When statistical multiplexing is used to provide connectivity to a number of client hosts through a high-delay link, the original TCP as well as TCP variants born to improve performance on those links often provide poor performance and sub-optimal QoS properties. To guarantee intra-protocol fairness, inter-protocol friendliness, low queues utilization and optimal throughput in mission-critical scenarios, Congestion Control Middleware Layer (C2ML) has been proposed as a tool for centralized and collaborative resource management. However, C2ML offers only very limited security guarantees. Because emergencies may be natural or man-provoked, in the latter case there may be interest to cut out legitimate users from the communication networks that support disaster recovery operations. In this paper we present Queue Rate Management (QRM), an Active Queue Management scheme able to provide protection from Resource Exhaustion Attacks in scenarios where access to the shared link is controlled by C2ML; the proposed algorithm checks whether a node is exceeding its allowed rate, and consequently decides whether to keep or drop packets coming from that node. We mathematically prove that with QRM the gateway queue size can never exceed the Bandwidth-Delay Product of the channel. Furthermore, we use the ns-3 simulator to compare QRM with CoDel and RED, showing how QRM provides better performance in terms of both throughput and QoS guarantees when employed with C2ML.
Towards Emergency Networks Security with Per-Flow Queue Rate Management / Casoni, Maurizio; Grazia, Carlo Augusto; Klapez, Martin; Patriciello, Natale. - ELETTRONICO. - (2015), pp. 493-498. (Intervento presentato al convegno Fifth IEEE International Workshop on Pervasive Networks for Emergency Management (PerNEM) tenutosi a St. Louis (U.S.A.) nel 23-27 March 2015) [10.1109/PERCOMW.2015.7134087].
Towards Emergency Networks Security with Per-Flow Queue Rate Management
CASONI, Maurizio;GRAZIA, CARLO AUGUSTO;KLAPEZ, MARTIN;PATRICIELLO, NATALE
2015
Abstract
When statistical multiplexing is used to provide connectivity to a number of client hosts through a high-delay link, the original TCP as well as TCP variants born to improve performance on those links often provide poor performance and sub-optimal QoS properties. To guarantee intra-protocol fairness, inter-protocol friendliness, low queues utilization and optimal throughput in mission-critical scenarios, Congestion Control Middleware Layer (C2ML) has been proposed as a tool for centralized and collaborative resource management. However, C2ML offers only very limited security guarantees. Because emergencies may be natural or man-provoked, in the latter case there may be interest to cut out legitimate users from the communication networks that support disaster recovery operations. In this paper we present Queue Rate Management (QRM), an Active Queue Management scheme able to provide protection from Resource Exhaustion Attacks in scenarios where access to the shared link is controlled by C2ML; the proposed algorithm checks whether a node is exceeding its allowed rate, and consequently decides whether to keep or drop packets coming from that node. We mathematically prove that with QRM the gateway queue size can never exceed the Bandwidth-Delay Product of the channel. Furthermore, we use the ns-3 simulator to compare QRM with CoDel and RED, showing how QRM provides better performance in terms of both throughput and QoS guarantees when employed with C2ML.
Pubblicazioni consigliate
I metadati presenti in IRIS UNIMORE sono rilasciati con licenza Creative Commons CC0 1.0 Universal, mentre i file delle pubblicazioni sono rilasciati con licenza Attribuzione 4.0 Internazionale (CC BY 4.0), salvo diversa indicazione.
In caso di violazione di copyright, contattare Supporto Iris
