Thorsten Strufe

Technical University Darmstadt, Darmstadt, Hesse, Germany

Are you Thorsten Strufe?

Claim your profile

Publications (82)16.3 Total impact

  • Hani Salah, Stefanie Roos, Thorsten STrufe
    [Show abstract] [Hide abstract]
    ABSTRACT: The family of Kademlia-type systems represents the most efficient and most widely deployed class of internet scale distributed systems. However, prior research on these systems has mainly been restricted to analyzing deployed systems and suggesting improvements tailored to specific environments rather than exploiting the huge parameter space governing the routing performance. Concise analytic results are rare, due to the complexity of Kademlia’s parallel and non-deterministic lookups. This paper introduces the first comprehensive formal model of the routing for the entire family of Kademlia-type systems. We validate our model against simulations of both the BitTorrent Mainline DHT and eMule’s KAD implementation. The model allows a highly scalable comparison with respect to the hop distribution of different variations to the original protocol. In particular, we show that several of the recent improvements to the protocol in fact have been counterproductive with regard to routing efficiency.
    IEEE ICCCN, Las Vegas, USA; 08/2015
  • Hani Salah, Julian Wulfheife, Thorsten Strufe
    [Show abstract] [Hide abstract]
    ABSTRACT: Named-Data Networking (NDN) is a promising architecture for future Internet. However, routers and content providers in NDN can be targets for a new DDoS attack called the Interest Flooding Attack (IFA). As a consequence, affected routers drop legitimate interest packets. We argue that IFA can be defended effectively when it is detected and mitigated, at early stage, based on timely and aggregated information of exchanged packets and forwarding states. Towards this end, we adapt CoMon, a framework that we developed formerly to coordinate caching-related decisions in NDN. This choice is motivated by CoMon’s proven ability to realize efficient, yet lightweight, coordination. A preliminary evaluation confirms the effectiveness of our solution against IFAs.
    IEEE INFOCOM, Hong Kong; 04/2015
  • Hani Salah, Thorsten Strufe
    [Show abstract] [Hide abstract]
    ABSTRACT: The autonomous cache management in Content-Centric Networking (CCN) results in suboptimal caching decisions and implies cache-ignorant routing. Cache coordination and similar improvements hence have been the subject of several recent studies. The proposed solutions, however, are either impractical due to their massive coordination overhead, or of limited benefit since they cannot realize perfect coordination. We present CoMon, an architecture for network-wide coordinated caching. CoMon realizes an affordable, yet highly effective, coordination by assigning monitoring and cache-aware (re)routing tasks to only a few nodes, through which the majority of traffic is expected or enforced to pass. CoMon, by design, can maximize the diversity of cached contents and minimize cache replacements. In addition, our simulation study using ISP topologies, shows that CoMon under a pressuring scenario, when coordinates as few as 5% of the nodes, reduces the server hit ratio of both CCN and notable related work by up to 45%. Index Terms: Information-Centric Networking; Coordinated Caching; Cache-Aware Routing
    IEEE CCNC, Las Vegas, USA; 01/2015
  • [Show abstract] [Hide abstract]
    ABSTRACT: Information-centric networks are a new paradigm for addressing and accessing content on the Internet, with Content-Centric Networking (CCN) being one of the more popular candidate solutions. CCN de-couples content from the location it is hosted and allows for mobility of the node requesting the content. However, CCN's ability to handle the mobility of the content source are limited and so far little research has focused on how both endpoints would be able to be mobile. We focus on mobility of the content source, using network embeddings as a tool. Network embeddings have already been proposed for content addressing and mobility management in prior work. In this paper, we first show that previously designed embeddings lead to a highly unbalanced storage and traffic load: More than 90% of all stored references are mapped to one node, which is involved in more than 95% of all queries. We propose a modified embedding, Prefix-S embedding, and a topology-aware key assignment, which enable a uniform distribution of the storage load. The maximum traffic per node is also considerably reduced from more than 95% to 35%.
  • Giang Nguyen, Mathias Fischer, Thorsten Strufe
    [Show abstract] [Hide abstract]
    ABSTRACT: The robustness of pull-based streaming systems to node failure and churn has been extensively analyzed. Their resistance to sabotage, however, is not well understood, so far. Recent measurement studies on a large deployed pull-based system have discovered stable source-to-peer paths and the convergence of the content dissemination to rather static topologies over time. Thus, an attack on central nodes within these static topologies, which causes serious service disruptions, is feasible. This paper demonstrates attacks that significantly reduce the system’s performance. As a countermeasure, we introduce a novel striping scheme, which decreases the dependencies between peers and thus the impact of attacks. A thorough simulation study indicates that our scheme achieves a high resistance against sabotage attacks at negligible overhead and performance penalties.
    International Symposium on Stabilization, Safety, and Security of Distributed Systems (SSS), Paderborn, Germany; 09/2014
  • Source
    Hani Salah, Stefanie Roos, Thorsten Strufe
    [Show abstract] [Hide abstract]
    ABSTRACT: Discovery of nodes and content in large-scale distributed systems is generally based on Kademlia, today. Understanding Kademlia-type systems to improve their performance is essential for maintaining a high service quality for an increased number of participants, particularly when those systems are adopted by latency-sensitive applications. This paper contributes to the understanding of Kademlia by studying the impact of \emph{diversifying} neighbours' identifiers within each routing table bucket on the lookup performance. We propose a new, yet backward-compatible, neighbour selection scheme that attempts to maximize the aforementioned diversity. The scheme does not cause additional overhead except negligible computations for comparing the diversity of identifiers. We present a theoretical model for the actual impact of the new scheme on the lookup's hop count and validate it against simulations of three exemplary Kademlia-type systems. We also measure the performance gain enabled by a partial deployment for the scheme in the real KAD system. The results confirm the superiority of the systems that incorporate our scheme.
  • [Show abstract] [Hide abstract]
    ABSTRACT: Freenet, a fully decentralized publication system designed for censorship-resistant communication, exhibits long delays and low success rates for finding and retrieving content. In order to improve its perfor- mance, an in-depth understanding of the deployed system is required. Therefore, we performed an extensive measurement study accompanied by a code analysis to identify bottlenecks of the existing algorithms and obtained a realistic user model for the improvement and evaluation of new algorithms. Our results show that 1) the current topology control mechanisms are suboptimal for routing and 2) Freenet is used by several tens of thousands of users who exhibit uncharacteristically long online times in comparison to other P2P systems.
    PETs 2014; 07/2014
  • [Show abstract] [Hide abstract]
    ABSTRACT: The design of secure and usable access schemes to personal data represent a major challenge of online social networks (OSNs). State of the art requires prior interaction to grant access. Sharing with users who are not subscribed or previously have not been accepted as contacts in any case is only possible via public posts, which can easily be abused by automatic harvesting for user profiling, targeted spear-phishing, or spamming. Moreover, users are restricted to the access rules defined by the provider, which may be overly restrictive, cumbersome to define, or insufficiently fine-grained. We suggest a complementary approach that can be easily deployed in addition to existing access control schemes, does not require any interaction, and includes even public, unsubscribed users. It exploits the fact that different social circles of a user share different experiences and hence encrypts arbitrary posts. Assembling only well-established cryptographic primitives, we prove that the security of our scheme is determined by the entropy of the required knowledge. We consequently analyze the efficiency of an informed dictionary attack and assess the entropy to be on par with common passwords. A fully functional implementation is used for performance evaluations, and available for download on the Web.
    ICC 2014 - 2014 IEEE International Conference on Communications; 06/2014
  • Hani Salah, Benjamin Schiller, Thorsten Strufe
    [Show abstract] [Hide abstract]
    ABSTRACT: Content-Centric Networking (CCN) promises to yield large efficiency gains for Internet content distribution. Its autonomous cache management, however, raises doubts about achieving the intended goals optimally. A coordinated cache management, based on timely usage information, will help to fully leverage the cache efficiency. In this poster we introduce CoMon, a system architecture that implements Coordinated caching based on Monitoring of content usage and its stability. CoMon aims at improving CCN caching with low monitoring and communication overheads.
    IEEE INFOCOM, Toronto, Canada; 04/2014
  • Benjamin Schiller, Giang Nguyen, Thorsten Strufe
    [Show abstract] [Hide abstract]
    ABSTRACT: Using Peer-to-Peer technology to deliver live video streams to mobile devices is a promising approach. It allows service providers to scale their video distribution without increasing their cost. As the resources are replicated at the edge of the network, mobile devices can take advantage of close-by peers in order to get the required data faster. This, however, is challenging due to the highly dynamic nature of the participating mobile devices. Hence, the video distribution overlay needs to adapt quickly to changes in the available bandwidth as well as the location of peers. Also, it should be resilient to arbitrary disconnects as well as targeted attacks. In this paper, we introduce a multi-tree-push streaming system which takes the upload capacities of mobile devices into account and arranges the overlay connections based on their position in the network topology. Our demonstrations show that our system is resilient to churn and attacks while running on desktop machines and mobile devices.
    2014 IEEE International Conference on Pervasive Computing and Communication Workshops (PERCOM WORKSHOPS); 03/2014
  • Source
    Stefanie Roos, Thorsten Strufe
    [Show abstract] [Hide abstract]
    ABSTRACT: Social Overlays suffer from high message delivery delays due to insufficient routing strategies. Limiting connections to device pairs that are owned by individuals with a mutual trust relationship in real life, they form topologies restricted to a subgraph of the social network of their users. While centralized, highly successful social networking services entail a complete privacy loss of their users, Social Overlays at higher performance represent an ideal private and censorship-resistant communication substrate for the same purpose. Routing in such restricted topologies is facilitated by embedding the social graph into a metric space. Decentralized routing algorithms have up to date mainly been analyzed under the assumption of a perfect lattice structure. However, currently deployed embedding algorithms for privacy-preserving Social Overlays cannot achieve a sufficiently accurate embedding and hence conventional routing algorithms fail. Developing Social Overlays with acceptable performance hence requires better models and enhanced algorithms, which guarantee convergence in the presence of local optima with regard to the distance to the target. We suggest a model for Social Overlays that includes inaccurate embeddings and arbitrary degree distributions. We further propose NextBestOnce, a routing algorithm that can achieve polylog routing length despite local optima. We provide analytical bounds on the performance of NextBestOnce assuming a scale-free degree distribution, and furthermore show that its performance can be improved by more than a constant factor when including Neighbor-of-Neighbor information in the routing decisions.
  • Thomas Paul, Marius Hornung, Thorsten Strufe
    Global Communications Conference (GLOBECOM), 2014 IEEE; 01/2014
  • Thomas Paul, Antonino Famulari, Thorsten Strufe
    [Show abstract] [Hide abstract]
    ABSTRACT: Abstract Because of growing popularity of Online Social Networks (OSNs) and huge amount of sensitive shared data, preserving privacy is becoming a major issue for OSN users. While most OSNs rely on a centralized architecture, with an omnipotent Service Provider, several decentralized architectures have recently been proposed for decentralized OSNs (DOSNs). In this work, we present a survey of existing proposals. We propose a classification of previous work under two dimensions: (i) types of approaches with respect to resource provisioning devices and (ii) adopted strategies for three main technical issues for DOSN (decentralizing storage of content, access control and interaction/signaling). We point out advantages and limitations of each approach and conclude with a discussion on the impact of DOSNs on users, OSN providers and other stakeholders.
    Computer Networks 01/2014; 75, Part A:437 - 452. DOI:10.1016/j.comnet.2014.10.005 · 1.28 Impact Factor
  • Hani Salah, Stefanie Roos, Thorsten Strufe
    [Show abstract] [Hide abstract]
    ABSTRACT: Discovery of nodes and content in large-scale distributed systems is generally based on Kademlia, today. Understanding Kademlia-type systems to improve their performance is essential for maintaining a high service quality for an increased number of participants, particularly when those systems are adopted by latency-sensitive applications. This paper contributes to the understanding of Kademlia by studying the impact of diversifying neighbours’ identifiers within each routing table bucket on the lookup performance. We propose a new, yet backward-compatible, neighbour selection scheme that attempts to maximize the aforementioned diversity. The scheme does not cause additional overhead except negligible computations for comparing the diversity of identifiers. We present a theoretical model for the actual impact of the new scheme on the lookup’s hop count and validate it against simulations of three exemplary Kademlia-type systems. We also measure the performance gain enabled by a partial deployment for the scheme in the real KAD system. The results confirm the superiority of the systems that incorporate our scheme.
    IEEE P2P, London; 01/2014
  • Hani Salah, Stefanie Ross, Thorsten STrufe
    [Show abstract] [Hide abstract]
    ABSTRACT: The widely used distributed hash table (DHT) in KAD is commonly analyzed and optimized based on partial measurements and simulation results, which are limited in scope and subject to simplification. An accurate characterization, however, is vital for a thorough understanding and effective enhancement. Analyzing and comparing complete real graphs collected from a large-scale measurement campaign as well as synthetic graphs generated by a novel simulation model, we study their degree distributions as well as resilience in face of random departure and targeted attacks. Our results show that the online KAD graph, although scale-free, is highly robust not only to random departure, but also to targeted attacks, making it suitable for distributed applications requiring a high resilience. Resilience to random departure and shape of degree distribution are well modelled by the simulations. However, due to a greatly increased ratio of stale routing information, the complete graph in the real system is much more vulnerable to targeted attacks compared to estimations based on simulative results.
    IEEE ISCC, Madeira, Portugal; 01/2014
  • [Show abstract] [Hide abstract]
    ABSTRACT: Hanoi city is currently dealing with rapidly increasing air pollution that result from variety of sources. The main cause of pollution is exhaust gas from traffic system with a very large number of private vehicles. In order to help the city's environment authorities monitor the level of air pollution, a wireless sensor network is currently under development to collect traffic pollution data measured by a number of gas sensors. This paper focuses on how to process pollution data and visualize level of pollution relying on available datasets collected from sensor network. The volume of data collected from each area of the city can be very large and dynamic due to the number of mobile sensors deployed in the same area at the same time and their measurement frequency. First, we present a method for processing raw data using calibration and data clustering techniques. Second, we describe how measurement datasets are visually represented on the city's online map on the basis of mathematical interpolation method that corresponding to characteristics of environmental data. And then we also use computer graphic technique to improve the visualization quality. Finally, this paper show the result of those methods with sample data collected from an urban district of Hanoi City on a website by which we do not only provide to viewer the actual level of pollution by position but also by time.
    2013 IEEE 38th Conference on Local Computer Networks Workshops (LCN Workshops); 10/2013
  • [Show abstract] [Hide abstract]
    ABSTRACT: This paper presents a smart data forwarding method based on adaptive levels in order to collect data in a wide area with a limited number of sensors in wireless sensor networks (WSNs). WSN nodes move on predefined trajectories. In comparison to other works, each WSN node is assigned an adaptive level, which is frequently updated based on levels and weights of other neighbor nodes. Measured data will be forwarded from nodes with higher levels on the outermost trajectories to nodes with lower levels on inner trajectories, until they reach the center. The proposed method has been tested with eight sensor nodes and one base station to cover an area of 14.6 km2 of an urban district of Hanoi City.
    2013 IEEE 38th Conference on Local Computer Networks Workshops (LCN Workshops); 10/2013
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: The design of secure and usable access schemes to personal data represent a major challenge of online social networks (OSNs). State of the art requires prior interaction to grant access. Sharing with users who are not subscribed or previously have not been accepted as contacts in any case is only possible via public posts, which can easily be abused by automatic harvesting for user profiling, targeted spear-phishing, or spamming. Moreover, users are restricted to the access rules defined by the provider, which may be overly restrictive, cumbersome to define, or insufficiently fine-grained. We suggest a complementary approach that can be easily deployed in addition to existing access control schemes, does not require any interaction, and includes even public, unsubscribed users. It exploits the fact that different social circles of a user share different experiences and hence encrypts arbitrary posts. Hence arbitrary posts are encrypted, such that only users with sufficient knowledge about the owner can decrypt. Assembling only well-established cryptographic primitives, we prove that the security of our scheme is determined by the entropy of the required knowledge. We consequently analyze the efficiency of an informed dictionary attack and assess the entropy to be on par with common passwords. A fully functional implementation is used for performance evaluations, and available for download on the Web.
  • [Show abstract] [Hide abstract]
    ABSTRACT: Motivated by the popularity of content distribution and file sharing applications that nowadays dominate Internet traffic, we focus on the incentive mechanism of a very popular, yet not very well studied, peer-to-peer application, eMule. In our work, we recognize that the incentive scheme of eMule is more sophisticated than current alternatives (e.g., BitTorrent) as it uses a general, priority-based, time-dependent queuing discipline to differentiate service among cooperative users and free-riders. In this paper, we describe a general model of such an incentive mechanism and analyze its properties in terms of application performance. We validate our model using both numerical simulations (when analytical techniques become prohibitive) and with a measurement campaign of the live eMule system. Our results, in addition to validating our model, indicate that the incentive scheme of eMule suffers from starvation. Therefore, we present an alternative scheme that mitigates this problem, and validate it through numerical simulations and a second measurement campaign.
    IEEE Journal on Selected Areas in Communications 09/2013; 31(9):94-104. DOI:10.1109/JSAC.2013.SUP.0513009 · 4.14 Impact Factor

Publication Stats

576 Citations
16.30 Total Impact Points

Institutions

  • 2010–2013
    • Technical University Darmstadt
      Darmstadt, Hesse, Germany
  • 2010–2011
    • Universität Mannheim
      Mannheim, Baden-Württemberg, Germany
  • 2009
    • Institut de France
      Lutetia Parisorum, Île-de-France, France
    • University of Nice-Sophia Antipolis
      Nice, Provence-Alpes-Côte d'Azur, France
  • 2003–2007
    • Technische Universität Ilmenau
      Stadt Ilmenau, Thuringia, Germany