 |
Mohamed Ali (Dali) Kaafar
INRIA Rhone-Alpes,
email: kaafar AT inrialpes.fr
|
Research
Projects
ANA

Autonomous Network Architecture
OneLab

Open Networking Laboratory
OSCAR

Anomaly detection in overlay networks
MUSE

Multi Service Access Everywhere

Network of Excellence in
Emerging Networking
Experiments and Technologies
|
|
|
|
|
Research Activities (not updated ! shame on me...)
My researh interests
lie mainly in the areas of network security and anomaly detection,
overlay networks, but also other networkin domains like security of
wireless ad-hoc and sensors networks.
|
Anomaly detection and Security of Coordinates-based embedding systems
Internet
coordinates-based systems allow easy network positioning. In such
systems, the thesis is that if network distances between Internet nodes
can be embedded in an appropriate space, unmeasured distances can be
estimated using a simple distance computation in that space. Recently,
these
coordinates-based systems have been shown to be accurate, with very low
distance prediction error. However, these systems often rely on nodes
coordination and assume that information reported by probed nodes is
correct.
We had a few pioneer research contribution is this domain, by
identifying different attacks against coordinates embedding systems and
studying the impact of such attacks on two recently proposed
representative positioning systems, namely Vivaldi and NPS. Then, we
was the first to propose a general method for malicious behavior
detection in these systems.
This work focused then first, on identifying and studying the impact of
attacks on coordinates-embedding systems. In collaboration with
LaurentMathy (from Lancaster University, U.K), I identified first and
then, quantified the effects of attack strategies that aim to (i)
introduce disorder in the system, (ii)
fool honest nodes to move far away from their correct positions and
(iii) isolate particular target nodes in the system through collusion.
The second part consisted in securing the Coordinate embedding systems,
by proposing a general method for malicious behavior detection during
coordinate computations. In collaboration with Laurent Mathy,
Kavé Salamatian, (from LIP6, France and EPFL, Switzerland), and
Chadi Barakat
(INRIA Sophia Antipolis, France), we first showed that the dynamics of
a node, in a coordinate system can be modeled by a Linear State Space
model and tracked by a Kalman filter. Then we proposed and implemented
a way to filter out abnormal or malicious activity in Internet
coordinate
systems.
Finally, we addressed the issue of asserting the accuracy of Internet
coordinates advertised by nodes of Internet coordinate systems during
distance estimations. Indeed, some nodes may even lie deliberately
about their coordinates to mount various attacks against applications
and overlays.
Our proposed method consists in 1) establishing the correctness of a
node’s claimed coordinate by using our previously proposed
abnormal behavior detection; and 2) issuing a time limited validity
certificate for each verified coordinate, based on an analysis of
coordinate inter-shift times observed
by trusted entities.
|
Supporting large-scale overlay multicast networks
This work deals with scalability issues in overlay mulicasting approaches. we proposed a highly scalable locating algorithm that gradually directs newcomers to a set of their closest nodes without inducing high overhead. Based on this locating process, we built a robust and scalable topologyaware
clustered hierarchical overlay scheme, called LCC. We implemented LCC as a library that includes wrappers of common MBone conferencing applications allowing hybrid-multicast deployment. The implementation is available for download at http://planete.inria.fr/software/LCC/
|
Overlay multicast deployment in ad-hoc networks
In
this work, we were dealing with mobility issues to construct
topology-aware multicast trees in adhoc environments. In collaboration
with Prof. F. Kamoun (from ENSI, Tunisia), co-advising a PhD student
(Cyrine Mrabet), we proposed a novel distributed algorithm that
exploits a few properties of
IP-routing
to extract underlying topology information. The idea is to match
nodes’ path to the source in order to detect near neighbors in
the physical topology. Then, in a dynamic and decentralized way, we
construct a minimum cost mobility-aware delivery tree, connecting nodes
that are close to each other.
|
Authentication in IEEE 802.11 Wireless networks
This contribution was a part of my master thesis, and addressed issues
related to authentication in WLAN environments, with emphasis on the
IEEE 802.11 standard. In collaboration with Dr. Davor Males (LIP6, Fr),
we proposed an authentication architecture, based on the Kerberos
authentication server and the IEEE 802.1x-EAP model, in order to
satisfy both security and mobility needs. Results based on real
deployment of such scheme show that it does not only provide a mean of
mutual authentication and secure communications, but also manages fast
and secure Hand-Overs. |
|
|
Understanding Triangle Inequality violations in the Internet and their Impact on Internet coordinates systems
This work is focusing on the Triangle Inequality Violation
phenomena in the Internet, often caused by Routing policies or path
inflation. In network coordinate systems, such Triangle Inequality
Violations (TIVs) will introduce inaccuracy, as nodes in this
particular case could not
be embedded into any metric space. In collaboration with Dr. Bamba
Gueye, Dr. Laurent Mathy and Prof. Guy Leduc and co advising Francois
Cantin (PhD student in the RUN team), we consider these TIVs as an
inherent and natural property of the Internet; rather than trying to
remove them, we consider characterizing them and mitigating their
impact on distributed coordinate systems. In a first step, we study
TIVs existing in the Internet, using different metrics in order to
quantify various levels of TIVs’ severity. Our results show that
path lengths do have an effect on the impact of these TIVs. In
particular, the shorter the link between any two nodes is, the less
severe TIVs involved in are. In a second step, we do leverage our study
to reduce the impact of TIVs on coordinate systems. We focus on the
particular case of the Vivaldi coordinate system and we explore how
TIVs may impact its accuracy and stability. In particular, we observed
correlation between the (in)stability and high effective error of
nodes’ coordinates with respect to their involvement in TIVs
situations. We finally propose a Two-Tier architecture opposed to a
flat structure of Vivaldi that do mitigate the effect of TIVs on the
distances predictions. |
|
|
|
|
|