[show abstract][hide abstract] ABSTRACT: Online gaming is one of the most profitable busi- nesses on the Internet. Among various threats to continuous player subscriptions, network lags are particularly notorious. It is widely known that frequent and long lags frustrate game players, but whether the players actually take action and leave a game is unclear. Motivated to answer this question, we apply survival analysis to a 1,356-million-packet trace from a sizeable MMORPG, called ShenZhou Online. We find that both network delay and network loss significantly affect a player's willingness to continue a game. For ShenZhou Online, the degrees of player "intolerance" of minimum RTT, RTT jitter, client loss rate, and server loss rate are in the proportion of 1:2:11:6. This indicates that 1) while many network games provide "ping time," i.e., the RTT, to players to facilitate server selection, it would be more useful to provide information about delay jitters; and 2) players are much less tolerant of network loss than delay. This is due to the game designer's decision to transfer data in TCP, where packet loss not only results in additional packet delays due to in-order delivery and retransmission, but also a lower sending rate. FPS (First-Person Shooting) games, RTS (Real Time Strategy) games, sports games, and car racing games (2, 3, 11, 13, 16- 18) (cf. Section II-A). MMORPGs are different in that there are no explicit victories or defeats, scores, or rankings, and the playing time is a more appropriate indicator of the player's gaming experience. Therefore, in this attempt to understand MMORPG players' QoS-sensitivity, we ask the question: "Once a player is in a game, how does network QoS affect his decision to continue or leave the game?" This work is, as far as we know, the first quantitative analysis on the relationship between network QoS and online game playing times. In this paper, we analyze the lifetimes of game sessions derived from ShenZhou Online (20), a commercial MMORPG. Using a survival analysis approach, we investigate the relation- ship between network QoS and session times. Although, logi- cally, the relation of cause and effect cannot be clarified from a cross-sectional study, we assume the correlation between game session times and network QoS implies that premature departures are caused by unfavorable network experience. The major findings are as follows. First, we show that both network delay and network loss significantly affect players' willingness to continue a game or leave it, whereas earlier studies indicate that players have remarkable tolerance of unfavorable network conditions (3, 11, 18). Second, while many network games provide "ping time," i.e. the round trip time (RTT), to players to facilitate server selection, we show that the delay jitters are more important than absolute delays in terms of playing time. Therefore, in addition to the "ping time," its variations should also be considered in the server selection process. Third, quantitatively, the degrees of player "intolerance" to minimum RTT, RTT jitter, client loss rate, and server loss rate are in the proportion of 1:2:11:6. To be specific, a player's decision to leave a game due to unfavorable network conditions is based on the following levels of intolerance: client packet loss (55%), server packet loss (30%), RTT fluctuations (10%), and minimum RTT (5%). While most QoS- sensitivity studies focus on the impact of delay, we argue that delay jitters and the packet loss (error) rate are more important, since, from our modeling, absolute delay times only contribute 1/20 of the influence on average to the QoS- intolerance of MMORPG players. Furthermore, we believe
INFOCOM 2006. 25th IEEE International Conference on Computer Communications, Joint Conference of the IEEE Computer and Communications Societies, 23-29 April 2006, Barcelona, Catalunya, Spain; 01/2006
[show abstract][hide abstract] ABSTRACT: As quality of service gains more and more attention, bandwidth controllers gradually become one of the most impor-tant network systems used in modern Internet environment. The demand for high-performance in-line bandwidth controllers is driven by the growing bandwidth available in the last mile WAN links as well as the sophisticated packet processing functions that become essential in current computer networks. In this paper, we propose an adaptive clustering scheme to scale the throughput of in-line devices and implement the bandwidth control functions over a cluster of in-line devices. The proposed scheme aggregates the processing power of multiple in-line devices in the cluster by making incoming traffic self-dispatched in a transparent fashion, and incorporates a flow migration mechanism that keeps the load of each device balanced. The resulted cluster is also able to toler-ate device failures and hence is run-time reconfigurable. Based on the proposed scheme, we successfully design a distributed policy adjustment algorithm, the proportional bandwidth alloca-tion algorithm, and implement a clustered bandwidth controller over embedded Linux. The results of performance evaluation suggest that the proposed traffic redistribution mechanism and distributed policy adjustment algorithm can be used together to realize high-performance and reconfigurable bandwidth control-lers.
Systems and Networks Communication, International Conference on. 01/2006;
[show abstract][hide abstract] ABSTRACT: We propose a general desgn for secure collaboraton systems, whchs underpnned wth an access control polcy model, an admnstratve scheme, and an en forcement scheme, based on the Typed Usage Control (TUCON) model. TUCONs a generalzed form of the usage control model (UCON) proposed recently. By utlzng mutable object attrbutes, UCON can reflect the dynamc nature of ad-hoc collaboratons such as temporal and/or spatal usages. In TUCON, every object has an object type as a persstent attrbute, whch works as a name space thatndcates an organzaton to whch the object belongs. Wth object types, TUCON polces can dstnctly controlntra-organzaton and �nter-organzatonnformaton flows. Ths approach acheves the autonomy of collaboratve teams as well as the mutual confdentalty of collaboratng organzatons. ABSTRACT A secure multicast framework should only allow authorized members of a group to decrypt received messages; usually one "group key" is shared by all approved members. How- ever, this raises the problem of "one affects all," whereby the actions of one member affect the whole group. Many researchers solve the problem by dividing a group into sev- eral subgroups, but most existing solutions require a cen- tralized trusted controller to coordinate cryptographic keys for subgroups. We believe this is a constraint on network scalability. In this paper, we propose a novel framework to solve key management problems in multicast networks. Our contribution is three-fold: 1) We exploit the ElGamal cryptosystem and propose the idea of key composition; 2) A distributed key assignment protocol is proposed to eliminate the need for a centralized trust controller in a secure multi- cast network that leverages proxy cryptography; and 3) We adopt a hybrid encryption technique that makes our frame- work more efficient and practical. Comparison with similar frameworks shows the proposed scheme is efficient in both time and space complexity. In addition, costs of most pro- tocol operations are bounded by constants regardless of a group's size and the degree of transit nodes.
Proceedings of the 2006 ACM Symposium on Information, Computer and Communications Security, ASIACCS 2006, Taipei, Taiwan, March 21-24, 2006; 01/2006
[show abstract][hide abstract] ABSTRACT: The growth of the bandwidth available in WAN links stimulates novel usage of traditional network systems. By extending the boundary of cluster file systems to the customers' premise, it is now possible to provide home users efficient, dependable, and responsive network storage. In this paper, we identify the primary issue of network latency when implementing cluster file systems across the last miles, and propose a solution by replacing the round-based data transmission protocol of Coda file system with a rate-based one. The performance evaluation of the prototype system shows significant improvements of both throughput and response time for file-transfer operations, especially under high network latency. The result is a latency-resistant cluster file system.
[show abstract][hide abstract] ABSTRACT: In this paper, we propose a novel framework for secure multicast on overlay networks. Our contributions are three-fold: 1) a technique key composition is proposed to cope with the secure multicast problems, 2) the proposed framework is totally distributed, i.e., no centralized control is required for subgroup configurations, and 3) a comparison of similar frameworks is provided, in which we show the proposed framework is more efficient in that its time and space complexity are bounded by constants, regardless of the number of coexisting groups, the group size, and the degree of transit nodes
Local Computer Networks, 2005. 30th Anniversary. The IEEE Conference on; 12/2005
[show abstract][hide abstract] ABSTRACT: TCP employs a self-clocking scheme that times the sending of packets. In that, the data packets are sent in a burst when the returning acknowledgement packets are received. This self-clocking scheme (also known as ack-clocking) is deemed a key factor to the the burstiness of TCP traffic and the source of various performance problems-high packet loss, long delay, and high delay jitter. Previous work has suggested contradictively the effectiveness of TCP pacing as a remedy to alleviate the traffic burstiness. In this paper, we analyze systematically, and in more robust experiments the impact of network variabilities on the behavior of TCP clocking schemes. We find that 1) aggregated pacing traffic could be burstier than aggregated ack-clocking traffic. Physical explanation and experimental simulations are provided to support this argument. 2) The round-trip time heterogeneity and flow multiplexing significantly influence the behaviors of both ack-clocking and pacing schemes. Evaluating the performance of clocking schemes without considering these effects is prone to inconsistent results. 3) Pacing outperforms ack-clocking in more realistic settings from the traffic burstiness point of view.
INFOCOM 2005. 24th Annual Joint Conference of the IEEE Computer and Communications Societies. Proceedings IEEE; 04/2005
[show abstract][hide abstract] ABSTRACT: In a secure multicast communication environment, only valid members belong to the multicast group could decrypt the data.
In many previous researches, there is one “group key” shared by all group members. However, this incurs the so-called “1 affects
n problem,” that is, an action of one member affects the whole group. We believe this is the source of scalability problems.
Moreover, from the administrative perspective, it is desired to confine the impacts of changing membership events in a local
area. In this paper, we propose a new secure multicast architecture without using a group key. We exploit a cryptographic
primitive “proxy encryption.” It allows routers to convert a ciphertext encrypted under a key to a ciphertext encrypted under
another key, without revealing the secret key and the plaintext. By giving proper keys to intermediate routers, routers could
provide separation between subgroups. Therefore the goals of scalability and containment are achieved.
Information and Communications Security, 7th International Conference, ICICS 2005, Beijing, China, December 10-13, 2005, Proceedings; 01/2005
[show abstract][hide abstract] ABSTRACT: CPE-based IPsec VPNs have been widely used to provide secure private communication across the Internet. As the bandwidth of
WAN links keeps growing, the bottleneck in a typical deployment of CPE-based IPsec VPNs has moved from the last-mile connections
to the customer-edge security gateways. In this paper, we propose a clustering scheme to scale the throughput as required
by CPE-based IPsec VPNs. The proposed scheme groups multiple security gateways into a cluster using a transparent self-dispatching
technique and allows as many gateways to be added as necessary until the resulting throughput is again limited by the bandwidth
of the last-mile connections. It also includes a flow-migration mechanism to keep the load of the gateways balanced. The results
of the performance evaluation confirm that the clustering technique and the traffic-redistribution mechanism together create
a transparent, adaptive, and highly scalable solution for building high-performance IPsec VPNs.
High Performance Computing - HiPC 2005, 12th International Conference, Goa, India, December 18-21, 2005, Proceedings; 01/2005