Thorsten Strufe

Technical University Darmstadt, Darmstadt, Hesse, Germany

Are you Thorsten Strufe?

Claim your profile

Publications (60)9.92 Total impact

  • Hani Salah, Stefanie Roos, Thorsten Strufe
    [Show abstract] [Hide abstract]
    ABSTRACT: Discovery of nodes and content in large-scale distributed systems is generally based on Kademlia, today. Understanding Kademlia-type systems to improve their performance is essential for maintaining a high service quality for an increased number of participants, particularly when those systems are adopted by latency-sensitive applications. This paper contributes to the understanding of Kademlia by studying the impact of \emph{diversifying} neighbours' identifiers within each routing table bucket on the lookup performance. We propose a new, yet backward-compatible, neighbour selection scheme that attempts to maximize the aforementioned diversity. The scheme does not cause additional overhead except negligible computations for comparing the diversity of identifiers. We present a theoretical model for the actual impact of the new scheme on the lookup's hop count and validate it against simulations of three exemplary Kademlia-type systems. We also measure the performance gain enabled by a partial deployment for the scheme in the real KAD system. The results confirm the superiority of the systems that incorporate our scheme.
    07/2014;
  • Source
    Stefanie Roos, Thorsten Strufe
    [Show abstract] [Hide abstract]
    ABSTRACT: Social Overlays suffer from high message delivery delays due to insufficient routing strategies. Limiting connections to device pairs that are owned by individuals with a mutual trust relationship in real life, they form topologies restricted to a subgraph of the social network of their users. While centralized, highly successful social networking services entail a complete privacy loss of their users, Social Overlays at higher performance represent an ideal private and censorship-resistant communication substrate for the same purpose. Routing in such restricted topologies is facilitated by embedding the social graph into a metric space. Decentralized routing algorithms have up to date mainly been analyzed under the assumption of a perfect lattice structure. However, currently deployed embedding algorithms for privacy-preserving Social Overlays cannot achieve a sufficiently accurate embedding and hence conventional routing algorithms fail. Developing Social Overlays with acceptable performance hence requires better models and enhanced algorithms, which guarantee convergence in the presence of local optima with regard to the distance to the target. We suggest a model for Social Overlays that includes inaccurate embeddings and arbitrary degree distributions. We further propose NextBestOnce, a routing algorithm that can achieve polylog routing length despite local optima. We provide analytical bounds on the performance of NextBestOnce assuming a scale-free degree distribution, and furthermore show that its performance can be improved by more than a constant factor when including Neighbor-of-Neighbor information in the routing decisions.
    01/2014;
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: The design of secure and usable access schemes to personal data represent a major challenge of online social networks (OSNs). State of the art requires prior interaction to grant access. Sharing with users who are not subscribed or previously have not been accepted as contacts in any case is only possible via public posts, which can easily be abused by automatic harvesting for user profiling, targeted spear-phishing, or spamming. Moreover, users are restricted to the access rules defined by the provider, which may be overly restrictive, cumbersome to define, or insufficiently fine-grained. We suggest a complementary approach that can be easily deployed in addition to existing access control schemes, does not require any interaction, and includes even public, unsubscribed users. It exploits the fact that different social circles of a user share different experiences and hence encrypts arbitrary posts. Hence arbitrary posts are encrypted, such that only users with sufficient knowledge about the owner can decrypt. Assembling only well-established cryptographic primitives, we prove that the security of our scheme is determined by the entropy of the required knowledge. We consequently analyze the efficiency of an informed dictionary attack and assess the entropy to be on par with common passwords. A fully functional implementation is used for performance evaluations, and available for download on the Web.
    09/2013;
  • Source
    Stefanie Roos, Hani Salah, Thorsten Strufe
    [Show abstract] [Hide abstract]
    ABSTRACT: The family of Kademlia-type systems represents the most efficient and most widely deployed class of internet-scale distributed systems. Its success has caused plenty of large scale measurements and simulation studies, and several improvements have been introduced. Its character of parallel and non-deterministic lookups, however, so far has prevented any concise formal analysis. This paper introduces the first comprehensive formal model of the routing of the entire family of systems that is validated against previous measurements. It sheds light on the overall hop distribution and lookup delays of the different variations of the original protocol. It additionally shows that several of the recent improvements to the protocol in fact have been counter-productive and identifies preferable designs with regard to routing overhead and resilience.
    07/2013;
  • Benjamin Schiller, Thorsten Strufe
    [Show abstract] [Hide abstract]
    ABSTRACT: With the rise of online social networks and other highly dynamic system, the need for the analysis of their structural properties has grown in the last years. While the re-computation of graph-theoretic metrics is feasible for investigating a small set of static system snapshots, this approach is unfit for the application in highly dynamic systems where we aim at frequent property updates. Based on the concept of data streams, new algorithms have been developed that update the computed properties based on changes instead of recomputing them regularly. While there exists a plethora of frameworks and libraries for the analysis of static networks, there is currently no framework for the graph-theoretic analysis and development of new algorithms for dynamic networks. In this paper, we discuss a set of requirements a framework must meet to implement the general workflow for analyzing dynamic networks. We then introduce the architecture of a first prototype for such a framework, the Dynamic Network Analyzer (DNA).
    Proceedings of the 2013 Summer Computer Simulation Conference; 07/2013
  • Benjamin Schiller, Thorsten Strufe
    [Show abstract] [Hide abstract]
    ABSTRACT: Routing in complex networks is increasingly optimized towards situation and properties of the underlying network. Quick hypothesis testing with respect to the performance of different strategies, however, is posing to be an unnecessarily complicated task. To this end we propose GTNA-2, the enhanced second version of Graph-Theoretic Network Analyzer. Based on the broadly used GTNA, it allows both for the efficient and simple analysis of a large set of graph metrics, but additionally has been extended with support for rapid prototyping and quick evaluation of arbitrary routing algorithms. In this paper, we discuss the implementation and evaluation of routing algorithms in GTNA-2. As a proof of concept, we demonstrate the framework's ease of use by comparing the routing performance of Named data Networking with basic IP-based routing.
    Proceedings of the 2013 Summer Computer Simulation Conference; 07/2013
  • Giang Nguyen, Mathias Fischer, Thorsten Strufe
    [Show abstract] [Hide abstract]
    ABSTRACT: Overlay streaming systems have recently been favored by the academic community as a viable approach for IPTV. Over the last years, a multitude of different overlay streaming approaches have been proposed. Most of them, however, have been evaluated individually. The lack of a common simulation framework makes it difficult to compare the properties of the different systems with each other. To bridge this gap, we introduce OSSim, a general-purpose simulation framework that allows the instantiation of different overlay streaming protocols. For this purpose, it provides a generic and modular structure, and several membership management and overlay streaming protocols as well. Our simulation results indicate that the framework is accurate and flexible to simulate different overlay streaming systems.
    In Proceedings of Summer Simulation Multi-Conference (SummerSim). 07/2013;
  • [Show abstract] [Hide abstract]
    ABSTRACT: Our main contribution in this work is a deployable multitree-push system for P2P-based live streaming. It runs on both desktop PCs and Android-based mobile devices. Additionally, it provides controlling, monitoring, and measurement functionalities which help with debugging in the development phase, visualize the topology during a demonstration, and support the deployment of test scenarios in a distributed setting. Besides, the generic architecture of the system also allows for the extension to other classes of streaming systems.
    Peer-to-Peer Computing (P2P), 2013 IEEE Thirteenth International Conference on; 01/2013
  • Conference Paper: Summary and conclusion
    Wolfgang Effelsberg, Thorsten Strufe
    Benchmarking Peer-to-Peer Systems; 01/2013
  • S. Roos, T. Strufe
    [Show abstract] [Hide abstract]
    ABSTRACT: Routing in Darknets, membership concealing overlays for pseudonymous communication, like for instance Freenet, is insufficiently analyzed, barely understood, and highly inefficient. These systems at higher performance are promising privacy preserving solutions for social applications. This paper contributes a realistic analytical model and a novel routing algorithm with provable polylog expected routing length. Using the model, we additionally prove that this can not be achieved by Freenet's routing. Simulations support that our proposed algorithm achieves a better performance than Freenet for realistic network sizes.
    INFOCOM, 2013 Proceedings IEEE; 01/2013
  • [Show abstract] [Hide abstract]
    ABSTRACT: Motivated by the popularity of content distribution and file sharing applications that nowadays dominate Internet traffic, we focus on the incentive mechanism of a very popular, yet not very well studied, peer-to-peer application, eMule. In our work, we recognize that the incentive scheme of eMule is more sophisticated than current alternatives (e.g., BitTorrent) as it uses a general, priority-based, time-dependent queuing discipline to differentiate service among cooperative users and free-riders. In this paper, we describe a general model of such an incentive mechanism and analyze its properties in terms of application performance. We validate our model using both numerical simulations (when analytical techniques become prohibitive) and with a measurement campaign of the live eMule system. Our results, in addition to validating our model, indicate that the incentive scheme of eMule suffers from starvation. Therefore, we present an alternative scheme that mitigates this problem, and validate it through numerical simulations and a second measurement campaign.
    IEEE Journal on Selected Areas in Communications 01/2013; 31(9):94-104. · 3.12 Impact Factor
  • H. Salah, T. Strufe
    [Show abstract] [Hide abstract]
    ABSTRACT: Measuring accurate graph snapshots of peer-to-peer (P2P) overlay networks is essential to understand these systems. Furthermore, the captured graph snapshots can be used, among other important purposes, as traces for simulation studies, to validate existing simulation models, to design and implement targeted attacks, or to detect anomalies. Motivated by the importance of the purposes above as well as the popularity of several Kademlia-like networks, we present a new crawler aiming to capture snapshots of the connectivity graph of the entire KAD network. The crawler's design is generic and adaptable for Kademlia-like and other structured P2P networks. The results show that the crawler is fast and captures high accurate graph snapshots. Furthermore, its design enables it to outperform prior KAD crawlers significantly in terms of the time and the number of crawling messages that are required to download nodes' routing tables. The crawls that we conducted at different times between April 2012 and February 2013 show that KAD is still widely-used in terms of total observed users. However, when compared to the results of prior studies, we report a significant drop in the number of its simultaneous online users.
    Distributed Computing Systems Workshops (ICDCSW), 2013 IEEE 33rd International Conference on; 01/2013
  • A. Hofer, S. Roos, T. Strufe
    [Show abstract] [Hide abstract]
    ABSTRACT: To achieve anonymous and censorship-resistant overlay communication, darknets restrict overlay links to trusted parties. Efficient data retrieval in such a restricted topology requires a decentralized addressing scheme. We propose a greedy embedding algorithm, which is used to realize efficient routing and content addressing for darknets. The embedding guarantees success of greedy routing using compact address representations. Evaluation on trust graphs obtained from PGP's web of trust shows that our embedding enables much more efficient routing than existing dark net embeddings. Though, content addressing based on the embedding exhibits unbalanced load.
    Networked Systems (NetSys), 2013 Conference on; 01/2013
  • Kamill Panitzek, Thorsten Strufe
    Benchmarking Peer-to-Peer Systems; 01/2013
  • [Show abstract] [Hide abstract]
    ABSTRACT: The ever increasing popularity of Online Social Networks has left a wealth of personal data on the web, accessible for broad and automatic retrieval. Protection from undesired recipients and harvesting by crawlers is implemented by access control, manually configured by the user in his privacy settings. Privacy unfriendly default settings and the user unfriendly privacy setting interfaces cause an unnoticed over-sharing. We propose C4PS - Colors for Privacy Settings, a concept for future privacy setting interfaces. We developed a mockup for privacy settings in Facebook as a proof of concept, applying color coding for different privacy visibilities, providing easy access to the privacy settings, and generally following common, well known practices. We evaluated this mockup in a lab study and show in the results that the new approach increases the usability significantly. Based on the results we provide a Firefox plug-in implementing C4PS for the new Facebook interface.
    Proceedings of the 4th international conference on Social Informatics; 12/2012
  • [Show abstract] [Hide abstract]
    ABSTRACT: Named Data Networking architectures have been proposed to improve various shortcomings of the current Internet architecture. A key part of these proposals is the capability of caching arbitrary content in arbitrary network locations. While caching has the potential to improve network performance, the data stored in caches can be seen as transient traces of past communication that attackers can exploit to compromise the users' privacy. With this editorial note, we aim to raise awareness of privacy attacks as an intrinsic and relevant issue in Named Data Networking architectures. Countermeasures against privacy attacks are subject to a trade-off between performance and privacy. We discuss several approaches to countermeasures representing different incarnations of this tradeoff, along with open issues to be looked at by the research community.
    ACM SIGCOMM Computer Communication Review 09/2012; 42(5):54-57. · 0.91 Impact Factor
  • [Show abstract] [Hide abstract]
    ABSTRACT: Current online Social Networking Services (SNS) are organized around a single provider and while storage and functionality can be distributed, the control over the service belongs to one central entity. This structure raises privacy concerns over the handling of large-scale and at least logically centralized collections of user data. In an effort to protect user privacy and decrease provider dependence, decentralization has been proposed for SNS. This decentralization has effects on availability, opportunities for traffic analysis, resource requirements, cooperation and incenctives, trust and accountability for different entities, and performance. In this paper, we explore the spectrum of SNS implementations from centralized to fully decentralized and several hybrid constellations in between. Taking a systematic approach of SNS layers, decentralization classes, and replication strategies, we investigate the design space and focus on two issues as concrete examples where the contrast of extreme ends of the decentralization spectrum is illustrative, namely potential adversaries and churn-related profile availability. In general, our research indicates that hybrid approaches deserve more attention as both centralized as well as entirely decentralized systems suffer from severe drawbacks.
    Proceedings of the First ACM International Workshop on Hot Topics on Interdisciplinary Social Networks Research; 08/2012
  • Melek Önen, Thorsten Strufe
    [Show abstract] [Hide abstract]
    ABSTRACT: One of the most striking properties of the Internet is its flexibility to accommodate features it was not conceived for. Among the most significant examples, in this survey we consider the transition of the Internet from a reliable fault-tolerant network ...
    Computer Communications. 01/2012; 35:47.
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: The ever increasing popularity of Facebook and other Online Social Networks has left a wealth of personal and private data on the web, aggregated and readily accessible for broad and automatic retrieval. Protection from both undesired recipients and harvesting by crawlers is implemented by access control, manually configured by the user and owner of the data. Several studies demonstrate that default settings cause an unnoticed over-sharing and that users have trouble understanding and configuring adequate privacy settings. We developed an improved interface for privacy settings in Facebook by mainly applying color coding for different groups, providing easy access to the privacy settings, and applying the principle of common practices. Using a lab study, we show that the new approach increases the usability significantly.
    01/2012;
  • S. Roos, T. Strufe
    [Show abstract] [Hide abstract]
    ABSTRACT: Darknets, anonymous and membership-concealing P2P networks, aim at providing censorship-resistance without relying on a central authority. An efficient routing algorithm is needed to create Darknets that offer an acceptable performance to a large number of users. Designing such an algorithm is hard due to the restricted topology of Darknets, which has not been modelled adequately up to now. We present such a model of Darknets by modifying Kleinberg's small-world model [1] and a new algorithm, NextBestOnce. It is shown analytically that NextBestOnce takes O(log2 n) steps on our model, simulations show that it performs better than existing Darknet routing algorithms such as the one used in the dark Freenet [2], especially with regard to the maximal path length which is bounded by O(log2 n) for NextBestOnce, but scales linearly in case of Freenet.
    Distributed Computing Systems Workshops (ICDCSW), 2012 32nd International Conference on; 01/2012

Publication Stats

344 Citations
9.92 Total Impact Points

Institutions

  • 2010–2013
    • Technical University Darmstadt
      • Multimedia Communications Lab (KOM)
      Darmstadt, Hesse, Germany
  • 2010–2011
    • Universität Mannheim
      Mannheim, Baden-Württemberg, Germany
  • 2009
    • Institut de France
      Lutetia Parisorum, Île-de-France, France
    • University of Nice-Sophia Antipolis
      Nice, Provence-Alpes-Côte d'Azur, France
  • 2003–2007
    • Technische Universität Ilmenau
      Stadt Ilmenau, Thuringia, Germany