Transport Layer over Wireless Networks + Voice over IP (VoIP) JP - - PowerPoint PPT Presentation

Module F

Transport Layer over Wireless Networks + Voice over IP (VoIP)

JP Hubaux With help from P. Papadimitratos and M. Poturalski

Mobile Networks http://mobnet.epfl.ch

Some slides addapted from Jochen H. Schiller, Nitin Vaidya, and James Kurose & Keith Ross

Outline

g TCP in Mobile Networks g Real-time traffic in Mobile Networks

2

Reminder: Transmission Control Protocol (TCP)

g Reliable, in-order data

delivery

g Flow control g Congestion avoidance

and control

g End-to-end semantics

Host A Host B

SYN, Seq_no = x SYN, Seq_no = y, ACK, Ack_no = x+1 Seq_no = x+1, ACK, Ack_no = y+1

3

TCP basic operation

Send buffer

Segments

Receive buffer Application writes bytes in send buffer

ACKs

Sender Receiver Application reads bytes from receive buffer Application layer Transport layer

Write 45 bytes Write 15 bytes Write 20 bytes Read 40 bytes Read 40 bytes

Internet

4

TCP flow control

g Flow control is a speed-matching service

i

Sender adjusts the transmission rate to the receiver

g Receiver advertises the remaining buffer space

(rwnd)to the sender

g The sender keeps unacknowledged data below rwnd

LastByteSent – LastByteAcked ≤ rwnd

5

Congestion

Light traffic

i Arrival Rate << R i Low delay i Can accommodate more

Congestion onset

i Arrival rate approaches R i Delay increases rapidly i Throughput begins to saturate

Saturation

i Arrival rate > R i Large delays, packet loss i Useful application throughput

drops

Throughput (bps) Delay (sec) R R Arrival Rate Arrival Rate

6

TCP congestion control

g Keeps TCP off the congestion collapse cliff g Congestion window mechanism

LastByteSent – LastByteAcked ≤ min{cwnd, rwnd}

g Slow Start phase

i

Increase congestion window size (cwnd) by one segment for each received ACK

i

Congestion window increases exponentially

ACK Segment Time (expressed in RTTs) cwnd

7

TCP congestion control

g Congestion Avoidance phase

i

Congestion threshold ssthresh

i

When cwnd > ssthresh, increase cwnd slowly

i

cwnd++ per round-trip-time (RTT)

• Each time an ACK arrives,

cwnd is increased by 1/cwnd

• In one RTT, cwnd segments

are sent, so total increase in cwnd is cwnd x 1/cwnd = 1

• cwnd grows linearly

cwnd ssthresh

8

Time (expressed in RTTs)

TCP congestion control

g Congestion detection:

i

Timeout or

i

Receipt of duplicate ACKs (Fast Retransmit)

g Assumption: current cwnd

corresponds to available bandwidth

g TCP Tahoe

i

ssthresh = ½ cwnd

i

cwnd = 1

i

Go back to Slow Start

g Over several cycles expect to

converge to ssthresh equal to about ½ the available bandwidth Congestion window Slow Start Congestion Avoidance Time-out ssthresh

9

Time (expressed in RTTs)

TCP congestion control

g Fast Retransmit mechanism

i

If a segment is dropped, subsequent segments trigger duplicate ACKs

i

Sender retransmits segment instantly (without waiting for a timeout) when duplicate ACKs are received (typically 3)

g Improves performance

i

Faster reaction to packet loss

g Implemented in TCP-Reno

(more recent than TCP-Tahoe)

SEQ=1 ACK=1 ACK=1 ACK=1 ACK=1 SEQ=2 SEQ=3 SEQ=4 SEQ=5

10

Wireless and Mobile Networks

Mobile Host (1) Access Point Internet Base Station Mobile Host (2) Wireline Communication Wireless Communication

11

Wireless and Mobile Networks

Mobile Host (1) Access Point Internet

g Wireless transmission errors

i

High Bit Error Rates

i

Packet (frame) loss

12

Wireless and Mobile Networks

Internet Base Station (A) Mobile Host (2) Base Station (B) Mobile Host (2)

g Mobility

i

Disconnection

i

Hand-offs

i

Delays

13

Challenge

g TCP

i

Assumptions for the Wire-line Internet

• Packet loss only due to congestion
• Packet loss is rare

g Wireless and mobile networks

i

TCP assumptions are not valid

g Problem: TCP under-performs

i

TCP cannot distinguish between packet losses due to congestion and transmission or disconnection errors

i

Reducing the congestion window when an error or a disconnection occurs is not necessary

i

Throughput suffers

14

Questions

g What can we do about…

i

transmission errors?

i

errors due to mobility?

g Which part of the system functionality should we

modify…

i

The sender?

i

The receiver?

i

An intermediate node?

i

Some or all of the above?

15

Directions

g Transmissions errors

i

Hide error losses from the sender

• If the sender is unaware of the packet losses due to

errors, it does not reduce the congestion window

i

Inform sender of packet loss cause

• If the loss is due to an error, the congestion window is

not reduced

g Errors due to mobility

i

Hide mobility from the TCP sender

i

Make TCP adaptive to mobility

16

Solution classification

g Split-connection approaches

i

Split a TCP connection into two: the wire-line part and wire- less part at a Base Station or Access Point (Foreign Agent)

g Link layer approaches

i

Improve link layer reliability

g End-to-end approaches

i

Modify TCP congestion control mechanism

g Hybrid approaches

17

Split-connection approaches

18

Indirect TCP (I-TCP)

g Split the TCP connection at the AP into two parts

i

AP buffers and retransmits received segments

i

AP sends ACKs for the received segments

g Standard TCP on the wire-line link g On the wireless link:

i

TCP optimized for wireless

i

Even standard TCP benefits from shorter RTT

• Shorter timeout
• Faster retransmissions

Mobile Host

Access Point (AP)

Internet

“Wireless” TCP Standard TCP

19

I-TCP example

Mobile Host Correspondent Host Access Point

ack 1 segment 2 ack 2 segment 3 ack 3 segment 1 segment 1 ack 1 segment 2 segment 3 segment 2 segment 2 timeout (short timeout thanks to short RTT) ack 2 ack 3

20

I-TCP and mobility

g Moving to a new access point requires transfer of

socket state

i

Including segments buffered at the FA Mobile Host Access point (1) Internet Access Point (2) Socket migration and state transfer

21

I-TCP summary

g I-TCP Advantages

i

No changes in the fixed network or hosts (TCP protocol), all current TCP optimizations still work

• Potentially no changes in mobile hosts

i

Wireless transmission errors do not “propagate” to the wire-line network

g I-TCP Disadvantages

i

Loss of end-to-end semantics

• An ACK does not imply that the receiver got the segment
• For mobility support, all FAs need to be I-TCP compatible, and the

state needs to be transferred to maintain end-to-end semantics

i

Higher end-to-end delays due to buffering and forwarding to a new agent

i

Problem with security mechanisms, e.g. IPsec

• FA needs to spoof ACKs

22

Mobile TCP (M-TCP)

g Handling of long and frequent disconnections g Splits connection at FA as I-TCP does g Foreign agent

i

No caching, no retransmission

i

Monitors all packets

i

If it detects a disconnection (no ACKs from MN for a while)

• Reports rwnd = 0 to sender
• Sender automatically goes into “persist” mode: Does not

timeout or in any other way change the congestion window

Mobile Host

Access Point (Foreign Agent)

Internet

“Wireless” TCP Standard TCP

23

M-TCP summary

g M-TCP advantages

i

End-to-end semantics preserved

i

Moving to another FA does not require forwarding buffered packets to new FA (since FA does no buffering)

g M-TCP disadvantages

i

Wireless link loss propagates to the wire-line network

i

Packets lost due to link errors need to be retransmitted by the sender

i

Problems with security mechanisms (just like I-TCP)

g M-TCP handles mobility errors, not transmission errors

24

Snooping TCP

g “TCP-Aware Link Layer” g Splits connection like I-TCP and M-TCP

i

FA buffers and retransmits segments (if necessary)

i

FA does not ACK buffered packets as I-TCP does (preserves end-to-end semantics)

Internet Buffering of data End-to-end TCP connection Local Retransmission Correspondent Host Foreign Agent Mobile Host Snooping of ACKs

25

Snooping TCP: data transfer

g Data transfer to the Mobile Host

i

FA buffers a segment until it receives an ACK from the MH

i

FA detects segment loss via duplicate ACKs or a timeout

• FA timeout is shorter than the round-trip timeout (RTO) at

the sender

i

FA locally retransmits lost segments

i

FA drops duplicated ACKs from MH

• Prevents unnecessary retransmissions and congestion

window reductions at the sender

• Does not violate end-to-end semantics:

Even if the FA crashes before MH receives the segment, the sender will eventually detect the loss via a timeout and retransmit

26

Snooping TCP: data transfer

g Data transfer from the Mobile

Host

i

FA detects segment loss on the wireless link via missing sequence numbers

i

FA triggers retransmission of lost segment at MH

• E.g., with a NACK mechanism

i

MH retransmits data with a much shorter delay Mobile Host Foreign Agent

SEQ=1000 SEQ=1100 SEQ=1200 NACK=1100 SEQ=1100

27

Snooping TCP and mobility

g When the MH moves to a new FA, should the

buffered segments be transferred from the old FA?

i

Not necessary

• Even if some of the buffered segments are lost in the

transition, the sender will eventually timeout and retransmit them

• This preserves end-to-end semantics

i

Yet, this buffer transfer would improve performance because the timeout puts the sender into slow start phase

28

Snooping TCP summary

g Snooping TCP advantages

i

End-to-end semantics preserved

i

Transfer of buffered segments not necessary during handoff

• MH can move to FA without Snoop TCP support

g Snooping TCP disadvantages

i

Does not isolate wireless link failures as well as I-TCP does

• If FA takes too long to retransmit a segment, CH will timeout

i

Requires modifications at Mobile Host

• NACK or similar mechanism to force retransmission

i

Snooping cannot be done if TCP headers are encrypted (like in IPsec EPS; application layer security, e.g. TLS, is compatible)

i

Dropping duplicate ACKs can break integrity

29

Performance enhancing proxies (PEP)

g Transport layer proxies

i

Local retransmissions and acknowledgements

i

Any of the approaches reviewed above qualifies

g Application layer proxies

i

HTTP, FTP, …

i

Content caching, filtering, compression, picture downscaling

g Big problem: breaks security end-to-end semantics

i

Disables use of IP security

i

Choose between PEP and security!

Mobile Host PEP

• Corr. Host

wireless Internet

Link layer approaches

31

Forward Error Correction (FEC)

g FEC: Introduce redundancy in the packet, allowing a

receiver to correct a limited number of errors

g Increasingly popular in wireless standards

i

Repetition and Hamming codes in Bluetooth

i

Convolutional codes in IEEE 802.11a

i

Reed-Solomon + convolutional codes in WiMax

i

Turbo codes in HSDPA

i

LDPC in IEEE 802.11n and 802.11ac

g Helps to avoid retransmissions

i

Shorter and less variable transmission time

g Increases computational and bandwidth overhead

i

Less of a concern nowadays thanks to Moore’s law

32

Efficient link layer handoff: IEEE 802.11r

g Handoff without IEEE 802.11r

1.

MH discovers new AP

2.

MH authenticates with new AP

3.

MH (re)associates with new AP

4.

MH and new AP generate and confirm shared temporal keys (based on PSK

• r IEEE 802.1X)

5.

MH requests QoS resources

6.

Data communication with new AP can start communication with

• ld AP still possible

communication with

• ld AP no longer

possible

g IEEE 802.11r allows key generation and QoS

resource allocation (steps 4 and 5) to take place prior or during (re)association (step 3)

33

End-to-end approaches

34

Fast Retransmit and Fast Recovery

g Assumptions

i

Congestion causes many segments to be dropped

i

If a single segment is dropped, but the triggered duplicate ACKs are delivered, the network is probably not congested

g Hence

i

No need for drastic reduction of congestion window (as in TCP Tahoe)

i

Fast Recovery phase SEQ=1 ACK=1 ACK=1 ACK=1 ACK=1 SEQ=2 SEQ=3 SEQ=4 SEQ=5

35

TCP Tahoe vs TCP Reno

g 3 duplicate ACKs arrive

i

Fast Retransmit: instantly retransmit 1st lost segment

i

ssthresh = ½ cwnd

i

cwnd = 1

i

Enter Slow Start

g 3 duplicate ACKs arrive

i

Fast Retransmit: instantly retransmit 1st lost segment

i

ssthresh = ½ cwnd

i

cwnd = ssthresh + 3

i

Enter Fast Recovery

g Fast Recovery

i

Increase cwnd by 1 segment for every duplicate ACK received

i

When new ACK received

• cwnd = ssthresh
• Enter Congestion Avoidance

i

If a timeout occurs

• Reset cwnd to 1
• Enter Slow Start

36

Every duplicate ACK received indicates a delivered segment àA new segment can be transmitted

TCP Reno vs TCP new-Reno

g Fast Recovery

i

Increase cwnd by 1 segment for every duplicate ACK received

i

When new ACK received

• cwnd = ssthresh
• Enter Congestion

Avoidance

i

If a timeout occurs

• Reset cwnd to 1
• Enter Slow Start

g Fast Recovery (FR)

i

Note last segment transmitted before entering FR as n

i

Increase cwnd by 1 segment for every duplicate ACK received

i

When new partial ACK received (for k < n)

• Retransmit 1st unacked

segment

• Remain in Fast Recovery

i

When ACK for n received

• cwnd = ssthresh
• Enter Congestion Avoidance

i

If a timeout occurs

• Reset cwnd to 1
• Enter Slow Start

37

Performance comparison of TCP variants

g With single packet lost in congestion window, TCP Reno and

TCP new-Reno avoid Slow Start, and outperform TCP Tahoe

i

cwnd oscillates around the optimal

g With multiple packet lost per congestion window (not shown in

the figure), TCP Reno underperforms severely; new-Reno introduced to resolve this

i

Bursty packet loss common in mobile networks

cwnd 10 5 15 20

Slow start Congestion avoidance Time-out Triple duplicate ACK

38

Behavior of Reno and new-Reno

Time (expressed in RTTs)

Selective acknowledgment (SACK)

g TCP acknowledgements are cumulative

i

ACK n acknowledges correct and in-sequence receipt of packets up to n

i

The sender only learns about the first lost segment

• What if more segments are lost?

g Selective retransmission as one solution

i

RFC2018 allows for acknowledgments of single packets, not

• nly acknowledgments of in-sequence packet streams

without gaps

i

Sender can retransmit missing packets more efficiently

g Advantage

i

Higher efficiency

g Disadvantage

i

More complex software in the receiver, more buffer needed at the receiver (CPU-, memory- and power-constraint MH)

39

Long disconnections

g TCP doubles RTO (Retransmit Time Out) each time a timeout

• ccurs

i

Can cause unnecessary idle time after longer disconnection

Mobile Host Correspondent Host

MH disconnected timeout MH connected connection idle

segment n+1 segment n+1 segment n+1 segment n+1 segment n+1

40

Long disconnections

g TCP doubles RTO each time a timeout occurs

i

Can cause unnecessary idle time after longer disconnection

g A Mobile Host aware of connection state can “wake up” the CH

i

Trigger fast retransmit with duplicate ACKs

g Simple solution

i

No changes at CH necessary

i

But TCP at MH needs to be aware of connectivity

Mobile Host Correspondent Host

MH disconnected timeout MH connected

segment n+1 segment n+1 segment n+1 segment n+1 ack n segment n+1

Fast Retransmission triggered

41

Explicit notification approaches

g Explicit congestion notification

i

Instead of TCP indirectly inferring congestion, let routers and/or other hosts inform the sender/receiver directly

i

Requires changes to TCP and the routing infrastructure

g Explicit bad state notification

i

Base Station/Access Point (FA) keeps track of wireless link conditions

i

Bad link conditions are signal to the Correspondent Host

i

Correspondent Host reacts accordingly

• Reduces/freezes transmission rate
• Resumes transmission at previous rate when good state

notification arrives

i

Requires using a FA and making changes to TCP at all hosts

42

Conclusions

g Many proposed techniques g Different characteristics and requirements g TCP used in more heterogeneous networks nowadays

i

Mobile networks

i

Over satellite links

g Can a single TCP protocol perform in these settings? g Or should we develop specialized TCP versions (and split TCP

connections when possible)?

43

References

g

• H. Elaarg, Improving TCP Performance over Mobile Networks, ACM Computing

Surveys, Vol. 34, No. 3, September 2002

g

• Y. Tian, K. Xu, and N. Ansari. TCP in Wireless Environments: Problems and Solutions.

IEEE Radio Communications, March 2005

g

• J. Huang et al. Anatomizing Application Performance Differences on Smartphones.

ACM MobiSys 2010

g

• A. Bakre, B.R. Badrinath. I-TCP: Indirect TCP for Mobile Hosts. ICDCS 1995

g

• K. Fall, S. Floyd. Simulation-based comparisons of Tahoe, Reno and SACK TCP. ACM

Sigcomm 1996

g

• K. Brown, S. Singh. M-TCP: TCP for mobile cellular networks. ACM Sigcomm 1997

g

• H. Balakrishnan, S. Seshan , R. H. Katz. Improving reliable transport and handoff

performance in cellular wireless networks. Wireless Networks. Volume 1, Issue 4, 1995 (this is the reference addressing Snooping TCP)

g

• J. Border , M. Kojo , J. Griner , G. Montenegro , Z. Shelby. Performance Enhancing

Proxies Intended to Mitigate Link-Related Degradations. RFC 3135, June 2001

g

• W. Wei, C. Zhang, H. Zang, J. Kurose, and D. Towsley. Inference and Evaluation of Split-

Connection Approaches in Cellular Data Networks. PAM 2006

g

• M. Mathis, J. Mahdavi, S. Floyd, A. Romanov. TCP selective acknowledgment options.

RFC 2018, October 1996

g

• K. Ramakrishnan, S. Floyd, D. Black. The Addition of Explicit Congestion Notification

(ECN) to IP. RFC 3168, September 2001

g

B.S. Bakshi, P. Krishna, N.H. Vaidya, D.K. Pradhan. Improving Performance of TCP over Wireless Networks. ICDCS 1997 44

Real-Time Traffic in Wireless Networks

g TCP

i

Reliable in-order delivery (no loss)

i

Delay-tolerant

i

Throughput optimization

g Real-time traffic

i

Delay-sensitive

i

Loss-tolerant

i

Constant throughput requirements

g We focus on VoIP

i

Represents the most demanding interactive real-time traffic

45

VoIP

g Call establishment protocols

i

SIP, H.323, …

g Transport protocols

i

RTP, RTCP, …

g Audio (voice) codecs

i

ITU G.711, ITU G.722, ITU G.729, GSM, …

46

SIP: Session Initiation Protocol

g SIP long-term vision:

i

All telephone calls, video conference calls take place over Internet

i

People are identified by names or e-mail addresses, rather than by phone numbers

i

You can reach callee, no matter where callee roams, no matter what IP device callee is currently using

g Note: technically SIP is an application layer protocol

i

However, provided functionality not too different from Mobile IP or HIP

47

SIP Services

g Setting up a call

i

Establishing a connection between caller and callee

i

Negotiation of media type, encoding

i

Call termination

g Callee localization

i

Map mnemonic identifier to current IP address

g Call management

i

Add new media streams during call

i

Change encoding during call

i

Invite others

i

Transfer, hold calls

48

Setting up a call to known IP address

g

Alice’s SIP invite message indicates her

i Port number i IP address i Preferred encoding to

receive (PCM µLaw)

g

Bob’s 200 OK message indicates his

i Port number i IP address i Preferred encoding

(GSM)

g

SIP messages can be sent over TCP or UDP

i Here sent over RTP/

UDP

49

time time Bob's terminal rings Alice 167.180.112.24 Bob 193.64.210.89 port 5060 port 38060 µ Law audio GSM port 48753 INVITE bob@193.64.210.89 c=IN IP4 167.180.112.24 m=audio 38060 RTP/AVP 0 port 5060 200 OK c=IN IP4 193.64.210.89 m=audio 48753 RTP/AVP 3 ACK port 5060

Setting up a call (more)

g Codec negotiation

i

Bob can reject proposed codec with 606 Not Acceptable Reply and include a list of supported codecs

i

Alice can then send new INVITE message, advertising different encoder

g Rejecting a call

i

Bob can reject with replies “busy,” “gone,” “payment required,” “forbidden”

g Media can be sent over RTP or some other protocol

50

Name translation and user location

g Caller knows only callee’s name or e-mail address g Need to get IP address of callee’s current host

i

User moves around, changing IP address

i

User has different IP devices (PC, PDA, car device)

g Result can be based on

i

Time of day (work, home)

i

Caller (don’t want boss to call you at home)

i

Status of callee (calls sent to voicemail when callee is already talking to someone)

g Service provided by SIP servers

i

SIP registrar server

i

SIP proxy server

51

SIP Registrar

52

g When Bob starts SIP client, client sends SIP

REGISTER message to Bob’s registrar server

REGISTER sip:domain.com SIP/2.0 Via: SIP/2.0/UDP 193.64.210.89 From: sip:bob@domain.com To: sip:bob@domain.com Expires: 3600

Register Message:

SIP Proxy

g Alice sends invite message to her proxy server

i

Contains address sip:bob@domain.com

g Proxy responsible for routing SIP messages to callee

i

Possibly through multiple proxies

g Callee sends response back through the same set of

proxies.

g Proxy returns SIP response message to Alice

i

Contains Bob’s IP address

g Proxy analogous to local DNS server

53

Example

Caller jim@umass.edu places a call to keith@upenn.edu

(1) Jim sends INVITE message to umass SIP proxy (2) Proxy forwards request to upenn registrar server (3) upenn server returns redirect response, indicating that it should try keith@epfl.ch (4) umass proxy sends INVITE to epfl registrar (5) Epfl registrar forwards INVITE to 197.87.54.21 (keith’s SIP client) (6-8) SIP response sent back (9) media sent directly between clients. Note: there is also a SIP ack message, which is not shown

SIP client 217.123.56.89 SIP client 197.87.54.21 SIP proxy umass.edu SIP registrar upenn.edu SIP registrar eurecom.fr

1 2 3 4 5 6 7 8 9

54 epfl.ch

Comparison with H.323

g H.323 is a signaling protocol for real-time interactive traffic

i Alternative to SIP

g H.323 is a complete, vertically integrated suite of protocols for

multimedia conferencing: signaling, registration, admission control, transport, codecs

g SIP is a single component. Works with RTP, but does not

mandate it. Can be combined with other protocols, services

g H.323 comes from the ITU (telephony). g SIP comes from IETF: Borrows much of its concepts from HTTP

i

SIP has Web flavor, whereas H.323 has telephony flavor.

g SIP uses the KISS principle: Keep it simple and stupid !

55

Real-Time Protocol (RTP)

g RTP specifies packet structure for

packets carrying audio, video data

g RTP runs in end hosts g RTP packets encapsulated in UDP

segments

i

RTP encapsulation is only seen at end systems (not by intermediate routers)

g RTP does not provide any mechanism to

ensure timely data delivery or other QoS guarantees

i

Routers provide best-effort service, making no special effort to ensure that RTP packets arrive at destination in timely matter

56

RTP Example

g Consider sending 64 kbps PCM-encoded voice over RTP g Application collects encoded data in chunks, e.g., every 20

msec = 160 bytes in a chunk.

g Audio chunk + RTP header form RTP packet, which is

encapsulated in UDP segment

g RTP header indicates type of audio encoding in each packet

i

Sender can change encoding during conference

g RTP header also contains sequence numbers, timestamps

57

Real-Time Control Protocol (RTCP)

g Works in conjunction with RTP g Each participant in RTP session periodically transmits

RTCP control packets to all other participants

g Each RTCP packet contains sender and/or receiver

reports about useful statistics

i

# packets sent

i

# packets lost

i

Inter-arrival jitter

i

…

g Feedback can be used to control performance

i

Sender may modify its transmissions based on feedback

58

VoIP and the link layer

g Micro-mobility support for VoIP

i

Efficient layer 2 handover (already covered)

g Real-time traffic over the link layer

i

Cellular networks link layer designed with real-time traffic in mind

i

We focus on real-time traffic over IEEE 802.11

59

VoIP over IEEE 802.11 DCF

g DCF (Distributed Coordination Function) is a best-

effort service

i

No QoS guarantees on channel access delay

i

Contention for the channel

i

Unlucky node can experience significant delays

60

t

medium busy

SIFS PIFS DIFS DIFS

next frame contention

direct access if medium is free ≥ DIFS time slot

IEEE 802.11 DFC: VoIP only

g Many experimental and analytical evaluations

i

5 to tens of connections can be supported (depending on codec and voice chunk duration)

g Example (AP handles VoIP connection only):

G.729: audio data compression algorithm

g Rapid performance collapse with too many voice connections 61

Ratio of packets delayed >150ms Number of voice connections Taken from [Cai06] Downlink traffic, IEEE 802.11b, rate 11Mbps, ns2 simulations

IEEE 802.11e

g IEEE 802.11e defines Quality-of-Service (QoS)

extensions to IEEE 802.11

g Two new channel access methods:

i

Enhanced Distributed Channel Access (EDCA)

• Extension of DCF
• 4 traffic classes with different priorities

i

(Hybrid Coordination Function)-Controlled Channel Access (HCCA)

• Similar to PCF

62

EDCA

g EDCA: Enhanced Distributed Channel Access g EDCA defines 4 traffic classes with different priorities (listed

from highest to lowest priority)

i

Voice, Video, Best-effort, Background

g Channel access method as in DCF g Each class uses different values of parameters

i Arbitration Interframe Space (AIFS) i Backoff (BO) contention window size range (CWmin, CWmax)

63

t

medium busy

SIFS PIFS AIFS[0]

next frame contention

AIFS[1] AIFS[2] AIFS[3] CW

EDCA

g To prioritize traffic

internally EDCA makes use of

i

Separate queue for each class

i

A virtual collision handler

64

Priority-based distribution queue 3 Backoff AIFS[3] BO[3] queue 1 Backoff AIFS[1] BO[1] queue 2 Backoff AIFS[2] BO[2] queue 0 Backoff AIFS[0] BO[0] Virtual collision handler

Frame to transmit Transmission attempt

IEEE 802.11e summary

g Best-effort prioritizing of traffic g Connections in the same class contend as with DCF

i

Adding a few too many voice connections degrades the performance significantly for all nodes

g Hence need for admission control

i

Prevents oversubscribing to a channel

i

Provides some control over latency

i

Challenge: overlapping BSSs

g Security concerns

i

Misbehaving stations could attempt to assign highest priority to their traffic

65

References

g L.Cai, Y. Xiao, X.S. Shen, J.W. Mark. VoIP over WLAN: voice

capacity, admission control, QoS, and MAC: Research Articles. International Journal of Communication Systems, Volume 19, Issue 4, May 2006

g L.X. Cai, X. Shen, J.W. Mark, L. Cai, Y. Xiao. Voice capacity analysis

• f WLAN with unbalanced traffic. IEEE Transactions on Vehicular

Technology vol. 55, no. 3, May 2006

g J. Rosenberg, H. Schulzrinne, G. Camarillo, A. Johnston, J. Peterson,

• R. Sparks, M. Handley, E. Schooler. SIP: Session Initiation Protocol.

RFC 3261, June 2002

g H. Schulzrinne, S. Casner, R. Frederick, V. Jacobson. RTP: A

Transport Protocol for Real-Time Applications. RFC 3550, July 2003

66

My Research Focus: Privacy Protection

67

g Trends

i

More technology: more computing power, more bandwidth, more collection of personal data

i

More wearable devices (including more lifestyle trackers) è better feedback loop Data mining, machine learning

Cookies, browser fingerprints, clicks, content of emails, data from OSN,… Heart rate, gaze, sounds, sweat,… Optimized stimuli (ads) to maximize likelihood of purchase decision

A Few Ongoing Research Projects in my Group (LCA1)

g Genome privacy g Smart permission management in Android g Location-based activity summary

68

69

Why ¡Protect ¡Genomic ¡Data? ¡

g Genome ¡carries ¡informa-on ¡about ¡a ¡

person’s ¡gene-c ¡condi-on ¡and ¡ predisposi-ons ¡to ¡specific ¡diseases ¡

i Leakage ¡of ¡such ¡informa-on ¡could ¡cause ¡

gene$c ¡discrimina$on ¡

i Denial ¡of ¡access ¡to ¡health ¡insurance, ¡

mortgage, ¡educa-on, ¡and ¡employment ¡

70 ¡

Th Things ¡a ¡are ¡M e ¡Mov

• ving

g CS ¡giants ¡start ¡proposing ¡genome-­‑related ¡services ¡

• Google ¡Genomics ¡(API ¡to ¡store, ¡process, ¡explore, ¡and ¡share ¡DNA ¡data) ¡
• IBM ¡Research ¡(computa-onal ¡genomics) ¡
• ¡MicrosoH ¡Research ¡(genomic ¡research ¡in ¡collabora-on ¡with ¡Sanger ¡

Center) ¡

• Amazon ¡

¡ ¡ ¡

g Global ¡Alliance ¡for ¡Genomics ¡& ¡Health ¡

• Defini-on ¡of ¡a ¡common ¡framework ¡for ¡effec-ve, ¡responsible ¡and ¡

secure ¡sharing ¡of ¡genomic ¡and ¡clinical ¡data ¡

• Security ¡Working ¡Group: ¡security ¡infrastructure ¡policy ¡and ¡technology ¡

hQp://genomicsandhealth.org/our-­‑work/working-­‑groups/security-­‑ working-­‑group/work-­‑products ¡ ¡

71 ¡

Ongoing ¡CollaboraBons ¡

• Swiss ¡HIV ¡Cohort ¡Study ¡ ¡hQp://www.shcs.ch/ ¡ ¡

i Infrastructure ¡suppor-ng ¡mul--­‑center ¡(7 ¡hospitals) ¡ ¡

research ¡project ¡dealing ¡with ¡HIV ¡infected ¡adults ¡

i Our ¡contribu-on: ¡deployment ¡(next ¡month) ¡of ¡our ¡data ¡protec-on ¡soHware ¡on ¡their ¡

system ¡

• Lausanne ¡University ¡Hospital ¡(CHUV) ¡– ¡Biobank ¡

hQp://www.chuv.ch/biobanque/bil_home/bil-­‑recherche.htm ¡

i Clinical ¡and ¡environmental ¡data ¡ i Genomic ¡data: ¡

• 2.5M ¡SNPs ¡/ ¡pa-ent ¡
• 20’000 ¡pa-ents ¡

i

Our ¡contribu-on: ¡protec-on ¡of ¡the ¡biobank ¡as ¡of ¡2016 ¡ ¡

g Sophia ¡Gene-cs ¡

i hQp://www.sophiagene-cs.com ¡ i Start-­‑up ¡company, ¡on ¡campus; ¡visualiza-on ¡of ¡genomic ¡data ¡ i Successfully ¡closed ¡2nd ¡round ¡of ¡funding ¡(11MCHFrs): ¡Endeavour ¡Vision, ¡Invoke,… ¡ i Our ¡contribu-on: ¡protec-on ¡of ¡raw ¡genomic ¡data ¡

g Other ¡partners: ¡EPFL ¡School ¡of ¡Life ¡Science, ¡Cornell ¡Tech, ¡ ¡

Craig ¡Venter ¡Ins-tute, ¡Vanderbilt ¡Univ.,… ¡

¡ 72 ¡

Smart Permissions (SmarPer)

g Smartphones manage an increasing amount of

private information

g Android, the dominant mobile OS, relies on

permissions to protect this sensitive information

g Problem: permission model has several limitations

i

“All-or-nothing”

i

Coarse-grained

i

Context-oblivious

i

Difficult to understand

i

Abused by apps

Ø

1/3 apps request excessive permissions

app request <f1, f2,..,fn> feature vector

SmarPer Overview

10

time location phone status nearby devs conn type decision & confidence

PROCESSI

NG

response yes no 1 2 3 4 5 6 9 13 14 12 user feedback 8

category status downloads reviews developer

7

app name req type params

11

INTERCEPTIO

N

OBFUSCATIO

N

CONTEXT APP INFO AUDIT ML MODEL UPDATE DB ML MODEL

c>t ML Machine Learning c confidence t threshold

• ptional step

§ Automatic permission decisions using machine learning

• Reduce user-burden (e.g., number of manual decisions)

§ Dynamic permission decisions based on context

• E.g., share location at a restaurant but not at the hospital

§ Better privacy vs. utility trade-offs

• Multi-level data obfuscation (e.g., approximate location, filtered contact info)

g Activity-tracking applications are increasingly used

75

• Current solution

Privacy: The online service can track the users’ locations Security: users can cheat on their performance

We propose SecureRun

Privacy: The online service cannot track the users’ locations Security: users cannot cheat on their performance

Location-based activity summaries

g SecureRun guarantees location privacy and cheat-

resilience

i

By providing lower bounds of activity summaries

i

Based on networks of access points

76

Location-based activity summaries

1000 2000 3000 4000 5000 6000 Density of APs (APs/km2) 1000 2000 3000 4000 5000 6000 7000 8000 9000 Density of activities (activities/km2)

20 40 60 80 100 Brussels London Paris Paris (2 Op.) accuracy [%]

Users’ concern levels regarding security (left) and privacy (right) issues in activity- tracking apps Users’ satisfaction for various performance levels of SecureRun if the actual distance is 10 miles Distribution of FON access points (left) and Garmin activities (right) in Paris Overall performance of SecureRun SecureRun’s accuracy level

For Next Semester

g Master’s Research Associate; if you are interested

and you qualify, please email me:

i

Letter of motivation

i

CV

i

2 or 3 references

g Projects

i

Our project descriptions are online: semester projects,

• ptional projects, Master theses

77

New Course: CS-622 Privacy Protection

g

Doctoral course (6 ECTS credits), first instance in the fall 2014

g

Bridge between our research and our teaching activities

g

Next instance: September – December 2015

g

Can be taken by Master’s students (half were Master’s students last year)

g

Oral exam + mini-project (leading possibly to a publication; can be combined with semester project / optional project)

g

Content of the course

i Part 1 - Preliminaries

• 1.1 Introduction
• 1.2 Economics and Incentives
• 1.3 Crypto-Based Solutions

i Part 2 - Data Privacy

• 2.1 Hiding Data from the Database User
• 2.2 – Hiding Access Patterns from the Database Owner

i Part 3 - Privacy in Networks

• 3.1 Privacy in the Internet
• 3.2 Privacy in Mobile Networks

g

Lecturer: JP Hubaux, helped by post-docs and PhD students for the mini-projects

g

Access to last year’s material:

i http://moodle.epfl.ch/course/view.php?id=14215 i Password for guest access from outside of the Intranet: key PriPro14

78

79