-
Security and Privacy Implications of Middlebox Cooperation Protocols
Authors:
Thomas Fossati,
Roman Muentener,
Stephan Neuhaus,
Brian Trammell
Abstract:
This white paper presents an analysis done by the MAMI project of the privacy and security concerns surrounding middlebox cooperation protocols (MCPs), based on our experimental experience with the Path Layer UDP Substrate (PLUS) proposal. Our key finding is that adding explicit signaling meant for on-path devices presents no significant new attack surface as compared to the status quo in the Inte…
▽ More
This white paper presents an analysis done by the MAMI project of the privacy and security concerns surrounding middlebox cooperation protocols (MCPs), based on our experimental experience with the Path Layer UDP Substrate (PLUS) proposal. Our key finding is that adding explicit signaling meant for on-path devices presents no significant new attack surface as compared to the status quo in the Internet architecture. While middlebox cooperation can make a passive adversary's job easier, it does not enable entirely new attacks.
△ Less
Submitted 13 December, 2018;
originally announced December 2018.
-
Challenges in Network Management of Encrypted Traffic
Authors:
Mirja Kühlewind,
Brian Trammell,
Tobias Bühler,
Gorry Fairhurst,
Vijay Gurbani
Abstract:
This paper summarizes the challenges identified at the MAMI Management and Measurement Summit (M3S) for network management with the increased deployment of encrypted traffic based on a set of use cases and deployed techniques (for network monitoring, performance enhancing proxies, firewalling as well as network-supported DDoS protection and migration), and provides recommendations for future use c…
▽ More
This paper summarizes the challenges identified at the MAMI Management and Measurement Summit (M3S) for network management with the increased deployment of encrypted traffic based on a set of use cases and deployed techniques (for network monitoring, performance enhancing proxies, firewalling as well as network-supported DDoS protection and migration), and provides recommendations for future use cases and the development of new protocols and mechanisms. In summary, network architecture and protocol design efforts should 1) provide for independent measurability when observations may be contested, 2) support different security associations at different layers, and 3) replace transparent middleboxes with middlebox transparency in order to increase visibility, rebalance control and enable cooperation.
△ Less
Submitted 22 October, 2018;
originally announced October 2018.
-
Using UDP for Internet Transport Evolution
Authors:
Korian Edeline,
Mirja Kühlewind,
Brian Trammell,
Emile Aben,
Benoit Donnet
Abstract:
The increasing use of middleboxes (e.g., NATs, firewalls) in the Internet has made it harder and harder to deploy new transport or higher layer protocols, or even extensions to existing ones. Current work to address this Internet transport ossification has led to renewed interest in UDP as an encapsulation for making novel transport protocols deployable in the Internet. Examples include Google's Q…
▽ More
The increasing use of middleboxes (e.g., NATs, firewalls) in the Internet has made it harder and harder to deploy new transport or higher layer protocols, or even extensions to existing ones. Current work to address this Internet transport ossification has led to renewed interest in UDP as an encapsulation for making novel transport protocols deployable in the Internet. Examples include Google's QUIC and the WebRTC data channel. The common assumption made by these approaches is that encapsulation over UDP works in the present Internet. This paper presents a measurement study to examine this assumption, and provides guidance for protocol design based on our measurements.
The key question is "can we run new transport protocols for the Internet over UDP?" We find that the answer is largely "yes": UDP works on most networks, and impairments are generally confined to access networks. This allows relatively simple fallback strategies to work around it. Our answer is based on a twofold methodology. First, we use the RIPE Atlas platform to basically check UDP connectivity and first-packet latency. Second, we deploy copycat, a new tool for comparing TCP loss, latency, and throughput with UDP by generating TCP-shaped traffic with UDP headers.
△ Less
Submitted 22 December, 2016;
originally announced December 2016.
-
Principles for Measurability in Protocol Design
Authors:
Mark Allman,
Robert Beverly,
Brian Trammell
Abstract:
Measurement has become fundamental to the operation of networks and at-scale services---whether for management, security, diagnostics, optimization, or simply enhancing our collective understanding of the Internet as a complex system. Further, measurements are useful across points of view---from end hosts to enterprise networks and data centers to the wide area Internet. We observe that many measu…
▽ More
Measurement has become fundamental to the operation of networks and at-scale services---whether for management, security, diagnostics, optimization, or simply enhancing our collective understanding of the Internet as a complex system. Further, measurements are useful across points of view---from end hosts to enterprise networks and data centers to the wide area Internet. We observe that many measurements are decoupled from the protocols and applications they are designed to illuminate. Worse, current measurement practice often involves the exploitation of side-effects and unintended features of the network, or, in other words, the artful piling of hacks atop one another. This state of affairs is a direct result of the relative paucity of diagnostic and measurement capabilities built into today's network stack.
Given our modern dependence on ubiquitous measurement, we propose measurability as an explicit low-level goal of current protocol design, and argue that measurements should be available to all network protocols throughout the stack. We seek to generalize the idea of measurement within protocols, e.g., the way in which TCP relies on measurement to drive its end-to-end behavior. Rhetorically, we pose the question: what if the stack had been built with measurability and diagnostic support in mind? We start from a set of principles for explicit measurability, and define primitives that, were they supported by the stack, would not only provide a solid foundation for protocol design going forward, but also reduce the cost and increase the accuracy of measuring the network.
△ Less
Submitted 15 May, 2017; v1 submitted 8 December, 2016;
originally announced December 2016.
-
Magnetohydrodynamic Simulations of Hot Jupiter Upper Atmospheres
Authors:
George B. Trammell,
Zhi-Yun Li,
Phil Arras
Abstract:
Two-dimensional simulations of hot Jupiter upper atmospheres including the planet's magnetic field are presented. The goal is to explore magnetic effects on the layer of the atmosphere that is ionized and heated by stellar EUV radiation, and the imprint of these effects on the Ly$α$ transmission spectrum. The simulations are axisymmetric, isothermal, and include both rotation and azimuth-averaged…
▽ More
Two-dimensional simulations of hot Jupiter upper atmospheres including the planet's magnetic field are presented. The goal is to explore magnetic effects on the layer of the atmosphere that is ionized and heated by stellar EUV radiation, and the imprint of these effects on the Ly$α$ transmission spectrum. The simulations are axisymmetric, isothermal, and include both rotation and azimuth-averaged stellar tides. Mass density is converted to atomic hydrogen density through the assumption of ionization equilibrium. The three-zone structure -- polar dead zone, mid-latitude wind zone, and equatorial dead zone -- found in previous analytic calculations is confirmed. For a magnetic field comparable to that of Jupiter, the equatorial dead zone, which is confined by the magnetic field and corotates with the planet, contributes at least half of the transit signal. For even stronger fields, the gas escaping in the mid-latitude wind zone is found to have a smaller contribution to the transit depth than the equatorial dead zone. Transmission spectra computed from the simulations are compared to HST STIS and ACS data for HD 209458b and HD 189733b, and the range of model parameters consistent with the data is found. The central result of this paper is that the transit depth increases strongly with magnetic field strength when the hydrogen ionization layer is magnetically dominated, for dipole magnetic field $B_0 > 10\ {\rm G}$. Hence transit depth is sensitive to magnetic field strength, in addition to standard quantities such as the ratio of thermal to gravitational binding energies.
△ Less
Submitted 23 April, 2014;
originally announced April 2014.
-
Hot Jupiter Magnetospheres
Authors:
George B. Trammell,
Phil Arras,
Zhi-Yun Li
Abstract:
(Abridged) The upper atmospheres of close-in gas giant exoplanets are subjected to intense heating/tidal forces from their parent stars. Atomic/ionized hydrogen (H) layers are sufficiently rarefied that magnetic pressure may dominate gas pressure for expected planetary magnetic field strength. We examine the magnetospheric structure using a 3D isothermal magnetohydrodynamic model that includes: a…
▽ More
(Abridged) The upper atmospheres of close-in gas giant exoplanets are subjected to intense heating/tidal forces from their parent stars. Atomic/ionized hydrogen (H) layers are sufficiently rarefied that magnetic pressure may dominate gas pressure for expected planetary magnetic field strength. We examine the magnetospheric structure using a 3D isothermal magnetohydrodynamic model that includes: a static "dead zone" near the magnetic equator containing magnetically confined gas; a "wind zone" outside the magnetic equator in which thermal pressure gradients and the magneto-centrifugal-tidal effect give rise to transonic outflow; and a region near the poles where sufficiently strong tidal forces may suppress transonic outflow. Using dipole field geometry, we estimate the size of the dead zone to be ~1-10 planetary radii for a range of parameters. To understand appropriate base conditions for the 3D isothermal model, we compute a 1D thermal model in which photoelectric heating from the stellar Lyman continuum is balanced by collisionally-excited Lyman α cooling. This 1D model exhibits a H layer with temperatures T=5000-10000K down to pressures of 10-100 nbar. Using the 3D isothermal model, we compute H column densities and Lyman α transmission spectra for parameters appropriate to HD 209458b. Line-integrated transit depths of 5-10% can be achieved for the above base conditions. Strong magnetic fields increase the transit signal while decreasing the mass loss, due to higher covering fraction and density of the dead zone. In our model, most of the transit signal arises from magnetically confined gas, some of which may be outside the L1 equipotential. Hence the presence of gas outside the L1 equipotential does not directly imply mass loss. Lastly, we discuss the domain of applicability for the magnetic wind model described in this paper and in the Roche-lobe overflow model.
△ Less
Submitted 29 October, 2010;
originally announced November 2010.
-
The UV Properties of SDSS Selected Quasars
Authors:
George B. Trammell,
Daniel E. Vanden Berk,
Donald P. Schneider,
Gordon T. Richards,
Patrick B. Hall,
Scott F. Anderson,
J. Brinkmann
Abstract:
We present an analysis of the broadband UV/optical properties of z<3.4 quasars matched in the Galaxy Evolution Explorer (GALEX) General Data Release 1 (GR1) and the Sloan Digital Sky Survey Data Release 3 (SDSS DR3). Of the 6371 DR3 quasars covered by 204 GR1 tiles, 5380 have near-UV detections, while 3034 have both near-UV and far-UV detections using a matching radius of 7". Most of the DR3 sam…
▽ More
We present an analysis of the broadband UV/optical properties of z<3.4 quasars matched in the Galaxy Evolution Explorer (GALEX) General Data Release 1 (GR1) and the Sloan Digital Sky Survey Data Release 3 (SDSS DR3). Of the 6371 DR3 quasars covered by 204 GR1 tiles, 5380 have near-UV detections, while 3034 have both near-UV and far-UV detections using a matching radius of 7". Most of the DR3 sample quasars are detected in the near-UV until z~1.7, with the near-UV detection fraction dropping to ~50% by z~2. Statistical tests performed on the distributions of non-detections indicate that the optically-selected quasars missed in the UV tend to be optically faint or at high redshift. The GALEX positions are shown to be consistent with the SDSS astrometry to within an rms scatter of 0.6-0.7" in each coordinate, and empirically determined photometric errors from multi-epoch GALEX observations significantly exceed the Poissonian errors quoted in the GR1 object catalogs. The UV-detected quasars are well separated from stars in UV/optical color-color space, with the relative colors suggesting a marginally detected population of reddened objects due to line of sight absorption or due to dust associated with the quasar. The resulting rest-frame spectral energy distributions (SEDs) cover ~350-9000A, where the overall median SED peaks near the Ly-a emission line, as found in other UV quasar studies. The large sample size allows us to construct median SEDs in small bins of redshift and luminosity, and we find the median SED becomes harder at UV wavelengths for quasars with lower continuum luminosity. Tables containing the results of the matching and the overall median SED are available in the electronic edition of the journal.
△ Less
Submitted 17 November, 2006;
originally announced November 2006.
-
Spectral Energy Distributions and Multiwavelength Selection of Type 1 Quasars
Authors:
Gordon T. Richards,
Mark Lacy,
Lisa J. Storrie-Lombardi,
Patrick B. Hall,
S. C. Gallagher,
Dean C. Hines,
Xiaohui Fan,
Casey Papovich,
Daniel E. Vanden Berk,
George B. Trammell,
Donald P. Schneider,
Marianne Vestergaard,
Donald G. York,
Sebastian Jester,
Scott F. Anderson,
Tamas Budavari,
Alexander S. Szalay
Abstract:
We present an analysis of the mid-infrared (MIR) and optical properties of type 1 (broad-line) quasars detected by the Spitzer Space Telescope. The MIR color-redshift relation is characterized to z=3, with predictions to z=7. We demonstrate how combining MIR and optical colors can yield even more efficient selection of active galactic nuclei (AGN) than MIR or optical colors alone. Composite spec…
▽ More
We present an analysis of the mid-infrared (MIR) and optical properties of type 1 (broad-line) quasars detected by the Spitzer Space Telescope. The MIR color-redshift relation is characterized to z=3, with predictions to z=7. We demonstrate how combining MIR and optical colors can yield even more efficient selection of active galactic nuclei (AGN) than MIR or optical colors alone. Composite spectral energy distributions (SEDs) are constructed for 259 quasars with both Sloan Digital Sky Survey and Spitzer photometry, supplemented by near-IR, GALEX, VLA and ROSAT data where available. We discuss how the spectral diversity of quasars influences the determination of bolometric luminosities and accretion rates; assuming the mean SED can lead to errors as large as a factor of 2 for individual quasars. Finally, we show that careful consideration of the shape of the mean quasar SED and its redshift dependence leads to a lower estimate of the fraction of reddened/obscured AGNs missed by optical surveys as compared to estimates derived from a single mean MIR to optical flux ratio.
△ Less
Submitted 26 June, 2006; v1 submitted 24 January, 2006;
originally announced January 2006.
