P2P systems are fundamentally sustained by the principle of collaboration and cooperation. The degree of cooperation is directly (or indirectly) influenced by the collective behavior of users (peers) in the system. Non-cooperative behaviors cause the system to be inefficient, non-scalable and unreliable, often leading to degradation in global system performance. Obviously, enhancing collaboration and cooperation will not only have a positive impact on the P2P overlay, but will also help alleviate the strain that it imposes on the Internet underlay. In a previous work, we showed how improving cooperation between the overlay and the Internet underlay by means of ISP aided localization helps improve overall system performance. We now extend our scope to include cooperation amongst peers, focusing on their behavioral aspect as a further means to achieve performance gains.

The goal of this project is to model and evaluate certain user behavioral aspects of P2P systems and analyze their impact on P2P locality. We seek to identify behavioral patterns that benefit the system and further use them in a modified (ISP-aided) P2P environment to attain better performance. We start by modeling different P2P topologies and user behavioral patterns, using sensitivity analysis to derive representative behavioral patterns. We then use these patterns within a simulation environment to calibrate their impact on P2P topologies and localities.

Our results show that users (peers) behave consistently across different P2P topologies. The observed user experience and other factors such as the time taken to locate and download resources (files) also improves for the ISP-aided P2P system, in contrast to that with the unmodified P2P environment.

A significant portion of the Internet Traffic nowadays is contributed by Peer-to-Peer systems and a major problem is represented by polluted files: files whose metadata is changed or which have a different or bad content. Studies have shown that 50% of the files in P2P systems are polluted, thus wasting network bandwidth and depleting the user experience.

Existing solutions for reducing pollution are only based on reputation of the peer but don't take peer locality into account, so network bandwidth is still being wasted and these solutions are also susceptible to unfair rating, traitors, collusion, front peers and Sybil attacks.

A new solution proposes that the ISP can offer an Oracle to the P2P users. The oracle gets from the user a list of possible neighbors which is then sorted according to some criteria decided by the ISP, e.g. network locality, last-hop bandwidth, latency, routing policy, etc.

We propose to add a criteria based on trust so that the user could choose a neighbor with a good "reputation" (as well as proximity) and so avoid downloading polluted files. Hence the peer could get fast downloads with less or no pollution.

In this talk I will explain how trust could be implemented using the oracle, some related work, how this will be done using the P2P simulator Peersim, what has been achieved until now and the expected results.

There are many good and legitimate reasons for individuals, corporations and even governmental agencies to access online resources anonymously, i.e., without leaving compromising traces. Examples include publishing criticism on repressive governments, accessing competitors websites to do market analysis, secret services research as well as communication needs of embassies.

State-of-the-Art anonymization is provided through a technology called Onion Routing and its widely used implementation TOR. TOR uses a group of centralized well known anonymization servers operated by independent individuals or corporations. These servers are used—after being published through TOR directory servers—by TOR users to establish anonymous connections.

One of TOR's drawbacks is its susceptibility to global attackers shutting down the server network, e.g., some repressive government agency blocking traffic to these servers.
We propose replacing the fixed list of servers by adding TOR functionality to a well established P2P client. This approach has two main advantages:

1. there is no single point of failure or attack like TOR's directory servers because they will be replaced by a distributed hash list

2. complicate blocking of TOR service by adding a huge number of TOR servers, i.e., P2P clients

In order for onion routing to work safely, there must be a sufficient number of nodes participating thus anonymizing traffic. This is achieved by choosing a well distributed P2P client/network and adding the TOR functionality instead of developing a completely new network or client. Besides, this approach uses the know-how of many years of research and development in both P2P and anonymization technology.

Talk will be held in english.

Conventional practice in inter-domain BGP peering is for peers to advertise equally good BGP routes at every peering location. This allows the receiving service provider to determine the best possible peering link in terms of its own optimization criteria for the traffic destined to the sending peer. However, in practice, for various reasons, a peer might not send equally good routes at all peering locations, leading to unexpected routing and forwarding behavior in the service provider's network. Thus, it is vital to monitor routes sent by peers across locations. In this talk, we introduce a tool called "Peer Dragnet" that performs this task. The tool checks if peers send consistent routes at all locations, and if not, determines the impact of inconsistent route announcements in terms of routing (e.g., how many routers choose different routes due to inconsistent announcements) and traffic (e.g., how flow of traffic changes in the network). In this talk we provide an overview of the tool, its methodology and reports that aids network operators to better understand routes sent by peers and their impact.

This is joint work with Tom Scholl and Aman Shaikh of AT&T Labs.

More than half of the Internet traffic today is contributed by peer-to-peer (P2P) systems. P2P systems build their overlay topology largely agnostic of the Internet underlay, which often leads to traffic management challenges for Internet Service Providers (ISP) and potentially inefficient neighbourhood selection for P2P nodes. To overcome this, the use of an 'oracle service' can help to improve performance for P2P users by choosing possible neighbours, and it will rank the possible neighbours of the querying node according to a locality indication, like the AS-hop distance. The ISP would gain by keeping traffic within or near its Autonomous System (AS) network, and the P2P node would experience improved performance like lesser delay and better bandwidth.

The diploma thesis work evaluates the benefits of the oracle mechanism by performing experiments in PlanetLab. A remote controllable command line interface for a LimeWire-based Gnutella network client is presented as well as the configuration and handling of PlanetLab nodes. The development process of a public BGP-table based oracle implementation will be described further.

Skype is a closed-source VoIP software using a proprietary heavily encrypted protocol with NAT traversal capabilities. In this talk we explain what we know about the protocol and suggest different approaches to writing Skype analyzers for the Bro Intrusion Detection System.

The classic signature based analyzer won't work well because almost all packets are sent obfuscated. It will have a lot of false positives since there isn't much data to match.
Therefore, we propose two new analyzers, one using Pearson's Chi-Square test to match the packets statistic properties, and another using a Bayesian filter to classify the packets.

Unfortunately, from all known Distributed Hash Table-based overlay networks only a few of them relate to proximity in terms of latency. So a query routing can come with high latency when very distant hops are used. One can imagine hops are from one continent to the other in terms of here and back. Thereby it is possible that the target node is located close to the requesting node. Such cases increase query latency to a great extent and are responsible for performance bottlenecks of a query routing. There exist two main strategies to reduce latency in the query routing process: Proximity Neighbor Selection and Proximity Route Selection. As a new proposal of PNS for the IGOR overlay network, Merivaldi is developed. Merivaldi represents a combination of two basic ideas: The first idea is the Meridian framework and its Closest-Node-Discovery without synthetic coordinates. The second idea is Vivaldi, a distributed algorithm for predicting Internet latency between arbitrary Internet hosts. Merivaldi is quite similar to Meridian. It differs in using no direct Round Trip Time measurements like Meridian does to obtain latency characteristics between hosts. Merivaldi obtains latency characteristics of nodes using the latency prediction derived from the Vivaldi-coordinates.

A Merivaldi-node forms exponentially growing latency-rings, i. e., the rings correspond to latency distances to the Merivaldi-node itself. In these rings node-references³ are inserted with regard to their latency characteristics. These node-references are obtained through a special protocol. A Merivaldi-node finds latency-closest nodes through periodic querying its ring-members for closer nodes. If a closer node is found by a ring-member the query is forwarded to this one until no closer one can be found.

The closest on this way reports itself to the Merivaldi-node. Exemplary analysis show that Merivaldi means only a modest burden for the network. Merivaldi uses O(log N) CND-hops at maximum to recognize a closest node, where Nis the number of nodes. Empirical tests demonstrate this analysis. Analysis shows, the overhead for a Merivaldi-node is modest. It is shown that Merivaldi's Vivaldi works with high quality with the used PING-message⁵ type.

Talk will be held in english.

Today, broadband Internet links are a very commonplace convenience, especially in urban neighborhoods. On average, the performance of these links is considered more than adequate by their users. However, bandwidth demands can vary considerably, leading to poor performance of a single link in times of peak demand. A possible approach for this problem is for a group of Internet users to use their Internet links in a shared manner, and handle peak demands by trading bandwidth, via a shared medium like WLAN.

In this diploma thesis, we present a system implementing this idea. Our scenario is a group of loosely associated Internet users with typical consumer broadband Internet links, without any outside help by the provider or other central instances. We design a purely software-based solution, which is be installed on the computers of the participants and distributes the data flows among the available Internet links. A research implementation of this system has been developed as part of this thesis. We describe its objective and architecture. We also present a testbed designed to validate and benchmark the implementation.

For benchmarking the system, we use web traffic and peer-to-peer filesharing traffic. For web traffic, we determine performance improvements of up to 40%. Peer-to-Peer traffic even scales indentically with the bandwidth available, but can hurt the performance of competing traffic from other participants.

Routing packets between autonomous systems (ASes) is a very important part of the Internet. As large networks with many connections to neighbors can become quite complex, it is impossible for an administrator to verify that routing is operating correctly by looking into the routers manually. Therefore a more automatic way of monitoring routing information, which is commonly exchanged through the Border Gateway Protocol (BGP), is needed.

Therefore we analyze BGP routing information collected from various points in our network and the Internet. The analysis is needed to gain knowledge on what information can be abstracted from the BGP data and how this information will help us with detecting abnormal behavior in our routing. We also design a system that automatically collects and analyzes such routing information. It logs abstracted information and reacts to detection of such abnormal behavior with sending alarms via e-mail. The design is then also implemented and tested in our AS.

Security and usability appear to be conflicting goals: security mechanisms typically add a layer of complexity to the process of working with the asset that must be protected. Users may not use or even circumvent a security mechanism if the perceived benefit from using it is not commensurate with the overhead of its use. A security mechanism may also fail because its requirements exceed what is supported by the environment in which its deployment is intended. One example of such a requirement is the assumption that a public key infrastructure is available, which is trusted by all.

This talk is about 80/20 security engineering, analogous to the golden rule that completing the last 20% of a project requires 80% of the work. We aim at engineering security solutions that provide 80% of the attainable level of security at 20% of the complexity that is required for the "perfect" level of security. Thereby, we hope to lower the barrier for adoption of a security mechanism due to usability or other deployment concerns. This would still be better than having a 100% secure solution that is not used.

We start with a few comments on mobile agent security, which is an area for which security has been researched to a large degree for security's sake. At the same time, the area's problem set fosters creative approaches towards security and served as inspiration for other presented work. We continue to discuss for three areas, Internet routing, electronic mail and PIN entry, how various coherence principles can be leveraged to provide good levels of security with a limited level of complexity.

[1]

Lakshminarayanan Subramanian, Volker Roth, Ion Stoica, Scott Shenker, and Randy Katz. Listen and Whisper – Security mechanisms for BGP. In Proc. Symposium on Networked Systems Design and Implementation (NSDI '04), San Francisco, CA, March 2004. USENIX/ACM. [PDF] Paper

[2]

Volker Roth, Kai Richter, and Rene Freidinger. A PIN entry method resilient against shoulder surfing. In Proc. 11th ACM Conference on Computer and Communications Security, Washington, DC, USA, October 2004 [PDF] Paper

[3]

Volker Roth and Kai Richter. How to fend off shoulder surfers. Journal of Banking and Finance, 30(6):1727–1751, June 2006. [PDF] Paper

[4]

Volker Roth, Tobias Straub, and Kai Richter. Security and usability engineering with particular attention to electronic mail. International Journal of Human-Computer Studies, 63:51–73, July 2005. [PDF] Paper

Identitätsdiebstahl ist seit Jahren mit das häufigste Problem des Mediums E-Mail. Spammer, Phisher oder Wprmer fälschen Absenderadressen in E-Mail-Nachrichten und täuschen so den Empfänger über die wahre Herkunft der Nachrichten, um ihn zu für ihn schädlichen Taten zu verleiten oder geheime Zugangsdaten zu erschleichen. Aber auch die wahren Inhaber der Absenderadressen haben den Schaden, denn ihr Ruf wird beschädigt oder sie erhalten Zustellungsfehlermeldungen aufgrund von Spammern verwenderter ungültiger Emfängeradressen. Hier werden nun verschiedene technische Ansätze vorgestellt, die in den letzten drei Jahren entwickelt wurden, um die Fälschung von Absenderadressen zu verhindern.

Tracing traffic using commodity hardware in contemporary high-speed access or aggregation networks such as 10-Gigabit Ethernet is an increasingly common yet challenging task. In this paper we investigate if today's commodity hardware and software is in principle able to capture traffic from a fully loaded Ethernet. We find that this is only possible for data rates up to 1 Gigabit/s without reverting to using special hardware due to, e.g., limitations with the current PC buses. Therefore, we propose a novel way for monitoring higher speed interfaces (e.g., 10-Gigabit) by distributing their traffic across a set of lower speed interfaces (e.g., 1-Gigabit).

This opens the next question: which system configuration is capable of monitoring one such 1-Gigabit/s interface? To answer this question we present a methodology for evaluating the performance impact of different system components including different CPU architectures and different operating system. Our results indicate that the combination of AMD Opteron with FreeBSD outperforms all others, independently of running in single- or multi-processor mode. Moreover, the impact of packet filtering, running multiple capturing applications, adding per packet analysis load, saving the captured packets to disk, and using 64-bit OSes is investigated.

This talk presents the design and an implementation of a routing framework for wireless mesh networks, especially the Magnets testbed. My approach is a new layer between the MAC and the IP Layer, called Layer 2.5. I will discuss the advantages of this approach for a research network and present the results from a first implementation. A discussion about the future of this work will conclude the talk.

A short introduction to 802.11 MAC/PHY will be part of the talk, a detailed intro can be given on demand or at a later talk.

Please find detailed information on the Seminar Homepage.

Load-sensitive routing was for a long time not promoted because of potential drawbacks such as an overreaction to changing network conditions and permanent oscillation effects. Yet some recent studies testify that with the stability mechanisms integrated this kind of routing algorithm strongly outperforms the traditional shortest-path IP routing.

One of the possible approaches in load-sensitive routing is a so called "selfish" routing which is targeted at achieving not a global network performance optimum but rather a game-theoretical equilibrium in a network. Though different from global optimum this so called Wardrop equilibrium is easier to achieve and is potentially more stable.

A well-elaborated routing protocol for achieving Wardrop equilibrium is P-STARA. While staying (relative) simple it utilizes much more paths than the traditional "least-cost paths only" protocols. Long-lasting oscillations are prevented through the exponential averaging of link cost estimations, distributed path cost computing etc.

The analysis and implementation of P-STARA within the SSFNet simulator will be presented. Subsequently P-STARA will be evaluated via simulations with Web traffic on a Rocketfuel topology, in comparison to the traditional OSPF routing protocol.

Enterprise environments differ significantly from the public Internet.

Workload models of each individual application are essential for performance analysis and troubleshooting. They are also inevitable input for network capacity planning and network simulation. To the best of the authors knowledge, there are only few publications, that describe the characterics of private enterprise IP networks or and virtually no papers regarding the SAP R/3 application.

This work shows an approach to analyze application specific network traffic. It describes, how data about network usage can be captured, filtered to a specific application, and how the data is prepared for the analysis. It will demonstrate these steps in an enterprise environment on user related traffic of a SAP R/3 instance.