris 6 (UPMC)-Centre National de la Recherche Scientifique (CNRS)-Université Pierre et Marie Curie - Paris 6 (UPMC)-Centre National de la Recherche Scientifique (CNRS), ANR-07-TCOM-0024,MAPE,Measurement and Analysis of Peer-to-peer Exchanges for paedocriminality fighting and traffic profiling(2007), Department of Networks, Systems and Services (LORIA - NSS), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Inria Nancy - Grand Est, and Institut National de Recherche en Informatique et en Automatique (Inria)

Subjects

Computer science, jel:A, Poison control, jel:B, Computer security, computer.software_genre, P2P networks, Suicide prevention, Occupational safety and health, lcsh:Social Sciences, pedophile activity, [INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI], jel:P, jel:Y80, Server, Injury prevention, jel:N, eDonkey, KAD, jel:Z00, business.industry, General Social Sciences, Human factors and ergonomics, lcsh:H, The Internet, business, computer, Anonymity

Abstract

International audience; Peer-to-peer (P2P) systems are widely used to exchange content over the Internet. Knowledge of pedophile activity in such networks remains limited, despite having important social consequences. Moreover, though there are different P2P systems in use, previous academic works on this topic focused on one system at a time and their results are not directly comparable. We design a methodology for comparing KAD and eDonkey, two P2P systems among the most prominent ones and with different anonymity levels. We monitor two eDonkey servers and the KAD network during several days and record hundreds of thousands of keyword-based queries. We detect pedophile-related queries with a previously validated tool and we propose, for the first time, a large-scale comparison of pedophile activity in two different P2P systems. We conclude that there are significantly fewer pedophile queries in KAD than in eDonkey (approximately 0.09% vs. 0.25%).

Published

2014

7. Improving SNI-based HTTPS Security Monitoring

Author

Thibault Cholez, Jerome Francois, Wazen M. Shbair, Isabelle Chrisment, Management of dynamic networks and services (MADYNES), Inria Nancy - Grand Est, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Networks, Systems and Services (LORIA - NSS), Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS), Flamingo, a Network of Excellence project (ICT-318488), and Cholez, Thibault

Subjects

SNi, SNI, Computer science, 02 engineering and technology, security, Computer security, computer.software_genre, Encryption, Firewall (construction), [INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI], Server, Web traffic, TLS, 0202 electrical engineering, electronic engineering, information engineering, [INFO.INFO-NI] Computer Science [cs]/Networking and Internet Architecture [cs.NI], business.industry, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, 020206 networking & telecommunications, Network monitoring, firewall, monitoring, Server Name Indication, 020201 artificial intelligence & image processing, Anomaly detection, business, computer, Computer network

Abstract

International audience; Recent surveys show that the proportion of encrypted web traffic is quickly increasing. On one side, it provides users with essential properties of security and privacy, but on the other side, it raises important challenges and issues for organizations, related to the security monitoring of encrypted traffic (filtering, anomaly detection, etc.). This paper proposes to improve a recent technique for HTTPS traffic monitoring that is based on the Server Name Indication (SNI) field of TLS and which has been implemented in many firewall solutions. This method currently has some weaknesses that can be used to bypass firewalls by overwriting the SNI value of new TLS connections. Our investigation shows that 92% of the HTTPS websites surveyed in this paper can be accessed with a fake SNI. Our approach verifies the coherence between the real destination server and the claimed value of SNI by relying on a trusted DNS service. Experimental results show the ability to overcome the shortage of SNI-based monitoring by detecting forged SNI values while having a very small false positive rate (1.7%). The overhead of our solution only adds negligible delays to access HTTPS websites. The proposed method opens the door to improve global HTTPS monitoring and firewall systems.

Published

2016

8. A Multi-Level Framework to Identify HTTPS Services

Author

Thibault Cholez, Isabelle Chrisment, Wazen M. Shbair, Jerome Francois, Management of dynamic networks and services (MADYNES), Department of Networks, Systems and Services (LORIA - NSS), Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Inria Nancy - Grand Est, Institut National de Recherche en Informatique et en Automatique (Inria), IEEE/IFIP, Inria Nancy - Grand Est, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Networks, Systems and Services (LORIA - NSS), Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL), and Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)

Subjects

Traffic analysis, Computer science, business.industry, 020206 networking & telecommunications, 02 engineering and technology, Web application security, Encryption, computer.software_genre, Computer security, Hypertext Transfer Protocol over Secure Socket Layer, Identification (information), monitoring, [INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI], fingerprinting, machine learning, traffic analysis, Server, Web page, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Web service, business, computer, Computer network

Abstract

International audience; The development of TLS-based encrypted traffic comes with new challenges related to the management and security analysis of encrypted traffic. There is an essential need for new methods to investigate, with a proper level of identification, the increasing number of HTTPS traffic that may hold security breaches. In fact, although many approaches detect the type of an application (Web, P2P, SSH, etc.) running in secure tunnels, and others identify a couple of specific encrypted web pages through website fingerprinting, this paper proposes a robust technique to precisely identify the services run within HTTPS connections, i.e. to name the services, without relying on specific header fields that can be easily altered. We have defined dedicated features for HTTPS traffic that are used as input for a multi-level identification framework based on machine learning algorithms. Our evaluation based on real traffic shows that we can identify encrypted web services with a high accuracy.

Published

2016

9. Efficiently bypassing SNI-based HTTPS filtering

Author

Antoine Goichot, Wazen M. Shbair, Thibault Cholez, Isabelle Chrisment, Management of dynamic networks and services (MADYNES), Inria Nancy - Grand Est, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Networks, Systems and Services (LORIA - NSS), Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS), Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), and Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)

Subjects

business.industry, Computer science, security, Internet traffic, Encryption, Internet security, Computer security, computer.software_genre, Backward compatibility, firewall, monitoring, [INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI], Firewall (construction), Server, TLS, Server Name Indication, The Internet, business, computer, Computer network

Abstract

International audience; Encrypted Internet traffic is an essential element to enable security and privacy in the Internet. Surveys show that websites are more and more being served over HTTPS. They highlight an increase of 48% of sites using TLS over the past year, justifying the tendency that the Web is going to be encrypted. This motivates the development of new tools and methods to monitor and filter HTTPS traffic. This paper handles the latest technique for HTTPS traffic filtering that is based on the Server Name Indication (SNI) field of TLS and which has been recently implemented in many firewall solutions. Our main contribution is an evaluation of the reliability of this SNI extension for properly identifying and filtering HTTPS traffic. We show that SNI has two weaknesses, regarding (1) backward compatibility and (2) multiple services using a single certificate. We demonstrate thanks to a web browser plug-in called " Escape " that we designed and implemented, how these weaknesses can be practically used to bypass firewalls and monitoring systems relying on SNI. The results show positive evaluation (firewall's rules successfully bypassed) for all tested websites.

Published

2015

10. Refining smartphone usage analysis by combining crowdsensing and survey

Author

Mohammad Irfan Khan, Isabelle Chrisment, Vassili Rivron, Simon Charneau, Management of dynamic networks and services ( MADYNES ), Inria Nancy - Grand Est, Institut National de Recherche en Informatique et en Automatique ( Inria ) -Institut National de Recherche en Informatique et en Automatique ( Inria ) -Department of Networks, Systems and Services ( LORIA - NSS ), Laboratoire Lorrain de Recherche en Informatique et ses Applications ( LORIA ), Institut National de Recherche en Informatique et en Automatique ( Inria ) -Université de Lorraine ( UL ) -Centre National de la Recherche Scientifique ( CNRS ) -Institut National de Recherche en Informatique et en Automatique ( Inria ) -Université de Lorraine ( UL ) -Centre National de la Recherche Scientifique ( CNRS ) -Laboratoire Lorrain de Recherche en Informatique et ses Applications ( LORIA ), Institut National de Recherche en Informatique et en Automatique ( Inria ) -Université de Lorraine ( UL ) -Centre National de la Recherche Scientifique ( CNRS ) -Université de Lorraine ( UL ) -Centre National de la Recherche Scientifique ( CNRS ), Adaptive Distributed Applications and Middleware ( ADAM ), Laboratoire d'Informatique Fondamentale de Lille ( LIFL ), Université de Lille, Sciences et Technologies-Institut National de Recherche en Informatique et en Automatique ( Inria ) -Université de Lille, Sciences Humaines et Sociales-Centre National de la Recherche Scientifique ( CNRS ) -Université de Lille, Sciences et Technologies-Institut National de Recherche en Informatique et en Automatique ( Inria ) -Université de Lille, Sciences Humaines et Sociales-Centre National de la Recherche Scientifique ( CNRS ) -Inria Lille - Nord Europe, Institut National de Recherche en Informatique et en Automatique ( Inria ), Université de Lorraine ( UL ), Management of dynamic networks and services (MADYNES), Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Networks, Systems and Services (LORIA - NSS), Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL), Adaptive Distributed Applications and Middleware (ADAM), Laboratoire d'Informatique Fondamentale de Lille (LIFL), Université de Lille, Sciences et Technologies-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lille, Sciences Humaines et Sociales-Centre National de la Recherche Scientifique (CNRS)-Université de Lille, Sciences et Technologies-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lille, Sciences Humaines et Sociales-Centre National de la Recherche Scientifique (CNRS)-Inria Lille - Nord Europe, Institut National de Recherche en Informatique et en Automatique (Inria), Université de Lorraine (UL), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), and Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)

Subjects

[ INFO ] Computer Science [cs], Multimedia, Computer science, business.industry, media_common.quotation_subject, [ INFO.INFO-NI ] Computer Science [cs]/Networking and Internet Architecture [cs.NI], User perception, Usage analysis, 020206 networking & telecommunications, 020207 software engineering, Context (language use), Cognition, 02 engineering and technology, computer.software_genre, [INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI], Crowdsensing, Human–computer interaction, Perception, Server, 0202 electrical engineering, electronic engineering, information engineering, [INFO]Computer Science [cs], Mobile telephony, business, computer, media_common

Abstract

International audience; Crowdsensing has been used quite regularly in recent years to study smartphone usage. However context information associated with smartphone usage is mostly of the type geo-localisation, user mobility, temporal behavior etc. Furthermore most studies are not sufficiently user-centric i.e. don't consider the perception or cognitive aspects of the user. In this paper we collect data about social context and user perception via in-app and on-line questionnaires and show that when these are combined with crowdsensed data can help improve both sensing and survey and can be applied to interesting cases.

Published

2015

11. Evaluation of the Anonymous I2P Network's Design Choices Against Performance and Security

Author

Thibault Cholez, Olivier Festor, Juan Pablo Timpanaro, Isabelle Chrisment, Management of dynamic networks and services (MADYNES), Inria Nancy - Grand Est, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Networks, Systems and Services (LORIA - NSS), Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS), SciTePress, Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), and Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)

Subjects

DHT, business.industry, Computer science, Directory, security, Computer security, computer.software_genre, Metadata, [INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI], Information system, Overhead (computing), The Internet, I2P, Routing (electronic design automation), business, Resilience (network), computer, Anonymity

Abstract

International audience; Anonymous communications are growing extremely fast because more and more Internet users employ anonymous systems, such as the I2P or Tor networks, as a way to hide their online activity. Therefore, these networks have been more and more studied, mainly from a security point of view. Different studies have shown important design flaws in these systems that could break users' anonymity and how these issues can be overcome, but the resilience of the underlying information systems has not been much investigated so far. Indeed, these anonymous systems rely entirely on directories, either centralised or decentralised, to store vital network information.% However, there are no comprehensive studies on these directories and the impact an attack might have on the entire system if these directories were attacked.In this paper, we consider the I2P anonymous system and its decentralised directory, known as the netDB, where our contributions are twofold. On the one hand, we conduct arguably the first \textit{churn} study of the I2P network, showing that I2P users are more stable than non-anonymous peer-to-peer users. On the other hand, we analyse the design of the netDB and compare it against the popular KAD design, demonstrating that the former is more vulnerable to different attacks, specially to Eclipse attacks, which can be mitigated by applying design choices of the latter. We lately show the positive impact on performances of including KAD's DHT configuration into the netDB in terms of bandwidth, storage and messages overhead.

Published

2015

12. Improving Content Availability in the I2P Anonymous File-Sharing Environment

Author

Juan Pablo Timpanaro, Olivier Festor, Isabelle Chrisment, Management of dynamic networks and services (MADYNES), Inria Nancy - Grand Est, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Networks, Systems and Services (LORIA - NSS), Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS), Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), and Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)

Subjects

business.industry, Internet privacy, Data_MISCELLANEOUS, [SCCO.COMP]Cognitive science/Computer science, 020206 networking & telecommunications, 02 engineering and technology, computer.file_format, USable, World Wide Web, Geography, File sharing, 0202 electrical engineering, electronic engineering, information engineering, ComputingMilieux_COMPUTERSANDSOCIETY, 020201 artificial intelligence & image processing, Internet users, business, BitTorrent, computer, Anonymity

Abstract

International audience; Anonymous communication has gained more and more interest from Internet users as privacy and anonymity problems have emerged. Dedicated anonymous networks such as Freenet and I2P allow anonymous file-sharing among users. However, one major problem with anonymous file-sharing networks is that the available content is highly reduced, mostly with outdated files, and non-anonymous networks, such as the BitTorrent network, are still the major source of content: we show that in a 30-days period, 21648 new torrents were introduced in the BitTorrent community, whilst only 236 were introduced in the anonymous I2P network, for four different categories of content. Therefore, how can a user of these anonymous networks access this varied and non-anonymous content without compromising its anonymity? In this paper, we improve content availability in an anonymous environment by proposing the first internetwork model allowing anonymous users to access and share content in large public communities while remaining anonymous. We show that our approach can efficiently interconnect I2P users and public BitTorrent swarms without affecting their anonymity nor their performance. Our model is fully implemented and freely usable.

Published

2012

13. Detection and mitigation of localized attacks in a widely deployed P2P network

Author

Guillaume Doyen, Thibault Cholez, Isabelle Chrisment, Olivier Festor, Environnement de Réseaux Autonomes (ERA), Institut Charles Delaunay (ICD), Université de Technologie de Troyes (UTT)-Centre National de la Recherche Scientifique (CNRS)-Université de Technologie de Troyes (UTT)-Centre National de la Recherche Scientifique (CNRS), Management of dynamic networks and services (MADYNES), Inria Nancy - Grand Est, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Networks, Systems and Services (LORIA - NSS), Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL), GIS 3SGS ACDAP2P, INRIA MADYNES / UTT, Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), and Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)

Subjects

Computer Networks and Communications, Computer science, Sybil attack, Denial-of-service attack, 02 engineering and technology, security, Computer security, computer.software_genre, P2P networks, Distributed hash table, [INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI], 0202 electrical engineering, electronic engineering, information engineering, Distributed Hash Table, Computer communication networks, KAD, business.industry, 020206 networking & telecommunications, defense, monitoring, Software deployment, 020201 artificial intelligence & image processing, The Internet, business, computer, attack detection, Software, Computer network

Abstract

International audience; Several large scale P2P networks operating on the Internet are based on a Distributed Hash Table. These networks offer valuable services, but they all suffer from a critical issue allowing malicious nodes to be inserted in specific places on the DHT for undesirable purposes (monitoring, distributed denial of service, pollution, etc.). While several attacks and attack scenarios have been documented, few studies have measured the actual deployment of such attacks and none of the documented countermeasures have been tested for compatibility with an already deployed network. In this article, we focus on the KAD network. Based on large scale monitoring campaigns, we show that the world-wide deployed KAD network suffers large number of suspicious insertions around shared contents and we quantify them. To cope with these peers, we propose a new efficient protection algorithm based on analyzing the distribution of the peers' ID found around an entry after a DHT lookup. We evaluate our solution and show that it detects the most efficient configurations of inserted peers with a very small false-negative rate, and that the countermeasures successfully filter almost all the suspicious peers. We demonstrate the direct applicability of our approach by implementing and testing our solution in real P2P networks.

Published

2012

14. I2P’s Usage Characterization

Author

Juan Pablo Timpanaro, Olivier Festor, and Isabelle Chrisment

Subjects

Web server, business.industry, Computer science, Operating system, Routing (electronic design automation), Architecture, computer.software_genre, business, computer, Computer network

Abstract

We present the first monitoring study aiming to characterize the usage of the I2P network, a low-latency anonymous network based on garlic routing. We design a distributed monitoring architecture for the I2P network and show through three one-week measurement experiments the ability of the system to identify a significant number of all running applications, among web servers and file-sharing clients.

Published

2012

15. A Bird’s Eye View on the I2P Anonymous File-Sharing Environment

Author

Isabelle Chrisment, Juan Pablo Timpanaro, and Olivier Festor

Subjects

Computer science, business.industry, Internet privacy, GRASP, Computer security, computer.software_genre, Popularity, File sharing, Scale (social sciences), Profiling (information science), Architecture, business, Location, computer, Anonymity

Abstract

Anonymous communications have been gaining more and more interest from Internet users as privacy and anonymity problems have emerged. Among anonymous enabled services, anonymous filesharing is one of the most active one and is increasingly growing. Large scale monitoring on these systems allows us to grasp how they behave, which type of data is shared among users, the overall behaviour in the system. But does large scale monitoring jeopardize the system anonymity? In this work we present the first large scale monitoring architecture and experiments on the I2P network, a low-latency message-oriented anonymous network. We characterize the file-sharing environment within I2P, and evaluate if this monitoring affects the anonymity provided by the network. We show that most activities within the network are file-sharing oriented, along with anonymous web-hosting. We assess the wide geographical location of nodes and network popularity. We also demonstrate that group-based profiling is feasible on this particular network.

Published

2012

16. Content pollution quantification in large P2P networks : A measurement study on KAD

Author

Guillaume Doyen, Isabelle Chrisment, Rida Khatoun, Thibault Cholez, Guillaume Montassier, Olivier Festor, Environnement de Réseaux Autonomes (ERA), Institut Charles Delaunay (ICD), Université de Technologie de Troyes (UTT)-Centre National de la Recherche Scientifique (CNRS)-Université de Technologie de Troyes (UTT)-Centre National de la Recherche Scientifique (CNRS), Management of dynamic networks and services (MADYNES), INRIA Lorraine, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Centre National de la Recherche Scientifique (CNRS)-Institut National Polytechnique de Lorraine (INPL)-Université Nancy 2-Université Henri Poincaré - Nancy 1 (UHP)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Institut National Polytechnique de Lorraine (INPL)-Université Nancy 2-Université Henri Poincaré - Nancy 1 (UHP), Projet ANR MAPE et Projet GIS 3SGS ACDAP2P, IEEE Communications Society, LORIA - UTT, Institut National de Recherche en Informatique et en Automatique (Inria)-Université Henri Poincaré - Nancy 1 (UHP)-Université Nancy 2-Institut National Polytechnique de Lorraine (INPL)-Centre National de la Recherche Scientifique (CNRS)-Université Henri Poincaré - Nancy 1 (UHP)-Université Nancy 2-Institut National Polytechnique de Lorraine (INPL)-Centre National de la Recherche Scientifique (CNRS), Laboratoire Traitement et Communication de l'Information (LTCI), Institut Mines-Télécom [Paris] (IMT)-Télécom Paris, and Software Tools for Telecommunications and Distributed Systems (RESEDAS)

Subjects

Pollution, KAD, pollution detection, Index (economics), Database, Computer science, media_common.quotation_subject, 020206 networking & telecommunications, 02 engineering and technology, computer.software_genre, [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR], [INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI], File sharing, Measurement study, Content (measure theory), 0202 electrical engineering, electronic engineering, information engineering, Peer to peer computing, [INFO]Computer Science [cs], 020201 artificial intelligence & image processing, Tversky index, Metric (unit), pollution of contents, computer, ComputingMilieux_MISCELLANEOUS, media_common

Abstract

International audience; Content pollution is one of the major issues affecting P2P file sharing networks. However, since early studies on FastTrack and Overnet, no recent investigation has reported its impact on current P2P networks. In this paper, we present a method and the supporting architecture to quantify the pollution of contents in the KAD network. We first collect information on many popular files shared in this network. Then, we propose a new way to detect content pollution by analyzing all filenames linked to a content with a metric based on the Tversky index and which gives very low error rates. By analyzing a large number of popular files, we show that 2/3 of the contents are polluted, one part by index poisoning but the majority by a new, more dangerous, form of pollution that we call index falsification.

Published

2011

17. BitTorrent's Mainline DHT Security Assessment

Author

Thibault Cholez, Isabelle Chrisment, Juan Pablo Timpanaro, Olivier Festor, Management of dynamic networks and services (MADYNES), INRIA Lorraine, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université Henri Poincaré - Nancy 1 (UHP)-Université Nancy 2-Institut National Polytechnique de Lorraine (INPL)-Centre National de la Recherche Scientifique (CNRS)-Université Henri Poincaré - Nancy 1 (UHP)-Université Nancy 2-Institut National Polytechnique de Lorraine (INPL)-Centre National de la Recherche Scientifique (CNRS), Projet GIS 3SGS ACDAP2P (Approche collaborative pour la détection d'attaques dans les réseaux pair à pair), TELECOM ParisTECH, CNRS/LIMOS Laboratory, LIP6, and Centre National de la Recherche Scientifique (CNRS)-Institut National Polytechnique de Lorraine (INPL)-Université Nancy 2-Université Henri Poincaré - Nancy 1 (UHP)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Institut National Polytechnique de Lorraine (INPL)-Université Nancy 2-Université Henri Poincaré - Nancy 1 (UHP)

Subjects

Computer science, BitTorrent tracker, business.industry, Digital content, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, BitTorrent protocol encryption, 020206 networking & telecommunications, 02 engineering and technology, computer.file_format, Distributed Tracker, Distributed hash table, [INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI], File sharing, 0202 electrical engineering, electronic engineering, information engineering, Mainline DHT, 020201 artificial intelligence & image processing, BitTorrent, Routing (electronic design automation), business, Security Assessment, Protection Mechanisms, Protocol (object-oriented programming), computer, Computer network

Abstract

ISBN: 978-1-4244-8704-2; International audience; BitTorrent is a widely deployed P2P file sharing protocol, extensively used to distribute digital content and software updates, among others. Recent actions against torrent and tracker repositories have fostered the move towards a fully distributed solution based on a distributed hash table to support both torrent search and tracker implementation. In this paper we present a security study of the main decentralized tracker in BitTorrent, commonly known as the Mainline DHT.We show that the lack of security in Mainline DHT allows very efficient attacks that can easily impact the operation of the whole network. We also provide a peer-ID distribution analysis of the network, so as to adapt previous protection schemes to the Mainline DHT. The mechanisms are assessed through large scale experiments on the real DHT-based BitTorrent tracker.

Published

2011

18. When KAD meets BitTorrent - Building a Stronger P2P Network

Author

Thibault Cholez, Olivier Festor, Isabelle Chrisment, Juan Pablo Timpanaro, Timpanaro, Juan Pablo, Management of dynamic networks and services (MADYNES), INRIA Lorraine, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), and Institut National de Recherche en Informatique et en Automatique (Inria)-Université Henri Poincaré - Nancy 1 (UHP)-Université Nancy 2-Institut National Polytechnique de Lorraine (INPL)-Centre National de la Recherche Scientifique (CNRS)-Université Henri Poincaré - Nancy 1 (UHP)-Université Nancy 2-Institut National Polytechnique de Lorraine (INPL)-Centre National de la Recherche Scientifique (CNRS)

Subjects

Service (systems architecture), DHT, Network security, Computer science, BitTorrent tracker, Performance, [SCCO.COMP]Cognitive science/Computer science, 050801 communication & media studies, 02 engineering and technology, P2P architecture, 0508 media and communications, [SCCO.COMP] Cognitive science/Computer science, 0202 electrical engineering, electronic engineering, information engineering, BitTorrent, Architecture, KAD, business.industry, 05 social sciences, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, BitTorrent protocol encryption, 020206 networking & telecommunications, computer.file_format, Performance comparison, Security, business, computer, Strengths and weaknesses, Computer network

Abstract

International audience; The current wave of evolution that leads BitTorrent towards a fully decentralized architecture is both promising and risky. Related work demonstrates that BitTorrent's Mainline DHT is exposed to several identified security issues. In parallel, the KAD DHT has been the core of intense research and was improved over years. In this paper, we present a study that motivates the integration of both worlds. We provide a performance comparison of both DHTs in terms of publishing efficiency. We investigate the security threats and show that the current BitTorrent Mainline DHT is much more vulnerable to attacks than KAD. On the other hand, we demonstrate that the file download service provided by BitTorrent outperforms the one of KAD. Given the strengths and weaknesses of both DHTs, we propose a design in which the two P2P networks can be merged to form a fully distributed, efficient and safe P2P eco-system.

Published

2011

19. Efficient DHT attack mitigation through peers' ID distribution

Author

Isabelle Chrisment, Thibault Cholez, Olivier Festor, Management of dynamic networks and services (MADYNES), INRIA Lorraine, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université Henri Poincaré - Nancy 1 (UHP)-Université Nancy 2-Institut National Polytechnique de Lorraine (INPL)-Centre National de la Recherche Scientifique (CNRS)-Université Henri Poincaré - Nancy 1 (UHP)-Université Nancy 2-Institut National Polytechnique de Lorraine (INPL)-Centre National de la Recherche Scientifique (CNRS), IEEE International Parallel & Distributed Processing Symposium, ANR-07-TCOM-0024,MAPE,Measurement and Analysis of Peer-to-peer Exchanges for paedocriminality fighting and traffic profiling(2007), MAPE, ANR-07-TLCOM-24,MAPE, ANR-07-TLCOM-24, Cholez, Thibault, and Télécommunications - Measurement and Analysis of Peer-to-peer Exchanges for paedocriminality fighting and traffic profiling - - MAPE2007 - ANR-07-TCOM-0024 - TCOM - VALID

Subjects

Routing protocol, DHT, Computer science, Sybil attack, 02 engineering and technology, Intrusion detection system, Computer security, computer.software_genre, Distributed hash table, [INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI], attack mitigation, 0202 electrical engineering, electronic engineering, information engineering, Divergence (statistics), KAD, [INFO.INFO-NI] Computer Science [cs]/Networking and Internet Architecture [cs.NI], business.industry, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, 020206 networking & telecommunications, Geometric distribution, Filter (video), IDs distribution, 020201 artificial intelligence & image processing, Routing (electronic design automation), business, computer, attack detection, Computer network

Abstract

International audience; We present a new solution to protect the widely deployed KAD DHT against localized attacks which can take control over DHT entries. We show through measurements that the IDs distribution of the best peers found after a lookup process follows a geometric distribution. We then use this result to detect DHT attacks by comparing real peers' ID distributions to the theoretical one thanks to the Kullback-Leibler divergence. When an attack is detected, we propose countermeasures that progressively remove suspicious peers from the list of possible contacts to provide a safe DHT access. Evaluations show that our method detects the most efficient attacks with a very small false-negative rate, while countermeasures successfully filter almost all malicious peers involved in an attack. Moreover, our solution completely fits the current design of the KAD network and introduces no network overhead.

Published

2010

20. Key Management in Ad Hoc Networks

Author

Mohamed Salah Bouassida, Isabelle Chrisment, and Olivier Festor

Subjects

Authentication, Multicast, Wireless ad hoc network, business.industry, Computer science, Mobile ad hoc network, Key management, business, Computer security, computer.software_genre, computer, Computer network

Published

2010

21. Formal Verification of Secure Group Communication Protocols Modelled in UML

Author

Isabelle Chrisment, Laurent Vigneron, S. Mota, P. de Saqui-Sannes, Mohamed Salah Bouassida, Benjamin Fontan, Najah Chridi, Thierry Villemur, Laboratoire d'analyse et d'architecture des systèmes (LAAS), Université Toulouse - Jean Jaurès (UT2J)-Université Toulouse 1 Capitole (UT1), Université Fédérale Toulouse Midi-Pyrénées-Université Fédérale Toulouse Midi-Pyrénées-Centre National de la Recherche Scientifique (CNRS)-Université Toulouse III - Paul Sabatier (UT3), Université Fédérale Toulouse Midi-Pyrénées-Institut National des Sciences Appliquées - Toulouse (INSA Toulouse), Institut National des Sciences Appliquées (INSA)-Institut National des Sciences Appliquées (INSA)-Institut National Polytechnique (Toulouse) (Toulouse INP), Université Fédérale Toulouse Midi-Pyrénées, Heuristique et Diagnostic des Systèmes Complexes [Compiègne] (Heudiasyc), Université de Technologie de Compiègne (UTC)-Centre National de la Recherche Scientifique (CNRS), Combination of approaches to the security of infinite states systems (CASSIS), Franche-Comté Électronique Mécanique, Thermique et Optique - Sciences et Technologies (UMR 6174) (FEMTO-ST), Université de Technologie de Belfort-Montbeliard (UTBM)-Ecole Nationale Supérieure de Mécanique et des Microtechniques (ENSMM)-Université de Franche-Comté (UFC), Université Bourgogne Franche-Comté [COMUE] (UBFC)-Université Bourgogne Franche-Comté [COMUE] (UBFC)-Centre National de la Recherche Scientifique (CNRS)-Université de Technologie de Belfort-Montbeliard (UTBM)-Ecole Nationale Supérieure de Mécanique et des Microtechniques (ENSMM)-Université de Franche-Comté (UFC), Université Bourgogne Franche-Comté [COMUE] (UBFC)-Université Bourgogne Franche-Comté [COMUE] (UBFC)-Centre National de la Recherche Scientifique (CNRS)-Inria Nancy - Grand Est, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Formal Methods (LORIA - FM), Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS), Management of dynamic networks and services (MADYNES), INRIA Lorraine, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Centre National de la Recherche Scientifique (CNRS)-Institut National Polytechnique de Lorraine (INPL)-Université Nancy 2-Université Henri Poincaré - Nancy 1 (UHP)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Institut National Polytechnique de Lorraine (INPL)-Université Nancy 2-Université Henri Poincaré - Nancy 1 (UHP), Université Toulouse Capitole (UT Capitole), Université de Toulouse (UT)-Université de Toulouse (UT)-Institut National des Sciences Appliquées - Toulouse (INSA Toulouse), Institut National des Sciences Appliquées (INSA)-Université de Toulouse (UT)-Institut National des Sciences Appliquées (INSA)-Université Toulouse - Jean Jaurès (UT2J), Université de Toulouse (UT)-Université Toulouse III - Paul Sabatier (UT3), Université de Toulouse (UT)-Centre National de la Recherche Scientifique (CNRS)-Institut National Polytechnique (Toulouse) (Toulouse INP), Université de Toulouse (UT), Université de Technologie de Belfort-Montbeliard (UTBM)-Ecole Nationale Supérieure de Mécanique et des Microtechniques (ENSMM)-Centre National de la Recherche Scientifique (CNRS)-Université de Franche-Comté (UFC), Université Bourgogne Franche-Comté [COMUE] (UBFC)-Université Bourgogne Franche-Comté [COMUE] (UBFC)-Université de Technologie de Belfort-Montbeliard (UTBM)-Ecole Nationale Supérieure de Mécanique et des Microtechniques (ENSMM)-Centre National de la Recherche Scientifique (CNRS)-Université de Franche-Comté (UFC), Université Bourgogne Franche-Comté [COMUE] (UBFC)-Université Bourgogne Franche-Comté [COMUE] (UBFC)-Inria Nancy - Grand Est, Institut National de Recherche en Informatique et en Automatique (Inria)-Université Henri Poincaré - Nancy 1 (UHP)-Université Nancy 2-Institut National Polytechnique de Lorraine (INPL)-Centre National de la Recherche Scientifique (CNRS)-Université Henri Poincaré - Nancy 1 (UHP)-Université Nancy 2-Institut National Polytechnique de Lorraine (INPL)-Centre National de la Recherche Scientifique (CNRS), Université Henri Poincaré-Nancy1 - UHP (FRANCE), Institut Supérieur de l'Aéronautique et de l'Espace - ISAE-SUPAERO (FRANCE), Thales (FRANCE), Instituto Tecnologico y de Estudios Superiores de Monterrey - ITESM (MEXICO), Université Toulouse III - Paul Sabatier - UT3 (FRANCE), Centre National de la Recherche Scientifique - CNRS (FRANCE), Université de Technologie de Compiègne – UTC (FRANCE), Université de Franche-Comté (FRANCE), Institut National de la Recherche en Informatique et en Automatique - INRIA (FRANCE), Institut National Polytechnique de Lorraine - INPL (FRANCE), and Institut National Polytechnique de Toulouse - Toulouse INP (FRANCE)

Subjects

Computer science, Réseaux et télécommunications, 02 engineering and technology, computer.software_genre, Time, [INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI], [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR], Unified Modeling Language, 0202 electrical engineering, electronic engineering, information engineering, Group communication systems, Formal vérification, Formal verification, computer.programming_language, Logique en informatique, Group protocols, Programming language, Computer Applications, 020206 networking & telecommunications, 020207 software engineering, Informatique et langage, Modélisation et simulation, UML, Communication in small groups, Security, Group management, Real-time, computer, Software, Protocols

Abstract

International audience; The paper discusses an experience in using Unified Modelling Language and two complementary verification tools in the framework of SAFECAST, a project on secured group communication systems design. AVISPA enabled detecting and fixing security flaws. The TURTLE toolkit enabled saving development time by eliminating design solutions with inappropriate temporal parameters.

Published

2010

22. Evaluation of Sybil Attacks Protection Schemes in KAD

Author

Isabelle Chrisment, Olivier Festor, Thibault Cholez, Management of dynamic networks and services (MADYNES), INRIA Lorraine, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Centre National de la Recherche Scientifique (CNRS)-Institut National Polytechnique de Lorraine (INPL)-Université Nancy 2-Université Henri Poincaré - Nancy 1 (UHP)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Institut National Polytechnique de Lorraine (INPL)-Université Nancy 2-Université Henri Poincaré - Nancy 1 (UHP), University of Twente, Ramin Sadre and Aiko Pras, ANR-07-TCOM-0024,MAPE,Measurement and Analysis of Peer-to-peer Exchanges for paedocriminality fighting and traffic profiling(2007), and Institut National de Recherche en Informatique et en Automatique (Inria)-Université Henri Poincaré - Nancy 1 (UHP)-Université Nancy 2-Institut National Polytechnique de Lorraine (INPL)-Centre National de la Recherche Scientifique (CNRS)-Université Henri Poincaré - Nancy 1 (UHP)-Université Nancy 2-Institut National Polytechnique de Lorraine (INPL)-Centre National de la Recherche Scientifique (CNRS)

Subjects

KAD, DHT, Computer science, business.industry, Network packet, Sybil attack, 020206 networking & telecommunications, 02 engineering and technology, security, Computer security, computer.software_genre, P2P networks, Security rule, Flooding (computer networking), Distributed hash table, [INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI], 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, business, computer, Limited resources, Ip address, Computer network

Abstract

The original publication is available at www.springerlink.com; International audience; In this paper, we assess the protection mechanisms entered into recent clients to fight against the Sybil attack in KAD, a widely deployed Distributed Hash Table. We study three main mechanisms: a protection against flooding through packet tracking, an IP address limitation and a verification of identities. We evaluate their efficiency by designing and adapting an attack for several KAD clients with different levels of protection. Our results show that the new security rules mitigate the Sybil attacks previously launched. However, we prove that it is still possible to control a small part of the network despite the new inserted defenses with a distributed eclipse attack and limited resources.

Published

2009

23. A Distributed and Adaptive Revocation Mechanism for P2P networks

Author

Isabelle Chrisment, Olivier Festor, Thibault Cholez, Management of dynamic networks and services (MADYNES), INRIA Lorraine, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université Henri Poincaré - Nancy 1 (UHP)-Université Nancy 2-Institut National Polytechnique de Lorraine (INPL)-Centre National de la Recherche Scientifique (CNRS)-Université Henri Poincaré - Nancy 1 (UHP)-Université Nancy 2-Institut National Polytechnique de Lorraine (INPL)-Centre National de la Recherche Scientifique (CNRS), and Centre National de la Recherche Scientifique (CNRS)-Institut National Polytechnique de Lorraine (INPL)-Université Nancy 2-Université Henri Poincaré - Nancy 1 (UHP)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Institut National Polytechnique de Lorraine (INPL)-Université Nancy 2-Université Henri Poincaré - Nancy 1 (UHP)

Subjects

Service (systems architecture), Computer science, media_common.quotation_subject, Cryptography, 02 engineering and technology, Computer security, computer.software_genre, P2P networks, 01 natural sciences, [INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI], 0202 electrical engineering, electronic engineering, information engineering, Quality (business), Protocol (object-oriented programming), media_common, KAD, Revocation, business.industry, 010401 analytical chemistry, reputation mechanism, 020206 networking & telecommunications, remote accounts, 0104 chemical sciences, revocation mechanism, Scalability, business, computer, Reputation, Computer network

Abstract

International audience; With the increasing deployment of P2P networks, supervising the malicious behaviours of participants, which degrade the quality and performance of the overall delivered service, is a real challenge. In this paper, we propose a fully distributed and adaptive revocation mechanism based on the reputation of the peers. The originality of our approach is that the revocation is integrated in the core of the P2P protocol and does not need complex consensus and cryptographic mechanisms, hardly scalable. The reputation criteria evolve with the contribution of a peer to the network in order to highlight and help fight against selfish or malicious behaviours. The preliminary results show that the user perceived delays are not highly impacted and that our solution is resistant to reputation and revocation attacks.

Published

2008

24. Automated Verification of a Key Management Architecture for Hierarchical Group Protocols

Author

Laurent Vigneron, Najah Chridi, Olivier Festor, Mohamed Salah Bouassida, Isabelle Chrisment, Heuristique et Diagnostic des Systèmes Complexes [Compiègne] (Heudiasyc), Université de Technologie de Compiègne (UTC)-Centre National de la Recherche Scientifique (CNRS), Combination of approaches to the security of infinite states systems (CASSIS), Franche-Comté Électronique Mécanique, Thermique et Optique - Sciences et Technologies (UMR 6174) (FEMTO-ST), Université de Technologie de Belfort-Montbeliard (UTBM)-Ecole Nationale Supérieure de Mécanique et des Microtechniques (ENSMM)-Université de Franche-Comté (UFC), Université Bourgogne Franche-Comté [COMUE] (UBFC)-Université Bourgogne Franche-Comté [COMUE] (UBFC)-Centre National de la Recherche Scientifique (CNRS)-Université de Technologie de Belfort-Montbeliard (UTBM)-Ecole Nationale Supérieure de Mécanique et des Microtechniques (ENSMM)-Université de Franche-Comté (UFC), Université Bourgogne Franche-Comté [COMUE] (UBFC)-Université Bourgogne Franche-Comté [COMUE] (UBFC)-Centre National de la Recherche Scientifique (CNRS)-Inria Nancy - Grand Est, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Formal Methods (LORIA - FM), Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS), Management of dynamic networks and services (MADYNES), INRIA Lorraine, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Centre National de la Recherche Scientifique (CNRS)-Institut National Polytechnique de Lorraine (INPL)-Université Nancy 2-Université Henri Poincaré - Nancy 1 (UHP)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Institut National Polytechnique de Lorraine (INPL)-Université Nancy 2-Université Henri Poincaré - Nancy 1 (UHP), Université de Technologie de Belfort-Montbeliard (UTBM)-Ecole Nationale Supérieure de Mécanique et des Microtechniques (ENSMM)-Centre National de la Recherche Scientifique (CNRS)-Université de Franche-Comté (UFC), Université Bourgogne Franche-Comté [COMUE] (UBFC)-Université Bourgogne Franche-Comté [COMUE] (UBFC)-Université de Technologie de Belfort-Montbeliard (UTBM)-Ecole Nationale Supérieure de Mécanique et des Microtechniques (ENSMM)-Centre National de la Recherche Scientifique (CNRS)-Université de Franche-Comté (UFC), Université Bourgogne Franche-Comté [COMUE] (UBFC)-Université Bourgogne Franche-Comté [COMUE] (UBFC)-Inria Nancy - Grand Est, and Institut National de Recherche en Informatique et en Automatique (Inria)-Université Henri Poincaré - Nancy 1 (UHP)-Université Nancy 2-Institut National Polytechnique de Lorraine (INPL)-Centre National de la Recherche Scientifique (CNRS)-Université Henri Poincaré - Nancy 1 (UHP)-Université Nancy 2-Institut National Polytechnique de Lorraine (INPL)-Centre National de la Recherche Scientifique (CNRS)

Subjects

Multicast, Computer science, 020206 networking & telecommunications, 020207 software engineering, 02 engineering and technology, Communications security, Computer security, computer.software_genre, [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR], [INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI], Formal language, 0202 electrical engineering, electronic engineering, information engineering, Hierarchical control system, Electrical and Electronic Engineering, Architecture, Key management, computer, Formal verification, Vulnerability (computing)

Abstract

International audience; Emerging applications require secure group communications involving hierarchical architecture protocols. Designing such secure hierarchical protocols is not straightforward, and their verification becomes a major issue in order to avoid any possible security attack and vulnerability. Several attempts have been made to deal with formal verification of group protocols, but to our knowledge, none of them did address the security of hierarchical ones. In this paper, we present the specific challenges and security issues of hierarchical secure group communications, and the work we did for their verification. We show how the AtSe back-end of the AVISPA tool was used to verify one of these protocols.; De nouvelles applications requièrent des communications de groupe, intégrant des protocoles hiérarchiques. La conception de ce genre de protocoles n'est pas aisée et leur vérification devient une véritable problématique pour éviter toute éventuelle attaque de sécurité. Plusieurs travaux de recherche se sont focalisés sur la vérification formelle des protocoles de groupe. Néanmoins, à notre connaissance, aucun d'eux n'a adressé les protocoles hiérarchiques. Ce papier présente les défis spécifiques et les problématiques de sécurité des communications de groupes hiérarchiques, ainsi que le travail effectué en vue de leur vérification. Nous montrons comment le back-end AtSe de l'outil de vérification des protocoles de sécurité AVISPA, a été utilisé pour valider l'un de ces protocoles.

Published

2007

25. Monitoring the Neighbor Discovery Protocol

Author

Isabelle Chrisment, Thibault Cholez, Frédéric Beck, Olivier Festor, Beck, Frédéric, Management of dynamic networks and services (MADYNES), INRIA Lorraine, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), and Institut National de Recherche en Informatique et en Automatique (Inria)-Université Henri Poincaré - Nancy 1 (UHP)-Université Nancy 2-Institut National Polytechnique de Lorraine (INPL)-Centre National de la Recherche Scientifique (CNRS)-Université Henri Poincaré - Nancy 1 (UHP)-Université Nancy 2-Institut National Polytechnique de Lorraine (INPL)-Centre National de la Recherche Scientifique (CNRS)

Subjects

[INFO.INFO-NI] Computer Science [cs]/Networking and Internet Architecture [cs.NI], computer.internet_protocol, business.industry, Computer science, 020209 energy, Distributed computing, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Service discovery, 02 engineering and technology, Neighbor Discovery Protocol, Task (project management), IPv6, law.invention, IP tunnel, [INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI], Internet protocol suite, law, Internet Protocol, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, business, computer, Computer network, NDPMon

Abstract

International audience; While IPv6 is increasingly being deployed in networks, including ISPs, the need to monitor and manage the associated protocols increases. In this paper we focus on the Neighbor Discovery Protocol and we motivate the importance to monitor it. We also present our approach for this task together with the functionalities we provide and the software, NDPMon, that we developed.

Published

2007

26. Efficient Group Key Management Protocol in MANETs using the Multipoint Relaying Technique

Author

Isabelle Chrisment, Mohamed Salah Bouassida, Olivier Festor, Management of dynamic networks and services (MADYNES), INRIA Lorraine, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université Henri Poincaré - Nancy 1 (UHP)-Université Nancy 2-Institut National Polytechnique de Lorraine (INPL)-Centre National de la Recherche Scientifique (CNRS)-Université Henri Poincaré - Nancy 1 (UHP)-Université Nancy 2-Institut National Polytechnique de Lorraine (INPL)-Centre National de la Recherche Scientifique (CNRS), IEEE Computer Society, and Bouassida, Mohamed Salah

Subjects

Computer science, computer.internet_protocol, Distributed computing, multicast, Key distribution, Distance Vector Multicast Routing Protocol, 02 engineering and technology, [INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI], 0202 electrical engineering, electronic engineering, information engineering, Session key, Xcast, Pragmatic General Multicast, Vehicular ad hoc network, [INFO.INFO-NI] Computer Science [cs]/Networking and Internet Architecture [cs.NI], Multicast, Protocol Independent Multicast, business.industry, Inter-domain, ad hoc, 020206 networking & telecommunications, Mobile ad hoc network, Energy consumption, Ad hoc wireless distribution service, key distribution, Source-specific multicast, Optimized Link State Routing Protocol, Geocast, IP multicast, 020201 artificial intelligence & image processing, MPRs, business, computer, clustering, Computer network

Abstract

In this paper, we present an efficient clustering scheme for application level multicast key distribution in mobile ad hoc networks. We show how our scheme can be combined with the Multipoint Relaying technique, in a very effective way, according to the localization of the group members and their mobility. The efficiency of this combination in terms of average latency of key delivery, energy consumption and key delivery ratio, is validated through simulation.

Published

2006

27. Mobility-Awareness in Group Key Management Protocols within MANETs

Author

Olivier Festor, Mohamed Salah Bouassida, Isabelle Chrisment, Management of dynamic networks and services (MADYNES), INRIA Lorraine, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Centre National de la Recherche Scientifique (CNRS)-Institut National Polytechnique de Lorraine (INPL)-Université Nancy 2-Université Henri Poincaré - Nancy 1 (UHP)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Institut National Polytechnique de Lorraine (INPL)-Université Nancy 2-Université Henri Poincaré - Nancy 1 (UHP), and Institut National de Recherche en Informatique et en Automatique (Inria)-Université Henri Poincaré - Nancy 1 (UHP)-Université Nancy 2-Institut National Polytechnique de Lorraine (INPL)-Centre National de la Recherche Scientifique (CNRS)-Université Henri Poincaré - Nancy 1 (UHP)-Université Nancy 2-Institut National Polytechnique de Lorraine (INPL)-Centre National de la Recherche Scientifique (CNRS)

Subjects

Mobility, Cloud computing security, Computer science, Wireless network, Wireless ad hoc network, 020302 automobile design & engineering, 020206 networking & telecommunications, 02 engineering and technology, Mobile ad hoc network, Computer security, computer.software_genre, [INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI], 0203 mechanical engineering, Security association, Security service, Software deployment, Group key Management, Ad Hoc networks, 0202 electrical engineering, electronic engineering, information engineering, Electrical and Electronic Engineering, Key management, computer

Abstract

Several sensitive applications deployed within wireless networks require group communications. A high level of security is often required in such applications, like military or public security applications. The most suitable solution to ensure security in these services is the deployment of a group key management protocol, adapted to the characteristics of MANETs, especially to mobility of nodes. In this paper, we present the OMCT (Optimized Multicast Cluster Tree) algorithm for dynamic clustering of multicast group, that takes into account both nodes localization and mobility, and optimizes the energy and bandwidth consumptions. Then, we show how we integrate OMCT within our group key management protocol BALADE, in a sequential multi-source model. The integration of BALADE and OMCT allows an efficient and fast key distribution process, validated through simulations, by applying various models of mobility (individual mobility and group mobility). The impact of the mobility model on the performance and the behaviour of the group key management protocol BALADE coupled with OMCT, is also evaluated.

Published

2006

28. An Enhanced Hybrid Key Management Protocol for Secure Multicast in Ad Hoc Networks

Author

Olivier Festor, Isabelle Chrisment, Mohamed Salah Bouassida, Management of dynamic networks and services (MADYNES), INRIA Lorraine, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université Henri Poincaré - Nancy 1 (UHP)-Université Nancy 2-Institut National Polytechnique de Lorraine (INPL)-Centre National de la Recherche Scientifique (CNRS)-Université Henri Poincaré - Nancy 1 (UHP)-Université Nancy 2-Institut National Polytechnique de Lorraine (INPL)-Centre National de la Recherche Scientifique (CNRS), and N. Mitrou and K. Kontovasilis and G.N. Rouskas

Subjects

Computer science, Wireless ad hoc network, computer.internet_protocol, [INFO.INFO-OH]Computer Science [cs]/Other [cs.OH], Wireless Routing Protocol, Distance Vector Multicast Routing Protocol, réseaux ad hoc, 02 engineering and technology, group key management, 0202 electrical engineering, electronic engineering, information engineering, Multicast address, Wireless, Xcast, Key management, cryptographie à seuil, Pragmatic General Multicast, Secure multicast, Vehicular ad hoc network, Multicast, Protocol Independent Multicast, business.industry, Inter-domain, 05 social sciences, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, 050301 education, 020206 networking & telecommunications, Ad hoc wireless distribution service, sécurité multicast, gestion de clé de groupes, Source-specific multicast, Optimized Link State Routing Protocol, Internet Group Management Protocol, threshold cryptography, multicast security, ad hoc networks, IP multicast, Unicast, business, 0503 education, computer, Computer network

Abstract

Colloque avec actes et comité de lecture. internationale.; International audience; An ad hoc network is a collection of wireless mobile hosts forming a temporary network without the aid of any established infrastructure or centralized administration. This exibility in space and time induces new challenges towards the security infrastructure needed to support secure unicast and multicast communications. Especially, traditional group key management architectures meant for wired networks are not appropriate in such environment due to high dynamics and mobility of nodes. In this paper, we propose an enhanced hybrid key management protocol for secure multicast dedicated to operate in ad hoc networks. Built on a protocol called BAAL dedicated to key distribution in wired networks, our approach integrates threshold cryptography and the services of the AKMP protocol to deliver fast, efficient and mobility aware key distribution in a multicast service.

Published

2004

29. A secure SSM architecture

Author

Abdelkader Lahmadi, G. Chaddoud, Isabelle Chrisment, Software Tools for Telecommunications and Distributed Systems (RESEDAS), INRIA Lorraine, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), and Institut National de Recherche en Informatique et en Automatique (Inria)-Université Henri Poincaré - Nancy 1 (UHP)-Université Nancy 2-Institut National Polytechnique de Lorraine (INPL)-Centre National de la Recherche Scientifique (CNRS)-Université Henri Poincaré - Nancy 1 (UHP)-Université Nancy 2-Institut National Polytechnique de Lorraine (INPL)-Centre National de la Recherche Scientifique (CNRS)

Subjects

Routing protocol, computer.internet_protocol, Computer science, [INFO.INFO-OH]Computer Science [cs]/Other [cs.OH], clé de canal, 050801 communication & media studies, Access control, 02 engineering and technology, security unicast and multicast, Permission, 0508 media and communications, 0202 electrical engineering, electronic engineering, information engineering, protocole de sécurité, Authentication, diffusion multimédia, business.industry, 05 social sciences, security protocol, 020207 software engineering, Cryptographic protocol, channel key, Key (cryptography), IP multicast, multimedia braodcasin, The Internet, sécurité point-à-point et multipoint, business, computer, Computer network

Abstract

Colloque avec actes et comité de lecture. internationale.; International audience; The SSM model is appeared in order to overcome the problems of deployment of IP multicast. However, a real commercial deployment of SSM have to offer some security services. Our work proposes an architecture, called S-SSM, for securing the SSM model. S-SSM defines two mechanisms for access control and content protection. The first one is carried out through subscriber authentication and access permission. As for the second, it is realized through the management of a unique key, called the channel key, k_ch, shared among the sender and subscribers. We have implemented a prototype of S-SSM in order to prove the feasability and evaluate the performance of our design.

Published

2003

30. Dynamic group communication security

Author

G. Chaddoud, Isabelle Chrisment, A. Schaff, Software Tools for Telecommunications and Distributed Systems (RESEDAS), INRIA Lorraine, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), and Institut National de Recherche en Informatique et en Automatique (Inria)-Université Henri Poincaré - Nancy 1 (UHP)-Université Nancy 2-Institut National Polytechnique de Lorraine (INPL)-Centre National de la Recherche Scientifique (CNRS)-Université Henri Poincaré - Nancy 1 (UHP)-Université Nancy 2-Institut National Polytechnique de Lorraine (INPL)-Centre National de la Recherche Scientifique (CNRS)

Subjects

communications de groupes, Computer science, [INFO.INFO-OH]Computer Science [cs]/Other [cs.OH], 050801 communication & media studies, 02 engineering and technology, Computer security, computer.software_genre, Network simulation, 0508 media and communications, key management, 0202 electrical engineering, electronic engineering, information engineering, sécurité de groupe, Message authentication code, Key management, Authentication, Revocation, business.industry, 05 social sciences, Key distribution center, 020206 networking & telecommunications, gestion de clés, group communication, Communication in small groups, Key (cryptography), business, computer, group security, Computer network

Abstract

Colloque avec actes et comité de lecture. internationale.; International audience; If multicast communication appears as the most efficient way to send data to a group of participants, it presents also more vulnerabilities to attacks and requires services such as authentication, integrity and confidentiality to transport data securely. In this paper, we present the protocol Baal as a scalable solution to group key management problems and show how Baal resolves the user's revocation problem. This protocol is based on decentralized group key management with only one key shared among group members. We use then Network Simulator, ns-2, in order to evaluate the performance of our protocol in the case of group initialisation, and compare it with SKDC approaches.

Published

2002

31. Dynamic Group Key Management Protocol

Author

Ghassan Chaddoud, Isabelle Chrisment, André Schaff, Software Tools for Telecommunications and Distributed Systems (RESEDAS), INRIA Lorraine, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université Henri Poincaré - Nancy 1 (UHP)-Université Nancy 2-Institut National Polytechnique de Lorraine (INPL)-Centre National de la Recherche Scientifique (CNRS)-Université Henri Poincaré - Nancy 1 (UHP)-Université Nancy 2-Institut National Polytechnique de Lorraine (INPL)-Centre National de la Recherche Scientifique (CNRS), and Centre National de la Recherche Scientifique (CNRS)-Institut National Polytechnique de Lorraine (INPL)-Université Nancy 2-Université Henri Poincaré - Nancy 1 (UHP)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Institut National Polytechnique de Lorraine (INPL)-Université Nancy 2-Université Henri Poincaré - Nancy 1 (UHP)

Subjects

communications de groupes, Computer science, computer.internet_protocol, [INFO.INFO-OH]Computer Science [cs]/Other [cs.OH], Distance Vector Multicast Routing Protocol, 02 engineering and technology, Computer security, computer.software_genre, 03 medical and health sciences, key management, 0202 electrical engineering, electronic engineering, information engineering, sécurité de groupe, Xcast, Key management, Pragmatic General Multicast, 030304 developmental biology, 0303 health sciences, Protocol Independent Multicast, Multicast, Inter-domain, business.industry, Local area network, 020206 networking & telecommunications, gestion de clés, Source-specific multicast, group communication, Internet Group Management Protocol, Reliable multicast, IP multicast, business, computer, group security, Computer network

Abstract

Colloque avec actes et comité de lecture. internationale.; International audience; If multicast communication appears as the most efficient way to send data to a group of participants, it presents also more vulnerabilities to attacks and requires services such as authentication, integrity and confidentiality to transport data securely. In this paper, after introducting the research work related to securing multicast communication, we present the protocol Baal as a solution to the scalability problems of key management in dynamic multicast group and show how Baal resolves the user's revocation problem. This protocol is based on distributed group key management by local controllers within sub-networks.

Published

2001

32. ALFred, a protocol compiler for the automated implementation of distributed applications

Author

Laurent Gautier, Torsten Braun, Francois Gagnon, Isabelle Chrisment, and Christophe Diot

Subjects

Programming language, Computer science, Distributed computing, Optimizing compiler, Inline expansion, computer.software_genre, Functional compiler, Computer architecture, Compiler construction, Interprocedural optimization, Compiler, Software_PROGRAMMINGLANGUAGES, Hardware_CONTROLSTRUCTURESANDMICROPROGRAMMING, Bootstrapping (compilers), computer, Compiler correctness

Abstract

This paper describes the design and the prototyping of a compiling tool for the automated implementation of distributed applications: ALFred. This compiler starts from the formal specification of an application written in ESTEREL and then integrates end-to-end communication functions tailored to the application characteristics (described in the specification); it finally produces a high performance implementation. The paper describes the communication architecture associated with the approach. The compiler consists of a control compiler, also called ALF compiler, and a data manipulation compiler (the ILP compiler) that combines data manipulation functions in an efficient way (the ILP loop). The ALFred compiler has been designed to allow the development and the analysis of non-layered high performance communication architectures based on ALF and ILP.

Published

1996

33. Application Level Framing and Automated Implementation

Author

Isabelle Chrisment, Christophe Diot, and Antony Richards

Subjects

Application programmer, business.industry, Computer science, computer.file_format, JPEG, Esterel, Embedded system, Framing (construction), Formal specification, business, Communications protocol, Implementation, computer, computer.programming_language, Data transmission

Abstract

New concepts such as the Application Level Framing (ALF) have been proposed to make network protocol implementations more efficient and to give the application programmer greater control over the data transmission. This paper describes early experiments with automated design and implementation of application-specific communication protocols based on the formal specification of the application using ESTEREL. A comparison is made between a hand coded JPEG player and its automated equivalent. The results show that the automated approach creates a better integrated implementation with the same level of performance.

Published

1995

34. A Management Platform for Tracking Cyber Predators in Peer-to-Peer Networks

Author

Radu State, Isabelle Chrisment, O. Festor, Rémi Badonnel, Management of dynamic networks and services (MADYNES), INRIA Lorraine, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université Henri Poincaré - Nancy 1 (UHP)-Université Nancy 2-Institut National Polytechnique de Lorraine (INPL)-Centre National de la Recherche Scientifique (CNRS)-Université Henri Poincaré - Nancy 1 (UHP)-Université Nancy 2-Institut National Polytechnique de Lorraine (INPL)-Centre National de la Recherche Scientifique (CNRS), and Centre National de la Recherche Scientifique (CNRS)-Institut National Polytechnique de Lorraine (INPL)-Université Nancy 2-Université Henri Poincaré - Nancy 1 (UHP)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Institut National Polytechnique de Lorraine (INPL)-Université Nancy 2-Université Henri Poincaré - Nancy 1 (UHP)

Subjects

Honeypot, business.industry, Computer science, Multi-agent system, Honeypots, 020207 software engineering, 02 engineering and technology, Peer-to-peer, 16. Peace & justice, Computer security, computer.software_genre, Application software, Network topology, Peer-To-Peer Networks, Electronic mail, [INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI], Network management, File sharing, Network Management, Security, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, business, computer, Computer network

Abstract

International audience; Peer-to-peer (p2p) networks have become a privileged communication infrastructure for file sharing applications. However, it can also provide support for cybercriminality activities performed by organized criminal groups that can voluntarily propagate strongly undesirable contents. We propose in this paper a management platform capable of tracking and identifying such cyberpredators in peer-to-peer networks. We describe the architecture consisting of a set of configurable honeypot agents and detail how a honeypot is capable of advertising strongly undesirable contents and of detecting network users that attempt to acquire them. The distributed tracking solution is experimented through an implementation prototype in realistic scenarios.

35. Decision Engine for SIP Based Dynamic Call Routing

Author

Sajjad Ali Musthaq, Annie Gravey, Christophe Lohr, Télécom Bretagne, Isabelle Chrisment, Alva Couch, Rémi Badonnel, Martin Waldburger, TC 6, Département informatique ( INFO ), Université européenne de Bretagne ( UEB ) -Télécom Bretagne-Institut Mines-Télécom [Paris], Lab-STICC_TB_CID_IHSEV, Laboratoire des sciences et techniques de l'information, de la communication et de la connaissance (UMR 3192) ( Lab-STICC ), Université européenne de Bretagne ( UEB ) -Université de Bretagne Sud ( UBS ) -Université de Brest ( UBO ) -Télécom Bretagne-Institut Brestois du Numérique et des Mathématiques ( IBNM ), Université de Brest ( UBO ) -Institut Mines-Télécom [Paris]-Centre National de la Recherche Scientifique ( CNRS ) -Université européenne de Bretagne ( UEB ) -Université de Bretagne Sud ( UBS ) -Université de Brest ( UBO ) -Télécom Bretagne-Institut Brestois du Numérique et des Mathématiques ( IBNM ), Université de Brest ( UBO ) -Institut Mines-Télécom [Paris]-Centre National de la Recherche Scientifique ( CNRS ), Département informatique (INFO), Université européenne de Bretagne - European University of Brittany (UEB)-Télécom Bretagne-Institut Mines-Télécom [Paris] (IMT), Laboratoire des sciences et techniques de l'information, de la communication et de la connaissance (UMR 3192) (Lab-STICC), Université européenne de Bretagne - European University of Brittany (UEB)-Université de Bretagne Sud (UBS)-Université de Brest (UBO)-Institut Brestois du Numérique et des Mathématiques (IBNM), Université de Brest (UBO)-Télécom Bretagne-Institut Mines-Télécom [Paris] (IMT)-Centre National de la Recherche Scientifique (CNRS)-Université européenne de Bretagne - European University of Brittany (UEB)-Université de Bretagne Sud (UBS)-Université de Brest (UBO)-Institut Brestois du Numérique et des Mathématiques (IBNM), Université de Brest (UBO)-Télécom Bretagne-Institut Mines-Télécom [Paris] (IMT)-Centre National de la Recherche Scientifique (CNRS), and Télécom Bretagne, Bibliothèque

Subjects

Decision support system, Computer science, computer.internet_protocol, [ INFO.INFO-NI ] Computer Science [cs]/Networking and Internet Architecture [cs.NI], Grey Relation Analysis (GRA), Call Dropping Probability, 02 engineering and technology, Multiple-criteria decision making, Grey relation analysis, Outsourcing, [INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI], Decision Engine, Multihoming, 0202 electrical engineering, electronic engineering, information engineering, Multi-Criteria Decision Making (MCDM), [INFO]Computer Science [cs], Session Initiation Protocol, [INFO.INFO-NI] Computer Science [cs]/Networking and Internet Architecture [cs.NI], business.industry, Quality of service, 020206 networking & telecommunications, Provisioning, TOPSIS, Multiple-criteria decision analysis, Throughput, 020201 artificial intelligence & image processing, business, computer, Computer network

Abstract

Part 3: Policy Management; International audience; Enterprises nowadays are subscribing access to several Internet Service Providers (ISPs) for reliability, redundancy and better revenues underlying the service extension, while providing good Quality of Service (QoS). In this paper, a dynamic decision-making framework is presented for Session Initiation Protocol (SIP) based voice/video call routing in multihomed network. The decision engine takes multiple criteria into account while computing the routing decision (attributes from context of the request, platform’s latest conditional parameters, business objectives of the company, etc.). Two Multi-Criteria Decision Making (MCDM) methods, namely Grey Relational Analysis (GRA) and an extended version of Technique for Order Preference by Similarity to Ideal Solution (TOPSIS) are used for decision calculation in outsourcing and provisioning enforcement modes respectively. The proposed solution gives higher throughput and lower call dropping probability while fulfilling the desired goals, taking into account the multiple attributes for choosing the best alternative.

Published

2011

36. Econometric Feedback for Runtime Risk Management in VoIP Architectures

Author

Olivier Festor, Oussema Dabbebi, Rémi Badonnel, Management of dynamic networks and services (MADYNES), INRIA Lorraine, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université Henri Poincaré - Nancy 1 (UHP)-Université Nancy 2-Institut National Polytechnique de Lorraine (INPL)-Centre National de la Recherche Scientifique (CNRS)-Université Henri Poincaré - Nancy 1 (UHP)-Université Nancy 2-Institut National Polytechnique de Lorraine (INPL)-Centre National de la Recherche Scientifique (CNRS), Laboratoire Commun Alcatel Lucent INRIA, Isabelle Chrisment, Alva Couch, Rémi Badonnel, Martin Waldburger, TC 6, and Centre National de la Recherche Scientifique (CNRS)-Institut National Polytechnique de Lorraine (INPL)-Université Nancy 2-Université Henri Poincaré - Nancy 1 (UHP)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Institut National Polytechnique de Lorraine (INPL)-Université Nancy 2-Université Henri Poincaré - Nancy 1 (UHP)

Subjects

Service (systems architecture), Computer science, computer.internet_protocol, media_common.quotation_subject, 02 engineering and technology, security, risk management, [INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI], 0202 electrical engineering, electronic engineering, information engineering, Econometrics, Quality (business), [INFO]Computer Science [cs], Risk management, media_common, Session Initiation Protocol, Voice over IP, business.industry, 020206 networking & telecommunications, voice over IP, network management, Variety (cybernetics), Network management, Software deployment, 020201 artificial intelligence & image processing, business, computer

Abstract

Part 1: Security Management; International audience; VoIP infrastructures are exposed to a large variety of security attacks, but the deployment of security safeguards may deteriorate their performance. Risk management provides new perspectives for addressing this issue. Risk models permit to reduce these attacks while maintaining the quality of such a critical service. These models often suffer from their complexity due to the high number of parameters to be configured. We therefore propose in this paper a self-configuration strategy for support- ing runtime risk management in VoIP architectures. This strategy aims at automatically adapting these parameters based on an econometric feedback mechanism. We mathematically describe this self-configuration strategy, show how it can be integrated into our runtime risk model. We then evaluate its deployment based on a proof-of-concept prototype, and quantify its performance through an extensive set of simulation results.

Published

2011

37. Autonomous Platform for Life-Critical Decision Support in the ICU

Author

Filip De Turck, Kristof Steurbaut, Universiteit Gent = Ghent University [Belgium] (UGENT), Isabelle Chrisment, Alva Couch, Rémi Badonnel, Martin Waldburger, TC 6, Chrisment, Isabelle, Couch, Alva, Badonnel, Rémi, and Waldburger, Martin

Subjects

Decision support system, services, Process management, Computer science, Computer security, computer.software_genre, Dependability, law.invention, 03 medical and health sciences, [INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI], 0302 clinical medicine, Software, law, Robustness (computer science), Medicine and Health Sciences, [INFO]Computer Science [cs], 030212 general & internal medicine, business.industry, 030503 health policy & services, Information technology, Usability, Intensive care unit, 3. Good health, ICU, IBCN, 0305 other medical science, business, computer

Abstract

Part 2: PhD Workshop: Autonomic Network and Service Management; International audience; The Intensive Care Unit is a complex, data-intensive and critical environment in which the adoption of Information Technology is growing. As physicians become more dependent on the computing technology to support decisions, raise real-time alerts and notifications of patient-specific conditions, this software has strong dependability requirements. The dependability challenges are expressed in terms of availability, reliability, performance, usability and maintenance of the system. Our research focuses on the design and development of a generic autonomous ICU service platform. COSARA is a computer-based platform for infection surveillance and antibiotic management in ICU. During its design, development and evaluation, we identified both technological and human factors that affect robustness. We presented the identified research questions that will be addressed in detail during PhD research.

Published

2011

38. Using Diffusive Load Balancing to Improve Performance of Peer-to-Peer Systems for Hosting Services

Author

Ying Qiao, Gregor von Bochmann, University of Ottawa [Ottawa], Isabelle Chrisment, Alva Couch, Rémi Badonnel, Martin Waldburger, and TC 6

Subjects

peer-to-peer systems, Computer science, business.industry, Distributed computing, distributed resource management, Overlay network, 020206 networking & telecommunications, 02 engineering and technology, Internet hosting service, Load balancing (computing), Peer-to-peer, computer.software_genre, [INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI], Network Load Balancing Services, Homogeneous, 0202 electrical engineering, electronic engineering, information engineering, diffusive load balancing, 020201 artificial intelligence & image processing, [INFO]Computer Science [cs], business, computer, Load balancing, Computer network

Abstract

Part 5: P2P and Aggregation Schemes; International audience; This paper presents a diffusive load balancing algorithm for peer-to-peer systems. The algorithm reduces the differences of the available capacities of the nodes in the system using service migrations between nodes in order to obtain similar performance for all nodes. We propose algorithms for handling homogeneous services, i.e., services with equal resource requirements, and for heterogeneous services, i.e., services with diverse resource requirements. We have investigated the effect of load balancing in a simulated peer-to-peer system with a skip-list overlay network. Our simulation results indicate that in case that the churn (nodes joining or leaving) is negligible, a system that hosts services with small resource requirements can maintain equal performance for all nodes with a small variance. In case that churn is high, a system that hosts homogeneous services with large resource requirements can maintain equal node performance within a reasonable variance requiring only few service migrations.

Published

2011

39. Impact of Dynamics on Situated and Global Aggregation Schemes

Author

Grégory Bonnet, Rafik Makhloufi, Guillaume Doyen, Dominique Gaïti, Environnement de Réseaux Autonomes (ERA), Institut Charles Delaunay (ICD), Université de Technologie de Troyes (UTT)-Centre National de la Recherche Scientifique (CNRS)-Université de Technologie de Troyes (UTT)-Centre National de la Recherche Scientifique (CNRS), Equipe MAD - Laboratoire GREYC - UMR6072, Groupe de Recherche en Informatique, Image et Instrumentation de Caen (GREYC), Centre National de la Recherche Scientifique (CNRS)-École Nationale Supérieure d'Ingénieurs de Caen (ENSICAEN), Normandie Université (NU)-Normandie Université (NU)-Université de Caen Normandie (UNICAEN), Normandie Université (NU)-Centre National de la Recherche Scientifique (CNRS)-École Nationale Supérieure d'Ingénieurs de Caen (ENSICAEN), Normandie Université (NU), Isabelle Chrisment, Alva Couch, Rémi Badonnel, Martin Waldburger, TC 6, Université de Caen Normandie (UNICAEN), Normandie Université (NU)-Normandie Université (NU)-École Nationale Supérieure d'Ingénieurs de Caen (ENSICAEN), Normandie Université (NU)-Centre National de la Recherche Scientifique (CNRS)-Université de Caen Normandie (UNICAEN), and Normandie Université (NU)-Centre National de la Recherche Scientifique (CNRS)

Subjects

agregation protocols, Computer science, Scale (chemistry), Distributed computing, 020206 networking & telecommunications, Context (language use), 0102 computer and information sciences, 02 engineering and technology, computer.software_genre, 01 natural sciences, [INFO.INFO-MO]Computer Science [cs]/Modeling and Simulation, [INFO.INFO-AI]Computer Science [cs]/Artificial Intelligence [cs.AI], Management information systems, Work (electrical), 010201 computation theory & mathematics, Order (exchange), [INFO.INFO-MA]Computer Science [cs]/Multiagent Systems [cs.MA], autonomic networking, Situated, experimentations, 0202 electrical engineering, electronic engineering, information engineering, Autonomic networking, Data mining, Decision-making, computer

Abstract

Part 5: P2P and Aggregation Schemes; International audience; Recently, numerous management approaches have emerged in order to manage networks and services in a decentralized and autonomous way. Some of them propose to minimize their cost by using a situated view when collecting aggregates for the decision making process, while others propose to improve their accuracy by using a more conventional approach which is global view. So far, little attention is given to the evaluation of situated view while many studies propose to evaluate global approaches. As a consequence, there is no work in the literature that compares the performance of situated and global aggregation schemes. Being able to choose the suitable approach for a given context is still a real challenge. Mastering it will ensure the e fficiency of the autonomous management system. In this paper, we present a comparative study of situated and global schemes deployed over large scale and dynamic networks. We consider two factors: network and information dynamics. We implement typical aggregation schemes from each category and then we compare them according to the accuracy of the estimated aggregates and the e ciency of the decision making process.

Published

2011

40. Towards Vulnerability Prevention in Autonomic Networks and Systems

Author

Martín Barrère, Olivier Festor, Rémi Badonnel, Management of dynamic networks and services (MADYNES), INRIA Lorraine, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université Henri Poincaré - Nancy 1 (UHP)-Université Nancy 2-Institut National Polytechnique de Lorraine (INPL)-Centre National de la Recherche Scientifique (CNRS)-Université Henri Poincaré - Nancy 1 (UHP)-Université Nancy 2-Institut National Polytechnique de Lorraine (INPL)-Centre National de la Recherche Scientifique (CNRS), Isabelle Chrisment, Alva Couch, Rémi Badonnel, Martin Waldburger, TC 6, and European Project: 257513,EC:FP7:ICT,FP7-ICT-2009-5,UNIVERSELF(2010)

Subjects

Vulnerability Management, Standardization, Computer science, Distributed computing, Vulnerability, 020207 software engineering, Context (language use), 02 engineering and technology, Vulnerability management, Computer security, computer.software_genre, [INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI], Management plane, Safe Configuration, 0202 electrical engineering, electronic engineering, information engineering, Security, [INFO]Computer Science [cs], Architecture, Set (psychology), computer

Abstract

Part 2: PhD Workshop: Autonomic Network and Service Management; International audience; The autonomic paradigm has been introduced in order to cope with the growing complexity of management. In that context, autonomic networks and systems are in charge of their own configuration. However, the changes that are operated by these environments may generate vulnerable configurations. In the meantime, a strong standardization effort has been done for specifying the description of configuration vulnerabilities. We propose in this paper an approach for integrating these descriptions into the management plane of autonomic systems in order to ensure safe configurations. We describe the underlying architecture and a set of preliminary results based on the Cfengine configuration tool.

Published

2011

41. An SLA Support System for Cloud Computing

Author

Guilherme Sperb Machado, Burkhard Stiller, Department of Informatics [Zürich], Universität Zürich [Zürich] = University of Zurich (UZH), Isabelle Chrisment, Alva Couch, Rémi Badonnel, Martin Waldburger, and TC 6

Subjects

Computer science, business.industry, Distributed computing, Service level objective, 020302 automobile design & engineering, 020206 networking & telecommunications, Cloud computing, 02 engineering and technology, Computer security, computer.software_genre, Service-level agreement, [INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI], 0203 mechanical engineering, Order (exchange), Virtual machine, 0202 electrical engineering, electronic engineering, information engineering, Support system, [INFO]Computer Science [cs], Performance indicator, Specific performance, business, computer

Abstract

Part 2: PhD Workshop: Autonomic Network and Service Management; International audience; Nowadays, even with the existence of many Cloud Providers (CP) in the market, it is still impossible to see CPs who guarantee, or at least offer, an SLA specification to Cloud Users (CU) interests: not just offering percentage of availability, but also guaranteeing specific performance parameters for a certain Cloud application. Due to (1) the huge size of CPs’ IT infrastructures and (2) the high complexity with multiple inter-dependencies of resources (physical or virtual), the estimation of specific SLA parameters to compose Service Level Objectives (SLOs) with trustful Key Performance Indicators (KPIs) tends to be inaccurate. This paper proposes the initial design and preliminary approach for an SLA Support System for CC (SLACC) in order to estimate in a formalized methodology - based on available CC infrastructure parameters - what CPs will be able to offer/accept as SLOs or KPIs and, as a consequence, which increasing levels of SLA specificity for their customers can be reached.

Published

2011

42. Policy-Based Pricing for Heterogeneous Wireless Access Networks

Author

Joan Serrat, J.L. Melus, Mariela Borba, Matias Richart, Juan Saavedra, Javier Baliosian, University of the Republic of Uruguay, Universitat Politècnica de Catalunya [Barcelona] (UPC), Isabelle Chrisment, Alva Couch, Rémi Badonnel, Martin Waldburger, TC 6, Universitat Politècnica de Catalunya. Departament de Teoria del Senyal i Comunicacions, Universitat Politècnica de Catalunya. Departament d'Enginyeria Telemàtica, and Universitat Politècnica de Catalunya. MAPS - Management, Pricing and Services in Next Generation Networks

Subjects

Access network, Computer science, Quality of service, media_common.quotation_subject, Reliability (computer networking), 020206 networking & telecommunications, 020207 software engineering, Context (language use), 02 engineering and technology, Business model, Service provider, Computer security, computer.software_genre, Wireless communication systems, Telecomunicació de banda ampla, Sistemes de, Enginyeria de la telecomunicació::Telemàtica i xarxes d'ordinadors::Xarxes d'àrea local [Àrees temàtiques de la UPC], [INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI], Comunicació sense fil, Sistemes de, 0202 electrical engineering, electronic engineering, information engineering, Cellular network, [INFO]Computer Science [cs], Quality (business), Local area networks (Computer networks), computer, media_common

Abstract

Part 3: Policy Management; International audience; Our cities are already covered by a myriad of diverse wireless access networks. The most ubiquitous access networks are the well organized homogeneous and centralized operator-based cellular networks that sustain their business model on a captive client basis. However, a new billing paradigm is rising, where a client can choose to connect to the provider that best comply with his/her current requirements and context. Inside this paradigm, this paper presents a distributed, rule-based pricing strategy aimed to improve the quality of service and to increase the global income of a service provider. The performance and reliability of the rule-based decisions is supported by a Finite State Transducers-based inference machine specially designed to manage networking systems. We show, with simulations, that, using our strategy, the operators can make the new billing paradigm profitable while the clients benefit from the economic advantages of competition and of the quality given by a pricing-based network balance mechanism.

Published

2011