Internet Architecture

The Internet is a hugely successful human made artifact that has changed the society fundamentally. In becoming such a hugely successful infrastructure the usage of the Internet and, thus, the Internet has and continues to change as my research has highlighted. Thus, we have to

continuously analyze the usage as well as the underlying infrastructure,
understand the current performance bottlenecks,
explore how novel applications interact and should interact with the infrastructure,
design appropriate network management mechanisms and security mechanisms,
explore how to incentivize efficient network usage and network upgrades.

One important understudied aspect are the effects of Internet outages with can be dramatic for manufacturing, financial markets, critical infrastructures, and entertainment. Among the future challenges in this context are understanding the interdependencies of the infrastructures,

predicting the impact of (partial) outages,
ensuring sufficient redundancy within the infrastructure.

Nowadays, the Internet is about communication, computation, and storage. IT-cloud providers provide “on demand” connectivity for user to the cloud. Internet Service Providers (ISPs) are in the process of deploying fog networks, microdatacenters co-located with network aggregation points. With this infrastructure we can realize future services via service specific CloudNets: virtual networks that combine clouds with networking. CloudNets - much like cloud resources - can grow, shrink, and/or be moved dynamically. Among the future challenges in this context are

algorithms to scale, shrink, and place CloudNets,
what tailored protocol to use for what application,
how to design and utilize mechanism for interactions between the infrastructure and the application.

In a few years staggering volumes of data will be continuously generated almost everywhere. Moreover, this data will grow exponentially. At the same time our analytic and processing capabilities will have further advanced and, e.g., offer intelligent machine learning mechanisms. In addition, everyone wants to be able to have ubiquitous access to information from everywhere at any time.

Thus, data streams will have to be processed and distributed in a coordinated manner in real-time. This requires a distributed processing platform where processing and data can move around freely and securely in an optimal fashion enabling fast reaction time and minimal resource consumption. In the process data provenance, quality criteria, and time constraints, both varying per customer, will have to be taken into account. This requires the integration of information processing and networking into a single paradigm. We envision that data will flow along various Collaborative Data Processing Pipelines (CDPP). Among the future challenges in this context are:

the control as well as data plane of such CDPPs which can be build on top of CloudNets and can take advantage of concepts from software defined networking (SDN) and network function virtualization (NFV) and
How to ensure consistency of the global control plane with the actual network configuration across multiple levels of virtualization.

Our researchers

Dr. Ha Dao Thi Thu
Online privacy, data protection, internet measurement

Dr. Oliver Gasser
Internet Security Measurements

Dr. Tobias Fiebig
Security, Privacy, Infrastructure operation, Sustainability, Human Factors

Our Research Areas

Analysis of the Covid-19 pandemic: In January 2020 the COVID-19 pandemic, a coronavirus variant spreading across the entire globe, reached central Europe. In the beginning, many people underestimated the impact the virus would have on our entire life in the coming months. Once the ﬁrst lockdown was imposed in March it quickly became clear that things would drastically change. The Internet was a vital component to maintain as much normality as possible. With this increased demand the question arose whether the Internet can serve that demand or if it was near a collapse. To investigate this issue we started the COVID measurement project.

Congestion-control: Network congestion, the state where nodes receive more data than they can handle, leads to packet losses, increased network delay and reduced throughput for all data ﬂows passing through a congested node. Despite four decades of research on congestion-control algorithms or schemes, there is yet no “one-size ﬁts-all" solution.

Emerging Platforms and Communities on the Web: The Web consists of numerous Web communities, news sources, and services, which are often used by various actors for potentially nefarious purposes.

Flow queries: Many network operations, ranging from attack investigation and mitigation to traffic management, require answering network-wide flow queries in seconds. In this project, we investigate how to improve the response time for apriori unknown network-widequeries.

Internet of Things: The number of IoT devices deployed within homes is increasing rapidly. It is estimated that the IoT population will increase to 20 billion by 2025. While users deploy some IoT devices explicitly, they are often unaware of the security threats and privacy consequences of using such devices.

Online content moderation: Online content moderation is an important aspect of online social networks as it ensures that content posted by users abides by the platform’s guidelines and is appropriate for other users.

Online hate speech: The spread of offensive language and hate speech online is an important and timely issue that exists on social networks.

Routing & Network Management: The Internet is an essential part of most people’s daily life. Its popularity is largely driven by the diverse services it oﬀers. To interact with services, user devices needs to identify and reach the infrastructure they are hosted on.

Understanding, Detecting, and Mitigating Weaponized Information: Weaponized information refers to carefully crafted information that aims to deceive people or information that is presented in such a way to manipulate or attack users.

Port 0: In this project, we perform active and passive measurements to investigate the origins and causes of port 0 traﬃc on the Internet.

Veriﬁcation of Programmable Networks: The underlying networks serving the online services and applications of a business must be reliable, secure, and highly available. Outages caused by defective network devices, misconﬁgurations, or security breaches can lead to expensive losses. Consequently, network veriﬁcation is a crucial task in the network management and control process.

Video streaming: Video streaming is omnipresent and, due to recent global events, the number of people being at home watching streamed video only increased further.

VPN: Virtual Private Networks (VPNs) provide secure communication mechanisms, such as encryption and tunneling, enabling users to circumvent censorship, to access geo-blocked services, or to securely access an organization’s resources remotely. However, VPN services come with diﬀerent vulnerabilities or security issues, including weak security protocols, privacy issues, and reliability. First, this project aims at detecting diﬀerent VPN servers worldwide, then, at measuring how vulnerable these detected VPN service are to diﬀerent kinds of attacks such as version downgrade attack.