-
Strong Anonymity for Mesh Messaging
Authors:
Neil Perry,
Bruce Spang,
Saba Eskandarian,
Dan Boneh
Abstract:
Messaging systems built on mesh networks consisting of smartphones communicating over Bluetooth have been used by protesters around the world after governments have disrupted Internet connectivity. Unfortunately, existing systems have been shown to be insecure; most concerningly by not adequately hiding metadata. This is further complicated by the fact that wireless communication such as Bluetooth…
▽ More
Messaging systems built on mesh networks consisting of smartphones communicating over Bluetooth have been used by protesters around the world after governments have disrupted Internet connectivity. Unfortunately, existing systems have been shown to be insecure; most concerningly by not adequately hiding metadata. This is further complicated by the fact that wireless communication such as Bluetooth is inherently a broadcasting medium. In this paper, we present a new threat model that captures the security requirements of protesters in this setting. We then provide a solution that satisfies the required security properties, hides all relevant metadata, scales to moderately sized protests, and supports group messaging. This is achieved by broadcasting all messages in a way that limits the overhead of duplicate messages, ensuring that ciphertexts do not leak metadata, and limiting what can be learned by observing user behavior. We also build a model of our system and numerically evaluate it to support our claims and analyze how many users it supports. Finally, we discuss further extensions that remove potential bottlenecks in scaling and support substantially more users.
△ Less
Submitted 22 August, 2022; v1 submitted 8 July, 2022;
originally announced July 2022.
-
Unbiased Experiments in Congested Networks
Authors:
Bruce Spang,
Veronica Hannan,
Shravya Kunamalla,
Te-Yuan Huang,
Nick McKeown,
Ramesh Johari
Abstract:
When developing a new networking algorithm, it is established practice to run a randomized experiment, or A/B test, to evaluate its performance. In an A/B test, traffic is randomly allocated between a treatment group, which uses the new algorithm, and a control group, which uses the existing algorithm. However, because networks are congested, both treatment and control traffic compete against each…
▽ More
When developing a new networking algorithm, it is established practice to run a randomized experiment, or A/B test, to evaluate its performance. In an A/B test, traffic is randomly allocated between a treatment group, which uses the new algorithm, and a control group, which uses the existing algorithm. However, because networks are congested, both treatment and control traffic compete against each other for resources in a way that biases the outcome of these tests. This bias can have a surprisingly large effect; for example, in lab A/B tests with two widely used congestion control algorithms, the treatment appeared to deliver 150% higher throughput when used by a few flows, and 75% lower throughput when used by most flows-despite the fact that the two algorithms have identical throughput when used by all traffic.
Beyond the lab, we show that A/B tests can also be biased at scale. In an experiment run in cooperation with Netflix, estimates from A/B tests mistake the direction of change of some metrics, miss changes in other metrics, and overestimate the size of effects. We propose alternative experiment designs, previously used in online platforms, to more accurately evaluate new algorithms and allow experimenters to better understand the impact of congestion on their tests.
△ Less
Submitted 30 September, 2021;
originally announced October 2021.
-
Updating the Theory of Buffer Sizing
Authors:
Bruce Spang,
Serhat Arslan,
Nick McKeown
Abstract:
Routers have packet buffers to reduce packet drops during times of congestion. It is important to correctly size the buffer: make it too small, and packets are dropped unnecessarily and the link may be underutilized; make it too big, and packets may wait for a long time, and the router itself may be more expensive to build. Despite its importance, there are few guidelines for picking the buffer si…
▽ More
Routers have packet buffers to reduce packet drops during times of congestion. It is important to correctly size the buffer: make it too small, and packets are dropped unnecessarily and the link may be underutilized; make it too big, and packets may wait for a long time, and the router itself may be more expensive to build. Despite its importance, there are few guidelines for picking the buffer size. The two most well-known rules only apply to long-lived TCP Reno flows; either for a network carrying a single TCP Reno flow (the buffer size should equal the bandwidth-delay product, or $BDP$) or for a network carrying $n$ TCP Reno flows (the buffer size should equal $BDP/\sqrt{n}$). Since these rules were introduced, TCP Reno has been replaced by newer algorithms as the default congestion control algorithm in all major operating systems, yet little has been written about how the rules need to change. This paper revisits both rules. For the single flow case, we generalize the $BDP$ rule to account for changes to TCP, such as Proportional Rate Reduction (PRR), and the introduction of new algorithms including Cubic and BBR. We find that buffers can be made 60-75% smaller for newer algorithms. For the multiple flow case, we show that the square root of $n$ rule holds under a broader set of assumptions than previously known, including for these new congestion control algorithms. We also demonstrate situations where the square root of $n$ rule does not hold, including for unfair flows and certain settings with ECN. We validate our results by precisely measuring the time series of buffer occupancy in a real network, and comparing it to the per-packet window size.
△ Less
Submitted 23 September, 2021;
originally announced September 2021.
-
Coded trace reconstruction in a constant number of traces
Authors:
Joshua Brakensiek,
Ray Li,
Bruce Spang
Abstract:
The coded trace reconstruction problem asks to construct a code $C\subset \{0,1\}^n$ such that any $x\in C$ is recoverable from independent outputs ("traces") of $x$ from a binary deletion channel (BDC). We present binary codes of rate $1-\varepsilon$ that are efficiently recoverable from ${\exp(O_q(\log^{1/3}(\frac{1}{\varepsilon})))}$ (a constant independent of $n$) traces of a…
▽ More
The coded trace reconstruction problem asks to construct a code $C\subset \{0,1\}^n$ such that any $x\in C$ is recoverable from independent outputs ("traces") of $x$ from a binary deletion channel (BDC). We present binary codes of rate $1-\varepsilon$ that are efficiently recoverable from ${\exp(O_q(\log^{1/3}(\frac{1}{\varepsilon})))}$ (a constant independent of $n$) traces of a $\operatorname{BDC}_q$ for any constant deletion probability $q\in(0,1)$. We also show that, for rate $1-\varepsilon$ binary codes, $\tilde Ω(\log^{5/2}(1/\varepsilon))$ traces are required. The results follow from a pair of black-box reductions that show that average-case trace reconstruction is essentially equivalent to coded trace reconstruction. We also show that there exist codes of rate $1-\varepsilon$ over an $O_{\varepsilon}(1)$-sized alphabet that are recoverable from $O(\log(1/\varepsilon))$ traces, and that this is tight.
△ Less
Submitted 11 September, 2020; v1 submitted 12 August, 2019;
originally announced August 2019.
-
Unconstraining graph-constrained group testing
Authors:
Bruce Spang,
Mary Wootters
Abstract:
In network tomography, one goal is to identify a small set of failed links in a network, by sending a few packets through the network and seeing which reach their destination. This problem can be seen as a variant of combinatorial group testing, which has been studied before under the moniker "graph-constrained group testing."
The main contribution of this work is to show that for most graphs, t…
▽ More
In network tomography, one goal is to identify a small set of failed links in a network, by sending a few packets through the network and seeing which reach their destination. This problem can be seen as a variant of combinatorial group testing, which has been studied before under the moniker "graph-constrained group testing."
The main contribution of this work is to show that for most graphs, the "constraints" imposed by the underlying network topology are no constraint at all. That is, the number of tests required to identify the failed links in "graph-constrained" group testing is near-optimal even for the corresponding group testing problem with no graph constraints.
Our approach is based on a simple randomized construction of tests, to analyze our construction, we prove new results about the size of giant components in randomly sparsified graphs. Finally, we provide empirical results which suggest that our connected-subgraph tests perform better not just in theory but also in practice, and in particular perform better on a real-world network topology.
△ Less
Submitted 10 September, 2018;
originally announced September 2018.
-
MON: Mission-optimized Overlay Networks
Authors:
Bruce Spang,
Anirudh Sabnis,
Ramesh Sitaraman,
Don Towsley,
Brian DeCleene
Abstract:
Large organizations often have users in multiple sites which are connected over the Internet. Since resources are limited, communication between these sites needs to be carefully orchestrated for the most benefit to the organization. We present a Mission-optimized Overlay Network (MON), a hybrid overlay network architecture for maximizing utility to the organization. We combine an offline and an o…
▽ More
Large organizations often have users in multiple sites which are connected over the Internet. Since resources are limited, communication between these sites needs to be carefully orchestrated for the most benefit to the organization. We present a Mission-optimized Overlay Network (MON), a hybrid overlay network architecture for maximizing utility to the organization. We combine an offline and an online system to solve non-concave utility maximization problems. The offline tier, the Predictive Flow Optimizer (PFO), creates plans for routing traffic using a model of network conditions. The online tier, MONtra, is aware of the precise local network conditions and is able to react quickly to problems within the network. Either tier alone is insufficient. The PFO may take too long to react to network changes. MONtra only has local information and cannot optimize non-concave mission utilities. However, by combining the two systems, MON is robust and achieves near-optimal utility under a wide range of network conditions. While best-effort overlay networks are well studied, our work is the first to design overlays that are optimized for mission utility.
△ Less
Submitted 27 January, 2017;
originally announced January 2017.
