The first step in making sure that R&D spending is productive to be it going the same direction as overall business strategy. Simple enough say but not always so simple do. Chris Pappas suggests corporate strategy process often focuses on financial factors and market share neglects technology a key resource planned. With competitive success well productivity profitability becoming more directly tied development, time give important place process. Using example of an actual firm, shows...

SDN promises to make networks more flexible, programmable, and easier manage. Inherent security problems in today, however, pose a threat the promised benefits. First, network operator lacks tools proactively ensure that policies will be followed or reactively inspect behavior of network. Second, distributed nature state updates at data plane leads inconsistent during reconfigurations. Third, large flow space makes susceptible exhaustion attacks. This paper presents SDNsec, an extension...

The Internet will undergo a major transformation as satellite-based service providers start to disrupt the market. Constellations of hundreds thousands satellites promise offer low-latency even most remote areas. We anticipate exciting business and research opportunities.

In an ideal Internet, every packet would be attributable to its sender, while host identities and transmitted content remain private. Designing such a network is challenging because source accountability communication privacy are typically viewed as conflicting properties. this paper, we propose architecture that guarantees privacy-preserving by enlisting ISPs agents brokers. While can link originates from their customers, customer identity remains unknown the rest of Internet. our...

We make a case for packet-replay suppression at the network layer, concept that has been generally neglected. Our contribution is twofold. First, we demonstrate new attack, router-reflection can be launched using compromised routers. In this router degrades connectivity of remote Internet region just by replaying packets. The attack feasible even if all packets are attributed to their sources, i.e., source authentication in place, and our evaluation shows threat pervasive---candidate routers...

This paper presents FAIR, a forwarding accountability mechanism that incentivizes ISPs to apply stricter security policies their customers. The Autonomous System (AS) of the receiver specifies traffic profile sender AS must adhere to. Transit ASes on path mark packets. In case violations, marked packets are used as proof misbehavior. FAIR introduces low bandwidth overhead and requires no per-packet per-flow state for forwarding. We describe integration with IP demonstrate software switch...

research-article Share on Transparency Instead of Neutrality Authors: Christos Pappas ETH Zürich ZürichView Profile , Katerina Argyraki EPFL, Switzerland SwitzerlandView Stefan Bechtold Adrian Perrig Authors Info & Claims HotNets-XIV: Proceedings the 14th ACM Workshop Hot Topics in NetworksNovember 2015 Article No.: 22Pages 1–7https://doi.org/10.1145/2834050.2834082Published:16 November 2015Publication History 8citation197DownloadsMetricsTotal Citations8Total Downloads197Last 12 Months19Last...

SDN promises to make networks more flexible, programmable, and easier manage. Inherent security problems in today, however, pose a threat the promised benefits. First, network operator lacks tools proactively ensure that policies will be followed or reactively inspect behavior of network. Second, distributed nature state updates at data plane leads inconsistent during reconfigurations. Third, large flow space makes susceptible exhaustion attacks. This paper presents SDNsec, an extension...

The act of communication on the Internet inevitably leaks information. In particular, network headers reveal information (e.g., source address, flow information); yet, protecting header has proven challenging. Past research successfully protected certain fields address), but no proposal attempted to eliminate from so that packets cannot be linked flows; is systematically used subvert privacy. Hence, we investigate following questions: Can design an architecture eliminates flow-packet...

In source-based path selection, the sender chooses to destination from a set of available paths and embeds forwarding information in packets. Future Internet proposals have employed this scheme realize benefits source routing without inherent scalability problems computation at source. Furthermore, address security concerns packet-carried state, these leverage cryptographic primitives (e.g., Message Authentication Codes) per packet data plane. However, implications on performance novel...

Motivated by the weaknesses of today's TLS public-key infrastructure (PKI), recent studies have proposed numerous enhancements to fortify PKI ecosystem. Deploying one particular enhancement is no panacea, since each solves only a subset problems. At same time, high deployment barrier makes benefit-cost ratio tilt in wrong direction, leading disappointing adoption rates for most proposals.

Is it possible to design a packet-sampling algorithm that prevents the network node performs sampling from treating sampled packets preferentially? We study this problem in context of designing "network-transparency'' system. In system, networks emit receipts for small sample they observe, and monitor collects these estimate each network's loss delay performance. Sampling is good building block because enables solution flexible combines low resource cost with quantifiable accuracy. The...

Is it possible to design a packet-sampling algorithm that prevents the network node performs sampling from treating sampled packets preferentially? We study this problem in context of designing "network transparency'' system. In system, networks emit receipts for small sample they observe, and monitor collects these estimate each network's loss delay performance. Sampling is good building block because enables solution flexible combines low resource cost with quantifiable accuracy. The...

Internet users today have few solutions to cover a large space of diverse privacy requirements. We introduce the concept domains, which provide flexibility in expressing users' Then, we propose three services that construct meaningful domains and can be offered by ISPs. Furthermore, illustrate these little overhead for communication sessions they come with low deployment barrier

The lack of transparency for Internet communication prevents effective mitigation today's security threats: i) Source addresses cannot be trusted and enable untraceable reflection attacks. ii) Malicious is opaque to all network entities, except the receiver; although ISPs are control points that can stop such attacks, detection requires information available only at end hosts. We propose TRIS, an architecture bootstraps communication. TRIS enables definition misbehavior according unique...

Is it possible to design a packet-sampling algorithm that prevents the network node performs sampling from treating sampled packets preferentially? We study this problem in context of designing "network-transparency" system. In system, networks emit receipts for small sample they observe, and monitor collects these estimate each network's loss delay performance. Sampling is good building block because enables solution flexible combines low resource cost with quantifiable accuracy. The...

Future Internet proposals have employed edge-directed routing to realize the benefits of path choice by sources (e.g., end users). However, economic issues hamper adoption ISPs: 1) ISPs' costs increase when choose paths that are not economically optimal for ISPs, and 2) ISPs overprovision their links aggressively since traffic engineering is shifted users congestion more likely occur. We implement a path-based dynamic pricing scheme addresses these challenges. can dynamically adjust prices...