Francesco Palmieri

... ing the e net-igrate the current -based it has ... and traffic engineering delivers the QoS that is re-quired to support Conversational, Streaming, and Interactive traffic, something ... The access have been properly located in our plant to obtain two semi-adjacent coverag with no overlap ...

With the increasing popularity of the Internet, unsolicited electronic mail (spam) has become a major concern. It fills up user’s mailboxes, clogs mail relays, wastes postmaster time, and creates inconveniences for sites that have been used as a relay. This seems to be a growing problem, and without appropriate countermeasures, spam messages could eventually undermine the usability of e-mail. In this paper, we propose a cooperative spam-avoidance strategy based on the concept of restricting, at the network border and mail relay level, the mail sending function through properly authorized mail gateways registered as proper new Resource Records in the DNS System. If accepted and enforced by the largest number possible of network and mail administrators on the Internet, this strategy may result in a substantial reduction of the worldwide e-mail spam phenomenon.

ABSTRACT People using smartphones to connect to the Internet for day-life activities has overtaken the number of people using canonical PCs. This lead to a huge quantity of security threats that usually tend to penetrate the defenses of a smartphone in order to gain control of its resources. Differently, energy-based attacks have the objective of increasing the energy consumption of the victim device. It is important to highlight that this objective could be possibly achieved by just activating the system's defenses as a consequence of canonical attacks and letting the system defenses detect and (try to) defeat them. These activities consume additional energy and could led the mobile device to its complete uselessness. In this paper, an energy-based attack based on soliciting hardware-level encoding/decoding functions through properly crafted multimedia files is analyzed and its impact evaluated. Such kind of attacks are performed without accessing the device by taking advantage of the new HTML5 functionalities. A series of experiments have been performed in order to understand which are the codecs that have a more relevant impact on energy consumption, and, as a consequence, that make the attack more effective.

ABSTRACT In this work we present a system for distributed video surveillance based on the Client-Server model. The system we present can be accessed via portable devices. In many real-world scenarios is useful, or sometimes necessary, to have portable devices that can receive real-time data from a selected camera, to prevent or to manage anomalous activities. The system provides reliable, high speed, secure and real-time communication among all its components, which are the Repository, the Node and the Portable Device. Both Repository and Node can act as a server. The Repository can provide services to both Nodes and Portable Devices, while the Nodes provide services only to the Portable Device. The portable device can only act as a client, using the services offered by the other two parts. In our system, a portable device is assumed to know only the location of the Repository which permits to get the list of nodes connected with one or more camera(s). When a portable device gets the list, it can choose which node intends to connect to, to get the images of its connected camera(s). The security of the interaction among Node-Repository and Node-Portable Device is guaranteed by using the SSL/TLS protocol. The interaction among nodes and portable devices is secured by using an invisible digital watermarking algorithm on each image, before that image is sent from a node to a portable device. The latter extracts the watermark from the image and verifies the identity of the node.

ABSTRACT Despite the wide deployment of beyond 3G cellular networks and high capacity Wi-Fi coverage infrastructures, finding the best way for achieving ubiquitous and secure mobile data transfer services in everyday's life activities, it is still an open question. In particular, security becomes a key factor in such a scenario, since a large number of mobile terminal devices (smartphones, handhelds, tablets) simultaneously supporting multiple networking technologies, may be used to store, access, manipulate, or communicate sensitive data from everywhere and at any time. However, the computational efforts required for achieving security, due to the inherent complexity of cryptographic algorithms, heavily affect the power consumption of the involved terminals. Such energy demand, together with the amount of power already required to manage the communication activities carried out by using multiple network interfaces, make energy efficient secure communication among mobile hardware-constrained handheld devices, a really challenging topic. Based on above considerations, we present the architecture of a framework which enables secure end-to-end and reliable data transfer for heterogeneous mobile terminals by also describing and modeling its power demand, with the aim of achieving a robust and reliable ubiquitous data transfer service also minimizing the overall battery consumption in such devices.

ABSTRACT Survivability and scalability are the main emerging challenges in command and control of ubiquitous networked entities operating in untrusted communication scenarios, due to the increasing sophistication of the detection and mitigation/defeating techniques together with the increasing number of elements to be controlled and their distribution over multiple heterogeneous communication infrastructures. Accordingly, this work focuses on a new more robust and scalable botnet-based command and control architecture, aiming at wiping off any rigid master-slave relationship and autonomizing the bot operating roles, with significant agility gains in the whole overlay communication infrastructure. It relies on swarm intelligence and in particular on stigmergic communication, ensuring spontaneous, implicit coordination and collaboration among the independent bot agents. The resulting architecture presents improved fault tolerance and dynamic adaptation to varying network conditions, by propagating control messages to any bot node through multiple short-range hops structured according to a dynamically built Degree Constrained Minimum Spanning Tree, whose distributed calculation is inspired to ant colony's foraging behavior. For this reason, it may constitute the basis for an evolutionary malware-based control and management scheme that can be used in several homeland security/defense scenarios where the botnet technology may be used as a support tool in strategic military or intelligence operations.

ABSTRACT In this paper we present EnergySave, a smart energy-saving system that, by leveraging the consolidated WoL (Wake on LAN) technology, allows the remote wake-up of PCs from a centralized management server, providing easy and secure power management capabilities for local or remote IP-based networks of personal computers (PCs). We also present a lightweight web-based platform implementing the remote management interface as less intrusively as possible. Finally, we model the mathematical saving functions to be used in order to evaluate through simulation the amount of potential energy savings, and hence the whole framework effectiveness, both in the general case and in a real case scenario. Results show that significant savings are achievable provided that the hardware supports the Wake-on-LAN specifications and that proper configuration of the Web server is set-up, allowing the WoL magic packet to travel to the destination hosts and wake them up only when they are really needed.

ABSTRACT Big Data processing architectures are now widely recognized as one of the most significant innovations in Computing in the last decade. Their enormous potential in collecting and processing huge volumes of data scattered throughout the Internet is opening the door to a new generation of fully distributed applications that, by leveraging the large amount of resources available on the network will be able to cope with very complex problems achieving performances never seen before. However, the Internet is known to have severe scalability limitations in moving very large quantities of data, and such limitations introduce the challenge of making efficient use of the computing and storage resources available on the network, in order to enable data-intensive applications to be executed effectively in such a complex distributed environment. This implies resource scheduling decisions which drive the execution of task towards the data by taking network load and capacity into consideration to maximize data access performance and reduce queueing and processing delays as possible. Accordingly, this work presents a data-centric meta-scheduling scheme for fully distributed Big Data processing architectures based on clustering techniques whose goal is aggregating tasks around storage repositories and driven by a new concept of “gravitational” attraction between the tasks and their data of interest. This scheme will benefit from heuristic criteria based on network awareness and advance resource reservation in order to suppress long delays in data transfer operations and result into an optimized use of data storage and runtime resources at the expense of a limited (polynomial) computational complexity.

... One concern about the use of digital signatures to protect the integrity of control plane messages is that signature producing and verification will ... Consequently, we tried to keep the LDAP queries at minimum, both by caching keys locally and by using OCSP to ensure that a ...

Simulation seems to be the best available alternative to the deployment of expensive and complex testbed infrastructuresfor the activities oftesting, validating and evaluating optical network control protocols and algorithms. In this paper we present SimulNet, a specialized optical ...

The enormous growth in popularity of peer-to-peer applications has recently introduced great interest in understanding the associated traffic workload and behavior. The goal of this work is determining the fundamental dynamics characterizing such traffic that can be used to develop simple and effective prediction models and to illustrate and describe fundamental performance issues. The discovery of nonlinear traffic dynamics, due

ABSTRACT Energy consumption is now one of the most important issues for network carriers, since the majority of the energy needed for their operation is consumed in the wireless access and optical transport networks. The continuous growth in the wireless customers and traffic volumes and the consequent energy demand on modern carriers’ broadband infrastructures require reconsidering their energy efficiency, by starting from the formulation of new, more complete and representative network models that should become the foundations for modern energy-aware control plane architectures.Accordingly, this work presents a novel comprehensive energy model for next-generation wireless access-over-optical-transport networks characterized by hybrid power systems (i.e., multiple dynamically available power sources). The objective is to identify the energy-related information that need to be handled at the control plane layer to support energy-aware networking practices. Such information can be made available to suitable energy-aware routing and wavelength assignment algorithms that may exploit them to optimize the overall network energy-consumption and reducing the associated carbon footprint. The proposed model may be taken as a reference for the implementation of new energy-aware control plane protocols (routing and signaling) that make use of power-related considerations to achieve energy-efficiency and energy-awareness in wavelength-routed network infrastructures.

ABSTRACT The source IP address where an offending activity had originated is of limited value because it does not specify a physical location, but an endpoint in a network for the sole purpose of routing. In addition, people and their devices move across the network, changing IP address as a consequence. It is useful to have some clues about where a device was at the time the offending action was performed. However, it would be desirable to correlate different pieces of evidence to discover other information, such as IP addresses used by the same device. Devices repeatedly accessing a private network, at different times, can be profiled by analyzing and correlating Network and Port Address Translation (NAPT) logs, in order to recognize recurring activity patterns. By mapping sequences of NAPT translations into multi-dimensional curves and computing a similarity measure on these, it is possible to group multiple different curves into common sets or profiles, that can be ascribed to individual users/machines. In this way, it is possible to recognize some of the users from their traffic peculiarities (browsing habits, mail access, network traffic generated by specific applications, etc.) without considering the exposed IP addresses. Experiments were performed on NAPT logs gathered in a campus network, with DHCP data providing control values for validation.

ABSTRACT Big Data applications are characterized by a non-negligible number of complex parallel transactions on a huge amount of data that continuously varies, generally increasing over time. Because of the amount of needed resources, the ideal runtime scenario for these applications is based on complex cloud computing and storage infrastructures, providing a scalable degree of parallelism together with isolation between different applications and resource abstraction. However, such additional abstraction degree also introduces significant complexity in performance modeling and decision making. Potential concurrency of many applications on the same cloud infrastructure has to be evaluated, and, simultaneously, scalability of applications over time has to be studied through proper modeling practices, in order to predict the system behavior as the usage patterns evolve and the load increases. For this purpose, in this paper, we propose an analytic modeling technique based on the use of Markovian Agents and Mean Field Analysis that allows the effective description of different concurrent Big Data applications on a same, multi-site cloud infrastructure, accounting for mutual interactions, in order to support the careful evaluation of several elements in terms of real costs/risks/benefits for correctly dimensioning and allocating the resources and verifying the existing service level agreements. Copyright © 2014 John Wiley & Sons, Ltd.