Lixia Zhang - US grants

This is a joint effort with Deborah Estrin, University of Southern California under award NCR-9628729. Many applications require reliable multipoint data delivery. Some well known examples are netnews, electronic mailing list, and network routing protocols such as BGP. Up until now, however, due to the lack of widely available support for both IP multicast and reliable multicast transport, these applications have been using multiple TCP connections to achieve reliable data delivery to multiple destinations, which results in both poor scalability and inefficient utilization of network resources. The goal of this research is to develop a framework and a set of mechanisms to provide efficient, robust, scalable, and reliable multicast data delivery both over very large networks and with very large multicast groups. The basic principles that have guided the design include the application level framing (ALF), the IP multicast group concept and receiver-initiated group management, and the core design principles of TCP/IP --- simple datagram service, the end-to-end approach to reliability, and automatic adaptation to changing operational environment. The research will (1) systematically investigate the scaling issues with the proposed adaptive error recovery scheme; (2) develop mechanisms to localize error recovery traffic and substantially reduce the recovery overhead in the current design; (3) develop flow and congestion algorithms for many-to-many multicast data delivery; and (4) investigate new models for session message distribution to further improve the scalability.

It is increasingly the case that a given Internet interaction could be satisfied by one of a number of Internet hosts. Examples range from short-lived interactions such as a single web page access to any one of multiple equal-content web servers to a long-term peering relationship between two news (NNTP) servers.

In any such interatction, all other things being equal, it is advantageous to access the "nearest" choice. By near we mean in>terms of Internet performance metrics, such as low latency or high bandwidth. Even when all other things are not equal, such as the case where different web servers have different response times, it is still useful to include distance to each candidate host as one of several criteria for making a selection.

One approach to obtaining this distance information is for the initiating host to measure it itself, using either unicast (ping, traceroute) or multicast (expanding ring search) tools. While these tools have a wide range of
uses, their utility is generally limited by their overhead. For instance, the cost of running a single traceroute can exceed the cost of the web page access itself. More important still, a large number of hosts making independent and frequent measurements could have a severe impact on performance overall. Ideally, measurements made by one system (host or router) should be made available, at low cost, to other hosts.

A useful general service for the Internet would be one whereby a host could quickly and efficiently learn the distance between any two hosts. To be widely useful, such a service should provide an answer with a delay and overhead less than those of the gains achieved by using the service. A simple protocol for such a service (SONAR) was discussed in the IETF (Internet Engineering Task Force) as early as February 1996, and in April 1997 as a more general service called HOPS (Host Proximity Service). Both of these efforts proposed lightweight client/server query/reply protocols along the lines of a DNS (Domain Name System) query/reply. Both also required that the server be able to produce an answer in a very short time---preferably, though not necessarily, by using information already stored locally.

This proposal is concerned with the problem of how servers in such a SONAR/HOPS service can obtain the distance information needed to answer queries. Specifically, we explore the following questions:
- Which systems originally produce the distance information, and how is it produced?
- How does the distance information get from these producing systems to the servers?
- What form does the distance information take, and how is it used to produce answers for specific pairs of Internet hosts?

After discussing basic aspects of the questions outlined above, this proposal presents a general architecture for an underlying service that provides the basic information used by a SONAR/HOPS service. This underlying service is called IDMaps, forInternet Distance Map Service.

This work is being proposed in parallel by the PI, Sugih Jamin, and the co-PI, Lixia Zhang. Sugih Jamin's prior research has been in Internet traffic characterization and measurement-based admission control. Lixia Zhang has been an active participant in research on scalable reliable multicast. The PIs will work closely with Paul Francis of NTT Software Labs and Vern Paxson of LBNL. Paul Francis has been active on research in distributed hierarchy construction algorithms. Vern Paxson is active in Internet performance measurement and is the PI of the NSF-funded National Internet Measurement Infrastructure (NIMI) effort. IDMaps can be built on the NIMI substrate. Letters from Paul Francis and Vern Paxson confirming these
collaborations are attached to this proposal.

This proposal is aimed at developing a general framework for source address validation across the Internet and investigating issues in realizing the source validation deployment. Result of this work will help in stopping malicious attacks such as denial of service' attack. The work includes enhancements to the current network routing protocols to provide necessary information for source validation, creating a prototype implementation of the source validation checking and deploy it on the CAIRN testbed. Through real implementation the performance of the new protocols will be investigated including how effectively source address validation supports diagnosis of flaws and attacks when it is only partially deployed.

A planning grant is requested to establish a multi-disciplinary effort at UCLA to apply wireless, mobile networking to support seamless transition of applications across heterogeneous clients for patient record retrieval in medical settings. The planning grant will be used to establish a very small testbed with heterogeneous devices that include desktop computers, laptops, and hand held devices, to provide an environment in which to deploy an early prototype of the proposed system. The testbed will also allow us to enhance interactions among the researchers from different disciplines and the campus telecommunications facility to prepare for an eventual full throttled deployment of the system. Lastly, the small physical testbed will allow us to cleanly separate the advanced development concerns from the more research-oriented issues such that we can deploy the system using state of the art COTS tools while simultaneously pursuing research ideas to influence the next generation of the proposed environment.

The researchers envision that within the next few years mobile and wireless access to the Internet will very likely become the norm, rather than the exception as is seen today. This proposal describes the plans to develop and deploy iMASH, a network system that supports anytime, anywhere, on any platform access to the electronic patient records database for healthcare providers. The objective is to provide the capability for real-time, multimedia communication, so that a physician may access, on the move, the patients record and other relevant information as filtered by the physician's user profile, and may migrate ongoing application sessions seamlessly to different platforms that range from a high performance diagnostic workstation in the physician's office to hand held PDAs in the examination room. While the proposed techniques are general and extend to a range of mobile applications, the specific target of this project is healthcare applications. To this end, the researchers will develop a clinical testbed, which will serve as a laboratory for developing, testing, and evaluating advanced information technology in the context of patient care. The testbed will provide the user requirements to drive the iMASH architecture design, and will permit direct, realistic validation of the research results.
The researchers expect to make the following contributions from this research and development effort:
1) Development of a middleware infrastructure that provides support for anytime, anywhere, on any platform access to the Internet
2) A suite of wireless networking protocols and algorithms that provide quality of service support in a mobile, heterogeneous networking environment
3) A deployment of iMASH within the UCLA Medial School and a controlled study to evaluate its effectiveness in reducing healthcare costs and improving physician effectiveness
4) A system emulation capability that can be used to evaluate the performance and scalability of the middleware services and protocols across multiple dimensions including number of users, number of devices, types of applications, and geographical area. The emulator will be used to 'test drive' novel protocols and applications prior to deployment on the physical testbed.
The researchers have assembled a strong research and development team to undertake the iMASH effort. The team possesses the necessary expertise in the related areas of networking (Zhang, Gerla), wireless communications (Gerla, Lu), parallel and distributed systems (Bagrodia, Gerla), performance evaluation (Bagrodia), computerized medicine (Valentino, McCoy), clinical evaluation of technological innovations in improving heath care (Fiske), and campus computing and communication technology (Solomon).
A longer term goal of this effort is to deploy iMASH-like technology widely within the UCLA campus to support ubiquitous multimedia access for students and faculty, and to support wireless distance education. To enable appropriate technology transition, the team also includes two key members from the university administration: the CIO for the medical school (McCoy) and the Associate Vice-chancellor of Administrative Services with line responsibility over campus telecommunications (Solomon). The UCLA Hospital has recently embarked on a historical reconstruction with a $1 billion endowment. An integral part of the reconstruction is availability of complete wireless connectivity within the hospital. The UCLA campus is also engaged in a project to upgrade the network connectivity throughout the campus with the aim of providing a minimum of 10Mbps bandwidth from desktop to desktop within any two locations on campus. Planning is underway to further enhance this capability with wireless connectivity. These two technology initiatives provide a unique opportunity to insert the iMASH technology in widespread use within the UCLA campus, and subsequently to other locations.

Interdomain routing performs the critical function of gluing together individual pieces of the Internet topology to create a connected data delivery infrastructure. Today this critical function is performed by the Border Gateway Protocol (BGP) [rfc1771] which establishes reachability information among Autonomous Systems (ASes). However despite its importance, current measurements and analysis have not led to a basic understanding of BGP's dynamics, performance under stress, fundamental weaknesses, and potential breaking points (if any). Although a few data collection points have been set up in the last few years
[ipe,routeviews], the routing data collected by these measurement points are mixed with measurement artifacts [ftntalk], thus the data do not necessarily reflect the protocol's behavior in actual operation.

In order for the Internet to continue its unprecedented growth, the interdomain routing protocol must continue to evolve to meet ever increasing and sometimes contradictory requirements. There is a general belief that the current BGP routing protocol may be unable to meet its new requirements (for instance, accomodating the sharp increase in use of site multi-homing, which keeps routing tables from optimally small sizes[huston:scale:2001]). BGP is generally thought to be reaching the end of its useful lifetime, although this has not been validated by analysis or measurements [nimrod,irtfrr,huitema:ipng,huston:scale:2001]. Due to the lack of a shared understanding of the problem and lack of sufficient data and analysis, there is no consensus on where/when BGP collapses and what (if anything) should be done.

To address the above critical questions facing interdomain routing, the researchres have assembled a team with research and operational experience, and expertise in network protocols, algorithms, modeling and analysis. The resarchers have identified the following fundamental technical requirements that the global routing must meet: it must scale in order to handle the growth (both in the number of users and in the richness of connectivity); security and resilience are critical issues, so it must continue to function in face of ever increasing faults and attacks; it must be able to fully utilize the rich Internet connectivity; and it must both allow network operators to apply various policy constraints and implementors to easily extend the protocol's functionality when needed.

Based on the above criteria the researchers propose to tackle the challenge with the following 3 steps. (1) Develop measurement methodologies and collect data necessary to understand the current BGP operation, its overhead, dynamics under stress, potential vulnerabilities, inadequacies in functionality. The research will base this measurement effort on precise requirements that is identiied as lacking in existing data, such as for the data not to be collected over vulnerable multihop links [ftntalk]. A new effort at University of Oregon, separate from this proposal, is the measurement companion, if funded. (2) Guided by our measurement and analysis, evaluate several proposed design approaches, including meeting the requirements by tinkering with BGP, by a NIMROD-like [nimrod] maps-approach, by two different approaches to handling multihoming scalability, and by a Clean Slate approach of a complete BGP replacement. Each of these approaches emphasizes different aspects of the interdomain routing problem. The researchers believe there are fundamental trade-offs between many of the desired technical requirements and that these trade-offs are currently not well understood. The combination of measurement and rigorous analysis with a team including operations expertise will bring these trade-offs into clear view. (3) Based on the data analysis and design evaluations the researchers will produce a final approach as the recommendation for moving forward.

Through iterations of the above steps, the proposed research undertaking is expected to produce new understanding of current interdomain routing operations, their dynamics and resilience (or lack of it), and vulnerabilities; a new analysis will also be produced that draws on direct and intensive measurement and operations knowledge to capture the fundamental trade-offs among interdomain routing requirements; and a conclusion will be reached on how to meet the future Internet's interdomain routing needs.

The SGER proposal "Explorative Study: Design for Resiliency" describes design and analysis work targeted to the Internet's Domain Name System (DNS). DNS is a core underpinning service and protocol enabling name-to-address mappings for the Internet. Previous work in the community combined with recent measurements and analysis by the author reveal a number of weaknesses in DNS as it is deployed and configured by authoritative zones. These weaknesses stem from both an original design that considered only physical errors in the infrastructure, and a set of inefficiencies and breakage resulting directly from misconfiguration and human error. This study will explore a re-design of DNS based on principles of resiliency in the protocol. The new design will be analyzed comparatively to today's existing system and known vulnerabilities will be applied in the assessment. An amendment to the SGER proposal applies recent DNS measurement and analysis to the addition of several DNS-specific tools that provide automated checking for DNS configuration problems through active measurement, zone file checks and DNS protocol enhancement.

Proposal: 0524854

Title: CT-ISG Collaborative Research: DNS Security Revisited: Enabling Cryptographic Defenses in Large-Scale Distributed Systems

PIs: Lixia Zhang (UCLA), Songwu Lu (UCLA), and Dan Massey (Colorado
State)

The Domain Name System (DNS) is a core Internet protocol and virtually all Internet applications rely on some form of DNS data. This project is identifying and addressing fundamental technical challenges in deploying the DNS Security Extensions (DNSSEC) in the global Internet. DNSSEC aims at enhancing DNS with data origin authentication and data integrity checking by applying well defined cryptographic solutions, however a number of system issues have arisen in the process of moving the cryptographic solution to real deployment. This project is first conducting a systematic assessment of the gap between the DNSSEC specification and the deployment constraints. For each identified technical challenge, the project is proposing, implementing, and evaluating specific solutions and then integrating such solutions into a unified design improvement.

DNSSEC deployment is critical to enhanced security in cyberspace, and this effort will help move it forward by overcoming existing roadblocks, foreseeing new obstacles on the road, and developing enabling techniques to clear these obstacles. The project will also extrapolate a set of lessons and principles on major challenges in deploying cryptographic protection in large scale systems, which will hopefully provide input into other cryptographic deployment effort, such as the global routing system.

Abstract

Program: NSF 04-588 CISE Computing Research Infrastructure
Title: CRI Collaborative Research: Building the Next-Generation Global Routing Monitoring System

Lead Proposal: CNS-0551725
PI: Massey, Daniel F.
Institution: Colorado State University

Proposal: CNS-0551661
PI : Meyer, David M.
Institution: University of Oregon

Proposal: CNS-0551541
PI : Wang, Lan
Institution: University of Memphis

Proposal: CNS-0551736
PI : Zhang, Lixia
Institution: University of California-Los Angeles


Researchers at the University of Oregon, Colorado State University, University of Memphis, and University of California at Los Angeles will develop the next generation of the RouteViews system as a community resource to provide the most needed data to networking researchers and educators and network operators. RouteViews provides data on routing in the global Internet and tracks changes at Internet nodes. The project builds upon the existing RouteViews data collection system that was launched in 1998. That system archives routing data from the global Internet and was originally intended as a tool for network operators. Over the last few years, the RouteViews archive has quickly become a major data source for the network research community and numerous recent network routing research projects have benefited from it. These projects range from network topology measurement and routing stability analysis to network diagnosis, anomaly detection, and new routing protocol designs. RouteViews data is also starting to appear in classrooms and has potential for use in both graduate and undergraduate education. This project will address weaknesses in the initial implementation both in the system architecture and the quality of data collected. The investigators will replace the current router software package with an extensible data collector, rebuild the data archive with a new standard format, and provide real-time distribution of the global routing information.

0520349
0520318

Inter-domain routing can be viewed as a means to implement economic relationships among competing ISPs. Examination of technical details of the BGP routing protocol alone is insufficient to understand the current behavior, or predict future requirements, of global connectivity without taking into account the dynamics of the economic relationships they implement.

A full account of the shortcomings of BGP, and proposals to modify it, must be developed rigorously with a clear understanding of the kinds of economic relationships and service models that it can and cannot implement well. The goal of this project is to develop a theoretical framework together with experimental capability to understand, predict, and design the interplay between economics and technologies that implement Internet connectivity. The principal investigators' (PIs) unique angle is an optimization perspective to inter-domain routing where profit maximization, physical connectivity, and AS pricing interact with routing decisions, peering structure, resource constraints, and traffic matrix. The PIs will develop mathematical models that capture the interactions between routing and economics, characterize the basic structures of BGP equilibrium and dynamics, discover and verify these properties in the operational Internet, and derive practical design and operation guidelines and algorithms.

Broader Impact: Through this research, the PIs will educate a new generation of network researchers with not only strong practical skills, but also the ability and the habit of applying rigorous mathematical techniques to solve a wide range of engineering problems. They can make unique and broad impact to both the academia and the industry.

The eFIT (Enabling Future Internet innovations through Transit wire) project aims to enable future innovations by ensuring strong universal connectivity at the architectural level. Innovations are enabled by the abundant and affordable computing resources provided by Moore's Law, and universal connectivity provided by the Internet. Computing resources are likely to become more plentiful and affordable, but the universal connectivity provided by the Internet is facing major challenges, as demonstrated by the prevalent use of network address translation (NAT) and accelerated growth of the global routing table. The current Internet architecture provides end-to-end connectivity by putting both user networks and Internet service providers (ISPs) in the same address and routing spaces. User networks and ISPs have different purposes, distinct characteristics, and are moving in almost opposite technological directions. However the inter-dependency between network users and ISPs imposed by the existing architecture creates a major roadblock to future Internet innovations.

When a system grows larger in size by orders of magnitude, a change in form becomes necessary. The eFIT design enables innovation by first focusing on universal connectivity. eFIT places user networks and provider networks in different address and routing spaces, removing the inter-dependency between the two worlds. With eFIT, users can simply treat the Internet transit core as a transit wire with strong universal connectivity, while providers are insulated from the various problems caused by explosive growth in user networks. Therefore both users and providers will be able to innovate freely on their own without any architectural constraints.

Broader Impact: This new architecture design will have a broad impact on the research community, service providers, and Internet users. eFIT enables graduate students to explore new directions for fundamental problems such as security. Even more broadly, it will liberate Internet users from the current architectural constraints and encourage a new wave of application innovations.

While the Internet has far exceeded expectations, it has also stretched initial assumptions, often creating tussles that challenge its underlying communication model. Users and applications operate in terms of content, making it increasingly limiting and difficult to conform to IP's requirement to communicate by discovering and specifying location. To carry the Internet into the future, a conceptually simple yet transformational architectural shift is required, from today's focus on where ? addresses and hosts ? to what ? the content that users and applications care about.
This project investigates a potential new Internet architecture called Named Data Networking (NDN). NDN capitalizes on strengths ? and addresses weaknesses ? of the Internet's current host-based, point-to-point communication architecture in order to naturally accommodate emerging patterns of communication. By naming data instead of their location, NDN transforms data into a first-class entity. The current Internet secures the data container. NDN secures the contents, a design choice that decouples trust in data from trust in hosts, enabling several radically scalable communication mechanisms such as automatic caching to optimize bandwidth. The project studies the technical challenges that must be addressed to validate NDN as a future Internet architecture: routing scalability, fast forwarding, trust models, network security, content protection and privacy, and fundamental communication theory. The project uses end-to-end testbed deployments, simulation, and theoretical analysis to evaluate the proposed architecture, and is developing specifications and prototype implementations of NDN protocols and applications.

This project is to develop a global scale IPv6 monitoring system that will track IPv6 address allocations, IPv6 routing announcements, the topological connectivity of IPv6-capable networks, and IPv6 reachability in the data plane, all at the global scale. Each of these metrics is useful in tracking IPv6 deployment, but the right combination of control plane metrics and data plane metrics has the potential to provide a comprehensive overview of IPv6 deployment successes and obstacles. Lessons learned in monitoring IPv4 infrastructure will be applied, but monitoring IPv6 deployment poses a number of unique challenges and unknowns. At this early stage of IPv6 deployment, it is particularly important to provide data plane information that can complement the control plane information. This project will develop an innovative technique that measures IPv6 coverage and reachability by using active probes to DNS servers. This approach leverages our existing DNS monitoring infrastructure and will allow us to test reachablity in both IPv6-IPv6 and IPv6-IPv4 scenarios. If successful, the results will provide detailed information for researchers and operators faced with specific measurement questions and also provide a global perspective that is meaningful to those searching for IPv6 deployment challenges. The results will not only provide the latest snapshot of IPv6 rollout but will also help identify open issues and potential obstacles to facilitate IPv6 deployment.

This exploratory project applies the design approach of Named Data Networking (NDN) to generate benefits for cyberphysical systems (CPS). NDN is an emerging network architecture that shifts the thin waist of the Internet from IP's host-centric model to a data-centric model. It uses names to directly fetch data and binds names to data with cryptographic signatures. The project uses Building Automation Systems (BAS) as a driver and representative case of CPS encompassing the control, monitoring and management of heating, ventilation and air conditioning (HVAC), lighting, water, physical access control and other building systems. It will evaluate whether, in such real-world building automation systems, NDN can provide: (1) quantifiably better performance and reliability characteristics; (2) equivalent or better functionality for device addressing as typical middleware and application-specific protocols; (3) reduced application development complexity; (4) authentication, verification, and access control through fundamental NDN capabilities and strategies. The project also considers NDN device and service naming approaches that provide new functionality. To provide an environment on which to build and evaluate NDN support for BAS, the project will deploy a closed loop control system on the NDN testbed consisting of industry-standard electrical demand monitoring and lighting control.

Broader Impact: Cyberphysical systems are a new and rapidly progressing frontier in the broad use of computing technologies for critical infrastructure. However, existing CPS can be complex, often difficult to build and maintain, brittle to changes and vulnerable to faults resulting in potentially large impacts. This effort aims to pave a new direction that enables rapid development of reliable and secure CPS, and to bridge CPS with traditional IT for applications including energy management, remote operation, monitoring and data mining, and new types of human-computer interaction.

Abstract: RouteViews is a system for systematically collecting data on the routes (the paths by which data gets from point A to point B) used by Internet traffic. It has played a critical role in the study of significant events, such as large scale outages, that have taken place in the Internet. The RouteViews data archives are the most widely used source of Internet routing data for the computer networking, network operations and network security communities. They are also increasingly being used in studies of network topological growth and network economics. However, access to the RouteViews data has been challenging to new users since the data is current structured as flat binary files with no simple interfaces for searching or accessing the data.

This project will design and implement database access to the RouteViews data, and will develop simple interfaces and tools for accessing the data. The resources used to acquire and store the data will also be expanded. The project will open up the use of routing data to a broader community including undergraduate education. It will work with the community to raise awareness about the potential uses of routing data in research and education, and will promote the use of the new access methods.

The project will expand routing data collection, will make it easier to access the collected data and will benefit networking research, network operations and network security.

Named Data Networking (NDN) is a Future Internet Architecture inspired by years of empirical research into network usage and a growing awareness of unsolved problems in IP. Its premise is that the Internet is primarily used as an information distribution network, which is not a good match for IP, and that the future Internet's "thin waist" should be based on named data rather than numerically addressed hosts. This proposal continues research started in 2010 under NSF's FIA program. It applies the principal investigators' (PIs) increasing understanding of NDN opportunities and challenges to two national priorities--Health IT and Cyber-physical Systems--to further evolve the architecture in the experimental manner that has proven successful. The research agenda is organized to translate key results in architecture and security into library code that guides application development towards native NDN designs. It simultaneously continues fundamental research into the challenges of global scalability and opportunities for innovation created by "simply" routing and forwarding data based on names.

The NDN research agenda includes: 1) Applications--exploring naming and application design patterns; rendezvous, discovery and bootstrapping; the design of in-network storage; and use of new synchronization primitives; 2) Security & trustworthiness--providing basic building blocks of key management, trust management, and encryption-based access control, and anticipating future security challenges; 3) Routing and forwarding strategy--developing and evaluating path-vector, link-state, and hyperbolic options for inter-domain routing, addressing routing security and trust, and designing fast forwarding and mobility support; 4) Scalable forwarding--aiming to support real-world deployment, evaluation and adoption via an operational, scalable forwarding platform; 5) Libraries & tools--developing reference implementations based on the team's fundamental results; 6) Social & economic impacts--considering specific questions of the target environments and broader ones arising in a "World on NDN." The PIs choose Mobile Health and Enterprise Building Automation & Management Systems as specific environments to validate the architecture and drive new research. Domain experts will be 1) Open mHealth, a non-profit patient-centric ecosystem led by Deborah Estrin (Cornell) and Ida Sim (UCSF); and 2) UCLA Facilities Management, operators of the second largest Siemens building monitoring system on the West Coast. To guide research on the security dimensions of these environments and NDN more generally, the NDN team has convened a Security Advisory Council to complement its own effort.

Intellectual Merit: NDN builds on lessons learned from the success of IP, preserving the thin waist, hierarchical naming, and end-to-end principles. The design recognizes the major shift in the applications communication model, from the "where" (i.e., the host/location) to the "what" (i.e., the content). Architecting a communications infrastructure around this shift can radically simplify application designs, enabling them to communicate directly using content names they desire and leaving it to the network to figure out how and from where to retrieve it. NDN also recognizes that the biggest weakness in the current Internet architecture is lack of security, and incorporates a fundamental building block to improve security by requiring that all content be signed.

Broader Impacts: The success of new architectures requires community involvement and uptake. NDN has built momentum through a commitment to an open source model that has spurred substantial research activity in both architecture and current implementation. Project members are often invited to present at "future Internet" meetings around the world, and the PIs have performed high-visibility demos of NDN's ability to handle large scale distribution. Industry is also showing increasing participation. Finally, NDN has significantly impacted students, generating several Ph.D. theses, related industry internships, and both graduate and undergraduate classes that can now present a comprehensive alternative to IP to stimulate discussion of what network architecture design really means.

With the fast growth of smart appliances and smart devices at home, the concept of smart home has come a long way in recent years. As a result, home networking is transforming from the connection of one or at most a few user computers using the simplest local area network to one of the most heterogeneous networks supporting intelligent applications. For example, in recent years, many home appliances and devices are equipped with networking capabilities that enable remote management, such as power plugs that can be remotely turned on and off, thermostats that can be remotely adjusted, door locks that allow keyless entry, and surveillance systems for remote monitoring. These and other changes, such as wearable devices that may frequently move in and out of the home, are likely to revolutionize how we live. This emerging smart home environment, however, poses serious challenges to conventional TCP/IP based technologies because smart home networking has fundamentally different characteristics that are not seen from conventional IP networks including, for example, the absence of an operator, high degrees of device heterogeneity, and a need for strong security, privacy, minimal configuration, and self-management. Until recently advances in smart home networking and home Internet of Things have been largely stove-pipe solutions with little focus on interoperability across products or integration in design.

The Named Data Networking architecture (NDN), with its data-centric approach, includes benefits such as address independence, built-in security, and in-network storage and shows great potential to address the unique challenges of home networking. This project aims to formulate important research questions about smart home networking, explore NDN's unique advantages in addressing the challenges, and identify directions for potential solutions. The plan to achieve these goals is by experimenting with two prototype application systems -- home lighting control and home video surveillance -- trying out different designs, and eventually generalizing what is learned to other applications. Using the two prototype systems, the project will explore approaches for device bootstrapping, device actuation, data publishing and consuming, network management, and a gateway to the public Internet. The results will be used to feedback into the NDN architectural design as well. If successful, this effort could pave the way towards exciting, novel solutions to smart home networking and application deployment.

This project develops viable, long-term solutions to an emerging network environment that has been recognized by many industry experts. Since there is no mature IP-based solution on the market yet, an NDN-based solution could have significant impact. If successful this research might also provide a path for NDN deployment. The deployment of home networks does not require coordination among external networks, and because individuals can deploy NDN (and enjoy its benefits) in their homes even if their neighbors do not, individuals can potentially provide a realistic, grassroots deployment scenario for NDN rollout.

The goal of this project is to support the evaluation, experimentation, and further development of the Named Data Networking (NDN) architecture through building the core NDN infrastructure as a community resource, serving to advance research in the Information-Centric Networking (ICN) paradigm.

Named Data Networking (NDN) is a new Internet architecture that replaces today's architectural focus on "where'', i.e., the addresses and hosts of Internet Protocol (IP), with "what'', i.e., the content that users and applications care about. This fundamental shift brings profound impacts on enhancing Internet security, enabling mobility support, scaling content distribution, and facilitating new application development. NDN has attracted researchers from around the world, both in academia and industry, to explore all aspects of its design, implementation, and applications. It is a very prominent realization of the vision for Information-Centric Networking (ICN), around which a growing research community has formed over the past several years.

A full exploration and examination of future Internet architecture designs like NDN, and ICN more broadly, require working prototypes, evaluation tools, and experimentation platforms, which are the core infrastructure that this project aims to develop. More specifically, building upon the existing NDN research, this project will develop for the research community more robust, extensible, and well-documented implementations of the (i) NDN software forwarder providing core network functionality, (ii) libraries of essential features to support application development, (iii) a routing protocol to connect NDN nodes, (iv) NDN simulator and emulator packages, lab testbed, and global testbed for realistic evaluations and experimentation, and (v) demonstration kits, tools, documentations, and tutorials.

Broader Impacts: As the first comprehensive infrastructure to support NDN and ICN research, it will make significant impacts in several ways. First, by making NDN systems available on multiple platforms and accessible to all interested researchers and students, this infrastructure will enable new research opportunities and help grow the research community. Second, through venues such as academic conferences, community meetings, and the open-source development approach, the research community will be involved in both the development and the use of the infrastructure, contributing to and benefiting from the success of the project. Finally, the development and the use of the infrastructure provide a great education opportunity to train graduate and undergraduate students in thinking forward while experimenting with a running system.

Technological advances have moved society into an exciting era of mobile computing. Our daily lives can be further enriched by a new generation of mobile applications, such as augmented reality (AR) which broadens one's real-world perception by harmonizing sound, image, video, and sensors from multiple sources to aid comprehension and navigation. However, today's Internet operates with the address-based TCP/IP protocol architecture developed 40 years ago, which greatly limits the full promises of these new applications. Thus, current AR implementations face challenges in performance, scalability and availability upon disasters. This proposed research project (ICE-AR) aims to develop a new wireless network architecture to address these limitations and provide pervasive support for these emerging applications.

The ICE-AR project team will apply and extend six years of research efforts on Named Data Networking (NDN), a realization of the Information Centric Networking (ICN) vision, to create this new architecture. The design emphasizes application-level data naming, data-centric security and computing, asynchronous publishing and consumption, and efficient use of local and proximate resources. The architecture will unify latest advances in wireless communication with domain-specific computing technologies to accelerate AR at the wireless edge and deliver robust performance, with or without the pre-deployed infrastructure support.

The mGuard project aims to address two major data access challenges in sharing mobile health (mHealth) data among researchers who investigate a wide range of health and wellness issues: (1) because wearable sensor data may expose privacy-sensitive information about a user, they should be accessed only by authorized users; currently this access control is largely handled manually, incurring high overhead and subject to human errors; and (2) to enable real-time intervention for certain medical conditions, researchers need to retrieve and process the sensor data in real-time, which is not supported at this time.

mGuard tackles the above challenges by utilizing the results from the NSF-supported Named Data Networking (NDN) initiative, in particular the solutions that automate the cryptographic key management for data access control (name-based access control, or NAC) and the solutions that enable real-time synchronization among distributed datasets (NDN Sync). First, mGuard utilizes and extends NDN NAC to automate fine-grained access control of confidential data to authorized researchers. Second, it utilizes NDN Sync to provide real-time data production notification; based on this, it enables applications to publish and subscribe to data in real time by directly using MD2K data names. These new capabilities will be deployed in the MD2K cyberinfrastructure.

This effort enables the Mobile Sensor Data-to-Knowledge (MD2K) Center (supported by the National Institute of Health) to share its data securely and in real time with a large number of mHealth researchers. The transformative potential of mGuard thus extends across many types of digital interventions and many health domains. mGuard also encourages researchers in other areas of data-intensive applications to explore NDN?s data-centric solutions. To train the next generation, mGuard is creating undergraduate and graduate education materials including concrete examples and hands-on exercises, as well as training and outreach activities through online seminars, conference tutorials, mHealth training institute, and summer camps.

The mGuard project website is https://mguard.md2k.org. Published papers are maintained through the mGuard website, NDN website (https://named-data.net/), MD2K website (https://md2k.org), and publishers? websites. All of the software produced by the project is maintained in the NDN GitHub (https://github.com/named-data) and mHealthHUB (https://mhealth.md2k.org/). Curriculum materials, program documentations, and user manuals are maintained on the mGuard project website. The trace data, simulation code, and evaluation results will be maintained on mGuard internal servers for a period of at least 10 years. Investigators will archive data, samples, and other research products, and preserve access to them at least five years beyond the project?s end date, subject to resource availability.

This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

The project, N-DISE (Named Data Networking for Data Intensive Science Experiments), aims to accelerate the pace of breakthroughs and innovations in data-intensive science fields such as the Large Hadron Collider (LHC) high energy physics program and the BioGenome and human genome projects. Based on Named Data Networking (NDN), a data-centric architecture, N-DISE will deploy and commission a highly efficient and field-tested petascale data distribution, caching, access and analysis system serving major science programs.

The N-DISE project will design and develop high-throughput caching and forwarding methods, containerization techniques, hierarchical memory management subsystems, congestion control mechanisms, integrated with Field Programmable Gate Arrays (FPGA) acceleration subsystems, to produce a system capable of delivering LHC and genomic data over a wide area network at throughputs approaching 100 Gbits per second, while significantly decreasing download time. In addition, N-DISE will utilize NDN's built-in data security support to ensure data integrity and provenance tracing. N-DISE will leverage existing infrastructure and build an enhanced testbed with four additional high performance NDN data cache servers at participating institutions.

N-DISE will provide a field-tested working prototype of a multi-domain data distribution and access system offering fast access and low cost, as well as data integrity and provenance, to many data-intensive science and engineering fields. The project plans to hold annual workshops and hackathons to train students, postdocs, and other researchers on NDN architectural design, algorithms, as well as implementation methodologies for specific data-intensive science environments. The project will undertake initiatives for actively involving under-represented groups, and for educational outreach to K-12 students.

N-DISE will maintain a GitHub repository at https://github.com/neu-yehlab/n-dise. The repository will host up-to-date publications, code, data, results, and simulators. The repository will be maintained by the team for at least three years beyond the duration of the project.

This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

Big science communities routinely publish and share vast amounts of data. Scalable, resilient, interoperable and controllable access to published data is essential to support data ­intensive science and engineering research. To facilitate scientific data publication and accessibility, this project aims to create a secure, resilient, and distributed data storage framework, Hydra, that enables scientific communities to build a loose federation of data repositories potentially owned by multiple administrative entities.

By taking a data-centric approach and leveraging the Named Data Networking (NDN) primitives, Hydra provides a generic software framework that allows scientists to publish datasets easily with data-centric security, automated access control, and automated data replication. It also facilitates access to data published on Hydra as well as other existing data repositories. The project team aims to test Hydra using NSF's FABRIC testbed and utilize its built-in logging capability to verify and validate its usability, scalability, and security.

Hydra enables secure and scalable data access to alleviate the publication, data access, and security problems currently faced by a large number of scientific communities. Hydra has the potential to benefit scientific communities such as climate, meteorology, astrophysics, geology, and more through streamlined data publication, built-in data authenticity and access control, improved availability, and reduced network traffic.

The publicly available website for this project is https://hydra-repo.io. This website maintains pointers to various repositories that host up-to-date codebase, user documentation, hydra-repo operational data logs, and publications. This website will be available at least three years beyond the project's duration.

This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.