Jorge Crichigno

University of South Carolina | USC · Department of Integrated Information Technology

The ever-increasing botnet presence has enabled attackers to compromise millions of nodes and launch a plethora of Internet-scale coordinated attacks within a very short period of time. While the challenge of identifying and patching the vulnerabilities that these botnets exploit in a timely manner has proven elusive, a more promising solution is t...

This paper describes a cloud infrastructure and virtual laboratories on P4 programmable data plane switches. P4 programmable data planes emerged as a technology that enables innovation in networking. P4 is a programming language used to describe how network packets are processed. This paper explains an entry-level training library on P4. The virtua...

The increasing performance requirements of today’s Internet applications demand a reliable mechanism to transfer data. Many applications rely on the Transmission Control Protocol (TCP) as the transport protocol, due to its ability to adapt to properties of the network and to be robust in the face of many kinds of failures. However, improving the pe...

One of the main roles of the Domain Name System (DNS) is to map domain names to IP addresses. Despite the importance of this function, DNS traffic often passes without being analyzed, thus making the DNS a center of attacks that keep evolving and growing. Software-based mitigation approaches and dedicated state-of-the-art firewalls can become a bot...

The emergence of the IoT, cloud systems, data centers, and 5G networks is increasing the demand for a rapid development of new applications and protocols at all levels of the protocol stack. However, traditional fixed-function data planes have been characterized by a lengthy and costly development process at the hand of few chip manufacturers. Rece...

This section discusses security aspects in high-speed networks. The section pays particular attention to operational security, which addresses potential attackers attempting unauthorized access, introducing malware into devices, and conducting denial of service (DoS) attacks. The chapter describes router’s access-control, firewalls, intrusion preve...

The router's buffer size imposes significant implications on the performance of the network. Network operators nowadays configure the router's buffer size manually and statically. They typically configure large buffers that fill up and never go empty, increasing the Round-trip Time (RTT) of packets significantly, and decreasing the application perf...

This book provides practical knowledge and skills on high-speed networks, emphasizing on Science Demilitarized Zones (Science DMZs). The Science DMZ is a high-speed network designed to facilitate the transfer of big science data which is presented in this book. These networks are increasingly important, as large data sets are now often transferred...

This paper describes the development of an Academic Cloud and hands-on virtual laboratories that run on this cloud. The system has been deployed by the University of South Carolina, Stanly Community College, and the Network Development Group. The Academic Cloud provides remote-access capability to laboratory equipment via the Internet and seamlessl...

Mobile cloud computing provides on-demand resources. The architecture of mobile cloud computing is composed of a cluster of mobile devices. It is gaining popularity because of its cost-effectiveness and availability. There are numerous security issues like data breaches due to many data being stored with all of its benefits. According to recent sea...

Although the importance of router's buffer sizing in network performance is well known, estimating the current size of the bottleneck buffer is an open research problem. This paper presents a method to achieve such estimation, for the case where the bottleneck buffer operates under a finite number of buffer sizing regimes. The scheme uses a supervi...

Traditionally, the data plane has been designed with fixed functions to forward packets using a small set of protocols. This closed-design paradigm has limited the capability of the switches to proprietary implementations which are hard-coded by vendors, inducing a lengthy, costly, and inflexible process. Recently, data plane programmability has at...

The extent to which cyber crimes are taking place has reached a frequency that has never been observed before. Moreover, the increasing network traffic rates have made the storing and subsequent analysis of the resultant stockpile of traffic data in order to attribute such crimes increasingly challenging and time consuming. As a result, inadequate...

Traditionally, the data plane has been designed with fixed functions to forward packets using a small set of protocols. This closed-design paradigm has limited the capability of the switches to proprietary implementations which are hardcoded by vendors, inducing a lengthy, costly, and inflexible process. Recently, data plane programmability has att...

Google published the first release of the Bottleneck Bandwidth and Round-trip Time (BBR) congestion control algorithm in 2016. Since then, BBR has gained a widespread attention due to its ability to operate efficiently in the presence of packet loss and in scenarios where routers are equipped with small buffers. Such characteristics were not attain...

The current livestock industry in certain parts of the world still runs on archaic infrastructure. Using dated systems built on inefficient database structures are not ideal moving into the next millennial as the central point of failure. A lack of data sharing and data transfer also limits the methods by which cattle farmers can operate. In this p...

Ever since the inception of the networking industry, routing and switching devices have been limited to tightly-coupled hardware and software components. Vendors provide closed source proprietary stacks, restraining network operators from utilizing customized features, and hence hindering innovation. This aggregated model is costly, time consuming,...

The alpha version of Bottleneck Bandwidth and Round-trip Time version 2 (BBRv2) has been recently presented, which aims to mitigate the shortcomings of its predecessor, BBR version 1 (BBRv1). Previous studies show that BBRv1 provides a high link utilization and low queuing delay by estimating the available bottleneck bandwidth. However, its aggress...

Blockchain technology is the cornerstone of digital trust and systems' decentralization. The necessity of eliminating trust in computing systems has triggered researchers to investigate the applicability of Blockchain to decentralize the conventional security models. Specifically, researchers continuously aim at minimizing trust in the well-known P...

This paper describes the deployment of a private cloud and the development of virtual laboratories and companion material to teach and train engineering students and Information Technology (IT) professionals in high-throughput networks and cybersecurity. The material and platform, deployed at the University of South Carolina, are also used by other...

Distributed Denial of Service (DDoS) attacks have terrorized our networks for decades, and with attacks now reaching 1.7 Tbps, even the slightest latency in detection and subsequent remediation is enough to bring an entire network down. Though strides have been made to address such maliciousness within the context of Software Defined Networking (SD...

According to estimations, approximately 80% of Internet traffic represents media traffic. Much of it is generated by end users communicating with each other (e.g., voice, video sessions). A key element that permits the communication of users that may be behind Network Address Translation (NAT) is the relay server. This paper presents a scheme for o...

Ransomware attacks cost businesses more than $75 billion/year, and it is predicted to cost $6 trillion/year by 2021. These numbers demonstrate the havoc produced by ransomware on a large number of sectors and urge security researches to tackle it. Several ransomware detection approaches have been proposed in the literature that interchange between...

The insecurity of the Internet-of-Things (IoT) paradigm continues to wreak havoc in consumer and critical infrastructures. The highly heterogeneous nature of IoT devices and their widespread deployments has led to the rise of several key security and measurement-based challenges, significantly crippling the process of collecting, analyzing and corr...

Network Address Translation (NAT) is a method that enables devices with private IP addresses to connect to the Internet by sharing a public IP address. Traversing the NAT device remains a challenge for a wide range of applications such as Voice over IP (VoIP) and Internet of Things (IoT). The Port Control Protocol (PCP) is a relatively new protocol...

This paper describes a project led by the University of South Carolina (USC) to address the cybersecurity workforce gap. The project creates curricular material based on virtual laboratories (vLabs). As vLabs are developed, they are adopted and tested at USC and Northern New Mexico College (NNMC), the main partnering institution in this project. Th...

The deployment of Over-The-Top (OTT) Voice over IP (VoIP) applications has been accelerated after the adoption of high-speed communications technologies (e.g.: LTE) by mobile operators. Additionally, the high incurring costs imposed on subscribers who are roaming outside their Home Public Land Mobile Network (HPLMN) has also contributed to the wide...

Previous studies have observed that TCP pacing-evenly spacing out packets-minimizes traffic burstiness, reduces packet losses, and increases throughput. However, the main drawback of pacing is that the number of flows and the bottleneck link capacity must be known in advance. With this information, pacing is achieved by manually tuning sender nodes...

Network function virtualization (NFV) allows service provides to implement network processing functionality in software using standard computing servers. As such, this approach precludes the need for deploying costly and proprietary hardware-based networking devices, i.e., black boxes, greatly reducing infrastructure and operational costs. Instead,...

The security issue impacting the Internet-of-Things (IoT) paradigm has recently attracted significant attention from the research community. To this end, several surveys were put forward addressing various IoT-centric topics including intrusion detection systems, threat modeling and emerging technologies. In contrast, in this work, we exclusively f...

The network function virtualization (NFV) paradigm focuses on increasing manageability and scalability of modern complex heterogeneous networks and network services by decoupling the network functions and hosting devices. However, as new promising solutions become available, the need for availability and reliability techniques grow, particularly fo...

This paper presents a flow-based entropy characterization of a small/medium-sized campus network that uses network address translation (NAT). Although most networks follow this configuration, their entropy characterization has not been previously studied. Measurements from a production network show that the entropies of flow elements (external IP a...

Large-scale nuclear electromagnetic pulse (EMP) attacks and natural disasters can cause extensive network failures across wide geographic regions. Although operational networks are designed to handle most single or dual faults, recent efforts have also focused on more capable multi-failure disaster recovery schemes. Concurrently, advances in softwa...

Green communications is the practice of selecting energy efficient communications, networking technologies and products. This process is followed by minimizing resource use whenever possible in all branches of communications. In this day and age, green communication is vital to the footprint we leave on this planet as we move into a completely digi...

Science and engineering applications are now generating data at an unprecedented rate. From large facilities such as the Large Hadron Collider to portable DNA sequencing devices, these instruments can produce hundreds of terabytes and above in short periods of time. Researchers and other professionals rely on networks to move data between sensing l...

Multicast virtual network (MVN) cloud services have tight restrictions in terms of coverage, delay, delay variation, and reliability. However large disasters impose key challenges, and there are no known solutions that incorporate stochastic multi-failure risk into the MVN embedding process. Hence, this letter presents novel proactive 'risk-aware'...

A Monte Carlo algorithm is designed to predict the average time to graduate by enrolling virtual students in a degree plan. The algorithm can be used to improve graduation rates by identifying bottlenecks in a degree plan (e.g., low pass rate courses and prerequisites). Random numbers are used to determine whether students pass or fail classes by c...

Abstract—Network function virtualization (NFV) and software- defined networking (SDN) are two recent networking paradigms that strive to increase manageability, scalability, programmability and dynamism. The former decouples network functions and host- ing devices, while the latter decouples the data and control planes. As more and more operators a...

The Internet of Things [IoT] promises to revolutionize the way we interact with our surroundings. Smart cars, smart cities, smart homes are now being realized with the help of various embedded devices that operate with little to no human interaction. However these embedded devices bring forth a plethora of security challenges as most manufacturers...

Virtualization is a fast-growing technology that is being widely adopted by companies of all sizes, mainly due to its flexibility, manageability and resources usage optimization. However, along with the technology growth, challenges arise, such as management complexity. In order to deliver a higher level of flexible and dynamic management, two tech...

Technological advances and innovative business models led to the modernization of the cyber-physical concept with the realization of the Internet of Things (IoT). While IoT envisions a plethora of high impact benefits in both, the consumer as well as the control automation markets, unfortunately, security concerns continue to be an afterthought. Se...

A major challenge for intrusion prevention system (IPS) sensors in today’s Internet is the amount of traffic these devices have to inspect. Hence this paper presents a linear program (LP) for traffic scheduling in multi-sensor environments that alleviates inspection loads at IPS sensors. The model discriminates traffic flows so that the amount of i...

Cloud infrastructure services allow organizations to outsource their computing, storage, and networking needs to external providers. These offerings use network virtualization to provision customized, interconnected resource pools across substrate infrastructures comprised of datacenter computing/storage systems and interconnecting networking switc...

Advance reservation services are being used by a range of applications to schedule connection bandwidth resources at future time intervals. To date many different algorithms have been developed to support various point-to-point reservation models. However, with expanding data distribution needs there is a need to schedule more complex service types...

Determining the optimum angle for a solar panel is important if tracking systems are not used and a tilt angle remains constant. This article determines the sensitivity of the optimum angle to surface reflectivity at different latitudes using a mathematical model that accounts for direct, diffuse and reflected radiation. A quadratic correlation is...