-
Semantic Caching of Contextual Summaries for Efficient Question-Answering with Language Models
Authors:
Camille Couturier,
Spyros Mastorakis,
Haiying Shen,
Saravan Rajmohan,
Victor Rühle
Abstract:
Large Language Models (LLMs) are increasingly deployed across edge and cloud platforms for real-time question-answering and retrieval-augmented generation. However, processing lengthy contexts in distributed systems incurs high computational overhead, memory usage, and network bandwidth. This paper introduces a novel semantic caching approach for storing and reusing intermediate contextual summari…
▽ More
Large Language Models (LLMs) are increasingly deployed across edge and cloud platforms for real-time question-answering and retrieval-augmented generation. However, processing lengthy contexts in distributed systems incurs high computational overhead, memory usage, and network bandwidth. This paper introduces a novel semantic caching approach for storing and reusing intermediate contextual summaries, enabling efficient information reuse across similar queries in LLM-based QA workflows. Our method reduces redundant computations by up to 50-60% while maintaining answer accuracy comparable to full document processing, as demonstrated on NaturalQuestions, TriviaQA, and a synthetic ArXiv dataset. This approach balances computational cost and response quality, critical for real-time AI assistants.
△ Less
Submitted 16 May, 2025;
originally announced May 2025.
-
Helping Large Language Models Protect Themselves: An Enhanced Filtering and Summarization System
Authors:
Sheikh Samit Muhaimin,
Spyridon Mastorakis
Abstract:
The recent growth in the use of Large Language Models has made them vulnerable to sophisticated adversarial assaults, manipulative prompts, and encoded malicious inputs. Existing countermeasures frequently necessitate retraining models, which is computationally costly and impracticable for deployment. Without the need for retraining or fine-tuning, this study presents a unique defense paradigm tha…
▽ More
The recent growth in the use of Large Language Models has made them vulnerable to sophisticated adversarial assaults, manipulative prompts, and encoded malicious inputs. Existing countermeasures frequently necessitate retraining models, which is computationally costly and impracticable for deployment. Without the need for retraining or fine-tuning, this study presents a unique defense paradigm that allows LLMs to recognize, filter, and defend against adversarial or malicious inputs on their own. There are two main parts to the suggested framework: (1) A prompt filtering module that uses sophisticated Natural Language Processing (NLP) techniques, including zero-shot classification, keyword analysis, and encoded content detection (e.g. base64, hexadecimal, URL encoding), to detect, decode, and classify harmful inputs; and (2) A summarization module that processes and summarizes adversarial research literature to give the LLM context-aware defense knowledge. This approach strengthens LLMs' resistance to adversarial exploitation by fusing text extraction, summarization, and harmful prompt analysis. According to experimental results, this integrated technique has a 98.71% success rate in identifying harmful patterns, manipulative language structures, and encoded prompts. By employing a modest amount of adversarial research literature as context, the methodology also allows the model to react correctly to harmful inputs with a larger percentage of jailbreak resistance and refusal rate. While maintaining the quality of LLM responses, the framework dramatically increases LLM's resistance to hostile misuse, demonstrating its efficacy as a quick and easy substitute for time-consuming, retraining-based defenses.
△ Less
Submitted 5 May, 2025; v1 submitted 2 May, 2025;
originally announced May 2025.
-
Hiding in Plain Sight: An IoT Traffic Camouflage Framework for Enhanced Privacy
Authors:
Daniel Adu Worae,
Spyridon Mastorakis
Abstract:
The rapid growth of Internet of Things (IoT) devices has introduced significant challenges to privacy, particularly as network traffic analysis techniques evolve. While encryption protects data content, traffic attributes such as packet size and timing can reveal sensitive information about users and devices. Existing single-technique obfuscation methods, such as packet padding, often fall short i…
▽ More
The rapid growth of Internet of Things (IoT) devices has introduced significant challenges to privacy, particularly as network traffic analysis techniques evolve. While encryption protects data content, traffic attributes such as packet size and timing can reveal sensitive information about users and devices. Existing single-technique obfuscation methods, such as packet padding, often fall short in dynamic environments like smart homes due to their predictability, making them vulnerable to machine learning-based attacks. This paper introduces a multi-technique obfuscation framework designed to enhance privacy by disrupting traffic analysis. The framework leverages six techniques-Padding, Padding with XORing, Padding with Shifting, Constant Size Padding, Fragmentation, and Delay Randomization-to obscure traffic patterns effectively. Evaluations on three public datasets demonstrate significant reductions in classifier performance metrics, including accuracy, precision, recall, and F1 score. We assess the framework's robustness against adversarial tactics by retraining and fine-tuning neural network classifiers on obfuscated traffic. The results reveal a notable degradation in classifier performance, underscoring the framework's resilience against adaptive attacks. Furthermore, we evaluate communication and system performance, showing that higher obfuscation levels enhance privacy but may increase latency and communication overhead.
△ Less
Submitted 25 January, 2025;
originally announced January 2025.
-
I Know What You Did Last Summer: Identifying VR User Activity Through VR Network Traffic
Authors:
Sheikh Samit Muhaimin,
Spyridon Mastorakis
Abstract:
Virtual Reality (VR) technology has gained substantial traction and has the potential to transform a number of industries, including education, entertainment, and professional sectors. Nevertheless, concerns have arisen about the security and privacy implications of VR applications and the impact that they might have on users. In this paper, we investigate the following overarching research questi…
▽ More
Virtual Reality (VR) technology has gained substantial traction and has the potential to transform a number of industries, including education, entertainment, and professional sectors. Nevertheless, concerns have arisen about the security and privacy implications of VR applications and the impact that they might have on users. In this paper, we investigate the following overarching research question: can VR applications and VR user activities in the context of such applications (e.g., manipulating virtual objects, walking, talking, flying) be identified based on the (potentially encrypted) network traffic that is generated by VR headsets during the operation of VR applications? To answer this question, we collect network traffic data from 25 VR applications running on the Meta Quest Pro headset and identify characteristics of the generated network traffic, which we subsequently use to train off-the-shelf Machine Learning (ML) models. Our results indicate that through the use of ML models, we can identify the VR applications being used with an accuracy of 92.4% and the VR user activities performed with an accuracy of 91%. Furthermore, our results demonstrate that an attacker does not need to collect large amounts of network traffic data for each VR application to carry out such an attack. Specifically, an attacker only needs to collect less than 10 minutes of network traffic data for each VR application in order to identify applications with an accuracy higher than 90% and VR user activities with an accuracy higher than 88%.
△ Less
Submitted 5 May, 2025; v1 submitted 25 January, 2025;
originally announced January 2025.
-
A Unified Framework for Context-Aware IoT Management and State-of-the-Art IoT Traffic Anomaly Detection
Authors:
Daniel Adu Worae,
Athar Sheikh,
Spyridon Mastorakis
Abstract:
The rapid expansion of Internet of Things (IoT) ecosystems has introduced growing complexities in device management and network security. To address these challenges, we present a unified framework that combines context-driven large language models (LLMs) for IoT administrative tasks with a fine-tuned anomaly detection module for network traffic analysis. The framework streamlines administrative p…
▽ More
The rapid expansion of Internet of Things (IoT) ecosystems has introduced growing complexities in device management and network security. To address these challenges, we present a unified framework that combines context-driven large language models (LLMs) for IoT administrative tasks with a fine-tuned anomaly detection module for network traffic analysis. The framework streamlines administrative processes such as device management, troubleshooting, and security enforcement by harnessing contextual knowledge from IoT manuals and operational data. The anomaly detection model achieves state-of-the-art performance in identifying irregularities and threats within IoT traffic, leveraging fine-tuning to deliver exceptional accuracy. Evaluations demonstrate that incorporating relevant contextual information significantly enhances the precision and reliability of LLM-based responses for diverse IoT administrative tasks. Additionally, resource usage metrics such as execution time, memory consumption, and response efficiency demonstrate the framework's scalability and suitability for real-world IoT deployments.
△ Less
Submitted 19 December, 2024;
originally announced December 2024.
-
FusedInf: Efficient Swapping of DNN Models for On-Demand Serverless Inference Services on the Edge
Authors:
Sifat Ut Taki,
Arthi Padmanabhan,
Spyridon Mastorakis
Abstract:
Edge AI computing boxes are a new class of computing devices that are aimed to revolutionize the AI industry. These compact and robust hardware units bring the power of AI processing directly to the source of data--on the edge of the network. On the other hand, on-demand serverless inference services are becoming more and more popular as they minimize the infrastructural cost associated with hosti…
▽ More
Edge AI computing boxes are a new class of computing devices that are aimed to revolutionize the AI industry. These compact and robust hardware units bring the power of AI processing directly to the source of data--on the edge of the network. On the other hand, on-demand serverless inference services are becoming more and more popular as they minimize the infrastructural cost associated with hosting and running DNN models for small to medium-sized businesses. However, these computing devices are still constrained in terms of resource availability. As such, the service providers need to load and unload models efficiently in order to meet the growing demand. In this paper, we introduce FusedInf to efficiently swap DNN models for on-demand serverless inference services on the edge. FusedInf combines multiple models into a single Direct Acyclic Graph (DAG) to efficiently load the models into the GPU memory and make execution faster. Our evaluation of popular DNN models showed that creating a single DAG can make the execution of the models up to 14\% faster while reducing the memory requirement by up to 17\%. The prototype implementation is available at https://github.com/SifatTaj/FusedInf.
△ Less
Submitted 28 October, 2024;
originally announced October 2024.
-
UnifiedNN: Efficient Neural Network Training on the Cloud
Authors:
Sifat Ut Taki,
Arthi Padmanabhan,
Spyridon Mastorakis
Abstract:
Nowadays, cloud-based services are widely favored over the traditional approach of locally training a Neural Network (NN) model. Oftentimes, a cloud service processes multiple requests from users--thus training multiple NN models concurrently. However, training NN models concurrently is a challenging process, which typically requires significant amounts of available computing resources and takes a…
▽ More
Nowadays, cloud-based services are widely favored over the traditional approach of locally training a Neural Network (NN) model. Oftentimes, a cloud service processes multiple requests from users--thus training multiple NN models concurrently. However, training NN models concurrently is a challenging process, which typically requires significant amounts of available computing resources and takes a long time to complete. In this paper, we present UnifiedNN to effectively train multiple NN models concurrently on the cloud. UnifiedNN effectively "combines" multiple NN models and features several memory and time conservation mechanisms to train multiple NN models simultaneously without impacting the accuracy of the training process. Specifically, UnifiedNN merges multiple NN models and creates a large singular unified model in order to efficiently train all models at once. We have implemented a prototype of UnifiedNN in PyTorch and we have compared its performance with relevant state-of-the-art frameworks. Our experimental results demonstrate that UnifiedNN can reduce memory consumption by up to 53% and training time by up to 81% when compared with vanilla PyTorch without impacting the model training and testing accuracy. Finally, our results indicate that UnifiedNN can reduce memory consumption by up to 52% and training time by up to 41% when compared to state-of-the-art frameworks when training multiple models concurrently.
△ Less
Submitted 5 August, 2024; v1 submitted 2 August, 2024;
originally announced August 2024.
-
Characterizing Encrypted Application Traffic through Cellular Radio Interface Protocol
Authors:
Md Ruman Islam,
Raja Hasnain Anwar,
Spyridon Mastorakis,
Muhammad Taqi Raza
Abstract:
Modern applications are end-to-end encrypted to prevent data from being read or secretly modified. 5G tech nology provides ubiquitous access to these applications without compromising the application-specific performance and latency goals. In this paper, we empirically demonstrate that 5G radio communication becomes the side channel to precisely infer the user's applications in real-time. The key…
▽ More
Modern applications are end-to-end encrypted to prevent data from being read or secretly modified. 5G tech nology provides ubiquitous access to these applications without compromising the application-specific performance and latency goals. In this paper, we empirically demonstrate that 5G radio communication becomes the side channel to precisely infer the user's applications in real-time. The key idea lies in observing the 5G physical and MAC layer interactions over time that reveal the application's behavior. The MAC layer receives the data from the application and requests the network to assign the radio resource blocks. The network assigns the radio resources as per application requirements, such as priority, Quality of Service (QoS) needs, amount of data to be transmitted, and buffer size. The adversary can passively observe the radio resources to fingerprint the applications. We empirically demonstrate this attack by considering four different categories of applications: online shopping, voice/video conferencing, video streaming, and Over-The-Top (OTT) media platforms. Finally, we have also demonstrated that an attacker can differentiate various types of applications in real-time within each category.
△ Less
Submitted 20 July, 2024; v1 submitted 10 July, 2024;
originally announced July 2024.
-
Amalgam: A Framework for Obfuscated Neural Network Training on the Cloud
Authors:
Sifat Ut Taki,
Spyridon Mastorakis
Abstract:
Training a proprietary Neural Network (NN) model with a proprietary dataset on the cloud comes at the risk of exposing the model architecture and the dataset to the cloud service provider. To tackle this problem, in this paper, we present an NN obfuscation framework, called Amalgam, to train NN models in a privacy-preserving manner in existing cloud-based environments. Amalgam achieves that by aug…
▽ More
Training a proprietary Neural Network (NN) model with a proprietary dataset on the cloud comes at the risk of exposing the model architecture and the dataset to the cloud service provider. To tackle this problem, in this paper, we present an NN obfuscation framework, called Amalgam, to train NN models in a privacy-preserving manner in existing cloud-based environments. Amalgam achieves that by augmenting NN models and the datasets to be used for training with well-calibrated noise to "hide" both the original model architectures and training datasets from the cloud. After training, Amalgam extracts the original models from the augmented models and returns them to users. Our evaluation results with different computer vision and natural language processing models and datasets demonstrate that Amalgam: (i) introduces modest overheads into the training process without impacting its correctness, and (ii) does not affect the model's accuracy. The prototype implementation is available at: https://github.com/SifatTaj/amalgam
△ Less
Submitted 28 October, 2024; v1 submitted 2 June, 2024;
originally announced June 2024.
-
ReStorEdge: An edge computing system with reuse semantics
Authors:
Adrian-Cristian Nicolaescu,
Spyridon Mastorakis,
Md Washik Al Azad,
David Griffin,
Miguel Rio
Abstract:
This paper investigates an edge computing system where requests are processed by a set of replicated edge servers. We investigate a class of applications where similar queries produce identical results. To reduce processing overhead on the edge servers we store the results of previous computations and return them when new queries are sufficiently similar to earlier ones that produced the results,…
▽ More
This paper investigates an edge computing system where requests are processed by a set of replicated edge servers. We investigate a class of applications where similar queries produce identical results. To reduce processing overhead on the edge servers we store the results of previous computations and return them when new queries are sufficiently similar to earlier ones that produced the results, avoiding the necessity of processing every new query. We implement a similarity-based data classification system, which we evaluate based on real-world datasets of images and voice queries. We evaluate a range of orchestration strategies to distribute queries and cached results between edge nodes and show that the throughput of queries over a system of distributed edge nodes can be increased by 25-33%, increasing its capacity for higher workloads.
△ Less
Submitted 28 May, 2024; v1 submitted 27 May, 2024;
originally announced May 2024.
-
Deduplicator: When Computation Reuse Meets Load Balancing at the Network Edge
Authors:
Md Washik Al Azad,
Spyridon Mastorakis
Abstract:
Load balancing has been a fundamental building block of cloud and, more recently, edge computing environments. At the same time, in edge computing environments, prior research has highlighted that applications operate on similar (correlated) data. Based on this observation, prior research has advocated for the direction of "computation reuse", where the results of previously executed computational…
▽ More
Load balancing has been a fundamental building block of cloud and, more recently, edge computing environments. At the same time, in edge computing environments, prior research has highlighted that applications operate on similar (correlated) data. Based on this observation, prior research has advocated for the direction of "computation reuse", where the results of previously executed computational tasks are stored at the edge and are reused (if possible) to satisfy incoming tasks with similar input data, instead of executing incoming tasks from scratch. Both load balancing and computation reuse are critical to the deployment of scalable edge computing environments, yet they are contradictory in nature. In this paper, we propose the Deduplicator, a middlebox that aims to facilitate both load balancing and computation reuse at the edge. The Deduplicator features mechanisms to identify and deduplicate similar tasks offloaded by user devices, collect information about the usage of edge servers' resources, manage the addition of new edge servers and the failures of existing edge servers, and ultimately balance the load imposed on edge servers. Our evaluation results demonstrate that the Deduplicator achieves up to 20% higher percentages of computation reuse compared to several other load balancing approaches, while also effectively balancing the distribution of tasks among edge servers at line rate.
△ Less
Submitted 4 May, 2024;
originally announced May 2024.
-
ARWalker: A Virtual Walking Companion Application
Authors:
Pubudu Wijesooriya,
Aaron Likens,
Nick Stergiou,
Spyridon Mastorakis
Abstract:
Extended Reality (XR) technologies, including Augmented Reality (AR), have attracted significant attention over the past few years and have been utilized in several fields, including education, healthcare, and manufacturing. In this paper, we aim to explore the use of AR in the field of biomechanics and human movement through the development of ARWalker, which is an AR application that features vi…
▽ More
Extended Reality (XR) technologies, including Augmented Reality (AR), have attracted significant attention over the past few years and have been utilized in several fields, including education, healthcare, and manufacturing. In this paper, we aim to explore the use of AR in the field of biomechanics and human movement through the development of ARWalker, which is an AR application that features virtual walking companions (avatars). Research participants walk in close synchrony with the virtual companions, whose gait exhibits properties found in the gait of young and healthy adults. As a result, research participants can train their gait to the gait of the avatar, thus regaining the healthy properties of their gait and reducing the risk of falls. ARWalker can especially help older adults and individuals with diseases, who exhibit pathological gait thus being more prone to falls. We implement a prototype of ARWalker and evaluate its systems performance while running on a Microsoft Hololens 2 headset.
△ Less
Submitted 13 November, 2023;
originally announced November 2023.
-
A Nonlinear Analysis Software Toolkit for Biomechanical Data
Authors:
Shifat Sarwar,
Aaron Likens,
Nick Stergiou,
Spyridon Mastorakis
Abstract:
In this paper, we present a nonlinear analysis software toolkit, which can help in biomechanical gait data analysis by implementing various nonlinear statistical analysis algorithms. The toolkit is proposed to tackle the need for an easy-to-use and friendly analyzer for gait data where algorithms seem complex to implement in software and execute. With the availability of our toolkit, people withou…
▽ More
In this paper, we present a nonlinear analysis software toolkit, which can help in biomechanical gait data analysis by implementing various nonlinear statistical analysis algorithms. The toolkit is proposed to tackle the need for an easy-to-use and friendly analyzer for gait data where algorithms seem complex to implement in software and execute. With the availability of our toolkit, people without programming knowledge can run the analysis to receive human gait data analysis results. Our toolkit includes the implementation of several nonlinear analysis algorithms, while it is also possible for users with programming experience to expand its scope by implementing and adding more algorithms to the toolkit. Currently, the toolkit supports MatLab bindings while being developed in Python. The toolkit can seamlessly run as a background process to analyze hundreds of different gait data and produce analysis outcomes and figures that illustrate these results.
△ Less
Submitted 11 November, 2023;
originally announced November 2023.
-
Rethinking Internet Communication Through LLMs: How Close Are We?
Authors:
Sifat Ut Taki,
Spyridon Mastorakis
Abstract:
In this paper, we rethink the way that communication among users over the Internet, one of the fundamental outcomes of the Internet evolution, takes place. Instead of users communicating directly over the Internet, we explore an architecture that enables users to communicate with (query) Large Language Models (LLMs) that capture the cognition of users on the other end of the communication channel.…
▽ More
In this paper, we rethink the way that communication among users over the Internet, one of the fundamental outcomes of the Internet evolution, takes place. Instead of users communicating directly over the Internet, we explore an architecture that enables users to communicate with (query) Large Language Models (LLMs) that capture the cognition of users on the other end of the communication channel. We present an architecture to achieve such LLM-based communication and we perform a reality check to assess how close we are today to realizing such a communication architecture from a technical point of view. Finally, we discuss several research challenges and identify interesting directions for future research.
△ Less
Submitted 25 September, 2023;
originally announced September 2023.
-
DarkHorse: A UDP-based Framework to Improve the Latency of Tor Onion Services
Authors:
Md Washik Al Azad,
Hasniuj Zahan,
Sifat Ut Taki,
Spyridon Mastorakis
Abstract:
Tor is the most popular anonymous communication overlay network which hides clients' identities from servers by passing packets through multiple relays. To provide anonymity to both clients and servers, Tor onion services were introduced by increasing the number of relays between a client and a server. Because of the limited bandwidth of Tor relays, large numbers of users, and multiple layers of e…
▽ More
Tor is the most popular anonymous communication overlay network which hides clients' identities from servers by passing packets through multiple relays. To provide anonymity to both clients and servers, Tor onion services were introduced by increasing the number of relays between a client and a server. Because of the limited bandwidth of Tor relays, large numbers of users, and multiple layers of encryption at relays, onion services suffer from high end-to-end latency and low data transfer rates, which degrade user experiences, making onion services unsuitable for latency-sensitive applications. In this paper, we present a UDP-based framework, called DarkHorse, that improves the end-to-end latency and the data transfer overhead of Tor onion services by exploiting the connectionless nature of UDP. Our evaluation results demonstrate that DarkHorse is up to 3.62x faster than regular TCP-based Tor onion services and reduces the Tor network overhead by up to 47%.
△ Less
Submitted 5 July, 2023;
originally announced July 2023.
-
IoT-AD: A Framework To Detect Anomalies Among Interconnected IoT Devices
Authors:
Hasniuj Zahan,
Md Washik Al Azad,
Ihsan Ali,
Spyridon Mastorakis
Abstract:
In an Internet of Things (IoT) environment (e.g., smart home), several IoT devices may be available that are interconnected with each other. In such interconnected environments, a faulty or compromised IoT device could impact the operation of other IoT devices. In other words, anomalous behavior exhibited by an IoT device could propagate to other devices in an IoT environment. In this paper, we ar…
▽ More
In an Internet of Things (IoT) environment (e.g., smart home), several IoT devices may be available that are interconnected with each other. In such interconnected environments, a faulty or compromised IoT device could impact the operation of other IoT devices. In other words, anomalous behavior exhibited by an IoT device could propagate to other devices in an IoT environment. In this paper, we argue that mitigating the propagation of the anomalous behavior exhibited by a device to other devices is equally important to detecting this behavior in the first place. In line with this observation, we present a framework, called IoT Anomaly Detector (IoT-AD), that can not only detect the anomalous behavior of IoT devices, but also limit and recover from anomalous behavior that might have affected other devices. We implemented a prototype of IoT-AD, which we evaluated based on open-source IoT device datasets as well as through real-world deployment on a small-scale IoT testbed we have built. We have further evaluated IoT-AD in comparison to prior relevant approaches. Our evaluation results show that IoT-AD can identify anomalous behavior of IoT devices in less than 2.12 milliseconds and with up to 98% of accuracy.
△ Less
Submitted 11 June, 2023;
originally announced June 2023.
-
The Case for the Anonymization of Offloaded Computation
Authors:
Md Washik Al Azad,
Shifat Sarwar,
Sifat Ut Taki,
Spyridon Mastorakis
Abstract:
Computation offloading (often to external computing resources over a network) has become a necessity for modern applications. At the same time, the proliferation of machine learning techniques has empowered malicious actors to use such techniques in order to breach the privacy of the execution process for offloaded computations. This can enable malicious actors to identify offloaded computations a…
▽ More
Computation offloading (often to external computing resources over a network) has become a necessity for modern applications. At the same time, the proliferation of machine learning techniques has empowered malicious actors to use such techniques in order to breach the privacy of the execution process for offloaded computations. This can enable malicious actors to identify offloaded computations and infer their nature based on computation characteristics that they may have access to even if they do not have direct access to the computation code. In this paper, we first demonstrate that even non-sophisticated machine learning algorithms can accurately identify offloaded computations. We then explore the design space of anonymizing offloaded computations through the realization of a framework, called Camouflage. Camouflage features practical mechanisms to conceal characteristics related to the execution of computations, which can be used by malicious actors to identify computations and orchestrate further attacks based on identified computations. Our evaluation demonstrated that Camouflage can impede the ability of malicious actors to identify executed computations by up to 60%, while incurring modest overheads for the anonymization of computations.
△ Less
Submitted 12 May, 2023;
originally announced May 2023.
-
FoggyEdge: An Information Centric Computation Offloading and Management Framework for Edge-based Vehicular Fog Computing
Authors:
Muhammad Atif Ur Rehman,
Muhammad Salahuddin,
Spyridon Mastorakis,
Byung-Seo Kim
Abstract:
The recent advances aiming to enable in-network service provisioning are empowering a plethora of smart infrastructure developments, including smart cities, and intelligent transportation systems. Although edge computing in conjunction with roadside units appears as a promising technology for proximate service computations, the rising demands for ubiquitous computing and ultra-low latency requirem…
▽ More
The recent advances aiming to enable in-network service provisioning are empowering a plethora of smart infrastructure developments, including smart cities, and intelligent transportation systems. Although edge computing in conjunction with roadside units appears as a promising technology for proximate service computations, the rising demands for ubiquitous computing and ultra-low latency requirements from consumer vehicles are challenging the adoption of intelligent transportation systems. Vehicular fog computing which extends the fog computing paradigm in vehicular networks by utilizing either parked or moving vehicles for computations has the potential to further reduce the computation offloading transmission costs. Therefore, with a precise objective of reducing latency and delivering proximate service computations, we integrated vehicular fog computing with roadside edge computing and proposed a four-layer framework named FoggyEdge. The FoggyEdge framework is built at the top of named data networking and employs microservices to perform in-network computations and offloading. A real-world SUMO-based preliminary performance comparison validates FoggyEdge effectiveness. Finally, a few future research directions on incentive mechanisms, security and privacy, optimal vehicular fog location, and load-balancing are summarized.
△ Less
Submitted 20 April, 2023;
originally announced April 2023.
-
Privacy-Enhanced Living: A Local Differential Privacy Approach to Secure Smart Home Data
Authors:
Nazar Waheed,
Fazlullah Khan,
Spyridon Mastorakis,
Mian Ahmad Jan,
Abeer Z. Alalmaie,
Priyadarsi Nanda
Abstract:
The rapid expansion of Internet of Things (IoT) devices in smart homes has significantly improved the quality of life, offering enhanced convenience, automation, and energy efficiency. However, this proliferation of connected devices raises critical concerns regarding security and privacy of the user data. In this paper, we propose a differential privacy-based system to ensure comprehensive securi…
▽ More
The rapid expansion of Internet of Things (IoT) devices in smart homes has significantly improved the quality of life, offering enhanced convenience, automation, and energy efficiency. However, this proliferation of connected devices raises critical concerns regarding security and privacy of the user data. In this paper, we propose a differential privacy-based system to ensure comprehensive security for data generated by smart homes. We employ the randomized response technique for the data and utilize Local Differential Privacy (LDP) to achieve data privacy. The data is then transmitted to an aggregator, where an obfuscation method is applied to ensure individual anonymity. Furthermore, we implement the Hidden Markov Model (HMM) technique at the aggregator level and apply differential privacy to the private data received from smart homes. Consequently, our approach achieves a dual layer of privacy protection, addressing the security concerns associated with IoT devices in smart cities.
△ Less
Submitted 6 August, 2023; v1 submitted 15 April, 2023;
originally announced April 2023.
-
Investigating the Characteristics and Performance of Augmented Reality Applications on Head-Mounted Displays: A Study of the Hololens Application Store
Authors:
Pubudu Wijesooriya,
Sheikh Muhammad Farjad,
Nikolaos Stergiou,
Spyridon Mastorakis
Abstract:
Augmented Reality (AR) based on Head-Mounted Displays (HMDs) has gained significant traction over the recent years. Nevertheless, it remains unclear what AR HMD-based applications have been developed over the years and what their system performance is when they are run on HMDs. In this paper, we aim to shed light into this direction. Our study focuses on the applications available on the Microsoft…
▽ More
Augmented Reality (AR) based on Head-Mounted Displays (HMDs) has gained significant traction over the recent years. Nevertheless, it remains unclear what AR HMD-based applications have been developed over the years and what their system performance is when they are run on HMDs. In this paper, we aim to shed light into this direction. Our study focuses on the applications available on the Microsoft Hololens application store given the wide use of the Hololens headset. Our study has two major parts: (i) we collect metadata about the applications available on the Microsoft Hololens application store to understand their characteristics (e.g., categories, pricing, permissions requested, hardware and software compatibility); and (ii) we interact with these applications while running on a Hololens 2 headset and collect data about systems-related metrics (e.g., memory and storage usage, time spent on CPU and GPU related operations) to investigate the systems performance of applications. Our study has resulted in several interesting findings, which we share with the research community.
△ Less
Submitted 13 March, 2023;
originally announced March 2023.
-
An NDN-Enabled Fog Radio Access Network Architecture With Distributed In-Network Caching
Authors:
Sifat Ut Taki,
Spyridon Mastorakis
Abstract:
To meet the increasing demands of next-generation cellular networks (e.g., 6G), advanced networking technologies must be incorporated. On one hand, the Fog Radio Access Network (F-RAN), has been proposed as an enhancement to the Cloud Radio Access Network (C-RAN). On the other hand, efficient network architectures, such as Named Data Networking (NDN), have been recognized as prominent Future Inter…
▽ More
To meet the increasing demands of next-generation cellular networks (e.g., 6G), advanced networking technologies must be incorporated. On one hand, the Fog Radio Access Network (F-RAN), has been proposed as an enhancement to the Cloud Radio Access Network (C-RAN). On the other hand, efficient network architectures, such as Named Data Networking (NDN), have been recognized as prominent Future Internet candidates. Nevertheless, the interplay between F-RAN and NDN warrants further investigation. In this paper, we propose an NDN-enabled F-RAN architecture featuring a strategy for distributed in-network caching. Through a simulation study, we demonstrate the superiority of the proposed in-network caching strategy in comparison with baseline caching strategies in terms of network resource utilization, cache hits, and fronthaul channel usage.
△ Less
Submitted 18 January, 2023;
originally announced January 2023.
-
Interest Flooding Attacks in Named Data Networking: Survey of Existing Solutions, Open Issues, Requirements and Future Directions (Extended version)
Authors:
Ahmed Benmoussa,
Chaker Abdelaziz Kerrache,
Nasreddine Lagraa,
Spyridon Mastorakis,
Abderrahmane Lakas,
Abdou el Karim Tahari
Abstract:
Named Data Networking (NDN) is a prominent realization of the vision of Information-Centric Networking. The NDN architecture adopts name-based routing and location-independent data retrieval. Among other important features, NDN integrates security mechanisms and focuses on protecting the content rather than the communications channels. Along with a new architecture come new threats and NDN is no e…
▽ More
Named Data Networking (NDN) is a prominent realization of the vision of Information-Centric Networking. The NDN architecture adopts name-based routing and location-independent data retrieval. Among other important features, NDN integrates security mechanisms and focuses on protecting the content rather than the communications channels. Along with a new architecture come new threats and NDN is no exception. NDN is a potential target for new network attacks such as Interest Flooding Attacks (IFAs). Attackers take advantage of IFA to launch (D)DoS attacks in NDN. Many IFA detection and mitigation solutions have been proposed in the literature. However, there is no comprehensive review study of these solutions that has been proposed so far. Therefore, in this paper, we propose a survey of the various IFAs with a detailed comparative study of all the relevant proposed solutions as counter-measures against IFAs. We also review the requirements for a complete and efficient IFA solution and pinpoint the various issues encountered by IFA detection and mitigation mechanisms through a series of attack scenarios. Finally, in this survey, we offer an analysis of the open issues and future research directions regarding IFAs. This manuscript consists of an extended version of the paper published in ACM Computing Surveys: https://dl.acm.org/doi/10.1145/3539730.
△ Less
Submitted 11 June, 2022;
originally announced June 2022.
-
An Information Centric Framework for Weather Sensing Data
Authors:
Robert Thompson,
Eric Lyons,
Ishita Dasgupta,
Spyridon Mastorakis,
Michael Zink,
Susmit Shannigrahi
Abstract:
Weather sensing and forecasting has become increasingly accurate in the last decade thanks to high-resolution radars, efficient computational algorithms, and high-performance computing facilities. Through a distributed and federated network of radars, scientists can make high-resolution observations of the weather conditions on a scale that benefits public safety, commerce, transportation, and oth…
▽ More
Weather sensing and forecasting has become increasingly accurate in the last decade thanks to high-resolution radars, efficient computational algorithms, and high-performance computing facilities. Through a distributed and federated network of radars, scientists can make high-resolution observations of the weather conditions on a scale that benefits public safety, commerce, transportation, and other fields. While weather radars are critical infrastructure, they are often located in remote areas with poor network connectivity. Data retrieved from these radars are often delayed or lost, or even lack proper synchronization, resulting in sub-optimal weather prediction. This work applies Named Data Networking (NDN) to a federation of weather sensing radars for efficient content addressing and retrieval. We identify weather data based on a hierarchical naming scheme that allows us to explicitly access desired files. We demonstrate that compared to the window-based mechanism in TCP/IP, an NDN based mechanism improves data quality, reduces uncertainty, and enhances weather prediction. Our evaluation demonstrates that this naming scheme enables effective data retrieval, while compared to the window-based mechanism in TCP/IP, an NDN based mechanism improves data quality, reduces uncertainty, and enhances weather prediction.
△ Less
Submitted 27 March, 2022;
originally announced March 2022.
-
Harpocrates: Anonymous Data Publication in Named Data Networking
Authors:
Md Washik Al Azad,
Reza Tourani,
Abderrahmen Mtibaa,
Spyridon Mastorakis
Abstract:
Named-Data Networking (NDN), a prominent realization of the Information-Centric Networking (ICN) vision, offers a request-response communication model where data is identified based on application-defined names at the network layer. This amplifies the ability of censoring authorities to restrict user access to certain data/websites/applications and monitor user requests. The majority of existing N…
▽ More
Named-Data Networking (NDN), a prominent realization of the Information-Centric Networking (ICN) vision, offers a request-response communication model where data is identified based on application-defined names at the network layer. This amplifies the ability of censoring authorities to restrict user access to certain data/websites/applications and monitor user requests. The majority of existing NDN-based frameworks have focused on enabling users in a censoring network to access data available outside of this network, without considering how data producers in a censoring network can make their data available to users outside of this network. This problem becomes especially challenging, since the NDN communication paths are symmetric, while producers are mandated to sign the data they generate and identify their certificates. In this paper, we propose Harpocrates, an NDN-based framework for anonymous data publication under censorship conditions. Harpocrates enables producers in censoring networks to produce and make their data available to users outside of these networks while remaining anonymous to censoring authorities. Our evaluation demonstrates that Harpocrates achieves anonymous data publication under different settings, being able to identify and adapt to censoring actions.
△ Less
Submitted 16 January, 2022;
originally announced January 2022.
-
Reservoir: Named Data for Pervasive Computation Reuse at the Network Edge
Authors:
Md Washik Al Azad,
Spyridon Mastorakis
Abstract:
In edge computing use cases (e.g., smart cities), where several users and devices may be in close proximity to each other, computational tasks with similar input data for the same services (e.g., image or video annotation) may be offloaded to the edge. The execution of such tasks often yields the same results (output) and thus duplicate (redundant) computation. Based on this observation, prior wor…
▽ More
In edge computing use cases (e.g., smart cities), where several users and devices may be in close proximity to each other, computational tasks with similar input data for the same services (e.g., image or video annotation) may be offloaded to the edge. The execution of such tasks often yields the same results (output) and thus duplicate (redundant) computation. Based on this observation, prior work has advocated for "computation reuse", a paradigm where the results of previously executed tasks are stored at the edge and are reused to satisfy incoming tasks with similar input data, instead of executing these incoming tasks from scratch. However, realizing computation reuse in practical edge computing deployments, where services may be offered by multiple (distributed) edge nodes (servers) for scalability and fault tolerance, is still largely unexplored. To tackle this challenge, in this paper, we present Reservoir, a framework to enable pervasive computation reuse at the edge, while imposing marginal overheads on user devices and the operation of the edge network infrastructure. Reservoir takes advantage of Locality Sensitive Hashing (LSH) and runs on top of Named-Data Networking (NDN), extending the NDN architecture for the realization of the computation reuse semantics in the network. Our evaluation demonstrated that Reservoir can reuse computation with up to an almost perfect accuracy, achieving 4.25-21.34x lower task completion times compared to cases without computation reuse.
△ Less
Submitted 23 December, 2021;
originally announced December 2021.
-
The Promise and Challenges of Computation Deduplication and Reuse at the Network Edge
Authors:
Md Washik Al Azad,
Spyridon Mastorakis
Abstract:
In edge computing deployments, where devices may be in close proximity to each other, these devices may offload similar computational tasks (i.e., tasks with similar input data for the same edge computing service or for services of the same nature). This results in the execution of duplicate (redundant) computation, which may become a pressing issue for future edge computing environments, since su…
▽ More
In edge computing deployments, where devices may be in close proximity to each other, these devices may offload similar computational tasks (i.e., tasks with similar input data for the same edge computing service or for services of the same nature). This results in the execution of duplicate (redundant) computation, which may become a pressing issue for future edge computing environments, since such deployments are envisioned to consist of small-scale data-centers at the edge. To tackle this issue, in this paper, we highlight the importance of paradigms for the deduplication and reuse of computation at the network edge. Such paradigms have the potential to significantly reduce the completion times for offloaded tasks, accommodating more users, devices, and tasks with the same volume of deployed edge computing resources, however, they come with their own technical challenges. Finally, we present a multi-layer architecture to enable computation deduplication and reuse at the network edge and discuss open challenges and future research directions.
△ Less
Submitted 31 March, 2022; v1 submitted 3 September, 2021;
originally announced September 2021.
-
CLEDGE: A Hybrid Cloud-Edge Computing Framework over Information Centric Networking
Authors:
Md Washik Al Azad,
Susmit Shannigrahi,
Nicholas Stergiou,
Francisco R. Ortega,
Spyridon Mastorakis
Abstract:
In today's era of Internet of Things (IoT), where massive amounts of data are produced by IoT and other devices, edge computing has emerged as a prominent paradigm for low-latency data processing. However, applications may have diverse latency requirements: certain latency-sensitive processing operations may need to be performed at the edge, while delay-tolerant operations can be performed on the…
▽ More
In today's era of Internet of Things (IoT), where massive amounts of data are produced by IoT and other devices, edge computing has emerged as a prominent paradigm for low-latency data processing. However, applications may have diverse latency requirements: certain latency-sensitive processing operations may need to be performed at the edge, while delay-tolerant operations can be performed on the cloud, without occupying the potentially limited edge computing resources. To achieve that, we envision an environment where computing resources are distributed across edge and cloud offerings. In this paper, we present the design of CLEDGE (CLoud + EDGE), an information-centric hybrid cloud-edge framework, aiming to maximize the on-time completion of computational tasks offloaded by applications with diverse latency requirements. The design of CLEDGE is motivated by the networking challenges that mixed reality researchers face. Our evaluation demonstrates that CLEDGE can complete on-time more than 90% of offloaded tasks with modest overheads.
△ Less
Submitted 15 July, 2021;
originally announced July 2021.
-
Hash-MAC-DSDV: Mutual Authentication for Intelligent IoT-Based Cyber-Physical Systems
Authors:
Muhammad Adil,
Mian Ahmad Jan,
Spyridon Mastorakis,
Houbing Song,
Muhammad Mohsin Jadoon,
Safia Abbas,
Ahmed Farouk
Abstract:
Cyber-Physical Systems (CPS) connected in the form of Internet of Things (IoT) are vulnerable to various security threats, due to the infrastructure-less deployment of IoT devices. Device-to-Device (D2D) authentication of these networks ensures the integrity, authenticity, and confidentiality of information in the deployed area. The literature suggests different approaches to address security issu…
▽ More
Cyber-Physical Systems (CPS) connected in the form of Internet of Things (IoT) are vulnerable to various security threats, due to the infrastructure-less deployment of IoT devices. Device-to-Device (D2D) authentication of these networks ensures the integrity, authenticity, and confidentiality of information in the deployed area. The literature suggests different approaches to address security issues in CPS technologies. However, they are mostly based on centralized techniques or specific system deployments with higher cost of computation and communication. It is therefore necessary to develop an effective scheme that can resolve the security problems in CPS technologies of IoT devices. In this paper, a lightweight Hash-MAC-DSDV (Hash Media Access Control Destination Sequence Distance Vector) routing scheme is proposed to resolve authentication issues in CPS technologies, connected in the form of IoT networks. For this purpose, a CPS of IoT devices (multi-WSNs) is developed from the local-chain and public chain, respectively. The proposed scheme ensures D2D authentication by the Hash-MAC-DSDV mutual scheme, where the MAC addresses of individual devices are registered in the first phase and advertised in the network in the second phase. The proposed scheme allows legitimate devices to modify their routing table and unicast the one-way hash authentication mechanism to transfer their captured data from source towards the destination. Our evaluation results demonstrate that Hash- MAC-DSDV outweighs the existing schemes in terms of attack detection, energy consumption and communication metrics.
△ Less
Submitted 17 May, 2021;
originally announced May 2021.
-
LightIoT: Lightweight and Secure Communication for Energy-Efficient IoT in Health Informatics
Authors:
Mian Ahmad Jan,
Fazlullah Khan,
Spyridon Mastorakis,
Muhammad Adil,
Aamir Akbar,
Nicholas Stergiou
Abstract:
Internet of Things (IoT) is considered as a key enabler of health informatics. IoT-enabled devices are used for in-hospital and in-home patient monitoring to collect and transfer biomedical data pertaining to blood pressure, electrocardiography (ECG), blood sugar levels, body temperature, etc. Among these devices, wearables have found their presence in a wide range of healthcare applications. Thes…
▽ More
Internet of Things (IoT) is considered as a key enabler of health informatics. IoT-enabled devices are used for in-hospital and in-home patient monitoring to collect and transfer biomedical data pertaining to blood pressure, electrocardiography (ECG), blood sugar levels, body temperature, etc. Among these devices, wearables have found their presence in a wide range of healthcare applications. These devices generate data in real-time and transmit them to nearby gateways and remote servers for processing and visualization. The data transmitted by these devices are vulnerable to a range of adversarial threats, and as such, privacy and integrity need to be preserved. In this paper, we present LightIoT, a lightweight and secure communication approach for data exchanged among the devices of a healthcare infrastructure. LightIoT operates in three phases: initialization, pairing, and authentication. These phases ensure the reliable transmission of data by establishing secure sessions among the communicating entities (wearables, gateways and a remote server). Statistical results exhibit that our scheme is lightweight, robust, and resilient against a wide range of adversarial attacks and incurs much lower computational and communication overhead for the transmitted data in the presence of existing approaches.
△ Less
Submitted 30 April, 2021;
originally announced April 2021.
-
Networking and Computing in Biomechanical Research: Challenges and Directions
Authors:
Spyridon Mastorakis,
Andreas Skiadopoulos,
Susmit Shannigrahi,
Aaron Likens,
Boubakr Nour,
Nicholas Stergiou
Abstract:
Biomechanics is a scientific discipline that studies the forces acting on a body and the effects they produce. In this paper, we bring together biomechanists and networking researchers to shed light into how research efforts in biomechanics, primarily related to the study of the human body, can be facilitated through networking and computing technologies, such as edge and cloud computing, Software…
▽ More
Biomechanics is a scientific discipline that studies the forces acting on a body and the effects they produce. In this paper, we bring together biomechanists and networking researchers to shed light into how research efforts in biomechanics, primarily related to the study of the human body, can be facilitated through networking and computing technologies, such as edge and cloud computing, Software Defined Networking, and Information-Centric Networking. We first present challenges related to networking and computing that biomechanists face today and we then describe how networking and computing technologies can address them. Finally, we identify directions for future networking research with a focus on biomechanics to facilitate and encourage interdisciplinary collaborations between biomechanists and networking researchers.
△ Less
Submitted 27 March, 2021;
originally announced March 2021.
-
Information-Centric Networking in Wireless Environments: Security Risks and Challenges
Authors:
Boubakr Nour,
Spyridon Mastorakis,
Rehmat Ullah,
Nicholas Stergiou
Abstract:
Information-Centric Networking (ICN) has emerged as a paradigm to cope with the lack of built-in security primitives and efficient mechanisms for content distribution of today's Internet. However, deploying ICN in a wireless environment poses a different set of challenges compared to a wired environment, especially when it comes to security. In this paper, we present the security issues that may a…
▽ More
Information-Centric Networking (ICN) has emerged as a paradigm to cope with the lack of built-in security primitives and efficient mechanisms for content distribution of today's Internet. However, deploying ICN in a wireless environment poses a different set of challenges compared to a wired environment, especially when it comes to security. In this paper, we present the security issues that may arise and the attacks that may occur from different points of view when ICN is deployed in wireless environments. The discussed attacks may target both applications and the ICN network itself by exploiting elements of the ICN architecture, such as content names and in-network content caches. Furthermore, we discuss potential solutions to the presented issues and countermeasures to the presented attacks. Finally, we identify future research opportunities and directions.
△ Less
Submitted 2 March, 2021;
originally announced March 2021.
-
Access Control Mechanisms in Named Data Networks: A Comprehensive Survey
Authors:
Boubakr Nour,
Hakima Khelifi,
Rasheed Hussain,
Spyridon Mastorakis,
Hassine Moungla
Abstract:
Information-Centric Networking (ICN) has recently emerged as a prominent candidate for the Future Internet Architecture (FIA) that addresses existing issues with the host-centric communication model of the current TCP/IP-based Internet. Named Data Networking (NDN) is one of the most recent and active ICN architectures that provides a clean slate approach for Internet communication. NDN provides in…
▽ More
Information-Centric Networking (ICN) has recently emerged as a prominent candidate for the Future Internet Architecture (FIA) that addresses existing issues with the host-centric communication model of the current TCP/IP-based Internet. Named Data Networking (NDN) is one of the most recent and active ICN architectures that provides a clean slate approach for Internet communication. NDN provides intrinsic content security where security is directly provided to the content instead of communication channel. Among other security aspects, Access Control (AC) rules specify the privileges for the entities that can access the content. In TCP/IP-based AC systems, due to the client-server communication model, the servers control which client can access a particular content. In contrast, ICN-based networks use content names to drive communication and decouple the content from its original location. This phenomenon leads to the loss of control over the content causing different challenges for the realization of efficient AC mechanisms. To date, considerable efforts have been made to develop various AC mechanisms in NDN. In this paper, we provide a detailed and comprehensive survey of the AC mechanisms in NDN. We follow a holistic approach towards AC in NDN where we first summarize the ICN paradigm, describe the changes from channel-based security to content-based security and highlight different cryptographic algorithms and security protocols in NDN. We then classify the existing AC mechanisms into two main categories: Encryption-based AC and Encryption-independent AC. Each category has different classes based on the working principle of AC (e.g., Attribute-based AC, Name-based AC, Identity-based AC, etc). Finally, we present the lessons learned from the existing AC mechanisms and identify the challenges of NDN-based AC at large, highlighting future research directions for the community.
△ Less
Submitted 8 December, 2020;
originally announced December 2020.
-
Irregular Metronomes as Assistive Devices to Promote Healthy Gait Patterns
Authors:
Aaron D. Likens,
Spyridon Mastorakis,
Andreas Skiadopoulos,
Jenny A. Kent,
Md Washik Al Azad,
Nick Stergiou
Abstract:
Older adults and people suffering from neurodegenerative disease often experience difficulty controlling gait during locomotion, ultimately increasing their risk of falling. To combat these effects, researchers and clinicians have used metronomes as assistive devices to improve movement timing in hopes of reducing their risk of falling. Historically, researchers in this area have relied on metrono…
▽ More
Older adults and people suffering from neurodegenerative disease often experience difficulty controlling gait during locomotion, ultimately increasing their risk of falling. To combat these effects, researchers and clinicians have used metronomes as assistive devices to improve movement timing in hopes of reducing their risk of falling. Historically, researchers in this area have relied on metronomes with isochronous interbeat intervals, which may be problematic because normal healthy gait varies considerably from one step to the next. More recently, researchers have advocated the use of irregular metronomes embedded with statistical properties found in healthy populations. In this paper, we explore the effect of both regular and irregular metronomes on many statistical properties of interstride intervals. Furthermore, we investigate how these properties react to mechanical perturbation in the form of a halted treadmill belt while walking. Our results demonstrate that metronomes that are either isochronous or random metronome break down the inherent structure of healthy gait. Metronomes with statistical properties similar to healthy gait seem to preserve those properties, despite a strong mechanical perturbation. We discuss the future development of this work in the context of networked augmented reality metronome devices.
△ Less
Submitted 24 November, 2020;
originally announced December 2020.
-
CCIC-WSN: An Architecture for Single Channel Cluster-based Information-Centric Wireless Sensor Networks
Authors:
Muhammad Atif Ur Rehman,
Rehmat Ullah,
Byung-Seo Kim,
Boubakr Nour,
Spyridon Mastorakis
Abstract:
The promising vision of Information-Centric Networking (ICN) and of its realization, Named Data Networking (NDN), has attracted extensive attention in recent years in the context of the Internet of Things (IoT) and Wireless Sensor Networks (WSNs). However, a comprehensive NDN/ICN-based architectural design for WSNs, including specially tailored naming schemes and forwarding mechanisms, has yet to…
▽ More
The promising vision of Information-Centric Networking (ICN) and of its realization, Named Data Networking (NDN), has attracted extensive attention in recent years in the context of the Internet of Things (IoT) and Wireless Sensor Networks (WSNs). However, a comprehensive NDN/ICN-based architectural design for WSNs, including specially tailored naming schemes and forwarding mechanisms, has yet to be explored. In this paper, we present single-Channel Cluster-based Information-Centric WSN (CCIC-WSN), an NDN/ICN-based framework to fulfill the requirements of cluster-based WSNs, such as communication between child nodes and cluster heads, association of new child nodes with cluster heads, discovery of the namespace of newly associated nodes, and child node mobility. Through an extensive simulation study, we demonstrate that CCIC-WSN achieves 71-90% lower energy consumption and 74-96% lower data retrieval delays than recently proposed frameworks for NDN/ICN-based WSNs under various evaluation settings.
△ Less
Submitted 24 November, 2020;
originally announced November 2020.
-
Named Data Networking for Content Delivery Network Workflows
Authors:
Rama Krishna Thelagathoti,
Spyridon Mastorakis,
Anant Shah,
Harkeerat Bedi,
Susmit Shannigrahi
Abstract:
In this work we investigate Named Data Networking's (NDN's) architectural properties and features, such as content caching and intelligent packet forwarding, in the context of a Content Delivery Network (CDN) workflows. More specifically, we evaluate NDN's properties for PoP (Point of Presence) to PoP and PoP to device connectivity. We use the Apache Traffic Server (ATS) platform to create an HTTP…
▽ More
In this work we investigate Named Data Networking's (NDN's) architectural properties and features, such as content caching and intelligent packet forwarding, in the context of a Content Delivery Network (CDN) workflows. More specifically, we evaluate NDN's properties for PoP (Point of Presence) to PoP and PoP to device connectivity. We use the Apache Traffic Server (ATS) platform to create an HTTP, CDN-like caching hierarchy in order to compare NDN with HTTP-based content delivery. Overall, our work demonstrates that properties inherent to NDN can benefit content providers and users alike. Our experimental results demonstrate that HTTP is faster under stable conditions due to a mature software stack. However, NDN performs better in the presence of packet loss, even for a loss rate as low as 0.1%, due to packet-level caching in the network and fast retransmissions from close upstreams and fast retransmissions from close upstreams. We further show that the Time To First Byte (TTFB) in NDN is consistently lower than HTTP (~100ms in HTTP vs ~50ms in NDN), a vital requirement for CDNs, in addition to supporting transparent failover to another upstream when a failure occurs in the network. Moreover, we examine implementation agnostic (implementation choices can be Software Defined Networking, Information Centric Networking, or something else) network properties that can benefit CDN workflows.
△ Less
Submitted 24 October, 2020;
originally announced October 2020.
-
DLWIoT: Deep Learning-based Watermarking for Authorized IoT Onboarding
Authors:
Spyridon Mastorakis,
Xin Zhong,
Pei-Chi Huang,
Reza Tourani
Abstract:
The onboarding of IoT devices by authorized users constitutes both a challenge and a necessity in a world, where the number of IoT devices and the tampering attacks against them continuously increase. Commonly used onboarding techniques today include the use of QR codes, pin codes, or serial numbers. These techniques typically do not protect against unauthorized device access-a QR code is physical…
▽ More
The onboarding of IoT devices by authorized users constitutes both a challenge and a necessity in a world, where the number of IoT devices and the tampering attacks against them continuously increase. Commonly used onboarding techniques today include the use of QR codes, pin codes, or serial numbers. These techniques typically do not protect against unauthorized device access-a QR code is physically printed on the device, while a pin code may be included in the device packaging. As a result, any entity that has physical access to a device can onboard it onto their network and, potentially, tamper it (e.g.,install malware on the device). To address this problem, in this paper, we present a framework, called Deep Learning-based Watermarking for authorized IoT onboarding (DLWIoT), featuring a robust and fully automated image watermarking scheme based on deep neural networks. DLWIoT embeds user credentials into carrier images (e.g., QR codes printed on IoT devices), thus enables IoT onboarding only by authorized users. Our experimental results demonstrate the feasibility of DLWIoT, indicating that authorized users can onboard IoT devices with DLWIoT within 2.5-3sec.
△ Less
Submitted 17 October, 2020;
originally announced October 2020.
-
NDNTP: A Named Data Networking Time Protocol
Authors:
Abderrahmen Mtibaa,
Spyridon Mastorakis
Abstract:
Named Data Networking (NDN) architectural features, including multicast data delivery, stateful forwarding, and in-network data caching, have shown promise for applications such as video streaming and file sharing. However, collaborative applications, requiring a multi-producer participation introduce new NDN design challenges. In this paper, we highlight these challenges in the context of the Net…
▽ More
Named Data Networking (NDN) architectural features, including multicast data delivery, stateful forwarding, and in-network data caching, have shown promise for applications such as video streaming and file sharing. However, collaborative applications, requiring a multi-producer participation introduce new NDN design challenges. In this paper, we highlight these challenges in the context of the Network Time Protocol (NTP) and one of its most widely-used deployments for NTP server discovery, the NTP pool project. We discuss the design requirements for the support of NTP and NTP pool and present general directions for the design of a time synchronization protocol over NDN, coined Named Data Networking Time Protocol (NDNTP).
△ Less
Submitted 15 July, 2020;
originally announced July 2020.
-
An Automated and Robust Image Watermarking Scheme Based on Deep Neural Networks
Authors:
Xin Zhong,
Pei-Chi Huang,
Spyridon Mastorakis,
Frank Y. Shih
Abstract:
Digital image watermarking is the process of embedding and extracting a watermark covertly on a cover-image. To dynamically adapt image watermarking algorithms, deep learning-based image watermarking schemes have attracted increased attention during recent years. However, existing deep learning-based watermarking methods neither fully apply the fitting ability to learn and automate the embedding a…
▽ More
Digital image watermarking is the process of embedding and extracting a watermark covertly on a cover-image. To dynamically adapt image watermarking algorithms, deep learning-based image watermarking schemes have attracted increased attention during recent years. However, existing deep learning-based watermarking methods neither fully apply the fitting ability to learn and automate the embedding and extracting algorithms, nor achieve the properties of robustness and blindness simultaneously. In this paper, a robust and blind image watermarking scheme based on deep learning neural networks is proposed. To minimize the requirement of domain knowledge, the fitting ability of deep neural networks is exploited to learn and generalize an automated image watermarking algorithm. A deep learning architecture is specially designed for image watermarking tasks, which will be trained in an unsupervised manner to avoid human intervention and annotation. To facilitate flexible applications, the robustness of the proposed scheme is achieved without requiring any prior knowledge or adversarial examples of possible attacks. A challenging case of watermark extraction from phone camera-captured images demonstrates the robustness and practicality of the proposal. The experiments, evaluation, and application cases confirm the superiority of the proposed scheme.
△ Less
Submitted 5 July, 2020;
originally announced July 2020.
-
DAPES: Named Data for Off-the-Grid File Sharing with Peer-to-Peer Interactions
Authors:
Spyridon Mastorakis,
Tianxiang Li,
Lixia Zhang
Abstract:
This paper introduces DAta-centric Peer-to-peer filE Sharing (DAPES), a data sharing protocol for scenarios with intermittent connectivity and user mobility. DAPES provides a set of semantically meaningful hierarchical naming abstractions that facilitate the exchange of file collections via local connectivity. This enables peers to "make the most" out of the limited connection time with other peer…
▽ More
This paper introduces DAta-centric Peer-to-peer filE Sharing (DAPES), a data sharing protocol for scenarios with intermittent connectivity and user mobility. DAPES provides a set of semantically meaningful hierarchical naming abstractions that facilitate the exchange of file collections via local connectivity. This enables peers to "make the most" out of the limited connection time with other peers by maximizing the utility of individual transmissions to provide data missing by most connected peers. DAPES runs on top of Named-Data Networking (NDN) and extends NDN's data-centric network layer abstractions to achieve communication over multiple wireless hops through an adaptive hop-by-hop forwarding/suppression mechanism. We have evaluated DAPES through real-world experiments in an outdoor campus setting and extensive simulations. Our results demonstrate that DAPES achieves 50-71% lower overheads and 15-33% lower file sharing delays compared to file sharing solutions that rely on IP-based mobile ad-hoc routing.
△ Less
Submitted 2 June, 2020;
originally announced June 2020.
-
Experimenting with a Simulation Framework for Peer-to-Peer File Sharing in Named Data Networking
Authors:
Akshay Raman,
Kimberly Chou,
Spyridon Mastorakis
Abstract:
Peer-to-peer file sharing envisions a data-centric dissemination model, where files consisting of multiple data pieces can be shared from any peer that can offer the data or from multiple peers simultaneously. This aim, implemented at the application layer of the network architecture, matches with the objective of Named Data Networking (NDN), a proposed Internet architecture that features a data-c…
▽ More
Peer-to-peer file sharing envisions a data-centric dissemination model, where files consisting of multiple data pieces can be shared from any peer that can offer the data or from multiple peers simultaneously. This aim, implemented at the application layer of the network architecture, matches with the objective of Named Data Networking (NDN), a proposed Internet architecture that features a data-centric communication model at the network layer. To study the impact of a data-centric network architecture on peer-to-peer file sharing, we proposed nTorrent, a peer-to-peer file sharing application on top of NDN. Since the initial nTorrent proposal in 2017, we have implemented its design in ndnSIM, the de facto NDN simulator. In this paper, we present the design of our nTorrent simulation framework, discussing various design decisions and trade-offs. We also describe our experimentation and validation process to ensure that our framework possesses the fundamental properties of nTorrent.
△ Less
Submitted 17 November, 2019;
originally announced November 2019.
-
ISA-Based Trusted Network Functions And Server Applications In The Untrusted Cloud
Authors:
Spyridon Mastorakis,
Tahrina Ahmed,
Jayaprakash Pisharath
Abstract:
Nowadays, enterprises widely deploy Network Functions (NFs) and server applications in the cloud. However, processing of sensitive data and trusted execution cannot be securely deployed in the untrusted cloud. Cloud providers themselves could accidentally leak private information (e.g., due to misconfigurations) or rogue users could exploit vulnerabilities of the providers' systems to compromise e…
▽ More
Nowadays, enterprises widely deploy Network Functions (NFs) and server applications in the cloud. However, processing of sensitive data and trusted execution cannot be securely deployed in the untrusted cloud. Cloud providers themselves could accidentally leak private information (e.g., due to misconfigurations) or rogue users could exploit vulnerabilities of the providers' systems to compromise execution integrity, posing a threat to the confidentiality of internal enterprise and customer data. In this paper, we identify (i) a number of NF and server application use-cases that trusted execution can be applied to, (ii) the assets and impact of compromising the private data and execution integrity of each use-case, and (iii) we leverage Intel's Software Guard Extensions (SGX) architecture to design Trusted Execution Environments (TEEs) for cloud-based NFs and server applications. We combine SGX with the Data Plane Development KIT (DPDK) to prototype and evaluate our TEEs for a number of application scenarios (Layer 2 frame and Layer 3 packet processing for plain and encrypted traffic, traffic load-balancing and back-end server processing). Our results indicate that NFs involving plain traffic can achieve almost native performance (e.g., ~22 Million Packets Per Second for Layer 3 forwarding for 64-byte frames), while NFs involving encrypted traffic and server processing can still achieve competitive performance (e.g., ~12 Million Packets Per Second for server processing for 64-byte frames).
△ Less
Submitted 20 February, 2018;
originally announced February 2018.
-
Experimentation With Fuzzy Interest Forwarding in Named Data Networking
Authors:
Spyridon Mastorakis,
Kevin Chan,
Bongjun Ko,
Alexander Afanasyev,
Lixia Zhang
Abstract:
In the current Named Data Networking implementation, forwarding a data request requires finding an exact match between the prefix of the name carried in the request and a forwarding table entry. However, consumers may not always know the exact naming, or an exact prefix, of their desired data. The current approach to this problem-establishing naming conventions and performing name lookup-can be in…
▽ More
In the current Named Data Networking implementation, forwarding a data request requires finding an exact match between the prefix of the name carried in the request and a forwarding table entry. However, consumers may not always know the exact naming, or an exact prefix, of their desired data. The current approach to this problem-establishing naming conventions and performing name lookup-can be infeasible in highly ad hoc, heterogeneous, and dynamic environments: the same data can be named using different terms or even languages, naming conventions may be minimal if they exist at all, and name lookups can be costly. In this paper, we present a fuzzy Interest forwarding approach that exploits semantic similarities between the names carried in Interest packets and the names of potentially matching data in CS and entries in FIB. We describe the fuzzy Interest forwarding approach, outline the semantic understanding function that determines the name matching, and present our simulation study along with extended evaluation results.
△ Less
Submitted 14 February, 2018; v1 submitted 8 February, 2018;
originally announced February 2018.
