Browsing by Author "Nishi, H"

Now showing 1 - 20 of 26

Embargo
Distributed algorithm for router-based management of replica server in next-CDN infrastructure
(IEEE, 2013-10-10) Harahap, E; Wijekoon, J; Tennekoon, R; Yamaguchi, F; Ishida, S; Nishi, H
Extending Content Delivery Network (CDN) infrastructure that has features of router-based network management system (RNMS) is highly appealing and challenging. It allows developing a CDN architecture based upon standard design to ease interoperability, scalability, performance, and flexibility both on network monitoring and management controlled from a router. To better understand the system model, necessity, and the advantages of RNMS, this paper proposed an algorithm that distributed in to a special router called Service-oriented Router (SoR). The function of algorithm is to manage the effective and efficient number of replica server runs in the network. In CDN, minimizing the number of activated replica servers should be considered in order to reduce the operation cost of the system. We propose a semantic approached algorithm that has function to optimize the selection of active replica servers which managed from SoR. The algorithm has capability to find the best location of replica servers and performs load balancing among replica servers. Our simulation result indicates that the proposed algorithm can efficiently activate the replica servers according to user's request with 33.9% effective compared to other algorithm within about one millisecond RTT increase.
Embargo
Effectiveness of a service-oriented router in future content delivery networks
(IEEE, 2015-07-07) Wijekoon, J; Harahap, E; Takagiwa, K; Tennekoon, R; Nishi, H
Content Delivery Networks (CDNs) constitute a major portion of Internet traffic. To cope with increasing demand for content, CDNs have deployed distributed infrastructures on Internet Service Providers (ISPs') networks. Most CDN systems optimize their traffic flow using Domain Name Systems. However, they do not collaborate with the ISPs, and the lack of collaboration limits performance such as end-user latency. Meanwhile, in future networks, it is anticipated that network routers will be equipped with more processing power and storage modules for providing most effective end-user services. From this viewpoint, a Service-oriented Router (SoR) is introduced to accelerate content-based services. In this paper, the benefits of introducing an SoR to an ISP network for maintaining ISP-CDN collaboration is outlined. Furthermore, a prototype design of the proposed system is presented. Simulations clearly demonstrate the effectiveness of the proposed ISP-CDN collaboration, which yields a 30-50% reduction in end-user latency.
Open Access
Effectiveness of Service-oriented router for ISP-CDN collaboration
(Information Processing Society of Japan, 2017-01) Wijekoon, J; Harahap, E. H; Tennekoon, R; Nishi, H
This article discusses a novel method to strengthen the collaboration between Internet service providers (ISPs) and content delivery networks (CDNs). CDNs are becoming the primary data delivery method in information communication technology environments because information sharing via networks is becoming the driving force of the future Internet. Moreover, it is anticipated that network routers will be equipped with additional processing power and storage modules for providing efficient end-user services. Consequently, this article studies the effectiveness of introducing a Service-oriented Router (SoR) to strengthen the ISP-CDN collaboration to leverage DNS-based request redirection in CDNs. In contrast, the proposed method yields better performance in user redirection and network resource utilization, suggesting that using SoR may a future business model which addresses adequate ISP-CDN collaboration.
Embargo
FROG: A packet hop count based DDoS countermeasure in NDN
(IEEE, 2018-05-25) Nakatsuka, Y; Wijekoon, J; Nishi, H
Named Data Networking (NDN) is a promising inter-networking paradigm that focus on content rather than hosts and their physical locations. In NDN Consumers issue Interests for Contents. Producers generate a content in response to each received interest and such content is routed back to the requesting consumer. When compared to IP, NDN brings advantages such as better throughput and lower latency, because routers are able to cache popular contents and satisfy interests for such contents locally. However, before being considered a viable approach, NDN should offer security services that are ideally better, but at least equivalent to current mechanisms in IP.In this regard, mechanisms to prevent DDoS are of paramount importance. In this work we propose FROG: a simple yet effective Interest Flooding Attack (IFA) detection and mitigation method. FROG runs on routers that are directly connected to NDN consumers and monitors packet hop counts. It then calculates mean and variance using stored hop counts to distinguish attackers from legitimate users. We use the NDN simulator ndnSIM to evaluate FROG's effectiveness. Our results show that FROG improves resilience against DDoS attacks. In particular, during an attack, legitimate users can still receive 75% of requested contents. Without FROG this number decreases to 50%.
Embargo
GPU-based multi-stream analyzer on application layer for service-oriented router
(IEEE, 2013-09-26) Ikeuchi, K; Wijekoon, J; Ishida, S; Nishi, H
A service-oriented router (SoR) is a new router architecture that provides rich application-layer services to Internet users by extracting information from network traffic. SoR performs stream reconstruction and selection using string matching. After on-the-fly reconstruction of stream data, SoR extracts the required information using a software-based character string analyzer. For wire-rate string matching and for design flexibility, a software-based string-matching accelerator is required. A graphics processing unit (GPU) is a promising solution as a conventional cost-effective accelerator for use in a high-end router. Existing string-matching methods do not consider the multiple-stream processing and effective thread management required in a network application. We propose an accelerated string-matching method that is customized for a router and implemented a task controller that improves thread distribution depending on the status of core processes.
Embargo
Implement Domain Name System (DNS) on network simulator-3: Implement RFC 1035 on ns-3
(acm.org, 2016-08-22) Wijekoon, J; Nishi, H
This paper proposes to implement a domain name system (DNS) module to network simulator-3 (ns-3). The ns-3 is one of the wellknown Internet simulators that provides the ideal simulation environment for network research. Despite its advantages, the ns-3 is not yet possesses a module to simulate DNS, which is an essential module required for Internet-oriented simulations. To this end, this paper implements a DNS module for ns-3 according to the design notes provided in RFC 1035. Moreover, this paper presents the implementation notes of the proposed ns-3 DNS module including its class structures, protocol message structures, name server application development, and host-to-IP resolver development. The proposed ns-3 DNS module is evaluated in terms of host-to-IP mapping, recursive DNS resolution, DNS cache management, and internationalized domain name support.
Embargo
Improving Road Traffic Management by A Model-Based Simulation
(IEEE, 2018-08-07) Harahap, E; Wijekoon, J; Purnamasari, P; Darmawan, D; Ceha, R; Nishi, H
Road traffic is a supporting medium that is essential to various means of land transportation that connect various locations and even large cities. Smooth traffic is a good parameter of the management of a city, also as a sign to determine the technological and economic development in the city. As the rate of civilization grows, as well as the number of people, the traffic becomes more crowded, so that congestion occurs in to an alarming level. The solution to solve the problem is by applying some methods as well as traffic engineering. However, implementing such methods without proper planning will lead to higher costs and lesser optimal results. In this article, we proposed a traffic simulation system called as “LINTAS”, a simulator tool in an attempt to resolve the traffic jam. The exact method and traffic engineering, before it is tested in a real situation, is first simulated through the LINTAS system, so that it can be known its effectiveness. LINTAS are built using the SimEvents toolbox and runs on MATLAB-Simulink software. The LINTAS simulator is performed based on the mathematical sciences, especially the field of queueing theory.
Open Access
Introducing a distance vector routing protocol for ns-3 simulator
(2015-08-24) Wijekoon, J; Tennekoon, R; Harahap, E; Nishi, H
In network research, network simulators have been shown to be useful for testing and changing network protocols by means of a controlled manner. As an Internet systems simulator, ns-3 simulator provides an ideal simulation environment for network research. However, ns-3 is lack of table-driven IPv4 routing modules. Despite the fact that a routing protocol is a mandatory component of a network, it is necessary to introduce a table-driven routing protocol for the ns-3 which is able to maintain the network connectivity and consistency. To this end, we introduce a distance vector IPv4 wired routing protocol for the ns-3 simulator (DVRP). The proposing protocol is developed as a table-driven wired routing protocol. In this study, we describe the proposing routing protocol, including its design, implementation, behavior on networks, and limitations.
Open Access
Modeling of router-based request redirection for content distribution network
(Foundation of Computer Science, 2013-01-01) Harahap, E; Wijekoon, J; Tennekoon, R; Yamaguchi, F; Ishida, S; Nishi, H
The increase of digital data between content’s servers and clients in a network causes congestion problems when downloading big web contents including files, streaming media, etc. The problem becomes pronounced when a narrow bandwidth or unexpected termination of streaming services is appeared. Content Delivery Network (CDN) is introduced to overcome such problems by redirect client’s request to the best server which proximal and least loaded. However, with intensity increase of people accessing a particular content, the performance of CDN is reduced and sometimes congested. We propose an architecture to solve such problems with a new method to redirect client’s request through a special router called Service-oriented Router (SoR). In this paper, several analytical studies and experiments have been conducted and the result show that router-based redirection is more effective than DNS-based redirection that is currently being used. SoR has been introduces as a content-based router and has capability to do deep packet inspection (DPI) into the packet streams and analyze them. We use SoR in our proposed method as a CDN’s core-router to redirect client’s request to the best server. Our experiment conducted with model and numerical analytic supported by optimal redirection probability based on delay between router and server. The experiment result confirmed that the router-based redirection reduced the response time by 23.3% compared to the DNSbased redirection.
Embargo
Novel infrastructure with common API using docker for scaling the degree of platforms for smart community services
(IEEE, 2017-07-24) Miura, T; Wijekoon, J; Prageeth, S; Nishi, H
The development of smart communities has diversified not only service execution platforms but also the resolvers of multiple service requirements, each of which has different requirements in terms of processing delay, anonymity, computational cost, the amount of data at a given level of granularity, etc. To meet these requirements, an infrastructure that easily performs service migration and provides services with the correct processing nodes using IP-independent distributed processing methods such as Authorized Stream Contents Analysis (ASCA) is becoming a pressing need of smart communities. ASCA is an advanced method of analyzing packet streams and filtering necessary packet streams according to the marker tags in the contents of the streams under the Opt-In manner. Moreover, smart communities require that every service be able to perform ASCA and gather necessary data because of the diversified nature of the services. Consequently, in this paper, we have implemented a service infrastructure using a Docker container that facilitates service migration and provides services with a common Application Programming Interface (API) using ASCA. The API provides a process throughput of over 60 Gbps on a Docker container using Zero-Copy mechanism.
Embargo
On the effectiveness of IP-routable entire-packet encryption service over public networks (november 2018)
(IEEE, 2018-11-20) Tennekoon, R; Wijekoon, J; Nishi, H
The Internet is an unsecured public network accessed by approximately half of the world population. There are several techniques, such as cryptography, end-to-end encryption, and tunneling, used to preserve data security and integrity and to reduce information theft. This is because the security of data transmission over public networks is an ever-questionable issue. However, none of the above techniques are capable of providing the flexibility of changing either the algorithm or its key at the intermediary routers according to the requirements of stakeholders, e.g., ISPs or Internet users. Although the transmitted data are encrypted and unreadable, the metadata contained in the packet headers are readable during traversal. Nonetheless, service-based Internet architectures, e.g., IoT architectures, demand the analysis the data streams at the intermediary routers to provide smart services such as strengthening the security of the data streams. To this end, this paper proposes a method to use service-oriented routers for providing secure data transmission by encrypting data packets including the header and trailer information. A prototype of the proposed method is implemented on the ns-3 simulator, and this paper discusses the implementation notes and evaluation of the test results. The test results demonstrate that there is only an average processing cost of 180.14/191.35, 213.96/257.41, 157.56/170.68, and 235.48/ 249.49 μs for encrypting the total encrypted combined packets/total encrypted separate packets using IDEA, DES, AES-GCM, and AES-CTR encryption algorithms, respectively, with a 256-bit key space. This is significantly lower than the tolerable transmission delay (150 ms) defined by the ITU-T.
Embargo
On the effectiveness of using network device state information for network path selection
(Elsevier, 2018-01-01) Wijekoon, J; Amunugama, D; Nishi, H
Network path selection defines the methodology of selecting the best routes and forwarding traffic in a network service provider (NSP). NSPs use routing protocols that are optimized for a single arbitrary metric (i.e., administrative weight), which is commonly calculated according to the link state information, to select network paths. Despite the advantages, link-state protocols lack the ability to select network paths by considering the states of network devices such as the effect of routers for network path selection. Apparently, studying possible techniques for selecting network paths based on the state information of network devices, e.g., routers, has become obligatory. This paper studies the effectiveness of using network device state information for network path selection by presenting the Extended Server Link Router state Routing Protocol (ESLR). ESLR uses the state information of network devices as parameters to calculate a composite route metric; ESLR selects the network paths based on the cumulative propagation delay. By simulating ESLR using an ISP topology, the proposed protocol is examined for the effectiveness of using network device state information for network path selection.
Embargo
Optimized Service Function Path Selection for IoT Devices Using Virtual Network Function Performance Data
(IEEE, 2019-01-09) Shanaka, W. A; Abeysiriwardhana, P; Wijekoon, J; Nishi, H
Software defined networking (SDN) and network function virtualization (NFV) are proposed as software based applications to cater to smart services requirements of smart communities. The services are linked together to support different sets of clients using service function chaining (SFC). Service functions (SFs) in an SFC must be distributed among available computing resources by creating a service function path (SFP) allowing resource management and optimal SF execution. This paper proposes a novel SFP allocation algorithm considering the computation capabilities of hardware resources while minimizing the completion time of SFCs. The proposed algorithm shows 10% performance increment compared to recently developed algorithms such as nearly optimal service function path and optimal service function selection algorithms.
Embargo
Per hop data encryption protocol for transmission of motion control data over public networks
(IEEE, 2014-03-14) Tennekoon, R; Wijekoon, J; Harahap, E; Nishi, H; Saito, E; Katsura, S
Bilateral controllers are widely used vital technology to perform remote operations and telesurgeries. The nature of the bilateral controller enables control objects, which are geographically far from the operation location. Therefore, the control data has to travel through public networks. As a result, to maintain the effectiveness and the consistency of applications such as teleoperations and telesurgeries, faster data delivery and data integrity are essential. The Service-oriented Router (SoR) was introduced to maintain the rich information on the Internet and to achieve maximum benefit from networks. In particular, the security, privacy and integrity of bilateral communication are not discoursed in spite of its significance brought by its underlying skill information or personal vital information. An SoR can analyze all packet or network stream transactions on its interfaces and store them in high throughput databases. In this paper, we introduce a hop-by-hop routing protocol which provides hop-by-hop data encryption using functions of the SoR. This infrastructure can provide security, privacy and integrity by using these functions. Furthermore, we present the implementations of proposed system in the ns-3 simulator and the test result shows that in a given scenario, the protocol only takes a processing delay of 46.32 μs for the encryption and decryption processes per a packet.
Embargo
Per-hop data encryption protocol for transmitting data securely over public networks
(Elsevier, 2014-01-01) Tennekoon, R; Wijekoon, J; Harahap, E; Nishi, H
It is a well-known fact that the Internet traffic travels through public networks. These networks lack security and are vulnerable. Encryption and public key cryptography are important technologies that are used to preserve data security and integrity, and to reduce information theft on the public networks. However, the existing routing protocols are incapable of providing secure data transmission on public networks. To this end, our laboratory introduced the Service-oriented Router (SoR) to maintain rich information for the next-generation networks by shifting the current Internet infrastructure to an information-based and an open-innovation platform. An SoR can analyze all packet stream transactions on its interfaces and store them in high throughput databases. Using the features of the SoR, in this paper, we propose a hop-by-hop routing protocol that provides per-hop data encryption. This infrastructure is proposing to preserve both the security and the privacy of data that traverses through public networks. We implemented a prototype of per-hop data encryption protocol on the ns-3 simulator and the results obtained are discussed in this paper.
Embargo
Previous hop data retransmission service for SoR-based public networks
(IEEE, 2014-12-22) Tennekoon, R; Wijekoon, J; Harahap, E; Nishi, H
It is a well-known fact that the Internet traffic travels through public networks and these networks are vulnerable and congested. Whenever an error in a packet is detected, the packet should be retransmitted back to the receiver to reduce/overcome the data loss. Automatic repeat request (ARQ) method is a well-known data retransmission method used by protocols such as Transmission Control Protocol (TCP). This method will retransmit data all the way from the sender resulting higher end-to-end retransmission delays in the packet transmission. Nevertheless this method is widely used and operational, it will also introduce unnecessarily duplicate packets further congesting the networks when it retransmit the entire packet stream from an unacknowledged packet after detecting a retransmission requirement. Encryption and public key cryptography are important technologies that are used to preserve data security and integrity, and to reduce information theft on the public networks. These existing technologies have less flexibility over the current security requirements and the conventional routers are unable to provide end services to the users and applications. To address this need, our laboratory introduced the per-hop data encryption protocol for service-oriented router (SoR) based public networks which allows more secured and flexible method to transfer data over public networks [15]. SoRs are introduced to maintain rich information for the next-generation networks by shifting the current Internet infrastructure to an information-based and an open-innovation platform [6]. SoR is a middleware and can be implemented on a Cisco AXP and Juniper JunosV App Engine where it can analyse all packet stream transactions on its interfaces. Using the features of the SoR, in this paper, we propose a previous hop data retransmission service for public networks. This proposing service can provide higher data availability and reliability to the data that traverses through public networks, reducing the end-to-end data retransmission delays. We implemented a prototype of previous hop data retransmission service on the ns-3 simulator. Furthermore, from the evaluations on the test bed topology, it clearly showed that the proposed method was 80.43% faster than the conventional ARQ based retransmission method.
Embargo
Prototype implementation of fast and secure traceability service over public networks
(Wiley Subscription Services, Inc., A Wiley Company, 2016-06) Tennekoon, R; Wijekoon, J; Harahap, E; Nishi, H
Internet communication message protocol (ICMP)-based traceability methods are widely used to trace packets over the Internet; however, in their attacks, adversaries likewise use ICMP packets. Furthermore, the lack of security in ICMP-based traceability results in failures for many current traceability methods. Moreover, current routers are unable to provide extended services to Internet users and applications. To address this need, our laboratory has introduced the service-oriented router (SoR). SoR is middleware that can be implemented on a Cisco AXP and Juniper JunosV App Engine. In this paper, we propose a secure method of providing packet traceability over public networks using SoR features. We implemented a secure packet traceability service prototype on the ns-3 simulator. The test results conclude that there is a maximum additional cost of 48.69 and 123.91 μs of processing overhead per packet in each hop when the proposed secured traceability service is used with a 128-bit key space in AES-GCM and AES-CTR modes, respectively. Moreover, for 256-bit key spaces, AES-GCM and AES-CTR modes consumed additional 47.18 and 123.25 μs, respectively, over the plain traceability. Yet, from the evaluations on the test bed topology, it clearly shown that the proposed method was 79% faster than the conventional trace route method in providing the secured end-to-end traceability. © 2016 Institute of Electrical Engineers of Japan. Published by John Wiley & Sons, Inc.
Open Access
Router-based content-aware data redirection for future cdn systems
(Modern Education and Computer Science Press, 2014-05-01) Wijekoon, J; Harahap, E; Ishida, S; Tennekoon, R; Nishi, H
Delivery of data-enriched applications has become a top priority on the Internet, and Internet users are demanding faster and higher-quality services. Cater such requirements, Content Delivery Networks (CDNs) were introduced. However, the growth rate of information on the Internet requires infrastructural modifications to keep the consistency while maintaining quality of the Internet services. To this end, the Service-oriented Router is introduced to provide content based services by shifting the current Internet infrastructure to informationbased open innovation platform. In this study, initially we provide implementation notes of a software-designed SoR. Then we propose a new method of CDN Request Redirection (RR) (SoR-based RR), which is designed to redirect packets based on the content of packets and the status of content servers using an SoR as an edge router of a CDN. Furthermore, we present the design and implementation of a prototype to realize the SoR-based RR in a testing network. By analyzing the result of the prototype implementation, we show that the SoR-based RR can enhance the both client experience and faster adaptations to the server changes in CDN environments.
Embargo
A router-based management system for prediction of network congestion
(IEEE, 2014-03-14) Harahap, E; Wijekoon, J; Tennekoon, R; Yamaguchi, F; Ishida, S; Nishi, H
Network Management System (NMS) plays an important role in networks to maintain the best performance of a network. It employs variety of tools, applications, and devices in order to support network administrators to monitor and maintain the stability of a network. Fault management is part where the NMS dealing with problems and failures, such as congestion, in the network. Generally, most NMSs use Simple Network Management Protocol (SNMP) to monitor and map network availability, performance, and error rates. In the existing NMS process, an SNMP agent is deployed to get information about the network condition and then send them to the administrator for taking further action on solving the problems. However, deploying such agent to the network may increase the traffic density. On the other hand, packet latency and RTT will increase as well. In this paper, we implemented a prototype of the proposing novel system that no need to deploy such agent to obtain network information. Our system analyze the streaming traffic by implementing a Service-oriented Router (SoR). Our objective is to predict a congestion in the specific link in the network through a router-based data traffic analysis using a Bayesian network model. The purpose of the prediction is to support the network administrator to notify the early warning regarding to the fault in the network as long as possible before it actually happening. By this prediction, the network administrator can immediately taking action to avoid the problems.We provided simulation experiment to demonstrate the performance of the proposed system. Our simulation results show that the proposed system can predict a congestion link caused by a particular problem, before hand it is getting congested.
Embargo
Router-based request redirection management for a next-generation content distribution network
(IEEE, 2013-12-09) Harahap, E; Wijekoon, J; Tennekoon, R; Yamaguchi, F; Nishi, H
The increase in the amount of digital data transferred between contents Servers and Clients in a network causes problems created by congestion when downloading big web files, streaming media, etc. Content Delivery Networks (CDNs) are introduced to overcome such problems by redirecting the Clients request to the nearest Server. However, as the number of people accessing Internet increases rapidly, the performance of CDN is reduced, resulting in network congestion at times. To solve these problems, we propose an architecture in which a new management method is employed to redirect the Clients request using a content-based Router called the Service-oriented Router (SoR). This method is more effective than the currently implemented, traditional DNS-based request redirection (RR). The SoR is a special router that can perform a deep packet inspection of the packet streams. Our experiments were based on analytical modeling as well as test bed experiments, and they confirmed that the response time in the Router-based RR was less than that in the DNS-based RR by 23.3%. In addition, our test bed experiments showed that the RTT in the Router-based RR is less than that in the DNS-based RR by 7.7%.