Skip to main content
eScholarship
Open Access Publications from the University of California

Scholarly Works (11 results)

  • Article
  • Peer Reviewed
UC Santa Cruz Previously Published Works (2017)
We introduce a simple solution for the support of host mobility in the Internet called DIME (Dynamic Internet Mobility for End-Systems). DIME is based on dynamic address translation between the transport and network layers of end hosts, combined with a new out-of-band protocol that updates host-address bindings between communicating hosts opportunistically. It does not require modifications to the end-host operating systems, end-user applications, existing communication protocols or hardware, or the domain name system and any host-identifier namespace. A number of experiments based on a Linux daemon implementation of DIME are used to show that DIME is deployable on a wide range of hardware, and that it outperforms existing mobility proposals such as MIPv6 and HIP across a wide range of performance metrics.
    Cover page: A Simple Solution to Scale-Free Internet Host Mobility
    • Article
    • Peer Reviewed
    UC Santa Cruz Previously Published Works (2014)
    Today's socket API requires an application to bind a socket to a network address before it can use the socket to communicate. Early bindings of names to addresses create significant bottlenecks, reliability problems, and force applications to manage complex lower-layer issues. Many approaches have been introduced to address this problem; however, all prior proposals introduce additional identifiers, modify applications, or require additional protocols in the protocol stack. In contrast, we propose a generalized socket API based on Internet Resource Descriptors (IRDs), which are opaque identifiers used by applications to refer to network resources and are known only within the hosts in which the applications run. IRDs enable sockets to evolve with the Internet by hiding mobility, multihoming, and multiplexing issues from applications, do not induce significant overhead in the protocol stack, preserve backwards compatibility with today's networks and applications, and do not require additional identifiers or protocols to be used in the protocol stack.
      Cover page: Allowing applications to evolve with the Internet: The case for Internet Resource Descriptors
      • Thesis
      • Peer Reviewed
      UC Santa Cruz Electronic Theses and Dissertations (2017)

      The current Internet architecture requires applications to transparently bind and manage network addresses and ports. This design creates and exacerbates several problems for the current Internet as well as its future evolution. These problems and challenges include (1) network address mobility and multihoming; (2) future Internet evolution; (3) service- or content-centricity; and (4) adding, subtracting, or evolving the layers in the network stack.

      To address all of these problems, this thesis introduces a novel approach to Internet naming and addressing, which we call hidden identifiers. Hidden identifiers enable applications to semantically express the exact network resource they desire, and allows the operating system to subsequently bind and manage all other network concerns. In this manner, we provide integrated support for all the problem-cases enumerated above while simultaneously simplifying the network API presented to applications.

      We introduce, implement, and evaluate HIDRA, the first network stack architecture based on hidden identifiers. We show that this network stack provides integrated support for features such as network mobility and multihoming, and explain how the HIDRA architecture can support a wide range of semantic bindings. Finally, we show how this feature can be leveraged to support the goals of information-centric networking on top of the existing TCP/IP network stack by slightly modifying DNS and HTTP.

        Cover page: Improving the Internet Architecture Through Indirection and VirtualizationCreative Commons 'BY' version 4.0 license
        • Article
        • Peer Reviewed
        UC Santa Cruz Previously Published Works (2014)
        Today's socket API requires an application to bind a socket to a transport-layer identifier (e.g., TCP80) and network-layer identifier (e.g., an IP address). These early bindings create significant bottlenecks, reliability issues, and force applications to manage complex lower-layer issues. Many approaches have been proposed to address these problems; however, all of them introduce additional identifiers, modify applications, or require additional protocols in the protocol stack. We introduce HIDRA (Hidden Identifiers for Demultiplexing and Resolution Architecture), an approach based on hidden identifiers used internally at end systems and intermediate systems. HIDRA enables sockets to evolve with the Internet by hiding all mobility, multihoming, and multiplexing issues from applications; does not induce significant overhead in the protocol stack; preserves backwards compatibility with today's Internet and applications; and does not require or preclude any additional identifiers or protocols to be used in the protocol stack.
          Cover page: HIDRA: Hiding mobility, multiplexing, and multi-homing from internet applications
          • Article
          • Peer Reviewed
          UC Santa Cruz Previously Published Works (2017)
          Despite the vast set of prior work on identifier-locator split architectures, no one approach has seen much success, adoption, or deployment in the Internet at large. We identify the key set of challenges that have inhibited the deployment of these proposals to date, and introduce the Dynamic Internet Mobility for End-Systems (DIME) approach. DIME is based on dynamic address translation between the transport and network layers of end hosts, combined with a simple out-of-band protocol that updates host-address bindings as needed. DIME is the first and only proposal that achieves a clean identifier-locator split without  requiring modifications to the end-host OS or applications; modifications to existing network protocols, security mechanisms, or hardware; or  a new host-identifier namespace. We  evaluate a Linux daemon implementation of DIME, and show that it i outperforms existing mobility proposals such as mobile IP (MIPv6), multipath TCP (MPTCP), and the Host Identity Protocol  (HIP) across a wide range of performance metrics.
            Cover page: A Deployable Identifier-Locator Split Architecture
            • Article
            • Peer Reviewed
            UC Santa Cruz Previously Published Works (2015)
              Cover page: Freeing The IP Internet Architecture from Fixed IP Addresses
              • Article
              • Peer Reviewed
              UC Santa Cruz Previously Published Works (2017)
              The de facto approach to Web security today is HTTPS. While HTTPS ensures complete security for clients and servers, it also interferes with transparent content-caching at middleboxes. To address this problem and support both security and caching, we propose a new approach to Web security and privacy called GroupSec. The key innovation of GroupSec is that it replaces the traditional session-based security model with a new model based on content group membership. We introduce the GroupSec security model and show how HTTP can be easily adapted to support GroupSec without requiring changes to browsers, servers, or middleboxes. Finally, we present results of a threat analysis and performance experiments which show that GroupSec achieves notable performance benefits at the client and server while remaining as secure as HTTPS.
                Cover page: GroupSec: A New Security Model For The Web
                • Article
                • Peer Reviewed
                UC Santa Cruz Previously Published Works (2020)
                  Cover page: Content Name Resolution for Information Centric Networking
                  • Article
                  • Peer Reviewed
                  UC Santa Cruz Previously Published Works (2014)
                  A key feature of the Content Centric Networking (CCN) architecture is the requirement for each piece of content to be individually signed by its publisher. Thus, CCN should, in principle, be immune to distributing fake content. However, in practice, the network cannot easily detect and drop fake content as the trust context (i.e., the public keys that need to be trusted for verifying the content signature) is an application-dependent concept. CCN provides mechanisms for consumers to request a piece of content restricted by its signer's public key or the cryptographic digest of the content object to avoid receiving fake content. However, it does not provide any mechanisms to learn this critical information prior to requesting the content. In this paper, we introduce a scalable Key Resolution Service (KRS) that can securely store and serve security information (e.g., public key certificates of publishers) for a namespace in CCN. We implement KRS as a service for CCN in ndnSIM, a ns-3 module, and discuss and evaluate such a distributed service. We demonstrate the feasibility and scalability of our design via simulations driven by real-traffic traces.
                    Cover page: CCN-KRS: A Key Resolution Service for CCN
                    • Article
                    • Peer Reviewed
                    UC Santa Cruz Previously Published Works (2014)
                    Information centric networking (ICN) architectures represent a conceptual shift from naming end-hosts in the Internet to naming content directly, and require either significant changes to the existing IP infrastructure or replacing it entirely. We present iDNS (information-centric DNS), an evolutionary path towards deploying ICN at Internet scale based on modifications to the DNS that leave the current routing infrastructure unmodified. We build and evaluate an iDNS prototype, and use it to show that iDNS achieves the benefits associated with ICN (i.e. location-independent naming, nearest-replica-routing) in a manner that both leverages current infrastructure, including content delivery protocols and caches, and supports future evolution towards other network-layer ICN architectures.
                      Cover page: iDNS: Enabling Information Centric Networking through the DNS
                      Top