Analysis and control of middleboxes in the internet
نویسنده
چکیده
With the growing size and complexity of the Internet several types of middleboxes have been introduced to the network in order to solve a number of urgent problems. Network Address Translation devices fight against the Internet address depletion problem, caches and proxies help to efficiently distribute content and firewalls protect networks from potential attackers. Unfortunately, middleboxes violate the end-to-end connectivity model of the Internet protocol suite and therefore introduce numerous problems for services and applications. The contribution of this thesis is the study and development of concepts and algorithms for understanding and improving the behavior of middleboxes, their traversal, as well as their application to problems that emerged with the growing success of the Internet with a focus on unmanaged networks such as home and small company networks. The first part of this thesis designs and implements tools and algorithms to analyze middlebox behavior. We introduce a processing model for describing functional characteristics and create an information model to structure relevant middlebox behavior parameters. As an experimental analysis, a public field test is conducted to evaluate existing traversal techniques, understand middlebox behavior, to gain knowledge about their deployment and to draw conclusions on how to improve middlebox traversal. The second part of this thesis focuses on the traversal of middleboxes. Existing middlebox traversal methods do not differentiate between different types of applications and therefore deliver suboptimal results in many situations. We claim that the classification of applications into service provisioning categories helps to determine the best matching middlebox traversal technique, not only dependent on the network topology, but also considering user-defined requirements. This thesis presents a framework that improves the communication of existing and future applications and services across middlebox devices. The idea is to use previously acquired knowledge about middlebox behavior and services for setting up new connections. Obtained results show that the knowledge-based approach is not only more flexible and applicable, but due to the decoupled connectivity checks, also significantly faster compared to the state of the art. Based on the findings of our experimental analysis we show how to integrate and adapt existing middlebox traversal techniques into the middlebox traversal framework. Additionally, new middlebox traversal techniques are presented and evaluated. In the third part of this thesis the applicability of middlebox services to unmanaged networks is discussed. A secure service infrastructure is presented based upon a trust model combining the power of centralized Certificate Authorities with the flexibility of the Web of Trust and social networks. This security infrastructure fulfills the security requirements of the middlebox traversal framework and provides secure identities for users, services and hosts in a semi-automatic way. A middlebox service helps establish and coordinate secure communications between different domains according to userdefined access control policies. Three application examples for middleboxes show how existing services can be improved and extended to solve open security, privacy and connectivity issues.
منابع مشابه
The Effectiveness of Media Literacy Training in Adolescent Internet Addiction
Background and Objectives: Media literacy training is one of the basic requirements; therefore, the aim of this study was to determine the effectiveness of media literacy training in adolescent Internet addiction. Materials and Methods: The quasi-experimental research method was pretest-posttest with a control group. From the statistical population that included all male students of the first ...
متن کاملThe Use of Data Envelopment Analysis in the Design of Internet Networks to Ensure the Quality of Service
Choosing a superior Internet network by users or providing a desirable Internet network by ISPs is always one of the important decision issues in this area. Choosing a unique optimal network from among the best networks is still a big challenge. The purpose of this paper is to use the data envelopment analysis (DEA) decision-making technique to evaluate the existing Internet networks in order t...
متن کاملMiddlebox Traversal of HIP Communication
The Host Identity Protocol (HIP) fundamentally changes the way two hosts in the Internet communicate. One key advantage over other schemes is that HIP does not require any modifications to the traditional network-layer functionality of the Internet, i.e., its routers. HIP deployment should therefore be transparent. In the current Internet, however, many devices other than routers may affect the...
متن کاملInternet network design for quality of service guarantee using Data Envelopment Analysis (DEA)
By developing the new services such as VoIP and Videoconference, using a mechanism is needed to support the quality of service of the application programs. Different models have been presented to guarantee the quality of service. Among these, the differentiated services can be mentioned which was presented by IETF. In the architecture of the differentiated services, no admission control mechani...
متن کاملThe Effectiveness of Group Metacognitive Therapy (MCT) on Internet Addiction and Cognitive Emotion Regulation among Adolescents
Aim: This study aimed to investigate effectiveness of Group Metacognitive Therapy (MCT) on internet addiction and cognitive-emotional regulation among adolescents. Methods: A quasi-experimental design was used which included pre-tests, post-tests, and follow-ups. In 2020-2021 academic years, all boy adolescents in Qazvin were included in study. Thirty adolescents were randomly selected and ass...
متن کامل