Results 1 - 10
of
15
The SSL Landscape – A Thorough Analysis of the X.509 PKI Using Active and Passive Measurements
"... The SSL and TLS infrastructure used in important protocols like HTTPs and IMAPs is built on an X.509 public key infrastructure (PKI). X.509 certificates are thus used to authenticate services like online banking, shopping, e-mail, etc. However, it always has been felt that the certification processe ..."
Abstract
-
Cited by 32 (2 self)
- Add to MetaCart
(Show Context)
The SSL and TLS infrastructure used in important protocols like HTTPs and IMAPs is built on an X.509 public key infrastructure (PKI). X.509 certificates are thus used to authenticate services like online banking, shopping, e-mail, etc. However, it always has been felt that the certification processes of this PKI may not be conducted with enough rigor, resulting in a deployment where many certificates do not meet the requirements of a secure PKI. This paper presents a comprehensive analysis of X.509 certificates in the wild. To shed more light on the state of the deployed and actually used X.509 PKI, we obtained and evaluated data from many different sources. We conducted HTTPs scans of a large number of popular HTTPs servers over a 1.5-year time span, including scans from nine locations distributed over the globe. To compare certification properties of highly ranked hosts with the
Analyzing Caching Benefits for YouTube Traffic in Edge Networks -- A Measurement-Based Evaluation
, 2012
"... Recent studies observed video download platforms which contribute a large share to the overall traffic mix in today’s operator networks. Traffic related to video downloads has reached a level where operators, network equipment vendors, and standardization organizations such as the IETF start to expl ..."
Abstract
-
Cited by 3 (0 self)
- Add to MetaCart
(Show Context)
Recent studies observed video download platforms which contribute a large share to the overall traffic mix in today’s operator networks. Traffic related to video downloads has reached a level where operators, network equipment vendors, and standardization organizations such as the IETF start to explore methods in order to reduce the traffic load in the network. Success or failure of these techniques depend on caching potentials of the target applications ’ traffic patterns. Our work aims at providing detailed insight into caching potentials of one of the leading video serving platforms: YouTube. We monitored interactions of users of a large operator network with the YouTube video distribution infrastructure for the time period of one month. From these traffic observations, we examine parameters that are relevant to the operation and effectiveness of an in-network cache deployed in an edge-network. Furthermore, we use our monitoring data as input for a simulation and determine the caching benefits that could have been observed if caching had been deployed.
A Passive Network Appliance for Real-Time Network Monitoring
"... Network administrators lack the tools they need to understand and react to their changing networks. This makes it difficult for them to make informed, timely decisions regarding network management, capacity planning, and security. These challenges will only increase as networks continue to gain in t ..."
Abstract
-
Cited by 2 (1 self)
- Add to MetaCart
(Show Context)
Network administrators lack the tools they need to understand and react to their changing networks. This makes it difficult for them to make informed, timely decisions regarding network management, capacity planning, and security. These challenges will only increase as networks continue to gain in throughput, become more complex, and encrypt more and more of their traffic. This paper describes the Passive Network Appliance, or PNA, which is our proposed solution to this problem. The PNA provides snapshots of network behavior through time, in a cost-effective manner. The PNA is implemented on commodity hardware and can enforce network policy in realtime at the granularity of network frame arrival. This paper describes the system, and its evaluation in laboratory and real-world deployments.
Adaptive Load-Aware Sampling for Network Monitoring on Multicore Commodity Hardware
, 2013
"... Many current traffic monitoring systems employ deep packet inspection (DPI) in order to analyze network traffic. These systems include intrusion detection systems, software for network traffic accounting, traffic classification, or systems for monitoring service-level agreements. Traffic volumes an ..."
Abstract
-
Cited by 2 (2 self)
- Add to MetaCart
(Show Context)
Many current traffic monitoring systems employ deep packet inspection (DPI) in order to analyze network traffic. These systems include intrusion detection systems, software for network traffic accounting, traffic classification, or systems for monitoring service-level agreements. Traffic volumes and link speeds of current enterprise and ISP networks transform the process of inspecting traffic payload into a challenging task. In this paper we propose a novel adaptive sampling algorithm that selects the maximum number of packets from the network that the DPI system is able to consume. Our algorithm adapts its sampling rate according to the network traffic currently observed, and the number of packets that a monitoring application is able to process. It can be used in conjunction with current multicoreaware network traffic analysis setups, which allow for exploiting current multi-core hardware. We show the applicability of our algorithm with live-tests on a heavily used 10G link with real network monitoring tools.
Toward Composable Network Traffic Measurement
"... Abstract—As the growth of Internet traffic volume and diver-sity continues, passive monitoring and data analysis, crucial to the correct operation of networks and the systems that rely on them, has become an increasingly difficult task. We present the design and implementation of Blockmon, a flexibl ..."
Abstract
-
Cited by 1 (0 self)
- Add to MetaCart
(Show Context)
Abstract—As the growth of Internet traffic volume and diver-sity continues, passive monitoring and data analysis, crucial to the correct operation of networks and the systems that rely on them, has become an increasingly difficult task. We present the design and implementation of Blockmon, a flexible, high performance system for network monitoring and analysis. We present experi-mental results demonstrating Blockmon’s performance, running simple analyses at 10Gb/s line rate on commodity hardware; and compare its performance with that of existing programmable measurement systems, showing significant improvement (as much as twice as fast) especially for small packet sizes. We further demonstrate Blockmon’s applicability to measurement and data analysis by implementing and evaluating three sample appli-cations: a flow meter, a TCP SYN flood detector, and a VoIP anomaly-detection system. I.
WireCAP: a Novel Packet Capture Engine for Commodity NICs in High-speed Networks
"... Packet capture is an essential function for many network applications. However, packet drop is a major problem with packet capture in high-speed networks. This paper presents WireCAP, a novel packet capture engine for commodity network interface cards (NICs) in high-speed networks. WireCAP provides ..."
Abstract
-
Cited by 1 (0 self)
- Add to MetaCart
(Show Context)
Packet capture is an essential function for many network applications. However, packet drop is a major problem with packet capture in high-speed networks. This paper presents WireCAP, a novel packet capture engine for commodity network interface cards (NICs) in high-speed networks. WireCAP provides lossless zero-copy packet capture and delivery services by exploiting multi-queue NICs and multicore architectures. WireCAP introduces two new mechanisms—the ring-buffer-pool mechanism and the buddy-group-based offloading mechanism—to address the packet drop problem of packet capture in high-speed network. WireCAP is efficient. It also facilitates the design and operation of a user-space packet-processing application. Experiments have demonstrated that WireCAP achieves better packet capture performance when compared to existing packet capture engines. In addition, WireCAP implements a packet transmit function that allows captured packets to be forwarded, potentially after the packets are modified or inspected in flight. Therefore, WireCAP can be used to support middlebox-type applications. Thus, at a high level, WireCAP provides a new packet I/O framework for commodity NICs in high-speed networks.
Author Retains Full Rights
"... This paper is taken from the GIAC directory of certified professionals. Reposting is not permited without express written permission. Interested in learning more? Check out the list of upcoming events offering ..."
Abstract
- Add to MetaCart
This paper is taken from the GIAC directory of certified professionals. Reposting is not permited without express written permission. Interested in learning more? Check out the list of upcoming events offering
A Passive Measurement System for Network
"... Abstract. The ability to capture and process packet-level data is of intrinsic importance in network testbeds that offer broad experimental capabilities to researchers. In this paper we describe the design and implementation of a passive measurement system for network testbeds called GIMS. The syste ..."
Abstract
- Add to MetaCart
(Show Context)
Abstract. The ability to capture and process packet-level data is of intrinsic importance in network testbeds that offer broad experimental capabilities to researchers. In this paper we describe the design and implementation of a passive measurement system for network testbeds called GIMS. The system enables users to specify and centrally manage packet capture on a set of dedicated measurement nodes deployed on links in a distributed testbed. The first component of GIMS is a scalable experiment management system that coordinates multi-tenant access to measurement nodes through a web-based user interface. The second component of GIMS is a node management system that enables (i) local processing on packets (e.g., flow aggregation and sampling), (ii) meta-data to be added to captured packets (e.g., timestamps), (iii) packet anonymization per local security policy, and (iv) flexible data storage including transfer to remote archives. We demonstrate the capabilities of GIMS through a set of micro-benchmarks that specifically highlight the performance of the node management system deployed on a commodity workstation. Our implementations are openly available to the community and our development efforts are on-going. 1
INTERNATIONAL JOURNAL OF NETWORK MANAGEMENT Int. J. Network Mgmt 0000; 00:2–22 Published online in Wiley InterScience (www.interscience.wiley.com). DOI: 10.1002/nem Multi-granular, Multi-purpose and Multi-Gb/s Monitoring on Off-the-shelf Systems
"... As an attempt to make network managers ’ life easier, we present M3Omon, a system architecture that helps to develop monitoring applications and perform network diagnosis. M3Omon behaves as an intermediate layer between the traffic and monitoring applications that provides advanced features, high pe ..."
Abstract
- Add to MetaCart
(Show Context)
As an attempt to make network managers ’ life easier, we present M3Omon, a system architecture that helps to develop monitoring applications and perform network diagnosis. M3Omon behaves as an intermediate layer between the traffic and monitoring applications that provides advanced features, high performance and low cost. Such advanced features leverage a multi-granular and multi-purpose approach to the monitoring problem. Multi-granular monitoring gives answer to tasks that use traffic aggregates to identify an event, and requires either flow records or packet data or even both to understand it and, eventually, take the convenient countermeasures. M3Omon provides a simple API to access traffic simultaneously at several different granularities—i.e., packet-level, flow-level and aggregate statistics. The multi-purposed design of M3Omon allows not only performing tasks in parallel that are specifically targeted to different traffic-related purposes (e.g., traffic classification and intrusion detection) but also sharing granularities between applications—e.g., several concurrent applications fed from flow records that are provided by M3Omon. Finally, the low-cost characteristic is brought by off-the-shelf systems (the combination of open-source software and commodity hardware) and the high performance is achieved thanks to modifications in the standard NIC driver, low-level hardware interaction, efficient memory management and programming optimization.
Packet storage at multi-gigabit rates using off-the-shelf systems
"... Abstract—The use of closed solutions from most known vendors to carry out network-monitoring tasks has turned out to be a questionable option given their lack of flexibility and extensibility, which has typically been translated into higher costs. Consequently, we study whether high-performance moni ..."
Abstract
- Add to MetaCart
(Show Context)
Abstract—The use of closed solutions from most known vendors to carry out network-monitoring tasks has turned out to be a questionable option given their lack of flexibility and extensibility, which has typically been translated into higher costs. Consequently, we study whether high-performance monitoring tasks can be carried out using off-the-shelf systems, the alternative to these pitfalls from the research community, consisting in the combination of open-source software and commodity hardware. We focus on sniffing and storing network traffic as one of the major tasks in any monitoring architecture. Specifically, we first review the keys to sniff traffic at multi-gigabit rates, and then present an experimental evaluation of commodity hard drives. Finally, the lessons learned from such studies and the performed experiments have conducted us to the development of an open solution, namely HPCAP, which sniffs and stores multi-gigabit traffic using commodity hardware without packet losses in very demanding scenarios.
