BZPEERReading, trust and collaboration for research
Menu

Discover

GraphFollow connections around a paper, topic or saved view.

Workspaces

HomePick up where your research flow left off.InboxHandle requests, replies and notifications from one place.CollectionsCurate reading lists, evidence sets and shareable dossiers.ResearchSee your private provenance graph, trail and imports.CollaborationMove from discovery into focused discussion rooms.PublishDraft, preview and publish full-text research articles.

Network

ExpertsFind specialists worth following or asking for help.CommunitiesJoin research circles organized around shared work.PartnersSee external organizations active around the same topics.

Opportunities

ListingsBrowse roles, calls and collaborations with clearer fit signals.

Account

Log inReturn to your reading and collaboration workspace.Create accountStart saving work, following people and joining teams.
Log inCreate account

Researcher profile

Danilo Gligoroski

Danilo Gligoroski contributes to research discovery and scholarly infrastructure.

ResearcherAffiliation not importedOpen to collaborate
Information Theorymath.ITDistributed, Parallel, and Cluster ComputingCryptography and SecurityNetworking and Internet ArchitectureDatabases

Trust snapshot

Quick read

Trust 21 - EmergingVerification L1Unclaimed author
18works
0followers
6topics
4close collaborators

Actions

Decide how to stay connected

Follow researcher0

Identity and collaboration

How to connect with this researcher

Claiming links this public author record to a researcher profile and unlocks direct collaboration workflows.

Log in to claim

Direct collaboration

Open a focused conversation when the fit is right

Claim this author entity first to unlock direct invitations.

Research graph

See the researcher in context

Open full explorer

Inspect adjacent work, topics, institutions and collaborators without jumping out to a separate graph page.

Building this graph slice

BZPEER is loading the nearby papers, people, topics and institutions for this page.

Published work

18 published item(s)

preprint2022arXiv

DoS Attacks on Blockchain Ecosystem

Denial of Service (DoS) attacks are a growing threat in network services. The frequency and intensity of DoS attacks are rapidly increasing day by day. The immense financial potential of the Cryptocurrency market is a prevalent target of the DoS attack. The DoS attack events are kept on happening in cryptocurrencies and the blockchain ecosystem. To the best of our knowledge, there has not been any study on the DoS attack on the blockchain ecosystem. In this paper, we identify ten entities in the blockchain ecosystem and we scrutinize the DoS attacks on them. We also present the DoS mitigation techniques applicable to the blockchain services. Additionally, we propose a DoS mitigation technique by the use of verifiable delay function (VDF).

0 citations0 reviewsNo code linkedOpen access
preprint2022arXiv

Secure Service Implementation with Slice Isolation and WireGuard

Network slicing enables the provision of services for different verticals over a shared infrastructure. Nevertheless, security is still one of the main challenges when sharing resources. In this paper, we study how WireGuard can provide an encrypted Virtual Private Network (VPN) tunnel as a service between network functions in 5G setting. The open source management and orchestration entity deploys and orchestrates the network functions into network services and slices. We create multiple scenarios emulating a real-life cellular network deploying VPN-as-a-Service between the different network functions to secure and isolate network slices. The performance measurements demonstrate from 0.8 Gbps to 2.5 Gbps throughput and below 1ms delay between network functions using WireGuard. The performance evaluation results are aligned with 5G key performance indicators, making WireGuard suited to provide security in slice isolation in future generations of cellular networks.

0 citations0 reviewsNo code linkedOpen access
preprint2022arXiv

SoK: Decentralized Randomness Beacon Protocols

The scientific interest in the area of Decentralized Randomness Beacon (DRB) protocols has been thriving recently. Partially that interest is due to the success of the disruptive technologies introduced by modern cryptography, such as cryptocurrencies, blockchain technologies, and decentralized finances, where there is an enormous need for a public, reliable, trusted, verifiable, and distributed source of randomness. On the other hand, recent advancements in the development of new cryptographic primitives brought a huge interest in constructing a plethora of DRB protocols differing in design and underlying primitives. To the best of our knowledge, no systematic and comprehensive work systematizes and analyzes the existing DRB protocols. Therefore, we present a Systematization of Knowledge (SoK) intending to structure the multi-faced body of research on DRB protocols. In this SoK, we delineate the DRB protocols along the following axes: their underlying primitive, properties, and security. This SoK tries to fill that gap by providing basic standard definitions and requirements for DRB protocols, such as Unpredictability, Bias-resistance, Availability (or Liveness), and Public Verifiability. We classify DRB protocols according to the nature of interactivity among protocol participants. We also highlight the most significant features of DRB protocols such as scalability, complexity, and performance along with a brief discussion on its improvement. We present future research directions along with a few interesting research problems.

0 citations0 reviewsNo code linkedOpen access
preprint2020arXiv

A Cloud-based SDN/NFV Testbed for End-to-End Network Slicing in 4G/5G

Network slicing aims to shape 5G as a flexible, scalable, and demand-oriented network. Research communities deploy small-scale and cost-efficient testbeds in order to evaluate network slicing functionalities. We introduce a novel testbed, called 5GIIK, that provides implementation, management, and orchestration of network slices across all network domains and different access technologies. Our methodology identifies design criteria that are a superset of the features present in other state-of-the-art testbeds and determines appropriate open-source tools for implementing them. 5GIIK is one of the most comprehensive testbeds because it provides additional features and capabilities such as slice provision dynamicity, real-time monitoring of VMs, and VNF-onboarding to different VIMs. We illustrate the potentials of the proposed testbed and present initial results.

0 citations0 reviewsNo code linkedOpen access
preprint2020arXiv

Trends in Development of Databases and Blockchain

This work is about the mutual influence between two technologies: Databases and Blockchain. It addresses two questions: 1. How the database technology has influenced the development of blockchain technology?, and 2. How blockchain technology has influenced the introduction of new functionalities in some modern databases? For the first question, we explain how database technology contributes to blockchain technology by unlocking different features such as ACID (Atomicity, Consistency, Isolation, and Durability) transactional consistency, rich queries, real-time analytics, and low latency. We explain how the CAP (Consistency, Availability, Partition tolerance) theorem known for databases influenced the DCS (Decentralization, Consistency, Scalability) theorem for the blockchain systems. By using an analogous relaxation approach as it was used for the proof of the CAP theorem, we postulate a "DCS-satisfiability conjecture." For the second question, we review different databases that are designed specifically for blockchain and provide most of the blockchain functionality like immutability, privacy, censorship resistance, along with database features.

0 citations0 reviewsNo code linkedOpen access
preprint2020arXiv

Vulnerability Analysis of 2500 Docker Hub Images

The use of container technology has skyrocketed during the last few years, with Docker as the leading container platform. Docker's online repository for publicly available container images, called Docker Hub, hosts over 3.5 million images at the time of writing, making it the world's largest community of container images. We perform an extensive vulnerability analysis of 2500 Docker images. It is of particular interest to perform this type of analysis because the vulnerability landscape is a rapidly changing category, the vulnerability scanners are constantly developed and updated, new vulnerabilities are discovered, and the volume of images on Docker Hub is increasing every day. Our main findings reveal that (1) the number of newly introduced vulnerabilities on Docker Hub is rapidly increasing; (2) certified images are the most vulnerable; (3) official images are the least vulnerable; (4) there is no correlation between the number of vulnerabilities and image features (i.e., number of pulls, number of stars, and days since the last update); (5) the most severe vulnerabilities originate from two of the most popular scripting languages, JavaScript and Python; and (6) Python 2.x packages and jackson-databind packages contain the highest number of severe vulnerabilities. We perceive our study as the most extensive vulnerability analysis published in the open literature in the last couple of years.

0 citations0 reviewsNo code linkedOpen access
preprint2019arXiv

Expanded Combinatorial Designs as Tool to Model Network Slicing in 5G

The network slice management function (NSMF) in 5G has a task to configure the network slice instances and to combine network slice subnet instances from the new-generation radio access network and the core network into an end-to-end network slice instance. In this paper, we propose a mathematical model for network slicing based on combinatorial designs such as Latin squares and rectangles and their conjugate forms. We extend those designs with attributes that offer different levels of abstraction. For one set of attributes we prove a stability Lemma for the necessary conditions to reach a stationary ergodic stage. We also introduce a definition of utilization ratio function and offer an algorithm for its maximization. Moreover, we provide algorithms that simulate the work of NSMF with randomized or optimized strategies, and we report the results of our implementation, experiments and simulations for one set of attributes.

0 citations0 reviewsNo code linkedOpen access
preprint2019arXiv

SoK of Used Cryptography in Blockchain

The underlying fundaments of blockchain are cryptography and cryptographic concepts that provide reliable and secure decentralized solutions. Although many recent papers study the use-cases of blockchain in different industrial areas, such as finance, health care, legal relations, IoT, information security, and consensus building systems, only few studies scrutinize the cryptographic concepts used in blockchain. To the best of our knowledge, there is no Systematization of Knowledge (SoK) that gives a complete picture of the existing cryptographic concepts which have been deployed or have the potential to be deployed in blockchain. In this paper, we thoroughly review and systematize all cryptographic concepts which are already used in blockchain. Additionally, we give a list of cryptographic concepts which have not yet been applied but have big potentials to improve the current blockchain solutions. We also include possible instantiations of these cryptographic concepts in the blockchain domain. Last but not least, we explicitly postulate 21 challenging problems that cryptographers interested in blockchain can work on.

0 citations0 reviewsNo code linkedOpen access
preprint2018arXiv

An Explicit Construction of Systematic MDS Codes with Small Sub-packetization for All-Node Repair

An explicit construction of systematic MDS codes, called HashTag+ codes, with arbitrary sub-packetization level for all-node repair is proposed. It is shown that even for small sub-packetization levels, HashTag+ codes achieve the optimal MSR point for repair of any parity node, while the repair bandwidth for a single systematic node depends on the sub-packetization level. Compared to other codes in the literature, HashTag+ codes provide from 20% to 40% savings in the average amount of data accessed and transferred during repair.

0 citations0 reviewsNo code linkedOpen access
preprint2018arXiv

Network Traffic Driven Storage Repair

Recently we constructed an explicit family of locally repairable and locally regenerating codes. Their existence was proven by Kamath et al. but no explicit construction was given. Our design is based on HashTag codes that can have different sub-packetization levels. In this work we emphasize the importance of having two ways to repair a node: repair only with local parity nodes or repair with both local and global parity nodes. We say that the repair strategy is network traffic driven since it is in connection with the concrete system and code parameters: the repair bandwidth of the code, the number of I/O operations, the access time for the contacted parts and the size of the stored file. We show the benefits of having repair duality in one practical example implemented in Hadoop. We also give algorithms for efficient repair of the global parity nodes.

0 citations0 reviewsNo code linkedOpen access
preprint2017arXiv

Balanced Locally Repairable Codes

We introduce a family of balanced locally repairable codes (BLRCs) $[n, k, d]$ for arbitrary values of $n$, $k$ and $d$. Similar to other locally repairable codes (LRCs), the presented codes are suitable for applications that require a low repair locality. The novelty that we introduce in our construction is that we relax the strict requirement the repair locality to be a fixed small number $l$, and we allow the repair locality to be either $l$ or $l+1$. This gives us the flexibility to construct BLRCs for arbitrary values of $n$ and $k$ which partially solves the open problem of finding a general construction of LRCs. Additionally, the relaxed locality criteria gives us an opportunity to search for BLRCs that have a low repair locality even when double failures occur. We use metrics such as a storage overhead, an average repair bandwidth, a Mean Time To Data Loss (MTTDL) and an update complexity to compare the performance of BLRCs with existing LRCs.

0 citations0 reviewsNo code linkedOpen access
preprint2017arXiv

HashTag Erasure Codes: From Theory to Practice

Minimum-Storage Regenerating (MSR) codes have emerged as a viable alternative to Reed-Solomon (RS) codes as they minimize the repair bandwidth while they are still optimal in terms of reliability and storage overhead. Although several MSR constructions exist, so far they have not been practically implemented mainly due to the big number of I/O operations. In this paper, we analyze high-rate MDS codes that are simultaneously optimized in terms of storage, reliability, I/O operations, and repair-bandwidth for single and multiple failures of the systematic nodes. The codes were recently introduced in \cite{7463553} without any specific name. Due to the resemblance between the hashtag sign \# and the procedure of the code construction, we call them in this paper \emph{HashTag Erasure Codes (HTECs)}. HTECs provide the lowest data-read and data-transfer, and thus the lowest repair time for an arbitrary sub-packetization level $α$, where $α\leq r^{\lceil \sfrac{k}{r} \rceil}$, among all existing MDS codes for distributed storage including MSR codes. The repair process is linear and highly parallel. Additionally, we show that HTECs are the first high-rate MDS codes that reduce the repair bandwidth for more than one failure. Practical implementations of HTECs in Hadoop release 3.0.0-alpha2 demonstrate their great potentials.

0 citations0 reviewsNo code linkedOpen access
preprint2017arXiv

Repair Duality with Locally Repairable and Locally Regenerating Codes

We construct an explicit family of locally repairable and locally regenerating codes whose existence was proven in a recent work by Kamath et al. about codes with local regeneration but no explicit construction was given. This explicit family of codes is based on HashTag codes. HashTag codes are recently defined vector codes with different vector length $α$ (also called a sub-packetization level) that achieve the optimal repair bandwidth of MSR codes or near-optimal repair bandwidth depending on the sub-packetization level. We applied the technique of parity-splitting code construction. We show that the lower bound on the size of the finite field for the presented explicit code constructions can be lower than the one given in the work of Kamath et al. Finally, we discuss the importance of having two ways for node repair with locally regenerating HashTag codes: repair only with local parity nodes or repair with both local and global parity nodes. To the best of the authors' knowledge, this is the first work where this duality in repair process is discussed. We give a practical example and experimental results in Hadoop where we show the benefits of having this repair duality.

0 citations0 reviewsNo code linkedOpen access
preprint2016arXiv

Balanced XOR-ed Coding

This paper concerns with the construction of codes over $GF(2)$ which reach the max-flow for single source multicast acyclic networks with delay. The coding is always a bitwise XOR of packets with equal lengths, and is based on highly symmetrical and balanced designs. For certain setups and parameters, our approach offers additional plausible security properties: an adversary needs to eavesdrop at least max-flow links in order to decode at least one original packet.

0 citations0 reviewsNo code linkedOpen access
preprint2016arXiv

Coded Packet Transport for Optical Packet/Burst Switched Networks

This paper presents the Coded Packet Transport (CPT) scheme, a novel transport mechanism for Optical Packet/Burst Switched (OPS/OBS) networks. The CPT scheme exploits the combined benefits of source coding by erasure codes and path diversity to provide efficient means for recovering from packet loss due to contentions and path failures, and to provide non-cryptographic secrecy. In the CPT scheme, erasure coding is employed at the OPS/OBS ingress node to form coded packets, which are transmitted on disjoint paths from the ingress node to an egress node in the network. The CPT scheme allows for a unified view of Quality of Service (QoS) in OPS/OBS networks by linking the interactions between survivability, performance and secrecy. We provide analytical models that illustrate how QoS aspects of CPT are affected by the number of disjoint paths, packet overhead and processing delay.

0 citations0 reviewsNo code linkedOpen access
preprint2016arXiv

Families of Optimal Binary Non-MDS Erasure Codes

We introduce a definition for \emph{Families of Optimal Binary Non-MDS Erasure Codes} for $[n, k]$ codes over $GF(2)$, and propose an algorithm for finding those families by using hill climbing techniques over Balanced XOR codes. Due to the hill climbing search, those families of codes have always better decoding probability than the codes generated in a typical Random Linear Network Coding scenario, i.e., random linear codes. We also show a surprising result that for small values of $k$, the decoding probability of our codes in $GF(2)$ is very close to the decoding probability of the codes obtained by Random Linear Network Coding but in the higher finite field $GF(4)$.

0 citations0 reviewsNo code linkedOpen access
preprint2016arXiv

General Sub-packetized Access-Optimal Regenerating Codes

This paper presents a novel construction of $(n,k,d=n-1)$ access-optimal regenerating codes for an arbitrary sub-packetization level $α$ for exact repair of any systematic node. We refer to these codes as general sub-packetized because we provide an algorithm for constructing codes for any $α$ less than or equal to $r^{\lceil \frac{k}{r} \rceil}$ where $\frac{k}{r}$ is not necessarily an integer. This leads to a flexible construction of codes for different code rates compared to existing approaches. We derive the lower and the upper bound of the repair bandwidth. The repair bandwidth depends on the code parameters and $α$. The repair process of a failed systematic node is linear and highly parallelized, which means that a set of $\lceil \fracα{r} \rceil$ symbols is independently repaired first and used along with the accessed data from other nodes to recover the remaining symbols.

0 citations0 reviewsNo code linkedOpen access
preprint2016arXiv

Minimal Header Overhead for Random Linear Network Coding

The energy used to transmit a single bit of data between the devices in wireless networks is equal to the energy for performing hundreds of instructions in those devices. Thus the reduction of the data necessary to transmit, while keeping the same functionality of the employed algorithms is a formidable and challenging scientific task. We describe an algorithm called Small Set of Allowed Coefficients (SSAC) that produces the shortest header overhead in random linear network coding schemes compared with all other approaches reported in the literature. The header overhead length is 2 to 7 times shorter than the length achieved by related compression techniques. For example, SSAC algorithm compresses the length of the header overhead in a generation of 128 packets to 24 bits, while the closest best result achieved by an algorithm based on error correcting codes has a header overhead length of 84 bits in $GF(16)$ and 224 bits in $GF(256)$. We show that the header length in SSAC does not depend on the size of the finite field where the operations are performed, i.e., it just depends on the number of combined packets $m$.

0 citations0 reviewsNo code linkedOpen access