Jan Janak  List of Publications

Networked systems integrating software with the physical world are known as cyber-physical systems (CPSs). CPSs have been used in diverse sectors, including power generation and distribution, transportation, industrial systems, and building management. The diversity of applications and interdisciplinary nature make CPSs exciting to design and build but challenging to manage once deployed. Deployed CPSs must adapt to changes in the operating environment or the system's architecture, e.g., when outdated or malfunctioning components need to be replaced. Skilled human operators have traditionally performed such adaptations using centralized management protocols. As the CPS grows, management tasks become more complex, tedious, and error-prone.

This dissertation studies management challenges in deployed CPSs. It is based on practical research with CPSs of various sizes and diverse application domains, from the large geographically dispersed electrical grid to small-scale consumer Internet of Things (IoT) systems. We study the management challenges unique to each system and propose network services and protocols specifically designed to reduce the amount of management overhead, drawing inspiration from autonomic systems and networking research.

We first introduce PhoenixSEN, a self-managing ad hoc network designed to restore connectivity in the electrical grid after a large-scale outage. The electrical grid is a large, heterogeneous, geographically dispersed CPS. We analyze the U.S. electrical grid network subsystem, propose an ad hoc network to temporarily replace the network subsystem during a blackout, and discuss the experimental evaluation of the network on a one-of-a-kind physical electrical grid testbed. The novel aspects of PhoenixSEN lie in a combination of existing and new network technologies and manageability by power distribution industry operators.

Motivated by the challenges of running unmodified third-party applications in an ad hoc network like PhoenixSEN, we propose a geographic resource discovery and query processing service for federated CPSs called SenSQL. The service combines a resource discovery protocol inspired by the LoST protocol with a standard SQL-based query interface. SenSQL aims to simplify the development of applications for federated or administratively decoupled autonomous cyber-physical systems without a single administrative or technological point of failure. The SenSQL framework balances control over autonomous cyber-physical devices and their data with service federation, limiting the application's reliance on centralized infrastructures or services.

We conclude the first part of the dissertation by presenting the design and implementation of a testbed for usability experiments with mission-critical voice, a vital communication modality in PhoenixSEN, and during emergency scenarios in general. The testbed can be used to conduct human-subject studies under emulated network conditions to assess the influence of various network parameters on the end-user's quality of experience.

The second dissertation part focuses on network enrollment of IoT devices, a management process that is often complicated, frustrating, and error-prone, particularly in consumer-oriented systems. We motivate the work by reverse-engineering and analyzing Amazon Echo's network enrollment protocol. The Echo is one of the most widely deployed IoT devices and, thus, an excellent case study. We learn that the process is rather complicated and cumbersome.

We then present a systematic study of IoT network enrollment with a focus on consumer IoT devices in advanced deployment scenarios, e.g., third-party installations, shared physical spaces, or evolving IoT systems. We evaluate existing frameworks and their shortcoming and propose WIDE, a network-independent enrollment framework designed to minimize user interactions to enable advanced deployment scenarios. WIDE is designed for large-scale or heterogeneous IoT systems where multiple independent entities cooperate to set the system up. We also discuss the design of a human-subject study to compare and contrast the usability of network enrollment frameworks.

A secure network must authenticate a new device before it can be enrolled. The authentication step usually requires physical device access, which may be impossible in many advanced deployment scenarios, e.g., when IoT devices are installed by a specialist in physically unreachable locations. We propose Lighthouse, a visible-light authentication protocol for physically inaccessible IoT devices. We discuss the protocol's design, develop transmitter and receiver prototypes, and evaluate the system. Our measurements with off-the-shelf components over realistic distances indicate authentication times shorter or comparable with existing methods involving gaining physical access to the device. We also illustrate how the visible-light authentication protocol could be used as another authentication method in other network enrollment frameworks.

With over 20 million units sold since 2015, Amazon Echo, the Alexa-enabled smart speaker developed by Amazon, is probably one of the most widely deployed Internet of Things consumer devices. Despite the very large installed base, surprisingly little is known about the device's network behavior. We modify a first generation Echo device, decrypt its communication with Amazon cloud, and analyze the device pairing, Alexa Voice Service, and drop-in calling protocols. We also describe our methodology and the experimental setup. We find a minor shortcoming in the device pairing protocol and learn that drop-in calls are end-to-end encrypted and based on modern open standards. Overall, we find the Echo to be a well-designed device from the network communication perspective.

When the electrical grid in a region suffers a major outage, e.g., after a catastrophic cyber attack, a "black start" may be required, where the grid is slowly restarted, carefully and incrementally adding generating capacity and demand. To ensure safe and effective black start, the grid control center has to be able to communicate with field personnel and with supervisory control and data acquisition (SCADA) systems. Voice and text communication are particularly critical. As part of the Defense Advanced Research Projects Agency (DARPA) Rapid Attack Detection, Isolation, and Characterization Systems (RADICS) program, we designed, tested and evaluated a self-configuring mesh network prototype called the Phoenix Secure Emergency Network (PhoenixSEN). PhoenixSEN provides a secure drop-in replacement for grid's primary communication networks during black start recovery. The network combines existing and new technologies, can work with a variety of link-layer protocols, emphasizes manageability and auto-configuration, and provides services and applications for coordination of people and devices including voice, text, and SCADA communication. We discuss the architecture of PhoenixSEN and evaluate a prototype on realistic grid infrastructure through a series of DARPA-led exercises.

The COVID-19 pandemic and related restrictions forced many to work, learn, and socialize from home over the internet. There appears to be consensus that internet infrastructure in the developed world handled the resulting traffic surge well. In this paper, we study network measurement data collected by the Federal Communications Commission's Measuring Broadband America program before and during the pandemic in the United States (US). We analyze the data to understand the impact of lockdown orders on the performance of fixed broadband internet infrastructure across the US, and also attempt to correlate internet usage patterns with the changing behavior of users during lockdown. We found the key metrics such as change in data usage to be generally consistent with the literature. Through additional analysis, we found differences between metro and rural areas, changes in weekday, weekend, and hourly internet usage patterns, and indications of network congestion for some users.

The serverless and functions as a service (FaaS) paradigms are currently trending among cloud providers and are now increasingly being applied to the network edge, and to the Internet of Things (IoT) devices. The benefits include reduced latency for communication, less network traffic and increased privacy for data processing. However, there are challenges as IoT devices have limited resources for running multiple simultaneous containerized functions, and also FaaS does not typically support long-running functions. Our implementation utilizes Docker and CRIU for checkpointing and suspending long-running blocking functions. The results show that checkpointing is slightly slower than regular Docker pause, but it saves memory and allows for more long-running functions to be run on an IoT device. Furthermore, the resulting checkpoint files are small, hence they are suitable for live migration and backing up stateful functions, therefore improving availability and reliability of the system.

We argue that the future of Internet of Things (IoT) systems, especially when it comes to privacy and security, lies in distributed IoT applications. Distributed IoT applications implement a model we call “computation follows data”. In this model, application modules are deployed directly on IoT devices that produce sensitive data. Developing such applications is, however, not easy. Based on our own experience, we identify the lack of a rapid prototyping and development environment as the biggest challenge in the development process. In this paper, we describe a framework that aims to help simplify the process. The framework provides a web-based user interface with interactive virtual IO ports and a runtime environment for IoT device emulation. We also describe a network architecture with support for WebRTC-based direct device-to-device connections. The network architecture allows experimentation with an entire network of IoT devices, both emulated and physical.

Container-based clouds have recently received great attention from the industry. However, we notice that this new type of cloud inevitably requires complex network setups and configurations from both providers and customers when deployed on an existing cloud system; Providers need to install additional network elements such as proxy servers and Network Address Translation (NAT), and customers need to use subdomain names and randomly assigned port numbers to access their services. Thus, we propose a new network architecture that performs M-to-N mapping between network addresses and containers in order to simplify the network setup and configuration. To achieve our goals, we adopt a software-defined networking (SDN) approach. We discuss the benefits and use cases of our approach, and present detailed designs and implementation.

The Internet of Things (IoT) enables the physical world to be connected and controlled over the Internet. This paper presents a smart gateway platform that connects everyday objects such as lights, thermometers, and TVs over the Internet. The proposed hardware architecture is implemented on an Arduino platform with a variety of off the shelf home automation technologies such as Zigbee and X10. Using the microcontroller-based platform, the SECE (Sense Everything, Control Everything) system allows users to create various IoT services such as monitoring sensors, controlling actuators, triggering action events, and periodic sensor reporting. We give an overview of the Arduino-based smart gateway architecture and its integration into SECE.

Wireless networking has recently gained tremendous attention in research and education. Since the concepts taught in wireless courses are difficult to acquire only through lectures, hands-on lab experience is indispensable. While Wi-Fi based networking labs have been introduced before, to the best of our knowledge, labs that use a cellular technology have not been designed yet. Therefore, we present a WiMAX hands-on lab designed for a graduate course in wireless and mobile networking. The lab is based on the mobile WiMAX hardware and software developed and deployed within the GENI WiMAX project. We provide a brief overview of the course and of the main concepts taught in the WiMAX lecture. Then, we describe in detail our WiMAX network and the structure of the lab experiment. The effectiveness in achieving the learning objectives is evaluated via the lab reports submitted by the students. Finally, we review some of the lessons we learned during design and implementation of this lab. These can provide important insights to designers of similar labs.

Wireless networking has recently gained tremendous attention in research and education. Since the concepts taught in wireless courses are difficult to acquire only through lectures, hands-on lab experience is indispensable. While Wi-Fi based networking labs have been introduced before, to the best of our knowledge, labs that use a cellular technology have not been designed yet. Therefore, we present a WiMAX hands-on lab designed for a graduate course in wireless and mobile networking. The lab is based on the mobile WiMAX hardware and software developed and deployed within the GENI WiMAX project. We provide a brief overview of the course and of the main concepts taught in the WiMAX lecture. Then, we describe in detail our WiMAX network and the structure of the lab experiment. The effectiveness in achieving the learning objectives is evaluated via the lab reports submitted by the students. Finally, we review some of the lessons we learned during design and implementation of this lab. These can provide important insights to designers of similar labs.

In 1996, Tennenhouse and Wetherall proposed active networks, where users can inject code modules into network nodes. The proposal sparked intense debate and follow-on research, but ultimately failed to win over the networking community. Fifteen years later, the problems that motivated the active networks proposal persist.

We call for a revival of active networks. We present NetServ, a fully integrated active network system that provides all the necessary functionality to be deployable, addressing the core problems that prevented the practical success of earlier approaches.

We make the following contributions. We present a hybrid approach to active networking, which combines the best qualities from the two extreme approaches -- integrated and discrete. We built a working system that strikes the right balance between security and performance by leveraging current technologies. We suggest an economic model based on NetServ between content providers and ISPs. We built four applications to illustrate the model.

We present NetServ, a node architecture for deploying in-network services in the next generation Internet. NetServ-enabled network nodes provide a common execution environment, where network services implemented as modules can be dynamically installed and removed. We demonstrate three such modules. MicroCDN is a dynamic content distribution network (CDN) service which implements a content caching strategy specific to a content provider. The NAT Keep-alive module offloads the processing of keep-alive messages from SIP servers. The Media Relay module allows any NetServ node to act as a media relay, eliminating the need to manage standalone relay servers. NetServ aims to revive the Active Networking vision. It was too far ahead of its time a decade ago, but we believe its time has finally arrived.

GRAND is an experimental extension of Git, a distributed revision control system, which enables the synchronization of Git repositories over Content-Centric Networks (CCN). GRAND brings some of the benefits of CCN to Git, such as transparent caching, load balancing, and the ability to fetch objects by name rather than location. Our implementation is based on CCNx, a reference implementation of content router. The current prototype consists of two components: git-daemon-ccnx allows a node to publish its local Git repositories to CCNx Content Store; git-remote-ccnx implements CCNx transport on the client side. This adds CCN to the set of transport protocols supported by Git, alongside HTTP and SSH.

Eyeball ISPs today are under-utilizing an important asset: edge routers. We present NetServ, a programmable node architecture aimed at turning edge routers into distributed service hosting platforms. This allows ISPs to allocate router resources to content publishers and application service providers motivated to deploy content and services at the network edge. This model provides important benefits over currently available solutions like CDN. Content and services can be brought closer to end users by dynamically installing and removing custom modules as needed throughout the network. Unlike previous programmable router proposals which focused on customizing features of a router, NetServ focuses on deploying content and services. All our design decisions reflect this change in focus. We set three main design goals: a wide-area deployment, a multi-user execution environment, and a clear economic benefit. We built a prototype using Linux, NSIS signaling, and the Java OSGi framework. We also implemented four prototype applications: ActiveCDN provides publisher-specific content distribution and processing; KeepAlive Responder and Media Relay reduce the infrastructure needs of telephony providers; and Overload Control makes it possible to deploy more flexible algorithms to handle excessive traffic.

With constantly increasing costs of energy, we ask ourselves what we can say about the energy efficiency of existing VoIP systems. To answer that question, we gather information about the existing client-server and peer-to-peer VoIP systems, build energy models for these systems, and evaluate their power consumption and relative energy efficiency through analysis and a series of experiments. Contrary to the recent work on energy efficiency of peer-to-peer systems, we find that even with efficient peers a peer-to-peer architecture can be less energy efficient than a client-server architecture. We also find that the presence of NATs in the network is a major obstacle in building energy efficient VoIP systems. We then provide a number of recommendations for making VoIP systems more energy efficient.

Eyeball ISPs today are under-utilizing an important asset: edge routers. We present NetServ, a programmable node architecture aimed at turning edge routers into service hosting platforms. This allows ISPs to allocate router resources to content publishers and application service providers motivated to deploy content and services at the network edge. Unlike previous programmable router proposals which focused on customizing features of a router, NetServ focuses on deploying content and services across ownership boundaries. All our design decisions reflect this change in focus. We set three main design goals: a wide-area deployment, a multi-user execution environment, and a clear economic incentive. Towards these goals, our prototype uses NSIS signaling for deployment, runs application modules in isolated user space containers, and includes four sample applications demonstrating economic benefits.

Performance of SIP servers doesn't seem to gain much focus. Developers usually focus on implementation of new features that not standardized yet. Our goal was to develop a high performance SIP server that will be flexible and efficient. Result is the SIP Express Router, fast and efficient SIP proxy server. We briefly describe basics of SIP, then we describe architecture of the server and performance optimizations. Finally we present an overview of bottlenecks in the SIP protocol that make the performance tuning much harder.

The session initiation protocol (SIP) is constantly gaining in popularity and acceptance as the signaling protocol for next generation multimedia communication. This paper describes a scalable and reliable open source SIP platform called the SIP Express Router (SER). SER does not only support basic SIP features but also advanced features such as messaging and presence, translation between SIP and SMS or Jabber as well as full featured application programming interfaces. In this paper we will describe the architecture of SER, its different features and technical specifications.