ulg logotitre
fr   /   en


Mohamed Ali (Dali) Kaafar
INRIA Rhone-Alpes,
  kaafar AT inrialpes.fr

Research Projects

Autonomous Network Architecture


Open Networking Laboratory

Anomaly detection in overlay networks


Multi Service Access Everywhere


Network of Excellence in
Emerging Networking
Experiments and Technologies

home curriculum project publications teaching    
Research Activities (not updated ! shame on me...)

My researh interests lie mainly in the areas of network security and anomaly detection, overlay networks, but also other networkin domains like security of wireless ad-hoc and sensors networks. 
    Anomaly detection and Security of Coordinates-based embedding systems

Internet coordinates-based systems allow easy network positioning. In such systems, the thesis is that if network distances between Internet nodes can be embedded in an appropriate space, unmeasured distances can be estimated using a simple distance computation in that space. Recently, these
coordinates-based systems have been shown to be accurate, with very low distance prediction error. However, these systems often rely on nodes coordination and assume that information reported by probed nodes is correct.
We had a few pioneer research contribution is this domain, by identifying different attacks against coordinates embedding systems and studying the impact of such attacks on two recently proposed representative positioning systems, namely Vivaldi and NPS. Then, we was the first to propose a general method for malicious behavior detection in these systems.

This work focused then first, on identifying and studying the impact of attacks on coordinates-embedding systems. In collaboration with LaurentMathy (from Lancaster University, U.K), I identified first and then, quantified the effects of attack strategies that aim to (i) introduce disorder in the system, (ii)
fool honest nodes to move far away from their correct positions and (iii) isolate particular target nodes in the system through collusion.

The second part consisted in securing the Coordinate embedding systems, by proposing a general method for malicious behavior detection during coordinate computations. In collaboration with Laurent Mathy, Kavé Salamatian, (from LIP6, France and EPFL, Switzerland), and Chadi Barakat
(INRIA Sophia Antipolis, France), we first showed that the dynamics of a node, in a coordinate system can be modeled by a Linear State Space model and tracked by a Kalman filter. Then we proposed and implemented a way to filter out abnormal or malicious activity in Internet coordinate

Finally, we addressed the issue of asserting the accuracy of Internet coordinates advertised by nodes of Internet coordinate systems during distance estimations. Indeed, some nodes may even lie deliberately about their coordinates to mount various attacks against applications and overlays.
Our proposed method consists in 1) establishing the correctness of a node’s claimed coordinate by using our previously proposed abnormal behavior detection; and 2) issuing a time limited validity certificate for each verified coordinate, based on an analysis of coordinate inter-shift times observed
by trusted entities. 

    Supporting large-scale overlay multicast networks

This work deals with scalability issues in overlay mulicasting approaches. we proposed a highly scalable locating algorithm that gradually directs newcomers to a set of their closest nodes without inducing high overhead. Based on this locating process, we built a robust and scalable topologyaware
clustered hierarchical overlay scheme, called LCC. We implemented LCC as a library that includes wrappers of common MBone conferencing applications allowing hybrid-multicast deployment. The implementation is available for download at 

    Overlay multicast deployment in ad-hoc networks

In this work, we were dealing with mobility issues to construct topology-aware multicast trees in adhoc environments. In collaboration with Prof. F. Kamoun (from ENSI, Tunisia), co-advising a PhD student (Cyrine Mrabet), we proposed a novel distributed algorithm that exploits a few properties of
IP-routing to extract underlying topology information. The idea is to match nodes’ path to the source in order to detect near neighbors in the physical topology. Then, in a dynamic and decentralized way, we construct a minimum cost mobility-aware delivery tree, connecting nodes that are close to each other. 

    Authentication in IEEE 802.11 Wireless networks

This contribution was a part of my master thesis, and addressed issues related to authentication in WLAN environments, with emphasis on the IEEE 802.11 standard. In collaboration with Dr. Davor Males (LIP6, Fr), we proposed an authentication architecture, based on the Kerberos authentication server and the IEEE 802.1x-EAP model, in order to satisfy both security and mobility needs. Results based on real deployment of such scheme show that it does not only provide a mean of mutual authentication and secure communications, but also manages fast and secure Hand-Overs. 
    Understanding Triangle Inequality violations in the Internet and their Impact on Internet coordinates systems

This work is focusing on the Triangle Inequality Violation phenomena in the Internet, often caused by Routing policies or path inflation. In network coordinate systems, such Triangle Inequality Violations (TIVs) will introduce inaccuracy, as nodes in this particular case could not
be embedded into any metric space. In collaboration with Dr. Bamba Gueye, Dr. Laurent Mathy and Prof. Guy Leduc and co advising Francois Cantin (PhD student in the RUN team), we consider these TIVs as an inherent and natural property of the Internet; rather than trying to remove them, we consider characterizing them and mitigating their impact on distributed coordinate systems. In a first step, we study TIVs existing in the Internet, using different metrics in order to quantify various levels of TIVs’ severity. Our results show that path lengths do have an effect on the impact of these TIVs. In particular, the shorter the link between any two nodes is, the less severe TIVs involved in are. In a second step, we do leverage our study to reduce the impact of TIVs on coordinate systems. We focus on the particular case of the Vivaldi coordinate system and we explore how TIVs may impact its accuracy and stability. In particular, we observed correlation between the (in)stability and high effective error of nodes’ coordinates with respect to their involvement in TIVs situations. We finally propose a Two-Tier architecture opposed to a flat structure of Vivaldi that do mitigate the effect of TIVs on the distances predictions.