BibTeX for papers by David Kotz; for complete/updated list see https://www.cs.dartmouth.edu/~kotz/research/papers.html @InProceedings{zegeye:icnet25, author = {Wondimu K. Zegeye and Ravindra Mangar and Jingyu Qian and Vinton Morris and Mounib Khanafer and Kevin Kornegay and Timothy J. Pierson and David Kotz}, title = {{Comparing smart-home devices that use the Matter protocol}}, booktitle = {{Proceedings of the International Workshop on Intelligent Communication Network Technologies (ICNET'25)}}, year = 2025, month = {January}, publisher = {IEEE}, copyright = {IEEE}, URL = {https://www.cs.dartmouth.edu/~kotz/research/zegeye-icnet25/index.html}, note = {Accepted for publication}, abstract = {This paper analyzes Google Home, Apple HomeKit, Samsung SmartThings, and Amazon Alexa platforms, focusing on their integration with the Matter protocol. Matter is a connectivity standard developed by the Connectivity Standards Alliance (CSA) for the smart-home industry. By examining key features and qualitative metrics, this study aims to provide valuable insights for consumers and industry professionals in making informed decisions about smart-home devices. We conducted (from May to August 2024) a comparative analysis to explore how Google Home Nest, Apple Homepod Mini, Samsung SmartThings station, and Amazon Echo Dot platforms leverage the power of Matter to provide seamless and integrated smart-home experiences.}, } @InProceedings{arguello:battery, author = {Cesar Arguello and Beatrice Perez and Timothy J. Pierson and David Kotz}, title = {{Detecting Battery Cells with Harmonic Radar}}, booktitle = {{Proceedings of the ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec)}}, year = 2024, month = {May}, pages = {231--236}, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/3643833.3656137}, URL = {https://www.cs.dartmouth.edu/~kotz/research/arguello-battery/index.html}, abstract = {Harmonic radar systems have been shown to be an effective method for detecting the presence of electronic devices, even if the devices are powered off. Prior work has focused on detecting specific non-linear electrical components (such as transistors and diodes) that are present in any electronic device. In this paper we show that harmonic radar is also capable of detecting the presence of batteries. We tested a proof-of-concept system on Alkaline, NiMH, Li-ion, and Li-metal batteries. With the exception of Li-metal coin cells, the prototype harmonic radar detected the presence of batteries in our experiments with 100\% accuracy.}, } @Article{camacho:networkmetrics-j, author = {Jos{\'{e}} Camacho and Katarzyna Wasielewska and Rasmus Bro and David Kotz}, title = {{Interpretable Learning in Multivariate Big Data Analysis for Network Monitoring}}, journal = {IEEE Transactions on Network and Service Management}, year = 2024, month = {June}, volume = 21, number = 3, pages = {2926--2943}, publisher = {IEEE}, copyright = {IEEE (open access)}, DOI = {10.1109/TNSM.2024.3368501}, URL = {https://www.cs.dartmouth.edu/~kotz/research/camacho-networkmetrics-j/index.html}, abstract = {There is an increasing interest in the development of new data-driven models useful to assess the performance of communication networks. For many applications, like network monitoring and troubleshooting, a data model is of little use if it cannot be interpreted by a human operator. In this paper, we present an extension of the Multivariate Big Data Analysis (MBDA) methodology, a recently proposed interpretable data analysis tool. In this extension, we propose a solution to the automatic derivation of features, a cornerstone step for the application of MBDA when the amount of data is massive. The resulting network monitoring approach allows us to detect and diagnose disparate network anomalies, with a data-analysis workflow that combines the advantages of interpretable and interactive models with the power of parallel processing. We apply the extended MBDA to two case studies: UGR'16, a benchmark flow-based real-traffic dataset for anomaly detection, and Dartmouth'18, the longest and largest Wi-Fi trace known to date.}, } @InProceedings{he:ci-survey, author = { Weijia He and Nathan Reitinger and Atheer Almogbil and Yi-Shyuan Chiang and Timothy J. Pierson and David Kotz }, title = {{Contextualizing Interpersonal Data Sharing in Smart Homes}}, booktitle = {{Proceedings of the Privacy Enhancing Technologies Symposium (PETS)}}, year = 2024, month = {July}, volume = 2024, number = 2, pages = {295--312}, copyright = {Creative Commons Attribution 4.0}, DOI = {10.56553/popets-2024-0051}, URL = {https://www.cs.dartmouth.edu/~kotz/research/he-ci-survey/index.html}, abstract = { A key feature of smart home devices is monitoring the environment and recording data. These devices provide security via motion-detection video alerts, cost-savings via thermostat usage history, and peace of mind via functions like auto-locking doors or water leak detectors. At the same time, the sharing of this information in interpersonal relationships---though necessary---is currently accomplished on an all-or-nothing basis. This can easily lead to oversharing in a multi-user environment. Although prior work has studied people's perceptions of information sharing with vendors or ISPs, the sharing of household data among users who interact personally is less well understood. Interpersonal situations make data sharing much more context-based and, thus, more complicated. In this paper, we use themes from the theory of contextual integrity in an online survey (n{$=$}1,992) to study how people perceive data sharing with others in smart homes and inform future designs and research. Our results show that data recipients in a smart home can be reduced to three major groups, and data types matter more than device types. We also found that the types of access control desired by users can vary from scenario to scenario. Depending on whom they are sharing data with and about what data, participants expressed varying levels of comfort when presented with different types of access control (e.g., explicit approval versus time-limited access). Taken together, this provides strong evidence that a more dynamic access control system is needed, and we can design it in a more usable way.}, } @InProceedings{jois:sigcse, author = {Tushar Jois and Tina Pavlovich and Brigid McCarron and David Kotz and Timothy Pierson}, title = {{Smart Use of Smart Devices in Your Home: A Smart Home Security and Privacy Workshop for the General Public}}, booktitle = {{Proceedings of the ACM Technical Symposium on Computer Science Education (SIGCSE)}}, year = 2024, month = {March}, pages = {611--617}, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/3626252.3630925}, URL = {https://www.cs.dartmouth.edu/~kotz/research/jois-sigcse/index.html}, abstract = {With 'smart' technology becoming more prevalent in homes, computing is increasingly embedded into everyday life. The benefits are well-advertised, but the risks associated with these technologies are not as clearly articulated. We aim to address this gap by educating community members on some of these risks, and providing actionable advice to mitigate risks. To this end, we describe our efforts to design and implement a hands-on workshop for the public on smart-home security and privacy. \par Our workshop curriculum centers on the smart-home device lifecycle: obtaining, installing, using, and removing devices in a home. For each phase of the lifecycle, we present possible vulnerabilities along with preventative measures relevant to a general audience. We integrate a hands-on activity for participants to put best-practices into action throughout the presentation. \par We ran our designed workshop at a science museum in June 2023, and used participant surveys to evaluate the effectiveness of our curriculum. Prior to the workshop, 38.8\% of survey responses did not meet learning objectives, 22.4\% partially met them, and 38.8\% fully met them. After the workshop, only 9.2\% of responses did not meet learning objectives, while 29.6\% partially met them and 61.2\% fully met them. Our experience shows that consumer-focused workshops can aid in bridging information gaps and are a promising form of outreach.}, } @InProceedings{khanafer:discovery, author = {Mounib Khanafer and Logan Kostick and Chixiang Wang and Wondimu Zegeye and Weijia He and Berkay Kaplan and Nurzaman Ahmed and Kevin Kornegay and David Kotz and Timothy Pierson}, title = {{Device Discovery in the Smart Home Environment}}, booktitle = {{Proceedings of the IEEE/ACM Workshop on the Internet of Safe Things (SafeThings)}}, year = 2024, month = {May}, pages = {298--304}, publisher = {IEEE}, copyright = {IEEE}, DOI = {10.1109/SPW63631.2024.10705647}, URL = {https://www.cs.dartmouth.edu/~kotz/research/khanafer-discovery/index.html}, abstract = {With the availability of Internet of Things (IoT) devices offering varied services, smart home environments have seen widespread adoption in the last two decades. Protecting privacy in these environments becomes an important problem because IoT devices may collect information about the home's occupants without their knowledge or consent. Furthermore, a large number of devices in the home, each collecting small amounts of data, may, in aggregate, reveal non-obvious attributes about the home occupants. A first step towards addressing privacy is discovering what devices are present in the home. In this paper, we formally define device discovery in smart homes and identify the features that constitute discovery in that environment. Then, we propose an evaluative rubric that rates smart home technology initiatives on their device discovery capabilities and use it to evaluate four commonly deployed technologies. We find none cover all device discovery aspects. We conclude by proposing a combined technology solution that provides comprehensive device discovery tailored to smart homes.}, } @Article{mangar:framework, author = {Ravindra Mangar and Timothy J. Pierson and David Kotz}, title = {{A framework for evaluating the security and privacy of smart-home devices, and its application to common platforms}}, journal = {IEEE Pervasive Computing}, year = 2024, month = {July}, volume = 23, number = 3, pages = {7--19}, publisher = {IEEE}, copyright = {the authors}, DOI = {10.1109/MPRV.2024.3421668}, URL = {https://www.cs.dartmouth.edu/~kotz/research/mangar-framework/index.html}, abstract = {In this article, we outline the challenges associated with the widespread adoption of smart devices in homes. These challenges are primarily driven by scale and device heterogeneity: a home may soon include dozens or hundreds of devices, across many device types, and may include multiple residents and other stakeholders. We develop a framework for reasoning about these challenges based on the deployment, operation, and decommissioning life cycle stages of smart devices within a smart home. We evaluate the challenges in each stage using the well-known CIA triad---Confidentiality, Integrity, and Availability. In addition, we highlight open research questions at each stage. Further, we evaluate solutions from Apple and Google using our framework and find notable shortcomings in these products. Finally, we sketch some preliminary thoughts on a solution for the smart home of the near future.}, } @InProceedings{mangar:testbed, author = {Ravindra Mangar and Jingyu Qian and Wondimu Zegeye and Mounib Khanafer and Abdulrahman AlRabah and Ben Civjan and Shalni Sundram and Sam Yuan and Carl Gunter and Kevin Kornegay and Timothy J. Pierson and David Kotz}, title = {{Designing and Evaluating a Testbed for the Matter Protocol: Insights into User Experience}}, booktitle = {{Proceedings of the NDSS Workshop on Security and Privacy in Standardized IoT (SDIoTSec)}}, year = 2024, month = {February}, publisher = {NDSS}, copyright = {the authors}, DOI = {10.14722/sdiotsec.2024.23012}, URL = {https://www.cs.dartmouth.edu/~kotz/research/mangar-testbed/index.html}, note = {Distinguished Paper Award}, abstract = {As the integration of smart devices into our daily environment accelerates, the vision of a fully integrated smart home is becoming more achievable through standards such as the Matter protocol. In response, this research paper explores the use of Matter in addressing the heterogeneity and interoperability problems of smart homes. We built a testbed and introduce a network utility device, designed to sniff network traffic and provide a wireless access point within IoT networks. This paper also presents experience of students using the testbed in an academic scenario.}, } @InProceedings{mishra:wellcomp, author = {Varun Mishra and Sarah Hong and David Kotz}, title = {{Exploring the Relationship Between Intrinsic Motivation and Receptivity to mHealth Interventions}}, booktitle = {{Proceedings of UbiComp Workshop on Computing for Well-being (WellComp)}}, year = 2024, month = {October}, pages = {437--443}, publisher = {ACM}, copyright = {the authors}, DOI = {10.1145/3675094.3678498}, URL = {https://www.cs.dartmouth.edu/~kotz/research/mishra-wellcomp/index.html}, abstract = {Just-in-Time Adaptive Interventions aim to deliver the right type and amount of support at the right time. This involves determining a user's state of receptivity - the degree to which a user is willing to accept, process, and use the intervention. Although past work has found that users are more receptive to notifications they view as useful, there is no existing research on whether users' intrinsic motivation for the underlying topic of mHealth interventions affects their receptivity. To explore this, we conducted a study with 20 participants over three weeks, where participants interacted with a chatbot-based digital coach to receive interventions about mental health, COVID-19, physical activity, and diet \& nutrition. We found that significant differences in mean intrinsic motivation scores across topics were not associated with differences in mean receptivity metrics across topics. However, we discovered positive relationships between intrinsic motivation measures and receptivity for interventions about a topic.}, } @Article{pierson:inspector, author = {Timothy J. Pierson and Cesar Arguello and Beatrice Perez and Wondimu Zegeye and Kevin Kornegay and Carl Gunter and David Kotz}, title = {{We need a ``building inspector for IoT'' when smart homes are sold}}, journal = {IEEE Security \& Privacy}, year = 2024, month = {Nov-Dec.}, volume = 22, number = 6, pages = {75--84}, publisher = {IEEE}, copyright = {Open access}, DOI = {10.1109/MSEC.2024.3386467}, URL = {https://www.cs.dartmouth.edu/~kotz/research/pierson-inspector/index.html}, abstract = {Internet of Things (IoT) devices left behind when a home is sold create security and privacy concerns for both prior and new residents. We envision a specialized ``building inspector for IoT'' to help securely facilitate transfer of the home.}, } @Article{wang:insideout, author = {Chixiang Wang and Weijia He and Timothy Pierson and David Kotz}, title = {{Moat: Adaptive Inside/Outside Detection System for Smart Homes}}, journal = {Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies (IMWUT)}, year = 2024, month = {September}, volume = 8, number = 4, articleno = 157, numpages = 31, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/3699751}, URL = {https://www.cs.dartmouth.edu/~kotz/research/wang-insideout/index.html}, abstract = {Smart-home technology is now pervasive, demanding increased attention to the security of the devices and the privacy of the home's residents. To assist residents in making security and privacy decisions - e.g., whether to allow a new device to connect to the network, or whether to be alarmed when an unknown device is discovered - it helps to know whether the device is inside the home, or outside. \par In this paper we present MOAT, a system that leverages Wi-Fi sniffers to analyze the physical properties of a device's wireless transmissions to infer whether that device is located inside or outside of a home. MOAT can adaptively self-update to accommodate changes in the home indoor environment to ensure robust long-term performance. Notably, MOAT does not require prior knowledge of the home's layout or cooperation from target devices, and is easy to install and configure. \par We evaluated MOAT in four different homes with 21 diverse commercial smart devices and achieved an overall balanced accuracy rate of up to 95.6\%. Our novel periodic adaptation technique allowed our approach to maintain high accuracy even after rearranging furniture in the home. MOAT is a practical and efficient first step for monitoring and managing devices in a smart home. }, } @InProceedings{wang:onboarding, author = {Chixiang Wang and Liam Cassidy and Weijia He and Timothy J. Pierson and David Kotz}, title = {{Challenges and opportunities in onboarding smart-home devices}}, booktitle = {{Proceedings of the International Workshop on Mobile Computing Systems and Applications (HotMobile)}}, year = 2024, month = {February}, pages = {60--65}, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/3638550.3641137}, URL = {https://www.cs.dartmouth.edu/~kotz/research/wang-onboarding/index.html}, abstract = {Smart-home devices have become integral to daily routines, but their onboarding procedures - setting up a newly acquired smart device into operational mode - remain understudied. The heterogeneity of smart-home devices and their onboarding procedure can easily overwhelm users when they scale up their smart-home system. While Matter, the new IoT standard, aims to unify the smart-home ecosystem, it is still evolving, resulting in mixed compliance among devices. In this paper, we study the complexity of device onboarding from users' perspectives. We thus performed cognitive walkthroughs on 12 commercially available smart-home devices, documenting the commonality and distinctions of the onboarding process across these devices. We found that onboarding smart home devices can often be tedious and confusing. Users must devote significant time to creating an account, searching for the target device, and providing Wi-Fi credentials for each device they install. Matter-compatible devices are supposedly easier to manage, as they can be registered through one single hub independent of the vendor. Unfortunately, we found such a statement is not always true. Some devices still need their own companion apps and accounts to fully function. Based on our observations, we give recommendations about how to support a more user-friendly onboarding process.}, } @Misc{perez:scanner-patent, author = {Beatrice Perez and Timothy Pierson and Gregory Mazzaro and David Kotz}, title = {{Harmonic Radar Scanner for Electronics}}, howpublished = {Patent Application 18/749,826, published as US2024/0426974}, year = 2024, month = {December}, day = 26, URL = {https://www.cs.dartmouth.edu/~kotz/research/perez-scanner-patent/index.html}, note = {Priority date 6/21/23; filed 6/21/24; published 12/26/24}, abstract = {A harmonic radar system for detecting an electronic device includes a signal generator for generating one or more transmit radio frequency (RF) signals, a transmitting antenna for sending the transmit RF signals into an environment, a receiving antenna for receiving signals reflected or re-radiated by the electronic device in the environment in response to the transmit RF signals, and a spectrum analyzer for identifying a harmonic frequency of the transmit RF signals in the filtered signals.}, } @Misc{pierson:snap-patent, author = {Timothy J. Pierson and Ronald Peterson and David F. Kotz}, title = {{System and method for proximity detection with single-antenna device}}, howpublished = {U.S. Patent 11,871,233; International Patent Application WO2019210201A1}, year = 2024, month = {January}, day = 9, URL = {https://www.cs.dartmouth.edu/~kotz/research/pierson-snap-patent/index.html}, note = {Priority date 2018-04-27; Filed 2019-04-26; Published 2021-07-29, Issued 2024-01-09}, abstract = {A single-antenna device includes a single antenna, at least one processor, and at least one memory. The single-antenna device is operable to receive a signal including at least one frame. Each of said frame includes a repeating portion. The single-antenna device determines a difference of phase and amplitude of the repeating portion and further determines whether the signal is transmitted from a trusted source based at least in part on the difference of phase and amplitude of the repeating portion.}, } @Misc{pierson:closetalker-patent2, author = {Timothy J. Pierson and Ronald Peterson and David Kotz}, title = {{Apparatuses, Methods, and Software For Secure Short-Range Wireless Communication}}, howpublished = {U.S. Patent 11,894,920}, year = 2024, month = {February}, day = 6, URL = {https://www.cs.dartmouth.edu/~kotz/research/pierson-closetalker-patent2/index.html}, note = {Priority date 2017-09-06; WO Filed 2018-09-06, US Filed 2020-02-26, Continuation of 11,153,026; Issued 2024-02-06}, abstract = {Apparatuses that provide for secure wireless communications between wireless devices under cover of one or more jamming signals. Each such apparatus includes at least one data antenna and at least one jamming antenna. During secure-communications operations, the apparatus transmits a data signal containing desired data via the at least one data antenna while also at least partially simultaneously transmitting a jamming signal via the at least one jamming antenna. When a target antenna of a target device is in close proximity to the data antenna and is closer to the data antenna than to the jamming antenna, the target device can successfully receive the desired data contained in the data signal because the data signal is sufficiently stronger than the jamming signal within a finite secure-communications envelope due to the Inverse Square Law of signal propagation. Various related methods and machine-executable instructions are also disclosed.}, } @TechReport{camacho:networkmetrics-tr2, author = {Jos{\'{e}} Camacho and Rasmus Bro and David Kotz}, title = {{Interpretable Learning in Multivariate Big Data Analysis for Network Monitoring}}, institution = {arXiv}, year = 2023, month = {April}, number = {1907.02677}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/camacho-networkmetrics-tr2/index.html}, abstract = {There is an increasing interest in the development of new data-driven models useful to assess the performance of communication networks. For many applications, like network monitoring and troubleshooting, a data model is of little use if it cannot be interpreted by a human operator. In this paper, we present an extension of the Multivariate Big Data Analysis (MBDA) methodology, a recently proposed interpretable data analysis tool. In this extension, we propose a solution to the automatic derivation of features, a cornerstone step for the application of MBDA when the amount of data is massive. The resulting network monitoring approach allows us to detect and diagnose disparate network anomalies, with a data-analysis workflow that combines the advantages of interpretable and interactive models with the power of parallel processing. We apply the extended MBDA to two case studies: UGR'16, a benchmark flow-based real-traffic dataset for anomaly detection, and Dartmouth'18, the longest and largest Wi-Fi trace known to date.}, } @Article{campbell:engagement, author = {Cynthia I. Campbell and Ching-Hua Chen and Sara R. Adams and Asma Asyyed and Ninad R. Athale and Monique B. Does and Saeed Hassanpour and Emily Hichborn and Melanie Jackson-Morris and Nicholas C. Jacobson and Heather K. Jones and David Kotz and Chantal A. Lambert-Harris and Zhiguo Li and Bethany McLeman and Varun Mishra and Catherine Stanger and Geetha Subramaniam and Weiyi Wu and Christopher Zegers and Lisa A. Marsch}, title = {{Patient Engagement in a Multimodal Digital Phenotyping Study of Opioid Use Disorder}}, journal = {Journal of Medical Internet Research (JMIR)}, year = 2023, month = {June}, volume = 25, articleno = {e45556}, numpages = 14, publisher = {JMIR Publications}, copyright = {the authors}, DOI = {10.2196/45556}, PMID = 37310787, URL = {https://www.cs.dartmouth.edu/~kotz/research/campbell-engagement/index.html}, abstract = { \emph{Background:} Multiple digital data sources can capture moment-to-moment information to advance a robust understanding of opioid use disorder (OUD) behavior, ultimately creating a digital phenotype for each patient. This information can lead to individualized interventions to improve treatment for OUD. \par \emph{Objective:} The aim is to examine patient engagement with multiple digital phenotyping methods among patients receiving buprenorphine medication for OUD. \par \emph{Methods:} The study enrolled 65 patients receiving buprenorphine for OUD between June 2020 and January 2021 from 4 addiction medicine programs in an integrated health care delivery system in Northern California. Ecological momentary assessment (EMA), sensor data, and social media data were collected by smartphone, smartwatch, and social media platforms over a 12-week period. Primary engagement outcomes were meeting measures of minimum phone carry ({$\geq$}8 hours per day) and watch wear ({$\geq$}18 hours per day) criteria, EMA response rates, social media consent rate, and data sparsity. Descriptive analyses, bivariate, and trend tests were performed. \par \emph{Results:} The participants' average age was 37 years, 47\% of them were female, and 71\% of them were White. On average, participants met phone carrying criteria on 94\% of study days, met watch wearing criteria on 74\% of days, and wore the watch to sleep on 77\% of days. The mean EMA response rate was 70\%, declining from 83\% to 56\% from week 1 to week 12. Among participants with social media accounts, 88\% of them consented to providing data; of them, 55\% of Facebook, 54\% of Instagram, and 57\% of Twitter participants provided data. The amount of social media data available varied widely across participants. No differences by age, sex, race, or ethnicity were observed for any outcomes. \par \emph{Conclusions:} To our knowledge, this is the first study to capture these 3 digital data sources in this clinical population. Our findings demonstrate that patients receiving buprenorphine treatment for OUD had generally high engagement with multiple digital phenotyping data sources, but this was more limited for the social media data. \par \emph{International Registered Report Identifier (IRRID):} RR2-10.3389/fpsyt.2022.871916 }, } @Article{mishra:receptivity-highlight, author = {Varun Mishra and Florian K{\"{u}}nzler and Jan-Niklas Kramer and Elgar Fleisch and Tobias Kowatsch and David Kotz}, title = {{Detecting Receptivity for mHealth Interventions in the Natural Environment}}, journal = {GetMobile}, year = 2023, month = {June}, volume = 27, number = 2, pages = {23--28}, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/3614214.3614221}, URL = {https://www.cs.dartmouth.edu/~kotz/research/mishra-receptivity-highlight/index.html}, abstract = { Just-In-Time Adaptive Interventions (JITAI) have the potential to provide effective support for health behavior by delivering the right type and amount of intervention at the right time. The timing of interventions is crucial to ensure that users are receptive and able to use the support provided. Previous research has explored the association of context and user-specific traits on receptivity and built machine-learning models to detect receptivity after the study was completed. However, for effective intervention delivery, JITAI systems need to make in-the-moment decisions about a user's receptivity. In this study, we deployed machinelearning models in a chatbot-based digital coach to predict receptivity for physical-activity interventions. We included a static model that was built before the study and an adaptive model that continuously updated itself during the study. Compared to a control model that sent intervention messages randomly, the machine-learning models improved receptivity by up to 36\%. Receptivity to messages from the adaptive model increased over time.}, } @InProceedings{perez:identification, author = {Beatrice Perez and Timothy J. Pierson and Gregory Mazzaro and David Kotz}, title = {{Identification and Classification of Electronic Devices Using Harmonic Radar}}, booktitle = {{Proceedings of the Distributed Computing in Smart Systems and the Internet of Things (DCOSS-IoT)}}, year = 2023, month = {June}, pages = {248--255}, publisher = {IEEE}, copyright = {IEEE}, DOI = {10.1109/DCOSS-IoT58021.2023.00050}, URL = {https://www.cs.dartmouth.edu/~kotz/research/perez-identification/index.html}, abstract = { Smart home electronic devices invisibly collect, process, and exchange information with each other and with remote services, often without a home occupants' knowledge or consent. These devices may be mobile or fixed and may have wireless or wired network connections. Detecting and identifying all devices present in a home is a necessary first step to control the flow of data, but there exists no universal mechanism to detect and identify all electronic devices in a space. In this paper we present ICED (Identification and Classification of Electronic Devices), a system that can (i) identify devices from a known set of devices, and (ii) detect the presence of previously unseen devices. ICED, based on harmonic radar technology, collects measurements at the first harmonic of the radar's transmit frequency. We find that the harmonic response contains enough information to infer the type of device. It works when the device has no wireless network interface, is powered off, or attempts to evade detection. We evaluate performance on a collection of 17 devices and find that by transmitting a range of frequencies we correctly identify known devices with 97.6\% accuracy and identify previously unseen devices as `unknown' with 69.0\% balanced accuracy.}, } @InProceedings{perez:range, author = {Beatrice Perez and Cesar Arguello and Timothy J. Pierson and Gregory Mazzaro and David Kotz}, title = {{Evaluating the practical range of harmonic radar to detect smart electronics}}, booktitle = {{Proceedings of the IEEE Military Communications Conference (MILCOM)}}, year = 2023, month = {October}, pages = {528--535}, publisher = {IEEE}, copyright = {IEEE}, DOI = {10.1109/MILCOM58377.2023.10356371}, URL = {https://www.cs.dartmouth.edu/~kotz/research/perez-range/index.html}, abstract = {Prior research has found that harmonic radar systems are able to detect the presence of electronic devices, even if the devices are powered off. These systems could be a powerful tool to help mitigate privacy invasions. For example, in a rental property devices such as cameras or microphones may be surreptitiously placed by a landlord to monitor renters without their knowledge or consent. A mobile harmonic radar system may be able to quickly scan the property and locate all electronic devices. The effective range of these systems for detecting consumer-grade electronics, however, has not been quantified. We address that shortcoming in this paper and evaluate a prototype harmonic radar system. We find the system, a variation of what has been proposed in the literature, is able to reliably detect some devices at a range of about two meters. We discuss the effect of hardware on the range of detection and propose an algorithm for automated detection.}, } @Misc{pierson:wanda-patent2, author = {Timothy J. Pierson and Xiaohui Liang and Ronald Peterson and David Kotz}, title = {{Apparatus for securely configuring a target device}}, howpublished = {U.S. Patent 11,683,071}, year = 2023, month = {June}, day = 20, URL = {https://www.cs.dartmouth.edu/~kotz/research/pierson-wanda-patent2/index.html}, note = {Continuation of U.S. Patent 10,574,298. Priority date 2015-06-23; Filed 2020-01-20; Allowed 2023-02-10; Issued 2023-06-20}, abstract = {Apparatus and method securely transfer first data from a source device to a target device. A wireless signal having (a) a higher speed channel conveying second data and (b) a lower speed channel conveying the first data is transmitted. The lower speed channel is formed by selectively transmitting the wireless signal from one of a first and second antennae of the source device based upon the first data. The first and second antenna are positioned a fixed distance apart and the target device uses a received signal strength indication (RSSI) of the first signal to decode the lower speed channel and receive the first data.}, } @Misc{mare:saw-patent, author = {Shrirang Mare and David Kotz and Ronald Peterson}, title = {{Effortless authentication for desktop computers using wrist wearable tokens}}, howpublished = {U.S. Patent 11,574,039}, year = 2023, month = {February}, day = 7, URL = {https://www.cs.dartmouth.edu/~kotz/research/mare-saw-patent/index.html}, note = {Priority date 2018-07-20; International application Filed 2019-07-19; National stage Filed 2021-01-20; Issued 2023-02-07}, abstract = {A system and method for authenticating users of a digital device includes an authentication device attached to an authorized user. The authentication device includes one or more motion sensors and acts as a user identity token. To authenticate with a digital device, the user performs one or more interactions with the digital device using the hand associated with the authentication device. The digital device correlates the inputs received due to the interactions with the user's hand and/or wrist movement, as measured by the authentication device. Access to the digital device is allowed if the inputs and movements are correlated.}, } @InProceedings{bi:vision, author = {Shengjie Bi and David Kotz}, title = {{Eating detection with a head-mounted video camera}}, booktitle = {{Proceedings of the IEEE International Conference on Healthcare Informatics}}, year = 2022, month = {June}, pages = {60--66}, publisher = {IEEE}, copyright = {IEEE}, DOI = {10.1109/ICHI54592.2022.00021}, URL = {https://www.cs.dartmouth.edu/~kotz/research/bi-vision/index.html}, abstract = {In this paper, we present a computer-vision based approach to detect eating. Specifically, our goal is to develop a wearable system that is effective and robust enough to automatically detect when people eat, and for how long. We collected video from a cap-mounted camera on 10 participants for about 55 hours in free-living conditions. We evaluated performance of eating detection with four different Convolutional Neural Network (CNN) models. The best model achieved accuracy 90.9\% and F1 score 78.7\% for eating detection with a 1-minute resolution. We also discuss the resources needed to deploy a 3D CNN model in wearable or mobile platforms, in terms of computation, memory, and power. We believe this paper is the first work to experiment with video-based (rather than image-based) eating detection in free-living scenarios.}, } @InProceedings{hardin:amanuensis2, author = {Taylor Hardin and David Kotz}, title = {{Amanuensis: provenance, privacy, and permission in TEE-enabled blockchain data systems}}, booktitle = {{Proceedings of the IEEE International Conference on Distributed Computing Systems}}, year = 2022, month = {July}, pages = {144--156}, publisher = {IEEE}, copyright = {IEEE}, DOI = {10.1109/ICDCS54860.2022.00023}, URL = {https://www.cs.dartmouth.edu/~kotz/research/hardin-amanuensis2/index.html}, abstract = { Blockchain technology is heralded for its ability to provide transparent and immutable audit trails for data shared among semi-trusted parties. With the addition of smart contracts, blockchains can track and verify arbitrary computations -- which enables blockchain users to verify the provenance of information derived from data through the blockchain. This provenance comes at the cost of data confidentiality and user privacy, however, which is unacceptable for many sensitive applications. The need for verifiable yet confidential data sharing and computation has led some to add trusted execution environment (TEE) hardware to blockchain platforms. By moving sensitive operations (e.g., data decryption and analysis) off of the blockchain and into a TEE, they get both the confidentiality of TEEs and the transparency of blockchains without the need to completely trust any one party in the data-sharing ecosystem.In this paper, we build on our TEE-enabled blockchain data-sharing system, Amanuensis, to ensure the freshness of access-control lists shared between the blockchain and TEE, and to improve the privacy of users interacting within the system. We also detail how TEE-based remote attestation help us to achieve information provenance -- specifically, how to achieve information provenance in the context of the Intel SGX trusted execution environment. Finally, we present an evaluation of our system, in which we test several real-world machine-learning applications (logistic regression, kNN, SVM) to determine the run-time overhead of information confidentiality and provenance. Each machine-learning program exhibited a slowdown between 1.1 and 2.8x when run inside of our confidential environment, and took an average of 59 milliseconds to verify the provenance of an input data set.}, } @Article{liang:vas, author = {Xiaohui Liang and John A. Batsis and Youxiang Zhu and Tiffany M. Driesse and Robert M. Roth and David Kotz and Brian MacWhinney}, title = {{Evaluating Voice-Assistant Commands for Dementia Detection}}, journal = {Computer Speech and Language}, year = 2022, month = {March}, volume = 72, articleno = 101297, numpages = 13, publisher = {Elsevier}, copyright = {Elsevier}, DOI = {10.1016/j.csl.2021.101297}, URL = {https://www.cs.dartmouth.edu/~kotz/research/liang-vas/index.html}, note = {Special Issue on Speech Based Evaluation of Neurological Diseases}, abstract = {Early detection of cognitive decline involved in Alzheimer's Disease and Related Dementias (ADRD) in older adults living alone is essential for developing, planning, and initiating interventions and support systems to improve users' everyday function and quality of life. In this paper, we explore the voice commands using a Voice-Assistant System (VAS), i.e., Amazon Alexa, from 40 older adults who were either Healthy Control (HC) participants or Mild Cognitive Impairment (MCI) participants, age 65 or older. We evaluated the data collected from voice commands, cognitive assessments, and interviews and surveys using a structured protocol. We extracted 163 unique command-relevant features from each participant's use of the VAS. We then built machine-learning models including 1-layer/2-layer neural networks, support vector machines, decision tree, and random forest, for classification and comparison with standard cognitive assessment scores, e.g., Montreal Cognitive Assessment (MoCA). Our classification models using fusion features achieved an accuracy of 68\%, and our regression model resulted in a Root-Mean-Square Error (RMSE) score of 3.53. Our Decision Tree (DT) and Random Forest (RF) models using selected features achieved higher classification accuracy 80\%--90\%. Finally, we analyzed the contribution of each feature set to the model output, thus revealing the commands and features most useful in inferring the participants' cognitive status. We found that features of overall performance, features of music-related commands, features of call-related commands, and features from Automatic Speech Recognition (ASR) were the top-four feature sets most impactful on inference accuracy. The results from this controlled study demonstrate the promise of future home-based cognitive assessments using Voice-Assistant Systems.}, } @Article{odame:chewing, author = {Kofi Odame and Maria Nyamukuru and Mohsen Shahghasemi and Shengjie Bi and David Kotz}, title = {{Analog Gated Recurrent Neural Network for Detecting Chewing Events}}, journal = {IEEE Transactions on Biomedical Circuits and Systems}, year = 2022, month = {December}, volume = 16, number = 6, pages = {1106--1115}, publisher = {IEEE}, copyright = {IEEE}, DOI = {10.1109/TBCAS.2022.3218889}, URL = {https://www.cs.dartmouth.edu/~kotz/research/odame-chewing/index.html}, abstract = {We present a novel gated recurrent neural network to detect when a person is chewing on food. We implemented the neural network as a custom analog integrated circuit in a 0.18 {$\mu$}m CMOS technology. The neural network was trained on 6.4 hours of data collected from a contact microphone that was mounted on volunteers' mastoid bones. When tested on 1.6 hours of previously-unseen data, the analog neural network identified chewing events at a 24-second time resolution. It achieved a recall of 91\% and an F1-score of 94\% while consuming 1.1 {$\mu$}W of power. A system for detecting whole eating episodes--- like meals and snacks--- that is based on the novel analog neural network consumes an estimated 18.8 {$\mu$}W of power.}, } @Article{perez:presence, author = {Beatrice Perez and Gregory Mazzaro and Timothy J. Pierson and David Kotz}, title = {{Detecting the Presence of Electronic Devices in Smart Homes Using Harmonic Radar}}, journal = {Remote Sensing}, year = 2022, month = {January}, volume = 14, number = 2, articleno = 327, numpages = 18, publisher = {MDPI}, copyright = {open-access (Creative Commons Attribution)}, DOI = {10.3390/rs14020327}, URL = {https://www.cs.dartmouth.edu/~kotz/research/perez-presence/index.html}, note = {Special issue on Nonlinear Junction Detection and Harmonic Radar}, abstract = {Data about users is collected constantly by phones, cameras, Internet websites, and others. The advent of so-called `Smart Things' now enable ever-more sensitive data to be collected inside that most private of spaces: the home. The first step in helping users regain control of their information (inside their home) is to alert them to the presence of potentially unwanted electronics. In this paper, we present a system that could help homeowners (or home dwellers) find electronic devices in their living space. Specifically, we demonstrate the use of harmonic radars (sometimes called nonlinear junction detectors), which have also been used in applications ranging from explosives detection to insect tracking. We adapt this radar technology to detect consumer electronics in a home setting and show that we can indeed accurately detect the presence of even `simple' electronic devices like a smart lightbulb. We evaluate the performance of our radar in both wired and over-the-air transmission scenarios.}, } @PhdThesis{hardin:thesis, author = {Taylor Hardin}, title = {{Information Provenance for Mobile Health Data}}, school = {Dartmouth Computer Science}, year = 2022, month = {May}, copyright = {the author}, address = {Hanover, NH}, URL = {https://www.cs.dartmouth.edu/~kotz/research/hardin-thesis/index.html}, abstract = { Mobile health (mHealth) apps and devices are increasingly popular for health research, clinical treatment and personal wellness, as they offer the ability to continuously monitor aspects of individuals' health as they go about their everyday activities. Many believe that combining the data produced by these mHealth apps and devices may give healthcare-related service providers and researchers a more holistic view of an individual's health, increase the quality of service, and reduce operating costs. For such mHealth data to be considered useful though, data consumers need to be assured that the authenticity and the integrity of the data has remained intact --- especially for data that may have been created through a series of aggregations and transformations on many input data sets. In other words, \emph{information provenance} should be one of the main focuses for any system that wishes to facilitate the sharing of sensitive mHealth data. Creating such a trusted and secure data sharing ecosystem for mHealth apps and devices is difficult, however, as they are implemented with different technologies and managed by different organizations. Furthermore, many mHealth devices use ultra-low-power micro-controllers, which lack the kinds of sophisticated Memory Management Units (MMUs) required to sufficiently isolate sensitive application code and data. \par In this thesis, we present an end-to-end solution for providing information provenance for mHealth data, which begins by securing mHealth data at its source: the mHealth device. To this end, we devise a memory-isolation method that combines compiler-inserted code and Memory Protection Unit (MPU) hardware to protect application code and data on ultra-low-power micro-controllers. Then we address the security of mHealth data outside of the source (e.g., data that has been uploaded to smartphone or remote-server) with our health-data system, Amanuensis, which uses Blockchain and Trusted Execution Environment (TEE) technologies to provide confidential, yet verifiable, data storage and computation for mHealth data. Finally, we look at identity privacy and data freshness issues introduced by the use of blockchain and TEEs. Namely, we present a privacy-preserving solution for blockchain transactions, and a freshness solution for data access-control lists retrieved from the blockchain. }, } @MastersThesis{malik:thesis, author = {Namya Malik}, title = {{SPLICEcube Architecture: An Extensible Wi-Fi Monitoring Architecture for Smart-Home Networks}}, school = {Dartmouth Computer Science}, year = 2022, month = {May}, copyright = {the author}, address = {Hanover, NH}, URL = {https://www.cs.dartmouth.edu/~kotz/research/malik-thesis/index.html}, abstract = { The vision of smart homes is rapidly becoming a reality, as the Internet of Things and other smart devices are deployed widely. Although smart devices offer convenience, they also create a significant management problem for home residents. With a large number and variety of devices in the home, residents may find it difficult to monitor, or even locate, devices. A central controller that brings all the home's smart devices under secure management and a unified interface would help homeowners and residents track and manage their devices.\par We envision a solution called the SPLICEcube whose goal is to detect smart devices, locate them in three dimensions within the home, securely monitor their network traffic, and keep an inventory of devices and important device information throughout the device's lifecycle. The SPLICEcube system consists of the following components: 1) a main \emph{cube}, which is a centralized hub that incorporates and expands on the functionality of the home router, 2) a \emph{database} that holds network data, and 3) a set of support \emph{cubelets} that can be used to extend the range of the network and assist in gathering network data.\par To deliver this vision of identifying, securing, and managing smart devices, we introduce an architecture that facilitates intelligent research applications (such as network anomaly detection, intrusion detection, device localization, and device firmware updates) to be integrated into the SPLICEcube. In this thesis, we design a general-purpose Wi-Fi architecture that underpins the SPLICEcube. The architecture specifically showcases the functionality of the cubelets (Wi-Fi frame detection, Wi-Fi frame parsing, and transmission to cube), the functionality of the cube (routing, reception from cubelets, information storage, data disposal, and research application integration), and the functionality of the database (network data storage). We build and evaluate a prototype implementation to demonstrate our approach is \emph{scalable} to accommodate new devices and \emph{extensible} to support different applications. Specifically, we demonstrate a successful proof-of-concept use of the SPLICEcube architecture by integrating a security research application: an "Inside-Outside detection" system that classifies an observed Wi-Fi device as being inside or outside the home.}, } @Misc{vandenbussche:thesis, author = {Adam Vandenbussche}, title = {{TorSH: Obfuscating consumer Internet-of-Things traffic with a collaborative smart-home router network}}, school = {Dartmouth Computer Science}, year = 2022, month = {June}, copyright = {the author}, address = {Hanover, NH}, URL = {https://www.cs.dartmouth.edu/~kotz/research/vandenbussche-thesis/index.html}, note = {Undergraduate Thesis}, abstract = {When consumers install Internet-connected "smart devices" in their homes, metadata arising from the communications between these devices and their cloud-based service providers enables adversaries privy to this traffic to profile users, even when adequate encryption is used. Internet service providers (ISPs) are one potential adversary privy to users' incoming and outgoing Internet traffic and either currently use this insight to assemble and sell consumer advertising profiles or may in the future do so. With existing defenses against such profiling falling short of meeting user preferences and abilities, there is a need for a novel solution that empowers consumers to defend themselves against profiling by ISP-like actors and that is more in tune with their wishes. In this thesis, we present The Onion Router for Smart Homes (TorSH), a network of smart-home routers working collaboratively to defend smart-device traffic from analysis by ISP-like adversaries. We demonstrate that TorSH succeeds in deterring such profiling while preserving smart-device experiences and without encumbering latency-sensitive, non-smart-device experiences like web browsing.}, } @Article{marsch:dtect-protocol, author = {Lisa A. Marsch and Ching-Hua Chen and Sara R. Adams and Asma Asyyed and Monique B. Does and Saeed Hassanpour and Emily Hichborn and Melanie Jackson-Morris and Nicholas C. Jacobson and Heather K. Jones and David Kotz and Chantal A. Lambert-Harris and Zhiguo Li and Bethany McLeman and Varun Mishra and Catherine Stanger and Geetha Subramaniam and Weiyi Wu and Cynthia I. Campbell}, title = {{The Feasibility and Utility of Harnessing Digital Health to Understand Clinical Trajectories in Medication Treatment for Opioid Use Disorder: D-TECT Study Design and Methodological Considerations}}, journal = {Frontiers in Psychiatry}, year = 2022, month = {April}, day = 29, volume = 13, articleno = 871916, numpages = 12, publisher = {Frontiers}, copyright = {the authors}, DOI = {10.3389/fpsyt.2022.871916}, URL = {https://www.cs.dartmouth.edu/~kotz/research/marsch-dtect-protocol/index.html}, note = {Section: Addictive Disorders}, abstract = { \emph{Introduction:} Across the U.S., the prevalence of opioid use disorder (OUD) and the rates of opioid overdoses have risen precipitously in recent years. Several effective medications for OUD (MOUD) exist and have been shown to be life-saving. A large volume of research has identified a confluence of factors that predict attrition and continued substance use during substance use disorder treatment. However, much of this literature has examined a small set of potential moderators or mediators of outcomes in MOUD treatment and may lead to over-simplified accounts of treatment non-adherence. Digital health methodologies offer great promise for capturing intensive, longitudinal ecologically-valid data from individuals in MOUD treatment to extend our understanding of factors that impact treatment engagement and outcomes. \par \emph{Methods:} This paper describes the protocol (including the study design and methodological considerations) from a novel study supported by the National Drug Abuse Treatment Clinical Trials Network at the National Institute on Drug Abuse (NIDA). This study (D-TECT) primarily seeks to evaluate the feasibility of collecting ecological momentary assessment (EMA), smartphone and smartwatch sensor data, and social media data among patients in outpatient MOUD treatment. It secondarily seeks to examine the utility of EMA, digital sensing, and social media data (separately and compared to one another) in predicting MOUD treatment retention, opioid use events, and medication adherence [as captured in electronic health records (EHR) and EMA data]. To our knowledge, this is the first project to include all three sources of digitally derived data (EMA, digital sensing, and social media) in understanding the clinical trajectories of patients in MOUD treatment. These multiple data streams will allow us to understand the relative and combined utility of collecting digital data from these diverse data sources. The inclusion of EHR data allows us to focus on the utility of digital health data in predicting objectively measured clinical outcomes. \par \emph{Discussion:} Results may be useful in elucidating novel relations between digital data sources and OUD treatment outcomes. It may also inform approaches to enhancing outcomes measurement in clinical trials by allowing for the assessment of dynamic interactions between individuals' daily lives and their MOUD treatment response. \par \emph{Clinical Trial Registration:} Identifier: NCT04535583.}, annote = {This article is part of the Research Topic "Novel Treatment Approaches and Future Directions in Substance Use Disorders".}, } @InProceedings{mazzaro:preliminary, author = {Gregory Mazzaro and Kyle Gallagher and Kelly Sherbondy and Alex Bouvy and Beatrice Perez and Timothy Pierson and David Kotz}, title = {{Harmonic response vs. target orientation: a preliminary study of the effect of polarization on nonlinear junction detection}}, booktitle = {{Proceedings of the SPIE Radar Sensor Technology XXVI}}, year = 2022, month = {May}, day = 27, volume = 12108, articleno = 1210803, numpages = 21, publisher = {Society of Photo-Optical Instrumentation Engineers}, copyright = {SPIE}, DOI = {10.1117/12.2617881}, URL = {https://www.cs.dartmouth.edu/~kotz/research/mazzaro-preliminary/index.html}, abstract = {When an electromagnetically-nonlinear radar target is illuminated by a high-power stepped-frequency probe, a sequence of harmonics is unintentionally emitted by that target. Detection of the target is accomplished by receiving stimulated emissions somewhere in the sequence, while ranging is accomplished by processing amplitude and phase recorded at multiple harmonics across the sequence. The strength of the harmonics reflected from an electronic target depends greatly upon the orientation of that target (or equivalently, the orientation of the radar antennas). Data collected on handheld wireless devices reveals the harmonic angular-dependence of commercially-available electronics. Data collected on nonlinearly-terminated printed circuit boards implies the origin of this dependency. The results of this work suggest that electronic targets may be classified and ultimately identified by their unique harmonic-response-vs.-angle patterns.}, } @Article{spangler:privacy, author = { Spangler, Hillary B. and Driesse, Tiffany M. and Lynch, David H. and Liang, Xiaohui and Roth, Robert M. and Kotz, David and Fortuna, Karen and Batsis, John A. }, title = {{Privacy Concerns of Older Adults Using Voice Assistant Systems}}, journal = {Journal of the American Geriatrics Society}, year = 2022, month = {August}, day = 26, volume = 70, number = 12, pages = {3643--3647}, publisher = {Wiley}, copyright = {The American Geriatrics Society}, DOI = {10.1111/jgs.18009}, URL = {https://www.cs.dartmouth.edu/~kotz/research/spangler-privacy/index.html}, abstract = {Voice assistant systems (VAS) are software platforms that complete various tasks using voice commands. It is necessary to understand the juxtaposition of younger and older adults' VAS privacy concerns as younger adults may have different concerns impacting VAS acceptance. Therefore, we examined the differences in VAS related privacy concerns across the lifespan. }, } @Article{boateng:stepcount, author = {George Boateng and Curtis L. Petersen and David Kotz and Karen L. Fortuna and Rebecca Masutani and John A. Batsis}, title = {{A Smartwatch Step-Counting App for Older Adults: Development and Evaluation Study}}, journal = {JMIR Aging}, year = 2022, month = {August}, day = 10, volume = 5, number = 3, articleno = {e33845}, numpages = 11, publisher = {JMIR Publications}, copyright = {the authors}, DOI = {10.2196/33845}, URL = {https://www.cs.dartmouth.edu/~kotz/research/boateng-stepcount/index.html}, abstract = {\emph{Background:} Older adults who engage in physical activity can reduce their risk of mobility impairment and disability. Short amounts of walking can improve quality of life, physical function, and cardiovascular health. Various programs have been implemented to encourage older adults to engage in physical activity, but sustaining their motivation continues to be a challenge. Ubiquitous devices, such as mobile phones and smartwatches, coupled with machine-learning algorithms, can potentially encourage older adults to be more physically active. Current algorithms that are deployed in consumer devices (eg, Fitbit) are proprietary, often are not tailored to the movements of older adults, and have been shown to be inaccurate in clinical settings. Step-counting algorithms have been developed for smartwatches, but only using data from younger adults and, often, were only validated in controlled laboratory settings. \par \emph{Objective:} We sought to develop and validate a smartwatch step-counting app for older adults and evaluate the algorithm in free-living settings over a long period of time. \par \emph{Methods:} We developed and evaluated a step-counting app for older adults on an open-source wrist-worn device (Amulet). The app includes algorithms to infer the level of physical activity and to count steps. We validated the step-counting algorithm in the lab (counting steps from a video recording, n{$=$}20) and in free-living conditions---one 2-day field study (n{$=$}6) and two 12-week field studies (using the Fitbit as ground truth, n{$=$}16). During app system development, we evaluated 4 walking patterns: normal, fast, up and down a staircase, and intermittent speed. For the field studies, we evaluated 5 different cut-off values for the algorithm, using correlation and error rate as the evaluation metrics. \par \emph{Results:} The step-counting algorithm performed well. In the lab study, for normal walking (R2{$=$}0.5), there was a stronger correlation between the Amulet steps and the video-validated steps; for all activities, the Amulet's count was on average 3.2 (2.1\%) steps lower (SD 25.9) than the video-validated count. For the 2-day field study, the best parameter settings led to an association between Amulet and Fitbit (R2{$=$}0.989) and 3.1\% (SD 25.1) steps lower than Fitbit, respectively. For the 12-week field study, the best parameter setting led to an R2 value of 0.669. \par \emph{Conclusions:} Our findings demonstrate the importance of an iterative process in algorithm development before field-based deployment. This work highlights various challenges and insights involved in developing and validating monitoring systems in real-world settings. Nonetheless, our step-counting app for older adults had good performance relative to the ground truth (a commercial Fitbit step counter). Our app could potentially be used to help improve physical activity among older adults.}, } @Misc{hardin:patent1, author = {Taylor Hardin and David Kotz}, title = {{Data system with information provenance}}, howpublished = {U.S. Patent application US20210273812A1, based on Provisional Patent application 62/984,045}, year = 2021, month = {September}, URL = {https://www.cs.dartmouth.edu/~kotz/research/hardin-patent1/index.html}, note = {Priority date March 2, 2020. Application March 2, 2021. Publication date September 2, 2021. Notice of Allowance November 19, 2024.}, abstract = { A secure, integrated data system and method users both blockchain and Trusted Execution Environment (TEE) technologies to achieve information provenance for data, particularly, mobile health device data. Using a blockchain to record and enforce data access policies removes the need to trust a single entity with gatekeeping the health data. Instead, participants form a consortium and collectively partake in verifying and enforcing access policies for data stored in private data silos. Data access and computation takes place inside of TEEs, which preserves data confidentiality and provides a verifiable attestation that can be stored on the blockchain for the purpose of information provenance.}, } @Article{batsis:rural, author = {John A. Batsis and Curtis L. Petersen and Matthew M. Clark and Summer B. Cook and David Kotz and Tyler L. Gooding and Meredith N. Roderka and Rima I. Al-Nimr and Dawna Pidgeon and Ann Haedrich and K.C. Wright and Christina Aquila and Todd A. Mackenzie}, title = {{Feasibility and acceptability of a technology-based, rural weight management intervention in older adults with obesity}}, journal = {BMC Geriatrics}, year = 2021, month = {January}, volume = 21, articleno = 44, numpages = 13, publisher = {BMC}, copyright = {the authors}, DOI = {10.1186/s12877-020-01978-x}, PMID = 33435877, URL = {https://www.cs.dartmouth.edu/~kotz/research/batsis-rural/index.html}, abstract = {\emph{Background:} Older adults with obesity residing in rural areas have reduced access to weight management programs. We determined the feasibility, acceptability and preliminary outcomes of an integrated technology-based health promotion intervention in rural-living, older adults using remote monitoring and synchronous video-based technology. \par \emph{Methods:} A 6-month, non-randomized, non-blinded, single-arm study was conducted from October 2018 to May 2020 at a community-based aging center of adults aged {$\geq$}65 years with a body mass index (BMI) {$\geq$}30 kg/m2. Weekly dietitian visits focusing on behavior therapy and caloric restriction and twice-weekly physical therapist-led group strength, flexibility and balance training classes were delivered using video-conferencing to participants in their homes. Participants used a Fitbit Alta HR for remote monitoring with data feedback provided by the interventionists. An aerobic activity prescription was provided and monitored. \par \emph{Results:} Mean age was 72.9{$\pm$}3.9 years (82\% female). Baseline anthropometric measures of weight, BMI, and waist circumference were 97.8{$\pm$}16.3 kg, 36.5{$\pm$}5.2 kg/m2, and 115.5{$\pm$}13.0 cm, respectively. A total of 142 participants were screened (n{$=$}27 ineligible), and 53 consented. There were nine dropouts (17\%). Overall satisfaction with the trial (4.7+0.6, scale: 1 (low) to 5 (high)) and with Fitbit (4.2+0.9) were high. Fitbit was worn an average of 81.7{$\pm$}19.3\% of intervention days. In completers, mean weight loss was 4.6{$\pm$}3.5 kg or 4.7{$\pm$}3.5\% (p{$<$}0.001). Physical function measures of 30-s sit-to-stand repetitions increased from 13.5{$\pm$}5.7 to 16.7{$\pm$}5.9 (p{$<$}0.001), 6-min walk improved by 42.0{$\pm$}77.3 m (p{$=$}0.005) but no differences were observed in gait speed or grip strength. Subjective measures of late-life function improved (3.4{$\pm$}4.7 points, p{$<$}0.001). \par \emph{Conclusions:} A technology-based obesity intervention is feasible and acceptable to older adults with obesity and may lead to weight loss and improved physical function.}, } @Article{batsis:weight-loss, author = {John A. Batsis and Curtis L. Petersen and Matthew M. Clark and Summer B. Cook and Francisco Lopez-Jimenez and Rima I. Al-Nimr and Dawna Pidgeon and David Kotz and Todd A. Mackenzie and Steven J. Bartels}, title = {{A Weight-Loss Intervention Augmented by a Wearable Device in Rural Older Adults with Obesity: A Feasibility Study}}, journal = {Journals of Gerontology - Series A: Biological Sciences and Medical Sciences}, year = 2021, month = {January}, volume = 76, number = 1, pages = {95--100}, publisher = {Oxford Academic}, copyright = {the authors}, DOI = {10.1093/gerona/glaa115}, URL = {https://www.cs.dartmouth.edu/~kotz/research/batsis-weight-loss/index.html}, note = {First published 8 May 2020}, abstract = { \emph{Background:} Older persons with obesity aged 65+ residing in rural areas have reduced access to weight management programs due to geographic isolation. The ability to integrate technology into health promotion interventions shows a potential to reach this underserved population. \par \emph{Methods:} A 12-week pilot in 28 older rural adults with obesity (body mass index [BMI] {$\geq$} 30 kg/m2) was conducted at a community aging center. The intervention consisted of individualized, weekly dietitian visits focusing on behavior therapy and caloric restriction with twice weekly physical therapist-led group strengthening training classes in a community-based aging center. All participants were provided a Fitbit Flex 2. An aerobic activity prescription outside the strength training classes was provided. \par \emph{Results:} Mean age was 72.9 {$\pm$} 5.3 years (82\% female). Baseline BMI was 37.1 kg/m2, and waist circumference was 120.0 {$\pm$} 33.0 cm. Mean weight loss (pre/post) was 4.6 {$\pm$} 3.2 kg (4.9 {$\pm$} 3.4\%; p {$<$} .001). Of the 40 eligible participants, 33 (75\%) enrolled, and the completion rate was high (84.8\%). Objective measures of physical function improved at follow-up: 6-minute walk test improved: 35.7 {$\pm$} 41.2 m (p {$<$} .001); gait speed improved: 0.10 {$\pm$} 0.24 m/s (p {$=$} .04); and five-times sit-to-stand improved by 2.1 seconds (p {$<$} .001). Subjective measures of late-life function improved (5.2 {$\pm$} 7.1 points, p {$=$} .003), as did Patient-Reported Outcome Measurement Information Systems mental and physical health scores (5.0 {$\pm$} 5.7 and 4.4 {$\pm$} 5.0, both p {$<$} .001). Participants wore their Fitbit 93.9\% of all intervention days, and were overall satisfied with the trial (4.5/5.0, 1--5 low--high) and with Fitbit (4.0/5.0). \par \emph{Conclusions:} A multicomponent obesity intervention incorporating a wearable device is feasible and acceptable to older adults with obesity, and potentially holds promise in enhancing health. }, } @TechReport{bi:video-tr, author = {Shengjie Bi and David Kotz}, title = {{Eating detection with a head-mounted video camera}}, institution = {Dartmouth Computer Science}, year = 2021, month = {December}, number = {TR2021-1002}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/bi-video-tr/index.html}, abstract = {In this paper, we present a computer-vision based approach to detect eating. Specifically, our goal is to develop a wearable system that is effective and robust enough to automatically detect when people eat, and for how long. We collected video from a cap-mounted camera on 10 participants for about 55 hours in free-living conditions. We evaluated performance of eating detection with four different Convolutional Neural Network (CNN) models. The best model achieved accuracy 90.9\% and F1 score 78.7\% for eating detection with a 1-minute resolution. We also discuss the resources needed to deploy a 3D CNN model in wearable or mobile platforms, in terms of computation, memory, and power. We believe this paper is the first work to experiment with video-based (rather than image-based) eating detection in free-living scenarios.}, } @Article{hardin:amanuensis, author = {Taylor Hardin and David Kotz}, title = {{Amanuensis: Information Provenance for Health-Data Systems}}, journal = {Journal of Information Systems Management and Security}, year = 2021, month = {March}, volume = 58, number = 2, articleno = 102460, numpages = 21, publisher = {Elsevier}, copyright = {Elsevier}, DOI = {10.1016/j.ipm.2020.102460}, URL = {https://www.cs.dartmouth.edu/~kotz/research/hardin-amanuensis/index.html}, abstract = {Mobile health (mHealth) apps and devices are increasingly popular for health research, clinical treatment, and personal wellness, as they offer the ability to continuously monitor aspects of individuals' health as they go about their everyday activities. Combining the data produced by these mHealth devices may give healthcare providers a more holistic view of a patient's health, increase the level of patient care, and reduce operating costs. Creating a trusted and secure data sharing ecosystem for mHealth devices is difficult, however, as devices are implemented with different technologies and managed by different organizations. To address these issues, we present \emph{Amanuensis:} a concept for a secure, integrated healthcare data system that leverages Blockchain and Trusted Execution Environment (TEE) technologies to achieve information provenance for mHealth data. By using a blockchain to record and enforce data-access policies, we remove the need to trust a single entity with gate-keeping the health data. Instead, participating organizations form a consortium to share responsibility for verifying data integrity and enforcing access policies for data stored in private data silos. Data accesses and computations take place inside of TEEs to preserve data confidentiality and to provide a verifiable attestation report that can be stored on the blockchain for the purpose of information provenance. We evaluate a prototype implementation of Amanuensis -- built using Intel SGX trusted execution hardware and the VeChain Thor blockchain platform -- which shows that Amanuensis is capable of supporting up to 14,256,000 mHealth data sources at \$0.07 per data source per day.}, } @Article{koch:car-receptivity, author = {Kevin Koch and Varun Mishra and Shu Liu and Thomas Berger and Elgar Fleisch and David Kotz and Felix Wortmann}, title = {{When Do Drivers Interact with In-vehicle Well-being Interventions? An Exploratory Analysis of a Longitudinal Study on Public Roads}}, journal = {Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies (IMWUT)}, year = 2021, month = {March}, volume = 5, number = 1, articleno = 19, numpages = 30, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/3448116}, URL = {https://www.cs.dartmouth.edu/~kotz/research/koch-car-receptivity/index.html}, abstract = {Recent developments of novel in-vehicle interventions show the potential to transform the otherwise routine and mundane task of commuting into opportunities to improve the drivers' health and well-being. Prior research has explored the effectiveness of various in-vehicle interventions and has identified moments in which drivers could be interruptible to interventions. All the previous studies, however, were conducted in either simulated or constrained real-world driving scenarios on a pre-determined route. In this paper, we take a step forward and evaluate when drivers interact with in-vehicle interventions in unconstrained free-living conditions. \par To this end, we conducted a two-month longitudinal study with 10 participants, in which each participant was provided with a study car for their daily driving needs. We delivered two in-vehicle interventions - each aimed at improving affective well-being - and simultaneously recorded the participants' driving behavior. In our analysis, we found that several pre-trip characteristics (like trip length, traffic flow, and vehicle occupancy) and the pre-trip affective state of the participants had significant associations with whether the participants started an intervention or canceled a started intervention. Next, we found that several in-the-moment driving characteristics (like current road type, past average speed, and future brake behavior) showed significant associations with drivers' responsiveness to the intervention. Further, we identified several driving behaviors that "negated" the effectiveness of interventions and highlight the potential of using such "negative" driving characteristics to better inform intervention delivery. Finally, we compared trips with and without intervention and found that both interventions employed in our study did not have a negative effect on driving behavior. Based on our analyses, we provide solid recommendations on how to deliver interventions to maximize responsiveness and effectiveness and minimize the burden on the drivers.}, } @InProceedings{martinez:poster, author = {Eduardo Antonio Ma{\~{n}}as-Mart{\'{\i}}nez and Elena Cabrera and Katarzyna Wasielewska and David Kotz and Jos{\'{e}} Camacho}, title = {{Mining social interactions in connection traces of a campus Wi-Fi network}}, booktitle = {{Proceedings of the SIGCOMM Poster and Demo Sessions}}, year = 2021, month = {August}, numpages = 3, pages = {6--8}, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/3472716.3472844}, URL = {https://www.cs.dartmouth.edu/~kotz/research/martinez-poster/index.html}, abstract = {Wi-Fi technologies have become one of the most popular means for Internet access. As a result, the use of mobile devices has become ubiquitous and instrumental for society. A device can be identified through its MAC address within an autonomous system. Although some devices attempt to anonymize MAC addresses via randomization, these techniques are not used once the device is associated to the network. As a result, device identification poses a privacy problem in large-scale (e.g., campus-wide) Wi-Fi deployments: if the mobile device can be located, the user who carries that device can also be located. In turn, location information leads to the possibility to extract private knowledge from Wi-Fi users, like social interactions, movement habits, and so forth. \par In this poster we report preliminary work in which we infer social interactions of individuals from Wi-Fi connection traces in the campus network at Dartmouth College. We make the following contributions: (i) we propose several definitions of a pseudocorrelation matrix from Wi-Fi connection traces, which measure similarity between devices or users according to their temporal association profile to the Access Points (APs); (ii) we evaluate the accuracy of these pseudo-correlation variants in a simulation environment; and (iii) we contrast results with those found on a real trace.}, } @Article{mishra:receptivity, author = {Varun Mishra and Florian K{\"{u}}nzler and Jan-Niklas Kramer and Elgar Fleisch and Tobias Kowatsch and David Kotz}, title = {{Detecting Receptivity for mHealth Interventions in the Natural Environment}}, journal = {Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies (IMWUT/UbiComp)}, year = 2021, month = {June}, volume = 5, number = 2, articleno = 74, numpages = 24, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/3463492}, URL = {https://www.cs.dartmouth.edu/~kotz/research/mishra-receptivity/index.html}, abstract = { Just-In-Time Adaptive Intervention (JITAI) is an emerging technique with great potential to support health behavior by providing the right type and amount of support at the right time. A crucial aspect of JITAIs is properly timing the delivery of interventions, to ensure that a user is receptive and ready to process and use the support provided. Some prior works have explored the association of context and some user-specific traits on receptivity, and have built post-study machine-learning models to detect receptivity. For effective intervention delivery, however, a JITAI system needs to make in-the-moment decisions about a user's receptivity. To this end, we conducted a study in which we deployed machine-learning models to detect receptivity in the natural environment, i.e., in free-living conditions. \par We leveraged prior work regarding receptivity to JITAIs and deployed a chatbot-based digital coach - Ally - that provided physical-activity interventions and motivated participants to achieve their step goals. We extended the original Ally app to include two types of machine-learning model that used contextual information about a person to predict when a person is receptive: a \emph{static model} that was built before the study started and remained constant for all participants and an \emph{adaptive model} that continuously learned the receptivity of individual participants and updated itself as the study progressed. For comparison, we included a \emph{control model} that sent intervention messages at random times. The app randomly selected a delivery model for each intervention message. We observed that the machine-learning models led up to a 40\% improvement in receptivity as compared to the control model. Further, we evaluated the temporal dynamics of the different models and observed that receptivity to messages from the adaptive model increased over the course of the study.}, } @InProceedings{peters:via, author = {Travis Peters and Timothy J. Pierson and Sougata Sen and Jos{\'{e}} Camacho and David Kotz}, title = {{Recurring Verification of Interaction Authenticity Within Bluetooth Networks}}, booktitle = {{Proceedings of the ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec 2021)}}, year = 2021, month = {June}, pages = {192--203}, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/3448300.3468287}, URL = {https://www.cs.dartmouth.edu/~kotz/research/peters-via/index.html}, abstract = {Although user authentication has been well explored, device-to-device authentication -- specifically in Bluetooth networks -- has not seen the same attention. We propose Verification of Interaction Authenticity (VIA) -- a recurring authentication scheme based on evaluating characteristics of the communications (interactions) between devices. We adapt techniques from wireless traffic analysis and intrusion detection systems to develop behavioral models that capture typical, authentic device interactions (behavior); these models enable recurring verification of device behavior. To evaluate our approach we produced a new dataset consisting of more than 300 Bluetooth network traces collected from 20 Bluetooth-enabled smart-health and smart-home devices. In our evaluation, we found that devices can be correctly verified at a variety of granularities, achieving an F1-score of 0.86 or better in most cases.}, } @Article{sen:vibering-j, author = {Sougata Sen and David Kotz}, title = {{VibeRing: Using vibrations from a smart ring as an out-of-band channel for sharing secret keys}}, journal = {Journal of Pervasive and Mobile Computing}, year = 2021, month = {December}, volume = 78, articleno = 101505, numpages = 16, publisher = {Elsevier}, copyright = {Elsevier}, DOI = {10.1016/j.pmcj.2021.101505}, URL = {https://www.cs.dartmouth.edu/~kotz/research/sen-vibering-j/index.html}, abstract = {Many Internet of Things (IoT) devices are capable of sensing their environment, communicating with other devices, and actuating on their environment. Some of these IoT devices, herein known as ``smartThings'', collect meaningful information from raw data when they are in use and in physical contact with their user (e.g., a blood-glucose monitor); the smartThing's wireless connectivity allows it to transfer that data to its user's trusted device, such as a smartphone. However, an adversary could impersonate the user and bootstrap a communication channel with the smartThing while the smartThing is being used by an oblivious legitimate user. \par To address this problem, in this paper, we investigate the use of \emph{vibration}, generated by a smartRing, as an out-of-band communication channel to unobtrusively share a secret with a smartThing. This exchanged secret can be used to bootstrap a secure wireless channel over which the smartphone (or another trusted device) and the smartThing can communicate. We present the design, implementation, and evaluation of this system, which we call \emph{VibeRing}. We describe the hardware and software details of the smartThing and smartRing. Through a user study we demonstrate that it is possible to share a secret with various objects quickly, accurately and securely as compared to several existing techniques. Overall, we successfully exchange a secret between a smartRing and various smartThings, at least 85.9\% of the time. We show that \emph{VibeRing} can perform this exchange at 12.5 bits/second at a bit error rate of less than 2.5\%. We also show that \emph{VibeRing} is robust to the smartThing's constituent material as well as the holding style. Finally, we demonstrate that a nearby adversary cannot decode or modify the message exchanged between the trusted devices. }, } @Article{seo:theraband, author = {Lillian M. Seo and Curtis L. Petersen and Ryan J. Halter and David F. Kotz and Karen L. Fortuna and John A. Batsis}, title = {{Usability Assessment of a Bluetooth-Enabled Resistance Exercise Band Among Young Adults}}, journal = {Health Technology}, year = 2021, month = {April}, volume = 5, number = 4, publisher = { AME Publishing}, copyright = {Health Technology}, DOI = {10.21037/ht-20-22}, URL = {https://www.cs.dartmouth.edu/~kotz/research/seo-theraband/index.html}, abstract = { \emph{Background:} Resistance-based exercises effectively enhance muscle strength, which is especially important in older populations as it reduces the risk of disability. Our group developed a Bluetooth-enabled handle for resistance exercise bands that wirelessly transmits relative force data through low-energy Bluetooth to a local smartphone or similar device. We present a usability assessment that evaluates an exercise system featuring a novel Bluetooth-enabled resistance exercise band, ultimately intended to expand the accessibility of resistance training through technology-enhanced home-based exercise programs for older adults. Although our target population is older adults, we assess the user experience among younger adults as a convenient and meaningful starting point in the testing and development of our device. \par \emph{Methods:} There were 32 young adults participating in three exercise sessions with the exercise band, after which each completed an adapted version of the Usefulness, Satisfaction, and Ease (USE) questionnaire to characterize the exercise system's strengths and weaknesses in usability. \par \emph{Results:} Questionnaire data reflected a positive and consistent user experience, with all 20 items receiving mean scores greater than 5.0 on a seven-point Likert scale. There were no specific areas of significant weakness in the device's user experience. \par \emph{Conclusions:} The positive reception among young adults is a promising indication that the device can be successfully incorporated into exercise interventions and that the system can be further developed and tested for the target population of older adults.}, } @PhdThesis{bi:thesis, author = {Shengjie Bi}, title = {{Detection of health-related behaviours using head-mounted devices}}, school = {Dartmouth Computer Science}, year = 2021, month = {May}, copyright = {the author}, address = {Hanover, NH}, URL = {https://www.cs.dartmouth.edu/~kotz/research/bi-thesis/index.html}, note = {PhD Dissertation}, abstract = { The detection of health-related behaviors is the basis of many mobile-sensing applications for healthcare and can trigger other inquiries or interventions. Wearable sensors have been widely used for mobile sensing due to their ever-decreasing cost, ease of deployment, and ability to provide continuous monitoring. In this dissertation, we develop a generalizable approach to sensing eating-related behavior. \par First, we developed Auracle, a wearable earpiece that can automatically detect eating episodes. Using an off-the-shelf contact microphone placed behind the ear, Auracle captures the sound of a person chewing as it passes through the head. This audio data is then processed by a custom circuit board. We collected data with 14 participants for 32 hours in free-living conditions and achieved accuracy exceeding 92.8\% and F1 score exceeding77.5\% for eating detection with 1-minute resolution. \par Second, we adapted Auracle for measuring children's eating behavior, and improved the accuracy and robustness of the eating-activity detection algorithms. We used this improved prototype in a laboratory study with a sample of 10 children for 60 total sessions and collected 22.3 hours of data in both meal and snack scenarios. Overall, we achieved 95.5\% accuracy and 95.7\% F1 score for eating detection with 1-minute resolution. \par Third, we developed a computer-vision approach for eating detection in free-living scenarios. Using a miniature head-mounted camera, we collected data with 10 participants for about 55 hours. The camera was fixed under the brim of a cap, pointing to the mouth of the wearer and continuously recording video (but not audio) throughout their normal daily activity. We evaluated performance for eating detection using four different Convolutional Neural Network (CNN) models. The best model achieved 90.9\% accuracy and 78.7\%F1 score for eating detection with 1-minute resolution. Finally, we validated the feasibility of deploying the 3D CNN model in wearable or mobile platforms when considering computation, memory, and power constraints.}, } @Misc{gralla:inside-outside, author = {Paul Gralla}, title = {{An inside vs. outside classification system for Wi-Fi IoT devices}}, school = {Dartmouth Computer Science}, year = 2021, month = {June}, copyright = {the author}, address = {Hanover, NH}, URL = {https://www.cs.dartmouth.edu/~kotz/research/gralla-inside-outside/index.html}, note = {Undergraduate Thesis}, abstract = {We are entering an era in which Smart Devices are increasingly integrated into our daily lives. Everyday objects are gaining computational power to interact with their environments and communicate with each other and the world via the Internet. While the integration of such devices offers many potential benefits to their users, it also gives rise to a unique set of challenges. One of those challenges is to detect whether a device belongs to one's own ecosystem, or to a neighbor -- or represents an unexpected adversary. An important part of determining whether a device is friend or adversary is to detect whether a device's location is within the physical boundaries of one's space (e.g. office, classroom, home). In this thesis we propose a system that is able to decide with 82\% accuracy whether the location of an IoT device is inside or outside of a defined space based on a small number of transmitted Wi- Fi frames. The classification is achieved by leveraging a machine-learning classifier trained and tested on RSSI data of Wi-Fi transmissions recorded by three or more observers. In an initialization phase the classifier is trained by the user on Wi-Fi transmissions of a variety of locations, inside (and outside). The system can be built with off-the-shelf Wi-Fi observing devices that do not require any special hardware modifications. With the exception of the training period, the system can accurately classify the indoor/outdoor state of target devices without any cooperation from the user or from the target devices.}, } @Misc{hong:receptivity, author = {Sarah Hong}, title = {{Exploring the Relationship Between Intrinsic Motivation and Receptivity to mHealth Interventions}}, school = {Dartmouth Computer Science}, year = 2021, month = {June}, copyright = {the author}, address = {Hanover, NH}, URL = {https://www.cs.dartmouth.edu/~kotz/research/hong-receptivity/index.html}, note = {Undergraduate Thesis}, abstract = {Recent research in mHealth has shown the promise of Just-in-Time Adaptive Interventions (JITAIs). JITAIs aim to deliver the right type and amount of support at the right time. Choosing the right delivery time involves determining a user's state of receptivity, that is, the degree to which a user is willing to accept, process, and use the intervention provided. \par Although past work on generic phone notifications has found evidence that users are more likely to respond to notifications with content they view as useful, there is no existing research on whether users' intrinsic motivation for the underlying topic of mHealth interventions affects their receptivity. In this work, we explore whether relationships exist between intrinsic motivation and receptivity across topics and within topics for mHealth interventions. To this end, we conducted a study with 20 participants over 3 weeks, where participants received interventions about mental health, COVID-19, physical activity, and diet \& nutrition. The interventions were delivered by the chatbot-based iOS app called Elena+, and via the MobileCoach platform. \par Our exploratory analysis found that significant differences in mean intrinsic motivation scores across topics were not associated with differences in mean receptivity metrics across topics. We also found that positive relationships exist between intrinsic motivation measures and receptivity for interventions about a topic.}, } @PhdThesis{mishra:thesis, author = {Varun Mishra}, title = {{Towards Effective Delivery of Digital Interventions for Mental and Behavioral Health}}, school = {Dartmouth Computer Science}, year = 2021, month = {September}, copyright = {the author}, address = {Hanover, NH}, URL = {https://www.cs.dartmouth.edu/~kotz/research/mishra-thesis/index.html}, abstract = {The pervasiveness of sensor-rich mobile, wearable, and IoT devices has enabled researchers to passively sense various user traits and characteristics, which in turn have the potential to detect and predict different mental and behavioral health outcomes. Upon detecting or anticipating a negative outcome, the same devices can be used to deliver in-the-moment in- terventions and support to help users. One important factor that determines the effectiveness of digital health interventions is delivering them at the right time: (1) when a person needs support, i.e., at or before the onset of a negative outcome, or a psychological or contextual state that might lead to that outcome (state-of-vulnerability); and (2) when a person is able and willing to receive, process, and use the support provided (state-of-receptivity). In this dissertation, we present our work on determining when to deliver interventions by exploring and detecting both vulnerability and receptivity.\par In the first part of the thesis, we discuss our work on accurate sensing and detection of different states-of-vulnerability. We start by discussing our work on advancing the field of physiological stress sensing. We took the first step towards testing the reproducibility and validity of our methods and machine-learning models for stress detection. To this end, we analyzed data from 90 participants from four independent controlled studies, using two different types of sensors, with different study protocols and research goals. We evaluated new methods to improve the performance of stress-detection models and found that our methods led to a consistent increase in performance across all studies, irrespective of the device type, sensor type, or the type of stressor. Our thorough exploration of reproducibility in a controlled environment provides a critical foundation for deeper study of such methods, and is a prerequisite for tackling reproducibility in free-living conditions. \par Next, we present our work on detecting at-risk indicators for patients undergoing Opioid Use Disorder (OUD) treatment. We conducted a 12-week study with 59 patients undergoing an OUD treatment and collected sensor data, like location, physical activity, sleep, and heart rate, from smartphones and wearables. We used the data collected to formulate low- level contextual features and high-level behavioral features and explored the feasibility of detecting self-reported stress, craving, and mood of the participants. Our results show that adaptive, personalized models can detect different at-risk behaviors with the area under the receiver operating characteristic (AUROC) values of up to 0.85. \par In the second part of this dissertation, we discuss our contributions in the domain of state-of-receptivity for digital health interventions. We start by conducting a study with 189 participants in Switzerland to explore participant receptivity towards actual physical activity behavior change interventions and report novel and significant results, e.g., being more receptive to interventions leads to higher goal completion likelihood. We further built machine-learning models to predict state-of-receptivity and deployed those models in a real-world study with participants in the United States to evaluate their effectiveness. Our results show that participants were more receptive to interventions delivered at moments detected as `receptive' by our models. \par In addition to receptivity in daily living conditions, we explored how participants interact with affective health interventions while driving. We analyzed longitudinal data from 10 participants driving in their day-to-day lives for two months. In this exploratory work, we found that several high-level trip factors (traffic flow, trip length, and vehicle occupancy) and in-the-moment factors (road type, average speed, and braking behavior) showed significant associations with the participant's decision to start or cancel an intervention. Based on our analysis, we provide solid recommendations on delivering interventions to maximize responsiveness and effectiveness and minimize the burden on the drivers. \par Overall, this dissertation makes significant contributions to the respective sub-fields by addressing fundamental challenges, advancing the current state-of-the-art, and contribut- ing new knowledge, thereby laying a solid foundation for designing, implementing, and delivering future digital health interventions.}, } @Misc{myagkov:thesis, author = {Fedor Myagkov}, title = {{Classifying Common Knee Rehabilitation Exercise Mistakes Using IMU Data}}, school = {Dartmouth Computer Science}, year = 2021, month = {June}, copyright = {the author}, address = {Hanover, NH}, URL = {https://www.cs.dartmouth.edu/~kotz/research/myagkov-thesis/index.html}, note = {Undergraduate Thesis}, abstract = {Physical therapy following major surgeries is a branch of medicine that has seen its fair share of technologically inspired advances. One important facet of physical therapy, the ``at-home exercises'' patients are prescribed to do, is still somewhat of a ``black box'' to many physical therapists (PTs). PTs have no way of knowing (1) whether the patient is doing the home exercises, or (2) whether the patient is doing the exercises in the correct and healthy manner. This lack of awareness makes it difficult for the PT to guide the patient, which can often lead to prolonged rehabilitation periods or (sometimes) can create life-long health problems for patients. In this thesis, we provide a means for a PT to remotely monitor patient's performance of at-home exercises. We combined the capabilities of wearable motion sensors with computational algorithms to provide patients feedback on the quality of their performed exercises. We evaluated this approach by asking 20 healthy volunteers to perform popular knee-rehabilitation exercises with various mistakes while wearing motion sensors. After preprocessing and extracting features from the sensor data, we trained machine-learning models on the extracted features. The models showed a high rate of accuracy during testing, which brings us a step closer to giving physical therapists and doctors a tool to automatically and objectively classify certain exercises and mistakes made during those exercises.}, } @Misc{pierson:closetalker-patent, author = {Timothy J. Pierson and Ronald Peterson and David Kotz}, title = {{Apparatuses, Methods, and Software For Secure Short-Range Wireless Communication}}, howpublished = {U.S. Patent 11,153,026}, year = 2021, month = {October}, day = 19, URL = {https://www.cs.dartmouth.edu/~kotz/research/pierson-closetalker-patent/index.html}, note = {Priority date 2017-09-06; WO Filed 2018-09-06, US Filed 2020-02-26, US amendment filed 2021-01-29; Issued 2021-10-19}, abstract = {Apparatuses that provide for secure wireless communications between wireless devices under cover of one or more jamming signals. Each such apparatus includes at least one data antenna and at least one jamming antenna. During secure-communications operations, the apparatus transmits a data signal containing desired data via the at least one data antenna while also at least partially simultaneously transmitting a jamming signal via the at least one jamming antenna. When a target antenna of a target device is in close proximity to the data antenna and is closer to the data antenna than to the jamming antenna, the target device can successfully receive the desired data contained in the data signal because the data signal is sufficiently stronger than the jamming signal within a finite secure-communications envelope due to the Inverse Square Law of signal propagation. Various related methods and machine-executable instructions are also disclosed.}, } @Misc{bi:auracle-patent, author = {Shengjie Bi and Tao Wang and Nicole Tobias and Josephine Nordrum and Robert Halvorsen and Ron Peterson and Kelly Caine and Xing-Dong Yang and Kofi Odame and Ryan Halter and Jacob Sorber and David Kotz}, title = {{System for detecting eating with sensor mounted by the ear}}, howpublished = {U.S. Patent Application PCT/US2019/044317; Worldwide Patent Application WO2020028481A9}, year = 2021, month = {February}, day = 1, URL = {https://www.cs.dartmouth.edu/~kotz/research/bi-auracle-patent/index.html}, note = {Priority date 2018-07-31; Filed 2019-07-31; Amended 2021-02-01}, abstract = {A wearable device for detecting eating episodes uses a contact microphone to provide audio signals through an analog front end to an analog-to-digital converter to digitize the audio and provide digitized audio to a processor; and a processor configured with firmware in a memory to extract features from the digitized audio. A classifier determines eating episodes from the extracted features. In embodiments, messages describing the detected eating episodes are transmitted to a cell phone, insulin pump, or camera configured to record video of the wearer's mouth.}, } @Article{batsis:barriers, author = {John Batsis and Auden C. McClure and Aaron B. Weintraub and Diane Sette and Sivan Rotenberg and Courtney J. Stevens and Diane Gilbert-Diamond and David F. Kotz and Stephen J. Bartels and Summer B. Cook and Richard I. Rothstein}, title = {{Barriers and facilitators in implementing a pilot, pragmatic, telemedicine-delivered healthy lifestyle program for obesity management in a rural, academic obesity clinic}}, journal = {Implementation Science Communications}, year = 2020, month = {September}, volume = 1, articleno = 83, numpages = 9, publisher = {BMC}, copyright = {the authors}, DOI = {10.1186/s43058-020-00075-9}, URL = {https://www.cs.dartmouth.edu/~kotz/research/batsis-barriers/index.html}, abstract = {Few evidence-based strategies are specifically tailored for disparity populations such as rural adults. Two-way video-conferencing using telemedicine can potentially surmount geographic barriers that impede participation in high-intensity treatment programs offering frequent visits to clinic facilities. We aimed to understand barriers and facilitators of implementing a telemedicine-delivered tertiary-care, rural academic weight-loss program for the management of obesity.}, } @Article{batsis:mowi, author = {John Batsis and Stephen Bartels and Rachel Dokko and Alexandra Zagaria and John Naslund and Elizabeth Carpenter-Song and David Kotz}, title = {{Opportunities to Improve a Mobile Obesity Wellness Intervention for Rural Older Adults with Obesity}}, journal = {Journal of Community Health}, year = 2020, month = {February}, volume = 45, number = 1, pages = {194--200}, publisher = {Springer}, copyright = {Springer}, DOI = {10.1007/s10900-019-00720-y}, PMID = 31486958, URL = {https://www.cs.dartmouth.edu/~kotz/research/batsis-mowi/index.html}, abstract = {Older adults with obesity are at a high risk of decline, particularly in rural areas. Our study objective was to gain insights into how a potential Mobile Health Obesity Wellness Intervention (MOWI) in rural older adults with obesity, consisting of nutrition and exercise sessions, could be helpful to improve physical function. A qualitative methods study was conducted in a rural community, community-based aging center. Four community leaders, 7 clinicians and 29 patient participants underwent focus groups and semi-structured interviews. All participants had a favorable view of MOWI and saw its potential to improve health and create accountability. Participants noted that MOWI could overcome geographic barriers and provided feedback about components that could improve implementation. There was expressed enthusiasm over its potential to improve health. The use of technology in older adults with obesity in rural areas has considerable promise. There is potential that this intervention could potentially extend to distant areas in rural America that can surmount accessibility barriers. If successful, this intervention could potentially alter healthcare delivery by enhancing health promotion in a remote, geographically constrained communities. MOWI has the potential to reach older adults with obesity using novel methods in geographically isolated regions.}, } @InProceedings{bi:children, author = {Shengjie Bi and Yiyang Lu and Nicole Tobias and Ella Ryan and Travis Masterson and Sougata Sen and Ryan Halter and Jacob Sorber and Diane Gilbert-Diamond and David Kotz}, title = {{Measuring children's eating behavior with a wearable device}}, booktitle = {{Proceedings of the IEEE International Conference on Healthcare Informatics (ICHI)}}, year = 2020, month = {December}, publisher = {IEEE}, copyright = {IEEE}, DOI = {10.1109/ICHI48887.2020.9374304}, URL = {https://www.cs.dartmouth.edu/~kotz/research/bi-children/index.html}, abstract = {Poor eating habits in children and teenagers can lead to obesity, eating disorders, or life-threatening health problems. Although researchers have studied children's eating behavior for decades, the research community has had limited technology to support the observation and measurement of fine-grained details of a child's eating behavior. In this paper, we present the feasibility of adapting the Auracle, an existing research-grade earpiece designed to automatically and unobtrusively recognize eating behavior in adults, for measuring children's eating behavior. We identified and addressed several challenges pertaining to monitoring eating behavior in children, paying particular attention to device fit and comfort. We also improved the accuracy and robustness of the eating-activity detection algorithms. We used this improved prototype in a lab study with a sample of 10 children for 60 total sessions and collected 22.3 hours of data in both meal and snack scenarios. Overall, we achieved an accuracy exceeding 85.0\% and an F1 score exceeding 84.2\% for eating detection with a 3-second resolution, and a 95.5\% accuracy and a 95.7\% F1 score for eating detection with a 1-minute resolution.}, } @Article{budney:workshop, author = {Alan J. Budney and Lisa A. Marsch and Will M. Aklin and Jacob T. Borodovsky and Mary F. Brunette and Andrew Campbell and Jesse Dallery and David Kotz and Ashley A. Knapp and Sarah E. Lord and Edward V. Nunes and Emily A. Scherer and Catherine Stanger and William C. Torrey}, title = {{Workshop on the Development and Evaluation of Digital Therapeutics for Health Behavior Change: Science, Methods, and Projects}}, journal = {JMIR Mental Health}, year = 2020, month = {February}, volume = 7, number = 2, articleno = {e16751}, numpages = 9, publisher = {JMIR Publications}, copyright = {the authors}, DOI = {10.2196/16751}, URL = {https://www.cs.dartmouth.edu/~kotz/research/budney-workshop/index.html}, abstract = {The health care field has integrated advances into digital technology at an accelerating pace to improve health behavior, health care delivery, and cost-effectiveness of care. The realm of behavioral science has embraced this evolution of digital health, allowing for an exciting roadmap for advancing care by addressing the many challenges to the field via technological innovations. Digital therapeutics offer the potential to extend the reach of effective interventions at reduced cost and patient burden and to increase the potency of existing interventions. Intervention models have included the use of digital tools as supplements to standard care models, as tools that can replace a portion of treatment as usual, or as stand-alone tools accessed outside of care settings or direct to the consumer. To advance the potential public health impact of this promising line of research, multiple areas warrant further development and investigation. The Center for Technology and Behavioral Health (CTBH), a P30 Center of Excellence supported by the National Institute on Drug Abuse at the National Institutes of Health, is an interdisciplinary research center at Dartmouth College focused on the goal of harnessing existing and emerging technologies to effectively develop and deliver evidence-based interventions for substance use and co-occurring disorders. The CTBH launched a series of workshops to encourage and expand multidisciplinary collaborations among Dartmouth scientists and international CTBH affiliates engaged in research related to digital technology and behavioral health (eg, addiction science, behavioral health intervention, technology development, computer science and engineering, digital security, health economics, and implementation science). This paper summarizes a workshop conducted on the Development and Evaluation of Digital Therapeutics for Behavior Change, which addressed (1) principles of behavior change, (2) methods of identifying and testing the underlying mechanisms of behavior change, (3) conceptual frameworks for optimizing applications for mental health and addictive behavior, and (4) the diversity of experimental methods and designs that are essential to the successful development and testing of digital therapeutics. Examples were presented of ongoing CTBH projects focused on identifying and improving the measurement of health behavior change mechanisms and the development and evaluation of digital therapeutics. In summary, the workshop showcased the myriad research targets that will be instrumental in promoting and accelerating progress in the field of digital health and health behavior change and illustrated how the CTBH provides a model of multidisciplinary leadership and collaboration that can facilitate innovative, science-based efforts to address the health behavior challenges afflicting our communities.}, } @InProceedings{camacho:networkmetrics, author = {Jos{\'{e}} Camacho and Rasmus Bro and David Kotz}, title = {{Automatic Learning coupled with Interpretability: MBDA in Action}}, booktitle = {{Proceedings of the Network Traffic Measurement and Analysis Conference (TMA)}}, year = 2020, month = {June}, publisher = {IFIP}, copyright = {European Union}, ISBN13 = {978-3-903176-27-0}, URL = {https://www.cs.dartmouth.edu/~kotz/research/camacho-networkmetrics/index.html}, abstract = {In this paper, we illustrate the application of Multivariate Big Data Analysis (MBDA), a recently proposed interpretable machine-learning method with application to Big Data sets. We apply MBDA for the first time for the detection and troubleshooting of network problems in a campus-wide Wi-Fi network. Data includes a seven-year trace (from 2012 to 2018) of the network's most recent activity, with approximately 3,000 distinct access points, 40,000 authenticated users, and 600,000 distinct Wi-Fi stations. This is the longest and largest Wi-Fi trace known to date. Furthermore, we propose a new feature-learning procedure that solves an inherent limitation in MBDA: the manual definition of the features. The extended MBDA results in a methodology that allows network analysts to identify problems and diagnose them, which are principal tasks to troubleshoot the network and optimize its performance. In the paper, we go through the entire workflow of the approach, illustrating its application in detail and discussing processing times.}, } @Article{kramer:step-goals, author = {Jan-Niklas Kramer and Florian K{\"{u}}nzler and Varun Mishra and Shawna N. Smith and David Kotz and Urte Scholz and Elgar Fleisch and Tobias Kowatsch}, title = {{Which Components of a Smartphone Walking App Help Users to Reach Personalized Step Goals? Results From an Optimization Trial}}, journal = {Annals of Behavioral Medicine}, year = 2020, month = {July}, volume = 54, number = 7, pages = {518--528}, publisher = {Oxford University Press}, copyright = {the authors}, DOI = {10.1093/abm/kaaa002}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kramer-step-goals/index.html}, note = {Published 17 March 2020}, abstract = {Background: The Assistant to Lift your Level of activitY (Ally) app is a smartphone application that combines financial incentives with chatbot-guided interventions to encourage users to reach personalized daily step goals. \par Purpose: To evaluate the effects of incentives, weekly planning, and daily self-monitoring prompts that were used as intervention components as part of the Ally app. \par Methods: We conducted an 8 week optimization trial with n {$=$} 274 insurees of a health insurance company in Switzerland. At baseline, participants were randomized to different incentive conditions (cash incentives vs. charity incentives vs. no incentives). Over the course of the study, participants were randomized weekly to different planning conditions (action planning vs. coping planning vs. no planning) and daily to receiving or not receiving a self-monitoring prompt. Primary outcome was the achievement of personalized daily step goals. \par Results: Study participants were more active and healthier than the general Swiss population. Daily cash incentives increased step-goal achievement by 8.1\%, 95\% confidence interval (CI): [2.1, 14.1] and, only in the no-incentive control group, action planning increased step-goal achievement by 5.8\%, 95\% CI: [1.2, 10.4]. Charity incentives, self-monitoring prompts, and coping planning did not affect physical activity. Engagement with planning interventions and self-monitoring prompts was low and 30\% of participants stopped using the app over the course of the study. \par Conclusions: Daily cash incentives increased physical activity in the short term. Planning interventions and self-monitoring prompts require revision before they can be included in future versions of the app. Selection effects and engagement can be important challenges for physical-activity apps. \par Clinical Trial Information: This study was registered on ClinicalTrials.gov, NCT03384550.}, } @TechReport{landwehr:thaw-tr, author = {Carl Landwehr and David Kotz}, title = {{THaW publications}}, institution = {Dartmouth Computer Science}, year = 2020, month = {December}, number = {TR2020-904}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/landwehr-thaw-tr/index.html}, abstract = {In 2013, the National Science Foundation's Secure and Trustworthy Cyberspace program awarded a Frontier grant to a consortium of four institutions, led by Dartmouth College, to enable trustworthy cybersystems for health and wellness. As of this writing, the Trustworthy Health and Wellness (THaW) project's bibliography includes more than 130 significant publications produced with support from the THaW grant; these publications document the progress made on many fronts by the THaW research team. The collection includes dissertations, theses, journal papers, conference papers, workshop contributions and more. The bibliography is organized as a Zotero library, which provides ready access to citation materials and abstracts and associates each work with a URL where it may be found, cluster (category), several content tags, and a brief annotation summarizing the work's contribution. For more information about THaW, visit thaw.org.}, } @Article{liang:jlighttouch, author = {Xiaohui Liang and Ronald Peterson and David Kotz}, title = {{Securely Connecting Wearables to Ambient Displays with User Intent}}, journal = {IEEE Transactions on Dependable and Secure Computing}, year = 2020, month = {July}, volume = 17, number = 4, pages = {676--690}, publisher = {IEEE}, copyright = {IEEE}, DOI = {10.1109/TDSC.2018.2840979}, URL = {https://www.cs.dartmouth.edu/~kotz/research/liang-jlighttouch/index.html}, abstract = {Wearables are often small and have limited user interfaces, hence they often wirelessly interface with a personal smartphone or a personal computer to relay information from the wearable for display. In this paper, we envision a new method LightTouch by which a wearable can establish a secure connection to an ambient display, such as a television or computer monitor, based on the user's intention to connect to the display. Such connections must be secure to prevent impersonation attacks, must work with unmodified display hardware, and must be easy to establish. LightTouch uses standard RF methods for communicating the data to display, securely bootstrapped with a key shared via a brightness channel between the low cost, low power, ambient light sensor of a wearable and the screen of the display. A screen touch gesture is adopted by users to ensure the modulation of screen brightness can be accurately and securely captured by the ambient light sensor. We further propose novel on-screen localization and correlation algorithms to improve security and reliability. Through experiments we demonstrate that LightTouch is compatible with current display and wearable designs, easy-to-use (5-6 seconds), reliable for connecting displays (98 percent success connection ratio), and secure against impersonation attacks.}, } @Article{marsch:ctn-role, author = {Lisa A. Marsch and Aimee Campbell and Cynthia Campbell and Ching-Hua Chen and Emre Ertin and Udi Ghitza and Chantal Lambert-Harris and Saeed Hassanpour and August F. Holtyn and Yih-Ing Hser and Petra Jacobs and Jeffrey D. Klausner and Shea Lemley and David Kotz and Andrea Meier and Bethany McLeman and Jennifer McNeely and Varun Mishra and Larissa Mooney and Edward Nunes and Chrysovalantis Stafylis and Catherine Stanger and Elizabeth Saunders and Geetha Subramaniam and Sean Young}, title = {{The application of digital health to the assessment and treatment of substance use disorders: The past, current, and future role of the National Drug Abuse Treatment Clinical Trials Network}}, journal = {Journal of Substance Abuse Treatment}, year = 2020, month = {March}, volume = 112, pages = {4--11}, publisher = {Elsevier}, copyright = {the authors}, DOI = {10.1016/j.jsat.2020.02.005}, URL = {https://www.cs.dartmouth.edu/~kotz/research/marsch-ctn-role/index.html}, abstract = {The application of digital technologies to better assess, understand, and treat substance use disorders (SUDs) is a particularly promising and vibrant area of scientific research. The National Drug Abuse Treatment Clinical Trials Network (CTN), launched in 1999 by the U.S. National Institute on Drug Abuse, has supported a growing line of research that leverages digital technologies to glean new insights into SUDs and provide science-based therapeutic tools to a diverse array of persons with SUDs. This manuscript provides an overview of the breadth and impact of research conducted in the realm of digital health within the CTN. This work has included the CTN's efforts to systematically embed digital screeners for SUDs into general medical settings to impact care models across the nation. This work has also included a pivotal multi-site clinical trial conducted on the CTN platform, whose data led to the very first ``prescription digital therapeutic'' authorized by the U.S. Food and Drug Administration (FDA) for the treatment of SUDs. Further CTN research includes the study of telehealth to increase capacity for science-based SUD treatment in rural and under-resourced communities. In addition, the CTN has supported an assessment of the feasibility of detecting cocaine-taking behavior via smartwatch sensing. And, the CTN has supported the conduct of clinical trials entirely online (including the recruitment of national and hard-to-reach/under-served participant samples online, with remote intervention delivery and data collection). Further, the CTN is supporting innovative work focused on the use of digital health technologies and data analytics to identify digital biomarkers and understand the clinical trajectories of individuals receiving medications for opioid use disorder (OUD). This manuscript concludes by outlining the many potential future opportunities to leverage the unique national CTN research network to scale-up the science on digital health to examine optimal strategies to increase the reach of science-based SUD service delivery models both within and outside of healthcare.}, } @Article{mishra:jcommodity, author = {Varun Mishra and Gunnar Pope and Sarah Lord and Stephanie Lewia and Byron Lowens and Kelly Caine and Sougata Sen and Ryan Halter and David Kotz}, title = {{Continuous Detection of Physiological Stress with Commodity Hardware}}, journal = {ACM Transactions on Computing for Healthcare (HEALTH)}, year = 2020, month = {April}, volume = 1, number = 2, articleno = 8, numpages = 30, publisher = {ACM}, copyright = {the authors}, DOI = {10.1145/3361562}, URL = {https://www.cs.dartmouth.edu/~kotz/research/mishra-jcommodity/index.html}, abstract = {Timely detection of an individual's stress level has the potential to improve stress management, thereby reducing the risk of adverse health consequences that may arise due to mismanagement of stress. Recent advances in wearable sensing have resulted in multiple approaches to detect and monitor stress with varying levels of accuracy. The most accurate methods, however, rely on clinical-grade sensors to measure physiological signals; they are often bulky, custom made, and expensive, hence limiting their adoption by researchers and the general public. In this article, we explore the viability of commercially available off-the-shelf sensors for stress monitoring. The idea is to be able to use cheap, nonclinical sensors to capture physiological signals and make inferences about the wearer's stress level based on that data. We describe a system involving a popular off-the-shelf heart rate monitor, the Polar H7; we evaluated our system with 26 participants in both a controlled lab setting with three well-validated stress-inducing stimuli and in free-living field conditions. Our analysis shows that using the off-the-shelf sensor alone, we were able to detect stressful events with an F1-score of up to 0.87 in the lab and 0.66 in the field, on par with clinical-grade sensors.}, } @Article{mishra:stress-ml, author = {Varun Mishra and Sougata Sen and Grace Chen and Tian Hao and Jeffrey Rogers and Ching-Hua Chen and David Kotz}, title = {{Evaluating the Reproducibility of Physiological Stress Detection Models}}, journal = {Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies (IMWUT/UbiComp)}, year = 2020, month = {December}, volume = 4, number = 4, articleno = 147, numpages = 29, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/3432220}, URL = {https://www.cs.dartmouth.edu/~kotz/research/mishra-stress-ml/index.html}, abstract = {Recent advances in wearable sensor technologies have led to a variety of approaches for detecting physiological stress. Even with over a decade of research in the domain, there still exist many significant challenges, including a near-total lack of reproducibility across studies. Researchers often use some physiological sensors (custom-made or off-the-shelf), conduct a study to collect data, and build machine-learning models to detect stress. There is little effort to test the applicability of the model with similar physiological data collected from different devices, or the efficacy of the model on data collected from different studies, populations, or demographics. \par This paper takes the first step towards testing reproducibility and validity of methods and machine-learning models for stress detection. To this end, we analyzed data from 90 participants, from four independent controlled studies, using two different types of sensors, with different study protocols and research goals. We started by evaluating the performance of models built using data from one study and tested on data from other studies. Next, we evaluated new methods to improve the performance of stress-detection models and found that our methods led to a consistent increase in performance across all studies, irrespective of the device type, sensor type, or the type of stressor. Finally, we developed and evaluated a clustering approach to determine the stressed/not-stressed classification when applying models on data from different studies, and found that our approach performed better than selecting a threshold based on training data. This paper's thorough exploration of reproducibility in a controlled environment provides a critical foundation for deeper study of such methods, and is a prerequisite for tackling reproducibility in free-living conditions.}, } @Article{petersen:design, author = {Curtis Lee Petersen and Ryan Halter and David Kotz and Lorie Loeb and Summer Cook and Dawna Pidgeon and Brock C. Christensen and John A. Batsis}, title = {{Using Natural Language Processing and Sentiment Analysis to Augment Traditional User-Centered Design: Development and Usability Study}}, journal = {JMIR mHealth and uHealth}, year = 2020, month = {August}, volume = 8, number = 8, articleno = {e16862}, numpages = 13, publisher = {JMIR Publications}, copyright = {the authors}, DOI = {10.2196/16862}, URL = {https://www.cs.dartmouth.edu/~kotz/research/petersen-design/index.html}, abstract = {\emph{Background:} Sarcopenia, defined as the age-associated loss of muscle mass and strength, can be effectively mitigated through resistance-based physical activity. With compliance at approximately 40\% for home-based exercise prescriptions, implementing a remote sensing system would help patients and clinicians to better understand treatment progress and increase compliance. The inclusion of end users in the development of mobile apps for remote-sensing systems can ensure that they are both user friendly and facilitate compliance. With advancements in natural language processing (NLP), there is potential for these methods to be used with data collected through the user-centered design process.\par \emph{Objective:} This study aims to develop a mobile app for a novel device through a user-centered design process with both older adults and clinicians while exploring whether data collected through this process can be used in NLP and sentiment analysis.\par \emph{Methods:} Through a user-centered design process, we conducted semistructured interviews during the development of a geriatric-friendly Bluetooth-connected resistance exercise band app. We interviewed patients and clinicians at weeks 0, 5, and 10 of the app development. Each semistructured interview consisted of heuristic evaluations, cognitive walkthroughs, and observations. We used the Bing sentiment library for a sentiment analysis of interview transcripts and then applied NLP-based latent Dirichlet allocation (LDA) topic modeling to identify differences and similarities in patient and clinician participant interviews. Sentiment was defined as the sum of positive and negative words (each word with a +1 or --1 value). To assess utility, we used quantitative assessment questionnaires---System Usability Scale (SUS) and Usefulness, Satisfaction, and Ease of use (USE). Finally, we used multivariate linear models---adjusting for age, sex, subject group (clinician vs patient), and development---to explore the association between sentiment analysis and SUS and USE outcomes.\par \emph{Results:} The mean age of the 22 participants was 68 (SD 14) years, and 17 (77\%) were female. The overall mean SUS and USE scores were 66.4 (SD 13.6) and 41.3 (SD 15.2), respectively. Both patients and clinicians provided valuable insights into the needs of older adults when designing and building an app. The mean positive-negative sentiment per sentence was 0.19 (SD 0.21) and 0.47 (SD 0.21) for patient and clinician interviews, respectively. We found a positive association with positive sentiment in an interview and SUS score ({$\textbeta$}{$=$}1.38; 95\% CI 0.37 to 2.39; P{$=$}.01). There was no significant association between sentiment and the USE score. The LDA analysis found no overlap between patients and clinicians in the 8 identified topics.\par \emph{Conclusions:} Involving patients and clinicians allowed us to design and build an app that is user friendly for older adults while supporting compliance. This is the first analysis using NLP and usability questionnaires in the quantification of user-centered design of technology for older adults.}, } @Article{rauch:wtp, author = {Vanessa K. Rauch and Meredith Roderka and Auden C. McClure and Aaron B. Weintraub and Kevin Curtis and David F. Kotz and Richard I. Rothstein and John A. Batsis}, title = {{Willingness to pay for a telemedicine-delivered healthy lifestyle programme}}, journal = {Journal of Telemedicine and Telecare}, year = 2020, month = {June}, publisher = {Sage}, copyright = {the authors}, DOI = {10.1177/1357633X20943337}, PMID = 32781892, URL = {https://www.cs.dartmouth.edu/~kotz/research/rauch-wtp/index.html}, abstract = { \emph{Introduction:} Effective weight-management interventions require frequent interactions with specialised multidiscipli- nary teams of medical, nutritional and behavioural experts to enact behavioural change. However, barriers that exist in rural areas, such as transportation and a lack of specialised services, can prevent patients from receiving quality care. \par \emph{Methods:} We recruited patients from the Dartmouth-Hitchcock Weight \& Wellness Center into a single-arm, non- randomised study of a remotely delivered 16-week evidence-based healthy lifestyle programme. Every 4 weeks, partic- ipants completed surveys that included their willingness to pay for services like those experienced in the intervention. A two-item Willingness-to-Pay survey was administered to participants asking about their willingness to trade their face- to-face visits for videoconference visits based on commute and copay.\par \emph{Results:} Overall, those with a travel duration of 31--45 min had a greater willingness to trade in-person visits for telehealth than any other group. Participants who had a travel duration less than 15 min, 16--30 min and 46--60 min experienced a positive trend in willingness to have telehealth visits until Week 8, where there was a general negative trend in willingness to trade in-person visits for virtual. Participants believed that telemedicine was useful and helpful.\par \emph{Conclusions:} In rural areas where patients travel 30--45 min a telemedicine-delivered, intensive weight-loss interven- tion may be a well-received and cost-effective way for both patients and the clinical care team to connect.}, } @InProceedings{sen:vibering, author = {Sougata Sen and David Kotz}, title = {{VibeRing: Using vibrations from a smart ring as an out-of-band channel for sharing secret keys}}, booktitle = {{Proceedings of the International Conference on the Internet of Things (IoT)}}, year = 2020, month = {October}, articleno = 13, numpages = 8, publisher = {ACM}, copyright = {ACM}, ISBN13 = 9781450387583, DOI = {10.1145/3410992.3410995}, URL = {https://www.cs.dartmouth.edu/~kotz/research/sen-vibering/index.html}, abstract = {With the rapid growth in the number of IoT devices that have wireless communication capabilities, and sensitive information collection capabilities, it is becoming increasingly necessary to ensure that these devices communicate securely with only authorized devices. A major requirement of this secure communication is to ensure that both the devices share a \emph{secret}, which can be used for secure pairing and encrypted communication. Manually imparting this secret to these devices becomes an unnecessary overhead, especially when the device interaction is transient. In this paper, we empirically investigate the possibility of using an out-of-band communication channel -- vibration, generated by a custom smart ring, to share a secret with a smart IoT device. This exchanged secret can be used to bootstrap a secure wireless channel over which the devices can communicate. We believe that in future IoT devices can use such a technique to seamlessly connect with authorized devices with minimal user interaction overhead. In this paper, we specifically investigate (a) the feasibility of using vibration generated by a custom wearable for communication, (b) the effect of various parameters on this communication channel, and (c) the possibility of information manipulation by an adversary or information leakage to an adversary. For this investigation, we conducted a controlled study as well as a user study with 12 participants. In the controlled study, we could successfully share messages through vibrations with a bit error rate of less than 2.5\%. Additionally, through the user study we demonstrate that it is possible to share messages with various types of objects accurately, quickly and securely as compared to several existing techniques. Overall, we find that in the best case we can exchange 85.9\% messages successfully with a smart device.}, } @PhdThesis{peters:thesis, author = {Travis Peters}, title = {{Trustworthy Wireless Personal Area Networks}}, school = {Dartmouth Computer Science}, year = 2020, month = {August}, copyright = {the author}, address = {Hanover, NH}, URL = {https://www.cs.dartmouth.edu/~kotz/research/peters-thesis/index.html}, note = {Available as Dartmouth Computer Science Technical Report TR2020-878}, abstract = {\par In the Internet of Things (IoT), everyday objects are equipped with the ability to compute and communicate. These smart things have invaded the lives of everyday people, being constantly carried or worn on our bodies, and entering into our homes, our healthcare, and beyond. This has given rise to wireless networks of smart, connected, always-on, personal things that are constantly around us, and have unfettered access to our most personal data as well as all of the other devices that we own and encounter throughout our day. It should, therefore, come as no surprise that our personal devices and data are frequent targets of ever-present threats. Securing these devices and networks, however, is challenging. In this dissertation, we outline three critical problems in the context of Wireless Personal Area Networks (WPANs) and present our solutions to these problems. \par First, I present our Trusted I/O solution (BASTION-SGX) for protecting sensitive user data transferred between wirelessly connected (Bluetooth) devices. This work shows how in-transit data can be protected from privileged threats, such as a compromised OS, on commodity systems. I present insights into the Bluetooth architecture, Intel's Software Guard Extensions (SGX), and how a Trusted I/O solution can be engineered on commodity devices equipped with SGX. \par Second, I present our work on AMULET and how we successfully built a wearable health hub that can run multiple health applications, provide strong security properties, and operate on a single charge for weeks or even months at a time. I present the design and evaluation of our highly efficient event-driven programming model, the design of our low-power operating system, and developer tools for profiling ultra-low-power applications at compile time. \par Third, I present a new approach (VIA) that helps devices at the center of WPANs (e.g., smartphones) to verify the authenticity of interactions with other devices. This work builds on past work in anomaly detection techniques and shows how these techniques can be applied to Bluetooth network traffic. Specifically, we show how to create normality models based on fine- and course-grained insights from network traffic, which can be used to verify the authenticity of future interactions. }, } @Misc{pierson:wanda-patent, author = {Timothy J. Pierson and Xiaohui Liang and Ronald Peterson and David Kotz}, title = {{Apparatus for Securely Configuring A Target Device and Associated Methods}}, howpublished = {U.S. Patent 10,574,298}, year = 2020, month = {February}, day = 25, URL = {https://www.cs.dartmouth.edu/~kotz/research/pierson-wanda-patent/index.html}, note = {Priority date 2015-06-23; Filed 2016-06-23; Issued 2020-02-25}, abstract = {Apparatus and method securely transfer first data from a source device to a target device. A wireless signal having (a) a higher speed channel conveying second data and (b) a lower speed channel conveying the first data is transmitted. The lower speed channel is formed by selectively transmitting the wireless signal from one of a first and second antennae of the source device based upon the first data. The first and second antenna are positioned a fixed distance apart and the target device uses a received signal strength indication (RSSI) of the first signal to decode the lower speed channel and receive the first data.}, } @TechReport{mishra:receptivity-tr, author = {Varun Mishra and Florian K{\"{u}}nzler and Jan-Niklas Kramer and Elgar Fleisch and Tobias Kowatsch and David Kotz}, title = {{Detecting Receptivity for mHealth Interventions in the Natural Environment}}, institution = {arXiv}, year = 2020, month = {November}, day = 16, number = {arXiv:2011.08302}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/mishra-receptivity-tr/index.html}, note = {v1}, abstract = {JITAI is an emerging technique with great potential to support health behavior by providing the right type and amount of support at the right time. A crucial aspect of JITAIs is properly timing the delivery of interventions, to ensure that a user is receptive and ready to process and use the support provided. Some prior works have explored the association of context and some user-specific traits on receptivity, and have built post-study machine-learning models to detect receptivity. For effective intervention delivery, however, a JITAI system needs to make in-the-moment decisions about a user's receptivity. To this end, we conducted a study in which we deployed machine-learning models to detect receptivity in the natural environment, i.e., in free-living conditions. We leveraged prior work regarding receptivity to JITAIs and deployed a chatbot-based digital coach -- Walkie -- that provided physical-activity interventions and motivated participants to achieve their step goals. The Walkie app included two types of machine-learning model that used contextual information about a person to predict when a person is receptive: a static model that was built before the study started and remained constant for all participants and an adaptive model that continuously learned the receptivity of individual participants and updated itself as the study progressed. For comparison, we included a control model that sent intervention messages at random times. The app randomly selected a delivery model for each intervention message. We observed that the machine-learning models led up to a 40\% improvement in receptivity as compared to the control model. Further, we evaluated the temporal dynamics of the different models and observed that receptivity to messages from the adaptive model increased over the course of the study. }, } @Article{barata:coughs, author = {Filipe Barata and Peter Tinschert and Frank Rassouli and Claudia Steurer-Stey and Elgar Fleisch and Milo Puhan and Martin Brutsche and David Kotz and Tobias Kowatsch}, title = {{Automatic Recognition, Segmentation, and Sex Assignment of Nocturnal Asthmatic Coughs and Cough Epochs in Smartphone Audio Recordings: Observational Field Study}}, journal = {Journal of Medical Internet Research}, year = 2020, month = {July}, day = 14, volume = 22, number = 7, articleno = {e18082}, numpages = 15, publisher = {JMIR Publications}, copyright = {the authors}, DOI = {10.2196/18082}, URL = {https://www.cs.dartmouth.edu/~kotz/research/barata-coughs/index.html}, abstract = {\emph{Background:} Asthma is one of the most prevalent chronic respiratory diseases. Despite increased investment in treatment, little progress has been made in the early recognition and treatment of asthma exacerbations over the last decade. Nocturnal cough monitoring may provide an opportunity to identify patients at risk for imminent exacerbations. Recently developed approaches enable smartphone-based cough monitoring. These approaches, however, have not undergone longitudinal overnight testing nor have they been specifically evaluated in the context of asthma. Also, the problem of distinguishing partner coughs from patient coughs when two or more people are sleeping in the same room using contact-free audio recordings remains unsolved. \par \emph{Objective:} The objective of this study was to evaluate the automatic recognition and segmentation of nocturnal asthmatic coughs and cough epochs in smartphone-based audio recordings that were collected in the field. We also aimed to distinguish partner coughs from patient coughs in contact-free audio recordings by classifying coughs based on sex. \par \emph{Methods:} We used a convolutional neural network model that we had developed in previous work for automated cough recognition. We further used techniques (such as ensemble learning, minibatch balancing, and thresholding) to address the imbalance in the data set. We evaluated the classifier in a classification task and a segmentation task. The cough-recognition classifier served as the basis for the cough-segmentation classifier from continuous audio recordings. We compared automated cough and cough-epoch counts to human-annotated cough and cough-epoch counts. We employed Gaussian mixture models to build a classifier for cough and cough-epoch signals based on sex. \par \emph{Results:} We recorded audio data from 94 adults with asthma (overall: mean 43 years; SD 16 years; female: 54/94, 57\%; male 40/94, 43\%). Audio data were recorded by each participant in their everyday environment using a smartphone placed next to their bed; recordings were made over a period of 28 nights. Out of 704,697 sounds, we identified 30,304 sounds as coughs. A total of 26,166 coughs occurred without a 2-second pause between coughs, yielding 8238 cough epochs. The ensemble classifier performed well with a Matthews correlation coefficient of 92\% in a pure classification task and achieved comparable cough counts to that of human annotators in the segmentation of coughing. The count difference between automated and human-annotated coughs was a mean --0.1 (95\% CI --12.11, 11.91) coughs. The count difference between automated and human-annotated cough epochs was a mean 0.24 (95\% CI --3.67, 4.15) cough epochs. The Gaussian mixture model cough epoch--based sex classification performed best yielding an accuracy of 83\%. \par \emph{Conclusions:} Our study showed longitudinal nocturnal cough and cough-epoch recognition from nightly recorded smartphone-based audio from adults with asthma. The model distinguishes partner cough from patient cough in contact-free recordings by identifying cough and cough-epoch signals that correspond to the sex of the patient. This research represents a step towards enabling passive and scalable cough monitoring for adults with asthma.}, } @Article{camacho:longitudinal, author = {Jos{\'{e}} Camacho and Chris McDonald and Ron Peterson and Xia Zhou and David Kotz}, title = {{Longitudinal analysis of a campus Wi-Fi network}}, journal = {Computer Networks}, year = 2020, month = {April}, day = 7, volume = 107, articleno = 107103, numpages = 15, publisher = {Elsevier}, copyright = {Elsevier}, ISSN = {1389-1286}, DOI = {10.1016/j.comnet.2020.107103}, URL = {https://www.cs.dartmouth.edu/~kotz/research/camacho-longitudinal/index.html}, abstract = {In this paper we describe and characterize the largest Wi-Fi network trace ever published: spanning seven years, approximately 3000 distinct access points, 40,000 authenticated users, and 600,000 distinct Wi-Fi stations. The 7TB of raw data are pre-processed into connection sessions, which are made available for the research community. We describe the methods used to capture and process the traces, and characterize the most prominent trends and changes during the seven-year span of the trace. Furthermore, this Wi-Fi network covers the campus of Dartmouth College, the same campus detailed a decade earlier in seminal papers about that network and its users' network behavior. We thus are able to comment on changes in patterns of usage, connection, and mobility in Wi-Fi deployments.}, } @Misc{liang:lighttouch-patent, author = {Xiaohui Liang and Tianlong Yun and Ron Peterson and David Kotz}, title = {{Secure System For Coupling Wearable Devices To Computerized Devices with Displays}}, howpublished = {U.S. Patent 10,581,606}, year = 2020, month = {March}, day = 3, URL = {https://www.cs.dartmouth.edu/~kotz/research/liang-lighttouch-patent/index.html}, note = {Priority date 2014-08-18, Filed 2015-08-18; Issued 2020-03-03.}, abstract = {A system has a first electronic device with optical sensor, digital radio transceiver, and processor with firmware; this device is typically portable or wearable. The system also has a computerized device with a display, a second digital radio transceiver, and a second processor with firmware. The first and computerized devices are configured to set up a digital radio link when in radio range. The second processor uses a spot on the display to optically transmit a digital message including a secret such as an encryption key or subkey and/or an authentication code adapted for authenticating an encrypting the radio link. The first device receives the digital message via its optical sensor, and uses the digital message to validate and establish encryption on the radio link. In embodiments, the system determines a location of the first device on the display and positions the transmission spot at the determined location.}, } @Article{batsis:amulet-use, author = {John A. Batsis and Alexandra B. Zagaria and Ryan J. Halter and George G. Boateng and Patrick Proctor and Stephen J. Bartels and David Kotz}, title = {{Use of Amulet in behavioral change for geriatric obesity management}}, journal = {Journal of Digital Health}, year = 2019, month = {June}, volume = 5, pages = {1--7}, publisher = {Sage}, copyright = {the authors}, DOI = {10.1177/2055207619858564}, URL = {https://www.cs.dartmouth.edu/~kotz/research/batsis-amulet-use/index.html}, abstract = {Background: Obesity in older adults is a significant public health concern. Weight-loss interventions are known to improve physical function but risk the development of sarcopenia. Mobile health devices have the potential to augment existing interventions and, if designed accordingly, could improve one's physical activity and strength in routine physical activity interventions. Methods and results: We present Amulet, a mobile health device that has the capability of engaging patients in physical activity. The purpose of this article is to discuss the development of applications that are tailored to older adults with obesity, with the intention to engage and improve their health. Conclusions: Using a team-science approach, Amulet has the potential, as an open-source mobile health device, to tailor activity interventions to older adults.}, } @Article{batsis:change, author = {John A. Batsis and John A. Naslund and Alexandra B. Zagaria and David Kotz and Rachel Dokko and Stephen J. Bartels and Elizabeth Carpenter-Song}, title = {{Technology for Behavioral Change in Rural Older Adults with Obesity}}, journal = {Journal of Nutrition in Gerontology and Geriatrics}, year = 2019, month = {April}, volume = 38, number = 2, pages = {130--148}, publisher = {Taylor \& Francis}, copyright = {Taylor \& Francis Group, LLC}, DOI = {10.1080/21551197.2019.1600097}, URL = {https://www.cs.dartmouth.edu/~kotz/research/batsis-change/index.html}, abstract = {Background: Mobile health (mHealth) technologies comprise a multidisciplinary treatment strategy providing potential solutions for overcoming challenges of successfully delivering health promotion interventions in rural areas. We evaluated the potential of using technology in a high-risk population. \par Methods: We conducted a convergent, parallel mixed-methods study using semi-structured interviews, focus groups, and self-reported questionnaires, using purposive sampling of 29 older adults, 4 community leaders and 7 clinicians in a rural setting. We developed codes informed by thematic analysis and assessed the quantitative data using descriptive statistics. \par Results: All groups expressed that mHealth could improve health behaviors. Older adults were optimistic that mHealth could track health. Participants believed they could improve patient insight into health, motivating change and assuring accountability. Barriers to using technology were described, including infrastructure. \par Conclusions: Older rural adults with obesity expressed excitement about the use of mHealth technologies to improve their health, yet barriers to implementation exist.}, } @Article{batsis:development, author = {John A. Batsis and George G. Boateng and Lillian M. Seo and Curtis L. Petersen and Karen L. Fortuna and Emily V. Wechsler and Ronald J. Peterson and Summer B. Cook and Dawna Pidgeon and Rachel S. Dokko and Ryan J. Halter and David F. Kotz}, title = {{Development and Usability Assessment of a Connected Resistance Exercise Band Application for Strength-Monitoring}}, journal = {World Academy of Science, Engineering and Technology}, year = 2019, month = {June}, volume = 13, number = 5, pages = {340--348}, publisher = {World Academy of Science, Engineering and Technology}, copyright = {World Academy of Science, Engineering and Technology}, PMID = 31205628, URL = {https://www.cs.dartmouth.edu/~kotz/research/batsis-development/index.html}, note = {Presented at the International Conference on Body Area Networks (ICBAN)}, abstract = {Resistance exercise bands are a core component of any physical activity strengthening program. Strength training can mitigate the development of sarcopenia, the loss of muscle mass or strength and function with aging. Yet, the adherence of such behavioral exercise strategies in a home-based setting is fraught with issues of monitoring and compliance. Our group developed a Bluetooth-enabled resistance exercise band capable of transmitting data to an open-source platform. In this work, we developed an application to capture this information in real-time and conducted three usability studies in two mixed-aged groups of participants (n{$=$}6 each) and a group of older adults with obesity participating in a weight-loss intervention (n{$=$}20). The system was favorable, acceptable and provided iterative information that could assist in future deployment on ubiquitous platforms. Our formative work provides the foundation to deliver home-based monitoring interventions in a high-risk, older adult population.}, } @Article{batsis:feasibility, author = {John A. Batsis and Auden C. McClure and Aaron B. Weintraub and David F. Kotz and Sivan Rotenberg and Summer B. Cook and Diane Gilbert-Diamond and Kevin Curtis and Courtney J. Stevens and Diane Sette and Richard I. Rothstein}, title = {{Feasibility and acceptability of a rural, pragmatic, telemedicine-delivered healthy lifestyle programme}}, journal = {Obesity Science \& Practice}, year = 2019, month = {December}, volume = 5, number = 6, pages = {521--530}, publisher = {Wiley}, copyright = {the authors}, DOI = {10.1002/osp4.366}, URL = {https://www.cs.dartmouth.edu/~kotz/research/batsis-feasibility/index.html}, abstract = {Background: The public health crisis of obesity leads to increasing morbidity that are even more profound in certain populations such as rural adults. Live, two-way video-conferencing is a modality that can potentially surmount geographic barriers and staffing shortages. Methods: Patients from the Dartmouth-Hitchcock Weight and Wellness Center were recruited into a pragmatic, single-arm, nonrandomized study of a remotely delivered 16-week evidence-based healthy lifestyle programme. Patients were provided hardware and appropriate software allowing for remote participation in all sessions, outside of the clinic setting. Our primary outcomes were feasibility and acceptability of the telemedicine intervention, as well as potential effectiveness on anthropometric and functional measures. Results: Of 62 participants approached, we enrolled 37, of which 27 completed at least 75\% of the 16-week programme sessions (27\% attrition). Mean age was 46.9 +/- 11.6 years (88.9\% female), with a mean body mass index of 41.3 +/- 7.1 kg/m2 and mean waist circumference of 120.7 +/- 16.8 cm. Mean patient participant satisfaction regarding the telemedicine approach was favourable (4.48 +/- 0.58 on 1-5 Likert scale -- low to high) and 67.6/75 on standardized questionnaire. Mean weight loss at 16 weeks was 2.22 +/- 3.18 kg representing a 2.1\% change (P {$<$} .001), with a loss in waist circumference of 3.4\% (P {$=$} .001). Fat mass and visceral fat were significantly lower at 16 weeks (2.9\% and 12.5\%; both P less than .05), with marginal improvement in appendicular skeletal muscle mass (1.7\%). In the 30-second sit-to-stand test, a mean improvement of 2.46 stands (P {$=$} .005) was observed. Conclusion: A telemedicine-delivered, intensive weight loss intervention is feasible, acceptable, and potentially effective in rural adults seeking weight loss.}, } @InProceedings{boateng:experience, author = {George Boateng and Vivian Genaro Motti and Varun Mishra and John A. Batsis and Josiah Hester and David Kotz}, title = {{Experience: Design, Development and Evaluation of a Wearable Device for mHealth Applications}}, booktitle = {{Proceedings of the International Conference on Mobile Computing and Networking (MobiCom)}}, year = 2019, month = {October}, articleno = 31, numpages = 14, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/3300061.3345432}, URL = {https://www.cs.dartmouth.edu/~kotz/research/boateng-experience/index.html}, abstract = {Wrist-worn devices hold great potential as a platform for mobile health (mHealth) applications because they comprise a familiar, convenient form factor and can embed sensors in proximity to the human body. Despite this potential, however, they are severely limited in battery life, storage, bandwidth, computing power, and screen size. In this paper, we describe the experience of the research and development team designing, implementing and evaluating Amulet -- an open-hardware, open-software wrist-worn computing device -- and its experience using Amulet to deploy mHealth apps in the field. In the past five years the team conducted 11 studies in the lab and in the field, involving 204 participants and collecting over 77,780 hours of sensor data. We describe the technical issues the team encountered and the lessons they learned, and conclude with a set of recommendations. We anticipate the experience described herein will be useful for the development of other research-oriented computing platforms. It should also be useful for researchers interested in developing and deploying mHealth applications, whether with the Amulet system or with other wearable platforms.}, } @TechReport{camacho:networkmetrics-tr, author = {Jos{\'{e}} Camacho and Rasmus Bro and David Kotz}, title = {{Networkmetrics unraveled: MBDA in Action}}, institution = {arXiv}, year = 2019, month = {July}, number = {1907.02677}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/camacho-networkmetrics-tr/index.html}, abstract = {Networkmetrics is a new term that refers to the data-driven approach for monitoring, troubleshooting and understanding communication networks using multivariate analysis. Networkmetric models are powerful machine learning tools to interpret and interact with data collected from a network. In this paper, we illustrate the application of Multivariate Big Data Analysis (MBDA), a recently proposed networkmetric method with application to Big Data sets. We use MBDA for the detection and troubleshooting of network problems in a campus-wide Wi-Fi network. Data includes a seven-year trace (from 2012 to 2018) of the network's most recent activity, with approximately 3,000 distinct access points, 40,000 authenticated users, and 600,000 distinct Wi-Fi stations. This is the longest and largest Wi-Fi trace known to date. To analyze this data, we propose learning and visualization procedures that extend MBDA. This results in a methodology that allows network analysts to identify problems and diagnose and troubleshoot them, optimizing the network performance. In the paper, we go through the entire workflow of the approach, illustrating its application in detail and discussing processing times in parallel hardware.}, } @Article{greene:sharehealth, author = {Emily Greene and Patrick Proctor and David Kotz}, title = {{Secure Sharing of mHealth Data Streams through Cryptographically-Enforced Access Control}}, journal = {Journal of Smart Health}, year = 2019, month = {April}, volume = 12, pages = {49--65}, publisher = {Elsevier}, copyright = {Elsevier}, DOI = {10.1016/j.smhl.2018.01.003}, URL = {https://www.cs.dartmouth.edu/~kotz/research/greene-sharehealth/index.html}, abstract = {Owners of mobile-health apps and devices often want to share their mHealth data with others, such as physicians, therapists, coaches, and caregivers. For privacy reasons, however, they typically want to share a limited subset of their information with each recipient according to their preferences. In this paper, we introduce ShareHealth, a scalable, usable, and practical system that allows mHealth-data owners to specify access-control policies and to cryptographically enforce those policies so that only parties with the proper corresponding permissions are able to decrypt data. The design and prototype implementation of this system make three contributions: (1) they apply cryptographically-enforced access-control measures to stream-based (specifically mHealth) data, (2) they recognize the temporal nature of mHealth data streams and support revocation of access to part or all of a data stream, and (3) they depart from the vendor- and device-specific silos of mHealth data by implementing a secure end-to-end system that can be applied to data collected from a variety of mHealth apps and devices.}, } @InProceedings{hardin:blockchain-survey, author = {Taylor Hardin and David Kotz}, title = {{Blockchain in Healthcare Data Systems: a Survey}}, booktitle = {{Proceedings of the International Conference on Internet of Things: Systems, Management and Security (IOTSMS)}}, year = 2019, month = {October}, pages = {490--497}, publisher = {IEEE}, copyright = {IEEE}, location = {Granada, Spain}, DOI = {10.1109/IOTSMS48152.2019.8939174}, URL = {https://www.cs.dartmouth.edu/~kotz/research/hardin-blockchain-survey/index.html}, abstract = {There has been increasing interest in connecting disjointed Electronic Medical Records, mobile health data, and related health data systems for the purpose of improving preventative and precision medicine, while also providing individuals with greater access and control to their data. Blockchains provide data transparency, immutability, and decentralized trust -- making them a promising solution to the interoperability and security issues faced by such health data systems. Several papers have proposed the use of blockchain technology in healthcare to determine its viability as a solution and to identify potential applications and challenges. We build upon their work by 1) presenting implementation details related to blockchain applications in health data systems, 2) discussing the security, privacy, and performance trade-offs of each, and 3) identifying a set of research questions regarding the use of blockchain technology in health data systems. We find that blockchain-based healthcare research should place greater emphasis on real-world deployments and testing, smart-contract security, efficient and usable audit tools, blockchain governance, and adherence to healthcare data regulations and standards.}, } @InProceedings{kotz:amulet19, author = {David Kotz}, title = {{Amulet: an open-source wrist-worn platform for mHealth research and education}}, booktitle = {{Proceedings of the Workshop on Networked Healthcare Technology (NetHealth)}}, year = 2019, month = {January}, pages = {891--897}, publisher = {IEEE}, copyright = {IEEE}, DOI = {10.1109/COMSNETS.2019.8711407}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-amulet19/index.html}, abstract = {The advent of mobile and wearable computing technology has opened up tremendous opportunities for health and wellness applications. It is increasingly possible for individuals to wear devices that can sense their physiology or health-related behaviors, collecting valuable data in support of diagnosis, treatment, public health, or other applications. From a researcher's point of view, the commercial availability of these ``mHealth'' devices has made it feasible to conduct scientific studies of health conditions and to explore health-related interventions. It remains difficult, however, to conduct systems work or other experimental research involving the hardware, software, security, and networking aspects of mobile and wearable technology. In this paper we describe the Amulet platform, an open-hardware, open-software wrist-worn computing device designed specifically for mHealth applications. Our position is that the Amulet is an inexpensive platform for research and education, and we encourage the mHealth community to explore its potential.}, } @Article{kramer:ally1, author = {Jan-Niklas Kramer and Florian K{\"{u}}nzler and Varun Mishra and Bastien Presset and David Kotz and Shawna Smith and Urte Scholz and Tobias Kowatsch}, title = {{Investigating Intervention Components and Exploring States of Receptivity for a Smartphone App to Promote Physical Activity: Protocol of a Microrandomized Trial}}, journal = {JMIR Research Protocols}, year = 2019, month = {January}, volume = 8, number = 1, articleno = {e11540}, numpages = 17, publisher = {JMIR Publications}, copyright = {the authors}, DOI = {10.2196/11540}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kramer-ally1/index.html}, abstract = {Background: Smartphones enable the implementation of just-in-time adaptive interventions (JITAIs) that tailor the delivery of health interventions over time to user- and time-varying context characteristics. Ideally, JITAIs include effective intervention components, and delivery tailoring is based on effective moderators of intervention effects. Using machine learning techniques to infer each user's context from smartphone sensor data is a promising approach to further enhance tailoring. \par Objective: The primary objective of this study is to quantify main effects, interactions, and moderators of 3 intervention components of a smartphone-based intervention for physical activity. The secondary objective is the exploration of participants' states of receptivity, that is, situations in which participants are more likely to react to intervention notifications through collection of smartphone sensor data. \par Methods: In 2017, we developed the Assistant to Lift your Level of activitY (Ally), a chatbot-based mobile health intervention for increasing physical activity that utilizes incentives, planning, and self-monitoring prompts to help participants meet personalized step goals. We used a microrandomized trial design to meet the study objectives. Insurees of a large Swiss insurance company were invited to use the Ally app over a 12-day baseline and a 6-week intervention period. Upon enrollment, participants were randomly allocated to either a financial incentive, a charity incentive, or a no incentive condition. Over the course of the intervention period, participants were repeatedly randomized on a daily basis to either receive prompts that support self-monitoring or not and on a weekly basis to receive 1 of 2 planning interventions or no planning. Participants completed a Web-based questionnaire at baseline and postintervention follow-up. \par Results: Data collection was completed in January 2018. In total, 274 insurees (mean age 41.73 years; 57.7\% [158/274] female) enrolled in the study and installed the Ally app on their smartphones. Main reasons for declining participation were having an incompatible smartphone (37/191, 19.4\%) and collection of sensor data (35/191, 18.3\%). Step data are available for 227 (82.8\%, 227/274) participants, and smartphone sensor data are available for 247 (90.1\%, 247/274) participants. \par Conclusions: This study describes the evidence-based development of a JITAI for increasing physical activity. If components prove to be efficacious, they will be included in a revised version of the app that offers scalable promotion of physical activity at low cost. \par Trial Registration: ClinicalTrials.gov NCT03384550; https://clinicaltrials.gov/ct2/show/NCT03384550 (Archived by WebCite at http://www.webcitation.org/74IgCiK3d) \par International Registered Report Identifier (IRRID): DERR1-10.2196/11540}, } @Article{kunzler:receptivity, author = {Florian K{\"{u}}nzler and Varun Mishra and Jan-Niklas Kramer and David Kotz and Elgar Fleisch and Tobias Kowatsch}, title = {{Exploring the State-of-Receptivity for mHealth Interventions}}, journal = {Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies (IMWUT) (Ubicomp)}, year = 2019, month = {December}, volume = 3, number = 4, articleno = 140, numpages = 27, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/3369805}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kunzler-receptivity/index.html}, abstract = {Recent advancements in sensing techniques for mHealth applications have led to successful development and deployments of several mHealth intervention designs, including Just-In-Time Adaptive Interventions (JITAI). JITAIs show great potential because they aim to provide the right type and amount of support, at the right time. Timing the delivery of a JITAI such as the user is receptive and available to engage with the intervention is crucial for a JITAI to succeed. Although previous research has extensively explored the role of context in users' responsiveness towards generic phone notifications, it has not been thoroughly explored for actual mHealth interventions. In this work, we explore the factors affecting users' receptivity towards JITAIs. To this end, we conducted a study with 189 participants, over a period of 6 weeks, where participants received interventions to improve their physical activity levels. The interventions were delivered by a chatbot-based digital coach - Ally - which was available on Android and iOS platforms. \par We define several metrics to gauge receptivity towards the interventions, and found that (1) several participant-specific characteristics (age, personality, and device type) show significant associations with the overall participant receptivity over the course of the study, and that (2) several contextual factors (day/time, phone battery, phone interaction, physical activity, and location), show significant associations with the participant receptivity, in-the-moment. Further, we explore the relationship between the effectiveness of the intervention and receptivity towards those interventions; based on our analyses, we speculate that being receptive to interventions helped participants achieve physical activity goals, which in turn motivated participants to be more receptive to future interventions. Finally, we build machine-learning models to detect receptivity, with up to a 77\% increase in F1 score over a biased random classifier.}, } @InProceedings{mare:csaw19, author = {Shrirang Mare and Reza Rawassizadeh and Ronald Peterson and David Kotz}, title = {{Continuous Smartphone Authentication using Wristbands}}, booktitle = {{Proceedings of the Workshop on Usable Security (USEC)}}, year = 2019, month = {February}, numpages = 12, publisher = {Internet Society}, copyright = {the authors}, DOI = {10.14722/usec.2019.23013}, URL = {https://www.cs.dartmouth.edu/~kotz/research/mare-csaw19/index.html}, abstract = {Many users find current smartphone authentication methods (PINs, swipe patterns) to be burdensome, leading them to weaken or disable the authentication. Although some phones support methods to ease the burden (such as fingerprint readers), these methods require active participation by the user and do not verify the user's identity after the phone is unlocked. We propose CSAW, a continuous smartphone authentication method that leverages wristbands to verify that the phone is in the hands of its owner. In CSAW, users wear a wristband (a smartwatch or a fitness band) with built-in motion sensors, and by comparing the wristband's motion with the phone's motion, CSAW continuously produces a score indicating its confidence that the person holding (and using) the phone is the person wearing the wristband. This score provides the foundation for a wide range of authentication decisions (e.g., unlocking phone, deauthentication, or limiting phone access). Through two user studies (N{$=$}27,11) we evaluated CSAW's accuracy, usability, and security. Our experimental evaluation demonstrates that CSAW was able to conduct initial authentication with over 99\% accuracy and continuous authentication with over 96.5\% accuracy.}, } @InProceedings{pierson:closetalker, author = {Timothy J. Pierson and Travis Peters and Ronald Peterson and David Kotz}, title = {{CloseTalker: secure, short-range ad hoc wireless communication}}, booktitle = {{Proceedings of the ACM International Conference on Mobile Systems, Applications, and Services (MobiSys)}}, year = 2019, month = {June}, pages = {340--352}, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/3307334.3326100}, URL = {https://www.cs.dartmouth.edu/~kotz/research/pierson-closetalker/index.html}, abstract = {Secure communication is difficult to arrange between devices that have not previously shared a secret. Previous solutions to the problem are susceptible to man-in-the-middle attacks, require additional hardware for out-of-band communication, or require an extensive public-key infrastructure. Furthermore, as the number of wireless devices explodes with the advent of the Internet of Things, it will be impractical to manually configure each device to communicate with its neighbors. \par Our system, CloseTalker, allows simple, secure, ad hoc communication between devices in close physical proximity, while jamming the signal so it is unintelligible to any receivers more than a few centimeters away. CloseTalker does not require any specialized hardware or sensors in the devices, does not require complex algorithms or cryptography libraries, occurs only when intended by the user, and can transmit a short burst of data or an address and key that can be used to establish long-term or long-range communications at full bandwidth. \par In this paper we present a theoretical and practical evaluation of CloseTalker, which exploits Wi-Fi MIMO antennas and the fundamental physics of radio to establish secure communication between devices that have never previously met. We demonstrate that CloseTalker is able to facilitate secure in-band communication between devices in close physical proximity (about 5 cm), even though they have never met nor shared a key.}, } @InProceedings{pierson:snap, author = {Timothy J. Pierson and Travis Peters and Ronald Peterson and David Kotz}, title = {{Proximity Detection with Single-Antenna IoT Devices}}, booktitle = {{Proceedings of the ACM International Conference on Mobile Computing and Networking (MobiCom)}}, year = 2019, month = {October}, articleno = 21, numpages = 15, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/3300061.3300120}, URL = {https://www.cs.dartmouth.edu/~kotz/research/pierson-snap/index.html}, abstract = {Providing secure communications between wireless devices that encounter each other on an ad-hoc basis is a challenge that has not yet been fully addressed. In these cases, close physical proximity among devices that have never shared a secret key is sometimes used as a basis of trust; devices in close proximity are deemed trustworthy while more distant devices are viewed as potential adversaries. Because radio waves are invisible, however, a user may believe a wireless device is communicating with a nearby device when in fact the user's device is communicating with a distant adversary. Researchers have previously proposed methods for multi-antenna devices to ascertain physical proximity with other devices, but devices with a single antenna, such as those commonly used in the Internet of Things, cannot take advantage of these techniques. \par We present theoretical and practical evaluation of a method called SNAP -- SiNgle Antenna Proximity -- that allows a single-antenna Wi-Fi device to quickly determine proximity with another Wi-Fi device. Our proximity detection technique leverages the repeating nature Wi-Fi's preamble and the behavior of a signal in a transmitting antenna's near-field region to detect proximity with high probability; SNAP never falsely declares proximity at ranges longer than 14 cm.}, } @InProceedings{sen:vibering-poster, author = {Sougata Sen and Varun Mishra and David Kotz}, title = {{Using vibrations from a SmartRing as an out-of-band channel for sharing secret keys}}, booktitle = {{Adjunct Proceedings of the ACM International Joint Conference on Pervasive and Ubiquitous Computing (UbiComp)}}, year = 2019, month = {September}, pages = {198--201}, publisher = {ACM}, copyright = {the authors}, DOI = {10.1145/3341162.3343818}, URL = {https://www.cs.dartmouth.edu/~kotz/research/sen-vibering-poster/index.html}, abstract = {With the rapid growth in the number of Internet of Things (IoT) devices with wireless communication capabilities, and sensitive information collection capabilities, it is becoming increasingly necessary to ensure that these devices communicate securely with only authorized devices. A major requirement of this secure communication is to ensure that both the devices share a secret, which can be used for secure pairing and encrypted communication. Manually imparting this secret to these devices becomes an unnecessary overhead, especially when the device interaction is transient. In this work, we empirically investigate the possibility of using an out-of-band communication channel -- vibration, generated by a custom smartRing -- to share a secret with a compatible IoT device. Through a user study with 12 participants we show that in the best case we can exchange 85.9\% messages successfully. Our technique demonstrates the possibility of sharing messages accurately, quickly and securely as compared to several existing techniques.}, } @Article{batsis:usability, author = {John A. Batsis and Alexandra Zagaria and David F. Kotz and Stephen J. Bartels and George G. Boateng and Patrick O. Proctor and Ryan J. Halter and Elizabeth A. Carpenter-Song}, title = {{Usability evaluation for the Amulet wearable device in rural older adults with obesity}}, journal = {Gerontechnology}, year = 2018, month = {October}, volume = 17, number = 3, pages = {151--159}, publisher = {International Society for Gerontechnology}, copyright = {International Society for Gerontechnology}, DOI = {10.4017/gt.2018.17.3.003.00}, URL = {https://www.cs.dartmouth.edu/~kotz/research/batsis-usability/index.html}, abstract = {Mobile health (mHealth) interventions hold the promise of augmenting existing health promotion interventions. Older adults present unique challenges in advancing new models of health promotion using technology including sensory limitations and less experience with mHealth, underscoring the need for specialized usability testing. We use an open-source mHealth device as a case example for its integration in a newly designed health services intervention. We performed a convergent, parallel mixed-methods study including semi-structured interviews, focus groups, and questionnaires, using purposive sampling of 29 older adults, 4 community leaders, and 7 clinicians in a rural setting. We transcribed the data, developed codes informed by thematic analysis using inductive and deductive methods, and assessed the quantitative data using descriptive statistics. Our results suggest the importance of end-users in user-centered design of mHealth devices and that aesthetics are critically important. The prototype could potentially be feasibly integrated within health behavior interventions. Centralized dashboards were desired by all participants and ecological momentary assessment could be an important part of monitoring. Concerns of mHealth, including the prototype device, include the device's accuracy, its intrusiveness in daily life and privacy. Formative evaluations are critically important prior to deploying large-scale interventions.}, } @Article{bi:ubicomp18, author = {Shengjie Bi and Tao Wang and Nicole Tobias and Josephine Nordrum and Shang Wang and George Halvorsen and Sougata Sen and Ronald Peterson and Kofi Odame and Kelly Caine and Ryan Halter and Jacob Sorber and David Kotz}, title = {{Auracle: Detecting Eating Episodes with an Ear-Mounted Sensor}}, journal = {Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies (IMWUT) (Ubicomp)}, year = 2018, month = {September}, volume = 2, number = 3, articleno = 92, numpages = 27, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/3264902}, URL = {https://www.cs.dartmouth.edu/~kotz/research/bi-ubicomp18/index.html}, abstract = {In this paper, we propose Auracle, a wearable earpiece that can automatically recognize eating behavior. More specifically, in free-living conditions, we can recognize when and for how long a person is eating. Using an off-the-shelf contact microphone placed behind the ear, Auracle captures the sound of a person chewing as it passes through the bone and tissue of the head. This audio data is then processed by a custom analog/digital circuit board. To ensure reliable (yet comfortable) contact between microphone and skin, all hardware components are incorporated into a 3D-printed behind-the-head framework. We collected field data with 14 participants for 32 hours in free-living conditions and additional eating data with 10 participants for 2 hours in a laboratory setting. We achieved accuracy exceeding 92.8\% and F1 score exceeding 77.5\% for eating detection. Moreover, Auracle successfully detected 20-24 eating episodes (depending on the metrics) out of 26 in free-living conditions. We demonstrate that our custom device could sense, process, and classify audio data in real time. Additionally, we estimate Auracle can last 28.1 hours with a 110 mAh battery while communicating its observations of eating behavior to a smartphone over Bluetooth.}, } @InProceedings{boateng:geriactive, author = {George Boateng and John A. Batsis and Patrick Proctor and Ryan Halter and David Kotz}, title = {{GeriActive: Wearable App for Monitoring and Encouraging Physical Activity among Older Adults}}, booktitle = {{Proceedings of the IEEE Conference on Body Sensor Networks (BSN)}}, year = 2018, month = {March}, pages = {46--49}, publisher = {IEEE}, copyright = {IEEE}, DOI = {10.1109/BSN.2018.8329655}, URL = {https://www.cs.dartmouth.edu/~kotz/research/boateng-geriactive/index.html}, abstract = {The ability to monitor a person's level of daily activity can inform self-management of physical activity and assist in augmenting behavioral interventions. For older adults, the importance of regular physical activity is critical to reduce the risk of long-term disability. In this work, we present GeriActive, an application on the Amulet wrist-worn device that monitors in real time older adults' daily activity levels (low, moderate and vigorous), which we categorized using metabolic equivalents (METs). The app implements an activity-level detection model we developed using a linear Support Vector Machine (SVM). We trained our model using data from volunteer subjects (n{$=$}29) who performed common physical activities (sit, stand, lay down, walk and run) and obtained an accuracy of 94.3\% with leave-one-subject-out (LOSO) cross-validation. We ran a week-long field study to evaluate the usability and battery life of the GeriActive system where 5 older adults wore the Amulet as it monitored their activity level. Their feedback showed that our system has the potential to be usable and useful. Our evaluation further revealed a battery life of at least 1 week. The results are promising, indicating that the app may be used for activity-level monitoring by individuals or researchers for health delivery interventions that could improve the health of older adults.}, } @TechReport{carrigan:fitbit, author = {Joseph Carrigan and David Kotz and Aviel Rubin}, title = {{STEM Outreach Activity with Fitbit Wearable Devices}}, institution = {Dartmouth College and Johns Hopkins University}, year = 2018, month = {February}, number = {TR2018-839}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/carrigan-fitbit/index.html}, abstract = {This document provides a toolkit for an STEM outreach activity based on Fitbit wearable fitness devices. The activity is targeted toward high-school students. This document provides guidance preparing for and executing the activity and measuring outcomes. This document contains templates that can be used as is or altered to suit your specific needs.}, } @InProceedings{hardin:mpu, author = {Taylor Hardin and Ryan Scott and Patrick Proctor and Josiah Hester and Jacob Sorber and David Kotz}, title = {{Application Memory Isolation on Ultra-Low-Power MCUs}}, booktitle = {{Proceedings of the USENIX Annual Technical Conference (USENIX ATC)}}, year = 2018, month = {July}, pages = {127--132}, publisher = {USENIX Association}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/hardin-mpu/index.html}, abstract = {The proliferation of applications that handle sensitive user data on wearable platforms generates a critical need for embedded systems that offer strong security without sacrificing flexibility and long battery life. To secure sensitive information, such as health data, ultra-low-power wearables must isolate applications from each other and protect the underlying system from errant or malicious application code. These platforms typically use microcontrollers that lack sophisticated Memory Management Units (MMU). Some include a Memory Protection Unit (MPU), but current MPUs are inadequate to the task, leading platform developers to software-based memory-protection solutions. In this paper, we present our memory isolation technique, which leverages compiler inserted code and MPU-hardware support to achieve better runtime performance than software-only counterparts.}, } @Article{kotz:etda, author = {David Kotz and Sarah E. Lord and A. James O'Malley and Luke Stark and Lisa A. Marsch}, title = {{Workshop on Emerging Technology and Data Analytics for Behavioral Health}}, journal = {JMIR Research Protocols}, year = 2018, month = {June}, volume = 7, number = 6, articleno = {e158}, numpages = 6, publisher = {JMIR Publications}, copyright = {the authors}, DOI = {10.2196/resprot.9589}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-etda/index.html}, abstract = {Wearable and portable digital devices can support self-monitoring for patients with chronic medical conditions, individuals seeking to reduce stress, and people seeking to modify health-related behaviors such as substance use or overeating. The resulting data may be used directly by a consumer, or shared with a clinician for treatment, a caregiver for assistance, or a health coach for support. The data can also be used by researchers to develop and evaluate just-in-time interventions that leverage mobile technology to help individuals manage their symptoms and behavior in real time and as needed. Such wearable systems have huge potential for promoting delivery of anywhere-anytime health care, improving public health, and enhancing the quality of life for many people. The Center for Technology and Behavioral Health at Dartmouth College, a P30 ``Center of Excellence'' supported by the National Institute on Drug Abuse at the National Institutes of Health, conducted a workshop in February 2017 on innovations in emerging technology, user-centered design, and data analytics for behavioral health, with presentations by a diverse range of experts in the field. The workshop focused on wearable and mobile technologies being used in clinical and research contexts, with an emphasis on applications in mental health, addiction, and health behavior change. In this paper, we summarize the workshop panels on mobile sensing, user experience design, statistics and machine learning, and privacy and security, and conclude with suggested research directions for this important and emerging field of applying digital approaches to behavioral health. Workshop insights yielded four key directions for future research: (1) a need for behavioral health researchers to work iteratively with experts in emerging technology and data analytics, (2) a need for research into optimal user-interface design for behavioral health technologies, (3) a need for privacy-oriented design from the beginning of a novel technology, and (4) the need to develop new analytical methods that can scale to thousands of individuals and billions of data points.}, } @Article{liu:vocalresonance, author = {Rui Liu and Cory Cornelius and Reza Rawassizadeh and Ron Peterson and David Kotz}, title = {{Vocal Resonance: Using Internal Body Voice for Wearable Authentication}}, journal = {Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies (IMWUT) (UbiComp)}, year = 2018, month = {March}, volume = 2, number = 1, articleno = 19, numpages = 23, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/3191751}, URL = {https://www.cs.dartmouth.edu/~kotz/research/liu-vocalresonance/index.html}, abstract = {We observe the advent of body-area networks of pervasive wearable devices, whether for health monitoring, personal assistance, entertainment, or home automation. For many devices, it is critical to identify the wearer, allowing sensor data to be properly labeled or personalized behavior to be properly achieved. In this paper we propose the use of vocal resonance, that is, the sound of the person's voice as it travels through the person's body -- a method we anticipate would be suitable for devices worn on the head, neck, or chest. In this regard, we go well beyond the simple challenge of speaker recognition: we want to know who is wearing the device. We explore two machine-learning approaches that analyze voice samples from a small throat-mounted microphone and allow the device to determine whether (a) the speaker is indeed the expected person, and (b) the microphone-enabled device is physically on the speaker's body. We collected data from 29 subjects, demonstrate the feasibility of a prototype, and show that our DNN method achieved balanced accuracy 0.914 for identification and 0.961 for verification by using an LSTM-based deep-learning model, while our efficient GMM method achieved balanced accuracy 0.875 for identification and 0.942 for verification.}, } @Article{mare:saw, author = {Shrirang Mare and Reza Rawassizadeh and Ronald Peterson and David Kotz}, title = {{SAW: Wristband-based authentication for desktop computers}}, journal = {Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies (IMWUT) (Ubicomp)}, year = 2018, month = {September}, volume = 2, number = 3, articleno = 125, numpages = 29, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/3264935}, URL = {https://www.cs.dartmouth.edu/~kotz/research/mare-saw/index.html}, abstract = {Token-based proximity authentication methods that authenticate users based on physical proximity are effortless, but lack explicit user intentionality, which may result in accidental logins. For example, a user may get logged in when she is near a computer or just passing by, even if she does not intend to use that computer. Lack of user intentionality in proximity-based methods makes them less suitable for multi-user shared computer environments, despite their desired usability benefits over passwords. \par We present an authentication method for desktops called Seamless Authentication using Wristbands (SAW), which addresses the lack of intentionality limitation of proximity-based methods. SAW uses a low-effort user input step for explicitly conveying user intentionality, while keeping the overall usability of the method better than password-based methods. In SAW, a user wears a wristband that acts as the user's identity token, and to authenticate to a desktop, the user provides a low-effort input by tapping a key on the keyboard multiple times or wiggling the mouse with the wristband hand. This input to the desktop conveys that someone wishes to log in to the desktop, and SAW verifies the user who wishes to log in by confirming the user's proximity and correlating the received keyboard or mouse inputs with the user's wrist movement, as measured by the wristband. In our feasibility user study (n{$=$}17), SAW proved quick to authenticate (within two seconds), with a low false-negative rate of 2.5\% and worst-case false-positive rate of 1.8\%. In our user perception study (n{$=$}16), a majority of the participants rated it as more usable than passwords.}, } @InProceedings{mishra:commodity, author = {Varun Mishra and Gunnar Pope and Sarah Lord and Stephanie Lewia and Byron Lowens and Kelly Caine and Sougata Sen and Ryan Halter and David Kotz}, title = {{The Case for a Commodity Hardware Solution for Stress Detection}}, booktitle = {{Proceedings of the Workshop on Mental Health: Sensing \& Intervention}}, year = 2018, month = {October}, pages = {1717--1728}, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/3267305.3267538}, URL = {https://www.cs.dartmouth.edu/~kotz/research/mishra-commodity/index.html}, abstract = {Timely detection of an individual's stress level has the potential to expedite and improve stress management, thereby reducing the risk of adverse health consequences that may arise due to unawareness or mismanagement of stress. Recent advances in wearable sensing have resulted in multiple approaches to detect and monitor stress with varying levels of accuracy. The most accurate methods, however, rely on clinical grade sensors strapped to the user. These sensors measure physiological signals of a person and are often bulky, custom-made, expensive, and/or in limited supply, hence limiting their large-scale adoption by researchers and the general public. In this paper, we explore the viability of commercially available off-the-shelf sensors for stress monitoring. The idea is to be able to use cheap, non-clinical sensors to capture physiological signals, and make inferences about the wearer's stress level based on that data. In this paper, we describe a system involving a popular off-the-shelf heart-rate monitor, the Polar H7; we evaluated our system in a lab setting with three well-validated stress-inducing stimuli with 26 participants. Our analysis shows that using the off-the-shelf sensor alone, we were able to detect stressful events with an F1 score of 0.81, on par with clinical-grade sensors.}, } @TechReport{mishra:ema-tr, author = {Varun Mishra and Byron Lowens and Sarah Lord and Kelly Caine and David Kotz}, title = {{Investigating Contextual Cues as Indicators for EMA Delivery}}, institution = {Dartmouth Computer Science}, year = 2018, month = {April}, number = {TR2018-842}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/mishra-ema-tr/index.html}, abstract = {In this work, we attempt to determine whether the contextual information of a participant can be used to predict whether the participant will respond to a particular Ecological Momentary Assessment (EMA) prompt. We use a publicly available dataset for our work, and find that by using basic contextual features about the participant's activity, conversation status, audio, and location, we can predict whether an EMA prompt triggered at a particular time will be answered with a precision of 0.647, which is significantly higher than a baseline precision of 0.410. Using this knowledge, the researchers conducting field studies can efficiently schedule EMA prompts and achieve higher response rates.}, } @InProceedings{peters:bastionsgx, author = {Travis Peters and Reshma Lal and Srikanth Varadarajan and Pradeep Pappachan and David Kotz}, title = {{BASTION-SGX: Bluetooth and Architectural Support for Trusted I/O on SGX}}, booktitle = {{Proceedings of the International Workshop on Hardware and Architectural Support for Security and Privacy (HASP)}}, year = 2018, month = {June}, articleno = 3, numpages = 9, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/3214292.3214295}, URL = {https://www.cs.dartmouth.edu/~kotz/research/peters-bastionsgx/index.html}, abstract = {This paper presents work towards realizing architectural support for Bluetooth Trusted I/O on SGX-enabled platforms, with the goal of providing I/O data protection that does not rely on system software security. Indeed, we are primarily concerned with protecting I/O from all software adversaries, including privileged software. In this paper we describe the challenges in designing and implementing Trusted I/O at the architectural level for Bluetooth. We propose solutions to these challenges. In addition, we describe our proof-of-concept work that extends existing over-the-air Bluetooth security all the way to an SGX enclave by securing user data between the Bluetooth Controller and an SGX enclave.}, } @InProceedings{peterson:chase, author = {Curtis L. Petersen and Emily V. Wechsler and Ryan J. Halter and George G. Boateng and Patrick O. Proctor and David F. Kotz and Summer B. Cook and John A. Batsis}, title = {{Detection and Monitoring of Repetitions Using an mHealth-Enabled Resistance Band}}, booktitle = {{Proceedings of the IEEE/ACM International Conference on Connected Health: Applications, Systems and Engineering Technologies (CHASE)}}, year = 2018, month = {September}, pages = {22--24}, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/3278576.3278586}, URL = {https://www.cs.dartmouth.edu/~kotz/research/peterson-chase/index.html}, abstract = {Sarcopenia is defined as an age-related loss of muscle mass and strength which impairs physical function leading to disability and frailty. Resistance exercises are effective treatments for sarcopenia and are critical in mitigating weight-loss induced sarcopenia in older adults attempting to lose weight. Yet, adherence to home-based regimens, which is a cornerstone to lifestyle therapies, is poor and cannot be ascertained by clinicians as no objective methods exist to determine patient compliance outside of a supervised setting. Our group developed a Bluetooth connected resistance band that tests the ability to detect exercise repetitions. We recruited 6 patients aged 65 years and older and recorded 4 specific, physical therapist-led exercises. Three blinded reviewers examined the findings and we also applied a peak finding algorithm to the data. There were 16.6 repetitions per exercise across reviewers, with an intraclass correlation of 0.912 (95\%CI: 0.853--0.953, p{$<$}0.001) between reviewers and the algorithm. Using this novel resistance band, we feasibly detected repetition of exercises in older adults.}, } @InProceedings{pierson:snap-poster, author = {Timothy J. Pierson and Travis Peters and Ronald Peterson and David Kotz}, title = {{Poster: Proximity Detection with Single-Antenna IoT Devices}}, booktitle = {{Proceedings of the ACM International Conference on Mobile Computing and Networking (MobiCom)}}, year = 2018, month = {October}, pages = {663--665}, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/3241539.3267751}, URL = {https://www.cs.dartmouth.edu/~kotz/research/pierson-snap-poster/index.html}, abstract = {Close physical proximity among wireless devices that have never shared a secret key is sometimes used as a basis of trust. In these cases, devices in close proximity are deemed trustworthy while more distant devices are viewed as potential adversaries. Because radio waves are invisible, however, a user may believe a wireless device is communicating with a nearby device when in fact the user's device is communicating with a distant adversary. Researchers have previously proposed methods for multi-antenna devices to ascertain physical proximity with other devices, but devices with a single antenna, such as those commonly used in the Internet of Things, cannot take advantage of these techniques. We investigate a method for a single-antenna Wi-Fi device to quickly determine proximity with another Wi-Fi device. Our approach leverages the repeating nature Wi-Fi's preamble and the characteristics of a transmitting antenna's near field to detect proximity with high probability. Our method never falsely declares proximity at ranges longer than 14 cm.}, } @InProceedings{pope:eda-bsn, author = {Gunnar C. Pope and Varun Mishra and Stephanie Lewia and Byron Lowens and David Kotz and Sarah Lord and Ryan Halter}, title = {{An Ultra-Low Resource Wearable EDA Sensor Using Wavelet Compression}}, booktitle = {{Proceedings of the IEEE Conference on Body Sensor Networks (BSN)}}, year = 2018, month = {March}, pages = {193--196}, publisher = {IEEE}, copyright = {IEEE}, DOI = {10.1109/BSN.2018.8329691}, URL = {https://www.cs.dartmouth.edu/~kotz/research/pope-eda-bsn/index.html}, abstract = {This study presents an ultra-low resource platform for physiological sensing that uses on-chip wavelet compression to enable long-term recording of electrodermal activity (EDA) within a 64kB microcontroller. The design is implemented on a wearable platform and provides improvements in size and power compared to existing wearable technologies and was used in a lab setting to monitor EDA of 27 participants throughout a stress induction protocol. We demonstrate the device's sensitivity to stress induction by providing descriptive statistics of 8 common EDA signal features for each stressor of the experiment. To the best of our knowledge, this is the first time a generic, 16-bit microcontroller (MCU) has been used to record real-time physiological signals on a wearable platform without the use of external memory chips or wireless transmission for extended periods of time. The compression techniques described can lead to reductions in size, power, and cost of wearable biosensors with little or no modifications to existing sensor hardware and could be valuable for applications interested in monitoring long-term physiological trends at lower data rates and memory requirements.}, } @Article{reza:nocloud, author = {Reza Rawassizadeh and Timothy Pierson and Ronald Peterson and David Kotz}, title = {{NoCloud: Experimenting with Network Disconnection by Design}}, journal = {IEEE Pervasive Computing}, year = 2018, month = {January}, volume = 17, number = 1, pages = {64--74}, publisher = {IEEE}, copyright = {IEEE}, DOI = {10.1109/MPRV.2018.011591063}, URL = {https://www.cs.dartmouth.edu/~kotz/research/reza-nocloud/index.html}, abstract = {Application developers often advocate uploading data to the cloud for analysis or storage, primarily due to concerns about the limited computational capability of ubiquitous devices. Today, however, many such devices can still effectively operate and execute complex algorithms without reliance on the cloud. The authors recommend prioritizing on-device analysis over uploading the data to another host, and if on-device analysis is not possible, favoring local network services over a cloud service.}, } @PhdThesis{pierson:thesis, author = {Timothy J. Pierson}, title = {{Secure Short-range Communications}}, school = {Dartmouth Computer Science}, year = 2018, month = {June}, copyright = {Timothy J. Peterson}, address = {Hanover, NH}, URL = {https://www.cs.dartmouth.edu/~kotz/research/pierson-thesis/index.html}, note = {Available as Dartmouth Computer Science Technical Report TR2018-845}, abstract = {Analysts predict billions of everyday objects will soon become ``smart'' after designers add wireless communication capabilities. Collectively known as the Internet of Things (IoT), these newly communication-enabled devices are envisioned to collect and share data among themselves, with new devices entering and exiting a particular environment frequently. People and the devices they wear or carry may soon encounter dozens, possibly hundreds, of devices each day. Many of these devices will be encountered for the first time. Additionally, some of the information the devices share may have privacy or security implications. Furthermore, many of these devices will have limited or non-existent user interfaces, making manual configuration cumbersome. This situation suggests that devices that have never met, nor shared a secret, but that are in the same physical area, must have a way to securely communicate that requires minimal manual intervention. In this dissertation we present novel approaches to solve these short-range communication issues. Our techniques are simple to use, secure, and consistent with user intent. We first present a technique called Wanda that uses radio strength as a communication channel to securely impart information onto nearby devices. We focus on using Wanda to introduce new devices into an environment, but Wanda could be used to impart any type of information onto wireless devices, regardless of device type or manufacturer. Next we describe SNAP, a method for a single-antenna wireless device to determine when it is in close physical proximity to another wireless device. Because radio waves are invisible, a user may believe transmissions are coming from a nearby device when in fact the transmissions are coming from a distant adversary attempting to trick the user into accepting a malicious payload. Our approach significantly raises the bar for an adversary attempting such a trick. Finally, we present a solution called JamFi that exploits MIMO antennas and the Inverse-Square Law to securely transfer data between nearby devices while denying more distant adversaries the ability to recover the data. We find JamFi is able to facilitate reliable and secure communication between two devices in close physical proximity, even though they have never met nor shared a key.}, } @Misc{kotz:patent9936877, author = {David Kotz and Ryan Halter and Cory Cornelius and Jacob Sorber and Minho Shin and Ronald Peterson and Shrirang Mare and Aarathi Prasad and Joseph Skinner and Andr{\'{e}}s Molina-Markham}, title = {{Wearable computing device for secure control of physiological sensors and medical devices, with secure storage of medical records, and bioimpedance biometric}}, howpublished = {U.S. Patent 9,936,877; International Patent Application WO2013096954A1}, year = 2018, month = {April}, day = 10, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-patent9936877/index.html}, note = {This patent adds claims to its predecessor; Priority date 2011-12-23; Filed 2017-02-07; Issued 2018-04-10}, abstract = {A wearable master electronic device (Amulet) has a processor with memory, the processor coupled to a body-area network (BAN) radio and uplink radio. The device has firmware for BAN communications with wearable nodes to receive data, and in an embodiment, send configuration data. The device has firmware for using the uplink radio to download apps and configurations, and upload data to a server. An embodiment has accelerometers in Amulet and wearable node, and firmware for using accelerometer readings to determine if node and Amulet are worn by the same subject. Other embodiments use pulse sensors or microphones in the Amulet and node to both identify a subject and verify the Amulet and node are worn by the same subject. Another embodiment uses a bioimpedance sensor to identify the subject. The wearable node may be an insulin pump, chemotherapy pump, TENS unit, cardiac monitor, or other device.}, } @Misc{molina-markham:patent9961547, author = {Andr{\'{e}}s D. Molina-Markham and Shrirang Mare and Ronald Peterson and David Kotz}, title = {{Continuous seamless mobile device authentication using a separate electronic wearable apparatus}}, howpublished = {U.S. Patent 9,961,547}, year = 2018, month = {May}, day = 1, URL = {https://www.cs.dartmouth.edu/~kotz/research/molina-markham-patent9961547/index.html}, note = {Priority date 2016-09-30, Filed 2016-09-30; Issued 2018-05-01}, abstract = {A technique performs a security operation. The technique includes receiving first activity data from a mobile device, the first activity data identifying activity by a user that is currently using the mobile device. The technique further includes receiving second activity data from an electronic wearable apparatus, the second activity data identifying physical activity by a wearer that is currently wearing the electronic wearable apparatus. The technique further includes, based on the first activity data received from the mobile device and the second activity data received from the electronic wearable apparatus, performing an assessment operation that provides an assessment result indicating whether the user that is currently using the mobile device and the wearer that is currently wearing the electronic wearable apparatus are the same person. With such a technique, authentication may be continuous but without burdening the user to repeatedly re-enter a password.}, } @InProceedings{bi:mobisys17, author = {Shengjie Bi and Ellen Davenport and Jun Gong and Ronald Peterson and Kevin Storer and Tao Wang and Kelly Caine and Ryan Halter and David Kotz and Kofi Odame and Jacob Sorber and Xing-Dong Yang}, title = {{Poster: Auracle --- A Wearable Device for Detecting and Monitoring Eating Behavior}}, booktitle = {{Proceedings of the ACM International Conference on Mobile Systems, Applications, and Services (MobiSys)}}, year = 2017, month = {June}, pages = 176, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/3081333.3089320}, URL = {https://www.cs.dartmouth.edu/~kotz/research/bi-mobisys17/index.html}, abstract = {The Auracle aims to be a wearable earpiece that detects eating behavior, to be fielded by health-science researchers in their efforts to study eating behavior and ultimately to develop interventions useful to individuals striving to address chronic disease related to eating.}, } @InProceedings{bi:wearsys17, author = {Shengjie Bi and Tao Wang and Ellen Davenport and Ronald Peterson and Ryan Halter and Jacob Sorber and David Kotz}, title = {{Toward a Wearable Sensor for Eating Detection}}, booktitle = {{Proceedings of the ACM Workshop on Wearable Systems and Applications (WearSys)}}, year = 2017, month = {June}, pages = {17--22}, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/3089351.3089355}, URL = {https://www.cs.dartmouth.edu/~kotz/research/bi-wearsys17/index.html}, abstract = {Researchers strive to understand eating behavior as a means to develop diets and interventions that can help people achieve and maintain a healthy weight, recover from eating disorders, or manage their diet and nutrition for personal wellness. A major challenge for eating-behavior research is to understand when, where, what, and how people eat. In this paper, we evaluate sensors and algorithms designed to detect eating activities, more specifically, when people eat. We compare two popular methods for eating recognition (based on acoustic and electromyography (EMG) sensors) individually and combined. We built a data-acquisition system using two off-the-shelf sensors and conducted a study with 20 participants. Our preliminary results show that the system we implemented can detect eating with an accuracy exceeding 90.9\% while the crunchiness level of food varies. We are developing a wearable system that can capture, process, and classify sensor data to detect eating in real-time.}, } @InProceedings{boateng:activityaware, author = {George Boateng and John A. Batsis and Ryan Halter and David Kotz}, title = {{ActivityAware: An App for Real-Time Daily Activity Level Monitoring on the Amulet Wrist-Worn Device}}, booktitle = {{Proceedings of the IEEE PerCom Workshop on Pervasive Health Technologies (PerHealth)}}, year = 2017, month = {March}, pages = {431--435}, publisher = {IEEE}, copyright = {IEEE}, DOI = {10.1109/PERCOMW.2017.7917601}, URL = {https://www.cs.dartmouth.edu/~kotz/research/boateng-activityaware/index.html}, abstract = {Physical activity helps reduce the risk of cardiovascular disease, hypertension and obesity. The ability to monitor a person's daily activity level can inform self-management of physical activity and related interventions. For older adults with obesity, the importance of regular, physical activity is critical to reduce the risk of long-term disability. In this work, we present ActivityAware, an application on the Amulet wrist-worn device that measures daily activity levels (sedentary, moderate and vigorous) of individuals, continuously and in real-time. The app implements an activity-level detection model, continuously collects acceleration data on the Amulet, classifies the current activity level, updates the day's accumulated time spent at that activity level, logs the data for later analysis, and displays the results on the screen. We developed an activity-level detection model using a Support Vector Machine (SVM). We trained our classifiers using data from a user study, where subjects performed the following physical activities: sit, stand, lay down, walk and run. With 10-fold cross validation and leave-one-subject-out (LOSO) cross validation, we obtained preliminary results that suggest accuracies up to 98\%, for n{$=$}14 subjects. Testing the ActivityAware app revealed a projected battery life of up to 4 weeks before needing to recharge. The results are promising, indicating that the app may be used for activity-level monitoring, and eventually for the development of interventions that could improve the health of individuals.}, } @InProceedings{boateng:stressaware, author = {George Boateng and David Kotz}, title = {{StressAware: An App for Real-Time Stress Monitoring on the Amulet Wearable Platform}}, booktitle = {{Proceedings of the IEEE MIT Undergraduate Research Technology Conference (URTC)}}, year = 2017, month = {January}, pages = {1--4}, publisher = {IEEE}, copyright = {IEEE}, DOI = {10.1109/URTC.2016.8284068}, URL = {https://www.cs.dartmouth.edu/~kotz/research/boateng-stressaware/index.html}, abstract = {Stress is the root cause of many diseases and unhealthy behaviors. Being able to monitor when and why a person is stressed could inform personal stress management as well as interventions when necessary. In this work, we present StressAware, an application on the Amulet wearable platform that classifies the stress level (low, medium, high) of individuals continuously and in real time using heart rate (HR) and heart-rate variability (HRV) data from a commercial heart-rate monitor. We developed our stress-detection model using a Support Vector Machine (SVM). We trained and tested our model using data from three sources and had the following preliminary results: PhysioNet, a public physiological database (94.5\% accurate with 10-fold cross validation), a field study (100\% accurate with 10-fold cross validation) and a lab study (64.3\% accurate with leave-one-out cross-validation). Testing the StressAware app revealed a projected battery life of up to 12 days. Also, the usability feedback from subjects showed that the Amulet has a potential to be used by people for monitoring their stress levels. The results are promising, indicating that the app may be used for stress detection, and eventually for the development of stress-related intervention that could improve the health of individuals.}, } @InProceedings{hardin:mobisys17, author = {Taylor Hardin and Josiah Hester and Patrick Proctor and Jacob Sorber and David Kotz}, title = {{Poster: Memory Protection in Ultra-Low-Power Multi-Application Wearables}}, booktitle = {{Proceedings of the ACM International Conference on Mobile Systems, Applications, and Services (MobiSys)}}, year = 2017, month = {June}, pages = 170, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/3081333.3089314}, URL = {https://www.cs.dartmouth.edu/~kotz/research/hardin-mobisys17/index.html}, abstract = {Ultra-low-power microcontrollers have historically not offered MPUs; only recently have MPUs become more prevalent, but many lack the functionality for sufficient memory management and protection. Thus, those who develop multi-application, multi-tenant platforms isolate applications using compile-time or run-time software sandboxing (e.g., AmuletOS), imposing limits on application developers and adding time/space overhead to running applications. We have developed methods, however, to leverage the limited MPUs and thereby reduce overhead cost by narrowing the use of software-based approaches.}, } @InProceedings{kotz:safethings, author = {David Kotz and Travis Peters}, title = {{Challenges to ensuring human safety throughout the life-cycle of Smart Environments}}, booktitle = {{Proceedings of the ACM Workshop on the Internet of Safe Things (SafeThings)}}, year = 2017, month = {November}, pages = {1--7}, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/3137003.3137012}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-safethings/index.html}, abstract = {The homes, offices, and vehicles of tomorrow will be embedded with numerous ``Smart Things,'' networked with each other and with the Internet. Many of these Things are embedded in the physical infrastructure, and like the infrastructure they are designed to last for decades -- far longer than is normal with today's electronic devices. What happens then, when an occupant moves out or transfers ownership of her Smart Environment? This paper outlines the critical challenges required for the safe long-term operation of Smart Environments. How does an occupant identify and decommission all the Things in an environment before she moves out? How does a new occupant discover, identify, validate, and configure all the Things in the environment he adopts? When a person moves from smart home to smart office to smart hotel, how is a new environment vetted for safety and security, how are personal settings migrated, and how are they securely deleted on departure? When the original vendor of a Thing (or the service behind it) disappears, how can that Thing (and its data, and its configuration) be transferred to a new service provider? What interface can enable lay people to manage these complex challenges, and be assured of their privacy, security, and safety? We present a list of key research questions to address these important challenges.}, } @InProceedings{liang:lighttouch, author = {Xiaohui Liang and Tianlong Yun and Ronald Peterson and David Kotz}, title = {{LightTouch: Securely Connecting Wearables to Ambient Displays with User Intent}}, booktitle = {{Proceedings of the IEEE International Conference on Computer Communications (INFOCOM)}}, year = 2017, month = {May}, pages = {1--9}, publisher = {IEEE}, copyright = {IEEE}, DOI = {10.1109/INFOCOM.2017.8057210}, URL = {https://www.cs.dartmouth.edu/~kotz/research/liang-lighttouch/index.html}, abstract = {Wearables are small and have limited user interfaces, so they often wirelessly interface with a personal smartphone/computer to relay information from the wearable for display or other interactions. In this paper, we envision a new method, LightTouch, by which a wearable can establish a secure connection to an ambient display, such as a television or a computer monitor, while ensuring the user's intention to connect to the display. LightTouch uses standard RF methods (like Bluetooth) for communicating the data to display, securely bootstrapped via the visible-light communication (the brightness channel) from the display to the low-cost, low-power, ambient light sensor of a wearable. A screen `touch' gesture is adopted by users to ensure that the modulation of screen brightness can be securely captured by the ambient light sensor with minimized noise. Wireless coordination with the processor driving the display establishes a shared secret based on the brightness channel information. We further propose novel on-screen localization and correlation algorithms to improve security and reliability. Through experiments and a preliminary user study we demonstrate that LightTouch is compatible with current display and wearable designs, is easy to use (about 6 seconds to connect), is reliable (up to 98\% success connection ratio), and is secure against attacks.}, } @InProceedings{liang:wearsys17, author = {Xiaohui Liang and David Kotz}, title = {{AuthoRing: Wearable User-presence Authentication}}, booktitle = {{Proceedings of the ACM Workshop on Wearable Systems and Applications (WearSys)}}, year = 2017, month = {June}, pages = {5--10}, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/3089351.3089357}, URL = {https://www.cs.dartmouth.edu/~kotz/research/liang-wearsys17/index.html}, abstract = {A common log-in process at computers involves the entry of username and password; log out depends on the user to remember to log out, or a timeout to expire the user session. Once logged in, user sessions may be vulnerable to imposter attacks in which an impostor steps up to the user's unattended computer and inherits the user's access privilege. We propose a ring-based authentication system called ``AuthoRing'', which restricts the imposter attackers from generating new inputs at the computer's mouse and keyboard. During the log-in process, an eligible AuthoRing user wears a digital ring with accelerometers and wireless communication capability. When input is detected at the mouse or keyboard, the computer's AuthoRing system correlates hand-motion data received from the ring with the input data from the computer's window manager, and detects imposter attacks when these data are insufficiently correlated. We implemented the AuthoRing system and evaluated its security, efficiency, and usability; we found that imposter attacks can be effectively detected and the required operations happen quickly with negligible delays experienced by the user.}, } @InProceedings{liu:mobisys17, author = {Rui Liu and Cory Cornelius and Reza Rawassizadeh and Ron Peterson and David Kotz}, title = {{Poster: Vocal Resonance as a Passive Biometric}}, booktitle = {{Proceedings of the ACM International Conference on Mobile Systems, Applications, and Services (MobiSys)}}, year = 2017, month = {June}, pages = 160, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/3081333.3089304}, URL = {https://www.cs.dartmouth.edu/~kotz/research/liu-mobisys17/index.html}, abstract = {We present a novel, unobtrusive biometric measurement that can support user identification in wearable body-mounted devices: \emph{vocal resonance}, that is, the sound of the person's voice as it travels through the person's body.}, } @InProceedings{liu:wearsys17, author = {Rui Liu and Reza Rawassizadeh and David Kotz}, title = {{Toward Accurate and Efficient Feature Selection for Speaker Recognition on Wearables}}, booktitle = {{Proceedings of the ACM Workshop on Wearable Systems and Applications (WearSys)}}, year = 2017, month = {June}, pages = {41--46}, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/3089351.3089352}, URL = {https://www.cs.dartmouth.edu/~kotz/research/liu-wearsys17/index.html}, abstract = {Due to the user-interface limitations of wearable devices, voice-based interfaces are becoming more common; speaker recognition may then address the authentication requirements of wearable applications. Wearable devices have small form factor, limited energy budget and limited computational capacity. In this paper, we examine the challenge of computing speaker recognition on small wearable platforms, and specifically, reducing resource use (energy use, response time) by trimming the input through careful feature selections. For our experiments, we analyze four different feature-selection algorithms and three different feature sets for speaker identification and speaker verification. Our results show that Principal Component Analysis (PCA) with frequency-domain features had the highest accuracy, Pearson Correlation (PC) with time-domain features had the lowest energy use, and recursive feature elimination (RFE) with frequency-domain features had the least latency. Our results can guide developers to choose feature sets and configurations for speaker-authentication algorithms on wearable platforms.}, } @InProceedings{mishra:ema-workshop, author = {Varun Mishra and Byron Lowens and Sarah Lord and Kelly Caine and David Kotz}, title = {{Investigating Contextual Cues As Indicators for EMA Delivery}}, booktitle = {{Proceedings of the International Workshop on Smart and Ambient Notification and Attention Management (UbiTtention)}}, year = 2017, month = {September}, pages = {935--940}, publisher = {ACM}, copyright = {ACM}, location = {Maui, Hawaii}, DOI = {10.1145/3123024.3124571}, URL = {https://www.cs.dartmouth.edu/~kotz/research/mishra-ema-workshop/index.html}, abstract = {In this work, we attempt to determine whether the contextual information of a participant can be used to predict whether the participant will respond to a particular EMA trigger. We use a publicly available dataset for our work, and find that by using basic contextual features about the participant's activity, conversation status, audio, and location, we can predict if an EMA triggered at a particular time will be answered with a precision of 0.647, which is significantly higher than a baseline precision of 0.41. Using this knowledge, the researchers conducting field studies can efficiently schedule EMAs and achieve higher response rates.}, } @InProceedings{pierson:s3, author = {Timothy J. Pierson and Ronald Peterson and David Kotz}, title = {{Secure Information Transfer Between Nearby Wireless Devices}}, booktitle = {{Proceedings of the Mobicom S3 workshop}}, year = 2017, month = {October}, pages = {11--13}, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/3131348.3131355}, URL = {https://www.cs.dartmouth.edu/~kotz/research/pierson-s3/index.html}, abstract = {Securely transferring data between two devices that have never previously met nor shared a secret is a difficult task. Previous solutions to the problem are susceptible to well-known attacks or may require extensive infrastructure that may not be suitable for wireless devices such as Internet of Things sensors that do not have advanced computational capabilities. \par We propose a new approach: using jamming to thwart adversaries located more than a few centimeters away, while still allowing devices in close physical proximity to securely share data. To accomplish this secure data transfer we exploit MIMO antennas and the Inverse-Square Law.}, } @InProceedings{prasad:enact, author = {Aarathi Prasad and David Kotz}, title = {{ENACT: Encounter-based Architecture for Contact Tracing}}, booktitle = {{Proceedings of the ACM Workshop on Physical Analytics (WPA)}}, year = 2017, month = {June}, pages = {37--42}, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/3092305.3092310}, URL = {https://www.cs.dartmouth.edu/~kotz/research/prasad-enact/index.html}, abstract = {Location-based sharing services allow people to connect with others who are near them, or with whom they shared a past encounter. Suppose it were also possible to connect with people who were at the same location but at a different time -- we define this scenario as a \emph{close encounter}, i.e., an incident of spatial and temporal proximity. By detecting close encounters, a person infected with a contagious disease could alert others to whom they may have spread the virus. We designed a smartphone-based system that allows people infected with a contagious virus to send alerts to other users who may have been exposed to the same virus due to a close encounter. We address three challenges: finding devices in close encounters with minimal changes to existing infrastructure, ensuring authenticity of alerts, and protecting privacy of all users. Finally, we also consider the challenges of a real-world deployment.}, } @InProceedings{prasad:spice, author = {Aarathi Prasad and Xiaohui Liang and David Kotz}, title = {{SPICE: Secure Proximity-based Infrastructure for Close Encounters}}, booktitle = {{Proceedings of the ACM Workshop on Mobile Crowdsensing Systems and Applications (CrowdSense)}}, year = 2017, month = {November}, pages = {56--61}, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/3139243.3139245}, URL = {https://www.cs.dartmouth.edu/~kotz/research/prasad-spice/index.html}, abstract = {We present a crowdsourcing system that extends the capabilities of location-based applications and allows users to connect and exchange information with users in spatial and temporal proximity. We define this incident of spatio-temporal proximity as a \emph{close encounter}. Typically, location-based application users store their information on a server, and trust the server to provide access only to authorized users, not misuse the data or disclose their location history. Our system, called SPICE, addresses these privacy issues by leveraging Wi-Fi access points to connect users and encrypt their information before it is exchanged, so only users in close encounters have access to the information. We present the design of the system and describe the challenges in implementing the protocol in a real-world application.}, } @Article{rawassizadeh:datasets, author = {Reza Rawassizadeh and David Kotz}, title = {{Datasets for Mobile, Wearable and IoT Research}}, journal = {GetMobile: Mobile Computing and Communications}, year = 2017, month = {April}, volume = 20, number = 4, pages = {5--7}, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/3081016.3081018}, URL = {https://www.cs.dartmouth.edu/~kotz/research/rawassizadeh-datasets/index.html}, abstract = {The advent of affordable devices with sensors and communication capabilities has led to the proliferation of computing paradigms, such as the Internet of Things (IoT), mobile devices, and wearable technologies. For the sake of simplicity, we use the umbrella term ``small devices'' for these technologies. At the same time, in the past decade, the increasing availability of large datasets has shifted scientists' attention toward data science, and defined new trends in computation. Even some scientists call it an evolutionary shift that has changed the pace of scientific progress, i.e., the ``fourth paradigm''.}, } @MastersThesis{boateng:msthesis, author = {George G. Boateng}, title = {{ActivityAware: Wearable System for Real-Time Physical Activity Monitoring among the Elderly}}, school = {Dartmouth Computer Science}, year = 2017, month = {May}, copyright = {George G. Boateng}, address = {Hanover, NH}, URL = {https://www.cs.dartmouth.edu/~kotz/research/boateng-msthesis/index.html}, note = {Available as Dartmouth Computer Science Technical Report TR2017-824}, abstract = {Physical activity helps reduce the risk of cardiovascular disease, hypertension and obesity. The ability to monitor a person's daily activity level can inform self-management of physical activity and related interventions. For older adults with obesity, the importance of regular, physical activity is critical to reduce the risk of long-term disability. In this work, we present ActivityAware, an application on the Amulet wrist-worn device that monitors the daily activity levels (low, moderate and vigorous) of older adults in real-time. The app continuously collects acceleration data on the Amulet, classifies the current activity level, updates the day's accumulated time spent at that activity level, displays the results on the screen and logs summary data for later analysis. \par The app implements an activity-level detection model we developed using a Linear Support Vector Machine (SVM). We trained our model using data from a user study, where subjects performed common physical activities (sit, stand, lay down, walk and run). We obtained accuracies up to 99.2\% and 98.5\% with 10-fold cross validation and leave-one-subject-out (LOSO) cross-validation respectively. We ran a week-long field study to evaluate the utility, usability and battery life of the ActivityAware system where 5 older adults wore the Amulet as it monitored their activity level. The utility evaluation showed that the app was somewhat useful in achieving the daily physical activity goal. The usability feedback showed that the ActivityAware system has the potential to be used by people for monitoring their activity levels. Our energy-efficiency evaluation revealed a battery life of at least 1 week before needing to recharge. The results are promising, indicating that the app may be used for activity-level monitoring by individuals or researchers for epidemiological studies, and eventually for the development of interventions that could improve the health of older adults.}, } @TechReport{greene:thesis, author = {Emily Greene}, title = {{ShareABEL: Secure Sharing of mHealth Data through Cryptographically-Enforced Access Control}}, institution = {Dartmouth College, Computer Science}, year = 2017, month = {July}, number = {TR2017-827}, copyright = {the author}, address = {Hanover, NH}, URL = {https://www.cs.dartmouth.edu/~kotz/research/greene-thesis/index.html}, abstract = {Owners of mobile-health apps and devices often want to share their mHealth data with others, such as physicians, therapists, coaches, and caregivers. For privacy reasons, however, they typically want to share a limited subset of their information with each recipient according to their preferences. In this paper, we introduce ShareABEL, a scalable, usable, and practical system that allows mHealth-data owners to specify access-control policies and to cryptographically enforce those policies so that only parties with the proper corresponding permissions are able to decrypt data. The design (and prototype implementation) of this system makes three contributions: (1) it applies cryptographically-enforced access-control measures to wearable healthcare data, which pose different challenges than Electronic Medical Records (EMRs), (2) it recognizes the temporal nature of mHealth data streams and supports revocation of access to part or all of a data stream, and (3) it departs from the vendor- and device-specific silos of mHealth data by implementing a secure end-to-end system that can be applied to data collected from a variety of mHealth apps and devices.}, } @TechReport{harmon:thesis, author = {David B. Harmon}, title = {{Cryptographic transfer of sensor data from the Amulet to a smartphone}}, institution = {Dartmouth College, Computer Science}, year = 2017, month = {May}, number = {TR2017-826}, copyright = {the author}, address = {Hanover, NH}, URL = {https://www.cs.dartmouth.edu/~kotz/research/harmon-thesis/index.html}, abstract = {The authenticity, confidentiality, and integrity of data streams from wearable healthcare devices are critical to patients, researchers, physicians, and others who depend on this data to measure the effectiveness of treatment plans and clinical trials. Many forms of mHealth data are highly sensitive; in the hands of unintended parties such data may reveal indicators of a patient's disorder, disability, or identity. Furthermore, if a malicious party tampers with the data, it can affect the diagnosis or treatment of patients, or the results of a research study. Although existing network protocols leverage encryption for confidentiality and integrity, network-level encryption does not provide end-to-end security from the device, through the smartphone and database, to downstream data consumers. In this thesis we provide a new open protocol that provides end-to-end authentication, confidentiality, and integrity for healthcare data in such a pipeline. \par We present and evaluate a prototype implementation to demonstrate this protocol's feasibility on low-power wearable devices, and present a case for the system's ability to meet critical security properties under a specific adversary model and trust assumptions.}, } @Misc{mare:patent9832206, author = {Shrirang Mare and Andr{\'{e}}s Molina-Markham and Ronald Peterson and David Kotz}, title = {{System, Method and Authorization Device for Biometric Access Control to Digital Devices}}, howpublished = {U.S. Patent 9,832,206; International Patent Application WO2014153528A2}, year = 2017, month = {November}, day = 28, URL = {https://www.cs.dartmouth.edu/~kotz/research/mare-patent9832206/index.html}, note = {Priority date 2013-03-21; Filed 2014-03-21; Issued 2017-11-28}, abstract = {A system and method for authenticating and continuously verifying authorized users of a digital device includes an authentication device attached to an arm or wrist of authorized users. The authentication device has an accelerometer, digital radio, a processor configured to provide identity information over the radio, and to transmit motion data. The motion data is received by the digital device and the identity transmitted is verified as an identity associated with an authorized user. Input at a touchscreen, touchpad, mouse, trackball, or keyboard of the digital device is detected, and correlated with the motion data. Access to the digital device is allowed if the detected input and the detected motion data correlate, and disallowed otherwise.}, } @Misc{kotz:patent9595187, author = {David Kotz and Ryan Halter and Cory Cornelius and Jacob Sorber and Minho Shin and Ronald Peterson and Shrirang Mare and Aarathi Prasad and Joseph Skinner and Andr{\'{e}}s Molina-Markham}, title = {{Wearable computing device for secure control of physiological sensors and medical devices, with secure storage of medical records, and bioimpedance biometric}}, howpublished = {U.S. Patent 9,595,187; International Patent Application WO2013096954A1}, year = 2017, month = {March}, day = 14, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-patent9595187/index.html}, note = {Priority date 2011-12-23; Filed 2012-12-24; Issued 2017-03-14}, abstract = {A wearable master electronic device (Amulet) has a processor with memory, the processor coupled to a body-area network (BAN) radio and uplink radio. The device has firmware for BAN communications with wearable nodes to receive data, and in an embodiment, send configuration data. The device has firmware for using the uplink radio to download apps and configurations, and upload data to a server. An embodiment has accelerometers in Amulet and wearable node, and firmware for using accelerometer readings to determine if node and Amulet are worn by the same subject. Other embodiments use pulse sensors or microphones in the Amulet and node to both identify a subject and verify the Amulet and node are worn by the same subject. Another embodiment uses a bioimpedance sensor to identify the subject. The wearable node may be an insulin pump, chemotherapy pump, TENS unit, cardiac monitor, or other device.}, } @InProceedings{hester:amulet-demo, author = {Josiah Hester and Travis Peters and Tianlong Yun and Ronald Peterson and Joseph Skinner and Bhargav Golla and Kevin Storer and Steven Hearndon and Sarah Lord and Ryan Halter and David Kotz and Jacob Sorber}, title = {{The Amulet Wearable Platform: Demo Abstract}}, booktitle = {{Proceedings of the ACM Conference on Embedded Networked Sensor Systems (SenSys)}}, year = 2016, month = {November}, pages = {290--291}, publisher = {ACM}, copyright = {ACM}, location = {Stanford, CA}, DOI = {10.1145/2994551.2996527}, URL = {https://www.cs.dartmouth.edu/~kotz/research/hester-amulet-demo/index.html}, abstract = {In this demonstration we present the Amulet Platform; a hardware and software platform for developing energy- and resource-efficient applications on multi-application wearable devices. This platform, which includes the Amulet Firmware Toolchain, the Amulet Runtime, the ARP-View graphical tool, and open reference hardware, efficiently protects applications from each other without MMU support, allows developers to interactively explore how their implementation decisions impact battery life without the need for hardware modeling and additional software development, and represents a new approach to developing long-lived wearable applications. We envision the Amulet Platform enabling long-duration experiments on human subjects in a wide variety of studies.}, } @InProceedings{hester:amulet, author = {Josiah Hester and Travis Peters and Tianlong Yun and Ronald Peterson and Joseph Skinner and Bhargav Golla and Kevin Storer and Steven Hearndon and Kevin Freeman and Sarah Lord and Ryan Halter and David Kotz and Jacob Sorber}, title = {{Amulet: An Energy-Efficient, Multi-Application Wearable Platform}}, booktitle = {{Proceedings of the ACM Conference on Embedded Networked Sensor Systems (SenSys)}}, year = 2016, month = {November}, pages = {216--229}, publisher = {ACM}, copyright = {ACM}, location = {Stanford, CA}, DOI = {10.1145/2994551.2994554}, URL = {https://www.cs.dartmouth.edu/~kotz/research/hester-amulet/index.html}, abstract = {Wearable technology enables a range of exciting new applications in health, commerce, and beyond. For many important applications, wearables must have battery life measured in weeks or months, not hours and days as in most current devices. Our vision of wearable platforms aims for long battery life but with the flexibility and security to support multiple applications. To achieve long battery life with a workload comprising apps from multiple developers, these platforms must have robust mechanisms for app isolation and developer tools for optimizing resource usage. \par We introduce the Amulet Platform for constrained wearable devices, which includes an ultra-low-power hardware architecture and a companion software framework, including a highly efficient event-driven programming model, low-power operating system, and developer tools for profiling ultra-low-power applications at compile time. We present the design and evaluation of our prototype Amulet hardware and software, and show how the framework enables developers to write energy-efficient applications. Our prototype has battery lifetime lasting weeks or even months, depending on the application, and our interactive resource-profiling tool predicts battery lifetime within 6-10\% of the measured lifetime.}, } @Article{kotz:agenda, author = {David Kotz and Carl A. Gunter and Santosh Kumar and Jonathan P. Weiner}, title = {{Privacy and Security in Mobile Health~-- A Research Agenda}}, journal = {IEEE Computer}, year = 2016, month = {June}, volume = 49, number = 6, pages = {22--30}, publisher = {IEEE}, copyright = {IEEE}, DOI = {10.1109/MC.2016.185}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-agenda/index.html}, abstract = {Mobile health technology has great potential to increase healthcare quality, expand access to services, reduce costs, and improve personal wellness and public health. However, mHealth also raises significant privacy and security challenges.}, } @InProceedings{pierson:wanda-demo, author = {Timothy J. Pierson and Xiaohui Liang and Ronald Peterson and David Kotz}, title = {{Demo: Wanda, securely introducing mobile devices}}, booktitle = {{Proceedings of the International Conference on Mobile Systems, Applications, and Services (MobiSys)}}, year = 2016, month = {June}, pages = 113, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/2938559.2938581}, URL = {https://www.cs.dartmouth.edu/~kotz/research/pierson-wanda-demo/index.html}, abstract = {Nearly every setting is increasingly populated with wireless and mobile devices -- whether appliances in a home, medical devices in a health clinic, sensors in an industrial setting, or devices in an office or school. There are three fundamental operations when bringing a new device into any of these settings: (1) to configure the device to join the wireless local-area network, (2) to partner the device with other nearby devices so they can work together, and (3) to configure the device so it connects to the relevant individual or organizational account in the cloud. The challenge is to accomplish all three goals simply, securely, and consistent with user intent. We developed Wanda -- a `magic wand' that accomplishes all three of the above goals -- and will demonstrate a prototype implementation.}, } @TechReport{pierson:wanda-tr, author = {Timothy J. Pierson and Xiaohui Liang and Ronald Peterson and David Kotz}, title = {{Wanda: securely introducing mobile devices -- Extended version}}, institution = {Dartmouth Computer Science}, year = 2016, month = {February}, number = {TR2016-789}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/pierson-wanda-tr/index.html}, note = {Expanded version of the INFOCOM 2016 paper by the same title.}, abstract = {Nearly every setting is increasingly populated with wireless and mobile devices -- whether appliances in a home, medical devices in a health clinic, sensors in an industrial setting, or devices in an office or school. There are three fundamental operations when bringing a new device into any of these settings: (1) to configure the device to join the wireless local-area network, (2) to partner the device with other nearby devices so they can work together, and (3) to configure the device so it connects to the relevant individual or organizational account in the cloud. The challenge is to accomplish all three goals simply, securely, and consistent with user intent. We present a novel approach we call Wanda -- a `magic wand' that accomplishes all three of the above goals -- and evaluate a prototype implementation. This Tech Report contains supplemental information to our INFOCOM 2016 paper titled, ``Wanda: securely introducing mobile devices.'' Much of the additional information is in Section II, III, and VI.}, } @InProceedings{pierson:wanda, author = {Timothy J. Pierson and Xiaohui Liang and Ronald Peterson and David Kotz}, title = {{Wanda: securely introducing mobile devices}}, booktitle = {{Proceedings of the IEEE International Conference on Computer Communications (INFOCOM)}}, year = 2016, month = {April}, pages = {1--9}, publisher = {IEEE}, copyright = {IEEE}, DOI = {10.1109/INFOCOM.2016.7524366}, URL = {https://www.cs.dartmouth.edu/~kotz/research/pierson-wanda/index.html}, abstract = {Nearly every setting is increasingly populated with wireless and mobile devices -- whether appliances in a home, medical devices in a health clinic, sensors in an industrial setting, or devices in an office or school. There are three fundamental operations when bringing a new device into any of these settings: (1) to configure the device to join the wireless local-area network, (2) to partner the device with other nearby devices so they can work together, and (3) to configure the device so it connects to the relevant individual or organizational account in the cloud. The challenge is to accomplish all three goals \emph{simply}, securely, and consistent with user intent. We present a novel approach we call Wanda -- a `magic wand' that accomplishes all three of the above goals -- and evaluate a prototype implementation.}, } @TechReport{boateng:stressaware-thesis, author = {George G. Boateng}, title = {{StressAware: App for Continuously Measuring and Monitoring Stress Levels in Real Time on the Amulet Wearable Device}}, institution = {Dartmouth Computer Science}, year = 2016, month = {May}, number = {TR2016-802}, copyright = {the author}, address = {Hanover, NH}, URL = {https://www.cs.dartmouth.edu/~kotz/research/boateng-stressaware-thesis/index.html}, abstract = {Stress is the root cause of many diseases. Being able to monitor when and why a person is stressed could inform personal stress management as well as interventions when necessary. In this thesis, I present StressAware, an application on the Amulet wearable platform to measure the stress levels of individuals continuously and in real time. The app implements a stress detection model, continuously streams heart rate data from a commercial heart-rate monitor such as a Zephyr and Polar H7, classifies the stress level of an individual, logs the stress level and then displays it as a graph on the screen. I developed a stress detection model using a Linear Support Vector Machine. I trained my classifiers using data from 3 sources: PhysioNet, a public database with various physiological data, a field study, where subjects went about their normal daily activities and a lab study in a controlled environment, where subjects were exposed to various stressors. I used 73 data segments of stress data obtained from PhysioNet, 120 data segments from the field study, and 14 data segments from the lab study. I extracted 14 heart rate and heart rate variability features. With 10-fold cross validation for Radial Basis Function (RBF) SVM, I obtained an accuracy of 94.5\% for the PhysioNet dataset and 100\% for the field study dataset. And for the lab study, I obtained an accuracy of 64.29\% with leave-one-out cross-validation. Testing the StressAware app revealed a projected battery life of up to 12 days before needing to recharge. Also, the usability feedback from subjects showed that the Amulet and Zephyr have a potential to be used by people for monitoring their stress levels. The results are promising, indicating that the app may be used for stress detection, and eventually for the development of stress-related intervention that could improve the health of individuals.}, } @TechReport{knowles:amulet-bt, author = {Anna J. Knowles}, title = {{Integrating Bluetooth Low Energy Peripherals with the Amulet}}, institution = {Dartmouth Computer Science}, year = 2016, month = {May}, number = {TR2016-807}, copyright = {the author}, address = {Hanover, NH}, URL = {https://www.cs.dartmouth.edu/~kotz/research/knowles-amulet-bt/index.html}, abstract = {The Amulet is a health monitor, similar in size and shape to a smartwatch but specifically designed to have a longer battery life and handle data securely. It is equipped with a Bluetooth Low Energy (BLE) radio in order to receive data from BLE-enabled sensors and transmit data to smartphones, but the full implementation of BLE communication on the Amulet is still a work in progress. This thesis describes architectural changes that improve the Amulet's ability to receive data from a variety of BLE-enabled sensors and make it easier for developers to integrate new BLE-enabled sensors with the Amulet by introducing support for connecting to multiple sensors at the same time, rewriting the radio code to be more generic, and exposing BLE functionality to the AmuletOS. We discuss the relevant parts of the AmuletOS and the BLE protocol as background, describe the current structure of BLE communications on the Amulet, and document the proposed changes to create a system for easily integrating new BLE-enabled sensors and handling connections to multiple sensors simultaneously.}, } @PhdThesis{mare:thesis, author = {Shrirang Mare}, title = {{Seamless Authentication for Ubiquitous Devices}}, school = {Dartmouth College Computer Science}, year = 2016, month = {May}, copyright = {Shrirang Mare}, address = {Hanover, NH}, URL = {https://www.cs.dartmouth.edu/~kotz/research/mare-thesis/index.html}, note = {Available as Dartmouth Computer Science Technical Report TR2016-793.}, abstract = {User authentication is an integral part of our lives; we authenticate ourselves to personal computers and a variety of other things several times a day. Authentication is burdensome. When we wish to access to a computer or a resource, it is an additional task that we need to perform -- an interruption in our workflow. In this dissertation, we study people's authentication behavior and attempt to make authentication to desktops and smartphones less burdensome for users. \par First, we present the findings of a user study we conducted to understand people's authentication behavior: things they authenticate to, how and when they authenticate, authentication errors they encounter and why, and their opinions about authentication. In our study, participants performed about 39 authentications per day on average; the majority of these authentications were to personal computers (desktop, laptop, smartphone, tablet) and with passwords, but the number of authentications to other things (e.g., car, door) was not insignificant. We saw a high failure rate for desktop and laptop authentication among our participants, affirming the need for a more usable authentication method. Overall, we found that authentication was a noticeable part of all our participants' lives and burdensome for many participants, but they accepted it as cost of security, devising their own ways to cope with it. \par Second, we propose a new approach to authentication, called bilateral authentication, that leverages wrist-wearable technology to enable seamless authentication for things that people use with their hands, while wearing a smart wristband. In bilateral authentication two entities (e.g., user's wristband and the user's phone) share their knowledge (e.g., about user's interaction with the phone) to verify the user's identity. Using this approach, we developed a seamless authentication method for desktops and smartphones. Our authentication method offers quick and effortless authentication, continuous user verification while the desktop (or smartphone) is in use, and automatic deauthentication after use. We evaluated our authentication method through four in-lab user studies, evaluating the method's usability and security from the system and the user's perspective. Based on the evaluation, our authentication method shows promise for reducing users' authentication burden for desktops and smartphones.}, } @PhdThesis{prasad:thesis, author = {Aarathi Prasad}, title = {{Privacy-preserving controls for sharing mHealth data}}, school = {Dartmouth College Computer Science}, year = 2016, month = {May}, copyright = {Aarathi Prasad}, address = {Hanover, NH}, URL = {https://www.cs.dartmouth.edu/~kotz/research/prasad-thesis/index.html}, note = {Available as Dartmouth Computer Science Technical Report TR2016-794.}, abstract = {Mobile devices allow people to collect and share health and health-related information with recipients such as health providers, family and friends, employers and insurance companies, to obtain health, emotional or financial benefits. People may consider certain health information sensitive and prefer to disclose only what is necessary. In this dissertation, we present our findings about factors that affect people's sharing behavior, describe scenarios in which people may wish to collect and share their personal health-related information with others, but may be hesitant to disclose the information if necessary controls are not available to protect their privacy, and propose frameworks to provide the desired privacy controls. We introduce the concept of close encounters that allow users to share data with other people who may have been in spatio-temporal proximity. We developed two smartphone-based systems that leverage stationary sensors and beacons to determine whether users are in spatio-temporal proximity. The first system, ENACT, allows patients diagnosed with a contagious airborne disease to alert others retrospectively about their possible exposure to airborne virus. The second system, SPICE, allows users to collect sensor information, retrospectively, from others with whom they shared a close encounter. We present design and implementation of the two systems, analyse their security and privacy guarantees, and evaluate the systems on various performance metrics. Finally, we evaluate how Bluetooth beacons and Wi-Fi access points can be used in support of these systems for close encounters, and present our experiences and findings from a deployment study on Dartmouth campus.}, } @TechReport{wang:auth, author = {Bingyue Wang}, title = {{Learning Device Usage in Context: A Continuous and Hierarchical Smartphone Authentication Scheme}}, institution = {Dartmouth Computer Science}, year = 2016, month = {March}, number = {TR2016-790}, copyright = {the author}, address = {Hanover, NH}, URL = {https://www.cs.dartmouth.edu/~kotz/research/wang-auth/index.html}, abstract = {Popular smartphone authentication schemes, such as PIN-based or biometrics-based authentication methods, require only an initial login at the start of a usage session to authorize the user to use all the apps on the phone during the entire session. Those schemes fail to provide continuous protection of the smartphone after the initial login. They also fail to meet the hierarchy of security requirements for different apps under different contexts. In this study, we propose a continuous and hierarchical authentication scheme. We believe that a user's app-usage patterns depend on his location context. As such, our scheme relies on app-usage patterns in different location context to continuously establish the log probability density (LPD) of the authenticity of the current user. Based on different LPD thresholds corresponding to different security requirements, the current user either has a LPD higher than the threshold, which grants him continuous access to the phone or the app, or he has a LPD lower than the threshold, which locks him out of the phone or the app immediately. We test our scheme on 4,600 subjects from the Device Analyzer Dataset. We found that our scheme could correctly identify the authenticity of the majority of the subjects. However, app-usage patterns with or without location context yielded similar performances, indicating that user contexts did not contribute further information to establish user behavioral patterns. Based on our scheme, we propose a hypothetical Android app which would provide continuous and hierarchical authentication for the smartphone users.}, } @Article{henderson:citation-practices, author = {Tristan Henderson and David Kotz}, title = {{Data citation practices in the CRAWDAD wireless network data archive}}, journal = {D-Lib Magazine}, year = 2015, month = {January}, volume = 21, number = {1/2}, numpages = 12, publisher = {Corporation for National Research Initiatives (CNRI)}, copyright = {the authors}, DOI = {10.1045/january2015-henderson}, URL = {https://www.cs.dartmouth.edu/~kotz/research/henderson-citation-practices/index.html}, abstract = {CRAWDAD (Community Resource for Archiving Wireless Data At Dartmouth) is a popular research data archive for wireless network data, archiving over 100 datasets used by over 6,500 users. In this paper we examine citation behaviour amongst 1,281 papers that use CRAWDAD datasets. We find that (in general) paper authors cite datasets in a manner that is sufficient for providing credit to dataset authors and also provides access to the datasets that were used. Only 11.5\% of papers did not do so; common problems included (1) citing the canonical papers rather than the dataset, (2) describing the dataset using unclear identifiers, and (3) not providing URLs or pointers to datasets.}, } @Article{kotz:frontiers, author = {David Kotz and Kevin Fu and Carl Gunter and Avi Rubin}, title = {{Security for Mobile and Cloud Frontiers in Healthcare}}, journal = {Communications of the ACM}, year = 2015, month = {August}, volume = 58, number = 8, pages = {21--23}, publisher = {ACM}, copyright = {the authors}, DOI = {10.1145/2790830}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-frontiers/index.html}, abstract = {Designers and developers of healthcare information technologies must address preexisting security vulnerabilities and undiagnosed future threats.}, } @Article{shin:anonytiles, author = {Minho Shin and Cory Cornelius and Apu Kapadia and Nikos Triandopoulos and David Kotz}, title = {{Location Privacy for Mobile Crowd Sensing through Population Mapping}}, journal = {Sensors}, year = 2015, month = {June}, volume = 15, number = 7, pages = {15285--15310}, publisher = {open access}, copyright = {the authors}, DOI = {10.3390/s150715285}, URL = {https://www.cs.dartmouth.edu/~kotz/research/shin-anonytiles/index.html}, abstract = {Opportunistic sensing allows applications to ``task'' mobile devices to measure context in a target region. For example, one could leverage sensor-equipped vehicles to measure traffic or pollution levels on a particular street or users' mobile phones to locate (Bluetooth-enabled) objects in their vicinity. In most proposed applications, context reports include the time and location of the event, putting the privacy of users at increased risk: even if identifying information has been removed from a report, the accompanying time and location can reveal sufficient information to de-anonymize the user whose device sent the report. We propose and evaluate a novel spatiotemporal blurring mechanism based on tessellation and clustering to protect users' privacy against the system while reporting context. Our technique employs a notion of probabilistic k-anonymity; it allows users to perform local blurring of reports efficiently without an online anonymization server before the data are sent to the system. The proposed scheme can control the degree of certainty in location privacy and the quality of reports through a system parameter. We outline the architecture and security properties of our approach and evaluate our tessellation and clustering algorithm against real mobility traces.}, } @TechReport{cornelius:voice-tr, author = {Cory Cornelius and Zachary Marois and Jacob Sorber and Ron Peterson and Shrirang Mare and David Kotz}, title = {{Vocal resonance as a biometric for pervasive wearable devices}}, institution = {Dartmouth Computer Science}, year = 2014, month = {February}, number = {TR2014-747}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/cornelius-voice-tr/index.html}, abstract = {We anticipate the advent of body-area networks of pervasive wearable devices, whether for health monitoring, personal assistance, entertainment, or home automation. In our vision, the user can simply wear the desired set of devices, and they ``just work''; no configuration is needed, and yet they discover each other, recognize that they are on the same body, configure a secure communications channel, and identify the user to which they are attached. This paper addresses a method to achieve the latter, that is, for a wearable device to identify the wearer, allowing sensor data to be properly labeled or personalized behavior to be properly achieved. We use vocal resonance, that is, the sound of the person's voice as it travels through the person's body. By collecting voice samples from a small wearable microphone, our method allows the device to determine whether (a) the speaker is indeed the expected person, and (b) the microphone device is physically on the speaker's body. We collected data from 25 subjects, demonstrate the feasibility of a prototype, and show that our method works with 77\% accuracy when a threshold is chosen a priori.}, } @InProceedings{cornelius:wearable, author = {Cory Cornelius and Ronald Peterson and Joseph Skinner and Ryan Halter and David Kotz}, title = {{A wearable system that knows who wears it}}, booktitle = {{Proceedings of the International Conference on Mobile Systems, Applications, and Services (MobiSys)}}, year = 2014, month = {June}, pages = {55--67}, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/2594368.2594369}, URL = {https://www.cs.dartmouth.edu/~kotz/research/cornelius-wearable/index.html}, abstract = {Body-area networks of pervasive wearable devices are increasingly used for health monitoring, personal assistance, entertainment, and home automation. In an ideal world, a user would simply wear their desired set of devices with no configuration necessary: the devices would discover each other, recognize that they are on the same person, construct a secure communications channel, and recognize the user to which they are attached. In this paper we address a portion of this vision by offering a wearable system that unobtrusively recognizes the person wearing it. Because it can recognize the user, our system can properly label sensor data or personalize interactions. \par Our recognition method uses bioimpedance, a measurement of how tissue responds when exposed to an electrical current. By collecting bioimpedance samples using a small wearable device we designed, our system can determine that (a)the wearer is indeed the expected person and (b) the device is physically on the wearer's body. Our recognition method works with 98\% balanced-accuracy under a cross-validation of a day's worth of bioimpedance samples from a cohort of 8 volunteer subjects. We also demonstrate that our system continues to recognize a subset of these subjects even several months later. Finally, we measure the energy requirements of our system as implemented on a Nexus S smart phone and custom-designed module for the Shimmer sensing platform.}, } @InProceedings{liang:healthtech14, author = {Xiaohui Liang and David Kotz}, title = {{Securely Connecting Wearable Health Devices to External Displays}}, booktitle = {{Proceedings of the USENIX Summit on Health Information Technologies}}, year = 2014, month = {August}, publisher = {USENIX Association}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/liang-healthtech14/index.html}, note = {No paper -- workshop presentation only}, abstract = {Wearable health technology is becoming a hot commodity as it has the potential to help both patients and clinicians continuously monitor vital signs and symptoms. One popular type of wearable devices are worn on human wrist and are equipped with sensors to passively perform sensing tasks. Their constrained user interface, however, is ineffective to display the sensory data for users. We envision connecting a wrist-worn device to a display device, such as a television, so the user is able to view the sensory data. Such connections must be secure to prevent the sensory data from being eavesdropped by other devices, must be made only when the user intends, and must be easy even when a new display is encountered (such as in a medical clinic, or a hotel room). In this presentation, we will discuss the secure wearable/display connection problem by revisiting existing methods and hardware designs of wrist-worn devices and display devices. We then present possible solutions that leverage the built-in hardware components of wrist-worn devices to implement, secure, intentional, easy connections to ambient display devices.}, } @Article{mare:hns-j, author = {Shrirang Mare and Jacob Sorber and Minho Shin and Cory Cornelius and David Kotz}, title = {{Hide-n-Sense: preserving privacy efficiently in wireless mHealth}}, journal = {Mobile Networks and Applications (MONET)}, year = 2014, month = {June}, volume = 19, number = 3, pages = {331--344}, publisher = {Springer-Verlag}, copyright = {Springer-Verlag}, DOI = {10.1007/s11036-013-0447-x}, URL = {https://www.cs.dartmouth.edu/~kotz/research/mare-hns-j/index.html}, note = {Special issue on Wireless Technology for Pervasive Healthcare}, abstract = {As healthcare in many countries faces an aging population and rising costs, mobile sensing technologies promise a new opportunity. Using mobile health (mHealth) sensing, which uses medical sensors to collect data about the patients, and mobile phones to act as a gateway between sensors and electronic health record systems, caregivers can continuously monitor the patients and deliver better care. Furthermore, individuals can become better engaged in monitoring and managing their own health. Although some work on mHealth sensing has addressed security, achieving strong privacy for low-power sensors remains a challenge. We make three contributions. First, we propose an mHealth sensing protocol that provides strong security and privacy properties at the link layer, with low energy overhead, suitable for low-power sensors. The protocol uses three novel techniques: adaptive security, to dynamically modify transmission overhead; MAC striping, to make forgery difficult even for small-sized Message Authentication Codes; and asymmetric resource requirements, in recognition of the limited resources in tiny mHealth sensors. Second, we demonstrate its feasibility by implementing a prototype on a Chronos wrist device, and evaluating it experimentally. Third, we provide a security, privacy, and energy analysis of our system.}, } @TechReport{mare:zebra-tr, author = {Shrirang Mare and Andr{\'{e}}s Molina-Markham and Cory Cornelius and Ronald Peterson and David Kotz}, title = {{ZEBRA: Zero-Effort Bilateral Recurring Authentication (Companion report)}}, institution = {Dartmouth Computer Science}, year = 2014, month = {May}, number = {TR2014-748}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/mare-zebra-tr/index.html}, note = {This project has been renamed CSAW.}, abstract = {We describe and evaluate Zero-Effort Bilateral Recurring Authentication (ZEBRA) in our paper that appears in IEEE Symposium on Security and Privacy, May 2014. In this report we provide a more detailed comparative evaluation of ZEBRA against other related authentication schemes. The abstract of the paper follows. Common authentication methods based on passwords, tokens, or fingerprints perform one-time authentication and rely on users to log out from the computer terminal when they leave. Users often do not log out, however, which is a security risk. The most common solution, inactivity timeouts, inevitably fail security (too long a timeout) or usability (too short a timeout) goals. One solution is to authenticate users continuously while they are using the terminal and automatically log them out when they leave. Several solutions are based on user proximity, but these are not sufficient: they only confirm whether the user is nearby but not whether the user is actually using the terminal. Proposed solutions based on behavioral biometric authentication (e.g., keystroke dynamics) may not be reliable, as a recent study suggests. To address this problem we propose ZEBRA. In ZEBRA, a user wears a bracelet (with a built-in accelerometer, gyroscope, and radio) on her dominant wrist. When the user interacts with a computer terminal, the bracelet records the wrist movement, processes it, and sends it to the terminal. The terminal compares the wrist movement with the inputs it receives from the user (via keyboard and mouse), and confirms the continued presence of the user only if they correlate. Because the bracelet is on the same hand that provides inputs to the terminal, the accelerometer and gyroscope data and input events received by the terminal should correlate because their source is the same -- the user's hand movement. In our experiments ZEBRA performed continuous authentication with 85\% accuracy in verifying the correct user and identified all adversaries within 11 s. For a different threshold that trades security for usability, ZEBRA correctly verified 90\% of users and identified all adversaries within 50 s.}, } @InProceedings{mare:zebra14, author = {Shrirang Mare and Andr{\'{e}}s Molina-Markham and Cory Cornelius and Ronald Peterson and David Kotz}, title = {{ZEBRA: Zero-Effort Bilateral Recurring Authentication}}, booktitle = {{Proceedings of the IEEE Symposium on Security \& Privacy}}, year = 2014, month = {May}, pages = {705--720}, publisher = {IEEE}, copyright = {the authors}, DOI = {10.1109/SP.2014.51}, URL = {https://www.cs.dartmouth.edu/~kotz/research/mare-zebra14/index.html}, note = {This project has been renamed CSAW.}, abstract = {Common authentication methods based on passwords, tokens, or fingerprints perform one-time authentication and rely on users to log out from the computer terminal when they leave. Users often do not log out, however, which is a security risk. The most common solution, inactivity timeouts, inevitably fail security (too long a timeout) or usability (too short a timeout) goals. One solution is to authenticate users continuously while they are using the terminal and automatically log them out when they leave. Several solutions are based on user proximity, but these are not sufficient: they only confirm whether the user is nearby but not whether the user is actually using the terminal. Proposed solutions based on behavioral biometric authentication (e.g., keystroke dynamics) may not be reliable, as a recent study suggests. \par To address this problem we propose ZEBRA. In ZEBRA, a user wears a bracelet (with a built-in accelerometer, gyroscope, and radio) on her dominant wrist. When the user interacts with a computer terminal, the bracelet records the wrist movement, processes it, and sends it to the terminal. The terminal compares the wrist movement with the inputs it receives from the user (via keyboard and mouse), and confirms the continued presence of the user only if they correlate. Because the bracelet is on the same hand that provides inputs to the terminal, the accelerometer and gyroscope data and input events received by the terminal should correlate because their source is the same -- the user's hand movement. In our experiments ZEBRA performed continuous authentication with 85\% accuracy in verifying the correct user and identified all adversaries within 11 s. For a different threshold that trades security for usability, ZEBRA correctly verified 90\% of users and identified all adversaries within 50 s.}, } @InProceedings{mm:amulet-poster, author = {Andr{\'{e}}s Molina-Markham and Ronald A. Peterson and Joseph Skinner and Ryan J. Halter and Jacob Sorber and David Kotz}, title = {{Poster: Enabling Computational Jewelry for mHealth Applications}}, booktitle = {{Proceedings of the International Conference on Mobile Systems, Applications, and Services (MobiSys)}}, year = 2014, month = {June}, pages = {374--375}, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/2594368.2601454}, URL = {https://www.cs.dartmouth.edu/~kotz/research/mm-amulet-poster/index.html}, abstract = {We are developing wearable devices as the foundation for a consistently present and highly available body-area mHealth network. Our vision is that a small device, such as a bracelet or pendant, will provide the availability and reliability properties essential for successful body-area mHealth networks. We call this class of device computational jewelry, and expect it will be the next frontier of mobile systems. We prototyped our first piece of computational jewelry, which we call Amulet, to enable our previously proposed vision. It runs applications that may collect sensor data from built-in sensors or from other devices, analyze and log the data, queue information for later upload, and interact with the wearer. Independent developers can develop applications that can be vetted and installed on an Amulet.}, } @InProceedings{molina-markham:wmmadd, author = {Andr{\'{e}}s Molina-Markham and Ronald Peterson and Joseph Skinner and Tianlong Yun and Bhargav Golla and Kevin Freeman and Travis Peters and Jacob Sorber and Ryan Halter and David Kotz}, title = {{Amulet: A secure architecture for mHealth applications for low-power wearable devices}}, booktitle = {{Proceedings of the Workshop on Mobile Medical Applications-- Design and Development (WMMADD)}}, year = 2014, month = {November}, pages = {16--21}, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/2676431.2676432}, URL = {https://www.cs.dartmouth.edu/~kotz/research/molina-markham-wmmadd/index.html}, abstract = {Interest in using mobile technologies for health-related applications (mHealth) has increased. However, none of the available mobile platforms provide the essential properties that are needed by these applications. An mHealth platform must be (i) secure; (ii) provide high availability; and (iii) allow for the deployment of multiple third-party mHealth applications that share access to an individual's devices and data. Smartphones may not be able to provide property (ii) because there are activities and situations in which an individual may not be able to carry them (e.g., while in a contact sport). A low-power wearable device can provide higher availability, remaining attached to the user during most activities. Furthermore, some mHealth applications require integrating multiple on-body or near-body devices, some owned by a single individual, but others shared with multiple individuals. In this paper, we propose a secure system architecture for a low-power bracelet that can run multiple applications and manage access to shared resources in a body-area mHealth network. The wearer can install a personalized mix of third-party applications to support the monitoring of multiple medical conditions or wellness goals, with strong security safeguards. Our preliminary implementation and evaluation supports the hypothesis that our approach allows for the implementation of a resource monitor on far less power than would be consumed by a mobile device running Linux or Android. Our preliminary experiments demonstrate that our secure architecture would enable applications to run for several weeks on a small wearable device without recharging.}, } @InProceedings{murthy:bp, author = {Rima Murthy and David Kotz}, title = {{Assessing blood-pressure measurement in tablet-based mHealth apps}}, booktitle = {{Proceedings of the Workshop on Networked Healthcare Technology (NetHealth)}}, year = 2014, month = {January}, pages = {1--5}, publisher = {IEEE}, copyright = {IEEE}, DOI = {10.1109/COMSNETS.2014.6734920}, URL = {https://www.cs.dartmouth.edu/~kotz/research/murthy-bp/index.html}, abstract = {We propose a new method to record contextual information associated with a blood-pressure reading using a tablet's touchscreen and accelerometer. This contextual information can be used to verify that a patient's lower arm remained well-supported and stationary during her blood-pressure measurement. We found that a binary support vector machine classifier could be used to distinguish different types of lower-arm movements from stationary arms with 90\% accuracy overall. Predetermined thresholds for the accelerometer readings suffice to determine whether the tablet, and therefore the arm that rested on it, remained supported. Together, these two methods can allow mHealth applications to guide untrained patients (or health workers) in measuring blood pressure correctly.}, } @InCollection{prasad:bfitbit, author = {Aarathi Prasad and Jacob Sorber and Timothy Stablein and Denise Anthony and David Kotz}, title = {{Understanding User Privacy Preferences for mHealth Data Sharing}}, booktitle = {{mHealth: Multidisciplinary Verticals}}, editor = {Sasan Adibi}, year = 2014, month = {November}, chapter = 30, pages = {545--570}, publisher = {Taylor \& Francis (CRC Press)}, copyright = {Taylor \& Francis}, ISBN13 = {978-1-4822-1480-2}, DOI = {10.1201/b17724-34}, URL = {https://www.cs.dartmouth.edu/~kotz/research/prasad-bfitbit/index.html}, } @InProceedings{prasad:mobisys-poster, author = {Aarathi Prasad and Xiaohui Liang and David Kotz}, title = {{Poster: Balancing Disclosure and Utility of Personal Information}}, booktitle = {{Proceedings of the International Conference on Mobile Systems, Applications, and Services (MobiSys)}}, year = 2014, month = {June}, pages = {380--381}, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/2594368.2601448}, URL = {https://www.cs.dartmouth.edu/~kotz/research/prasad-mobisys-poster/index.html}, abstract = {The ubiquity of smartphones and mobile and wearable devices allow people to collect information about their health, wellness and lifestyle and share with others. If it is not clear what they need to share to receive benefits, \emph{subjects} (people whose information is collected) might share too much, thus disclosing unnecessary private information. On the other hand, concerned about disclosing personal information, subjects might share less than what the recipient needs and lose the opportunity to enjoy the benefits. This balance of disclosure and utility is important when the subject wants to receive some benefits, but is concerned about disclosing private information. \par We address this problem of balancing disclosure and utility of personal information collected by mobile technologies. We believe subjects can decide how best to share their information if they are aware of the benefits and risks of sharing. We developed ShareBuddy, a privacy-aware architecture that allows recipients to request information and specify the benefits the subjects will receive for sharing each piece of requested information; the architecture displays these benefits and warns subjects about the risks of sharing. We describe the ShareBuddy architecture in this poster.}, } @Article{tan:dist, author = {Keren Tan and Chris McDonald and Bennet Vance and Chrisil Arackaparambil and Sergey Bratus and David Kotz}, title = {{From MAP to DIST: the evolution of a large-scale WLAN monitoring system}}, journal = {IEEE Transactions on Mobile Computing}, year = 2014, month = {January}, volume = 13, number = 1, pages = {216--229}, publisher = {IEEE}, copyright = {IEEE}, DOI = {10.1109/TMC.2012.237}, URL = {https://www.cs.dartmouth.edu/~kotz/research/tan-dist/index.html}, abstract = {The edge of the Internet is increasingly becoming wireless. Therefore, monitoring the wireless edge is important to understanding the security and performance aspects of the Internet experience. We have designed and implemented a large-scale WLAN monitoring system, the Distributed Internet Security Testbed (DIST), at Dartmouth College. It is equipped with distributed arrays of ``sniffers'' that cover 210 diverse campus locations and more than 5,000 users. In this paper, we describe our approach, designs and solutions for addressing the technical challenges that have resulted from efficiency, scalability, security, and management perspectives. We also present extensive evaluation results on a production network, and summarize the lessons learned.}, } @MastersThesis{murthy:thesis, author = {Rima Narayana Murthy}, title = {{mCollector: Sensor-enabled health-data collection system for rural areas in the developing world}}, school = {Dartmouth College Computer Science}, year = 2014, month = {August}, copyright = {Rima Narayana Murthy}, address = {Hanover, NH}, URL = {https://www.cs.dartmouth.edu/~kotz/research/murthy-thesis/index.html}, note = {Available as Dartmouth Technical Report TR2015-788}, abstract = {Health data collection poses unique challenges in rural areas of the developing world. mHealth systems that are used by health workers to collect data in remote rural regions should also record contextual information to increase confidence in the fidelity of the collected data. \par We built a user-friendly, mobile health-data collection system using wireless medical sensors that interface with an Android application. The data-collection system was designed to support minimally trained, non-clinical health workers to gather data about blood pressure and body weight using off-the-shelf medical sensors. This system comprises a blood-pressure cuff, a weighing scale and a portable point-of-sales printer. With this system, we introduced a new method to record contextual information associated with a blood-pressure reading using a tablet's touchscreen and accelerometer. This contextual information can be used to verify that a patient's lower arm remained well-supported and stationary during her blood-pressure measurement. In a preliminary user study, we found that a binary support vector machine classifier could be used to distinguish lower-arm movements from stationary arms with 90\% accuracy. Predetermined thresholds for the accelerometer readings suffice to determine whether the tablet, and therefore the arm that rested on it, remained supported. Together, these two methods can allow mHealth applications to guide untrained patients (or health workers) in measuring blood pressure correctly. \par Usability is a particularly important design and deployment challenge in remote, rural areas, given the limited resources for technology training and support. We conducted a field study to assess our system's usability in Kolar town, India, where we logged health worker interactions with the app's interface using an existing usability toolkit. Researchers analyzed logs from this toolkit to evaluate the app's user experience and quantify specific usability challenges in the app. We have recorded experiential notes from the field study in this document.}, } @Article{anthony:sith3, author = {Denise Anthony and Andrew Campbell and Thomas Candon and Andrew Gettinger and Carl A. Gunter and M. Eric Johnson and David Kotz and Lisa Marsch and Andr{\'{e}}s Molina-Markham and Karen Page and Sean Smith}, title = {{Securing Information Technology in Healthcare}}, journal = {IEEE Security \& Privacy}, year = 2013, month = {November}, volume = 11, number = 6, pages = {25--33}, publisher = {IEEE}, copyright = {IEEE}, DOI = {10.1109/MSP.2013.104}, URL = {https://www.cs.dartmouth.edu/~kotz/research/anthony-sith3/index.html}, note = {Invited paper}, abstract = {Information technology (IT) has great potential to improve healthcare quality while also improving efficiency, and thus has been a major focus of recent healthcare reform efforts. However, developing, deploying and using IT that is both secure and genuinely effective in the complex clinical, organizational and economic environment of healthcare is a significant challenge. Further, it is imperative that we better understand the privacy concerns of patients and providers, as well as the ability of current technologies, policies, and laws to adequately protect privacy. The Securing Information Technology in Healthcare (SITH) workshops were created to provide a forum to discuss security and privacy for experts from a broad range of perspectives, from officers at large healthcare companies, startups and nonprofits, to physicians, researchers and policy makers.}, } @InProceedings{prasad:nethealth13, author = {Aarathi Prasad and Ronald Peterson and Shrirang Mare and Jacob Sorber and Kolin Paul and David Kotz}, title = {{Provenance framework for mHealth}}, booktitle = {{Proceedings of the Workshop on Networked Healthcare Technology (NetHealth)}}, year = 2013, month = {January}, pages = {1--6}, publisher = {IEEE}, copyright = {IEEE}, DOI = {10.1109/COMSNETS.2013.6465599}, URL = {https://www.cs.dartmouth.edu/~kotz/research/prasad-nethealth13/index.html}, abstract = {Mobile health technologies allow patients to collect their health information outside the hospital and share this information with others. But how can data consumers know whether to trust the sensor-collected and human-entered data they receive? Data consumers might be able to verify the accuracy and authenticity of the data if they have information about its origin and about changes made to it, i.e., the \emph{provenance} of the data. We propose a provenance framework for mHealth devices, to collect and share provenance metadata and help the data consumer verify whether certain provenance properties are satisfied by the data they receive. This paper describes the programming model for this framework, which describes the rules to be implemented for providing provenance-collecting capabilities to an mHealth application.}, } @PhdThesis{cornelius:thesis, author = {Cory T. Cornelius}, title = {{Usable Security for Wireless Body-Area Networks}}, school = {Dartmouth College Computer Science}, year = 2013, month = {September}, copyright = {Cory T. Cornelius}, address = {Hanover, NH}, URL = {https://www.cs.dartmouth.edu/~kotz/research/cornelius-thesis/index.html}, note = {Available as Dartmouth Computer Science Technical Report TR2013-741}, abstract = {We expect wireless body-area networks of pervasive wearable devices will enable \emph{in situ} health monitoring, personal assistance, entertainment personalization, and home automation. As these devices become ubiquitous, we also expect them to interoperate. That is, instead of closed, end-to-end body-worn sensing systems, we envision standardized sensors that wirelessly communicate their data to a device many people already carry today, the smart phone. However, this ubiquity of wireless sensors combined with the characteristics they sense present many security and privacy problems. \par In this thesis we describe solutions to two of these problems. First, we evaluate the use of bioimpedance for recognizing who is wearing these wireless sensors and show that bioimpedance is a feasible biometric. Second, we investigate the use of accelerometers for verifying whether two of these wireless sensors are on the same person and show that our method is successful as distinguishing between sensors on the same body and on different bodies. We stress that any solution to these problems must be usable, meaning the user should not have to do anything but attach the sensor to their body and have them \emph{just work}. \par These methods solve interesting problems in their own right, but it is the combination of these methods that shows their true power. Combined together they allow a network of wireless sensors to cooperate and determine whom they are sensing even though only one of the wireless sensors might be able to determine this fact. If all the wireless sensors know they are on the same body as each other and one of them knows which person it is on, then they can each exploit the transitive relationship to know that they must all be on that person's body. We show how these methods can work together in a prototype system. This ability to operate unobtrusively, collecting \emph{in situ} data and labeling it properly without interrupting the wearer's activities of daily life, will be vital to the success of these wireless sensors.}, } @TechReport{kini:compliance-tr, author = {Shloka R. Kini}, title = {{Please Take My Survey: Compliance with smartphone-based EMA/ESM studies}}, institution = {Dartmouth Computer Science}, year = 2013, month = {May}, number = {TR2013-734}, copyright = {the author}, address = {Hanover, NH}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kini-compliance-tr/index.html}, abstract = {This thesis analyzes the factors that affect compliance in Ecological Momentary Assessment (EMA) survey systems using smartphones. Current EMA systems have simple parameters in their triggering mechanisms, which results in missed or ignored surveys, creating a loss of subject data. Over the course of three user studies, with slight variations, we analyze the factors that influence the willingness of a survey participant to answer surveys on an Android phone. An understanding of these factors would be valuable for mobile developers in developing advanced EMA trigger systems. After having experienced various unforeseen challenges in the process, we describe the parameters and difficulties in administering a study of this nature, making recommendations for future EMA applications and user studies. We also compare and analyze the pros and cons involved in developing various EMA systems. Psychologists and sociologists who use EMA systems to gather behavioral data might benefit from the experiential and behavioral data collected as part of our user studies.}, } @Article{avancha:survey, author = {Sasikanth Avancha and Amit Baxi and David Kotz}, title = {{Privacy in mobile technology for personal healthcare}}, journal = {ACM Computing Surveys}, year = 2012, month = {November}, volume = 45, number = 1, articleno = 3, numpages = 54, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/2379776.2379779}, URL = {https://www.cs.dartmouth.edu/~kotz/research/avancha-survey/index.html}, abstract = {Information technology can improve the quality, efficiency, and cost of healthcare. In this survey, we examine the privacy requirements of \emph{mobile} computing technologies that have the potential to transform healthcare. Such \emph{mHealth} technology enables physicians to remotely monitor patients' health, and enables individuals to manage their own health more easily. Despite these advantages, privacy is essential for any personal monitoring technology. Through an extensive survey of the literature, we develop a conceptual privacy framework for mHealth, itemize the privacy properties needed in mHealth systems, and discuss the technologies that could support privacy-sensitive mHealth systems. We end with a list of open research questions.}, } @InProceedings{cornelius:biometrics-poster, author = {Cory Cornelius and Zachary Marois and Jacob Sorber and Ron Peterson and Shrirang Mare and David Kotz}, title = {{Passive Biometrics for Pervasive Wearable Devices (Poster paper)}}, booktitle = {{Proceedings of the Workshop on Mobile Computing Systems and Applications (HotMobile)}}, year = 2012, month = {February}, numpages = 1, publisher = {ACM}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/cornelius-biometrics-poster/index.html}, abstract = {Wearable devices -- like the FitBit, MOTOACTV, and Jawbone UP -- are increasingly becoming more pervasive whether for monitoring health and fitness, personal assistance, or home automation. While pervasive wearable devices have long been researched, we are now beginning to see the fruits of this research in the form of commercial offerings. Today, many of these commercial wearable devices are closed systems that do not interoperate with other devices a person might carry. We believe, however, these commercial offerings signal the coming of wireless body-area networks that will connect these pervasive wearable devices and leverage existing devices a user already owns (e.g., a smartphone). Such wireless body-area networks will allow devices to specialize and utilize the capabilities of other devices in the network. A sensor, for example, might harness the internet connectivity of a smartphone to store its data in the cloud. Utilized in this way, devices will become cheaper because they will only require the components necessary for their speciality, and they will also become more pervasive because they can easily be shared between users. \par In order for such a vision to be successful, these devices will need to seamlessly interoperate with no interaction required of the user. As difficult as it is for users to manage their wireless area networks, it will be even more difficult for a user to manage their wireless body-area network in a truly pervasive world. As such, we believe these wearable devices should form a wireless body-area network that is passive in nature. This means that these pervasive wearable devices will require no configuration, yet they will be able form a wireless body-area network by (1) discovering their peers, (2) recognizing they are attached to the same body, (3) securing their communications, and (4) identifying to whom they are attached. While we are interested in all aspects of these passive wireless body-area networks, we focus on the last requirement: identifying who is wearing a device.}, } @InProceedings{cornelius:impedance, author = {Cory Cornelius and Jacob Sorber and Ronald Peterson and Joe Skinner and Ryan Halter and David Kotz}, title = {{Who wears me? Bioimpedance as a passive biometric}}, booktitle = {{Proceedings of the USENIX Workshop on Health Security and Privacy}}, year = 2012, month = {August}, numpages = 10, publisher = {USENIX Association}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/cornelius-impedance/index.html}, abstract = {Mobile and wearable systems for monitoring health are becoming common. If such an mHealth system knows the identity of its wearer, the system can properly label and store data collected by the system. Existing recognition schemes for such mobile applications and pervasive devices are not particularly usable -- they require \emph{active} engagement with the person (e.g., the input of passwords), or they are too easy to fool (e.g., they depend on the presence of a device that is easily stolen or lost). \par We present a wearable sensor to passively recognize people. Our sensor uses the unique electrical properties of a person's body to recognize their identity. More specifically, the sensor uses \emph{bioimpedance} -- a measure of how the body's tissues oppose a tiny applied alternating current -- and learns how a person's body uniquely responds to alternating current of different frequencies. In this paper we demonstrate the feasibility of our system by showing its effectiveness at accurately recognizing people in a household 90\% of the time.}, } @Article{cornelius:j-same-body, author = {Cory Cornelius and David Kotz}, title = {{Recognizing whether sensors are on the same body}}, journal = {Journal of Pervasive and Mobile Computing}, year = 2012, month = {December}, volume = 8, number = 6, pages = {822--836}, publisher = {Elsevier}, copyright = {Elsevier}, DOI = {10.1016/j.pmcj.2012.06.005}, URL = {https://www.cs.dartmouth.edu/~kotz/research/cornelius-j-same-body/index.html}, abstract = {In an open mobile health (mHealth) sensing system, users will be able to seamlessly pair sensors with their cellphone and expect the system to just work. This ubiquity of sensors, however, creates the potential for users to accidentally wear sensors that are not paired with their own cellphone. Our method probabilistically detects this situation by finding correlations between embedded accelerometers in the cellphone and sensor. We evaluate our method over a dataset of seven individuals with sensors in various positions on their body and experimentally show that our method is capable of achieving an accuracy of 85\%.}, } @InProceedings{fazio:sampling, author = {Phillip A. Fazio and Keren Tan and David Kotz}, title = {{Effects of network trace sampling methods on privacy and utility metrics}}, booktitle = {{Proceedings of the Annual Workshop on Wireless Systems: Advanced Research and Development (WISARD)}}, year = 2012, month = {January}, pages = {1--8}, publisher = {IEEE}, copyright = {IEEE}, DOI = {10.1109/COMSNETS.2012.6151387}, URL = {https://www.cs.dartmouth.edu/~kotz/research/fazio-sampling/index.html}, abstract = {Researchers choosing to share wireless-network traces with colleagues must first anonymize sensitive information, trading off the removal of information in the interest of identity protection and the preservation of useful data within the trace. While several metrics exist to quantify this privacy-utility tradeoff, they are often computationally expensive. Computing these metrics using a \emph{sample} of the trace could potentially save precious time. In this paper, we examine several sampling methods to discover their effects on measurement of the privacy-utility tradeoff when anonymizing network traces. We tested the relative accuracy of several packet and flow-sampling methods on existing privacy and utility metrics. We concluded that, for our test trace, no single sampling method we examined allowed us to accurately measure the tradeoff, and that some sampling methods can produce grossly inaccurate estimates of those values. We call for further research to develop sampling methods that maintain relevant privacy and utility properties.}, } @InProceedings{prasad:fitbit, author = {Aarathi Prasad and Jacob Sorber and Timothy Stablein and Denise Anthony and David Kotz}, title = {{Understanding Sharing Preferences and Behavior for mHealth Devices}}, booktitle = {{Proceedings of the Workshop on Privacy in the Electronic Society (WPES)}}, year = 2012, month = {October}, pages = {117--128}, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/2381966.2381983}, URL = {https://www.cs.dartmouth.edu/~kotz/research/prasad-fitbit/index.html}, abstract = {mHealth devices offer many potential benefits to patients, health providers and others involved in the patients' healthcare. If patients are not in control of the collection and sharing of their personal health information, they will have privacy concerns even while enjoying the benefits of the devices. We investigated patients' willingness to share their personal health information, collected using mHealth devices, with their family, friends, third parties and the public. Our findings are based on a user study conducted with 41 participants. The best way to understand people's privacy concerns is to give them the opportunity to use the device and actually share the information, and to the best of our knowledge, ours is the first study that does so. We discovered that patients want to share, selectively, their health information with people other than their doctors. We also show that privacy concerns are not static; patients may change their sharing decisions over time. Based on our findings, we suggest that privacy controls for mHealth systems should be flexible to allow patients to choose different settings for different recipients, and to change their sharing settings at any time.}, } @InProceedings{prasad:provenance-poster, author = {Aarathi Prasad and Ronald Peterson and Jacob Sorber and David Kotz}, title = {{A Provenance Framework for mHealth}}, booktitle = {{Proceedings of the Workshop for Mobile Systems, Applications, and Services for Healthcare (mHealthSys) Poster Track}}, year = 2012, month = {November}, articleno = 9, numpages = 2, publisher = {ACM}, copyright = {ACM}, location = {Toronto}, DOI = {10.1145/2396276.2396287}, URL = {https://www.cs.dartmouth.edu/~kotz/research/prasad-provenance-poster/index.html}, abstract = {How can data consumers know whether to trust the sensor-collected and human-entered data they receive from mHealth devices? What confidence do they have that it is accurate and authentic? Data recipients might be able to verify the accuracy and authenticity of the data if they have information about its origin and about changes made to it, i.e., the provenance of the data.We define provenance in mHealth as contextual information that can attest to the authenticity and accuracy of the data and can help the recipient in interpreting the data. To realize this vision, we propose a provenance framework for mHealth. The primary function of the framework is to collect and share provenance metadata and help the data consumer verify whether certain provenance properties are satisfied by the data they receive.}, } @InProceedings{sorber:amulet, author = {Jacob Sorber and Minho Shin and Ronald Peterson and Cory Cornelius and Shrirang Mare and Aarathi Prasad and Zachary Marois and Emma Smithayer and David Kotz}, title = {{An Amulet for trustworthy wearable mHealth}}, booktitle = {{Proceedings of the Workshop on Mobile Computing Systems and Applications (HotMobile)}}, year = 2012, month = {February}, articleno = 7, numpages = 6, publisher = {ACM}, copyright = {ACM}, location = {San Diego, California}, DOI = {10.1145/2162081.2162092}, URL = {https://www.cs.dartmouth.edu/~kotz/research/sorber-amulet/index.html}, abstract = {Mobile technology has significant potential to help revolutionize personal wellness and the delivery of healthcare. Mobile phones, wearable sensors, and home-based tele-medicine devices can help caregivers and individuals themselves better monitor and manage their health. While the potential benefits of this ``mHealth'' technology include better health, more effective healthcare, and reduced cost, this technology also poses significant security and privacy challenges. In this paper we propose \emph{Amulet,} an mHealth architecture that provides strong security and privacy guarantees while remaining easy to use, and outline the research and engineering challenges required to realize the Amulet vision.}, } @InProceedings{sorber:pnt, author = {Jacob Sorber and Minho Shin and Ron Peterson and David Kotz}, title = {{Plug-n-Trust: Practical trusted sensing for mHealth}}, booktitle = {{Proceedings of the International Conference on Mobile Systems, Applications, and Services (MobiSys)}}, year = 2012, month = {June}, pages = {309--322}, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/2307636.2307665}, URL = {https://www.cs.dartmouth.edu/~kotz/research/sorber-pnt/index.html}, abstract = {Mobile computing and sensing technologies present exciting opportunities for healthcare. Prescription wireless sensors worn by patients can automatically deliver medical data to care providers, dramatically improving their ability to diagnose, monitor, and manage a range of medical conditions. Using the mobile phones that patients already carry to provide connectivity between sensors and providers is essential to keeping costs low and deployments simple. Unfortunately, software-based attacks against phones are also on the rise, and successful attacks on privacy-sensitive and safety-critical applications can have significant consequences for patients. \par In this paper, we describe Plug-n-Trust (PnT), a novel approach to protecting both the confidentiality and integrity of safety-critical medical sensing and data processing on vulnerable mobile phones. With PnT, a plug-in smart card provides a trusted computing environment, keeping data safe even on a compromised mobile phone. By design, PnT is simple to use and deploy, while providing a flexible programming interface amenable to a wide range of applications. We describe our implementation, designed for Java-based smart cards and Android phones, in which we use a split-computation model with a novel path hashing technique to verify proper behavior without exposing confidential data. Our experimental evaluation demonstrates that PnT achieves its security goals while incurring acceptable overhead.}, } @MastersThesis{prasad:msthesis, author = {Aarathi Prasad}, title = {{Exposing Privacy Concerns in mHealth Data Sharing}}, school = {Dartmouth College Computer Science}, year = 2012, month = {February}, copyright = {Aarathi Prasad}, address = {Hanover, NH}, URL = {https://www.cs.dartmouth.edu/~kotz/research/prasad-msthesis/index.html}, note = {Available as Technical Report TR2012-711}, abstract = {Mobile health (mHealth) has become important in the field of healthcare information technology, as patients begin to use mobile devices to record their daily activities and vital signs. These devices can record personal health information even outside the hospital setting, while the patients are at home or at their workplace. However, the devices might record sensitive information that might not be relevant for medical purposes and in some cases may be misused. Patients need expressive privacy controls so that they can trade potential health benefits of the technology with the privacy risks. To provide such privacy controls, it is important to understand what patients feel are the benefits and risks associated with the technology and what controls they want over the information. \par We conducted focus groups to understand the privacy concerns that patients have when they use mHealth devices. We conducted a user study to understand how willing patients are to share their personal health information that was collected using an mHealth device. To the best of our knowledge, ours is the first study that explores users' privacy concerns by giving them the opportunity to actually share the information collected about them using mHealth devices. We found that patients tend to share more information with third parties than the public and prefer to keep certain information from their family and friends. Finally, based on these discoveries, we propose some guidelines to developing defaults for sharing settings in mHealth systems.}, } @TechReport{smithayer:bp, author = {Emma N. Smithayer}, title = {{Sensor-based system for verifying blood-pressure measurement position}}, institution = {Dartmouth Computer Science}, year = 2012, month = {June}, number = {TR2012-720}, copyright = {the author}, address = {Hanover, NH}, URL = {https://www.cs.dartmouth.edu/~kotz/research/smithayer-bp/index.html}, abstract = {Mobile maternal-health programs send workers door to door to visit pregnant women in rural India and collect data such as blood pressure or weight, then send that data to doctors for review. Since the doctors do not see the data collection, ensuring correct collection methods is crucial to allow them to make good treatment decisions. However, blood-pressure measurements are sometimes taken with the patient's arm in the wrong position, which can cause inaccurate readings. This paper describes a system consisting of an automatic blood pressure cuff with an accelerometer and force sensors attached to determine whether the arm is at the correct angle, held still, and properly supported. A user study indicated that the prototype was effective in helping untrained users take a measurement in the correct position.}, } @InProceedings{cornelius:same-body, author = {Cory Cornelius and David Kotz}, title = {{Recognizing whether sensors are on the same body}}, booktitle = {{Proceedings of the International Conference on Pervasive Computing (Pervasive)}}, series = {Lecture Notes in Computer Science}, year = 2011, month = {June}, volume = 6696, pages = {332--349}, publisher = {Springer-Verlag}, copyright = {Springer-Verlag}, DOI = {10.1007/978-3-642-21726-5_21}, URL = {https://www.cs.dartmouth.edu/~kotz/research/cornelius-same-body/index.html}, abstract = {As personal health sensors become ubiquitous, we also expect them to become interoperable. That is, instead of closed, end-to-end personal health sensing systems, we envision standardized sensors wirelessly communicating their data to a device many people already carry today, the cellphone. In an open personal health sensing system, users will be able to seamlessly pair off-the-shelf sensors with their cellphone and expect the system to \emph{just work}. However, this ubiquity of sensors creates the potential for users to accidentally wear sensors that are not necessarily paired with their own cellphone. A husband, for example, might mistakenly wear a heart-rate sensor that is actually paired with his wife's cellphone. As long as the heart-rate sensor is within communication range, the wife's cellphone will be receiving heart-rate data about her husband, data that is incorrectly entered into her own health record. \par We provide a method to probabilistically detect this situation. Because accelerometers are relatively cheap and require little power, we imagine that the cellphone and each sensor will have a companion accelerometer embedded with the sensor itself. We extract standard features from these companion accelerometers, and use a pair-wise statistic -- coherence, a measurement of how well two signals are related in the frequency domain -- to determine how well features correlate for different locations on the body. We then use these feature coherences to train a classifier to recognize whether a pair of sensors -- or a sensor and a cellphone -- are on the same body. We evaluate our method over a dataset of several individuals walking around with sensors in various positions on their body and experimentally show that our method is capable of achieving an accuracies over 80\%.}, } @InProceedings{fazio:netsani, author = {Phil Fazio and Keren Tan and Jihwang Yeo and David Kotz}, title = {{Short Paper: The NetSANI Framework for Analysis and Fine-tuning of Network Trace Sanitization}}, booktitle = {{Proceedings of the ACM Conference on Wireless Network Security (WiSec)}}, year = 2011, month = {June}, pages = {5--10}, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/1998412.1998416}, URL = {https://www.cs.dartmouth.edu/~kotz/research/fazio-netsani/index.html}, abstract = {Anonymization is critical prior to sharing wireless-network traces within the research community, to protect both personal and organizational sensitive information from disclosure. One difficulty in anonymization, or more generally, sanitization, is that users lack information about the quality of a sanitization result, such as how much privacy risk a sanitized trace may expose, and how much research utility the sanitized trace may retain. We propose a framework, NetSANI, that allows users to analyze and control the privacy/utility tradeoff in network sanitization. NetSANI can accommodate most of the currently available privacy and utility metrics for network trace sanitization. This framework provides a set of APIs for analyzing the privacy/utility tradeoff by comparing the changes in privacy and utility levels of a trace for a sanitization operation. We demonstrate the framework with an quantitative evaluation on wireless-network traces.}, } @Article{kim:anomaly, author = {Minkyong Kim and David Kotz}, title = {{Identifying Unusual Days}}, journal = {Journal of Computing Science and Engineering (JCSE)}, year = 2011, month = {March}, volume = 5, number = 1, pages = {71--84}, publisher = {Korean Institute of Information Scientists and Engineers}, copyright = {KIISE}, DOI = {10.5626/JCSE.2011.5.1.071}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kim-anomaly/index.html}, abstract = {Pervasive applications such as digital memories or patient monitors collect a vast amount of data. One key challenge in these systems is how to extract interesting or unusual information. Because users cannot anticipate their future interests in the data when the data is stored, it is hard to provide appropriate indexes. As location-tracking technologies, such as global positioning system, have become ubiquitous, digital cameras or other pervasive systems record location information along with the data. In this paper, we present an automatic approach to identify unusual data using location information. Given the location information, our system identifies unusual days, that is, days with unusual mobility patterns. We evaluated our detection system using a real wireless trace, collected at wireless access points, and demonstrated its capabilities. Using our system, we were able to identify days when mobility patterns changed and differentiate days when a user followed a regular pattern from the rest. We also discovered general mobility characteristics. For example, most users had one or more repeating mobility patterns, and repeating mobility patterns did not depend on certain days of the week, except that weekends were different from weekdays.}, } @InProceedings{kotz:mHealth-threats, author = {David Kotz}, title = {{A threat taxonomy for mHealth privacy}}, booktitle = {{Proceedings of the Workshop on Networked Healthcare Technology (NetHealth)}}, year = 2011, month = {January}, articleno = 1, numpages = 6, publisher = {IEEE}, copyright = {IEEE}, DOI = {10.1109/COMSNETS.2011.5716518}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-mHealth-threats/index.html}, abstract = {Networked mobile devices have great potential to enable individuals (and their physicians) to better monitor their health and to manage medical conditions. In this paper, we examine the privacy-related threats to these so-called \emph{mHealth} technologies. We develop a taxonomy of the privacy-related threats, and discuss some of the technologies that could support privacy-sensitive mHealth systems. We conclude with a brief summary of research challenges.}, } @InProceedings{mare:healthsec11, author = {Shrirang Mare and Jacob Sorber and Minho Shin and Cory Cornelius and David Kotz}, title = {{Adaptive security and privacy for mHealth sensing}}, booktitle = {{Proceedings of the USENIX Workshop on Health Security (HealthSec)}}, year = 2011, month = {August}, numpages = 5, publisher = {USENIX Association}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/mare-healthsec11/index.html}, note = {Short paper.}, abstract = {As healthcare in many countries faces an aging population and rising costs, mobile Health (mHealth) sensing technologies promise a new opportunity. However, the privacy concerns associated with mHealth sensing are a limiting factor for their widespread adoption. The use of wireless body area networks pose a particular challenge. Although there exist protocols that provide a secure and private communication channel between two devices, the large transmission overhead associated with these protocols limit their application to low-power mHealth sensing devices. We propose an adaptive security model that enables use of privacy-preserving protocols in low-power mHealth sensing by reducing the network overhead in the transmissions, while maintaining the security and privacy properties provided by the protocols.}, } @TechReport{mare:hns-tr, author = {Shrirang Mare and Jacob Sorber and Minho Shin and Cory Cornelius and David Kotz}, title = {{Hide-n-Sense: Privacy-aware secure mHealth sensing}}, institution = {Dartmouth Computer Science}, year = 2011, month = {September}, number = {TR2011-702}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/mare-hns-tr/index.html}, abstract = {As healthcare in many countries faces an aging population and rising costs, mobile sensing technologies promise a new opportunity. Using mobile health (mHealth) sensing, which uses medical sensors to collect data about the patients, and mobile phones to act as a gateway between sensors and electronic health record systems, caregivers can continuously monitor the patients and deliver better care. Furthermore, individuals can become better engaged in monitoring and managing their own health. Although some work on mHealth sensing has addressed security, achieving strong privacy for low-power sensors remains a challenge. \par We make three contributions. First, we propose an mHealth sensing protocol that provides strong security and privacy properties with low energy overhead, suitable for low-power sensors. The protocol uses three novel techniques: adaptive security, to dynamically modify transmission overhead; MAC striping, to make forgery difficult even for small-sized MACs; and an asymmetric resource requirement. Second, we demonstrate a prototype on a Chronos wrist device, and evaluate it experimentally. Third, we provide a security, privacy, and energy analysis of our system.}, } @InProceedings{mare:hns-w, author = {Shrirang Mare and Jacob Sorber and Minho Shin and Cory Cornelius and David Kotz}, title = {{Adapt-lite: Privacy-aware, secure, and efficient mHealth sensing}}, booktitle = {{Proceedings of the Workshop on Privacy in the Electronic Society (WPES)}}, year = 2011, month = {October}, pages = {137--142}, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/2046556.2046574}, URL = {https://www.cs.dartmouth.edu/~kotz/research/mare-hns-w/index.html}, abstract = {As healthcare in many countries faces an aging population and rising costs, mobile sensing technologies promise a new opportunity. Using mobile health (mHealth) sensing, which uses medical sensors to collect data about the patients, and mobile phones to act as a gateway between sensors and electronic health record systems, caregivers can continuously monitor the patients and deliver better care. Although some work on mHealth sensing has addressed security, achieving strong security and privacy for low-power sensors remains a challenge. \par We make three contributions. First, we propose Adapt-lite, a set of two techniques that can be applied to existing wireless protocols to make them energy efficient without compromising their security or privacy properties. The techniques are: adaptive security, which dynamically modifies packet overhead; and MAC striping, which makes forgery difficult even for small-sized MACs. Second, we apply these techniques to an existing wireless protocol, and demonstrate a prototype on a Chronos wrist device. Third, we provide security, privacy, and energy analysis of our techniques.}, } @InProceedings{nanda:llbc, author = {Soumendra Nanda and David Kotz}, title = {{Social Network Analysis Plugin (SNAP) for Mesh Networks}}, booktitle = {{Proceedings of the IEEE Wireless Communications and Networking Conference (WCNC)}}, year = 2011, month = {March}, pages = {725--730}, publisher = {IEEE}, copyright = {IEEE}, DOI = {10.1109/WCNC.2011.5779252}, URL = {https://www.cs.dartmouth.edu/~kotz/research/nanda-llbc/index.html}, abstract = {In a network, bridging nodes are those nodes that from a topological perspective, are strategically located between highly connected regions of nodes. Thus, they have high values of the Bridging Centrality (BC) metric. We recently introduced the Localized Bridging Centrality (LBC) metric, which can identify such nodes via distributed computation, yet has an accuracy equal to that of the centralized BC metric. The LBC and BC metrics are based on the Social Network Analysis (SNA) metric ``betweenness centrality''. We now introduce a new SNA metric that is more suitable for use in wireless mesh networks: the Localized Load-aware Bridging Centrality (LLBC) metric. The LLBC metric improves upon LBC by detecting critical bridging nodes while taking into account the actual traffic flows present in a mesh network. We only use local information from surrounding nodes to compute the LLBC metric, thus our LLBC metric is designed for scalable distributed computation and distributed network analysis. We developed the SNA Plugin (SNAP) for the Optimized Link State Routing (OLSR) protocol to study the potential use of LBC and LLBC in improving multicast communications. We present some promising initial results for SNAP from real and emulated mesh networks. SNAP is open source and free for academic use.}, } @InProceedings{prasad:healthsec11, author = {Aarathi Prasad and Jacob Sorber and Timothy Stablein and Denise Anthony and David Kotz}, title = {{Exposing privacy concerns in mHealth}}, booktitle = {{Proceedings of the USENIX Workshop on Health Security (HealthSec)}}, year = 2011, month = {August}, numpages = 2, publisher = {USENIX Association}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/prasad-healthsec11/index.html}, note = {Position paper.}, abstract = {We conducted several exploratory focus groups to understand what privacy concerns Patients might have with the collection, storage and sharing of their personal health information, when using mHealth devices. We found that Patients want control over their health information, and we noticed privacy trends that were particular to Patients in the same age group and with similar health experiences.}, } @Article{shin:anonysense, author = {Minho Shin and Cory Cornelius and Dan Peebles and Apu Kapadia and David Kotz and Nikos Triandopoulos}, title = {{AnonySense: A System for Anonymous Opportunistic Sensing}}, journal = {Journal of Pervasive and Mobile Computing}, year = 2011, month = {February}, volume = 7, number = 1, pages = {16--30}, publisher = {Elsevier}, copyright = {Elsevier}, DOI = {10.1016/j.pmcj.2010.04.001}, URL = {https://www.cs.dartmouth.edu/~kotz/research/shin-anonysense/index.html}, abstract = {We describe AnonySense, a privacy-aware system for realizing pervasive applications based on collaborative, opportunistic sensing by personal mobile devices. AnonySense allows applications to submit sensing \emph{tasks} to be distributed across participating mobile devices, later receiving verified, yet anonymized, sensor data \emph{reports} back from the field, thus providing the first secure implementation of this participatory sensing model. We describe our security goals, threat model, and the architecture and protocols of AnonySense. We also describe how AnonySense can support extended security features that can be useful for different applications. We evaluate the security and feasibility of AnonySense through security analysis and prototype implementation. We show the feasibility of our approach through two plausible applications: a Wi-Fi rogue access point detector and a lost-object finder.}, } @InCollection{song:chapter, author = {Libo Song and David F. Kotz}, title = {{Routing in Mobile Opportunistic Networks}}, booktitle = {{Mobile Opportunistic Networks}}, editor = {Mieso K. Denko}, year = 2011, chapter = 1, pages = {1--24}, publisher = {Taylor \& Francis}, copyright = {Taylor \& Francis}, ISBN13 = {978-1-4200-8813-7}, URL = {https://www.cs.dartmouth.edu/~kotz/research/song-chapter/index.html}, } @InProceedings{sorber:pnt-poster, author = {Jacob Sorber and Minho Shin and Ron Peterson and David Kotz}, title = {{Poster: Practical Trusted Computing for mHealth Sensing}}, booktitle = {{Proceedings of the International Conference on Mobile Systems, Applications, and Services (MobiSys)}}, year = 2011, month = {June}, pages = {405--406}, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/1999995.2000058}, URL = {https://www.cs.dartmouth.edu/~kotz/research/sorber-pnt-poster/index.html}, abstract = {Mobile sensing technologies present exciting opportunities for healthcare. Wireless sensors can automatically provide sensor data to care providers, dramatically improving their ability to diagnose, monitor, and manage a wide range of medical conditions. Using mobile phones to provide connectivity between sensors and providers is essential to keeping costs low and deployments simple. Unfortunately, software-based attacks against phones, which can have significant consequences for patients, are also on the rise. \par This poster describes a simple, flexible, and novel approach to protecting both the confidentiality and integrity medical sensing and data processing on vulnerable mobile phones, using plug-in smart cards---even a phone compromised by malware. We describe our design, implementation, and initial experimental results using real smart cards and Android smartphones.}, } @TechReport{tan:crf-tr, author = {Keren Tan and Guanhua Yan and Jihwang Yeo and David Kotz}, title = {{Privacy Analysis of User Association Logs in a Large-scale Wireless LAN}}, institution = {Dartmouth Computer Science}, year = 2011, month = {January}, number = {TR2011-679}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/tan-crf-tr/index.html}, abstract = {User association logs collected from a large-scale wireless LAN record where and when a user has used the network. Such information plays an important role in wireless network research. One concern of sharing these data with other researchers, however, is that the logs pose potential privacy risks for the network users. Today, the common practice in sanitizing these data before releasing them to the public is to anonymize users' sensitive information, such as their devices' MAC addresses and their exact association locations. In this work, we demonstrate that such sanitization measures are insufficient to protect user privacy because the differences between user association behaviors can be modeled and many are distinguishable. By simulating an adversary's role, we propose a novel type of correlation attack in which the adversary uses the anonymized association log to build signatures against each user, and when combined with auxiliary information, such signatures can help to identify users within the anonymized log. On a user association log that contains more than four thousand users and millions of association records, we demonstrate that this attack technique is able to pinpoint the victim's identity exactly with a probability as high as 70\%, and narrow it down to a set of 20 candidates with a probability close to 100\%. We further evaluate the effectiveness of standard anonymization techniques, including generalization and perturbation, in mitigating this correlation attack; our experimental results reveal only limited success of these methods, suggesting that more thorough treatment is needed when anonymizing wireless user association logs before public release.}, } @InProceedings{tan:crf, author = {Keren Tan and Guanhua Yan and Jihwang Yeo and David Kotz}, title = {{Privacy analysis of user association logs in a large-scale wireless LAN}}, booktitle = {{Proceedings of the Annual Joint Conference of the IEEE Computer and Communications Societies (INFOCOM) mini-conference}}, year = 2011, month = {April}, pages = {31--35}, publisher = {IEEE}, copyright = {IEEE}, DOI = {10.1109/INFCOM.2011.5935168}, URL = {https://www.cs.dartmouth.edu/~kotz/research/tan-crf/index.html}, abstract = {User association logs collected from a large-scale wireless LAN record where and when a user has used the network. Such information plays an important role in wireless network research. One concern of sharing these data with other researchers, however, is that the logs pose potential privacy risks for the network users. Today, the common practice in sanitizing these data before releasing them to the public is to anonymize users' sensitive information, such as their devices' MAC addresses and their exact association locations. In this work, we aim to study whether such sanitization measures are sufficient to protect user privacy. By simulating an adversary's role, we propose a novel type of correlation attack in which the adversary uses the anonymized association log to build signatures against each user, and when combined with auxiliary information, such signatures can help to identify users within the anonymized log. Using a user association log that contains more than four thousand users and millions of association records, we demonstrate that this attack technique, under certain circumstances, is able to pinpoint the victim's identity exactly with a probability as high as 70\%, or narrow it down to a set of 20 candidates with a probability close to 100\%. We further evaluate the effectiveness of standard anonymization techniques, including generalization and perturbation, in mitigating correlation attacks; our experimental results reveal only limited success of these methods, suggesting that more thorough treatment is needed when anonymizing wireless user association logs before public release.}, } @InCollection{tan:survey, author = {Keren Tan and Jihwang Yeo and Michael E. Locasto and David Kotz}, title = {{Catch, Clean, and Release: A Survey of Obstacles and Opportunities for Network Trace Sanitization}}, booktitle = {{Privacy-Aware Knowledge Discovery: Novel Applications and New Techniques}}, editor = {Francesco Bonchi and Elena Ferrari}, year = 2011, month = {January}, chapter = 5, pages = {111--141}, publisher = {Chapman and Hall/CRC Press}, copyright = {Chapman and Hall/CRC Press}, ISBN13 = 9781439803653, URL = {https://www.cs.dartmouth.edu/~kotz/research/tan-survey/index.html}, abstract = {Network researchers benefit tremendously from access to traces of production networks, and several repositories of such network traces exist. By their very nature, these traces capture sensitive business and personal activity. Furthermore, network traces contain significant operational information about the target network, such as its structure, identity of the network provider, or addresses of important servers. To protect private or proprietary information, researchers must ``sanitize'' a trace before sharing it. \par In this chapter, we survey the growing body of research that addresses the risks, methods, and evaluation of network trace sanitization. Research on the risks of network trace sanitization attempts to extract information from published network traces, while research on sanitization methods investigates approaches that may protect against such attacks. Although researchers have recently proposed both quantitative and qualitative methods to evaluate the effectiveness of sanitization methods, such work has several shortcomings, some of which we highlight in a discussion of open problems. Sanitizing a network trace, however challenging, remains an important method for advancing network--based research.}, } @TechReport{fazio:thesis, author = {Phillip A. Fazio}, title = {{Effects of network trace sampling methods on privacy and utility metrics}}, institution = {Dartmouth College, Computer Science}, year = 2011, month = {June}, number = {TR2011-697}, copyright = {the author}, address = {Hanover, NH}, URL = {https://www.cs.dartmouth.edu/~kotz/research/fazio-thesis/index.html}, abstract = {Researchers studying computer networks rely on the availability of traffic trace data collected from live production networks. Those choosing to share trace data with colleagues must first remove or otherwise anonymize sensitive information. This process, called sanitization, represents a tradeoff between the removal of information in the interest of identity protection and the preservation of data within the trace that is most relevant to researchers. While several metrics exist to quantify this privacy-utility tradeoff, they are often computationally expensive. Computing these metrics using a sample of the trace, rather than the entire input trace, could potentially save precious time and space resources, provided the accuracy of these values does not suffer. In this paper, we examine several simple sampling methods to discover their effects on measurement of the privacy-utility tradeoff when anonymizing network traces prior to their sharing or publication. After sanitizing a small sample trace collected from the Dartmouth College wireless network, we tested the relative accuracy of a variety of previously implemented packet and flow-sampling methods on a few existing privacy and utility metrics. This analysis led us to conclude that, for our test trace, no single sampling method we examined allowed us to accurately measure the trade-off, and that some sampling methods can produce grossly inaccurate estimates of those values. We were unable to draw conclusions on the use of packet versus flow sampling in these instances.}, } @PhdThesis{tan:thesis, author = {Keren Tan}, title = {{Large-scale Wireless Local-area Network Measurement and Privacy Analysis}}, school = {Dartmouth College Computer Science}, year = 2011, month = {August}, copyright = {Keren Tan}, address = {Hanover, NH}, URL = {https://www.cs.dartmouth.edu/~kotz/research/tan-thesis/index.html}, note = {Available as Dartmouth Computer Science Technical Report TR2011-703}, abstract = {The edge of the Internet is increasingly becoming wireless. Understanding the wireless edge is therefore important for understanding the performance and security aspects of the Internet experience. This need is especially necessary for enterprise-wide wireless local-area networks (WLANs) as organizations increasingly depend on WLANs for mission-critical tasks. To study a live production WLAN, especially a large-scale network, is a difficult undertaking. Two fundamental difficulties involved are (1) building a scalable network measurement infrastructure to collect traces from a large-scale production WLAN, and (2) preserving user privacy while sharing these collected traces to the network research community. In this dissertation, we present our experience in designing and implementing one of the largest distributed WLAN measurement systems in the United States, the Dartmouth Internet Security Testbed (DIST), with a particular focus on our solutions to the challenges of efficiency, scalability, and security. We also present an extensive evaluation of the DIST system. To understand the severity of some potential trace-sharing risks for an enterprise-wide large-scale wireless network, we conduct privacy analysis on one kind of wireless network traces, a user-association log, collected from a large-scale WLAN. We introduce a machine-learning based approach that can extract and quantify sensitive information from a user-association log, even though it is sanitized. Finally, we present a case study that evaluates the tradeoff between utility and privacy on WLAN trace sanitization.}, } @TechReport{arackaparambil:clock-skew-tr, author = {Chrisil Arackaparambil and Sergey Bratus and Anna Shubina and David Kotz}, title = {{On the Reliability of Wireless Fingerprinting using Clock Skews}}, institution = {Dartmouth Computer Science}, year = 2010, month = {January}, number = {TR2010-661}, copyright = {the authors}, address = {Hanover, NH}, URL = {https://www.cs.dartmouth.edu/~kotz/research/arackaparambil-clock-skew-tr/index.html}, abstract = {Determining whether a client station should trust an access point is a known problem in wireless security. Traditional approaches to solving this problem resort to cryptography. But cryptographic exchange protocols are complex and therefore induce potential vulnerabilities in themselves. We show that measurement of clock skews of access points in an 802.11 network can be useful in this regard, since it provides fingerprints of the devices. Such fingerprints can be used to establish the first point of trust for client stations wishing to connect to an access point. Fingerprinting can also be used in the detection of fake access points. We demonstrate deficiencies of previously studied methods that measure clock skews in 802.11 networks by means of an attack that spoofs clock skews. We then provide means to overcome those deficiencies, thereby improving the reliability of fingerprinting. Finally, we show how to perform the clock-skew arithmetic that enables network providers to publish clock skews of their access points for use by clients.}, } @InProceedings{arackaparambil:clock-skew, author = {Chrisil Arackaparambil and Sergey Bratus and Anna Shubina and David Kotz}, title = {{On the Reliability of Wireless Fingerprinting using Clock Skews}}, booktitle = {{Proceedings of the ACM Conference on Wireless Network Security (WiSec)}}, year = 2010, month = {March}, numpages = 6, pages = {169--174}, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/1741866.1741894}, URL = {https://www.cs.dartmouth.edu/~kotz/research/arackaparambil-clock-skew/index.html}, abstract = {Determining whether a client station should trust an access point is a known problem in wireless security. Traditional approaches to solving this problem resort to cryptography. But cryptographic exchange protocols are complex and therefore induce potential vulnerabilities in themselves. We show that measurement of clock skews of access points in an 802.11 network can be useful in this regard, since it provides fingerprints of the devices. Such fingerprints can be used to establish the first point of trust for client stations wishing to connect to an access point. Fingerprinting can also be used in the detection of fake access points. \par We demonstrate deficiencies of previously studied methods that measure clock skews in 802.11 networks by means of an attack that spoofs clock skews. We then provide means to overcome those deficiencies, thereby improving the reliability of fingerprinting. Finally, we show how to perform the clock-skew arithmetic that enables network providers to publish clock skews of their access points for use by clients.}, } @InProceedings{cornelius:healthsec10, author = {Cory Cornelius and David Kotz}, title = {{On Usable Authentication for Wireless Body Area Networks}}, booktitle = {{Proceedings of the USENIX Workshop on Health Security (HealthSec)}}, year = 2010, month = {August}, numpages = 2, publisher = {USENIX Association}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/cornelius-healthsec10/index.html}, note = {Position paper}, abstract = {We examine a specific security problem in wireless body area networks (WBANs), what we call the \emph{one body authentication problem}. That is, how can we ensure that the wireless sensors in a WBAN are collecting data about one individual and not several individuals. We explore existing solutions to this problem and provide some analysis why these solutions are inadequate. Finally, we provide some direction towards a promising solution to the problem and how it can be used to create a usably secure WBAN.}, } @InProceedings{mare:healthsec10, author = {Shrirang Mare and David Kotz}, title = {{Is Bluetooth the right technology for mHealth?}}, booktitle = {{Proceedings of the USENIX Workshop on Health Security (HealthSec)}}, year = 2010, month = {August}, numpages = 2, publisher = {USENIX Association}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/mare-healthsec10/index.html}, note = {Position paper}, abstract = {Many people believe mobile healthcare (mHealth) would help alleviate the rising cost of healthcare and improve the quality of service. Bluetooth, which is the most popular wireless technology for personal medical devices, is used for most of the mHealth sensing applications. In this paper we raise the question -- Is Bluetooth the right technology for mHealth? To instigate the discussion we discuss some shortcomings of Bluetooth and also point out an alternative solution.}, } @InProceedings{mare:models, author = {Shrirang Mare and David Kotz and Anurag Kumar}, title = {{Experimental Validation of Analytical Performance Models for IEEE 802.11 Networks}}, booktitle = {{Proceedings of the Workshop on WIreless Systems: Advanced Research and Development (WISARD)}}, year = 2010, month = {January}, pages = {1--8}, publisher = {IEEE}, copyright = {IEEE}, DOI = {10.1109/COMSNETS.2010.5431957}, URL = {https://www.cs.dartmouth.edu/~kotz/research/mare-models/index.html}, abstract = {We consider the simplest IEEE 802.11 WLAN networks for which analytical models are available and seek to provide an experimental validation of these models. Our experiments include the following cases: (i) two nodes with saturated queues, sending fixed-length UDP packets to each other, and (ii) a TCP-controlled transfer between two nodes. Our experiments are based entirely on Aruba AP-70 access points operating under Linux. We report our observations on certain non-standard behavior of the devices. In cases where the devices adhere to the standards, we find that the results from the analytical models estimate the experimental data with a mean error of 3-5\%.}, } @TechReport{peebles:anonytl, author = {Dan Peebles and Cory Cornelius and Apu Kapadia and David Kotz and Minho Shin and Nikos Triandopoulos}, title = {{AnonyTL Specification}}, institution = {Dartmouth Computer Science}, year = 2010, month = {January}, number = {TR2010-660}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/peebles-anonytl/index.html}, abstract = {We provide a specification of \emph{AnonyTL}, a domain-specific language that describes sensing tasks for mobile devices in a manner that facilitates automated reasoning about privacy.}, } @InProceedings{prasad:healthsec10, author = {Aarathi Prasad and David Kotz}, title = {{Can I access your Data? Privacy Management in mHealth}}, booktitle = {{Proceedings of the USENIX Workshop on Health Security (HealthSec)}}, year = 2010, month = {August}, numpages = 2, publisher = {USENIX Association}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/prasad-healthsec10/index.html}, note = {Position paper}, abstract = {Mobile health (mHealth) has become important in the field of healthcare information technology, as patients begin to use mobile medical sensors to record their daily activities and vital signs. Since their medical data is collected by their sensors, the patients may wish to control data collection and distribution, so as to protect their data and share it only when the need arises. It must be possible for patients to grant or deny access to the data on the storage unit (mobile phones or personal health records (PHR)). Thus, an efficient framework is required for managing patient consent electronically, i.e.to allow patients to express their desires about what data to collect, what to store, and how to share. We describe several challenges posed by privacy management in mobile health.}, } @InProceedings{tan:crf-s3, author = {Keren Tan and Guanhua Yan and Jihwang Yeo and David Kotz}, title = {{A Correlation Attack Against User Mobility Privacy in a Large-scale WLAN network}}, booktitle = {{Proceedings of the ACM MobiCom S3 workshop}}, year = 2010, month = {September}, pages = {33--35}, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/1860039.1860050}, URL = {https://www.cs.dartmouth.edu/~kotz/research/tan-crf-s3/index.html}, abstract = {User association logs collected from real-world wireless LANs have facilitated wireless network research greatly. To protect user privacy, the common practice in sanitizing these data before releasing them to the public is to anonymize users' sensitive information such as the MAC addresses of their devices and their exact association locations. In this work,we demonstrate that these sanitization measures are insufficient in protecting user privacy from a novel type of correlation attack that is based on CRF (Conditional Random Field). In such a correlation attack, the adversary observes the victim's AP (Access Point) association activities for a short period of time and then infers her corresponding identity in a released user association dataset. Using a user association log that contains more than three thousand users and millions of AP association records, we demonstrate that the CRF-based technique is able to pinpoint the victim's identity exactly with a probability as high as 70\%.}, } @InProceedings{tan:saluki, author = {Keren Tan and David Kotz}, title = {{Saluki: a High-Performance Wi-Fi Sniffing Program}}, booktitle = {{Proceedings of the International Workshop on Wireless Network Measurements (WiNMee)}}, year = 2010, month = {May}, pages = {591--596}, publisher = {IEEE}, copyright = {IEEE}, URL = {https://www.cs.dartmouth.edu/~kotz/research/tan-saluki/index.html}, note = {Invited paper}, abstract = {Building a campus-wide wireless LAN measurement system faces many efficiency, scalability and security challenges. To address these challenges, we developed a distributed Wi-Fi sniffing program called Saluki. Compared to our previous implementation and to other available sniffing programs, Saluki has the following advantages: (1) its small footprint makes it suitable for a resource-constrained Linux platform, such as those in commercial Wi-Fi access points; (2) the frame-capture rate increased more than three-fold over tcpdump with minimal frame loss; (3) all traffic between this sniffer and the back-end server was secured using 128-bit encryption; and (4) the traffic load on the backbone network was reduced to only 30\% of that in our previous implementation. In this paper, we introduce the design and the implementation details of this high-performance sniffing program, along with preliminary evaluation results.}, } @InProceedings{bratus:dist-cset, author = {Sergey Bratus and David Kotz and Keren Tan and William Taylor and Anna Shubina and Bennet Vance and Michael E. Locasto}, title = {{Dartmouth Internet Security Testbed (DIST): building a campus-wide wireless testbed}}, booktitle = {{Proceedings of the Workshop on Cyber Security Experimentation and Test (CSET)}}, year = 2009, month = {August}, numpages = 6, publisher = {USENIX Association}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/bratus-dist-cset/index.html}, abstract = {We describe our experiences in deploying a campus-wide wireless security testbed. The testbed gives us the capability to monitor security-related aspects of the 802.11 MAC layer in over 200 diverse campus locations. We describe both the technical and the social challenges of designing, building, and deploying such a system, which, to the best of our knowledge, is the largest such testbed in academia (with the UCSD's Jigsaw infrastructure a close competitor). In this paper we focus on the \emph{testbed setup}, rather than on the experimental data and results.}, } @InProceedings{chen:mpcs, author = {Guanling Chen and Bo Yan and Minho Shin and David Kotz and Ethan Berke}, title = {{MPCS: Mobile-based Patient Compliance System for Chronic Illness Care}}, booktitle = {{Proceedings of the International Workshop on Ubiquitous Mobile Healthcare Applications (MobiCare)}}, year = 2009, month = {July}, pages = {1--7}, publisher = {IEEE}, copyright = {ICST}, DOI = {10.4108/ICST.MOBIQUITOUS2009.6829}, URL = {https://www.cs.dartmouth.edu/~kotz/research/chen-mpcs/index.html}, abstract = {More than 100 million Americans are currently living with at least one chronic health condition and expenditures on chronic diseases account for more than 75 percent of the \$2.3 trillion cost of our healthcare system. To improve chronic illness care, patients must be empowered and engaged in health self-management. However, only half of all patients with chronic illness comply with treatment regimen. The self-regulation model, while seemingly valuable, needs practical tools to help patients adopt this self-centered approach for long-term care. \par In this position paper, we propose Mobile-phone based Patient Compliance System (MPCS) that can reduce the time-consuming and error-prone processes of existing self-regulation practice to facilitate self-reporting, non-compliance detection, and compliance reminders. The novelty of this work is to apply social-behavior theories to engineer the MPCS to positively influence patients' compliance behaviors, including mobile-delivered contextual reminders based on association theory; mobile-triggered questionnaires based on self-perception theory; and mobile-enabled social interactions based on social-construction theory. We discuss the architecture and the research challenges to realize the proposed MPCS.}, } @InProceedings{kapadia:metrosec-challenges, author = {Apu Kapadia and David Kotz and Nikos Triandopoulos}, title = {{Opportunistic Sensing: Security Challenges for the New Paradigm}}, booktitle = {{Proceedings of the International Conference on COMmunication Systems and NETworkS (COMSNETS)}}, year = 2009, month = {January}, numpages = 10, publisher = {IEEE}, copyright = {IEEE}, DOI = {10.1109/COMSNETS.2009.4808850}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kapadia-metrosec-challenges/index.html}, note = {Invited paper}, abstract = {We study the security challenges that arise in \emph{opportunistic people-centric sensing}, a new sensing paradigm leveraging humans as part of the sensing infrastructure. Most prior sensor-network research has focused on collecting and processing environmental data using a static topology and an application-aware infrastructure, whereas opportunistic sensing involves collecting, storing, processing and fusing large volumes of data related to everyday human activities. This highly dynamic and mobile setting, where humans are the central focus, presents new challenges for information security, because data originates from sensors carried by people--- not tiny sensors thrown in the forest or attached to animals. In this paper we aim to instigate discussion of this critical issue, because opportunistic people-centric sensing will never succeed without adequate provisions for security and privacy. To that end, we outline several important challenges and suggest general solutions that hold promise in this new sensing paradigm.}, } @InProceedings{kotz:mhealth-spimacs, author = {David Kotz and Sasikanth Avancha and Amit Baxi}, title = {{A privacy framework for mobile health and home-care systems}}, booktitle = {{Proceedings of the Workshop on Security and Privacy in Medical and Home-Care Systems (SPIMACS)}}, year = 2009, month = {November}, pages = {1--12}, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/1655084.1655086}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-mhealth-spimacs/index.html}, abstract = {In this paper, we consider the challenge of preserving patient privacy in the context of mobile healthcare and home-care systems, that is, the use of mobile computing and communications technologies in the delivery of healthcare or the provision of at-home medical care and assisted living. This paper makes three primary contributions. First, we compare existing privacy frameworks, identifying key differences and shortcomings. Second, we identify a privacy framework for mobile healthcare and home-care systems. Third, we extract a set of privacy properties intended for use by those who design systems and applications for mobile healthcare and home-care systems, linking them back to the privacy principles. Finally, we list several important research questions that the community should address. We hope that the privacy framework in this paper can help to guide the researchers and developers in this community, and that the privacy properties provide a concrete foundation for privacy-sensitive systems and applications for mobile healthcare and home-care systems.}, } @Article{li:ijcnds, author = {Ming Li and David Kotz}, title = {{Towards Collaborative Data Reduction in Stream-Processing Systems}}, journal = {International Journal of Communication Networks and Distributed Systems (IJCNDS)}, year = 2009, month = {June}, volume = 2, number = 4, pages = {375--400}, publisher = {Inderscience}, copyright = {Inderscience Enterprises}, DOI = {10.1504/IJCNDS.2009.026555}, URL = {https://www.cs.dartmouth.edu/~kotz/research/li-ijcnds/index.html}, abstract = {We consider a distributed system that disseminates high-volume event streams to many simultaneous monitoring applications over a low-bandwidth network. For bandwidth efficiency, we propose a collaborative data-reduction mechanism, ``group-aware stream filtering'', used together with multicast, to select a small set of necessary data that satisfy the needs of a group of subscribers simultaneously. We turn data-compressing filters into group-aware filters by exploiting two overlooked, yet important, properties of monitoring applications: 1) many of them can tolerate some degree of ``slack'' in their data quality requirements, and 2) there may exist multiple subsets of the source data satisfying the quality needs of an application. We can thus choose the ``best alternative'' subset for each application to maximize the data overlap within the group to best benefit from multicasting. We provide a general framework that treats the group-aware stream filtering problem completely; we prove the problem NP-hard and thus provide a suite of heuristic algorithms that ensure data quality (specifically, granularity and timeliness) while collaboratively reducing data. The framework is extensible and supports a diverse range of filters. Our prototype-based evaluation shows that group-aware stream filtering is effective in trading CPU time for data reduction, compared with self-interested filtering.}, } @InCollection{minami:handbook, author = {Kazuhiro Minami and David Kotz}, title = {{Distributed proof systems for cross-domain authorization}}, booktitle = {{Information Assurance, Security and Privacy Services}}, editor = {H. Raghav Rao and Shambhu Upadhyaya}, series = {Handbooks in Information Systems}, year = 2009, volume = 4, chapter = 1, publisher = {Emerald Group Publishing Limited}, copyright = {Emerald Group Publishing Limited}, ISBN13 = 9781848551947, URL = {https://www.cs.dartmouth.edu/~kotz/research/minami-handbook/index.html}, abstract = {The ability to access information resources across organizational boundaries is vital for today's corporate, military, and educational organizations, which must be able to quickly pool their resources to respond to opportunities and threats. Since each organization protects its resources with its local authorization policies, we need mechanisms for cross-domain authorization to achieve information sharing among multiple organizations. Unfortunately, traditional identity-based authorization approaches are impractical, because the identity of a requester is not a useful clue for authorization in a decentralized environment. Many distributed authorization schemes, therefore, consider a requester's properties (e.g., employer and physical location) to make an authorization decision and use a logic-based approach to specify authorization policies in a flexible way. Such a distributed proof system makes an authorization decision by constructing a proof with information provided by different entities in a distributed environment. In this chapter, we provide an overview of distributed proof systems for cross-domain authorization, while covering major language constructs and proof-constructing algorithms, and introduce an emerging issue of protecting confidential policies and credentials (facts) in a distributed proof system involving multiple security domains since it is unlikely that a principal in one security domain is willing to release all its local information to any principal in other domains. We finally describe our distributed proof system for cross-domain authorization in detail and show how our cryptographic protocol allows mutually untrusted principals to construct a proof in a decentralized way while preserving each principal's security policies.}, } @TechReport{nanda:combined-tr2, author = {Soumendra Nanda and Zhenhui Jiang and David Kotz}, title = {{A Combined Routing Method for Ad Hoc Wireless Networks}}, institution = {Dartmouth Computer Science}, year = 2009, month = {February}, number = {TR2009-641}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/nanda-combined-tr2/index.html}, abstract = {Several simulation and real world studies show that certain ad hoc routing protocols perform better than others under specific mobility and traffic patterns. In order to exploit this phenomena, we propose a novel approach to adapt a network to changing conditions; we introduce ``a combined routing method'' that allows the network to seamlessly swap from one routing protocol to another protocol dynamically, while routing continues uninterrupted. By creating a thin new virtual layer, we enable each node in the ad hoc wireless network notify each other about the protocol swap and we do not make any changes to existing routing protocols. To ensure that routing works efficiently after the protocol swap, we reuse information from the previous protocol's routing table while initializing the data structures for the new routing protocol. We study the feasibility of our technique and the overheads incurred while swapping between AODV, ODMRP and APRL under different network topologies and traffic patterns through detailed simulations. Our results show that the swap latency is related to the nature of the destination protocol and the topology of the network. We also find that the control packet ratio of a routing protocol during and after a swap is close to that of the protocol running before a swap, thus indicating that our approach does not add excessive overhead.}, } @InProceedings{shin:deamon, author = {Minho Shin and Patrick Tsang and David Kotz and Cory Cornelius}, title = {{DEAMON: Energy-efficient sensor monitoring}}, booktitle = {{Proceedings of the IEEE Communications Society Conference on Sensor, Mesh, and Ad Hoc Communications and Networks (SECON)}}, year = 2009, month = {June}, pages = {1--9}, publisher = {IEEE}, copyright = {IEEE}, DOI = {10.1109/SAHCN.2009.5168925}, URL = {https://www.cs.dartmouth.edu/~kotz/research/shin-deamon/index.html}, abstract = {In people-centric opportunistic sensing, people offer their mobile nodes (such as smart phones) as platforms for collecting sensor data. A sensing application distributes sensing `tasks,' which specify what sensor data to collect and under what conditions to report the data back to the application. To perform a task, mobile nodes may use on-board sensors, a body-area network of personal sensors, or sensors from neighboring nodes that volunteer to contribute their sensing resources. In all three cases, continuous sensor monitoring can drain a node's battery. \par We propose DEAMON (Distributed Energy-Aware MONitoring), an energy-efficient distributed algorithm for long-term sensor monitoring. Our approach assumes only that mobile nodes are tasked to report sensor data under conditions specified by a Boolean expression, and that a network of nearby sensor nodes contribute to monitoring subsets of the task's sensors. Our algorithm to select sensor nodes and to monitor the sensing condition conserves energy of all nodes by limiting sensing and communication operations. We evaluate DEAMON with a stochastic analysis and with simulation results, and show that it should significantly reduce energy consumption.}, } @InCollection{sriram:challenges, author = {Janani Sriram and Minho Shin and David Kotz and Anand Rajan and Manoj Sastry and Mark Yarvis}, title = {{Challenges in Data Quality Assurance in Pervasive Health Monitoring Systems}}, booktitle = {{Future of Trust in Computing}}, editor = {David Gawrock and Helmut Reimer and Ahmad-Reza Sadeghi and Claire Vishik}, year = 2009, month = {July}, chapter = 0, pages = {129--142}, publisher = {Vieweg+Teubner Verlag}, copyright = {Vieweg+Teubner Verlag}, ISBN13 = {978-3-8348-9324-6}, DOI = {10.1007/978-3-8348-9324-6_14}, URL = {https://www.cs.dartmouth.edu/~kotz/research/sriram-challenges/index.html}, abstract = {Wearable, portable, and implantable medical sensors have ushered in a new paradigm for healthcare in which patients can take greater responsibility and caregivers can make well-informed, timely decisions. Health-monitoring systems built on such sensors have huge potential benefit to the quality of healthcare and quality of life for many people, such as patients with chronic medical conditions (such as blood-sugar sensors for diabetics), people seeking to change unhealthy behavior (such as losing weight or quitting smoking), or athletes wishing to monitor their condition and performance. To be effective, however, these systems must provide assurances about the quality of the sensor data. The sensors must be applied to the patient by a human, and the sensor data may be transported across multiple networks and devices before it is presented to the medical team. While no system can guarantee data quality, we anticipate that it will help for the system to annotate data with some measure of \emph{confidence}. In this paper, we take a deeper look at potential health-monitoring usage scenarios and highlight research challenges required to ensure and assess quality of sensor data in health-monitoring systems.}, } @InProceedings{sriram:ecg, author = {Janani Sriram and Minho Shin and Tanzeem Choudhury and David Kotz}, title = {{Activity-aware ECG-based patient authentication for remote health monitoring}}, booktitle = {{Proceedings of the International Conference on Multimodal Interfaces and Workshop on Machine Learning for Multi-modal Interaction (ICMI-MLMI)}}, year = 2009, month = {November}, pages = {297--304}, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/1647314.1647378}, URL = {https://www.cs.dartmouth.edu/~kotz/research/sriram-ecg/index.html}, abstract = {Mobile medical sensors promise to provide an efficient, accurate, and economic way to monitor patients' health outside the hospital. Patient authentication is a necessary security requirement in remote health monitoring scenarios. The monitoring system needs to make sure that the data is coming from the right person before any medical or financial decisions are made based on the data. Credential-based authentication methods (e.g., passwords, certificates) are not well-suited for remote healthcare as patients could hand over credentials to someone else. Furthermore, one-time authentication using credentials or trait-based biometrics (e.g., face, fingerprints, iris) do not cover the entire monitoring period and may lead to unauthorized post-authentication use. Recent studies have shown that the human electrocardiogram (ECG) exhibits unique patterns that can be used to discriminate individuals. However, perturbation of the ECG signal due to physical activity is a major obstacle in applying the technology in real-world situations. In this paper, we present a novel ECG and accelerometer-based system that can authenticate individuals in an ongoing manner under various activity conditions. We describe the probabilistic authentication system we have developed and present experimental results from 17 individuals.}, } @TechReport{yeo:poll-tr, author = {Jihwang Yeo and Keren Tan and David Kotz}, title = {{User survey regarding the needs of network researchers in trace-anonymization tools}}, institution = {Dartmouth Computer Science}, year = 2009, month = {November}, number = {TR2009-658}, copyright = {the authors}, address = {Hanover, NH}, URL = {https://www.cs.dartmouth.edu/~kotz/research/yeo-poll-tr/index.html}, abstract = {To understand the needs of network researchers in an anonymization tool, we conducted a survey on the network researchers. We invited network researchers world-wide to the survey by sending invitation emails to well-known mailing lists whose subscribers may be interested in network research with collecting, sharing and sanitizing network traces.}, } @Misc{kotz:dartmouth-campus-20090909, author = {David Kotz and Tristan Henderson and Ilya Abyzov and Jihwang Yeo}, title = {{CRAWDAD dataset dartmouth/campus (v. 2009-09-09)}}, howpublished = {Available for download on IEEE DataPort}, year = 2009, month = {September}, copyright = {the authors}, DOI = {10.15783/C7F59T}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-dartmouth-campus-20090909/index.html}, abstract = {This dataset includes syslog, SNMP, and tcpdump data for 5 years or more, for over 450 access points and several thousand users at Dartmouth College.}, } @Unpublished{camp:wishlist, author = {Jean Camp and Lorrie Cranor and Nick Feamster and Joan Feigenbaum and Stephanie Forrest and Dave Kotz and Wenke Lee and Patrick Lincoln and Vern Paxson and Mike Reiter and Ron Rivest and William Sanders and Stefan Savage and Sean Smith and Eugene Spafford and Sal Stolfo}, title = {{Data for Cybersecurity Research: Process and `Wish List'}}, year = 2009, month = {June}, day = 10, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/camp-wishlist/index.html}, note = {Informal report}, abstract = {This document identifies data needs of the security research community. This document is in response to a request for a ``data wish list''. Because specific data needs will evolve in conjunction with evolving threats and research problems, we augment the wish list with commentary about some of the broader issues for data usage.}, } @TechReport{bratus:fingerprint-tr, author = {Sergey Bratus and Cory Cornelius and Daniel Peebles and David Kotz}, title = {{Active Behavioral Fingerprinting of Wireless Devices}}, institution = {Dartmouth Computer Science}, year = 2008, month = {March}, number = {TR2008-610}, copyright = {the authors}, address = {Hanover, NH}, URL = {https://www.cs.dartmouth.edu/~kotz/research/bratus-fingerprint-tr/index.html}, abstract = {We propose a simple active method for discovering facts about the chipset, the firmware or the driver of an 802.11 wireless device by observing its responses (or lack thereof) to a series of crafted non-standard or malformed 802.11 frames. We demonstrate that such responses can differ significantly enough to distinguish between a number of popular chipsets and drivers. We expect to significantly expand the number of recognized device types through community contributions of signature data for the proposed open fingerprinting framework. Our method complements known fingerprinting approaches, and can be used to interrogate and spot devices that may be spoofing their MAC addresses in order to conceal their true architecture from other stations, such as a fake AP seeking to engage clients in complex protocol frame exchange (e.g., in order to exploit a driver vulnerability). In particular, it can be used to distinguish rogue APs from legitimate APs before association.}, } @InProceedings{bratus:fingerprint, author = {Sergey Bratus and Cory Cornelius and David Kotz and Dan Peebles}, title = {{Active Behavioral Fingerprinting of Wireless Devices}}, booktitle = {{Proceedings of the ACM Conference on Wireless Network Security (WiSec)}}, year = 2008, month = {March}, pages = {56--61}, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/1352533.1352543}, URL = {https://www.cs.dartmouth.edu/~kotz/research/bratus-fingerprint/index.html}, abstract = {We propose a simple active method for discovering facts about the chipset, the firmware or the driver of an 802.11 wireless device by observing its responses (or lack thereof) to a series of crafted non-standard or malformed 802.11 frames. We demonstrate that such responses can differ significantly enough to distinguish between a number of popular chipsets and drivers. We expect to significantly expand the number of recognized device types through community contributions of signature data for the proposed open fingerprinting framework. Our method complements known fingerprinting approaches, and can be used to interrogate and spot devices that may be spoofing their MAC addresses in order to conceal their true architecture from other stations, such as a fake AP seeking to engage clients in complex protocol frame exchange (e.g., in order to exploit a driver vulnerability). In particular, it can be used to distinguish rogue APs from legitimate APs before association.}, } @InProceedings{bratus:streaming-poster, author = {Sergey Bratus and Joshua Brody and David Kotz and Anna Shubina}, title = {{Streaming Estimation of Information-theoretic Metrics for Anomaly Detection (Extended Abstract)}}, booktitle = {{Proceedings of the International Symposium on Recent Advances in Intrusion Detection--- Posters}}, series = {Lecture Notes in Computer Science}, year = 2008, month = {September}, volume = 5230, pages = {412--414}, publisher = {Springer-Verlag}, copyright = {Springer}, address = {Cambridge, MA}, DOI = {10.1007/978-3-540-87403-4_32}, URL = {https://www.cs.dartmouth.edu/~kotz/research/bratus-streaming-poster/index.html}, abstract = {Information-theoretic metrics hold great promise for modeling traffic and detecting anomalies if only they could be computed in an efficient, scalable ways. Recent advances in streaming estimation algorithms give hope that such computations can be made practical. We describe our work in progress that aims to use streaming algorithms on 802.11a/b/g link layer (and above) features and feature pairs to detect anomalies.}, } @Article{chen:jsolar, author = {Guanling Chen and Ming Li and David Kotz}, title = {{Data-centric middleware for context-aware pervasive computing}}, journal = {Pervasive and Mobile Computing}, year = 2008, month = {April}, volume = 4, number = 2, pages = {216--253}, publisher = {Elsevier}, copyright = {Elsevier}, DOI = {10.1016/j.pmcj.2007.10.001}, URL = {https://www.cs.dartmouth.edu/~kotz/research/chen-jsolar/index.html}, abstract = {The complexity of developing and deploying context-aware pervasive-computing applications calls for distributed software infrastructures that assist applications to collect, aggregate, and disseminate contextual data. In this paper, we motivate a data-centric design for such an infrastructure to support context-aware applications. Our middleware system, Solar, treats contextual data sources as stream publishers. The core of Solar is a scalable and self-organizing peer-to-peer overlay to support data-driven services. We describe how different services can be systematically integrated on top of the Solar overlay and evaluate the resource discovery and data-dissemination services. We also discuss our experience and lessons learned when using Solar to support several implemented scenarios. We conclude that a data-centric infrastructure is necessary to facilitate both the development and deployment of context-aware pervasive-computing applications.}, } @InProceedings{cornelius:anonysense, author = {Cory Cornelius and Apu Kapadia and David Kotz and Dan Peebles and Minho Shin and Nikos Triandopoulos}, title = {{AnonySense: Privacy-Aware People-Centric Sensing}}, booktitle = {{Proceedings of the International Conference on Mobile Systems, Applications, and Services (MobiSys)}}, year = 2008, month = {June}, pages = {211--224}, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/1378600.1378624}, URL = {https://www.cs.dartmouth.edu/~kotz/research/cornelius-anonysense/index.html}, abstract = {Personal mobile devices are increasingly equipped with the capability to sense the physical world (through cameras, microphones, and accelerometers, for example) and the network world (with Wi-Fi and Bluetooth interfaces). Such devices offer many new opportunities for cooperative sensing applications. For example, users' mobile phones may contribute data to community-oriented information services, from city-wide pollution monitoring to enterprise-wide detection of unauthorized Wi-Fi access points. This people-centric mobile-sensing model introduces a new security challenge in the design of mobile systems: protecting the privacy of participants while allowing their devices to reliably contribute high-quality data to these large-scale applications. \par We describe AnonySense, a privacy-aware architecture for realizing pervasive applications based on collaborative, opportunistic sensing by personal mobile devices. AnonySense allows applications to submit sensing \emph{tasks} that will be distributed across anonymous participating mobile devices, later receiving verified, yet anonymized, sensor data \emph{reports} back from the field, thus providing the first secure implementation of this participatory sensing model. We describe our trust model, and the security properties that drove the design of the AnonySense system. We evaluate our prototype implementation through experiments that indicate the feasibility of this approach, and through two applications: a Wi-Fi rogue access point detector and a lost-object finder.}, } @InProceedings{deshpande:refocusing, author = {Udayan Deshpande and Chris McDonald and David Kotz}, title = {{Refocusing in 802.11 Wireless Measurement}}, booktitle = {{Proceedings of the Passive and Active Measurement Conference (PAM 2008)}}, series = {Lecture Notes in Computer Science}, year = 2008, month = {April}, volume = 4979, pages = {142--151}, publisher = {Springer-Verlag}, copyright = {Springer-Verlag}, DOI = {10.1007/978-3-540-79232-1_15}, URL = {https://www.cs.dartmouth.edu/~kotz/research/deshpande-refocusing/index.html}, abstract = {The edge of the Internet is increasingly wireless. To understand the Internet, one must understand the edge, and yet the measurement of wireless networks poses many new challenges. IEEE 802.11 networks support multiple wireless channels and any monitoring technique involves capturing traffic on each of these channels to gather a representative sample of frames from the network. We call this procedure \emph{channel sampling}, in which each sniffer visits each channel periodically, resulting in a sample of the traffic on each of the channels. \par This sampling approach may be sufficient, for example, for a system administrator or anomaly detection module to observe some unusual behavior in the network. Once an anomaly is detected, however, the administrator may require a more extensive traffic sample, or need to identify the location of an offending device. \par We propose a method to allow measurement applications to dynamically modify the sampling strategy, \emph{refocusing} the monitoring system to pay more attention to certain types of traffic than others. In this paper we show that refocusing is a necessary and promising new technique for wireless measurement.}, } @Article{henderson:jvoice, author = {Tristan Henderson and David Kotz and Ilya Abyzov}, title = {{The Changing Usage of a Mature Campus-wide Wireless Network}}, journal = {Computer Networks}, year = 2008, month = {October}, volume = 52, number = 14, pages = {2690--2712}, publisher = {Elsevier}, copyright = {Elsevier}, DOI = {10.1016/j.comnet.2008.05.003}, URL = {https://www.cs.dartmouth.edu/~kotz/research/henderson-jvoice/index.html}, abstract = {Wireless Local Area Networks (WLANs) are now commonplace on many academic and corporate campuses. As ``Wi-Fi'' technology becomes ubiquitous, it is increasingly important to understand trends in the usage of these networks. This paper analyzes an extensive network trace from a mature 802.11 WLAN, including more than 550 access points and 7000 users over seventeen weeks. We employ several measurement techniques, including syslog messages, telephone records, SNMP polling and tcpdump packet captures. This is the largest WLAN study to date, and the first to look at a mature WLAN. We compare this trace to a trace taken after the network's initial deployment two years prior. \par We found that the applications used on the WLAN changed dramatically, with significant increases in peer-to-peer and streaming multimedia traffic. Despite the introduction of a Voice over IP (VoIP) system that includes wireless handsets, our study indicates that VoIP has been used little on the wireless network thus far, and most VoIP calls are made on the wired network. \par We saw greater heterogeneity in the types of clients used, with more embedded wireless devices such as PDAs and mobile VoIP clients. We define a new metric for mobility, the ``session diameter''. We use this metric to show that embedded devices have different mobility characteristics than laptops, and travel further and roam to more access points. Overall, users were surprisingly non-mobile, with half remaining close to home about 98\% of the time.}, } @InProceedings{kapadia:anonysense, author = {Apu Kapadia and Nikos Triandopoulos and Cory Cornelius and Dan Peebles and David Kotz}, title = {{AnonySense: Opportunistic and Privacy-Preserving Context Collection}}, booktitle = {{Proceedings of the International Conference on Pervasive Computing (Pervasive)}}, series = {Lecture Notes in Computer Science}, year = 2008, month = {May}, volume = 5013, pages = {280--297}, publisher = {Springer-Verlag}, copyright = {Springer-Verlag}, DOI = {10.1007/978-3-540-79576-6_17}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kapadia-anonysense/index.html}, abstract = {Opportunistic sensing allows applications to ``task'' mobile devices to measure context in a target region. For example, one could leverage sensor-equipped vehicles to measure traffic or pollution levels on a particular street, or users' mobile phones to locate (Bluetooth-enabled) objects in their neighborhood. In most proposed applications, context reports include the time and location of the event, putting the privacy of users at increased risk---even if a report has been anonymized, the accompanying time and location can reveal sufficient information to deanonymize the user whose device sent the report. \par We propose AnonySense, a general-purpose architecture for leveraging users' mobile devices for measuring context, while maintaining the privacy of the users. AnonySense features multiple layers of privacy protection---a framework for nodes to receive tasks anonymously, a novel blurring mechanism based on tessellation and clustering to protect users' privacy against the system while reporting context, and k-anonymous report aggregation to improve the users' privacy against applications receiving the context. We outline the architecture and security properties of AnonySense, and focus on evaluating our tessellation and clustering algorithm against real mobility traces.}, } @Article{li:jfilter, author = {Ming Li and David Kotz}, title = {{Group-aware Stream Filtering for Bandwidth-efficient Data Dissemination}}, journal = {International Journal of Parallel, Emergent and Distributed Systems (IJPEDS)}, year = 2008, month = {December}, volume = 23, number = 6, pages = {429--446}, publisher = {Taylor \& Francis}, copyright = {Taylor \& Francis}, address = {London, UK}, DOI = {10.1080/17445760801930955}, URL = {https://www.cs.dartmouth.edu/~kotz/research/li-jfilter/index.html}, note = {Invited paper}, abstract = {In this paper we are concerned with disseminating high-volume data streams to many simultaneous applications over a low-bandwidth wireless mesh network. For bandwidth efficiency, we propose a \emph{group-aware stream filtering} approach, used in conjunction with multicasting, that exploits two overlooked, yet important, properties of these applications: 1) many applications can tolerate some degree of ``slack'' in their data quality requirements, and 2) there may exist multiple subsets of the source data satisfying the quality needs of an application. We can thus choose the ``best alternative'' subset for each application to maximize the data overlap within the group to best benefit from multicasting. An evaluation of our prototype implementation shows that group-aware data filtering can save bandwidth with low CPU overhead. We also analyze the key factors that affect its performance, based on testing with heterogeneous filtering requirements.}, } @InProceedings{li:quality, author = {Ming Li and David Kotz}, title = {{Event Dissemination via Group-aware Stream Filtering}}, booktitle = {{Proceedings of the International Conference on Distributed Event-Based Systems (DEBS)}}, year = 2008, month = {July}, pages = {59--70}, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/1385989.1385998}, URL = {https://www.cs.dartmouth.edu/~kotz/research/li-quality/index.html}, abstract = {We consider a distributed system that disseminates high-volume event streams to many simultaneous monitoring applications over a low-bandwidth network. For bandwidth efficiency, we propose a \emph{group-aware stream filtering} approach, used together with multicasting, that exploits two overlooked, yet important, properties of monitoring applications: 1) many of them can tolerate some degree of ``slack'' in their data quality requirements, and 2) there may exist multiple subsets of the source data satisfying the quality needs of an application. We can thus choose the ``best alternative'' subset for each application to maximize the data overlap within the group to best benefit from multicasting. Here we provide a general framework for the group-aware stream filtering problem, which we prove is NP-hard. We introduce a suite of heuristics-based algorithms that ensure data quality (specifically, granularity and timeliness) while preserving bandwidth. Our evaluation shows that group-aware stream filtering is effective in trading CPU time for bandwidth savings, compared with self-interested filtering.}, } @Article{nanda:jmeshmon, author = {Soumendra Nanda and David Kotz}, title = {{Mesh-Mon: A Multi-Radio Mesh Monitoring and Management System}}, journal = {Computer Communications}, year = 2008, month = {May}, volume = 31, number = 8, pages = {1588--1601}, publisher = {Elsevier}, copyright = {Elsevier}, DOI = {10.1016/j.comcom.2008.01.046}, URL = {https://www.cs.dartmouth.edu/~kotz/research/nanda-jmeshmon/index.html}, abstract = {Mesh networks are a potential solution for providing communication infrastructure in an emergency. They can be rapidly deployed by first responders in the wake of a major disaster to augment an existing wireless or wired network. We imagine a mesh node with multiple radios embedded in each emergency vehicle arriving at the site to form the backbone of a mobile wireless mesh. The ability of such a mesh network to monitor itself, diagnose faults and anticipate problems are essential features for its sustainable operation. Typical SNMP-based centralized solutions introduce a single point of failure and are unsuitable for managing such a network. \emph{Mesh-Mon} is a decentralized monitoring and management system designed for such a mobile, rapidly-deployed, unplanned mesh network and works independently of the underlying mesh routing protocol. Mesh-Mon nodes are designed to actively cooperate and use localized algorithms to predict, detect, diagnose and resolve network problems in a scalable manner. Mesh-Mon is independent of the underlying routing protocol and can operate even if the mesh routing protocol completely fails. A novel aspect of our approach is that we employ mobile users of the mesh, running software called \emph{Mesh-Mon-Ami} to ferry management packets between physically-disconnected partitions in a delay-tolerant network manner. The main contributions of this paper are the design, implementation and evaluation of a comprehensive monitoring and management architecture that helps a network administrator proactively identify, diagnose and resolve a range of issues that can occur in a dynamic mesh network. In experiments on \emph{Dart-Mesh}, our 16-node indoor mesh testbed, we found Mesh-Mon to be effective in quickly diagnosing and resolving a variety of problems with high accuracy, without adding significant management overhead.}, } @TechReport{nanda:lbc-tr, author = {Soumendra Nanda and David Kotz}, title = {{Localized Bridging Centrality for Distributed Network Analysis}}, institution = {Dartmouth Computer Science}, year = 2008, month = {January}, number = {TR2008-612}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/nanda-lbc-tr/index.html}, abstract = {Centrality is a concept often used in social network analysis to study different properties of networks that are modeled as graphs. We present a new centrality metric called Localized Bridging Centrality (LBC). LBC is based on the Bridging Centrality (BC) metric that Hwang et al. recently introduced. Bridging nodes are nodes that are located in between highly connected regions. LBC is capable of identifying bridging nodes with an accuracy comparable to that of the BC metric for most networks. As the name suggests, we use only local information from surrounding nodes to compute the LBC metric, while, global knowledge is required to calculate the BC metric. The main difference between LBC and BC is that LBC uses the egocentric definition of betweenness centrality to identify bridging nodes, while BC uses the sociocentric definition of betweenness centrality. Thus, our LBC metric is suitable for distributed computation and has the benefit of being an order of magnitude faster to calculate in computational complexity. We compare the results produced by BC and LBC in three examples. We applied our LBC metric for network analysis of a real wireless mesh network. Our results indicate that the LBC metric is as powerful as the BC metric at identifying bridging nodes that have a higher flow of information through them (assuming a uniform distribution of network flows) and are important for the robustness of the network.}, } @InProceedings{nanda:lbc, author = {Soumendra Nanda and David Kotz}, title = {{Localized Bridging Centrality for Distributed Network Analysis}}, booktitle = {{Proceedings of the International Conference on Computer Communications and Networks (ICCCN)}}, year = 2008, month = {August}, pages = {1--6}, publisher = {IEEE}, copyright = {IEEE}, DOI = {10.1109/ICCCN.2008.ECP.31}, URL = {https://www.cs.dartmouth.edu/~kotz/research/nanda-lbc/index.html}, abstract = {Centrality is a concept often used in social network analysis to study different properties of networks that are modeled as graphs. We present a new centrality metric called Localized Bridging Centrality (LBC). LBC is based on the Bridging Centrality (BC) metric that Hwang et al. recently introduced. Bridging nodes are nodes that are strategically located in between highly connected regions. LBC is capable of identifying bridging nodes with an accuracy comparable to that of the BC metric for most networks. As the name suggests, we use only local information from surrounding nodes to compute the LBC metric, whereas, global knowledge is required to calculate the BC metric. The main difference between LBC and BC is that LBC uses the egocentric definition of betweenness centrality to identify bridging nodes, while BC uses the sociocentric definition of betweenness centrality. Thus, our LBC metric is suitable for distributed or parallel computation and has the benefit of being an order of magnitude faster to calculate in computational complexity. We compare the results produced by BC and LBC in three examples. We applied our LBC metric for network analysis of a real wireless mesh network. Our results indicate that the LBC metric is as powerful as the BC metric at identifying bridging nodes. The LBC metric is thus an important tool that can help network administrators identify critical nodes that are important for the robustness of the network in a distributed manner.}, } @Article{sheng:map, author = {Yong Sheng and Guanling Chen and Hongda Yin and Keren Tan and Udayan Deshpande and Bennet Vance and David Kotz and Andrew Campbell and Chris McDonald and Tristan Henderson and Joshua Wright}, title = {{MAP: A scalable monitoring system for dependable 802.11 wireless networks}}, journal = {IEEE Wireless Communications}, year = 2008, month = {October}, volume = 15, number = 5, pages = {10--18}, publisher = {IEEE}, copyright = {IEEE}, DOI = {10.1109/MWC.2008.4653127}, URL = {https://www.cs.dartmouth.edu/~kotz/research/sheng-map/index.html}, abstract = {Many enterprises have deployed 802.11 wireless networks for mission-critical operations; these networks must be protected for dependable access. This paper introduces project MAP, which includes a scalable 802.11 measurement system that can provide continuous monitoring of wireless traffic to quickly identify threats and attacks. We discuss the MAP system architecture, design decisions, and evaluation results from a real testbed.}, } @InProceedings{sheng:spoofing, author = {Yong Sheng and Keren Tan and Guanling Chen and David Kotz and Andrew Campbell}, title = {{Detecting 802.11 MAC Layer Spoofing Using Received Signal Strength}}, booktitle = {{Proceedings of the Annual Joint Conference of the IEEE Computer and Communications Societies (INFOCOM)}}, year = 2008, month = {April}, pages = {1768--1776}, publisher = {IEEE}, copyright = {IEEE}, DOI = {10.1109/INFOCOM.2007.239}, URL = {https://www.cs.dartmouth.edu/~kotz/research/sheng-spoofing/index.html}, abstract = {MAC addresses can be easily spoofed in 802.11 wireless LANs. An adversary can exploit this vulnerability to launch a large number of attacks. For example, an attacker may masquerade as a legitimate access point to disrupt network services or to advertise false services, tricking nearby wireless stations. On the other hand, the received signal strength (RSS) is a measurement that is hard to forge arbitrarily and it is highly correlated to the transmitter's location. Assuming the attacker and the victim are separated by a reasonable distance, RSS can be used to differentiate them to detect MAC spoofing, as recently proposed by several researchers. \par By analyzing the RSS pattern of typical 802.11 transmitters in a 3-floor building covered by 20 air monitors, we observed that the RSS readings followed a mixture of multiple Gaussian distributions. We discovered that this phenomenon was mainly due to \emph{antenna diversity}, a widely-adopted technique to improve the stability and robustness of wireless connectivity. This observation renders existing approaches ineffective because they assume a single RSS source. We propose an approach based on Gaussian mixture models, building RSS profiles for spoofing detection. Experiments on the same testbed show that our method is robust against antenna diversity and significantly outperforms existing approaches. At a 3\% false positive rate, we detect 73.4\%, 89.6\% and 97.8\% of attacks using the three proposed algorithms, based on local statistics of a single AM, combining local results from AMs, and global multi-AM detection, respectively.}, } @InProceedings{shin:senseright-poster, author = {Cory Cornelius and Apu Kapadia and David Kotz and Dan Peebles and Minho Shin and Patrick Tsang}, title = {{Poster Abstract: Reliable People-Centric Sensing with Unreliable Voluntary Carriers}}, booktitle = {{Proceedings of the International Conference on Mobile Systems, Applications, and Services (MobiSys)}}, year = 2008, month = {June}, numpages = 1, publisher = {ACM}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/shin-senseright-poster/index.html}, abstract = {As sensor technology becomes increasingly easy to integrate into personal devices such as mobile phones, clothing, and athletic equipment, there will be new applications involving opportunistic, people-centric sensing. These applications, which gather information about human activities and personal social context, raise many security and privacy challenges. In particular, data integrity is important for many applications, whether using traffic data for city planning or medical data for diagnosis. Although our AnonySense system (presented at MobiSys) addresses privacy in people-centric sensing, protecting data integrity in people-centric sensing still remains a challenge. Some mechanisms to protect privacy provide anonymity, and thus provide limited means for accountability; data integrity becomes even more difficult to protect. \par We propose SenseRight, the first architecture for high-integrity people-centric sensing. The SenseRight approach, which extends and enhances AnonySense, assures integrity of both the sensor data (through use of tamper-resistant sensor devices) and the sensor context (through a time-constrained protocol), maintaining anonymity if desired.}, } @Article{yeo:crawdad-2007, author = {Jihwang Yeo and David Kotz and Tristan Henderson}, title = {{Workshop report --- CRAWDAD Workshop 2007}}, journal = {ACM SIGCOMM Computer Communication Review}, year = 2008, month = {July}, volume = 38, number = 3, pages = {79--82}, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/1384609.1384619}, URL = {https://www.cs.dartmouth.edu/~kotz/research/yeo-crawdad-2007/index.html}, abstract = {Wireless network researchers are hungry for data about how real users, applications, and devices use real networks under real network conditions. CRAWDAD, the Community Resource for Archiving Wireless Data at Dartmouth, is an NSF-funded project that is building a wireless network data archive for the research community. We host wireless data, and provide tools and documents to make it easy to collect and use wireless network data. We hope that this resource will help researchers to identify and evaluate real and interesting problems in mobile and pervasive computing. This report outlines the CRAWDAD project and summarizes the third CRAWDAD workshop, held at MobiCom 2007.}, } @PhdThesis{deshpande:thesis, author = {Udayan Deshpande}, title = {{A Dynamically Refocusable Sampling Infrastructure for 802.11 Networks}}, school = {Dartmouth College Computer Science}, year = 2008, month = {May}, copyright = {Udayan Deshpande}, address = {Hanover, NH}, URL = {https://www.cs.dartmouth.edu/~kotz/research/deshpande-thesis/index.html}, note = {Available as Dartmouth Computer Science Technical Report TR2008-620}, abstract = {The edge of the Internet is increasingly wireless. Enterprises large and small, homeowners, and even whole cities have deployed Wi-Fi networks for their users, and many users never need to--- or never bother to--- use the wired network. With the advent of high-throughput wireless networks (such as 802.11n) some new construction, even of large enterprise buildings, may no longer be wired for Ethernet. To understand Internet traffic, then, we need to understand the wireless edge. Measuring Wi-Fi traffic, however, is challenging. It is insufficient to capture traffic in the access points, or upstream of the access points, because the activity of neighboring networks, ad hoc networks, and physical interference cannot be seen at that level. To truly understand the MAC-layer behavior, we need to capture frames from the air using Air Monitors (AMs) placed in the vicinity of the network. Such a capture is always a sample of the network activity, since it is physically impossible to capture a full trace: all frames from all channels at all times in all places. We have built a monitoring infrastructure that captures frames from the 802.11 network. This infrastructure includes several ``channel sampling'' strategies that will capture representative traffic from the network. Further, the monitoring infrastructure needs to modify its behavior according to feedback received from the downstream consumers of the captured traffic in case the analysis needs traffic of a certain type. We call this technique ``refocusing''. The ``coordinated sampling'' technique improves the efficiency of the monitoring by utilizing the AMs intelligently. Finally, we deployed this measurement infrastructure within our Computer Science building to study the performance of the system with real network traffic.}, } @TechReport{fielding:thesis, author = {Jeffrey Fielding}, title = {{Linkability in Activity Inference Data Sets}}, institution = {Dartmouth Computer Science}, year = 2008, month = {June}, number = {TR2008-623}, copyright = {the author}, address = {Hanover, NH}, URL = {https://www.cs.dartmouth.edu/~kotz/research/fielding-thesis/index.html}, note = {Available as Dartmouth Computer Science Technical Report TR2008-623}, abstract = {Activity inference is an active area of ubiquitous computing research. By training machine learning algorithms on data from sensors worn by volunteers, researchers hope to develop software that can interact more naturally with the user by inferring what the user is doing. In this thesis, we use the same sensor data to infer which volunteer is carrying the sensors. Such inference could be useful -- for example, a mobile device might infer who is carrying it and adapt to that user's preferences. It also raises some privacy concerns, since an attacker could learn more about a user by linking together several sensor traces from the same user. We develop a model to differentiate users based on their sensor data, and examine its accuracy as well as the potential benefits and pitfalls.}, } @PhdThesis{mingli:thesis, author = {Ming Li}, title = {{Group-Aware Stream Filtering}}, school = {Dartmouth College Computer Science}, year = 2008, month = {May}, copyright = {Ming Li}, address = {Hanover, NH}, URL = {https://www.cs.dartmouth.edu/~kotz/research/mingli-thesis/index.html}, note = {Available as Dartmouth Computer Science Technical Report TR2008-621}, abstract = {Recent years have witnessed a new class of monitoring applications that need to continuously collect information from remote data sources. Those data sources, such as web click-streams, stock quotes, and sensor data, are often characterized as fast-rate high-volume ``streams''. Distributed stream-processing systems are thus designed to efficiently use system resources to serve the data-acquisition needs of the applications. Most of the state-of-the-art stream-processing systems assume an Ethernet-based network whose bandwidth is abundant, and focus on mechanisms to save computational power and memory. For applications involving wireless networks, particularly multi-hop mesh networks, we recognize that the most limiting factor in efficiently processing streams lies in the network's highly constrained bandwidth. Hence, this dissertation proposes a group-aware stream filtering approach that saves bandwidth at the cost of increased CPU time, for low-bandwidth data-streaming systems. This approach, used together with multicasting, exploits two overlooked properties of monitoring applications: 1) many of them can tolerate some degree of ``slack'' in their data quality requirements, and 2) there may exist multiple subsets of the source data satisfying the quality needs of an application. We can thus choose the ``best alternative'' subset for each application to maximize the data overlap within the group to best benefit from multicasting. After proving the problem NP-hard, we introduce a suite of heuristics-based algorithms that ensure data quality, specifically data granularity and timeliness, in addition to preserving network bandwidth. Our framework for group-aware stream filtering is extensible and supports a diverse range of filtering needs of monitoring applications. We evaluate this approach with a prototype system based on real-world data sets. The results show that quality-managed group-aware filtering is effective in trading CPU time for bandwidth savings, compared with self-interested stream filtering. We also evaluate the effect of each algorithm on temporal freshness of the data. Finally, we discuss other application realms that might benefit from group-aware stream filtering.}, } @PhdThesis{nanda:thesis, author = {Soumendra Nanda}, title = {{Mesh-Mon: a Monitoring and Management System for Wireless Mesh Networks}}, school = {Dartmouth College Computer Science}, year = 2008, month = {May}, copyright = {Soumendra Nanda}, address = {Hanover, NH}, URL = {https://www.cs.dartmouth.edu/~kotz/research/nanda-thesis/index.html}, note = {Available as Dartmouth Computer Science Technical Report TR2008-619}, abstract = {A mesh network is a network of wireless routers that employ multi-hop routing and can be used to provide network access for mobile clients. Mobile mesh networks can be deployed rapidly to provide an alternate communication infrastructure for emergency response operations in areas with limited or damaged infrastructure. \par In this dissertation, we present Dart-Mesh: a Linux-based layer-3 dual-radio two-tiered mesh network that provides complete 802.11b coverage in the Sudikoff Lab for Computer Science at Dartmouth College. We faced several challenges in building, testing, monitoring and managing this network. These challenges motivated us to design and implement Mesh-Mon, a network monitoring system to aid system administrators in the management of a mobile mesh network. Mesh-Mon is a scalable, distributed and decentralized management system in which mesh nodes cooperate in a proactive manner to help detect, diagnose and resolve network problems automatically. Mesh-Mon is independent of the routing protocol used by the mesh routing layer and can function even if the routing protocol fails. We demonstrate this feature by running Mesh-Mon on two versions of Dart-Mesh, one running on AODV (a reactive mesh routing protocol) and the second running on OLSR (a proactive mesh routing protocol) in separate experiments. \par Mobility can cause links to break, leading to disconnected partitions. We identify critical nodes in the network, whose failure may cause a partition. We introduce two new metrics based on social-network analysis: the Localized Bridging Centrality (LBC) metric and the Localized Load-aware Bridging Centrality (LLBC) metric, that can identify critical nodes efficiently and in a fully distributed manner. \par We run a monitoring component on client nodes, called Mesh-Mon-Ami, which also assists Mesh-Mon nodes in the dissemination of management information between physically disconnected partitions, by acting as carriers for management data. \par We conclude, from our experimental evaluation on our 16-node Dart-Mesh testbed, that our system solves several management challenges in a scalable manner, and is a useful and effective tool for monitoring and managing real-world mesh networks.}, } @PhdThesis{song:thesis, author = {Libo Song}, title = {{Evaluating Mobility Predictors in Wireless Networks for Improving Handoff and Opportunistic Routing}}, school = {Dartmouth College Computer Science}, year = 2008, month = {January}, copyright = {Libo Song}, address = {Hanover, NH}, URL = {https://www.cs.dartmouth.edu/~kotz/research/song-thesis/index.html}, note = {Available as Dartmouth Computer Science Technical Report TR2008-611}, abstract = {We evaluate mobility predictors in wireless networks. Handoff prediction in wireless networks has long been considered as a mechanism to improve the quality of service provided to mobile wireless users. Most prior studies, however, were based on theoretical analysis, simulation with synthetic mobility models, or small wireless network traces. We study the effect of mobility prediction for a large realistic wireless situation. We tackle the problem by using traces collected from a large production wireless network to evaluate several major families of handoff-location prediction techniques, a set of handoff-time predictors, and a predictor that jointly predicts handoff location and time. We also propose a fallback mechanism, which uses a lower-order predictor whenever a higher-order predictor fails to predict. We found that low-order Markov predictors, with our proposed fallback mechanisms, performed as well or better than the more complex and more space-consuming compression-based handoff-location predictors. Although our handoff-time predictor had modest prediction accuracy, in the context of mobile voice applications we found that bandwidth reservation strategies can benefit from the combined location and time handoff predictor, significantly reducing the call-drop rate without significantly increasing the call-block rate. We also developed a prediction-based routing protocol for mobile opportunistic networks. We evaluated and compared our protocol's performance to five existing routing protocols, using simulations driven by real mobility traces. We found that the basic routing protocols are not practical for large-scale opportunistic networks. Prediction-based routing protocols trade off the message delivery ratio against resource usage and performed well and comparable to each other.}, } @Article{anthony:pervasive, author = {Denise Anthony and Tristan Henderson and David Kotz}, title = {{Privacy in Location Aware Computing Environments}}, journal = {IEEE Pervasive}, year = 2007, month = {October}, volume = 6, number = 4, pages = {64--72}, publisher = {IEEE}, copyright = {IEEE}, DOI = {10.1109/MPRV.2007.83}, URL = {https://www.cs.dartmouth.edu/~kotz/research/anthony-pervasive/index.html}, abstract = {As location-aware and pervasive computing technologies become more prevalent, privacy concerns are becoming increasingly more important. User preferences about location privacy may depend on place, not only in terms of their physical location but also in terms of their social context: how they define where they are, what they are doing, and whom they are with at the time. Using the experience sampling method, the authors explored the privacy preferences of 25 users during one week. They found that participants were more willing to share location information when at home or alone than when at other locations or with friends. Most participants were consistent in their location privacy preferences across requester categories and regardless of place. Some participants, however, varied in their willingness to share location information depending on where they were, who they were with, and who was requesting the information. Those participants tended to be more concerned about privacy in general. These findings are useful for designing future privacy policies and user interfaces for pervasive computing. This article is part of a special issue on security and privacy.}, } @InCollection{chen:bnaming, author = {Guanling Chen and Kazuhiro Minami and David Kotz}, title = {{Naming and Discovery in Mobile Systems}}, booktitle = {{The Handbook of Mobile Middleware}}, editor = {Paolo Bellavista and Antonio Corradi}, year = 2007, chapter = 16, pages = {387--407}, publisher = {John Wiley \& Sons}, copyright = {John Wiley \& Sons}, ISBN13 = 9780367390105, URL = {https://www.cs.dartmouth.edu/~kotz/research/chen-bnaming/index.html}, abstract = {Middleware supporting mobile applications must provide naming and discovery functionalities to enable anytime and anywhere service access. In this chapter, we survey existing service-discovery standards, identify four challenges for naming and discovery in a mobile environment, and provide a detailed discussion of the approaches that can be used to address each of these challenges.}, } @InProceedings{deshpande:coordinated, author = {Udayan Deshpande and Chris McDonald and David Kotz}, title = {{Coordinated Sampling to Improve the Efficiency of Wireless Network Monitoring}}, booktitle = {{Proceedings of the IEEE International Conference on Networks (ICON)}}, year = 2007, month = {November}, pages = {353--358}, publisher = {IEEE}, copyright = {IEEE}, DOI = {10.1109/ICON.2007.4444112}, URL = {https://www.cs.dartmouth.edu/~kotz/research/deshpande-coordinated/index.html}, abstract = {Wireless networks are deployed in home, university, business, military and hospital environments, and are increasingly used for mission-critical applications like VoIP or financial applications. Monitoring the health of these networks, whether it is for failure, coverage or attacks, is important in terms of security, connectivity, cost, and performance. \par Effective monitoring of wireless network traffic, using commodity hardware, is a challenging task due to the limitations of the hardware. IEEE 802.11 networks support multiple channels, and a wireless interface can monitor only a single channel at one time. Thus, capturing all frames passing an interface on all channels is an impossible task, and we need strategies to capture the most representative sample. \par When a large geographic area is to be monitored, several monitoring stations must be deployed, and these will typically overlap in their area of coverage. The competing goals of effective wireless monitoring are to capture as many frames as possible, while minimizing the number of those frames that are captured redundantly by more than one monitoring station. Both goals may be addressed with a sampling strategy that directs neighboring monitoring stations to different channels during any period. To be effective, such a strategy requires timely access to the nature of all recent traffic. \par We propose a coordinated sampling strategy that meets these goals. Our implemented solution involves a central controller considering traffic characteristics from many monitoring stations to periodically develop specific sampling policies for each station. We demonstrate the effectiveness of our coordinated sampling strategy by comparing it with existing independent strategies. Our coordinated strategy enabled more distinct frames to be captured, providing a solid foundation for focused sampling and intrusion detection.}, } @TechReport{johnson:metrosec-challenges-tr, author = {Peter Johnson and Apu Kapadia and David Kotz and Nikos Triandopoulos}, title = {{People-Centric Urban Sensing: Security Challenges for the New Paradigm}}, institution = {Dartmouth Computer Science}, year = 2007, month = {February}, number = {TR2007-586}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/johnson-metrosec-challenges-tr/index.html}, abstract = {We study the security challenges that arise in \emph{people-centric urban sensing}, a new sensor-networking paradigm that leverages humans as part of the sensing infrastructure. Most prior work on sensor networks has focused on collecting and processing ephemeral data about the environment using a static topology and an application-aware infrastructure. People-centric urban sensing, however, involves collecting, storing, processing and fusing large volumes of data related to every-day human activities. Sensing is performed in a highly dynamic and mobile environment, and supports (among other things) pervasive computing applications that are focused on enhancing the user's experience. In such a setting, where humans are the central focus, there are new challenges for information security; not only because of the complex and dynamic communication patterns, but also because the data originates from sensors that are carried by a person---not a tiny sensor thrown in the forest or mounted on the neck of an animal. In this paper we aim to instigate discussion about this critical issue---because people-centric sensing will never succeed without adequate provisions for security and privacy. To that end, we outline several important challenges and suggest general solutions that hold promise in this new paradigm of sensor networks.}, } @InProceedings{kapadia:walls, author = {Apu Kapadia and Tristan Henderson and Jeffrey Fielding and David Kotz}, title = {{Virtual Walls: Protecting Digital Privacy in Pervasive Environments}}, booktitle = {{Proceedings of the International Conference on Pervasive Computing (Pervasive)}}, series = {Lecture Notes in Computer Science}, year = 2007, month = {May}, volume = 4480, pages = {162--179}, publisher = {Springer-Verlag}, copyright = {Springer-Verlag}, DOI = {10.1007/978-3-540-72037-9_10}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kapadia-walls/index.html}, abstract = {As pervasive environments become more commonplace, the privacy of users is placed at an increased risk. The numerous and diverse sensors in these environments can record contextual information about users, leading to users unwittingly leaving ``digital footprints.'' Users must therefore be allowed to control how their digital footprints are reported to third parties. While a significant amount of prior work has focused on location privacy, location is only one specific type of footprint, and we expect most users to be incapable of specifying fine-grained policies for a multitude of footprints. In this paper we present a policy language based on the metaphor of physical walls, and posit that users will find this to be an intuitive way to control access to their digital footprints. For example, users understand the physical privacy implications of conducting a meeting in a room enclosed by physical walls. By allowing users to deploy ``virtual walls,'' they can control the privacy of their digital footprints much in the same way they control their privacy in the physical world. We present a policy framework and model for virtual walls with three levels of transparency that correspond to intuitive levels of privacy. We also describe the results of a user study (N {$=$} 23) that indicates that our model is easy to understand and use.}, } @Article{kim:jclassify, author = {Minkyong Kim and David Kotz}, title = {{Periodic properties of user mobility and access-point popularity}}, journal = {Journal of Personal and Ubiquitous Computing}, year = 2007, month = {August}, volume = 11, number = 6, pages = {465--479}, publisher = {Springer-Verlag}, copyright = {Springer London}, DOI = {10.1007/s00779-006-0093-4}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kim-jclassify/index.html}, note = {Invited paper; special issue of papers from LoCA 2005}, abstract = {Understanding user mobility and its effect on access points (APs) is important in designing location-aware systems and wireless networks. Although various studies of wireless networks have provided useful insights, it is hard to apply them to other situations. Here we present a general methodology for extracting mobility information from wireless network traces, and for classifying mobile users and APs. We used the Fourier transform to reveal important periods and chose the two strongest periods to serve as parameters to a classification system based on Bayes' theory. Analysis of 1-month traces shows that while a daily pattern is common among both users and APs, a weekly pattern is common only for APs. Analysis of 1-year traces revealed that both user mobility and AP popularity depend on the academic calendar. By plotting the classes of APs on our campus map, we discovered that their periodic behavior depends on their proximity to other APs.}, } @InProceedings{li:wwasn07, author = {Ming Li and David Kotz}, title = {{Group-aware Stream Filtering}}, booktitle = {{Proceedings of the Workshop on Wireless Ad hoc and Sensor Networks (WWASN)}}, year = 2007, month = {June}, numpages = 8, publisher = {IEEE}, copyright = {IEEE}, address = {Toronto}, DOI = {10.1109/ICDCSW.2007.38}, URL = {https://www.cs.dartmouth.edu/~kotz/research/li-wwasn07/index.html}, abstract = {In this paper we are concerned with disseminating high-volume data streams to many simultaneous context-aware applications over a low-bandwidth wireless mesh network. For bandwidth efficiency, we propose a \emph{group-aware stream filtering} approach, used in conjunction with multicasting, that exploits two overlooked, yet important, properties of these applications: 1) many applications can tolerate some degree of ``slack'' in their data quality requirements, and 2) there may exist multiple subsets of the source data satisfying the quality needs of an application. We can thus choose the ``best alternative'' subset for each application to maximize the data overlap within the group to best benefit from multicasting. An evaluation of our prototype implementation shows that group-aware data filtering can save bandwidth with low CPU overhead.}, } @TechReport{nanda:combined-tr, author = {Soumendra Nanda and Zhenhui Jiang and David Kotz}, title = {{A Combined Routing Method for Ad hoc Wireless Networks}}, institution = {Dartmouth Computer Science}, year = 2007, month = {June}, number = {TR2007-588}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/nanda-combined-tr/index.html}, abstract = {To make ad hoc wireless networks adaptive to different mobility and traffic patterns, this paper proposes an approach to swap from one protocol to another protocol dynamically, while routing continues. By the insertion of a thin new layer, we were able to make each node in the ad hoc wireless network notify each other about the protocol swap. To ensure that routing works efficiently after the protocol swap, we initialized the destination routing protocol's data structures and reused the previous routing information to build the new routing table. We also tested our approach under different network topologies and traffic patterns in static networks to learn whether the swap was fast and whether the swap incurred too much overhead. We found that the swap latency was related to the nature of the destination protocol and the topology of the network. We also found that the control packet ratio after swap was close to that of the protocol running without swap, which indicates that our method does not incur too much overhead for the swap.}, } @Article{newport:axioms, author = {Calvin Newport and David Kotz and Yougu Yuan and Robert S. Gray and Jason Liu and Chip Elliott}, title = {{Experimental Evaluation of Wireless Simulation Assumptions}}, journal = {SIMULATION: Transactions of The Society for Modeling and Simulation International}, year = 2007, month = {September}, volume = 83, number = 9, pages = {643--661}, publisher = {SAGE Publications}, copyright = {Simulation Councils}, DOI = {10.1177/0037549707085632}, URL = {https://www.cs.dartmouth.edu/~kotz/research/newport-axioms/index.html}, abstract = {All analytical and simulation research on ad hoc wireless networks must necessarily model radio propagation using simplifying assumptions. A growing body of research, however, indicates that the behavior of the protocol stack may depend significantly on these underlying assumptions. The standard response to this problem is a call for more realism in designing radio models. But how much realism is enough? This study is the first to approach this question by validating simulator performance (both at the physical and application layers) with the results of real-world data. Referencing an extensive set of measurements from a large outdoor routing experiment, we start by evaluating the relative realism of common assumptions made in radio model design, identifying those which provide a reasonable approximation of reality. Although several such investigations have been made for static sensor networks, radio behavior in mobile network deployments is a much less-studied topic. We then reproduce our experimental setup in our simulator, and generate the same application-layer metrics under progressively smaller sets of these assumptions. By comparing the simulated outcome to the outcome of our experiment, we are able to discern at what point our balance of simplification and realism captures the real behavior of our target environment.}, } @InProceedings{song:dtn, author = {Libo Song and David Kotz}, title = {{Evaluating Opportunistic Routing Protocols with Large Realistic Contact Traces}}, booktitle = {{Proceedings of the ACM MobiCom workshop on Challenged Networks (CHANTS 2007)}}, year = 2007, month = {September}, pages = {35--42}, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/1287791.1287799}, URL = {https://www.cs.dartmouth.edu/~kotz/research/song-dtn/index.html}, abstract = {Traditional mobile ad hoc network (MANET) routing protocols assume that contemporaneous end-to-end communication paths exist between data senders and receivers. In some mobile ad hoc networks with a sparse node population, an end-to-end communication path may break frequently or may not exist at any time. Many routing protocols have been proposed in the literature to address the problem, but few were evaluated in a realistic ``opportunistic'' network setting. We use simulation and contact traces (derived from logs in a production network) to evaluate and compare five existing protocols: direct-delivery, epidemic, random, PRoPHET, and Link-State, as well as our own proposed routing protocol. We show that the direct delivery and epidemic routing protocols suffer either low delivery ratio or high resource usage, and other protocols make tradeoffs between delivery ratio and resource usage.}, } @Article{yeo:crawdad-mc2r, author = {Jihwang Yeo and Tristan Henderson and David Kotz}, title = {{Workshop report --- CRAWDAD Workshop 2006}}, journal = {ACM SIGMOBILE Mobile Computing and Communication Review}, year = 2007, month = {January}, volume = 11, number = 1, pages = {67--69}, publisher = {ACM}, copyright = {ACM}, URL = {https://www.cs.dartmouth.edu/~kotz/research/yeo-crawdad-mc2r/index.html}, abstract = {Wireless network researchers are seriously starved for data about how real users, applications, and devices use real networks under real network conditions. CRAWDAD, the Community Resource for Archiving Wireless Data at Dartmouth, is an NSF-funded project that is building a wireless network data archive for the research community. We host wireless data, and provide tools and documents to make it easy to collect and use wireless network data. We hope that this resource will help researchers to identify and evaluate real and interesting problems in mobile and pervasive computing. This report outlines the CRAWDAD project and summarizes the second CRAWDAD workshop, held at MobiCom 2006.}, } @InProceedings{deshpande:sampling, author = {Udayan Deshpande and Tristan Henderson and David Kotz}, title = {{Channel Sampling Strategies for Monitoring Wireless Networks}}, booktitle = {{Proceedings of the International Workshop on Wireless Network Measurement (WiNMee)}}, year = 2006, month = {April}, numpages = 7, publisher = {IEEE}, copyright = {IEEE}, DOI = {10.1109/WIOPT.2006.1666486}, URL = {https://www.cs.dartmouth.edu/~kotz/research/deshpande-sampling/index.html}, abstract = {Monitoring the activity on an IEEE 802.11 network is useful for many applications, such as network management, optimizing deployment, or detecting network attacks. Deploying wireless sniffers to monitor every access point in an enterprise network, however, may be expensive or impractical. Moreover, some applications may require the deployment of multiple sniffers to monitor the numerous channels in an 802.11 network. In this paper, we explore sampling strategies for monitoring multiple channels in 802.11b/g networks. We describe a simple sampling strategy, where each channel is observed for an equal, predetermined length of time, and consider applications where such a strategy might be appropriate. We then introduce a sampling strategy that weights the time spent on each channel according to the number of frames observed on that channel, and compare the two strategies under experimental conditions.}, } @InCollection{henderson:measuring, author = {Tristan Henderson and David Kotz}, title = {{Measuring Wireless LANs}}, booktitle = {{Mobile, Wireless and Sensor Networks: Technology, Applications and Future Directions}}, editor = {Rajeev Shorey and Akkihebbal L. Ananda and Mun Choon Chan and Wei Tsang Ooi}, year = 2006, chapter = 1, pages = {5--27}, publisher = {John Wiley \& Sons}, copyright = {John Wiley \& Sons}, ISBN13 = 9780471755593, address = {New York, NY}, DOI = {10.1002/0471755591.ch1}, URL = {https://www.cs.dartmouth.edu/~kotz/research/henderson-measuring/index.html}, abstract = {Wireless local area networks have become increasingly popular in recent years, and are now commonplace in many venues, including academic and corporate campuses, residences, and ``hotspots'' in public areas. It is important to understand how these wireless LANs are used, both for deploying networks, and for the development of future wireless networking protocols and applications. \par In this chapter we discuss the measurement and analysis of the popular 802.11 family of wireless LANs. We describe the tools, metrics and techniques that are used to measure wireless LANs. The results of existing measurement studies are surveyed. We illustrate some of the problems that are specific to measuring wireless LANs, and outline some challenges for collecting future wireless traces.}, } @InProceedings{kim:mobility, author = {Minkyong Kim and David Kotz and Songkuk Kim}, title = {{Extracting a mobility model from real user traces}}, booktitle = {{Proceedings of the Annual Joint Conference of the IEEE Computer and Communications Societies (INFOCOM)}}, year = 2006, month = {April}, pages = {1--12}, publisher = {IEEE}, copyright = {IEEE}, address = {Barcelona, Spain}, DOI = {10.1109/INFOCOM.2006.173}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kim-mobility/index.html}, abstract = {Understanding user mobility is critical for simulations of mobile devices in a wireless network, but current mobility models often do not reflect real user movements. In this paper, we provide a foundation for such work by exploring mobility characteristics in traces of mobile users. We present a method to estimate the physical location of users from a large trace of mobile devices associating with access points in a wireless network. Using this method, we extracted tracks of always-on Wi-Fi devices from a 13-month trace. We discovered that the speed and pause time each follow a log-normal distribution and that the direction of movements closely reflects the direction of roads and walkways. Based on the extracted mobility characteristics, we developed a mobility model, focusing on movements among popular regions. Our validation shows that synthetic tracks match real tracks with a median relative error of 17\%.}, } @InProceedings{kim:wardriving, author = {Minkyong Kim and Jeffrey J. Fielding and David Kotz}, title = {{Risks of using AP locations discovered through war driving}}, booktitle = {{Proceedings of the International Conference on Pervasive Computing (Pervasive)}}, series = {Lecture Notes in Computer Science}, year = 2006, month = {May}, volume = 3968, pages = {67--82}, publisher = {Springer-Verlag}, copyright = {Springer-Verlag}, address = {Dublin, Ireland}, DOI = {10.1007/11748625_5}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kim-wardriving/index.html}, abstract = {Many pervasive-computing applications depend on knowledge of user location. Because most current location-sensing techniques work only either indoors or outdoors, researchers have started using 802.11 beacon frames from access points (APs) to provide broader coverage. To use 802.11 beacons, they need to know AP locations. Because the actual locations are often unavailable, they use estimated locations from \emph{war driving}. But these estimated locations may be different from actual locations. In this paper, we analyzed the errors in these estimates and the effect of these errors on other applications that depend on them. We found that the estimated AP locations have a median error of 32 meters. We considered the error in tracking user positions both indoors and outdoors. Using actual AP locations, we could improve the accuracy as much as 70\% for indoors and 59\% for outdoors. We also analyzed the effect of using estimated AP locations in computing AP coverage range and estimating interference among APs. The coverage range appeared to be shorter and the interference appeared to be more severe than in reality.}, } @InProceedings{kumar:fbcast, author = {Rajnish Kumar and Arnab Paul and Umakishore Ramachandran and David Kotz}, title = {{On improving wireless broadcast reliability of sensor networks using erasure codes}}, booktitle = {{Proceedings of the International Conference on Mobile Ad-hoc and Sensor Networks (MSN)}}, series = {Lecture Notes in Computer Science}, year = 2006, month = {December}, volume = 4325, pages = {155--170}, publisher = {Springer-Verlag}, copyright = {Springer}, DOI = {10.1007/11943952_14}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kumar-fbcast/index.html}, abstract = {Efficient and reliable dissemination of information over a large area is a critical ability of a sensor network for various reasons such as software updates and transferring large data objects (e.g., surveillance images). Thus efficiency of wireless broadcast is an important aspect of sensor network deployment. In this paper, we study FBcast, a new broadcast protocol based on the principles of modern erasure codes. We show that our approach provides high reliability, often considered critical for disseminating codes. In addition FBcast offers limited data confidentiality. For a large network, where every node may not be reachable by the source, we extend FBcast with the idea of repeaters to improve reliable coverage. Simulation results on TOSSIM show that FBcast offers higher reliability with lower number of retransmissions than traditional broadcasts.}, } @InProceedings{minami:scalability, author = {Kazuhiro Minami and David Kotz}, title = {{Scalability in a Secure Distributed Proof System}}, booktitle = {{Proceedings of the International Conference on Pervasive Computing (Pervasive)}}, series = {Lecture Notes in Computer Science}, year = 2006, month = {May}, volume = 3968, pages = {220--237}, publisher = {Springer-Verlag}, copyright = {Springer-Verlag}, address = {Dublin, Ireland}, DOI = {10.1007/11748625_14}, URL = {https://www.cs.dartmouth.edu/~kotz/research/minami-scalability/index.html}, abstract = {A logic-based language is often adopted in systems for pervasive computing, because it provides a convenient way to define rules that change the behavior of the systems dynamically. Those systems might define rules that refer to the users' context information to provide context-aware services. For example, a smart-home application could define rules referring to the location of a user to control the light of a house automatically. In general, the context information is maintained in different administrative domains, and it is, therefore, desirable to construct a proof in a distributed way while preserving each domain's confidentiality policies. In this paper, we introduce such a system, a secure distributed proof system for context-sensitive authorization and show that our novel caching and revocation mechanism improves the performance of the system, which depends on public key cryptographic operations to protect confidential information in rules and facts. Our revocation mechanism maintains dependencies among facts and recursively revokes across multiple hosts all the cached facts that depend on a fact that has become invalid. Our initial experimental results show that our caching mechanism, which maintains both positive and negative facts, significantly reduces the latency for handling a logical query.}, } @Article{oldfield:restruct, author = {Ron Oldfield and David Kotz}, title = {{Improving data access for computational grid applications}}, journal = {Cluster Computing}, year = 2006, month = {January}, volume = 9, number = 1, pages = {79--99}, publisher = {Springer-Verlag}, copyright = {Springer-Verlag}, DOI = {10.1007/s10586-006-4899-7}, URL = {https://www.cs.dartmouth.edu/~kotz/research/oldfield-restruct/index.html}, abstract = {High-performance computing increasingly occurs on ``computational grids'' composed of heterogeneous and geographically distributed systems of computers, networks, and storage devices that collectively act as a single ``virtual'' computer. A key challenge in this environment is to provide efficient access to data distributed across remote data servers. Our parallel I/O framework, called Armada, allows application and data-set providers to flexibly compose graphs of processing modules that describe the distribution, application interfaces, and processing required of the dataset before computation. Although the framework provides a simple programming model for the application programmer and the data-set provider, the resulting graph may contain bottlenecks that prevent efficient data access. In this paper, we present an algorithm used to restructure Armada graphs that distributes computation and data flow to improve performance in the context of a wide-area computational grid.}, } @Article{song:jpredict, author = {Libo Song and David Kotz and Ravi Jain and Xiaoning He}, title = {{Evaluating next cell predictors with extensive Wi-Fi mobility data}}, journal = {IEEE Transactions on Mobile Computing}, year = 2006, month = {December}, volume = 5, number = 12, pages = {1633--1649}, publisher = {IEEE}, copyright = {IEEE}, DOI = {10.1109/TMC.2006.185}, URL = {https://www.cs.dartmouth.edu/~kotz/research/song-jpredict/index.html}, abstract = {Location is an important feature for many applications, and wireless networks can better serve their clients by anticipating client mobility. As a result, many location predictors have been proposed in the literature, though few have been evaluated with empirical evidence. This paper reports on the results of the first extensive empirical evaluation of location predictors, using a two-year trace of the mobility patterns of over 6,000 users on Dartmouth's campus-wide Wi-Fi wireless network. The surprising results provide critical evidence for anyone designing or using mobility predictors. \par We implemented and compared the prediction accuracy of several location predictors drawn from four major families of domain-independent predictors, namely Markov-based, compression-based, PPM, and SPM predictors. We found that low-order Markov predictors performed as well or better than the more complex and more space-consuming compression-based predictors.}, } @Article{song:reserv-poster, author = {Libo Song and Udayan Deshpande and Ula{\c{s}} C. Kozat and David Kotz and Ravi Jain}, title = {{MobiCom Poster Abstract: Bandwidth Reservation using WLAN Handoff Prediction}}, journal = {ACM SIGMOBILE Mobile Computing and Communication Review}, year = 2006, month = {October}, volume = 10, number = 4, pages = {22--23}, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/1215976.1215987}, URL = {https://www.cs.dartmouth.edu/~kotz/research/song-reserv-poster/index.html}, note = {Poster presented at Mobicom 2005}, abstract = {Many network services may be improved or enabled by successful predictions of users' future mobility. The success of predictions depend on how much accuracy can be achieved on real data and on the sensitivity of particular applications to this achievable accuracy. We investigate these issues for the case of advanced bandwidth reservation using real WLAN traces collected on the Dartmouth College campus.}, } @InProceedings{song:reserv, author = {Libo Song and Udayan Deshpande and Ula{\c{s}} C. Kozat and David Kotz and Ravi Jain}, title = {{Predictability of WLAN Mobility and its Effects on Bandwidth Provisioning}}, booktitle = {{Proceedings of the Annual Joint Conference of the IEEE Computer and Communications Societies (INFOCOM)}}, year = 2006, month = {April}, pages = {1--13}, publisher = {IEEE}, copyright = {IEEE}, address = {Barcelona, Spain}, DOI = {10.1109/INFOCOM.2006.171}, URL = {https://www.cs.dartmouth.edu/~kotz/research/song-reserv/index.html}, abstract = {Wireless local area networks (WLANs) are emerging as a popular technology for access to the Internet and enterprise networks. In the long term, the success of WLANs depends on services that support mobile network clients. \par Although other researchers have explored mobility prediction in hypothetical scenarios, evaluating their predictors analytically or with synthetic data, few studies have been able to evaluate their predictors with real user mobility data. As a first step towards filling this fundamental gap, we work with a large data set collected from the Dartmouth College campus-wide wireless network that hosts more than 500 access points and 6,000 users. Extending our earlier work that focuses on predicting the next-visited access point (i.e., location), in this work we explore the predictability of the time of user mobility. Indeed, our contributions are two-fold. First, we evaluate a series of predictors that reflect possible dependencies across time and space while benefiting from either individual or group mobility behaviors. Second, as a case study we examine voice applications and the use of handoff prediction for advance bandwidth reservation. Using application-specific performance metrics such as call drop and call block rates, we provide a picture of the potential gains of prediction. \par Our results indicate that it is difficult to predict handoff time accurately, when applied to real campus WLAN data. However, the findings of our case study also suggest that application performance can be improved significantly even with predictors that are only moderately accurate. The gains depend on the applications' ability to use predictions and tolerate inaccurate predictions. In the case study, we combine the real mobility data with synthesized traffic data. The results show that intelligent prediction can lead to significant reductions in the rate at which active calls are dropped due to handoffs with marginal increments in the rate at which new calls are blocked.}, } @Article{yeo:crawdad-ccr, author = {Jihwang Yeo and David Kotz and Tristan Henderson}, title = {{CRAWDAD: A Community Resource for Archiving Wireless Data at Dartmouth}}, journal = {ACM SIGCOMM Computer Communication Review}, year = 2006, month = {April}, volume = 36, number = 2, pages = {21--22}, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/1129582.1129588}, URL = {https://www.cs.dartmouth.edu/~kotz/research/yeo-crawdad-ccr/index.html}, note = {Project overview}, abstract = {Wireless network researchers are seriously starved for data about how real users, applications, and devices use real networks under real network conditions. CRAWDAD, a Community Resource for Archiving Wireless Data at Dartmouth, is a new NSF-funded project to build a wireless network data archive for the research community. We host wireless data, and provide tools and documents to make it easy to collect and use wireless network data. We hope that this resource will help researchers identify and evaluate real and interesting problems in mobile and pervasive computing. This report outlines the CRAWDAD project, the kick-off workshop that was held at MobiCom 2005, and the latest news.}, } @PhdThesis{minami:thesis, author = {Kazuhiro Minami}, title = {{Secure Context-sensitive Authorization}}, school = {Dartmouth College Computer Science}, year = 2006, month = {February}, copyright = {Kazuhiro Minami}, address = {Hanover, NH}, URL = {https://www.cs.dartmouth.edu/~kotz/research/minami-thesis/index.html}, note = {Available as Dartmouth Computer Science Technical Report TR2006-571}, abstract = {Pervasive computing leads to an increased integration between the real world and the computational world, and many applications in pervasive computing adapt to the user's context, such as the location of the user and relevant devices, the presence of other people, light or sound conditions, or available network bandwidth, to meet a user's continuously changing requirements without taking explicit input from the users. \par We consider a class of applications that wish to consider a user's context when deciding whether to authorize a user's access to important physical or information resources. Such a context-sensitive authorization scheme is necessary when a mobile user moves across multiple administrative domains where they are not registered in advance. Also, users interacting with their environment need a non-intrusive way to access resources, and clues about their context may be useful input into authorization policies for these resources. Existing systems for context-sensitive authorization take a logic-based approach, because a logical language makes it possible to define a context model where a contextual fact is expressed with a boolean predicate and to derive higher-level context information and authorization decisions from contextual facts. \par However, those existing context-sensitive authorization systems have a central server that collects context information, and evaluates policies to make authorization decisions on behalf of a resource owner. A centralized solution assumes that all resource owners trust the server to make correct decisions, and all users trust the server not to disclose private context information. In many realistic applications of pervasive computing, however, the resources, users, and sources of context information are inherently distributed among many organizations that do not necessarily trust each other. Resource owners may not trust the integrity of context information produced by another domain, and context sensors may not trust others with the confidentiality of data they provide about users. \par In this thesis, we present a secure distributed proof system for context-sensitive authorization. Our system enables multiple hosts to evaluate an authorization query in a peer-to-peer way, while preserving the confidentiality and integrity policies of mutually untrusted principals running those hosts. We also develop a novel caching and revocation mechanism to support context-sensitive policies that refer to information in dozens of different administrative domains. Contributions of this thesis include the definition of fine-grained security policies that specify trust relations among principals in terms of information confidentiality and integrity, the design and implementation of a secure distributed proof system, a proof for the correctness of our algorithm, and a performance evaluation showing that the amortized performance of our system scales to dozens of servers in different domains.}, } @InProceedings{blinn:hotspot, author = {David P. Blinn and Tristan Henderson and David Kotz}, title = {{Analysis of a Wi-Fi Hotspot Network}}, booktitle = {{Proceedings of the International Workshop on Wireless Traffic Measurements and Modeling (WiTMeMo)}}, year = 2005, month = {June}, pages = {1--6}, publisher = {USENIX Association}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/blinn-hotspot/index.html}, abstract = {Wireless hotspot networks have become increasingly popular in recent years as a means of providing Internet access in public areas such as restaurants and airports. In this paper we present the first study of such a hotspot network. We examine five weeks of SNMP traces from the Verizon Wi-Fi HotSpot network in Manhattan. We find that far more cards associated to the network than logged into it. Most clients used the network infrequently and visited few APs. AP utilization was uneven and the network displayed some unusual patterns in traffic load. Some characteristics were similar to those previously observed in studies of campus WLANs.}, } @InProceedings{chen:pack, author = {Guanling Chen and David Kotz}, title = {{Policy-Driven Data Dissemination for Context-Aware Applications}}, booktitle = {{Proceedings of the IEEE International Conference on Pervasive Computing and Communications (PerCom)}}, year = 2005, month = {March}, pages = {283--289}, publisher = {IEEE}, copyright = {IEEE}, address = {Kauai, Hawaii}, DOI = {10.1109/PERCOM.2005.32}, URL = {https://www.cs.dartmouth.edu/~kotz/research/chen-pack/index.html}, abstract = {Context-aware pervasive-computing applications require continuous monitoring of their physical and computational environment to make appropriate adaptation decisions in time. The data streams produced by sensors, however, may overflow the queues on the dissemination path. Traditional flow-control and congestion-control policies either drop data or force the sender to pause. When the data sender is sensing the physical environment, however, a pause is equivalent to dropping data. Instead of arbitrarily dropping data that may contain important events, we present a policy-driven data dissemination service named PACK, based on an overlay-based infrastructure for efficient multicast delivery. PACK enforces application-specified policies that define how to discard or summarize data flows wherever queues overflow on the data path, notably at the mobile hosts where applications often reside. A key contribution of our approach is to uniformly apply the data-stream ``packing'' abstraction to queue overflow caused by network congestion, slow receivers, and temporary disconnection. We present experimental results and a detailed application study of the PACK service.}, } @TechReport{chen:social-tr, author = {Guanling Chen and David Kotz}, title = {{Structural Analysis of Social Networks with Wireless Users}}, institution = {Dartmouth Computer Science}, year = 2005, month = {July}, number = {TR2005-549}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/chen-social-tr/index.html}, abstract = {Online interactions between computer users form Internet-based social networks. In this paper we present a structural analysis of two such networks with wireless users. In one network the wireless users participate in a global file-sharing system, and in the other they interact with each other through a local music-streaming application.}, } @InProceedings{henderson:esm, author = {Tristan Henderson and Denise Anthony and David Kotz}, title = {{Measuring wireless network usage with the experience sampling method}}, booktitle = {{Proceedings of the Workshop on Wireless Network Measurements (WiNMee)}}, year = 2005, month = {April}, numpages = 6, publisher = {International Communications Sciences and Technology Association (ICST)}, copyright = {International Communications Sciences and Technology Association (ICST)}, ISBN = {0-9767294-0-7}, URL = {https://www.cs.dartmouth.edu/~kotz/research/henderson-esm/index.html}, abstract = {Measuring wireless local area networks has proven useful for characterizing, modeling and provisioning these networks. These measurements are typically taken passively from a vantage point on the network itself. Client devices, or users, are never actively queried. These measurements can indicate \emph{what} is happening on the network, but it can be difficult to infer \emph{why} a particular behavior is occurring. In this paper we use the Experience Sampling Method (ESM) to study wireless network users. We monitored 29 users remotely for one week, and signaled them to fill out a questionnaire whenever interesting wireless behavior was observed. We find ESM to be a useful method for collecting data about wireless network usage that cannot be provided by network monitoring, and we present a list of recommendations for network researchers who wish to conduct an ESM study.}, } @TechReport{kim:classify-tr, author = {Minkyong Kim and David Kotz}, title = {{Classifying the Mobility of Users and the Popularity of Access Points}}, institution = {Dartmouth Computer Science}, year = 2005, month = {May}, number = {TR2005-540}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kim-classify-tr/index.html}, abstract = {There is increasing interest in location-aware systems and applications. It is important for any designer of such systems and applications to understand the nature of user and device mobility. Furthermore, an understanding of the effect of user mobility on access points (APs) is also important for designing, deploying, and managing wireless networks. Although various studies of wireless networks have provided insights into different network environments and user groups, it is often hard to apply these findings to other situations, or to derive useful abstract models. \par In this paper, we present a general methodology for extracting mobility information from wireless network traces, and for classifying mobile users and APs. We used the Fourier transform to convert time-dependent location information to the frequency domain, then chose the two strongest periods and used them as parameters to a classification system based on Bayesian theory. To classify mobile users, we computed diameter (the maximum distance between any two APs visited by a user during a fixed time period) and observed how this quantity changes or repeats over time. We found that user mobility had a strong period of one day, but there was also a large group of users that had either a much smaller or much bigger primary period. Both primary and secondary periods had important roles in determining classes of mobile users. Users with one day as their primary period and a smaller secondary period were most prevalent; we expect that they were mostly students taking regular classes. To classify APs, we counted the number of users visited each AP. The primary period did not play a critical role because it was equal to one day for most of the APs; the secondary period was the determining parameter. APs with one day as their primary period and one week as their secondary period were most prevalent. By plotting the classes of APs on our campus map, we discovered that this periodic behavior of APs seemed to be independent of their geographical locations, but may depend on the relative locations of nearby APs. Ultimately, we hope that our study can help the design of location-aware services by providing a base for user mobility models that reflect the movements of real users.}, } @InProceedings{kim:classify, author = {Minkyong Kim and David Kotz}, title = {{Classifying the Mobility of Users and the Popularity of Access Points}}, booktitle = {{Proceedings of the International Workshop on Location- and Context-Awareness (LoCA)}}, editor = {Thomas Strang and Claudia Linnhoff-Popien}, series = {Lecture Notes in Computer Science}, year = 2005, month = {May}, volume = 3479, pages = {198--209}, publisher = {Springer-Verlag}, copyright = {Springer-Verlag}, address = {Germany}, DOI = {10.1007/11426646_19}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kim-classify/index.html}, abstract = {There is increasing interest in location-aware systems and applications. It is important for any designer of such systems and applications to understand the nature of user and device mobility. Furthermore, an understanding of the effect of user mobility on access points (APs) is also important for designing, deploying, and managing wireless networks. Although various studies of wireless networks have provided insights into different network environments and user groups, it is often hard to apply these findings to other situations, or to derive useful abstract models. \par In this paper, we present a general methodology for extracting mobility information from wireless network traces, and for classifying mobile users and APs. We used the Fourier transform to convert time-dependent location information to the frequency domain, then chose the two strongest periods and used them as parameters to a classification system based on Bayesian theory. To classify mobile users, we computed diameter (the maximum distance between any two APs visited by a user during a fixed time period) and observed how this quantity changes or repeats over time. We found that user mobility had a strong period of one day, but there was also a large group of users that had either a much smaller or much bigger primary period. Both primary and secondary periods had important roles in determining classes of mobile users. Users with one day as their primary period and a smaller secondary period were most prevalent; we expect that they were mostly students taking regular classes. To classify APs, we counted the number of users visited each AP. The primary period did not play a critical role because it was equal to one day for most of the APs; the secondary period was the determining parameter. APs with one day as their primary period and one week as their secondary period were most prevalent. By plotting the classes of APs on our campus map, we discovered that this periodic behavior of APs seemed to be independent of their geographical locations, but may depend on the relative locations of nearby APs. Ultimately, we hope that our study can help the design of location-aware services by providing a base for user mobility models that reflect the movements of real users.}, } @InProceedings{kim:hotspots, author = {Minkyong Kim and David Kotz}, title = {{Modeling users' mobility among WiFi access points}}, booktitle = {{Proceedings of the International Workshop on Wireless Traffic Measurements and Modeling (WiTMeMo)}}, year = 2005, month = {June}, pages = {19--24}, publisher = {USENIX Association}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kim-hotspots/index.html}, abstract = {Modeling movements of users is important for simulating wireless networks, but current models often do not reflect real movements. Using real mobility traces, we can build a mobility model that reflects reality. In building a mobility model, it is important to note that while the number of handheld wireless devices is constantly increasing, laptops are still the majority in most cases. As a laptop is often disconnected from the network while a user is moving, it is not feasible to extract the exact path of the user from network messages. Thus, instead of modeling individual user's movements, we model movements in terms of the influx and outflux of users between access points (APs). We first counted the hourly visits to APs in the syslog messages recorded at APs. We found that the hourly number of visits has a periodic repetition of 24 hours. Based on this observation, we aggregated the visits of multiple days into a single day. We then clustered APs based on the different peak hour of visits. We found that this approach of clustering is effective; we ended up with four distinct clusters and a cluster of stable APs. We then computed the average arrival rate and the distribution of the daily arrivals for each cluster. Using a standard method (such as \emph{thinning}) for generating non-homogeneous Poisson processes, synthetic traces can be generated from our model.}, } @Article{kotz:crawdad-workshop05, author = {David Kotz and Tristan Henderson}, title = {{CRAWDAD: A Community Resource for Archiving Wireless Data at Dartmouth}}, journal = {IEEE Pervasive Computing}, year = 2005, month = {October}, volume = 4, number = 4, pages = {12--14}, publisher = {IEEE}, copyright = {IEEE}, DOI = {10.1109/MPRV.2005.75}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-crawdad-workshop05/index.html}, abstract = {Wireless network researchers are seriously starved for data about how real users, applications, and devices use real networks under real network conditions. CRAWDAD (Community Resource for Archiving Wireless Data at Dartmouth) is a new National Science Foundation-funded project to build a wireless-network data archive for the research community. It will host wireless data and provide tools and documents to make collecting and using the data easy. This resource should help researchers identify and evaluate real and interesting problems in mobile and pervasive computing. To learn more about CRAWDAD and discuss its direction, about 30 interested people gathered at a workshop held in conjunction with MobiCom 2005.}, } @Article{kotz:jcampus, author = {David Kotz and Kobby Essien}, title = {{Analysis of a Campus-wide Wireless Network}}, journal = {Wireless Networks}, year = 2005, month = {January}, volume = 11, number = {1--2}, pages = {115--133}, publisher = {Springer}, copyright = {Springer Science and Business Media}, DOI = {10.1007/s11276-004-4750-0}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-jcampus/index.html}, abstract = {Understanding usage patterns in wireless local-area networks (WLANs) is critical for those who develop, deploy, and manage WLAN technology, as well as those who develop systems and application software for wireless networks. This paper presents results from the largest and most comprehensive trace of network activity in a large, production wireless LAN. For eleven weeks we traced the activity of nearly two thousand users drawn from a general campus population, using a campus-wide network of 476 access points spread over 161 buildings at Dartmouth College. Our study expands on those done by Tang and Baker, with a significantly larger and broader population. \par We found that residential traffic dominated all other traffic, particularly in residences populated by newer students; students are increasingly choosing a wireless laptop as their primary computer. Although web protocols were the single largest component of traffic volume, network backup and file sharing contributed an unexpectedly large amount to the traffic. Although there was some roaming within a network session, we were surprised by the number of situations in which cards roamed excessively, unable to settle on one access point. Cross-subnet roams were an especial problem, because they broke IP connections, indicating the need for solutions that avoid or accommodate such roams.}, } @Article{liu:jdirex, author = {Jason Liu and Yougu Yuan and David M. Nicol and Robert S. Gray and Calvin C. Newport and David Kotz and Luiz Felipe Perrone}, title = {{Empirical Validation of Wireless Models in Simulations of Ad Hoc Routing Protocols}}, journal = {Simulation: Transactions of The Society for Modeling and Simulation International}, year = 2005, month = {April}, volume = 81, number = 4, pages = {307--323}, publisher = {Sage Publications}, copyright = {Simulation Councils}, DOI = {10.1177/0037549705055017}, URL = {https://www.cs.dartmouth.edu/~kotz/research/liu-jdirex/index.html}, note = {``Best of PADS 2004'' special issue}, abstract = {Computer simulation has been used extensively as an effective tool in the design and evaluation of systems. One should not, however, underestimate the importance of validation--- the process of ensuring whether a simulation model is an appropriate representation of the real-world system. Validation of wireless network simulations is difficult due to strong interdependencies among protocols at different layers and uncertainty in the wireless environment. The authors present an approach of coupling direct-execution simulation and traces from real outdoor experiments to validating simple wireless models that are used commonly in simulations of wireless ad hoc networks. This article documents a common testbed that supports direct execution of a set of ad hoc routing protocol implementations in a wireless network simulator. By comparing routing behavior measured in the real experiment with behavior computed by the simulation, the authors validate the models of radio behavior upon which protocol behavior depends.}, } @InProceedings{minami:csa, author = {Kazuhiro Minami and David Kotz}, title = {{Secure Context-sensitive Authorization}}, booktitle = {{Proceedings of the IEEE International Conference on Pervasive Computing and Communications (PerCom)}}, year = 2005, month = {March}, pages = {257--268}, publisher = {IEEE}, copyright = {IEEE}, address = {Kauai, Hawaii}, DOI = {10.1109/PERCOM.2005.37}, URL = {https://www.cs.dartmouth.edu/~kotz/research/minami-csa/index.html}, abstract = {There is a recent trend toward rule-based authorization systems to achieve flexible security policies. Also, new sensing technologies in pervasive computing make it possible to define context-sensitive rules, such as ``allow database access only to staff who are currently located in the main office.'' However, these rules, or the facts that are needed to verify authority, often involve sensitive context information. This paper presents a secure context-sensitive authorization system that protects confidential information in facts or rules. Furthermore, our system allows multiple hosts in a distributed environment to perform the evaluation of an authorization query in a collaborative way; we do not need a universally trusted central host that maintains all the context information. The core of our approach is to decompose a proof for making an authorization decision into a set of sub-proofs produced on multiple different hosts, while preserving the integrity and confidentiality policies of the mutually untrusted principals operating these hosts.}, } @Article{minami:jcsa, author = {Kazuhiro Minami and David Kotz}, title = {{Secure Context-sensitive Authorization}}, journal = {Journal of Pervasive and Mobile Computing}, year = 2005, month = {March}, volume = 1, number = 1, pages = {123--156}, publisher = {Elsevier}, copyright = {Elsevier}, DOI = {10.1016/j.pmcj.2005.01.004}, URL = {https://www.cs.dartmouth.edu/~kotz/research/minami-jcsa/index.html}, abstract = {There is a recent trend toward rule-based authorization systems to achieve flexible security policies. Also, new sensing technologies in pervasive computing make it possible to define context-sensitive rules, such as ``allow database access only to staff who are currently located in the main office.'' However, these rules, or the facts that are needed to verify authority, often involve sensitive context information. This paper presents a secure context-sensitive authorization system that protects confidential information in facts or rules. Furthermore, our system allows multiple hosts in a distributed environment to perform the evaluation of an authorization query in a collaborative way; we do not need a universally trusted central host that maintains all the context information. The core of our approach is to decompose a proof for making an authorization decision into a set of sub-proofs produced on multiple different hosts, while preserving the integrity and confidentiality policies of the mutually untrusted principals operating these hosts. We prove the correctness of our algorithm.}, } @Misc{kotz:crawdad-sw, author = {David Kotz and Tristan Henderson and Chris McDonald}, title = {{CRAWDAD archive: a Community Resource for Archiving Wireless Data At Dartmouth}}, howpublished = {Web site}, year = 2005, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-crawdad-sw/index.html}, abstract = {CRAWDAD is the Community Resource for Archiving Wireless Data At Dartmouth, a wireless network data resource for the research community. This archive has the capacity to store wireless trace data from many contributing locations, and staff to develop better tools for collecting, anonymizing, and analyzing the data.}, } @MastersThesis{jiang:msthesis, author = {Zhenhui Jiang}, title = {{A Combined Routing Method for Ad hoc Wireless Networks}}, school = {Dartmouth College Computer Science}, year = 2005, month = {December}, copyright = {Zhenhui Jiang}, address = {Hanover, NH}, URL = {https://www.cs.dartmouth.edu/~kotz/research/jiang-msthesis/index.html}, note = {Available as Dartmouth Computer Science Technical Report TR2005-566}, abstract = {To make ad hoc wireless networks adaptive to different mobility and traffic patterns, we studied in this thesis an approach to swap from one protocol to another protocol dynamically, while routing continues. By the insertion of a new layer, we were able to make each node in the ad hoc wireless network notify each other about the protocol swap. To ensure that routing works efficiently after the protocol swap, we initialized the destination routing protocol's data structures and reused the previous routing information to build the new routing table. We also tested our approach under different network topologies and traffic patterns in static networks to learn whether the swap is fast and whether the swap incurs too much overload . We found that the swap latency is related to the destination protocol and the topology of the network. We also found that the control packet ratio after swap is close to the protocol running without swap, which means our method does not incur too many control packets for swap.}, } @Article{aslam:kerf-news, author = {Javed Aslam and Sergey Bratus and David Kotz and Ronald Peterson and Daniela Rus}, title = {{The Kerf toolkit for intrusion analysis}}, journal = {IAnewsletter}, year = 2005, month = {Summer}, volume = 8, number = 2, pages = {12--16}, publisher = {Information Assurance Technology Analysis Center (IATAC)}, copyright = {IATAC}, URL = {https://www.cs.dartmouth.edu/~kotz/research/aslam-kerf-news/index.html}, } @InProceedings{aslam:kerf-WIP, author = {Javed Aslam and Sergey Bratus and David Kotz and Ron Peterson and Daniela Rus}, title = {{Kerf: Machine Learning to Aid Intrusion Analysts}}, booktitle = {{Proceedings of the USENIX Security Symposium}}, year = 2004, month = {August}, numpages = 1, publisher = {USENIX Association}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/aslam-kerf-WIP/index.html}, note = {Work-in-progress report.}, } @TechReport{aslam:toolkit-tr, author = {Javed Aslam and Sergey Bratus and David Kotz and Ron Peterson and Daniela Rus and Brett Tofel}, title = {{The Kerf toolkit for intrusion analysis}}, institution = {Dartmouth Computer Science}, year = 2004, month = {March}, number = {TR2004-493}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/aslam-toolkit-tr/index.html}, abstract = {We consider the problem of intrusion analysis and present the Kerf Toolkit, whose purpose is to provide an efficient and flexible infrastructure for the analysis of attacks. The Kerf Toolkit includes a mechanism for securely recording host and network logging information for a network of workstations, a domain-specific language for querying this stored data, and an interface for viewing the results of such a query, providing feedback on these results, and generating new queries in an iterative fashion. We describe the architecture of Kerf, present examples to demonstrate the power of our query language, and discuss the performance of our implementation of this system.}, } @Article{aslam:toolkit, author = {Javed Aslam and Sergey Bratus and David Kotz and Ron Peterson and Daniela Rus and Brett Tofel}, title = {{The Kerf toolkit for intrusion analysis}}, journal = {IEEE Security and Privacy}, year = 2004, month = {November}, volume = 2, number = 6, pages = {42--52}, publisher = {IEEE}, copyright = {IEEE}, DOI = {10.1109/MSP.2004.113}, URL = {https://www.cs.dartmouth.edu/~kotz/research/aslam-toolkit/index.html}, abstract = {We consider the problem of intrusion analysis and present the Kerf Toolkit, whose purpose is to provide an efficient and flexible infrastructure for the analysis of attacks. The Kerf Toolkit includes a mechanism for securely recording host and network logging information for a network of workstations, a domain-specific language for querying this stored data, and an interface for viewing the results of such a query, providing feedback on these results, and generating new queries in an iterative fashion. We describe the architecture of Kerf, present examples to demonstrate the power of our query language, and discuss the performance of our implementation of this system.}, } @TechReport{baek:survey-tr, author = {Kwang-Hyun Baek and Sean W. Smith and David Kotz}, title = {{A Survey of WPA and 802.11i RSN Authentication Protocols}}, institution = {Dartmouth Computer Science}, year = 2004, month = {November}, number = {TR2004-524}, copyright = {the authors}, address = {Hanover, NH}, URL = {https://www.cs.dartmouth.edu/~kotz/research/baek-survey-tr/index.html}, abstract = {In the new standards for WLAN security, many choices exist for the authentication process. In this paper, we list eight desired properties of WLAN authentication protocols, survey eight recent authentication protocols, and analyze the protocols according to the desired properties.}, } @TechReport{chen:dependency-tr, author = {Guanling Chen and David Kotz}, title = {{Dependency management in distributed settings}}, institution = {Dartmouth Computer Science}, year = 2004, month = {March}, number = {TR2004-495}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/chen-dependency-tr/index.html}, abstract = {Ubiquitous-computing environments are heterogeneous and volatile in nature. Systems that support ubicomp applications must be self-managed, to reduce human intervention. In this paper, we present a general service that helps distributed software components to manage their dependencies. Our service proactively monitors the liveness of components and recovers them according to supplied policies. Our service also tracks the state of components, on behalf of their dependents, and may automatically select components for the dependent to use based on evaluations of customized functions. We believe that our approach is flexible and abstracts away many of the complexities encountered in ubicomp environments. In particular, we show how we applied the service to manage dependencies of context-fusion operators and present some experimental results.}, } @InProceedings{chen:dependency, author = {Guanling Chen and David Kotz}, title = {{Dependency management in distributed settings (Poster Abstract)}}, booktitle = {{Proceedings of the International Conference on Autonomic Computing (ICAC)}}, year = 2004, month = {May}, pages = {272--273}, publisher = {IEEE}, copyright = {IEEE}, DOI = {10.1109/ICAC.2004.1301375}, URL = {https://www.cs.dartmouth.edu/~kotz/research/chen-dependency/index.html}, abstract = {Ubiquitous-computing environments are heterogeneous and volatile in nature. Systems that support ubicomp applications must be self-managed, to reduce human intervention. In this paper, we present a general service that helps distributed software components to manage their dependencies. Our service proactively monitors the liveness of components and recovers them according to supplied policies. Our service also tracks the state of components, on behalf of their dependents, and may automatically select components for the dependent to use based on evaluations of customized functions. We believe that our approach is flexible and abstracts away many of the complexities encountered in ubicomp environments. In particular, we show how we applied the service to manage dependencies of context-fusion operators and present some experimental results.}, } @InProceedings{chen:fusenet, author = {Guanling Chen and Ming Li and David Kotz}, title = {{Design and implementation of a large-scale context fusion network}}, booktitle = {{Proceedings of the International Conference on Mobile and Ubiquitous Systems: Networking and Services (Mobiquitous)}}, year = 2004, month = {August}, pages = {246--255}, publisher = {IEEE}, copyright = {IEEE}, DOI = {10.1109/MOBIQ.2004.1331731}, URL = {https://www.cs.dartmouth.edu/~kotz/research/chen-fusenet/index.html}, abstract = {In this paper we motivate a Context Fusion Network (CFN), an infrastructure model that allows context-aware applications to select distributed data sources and compose them with customized data-fusion operators into a directed acyclic information fusion graph. Such a graph represents how an application computes high-level understandings of its execution context from low-level sensory data. Multiple graphs by different applications inter-connect with each other to form a global graph. A key advantage of a CFN is re-usability, both at code-level and instance-level, facilitated by operator composition. We designed and implemented a distributed CFN system, Solar, which maps the logical operator graph representation onto a set of overlay hosts. In particular, Solar meets the challenges inherent to heterogeneous and volatile ubicomp environments. By abstracting most complexities into the infrastructure, we believe Solar facilitates both the development and deployment of context-aware applications. We present the operator composition model, basic services of the Solar overlay network, and programming support for the developers. We also discuss some applications built with Solar and the lessons we learned from our experience.}, } @TechReport{chen:pack-tr, author = {Guanling Chen and David Kotz}, title = {{Application-Controlled Loss-Tolerant Data Dissemination}}, institution = {Dartmouth Computer Science}, year = 2004, month = {February}, number = {TR2004-488}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/chen-pack-tr/index.html}, abstract = {Reactive or proactive mobile applications require continuous monitoring of their physical and computational environment to make appropriate decisions in time. These applications need to monitor data streams produced by sensors and react to changes. When mobile sensors and applications are connected by low-bandwidth wireless networks, sensor data rates may overwhelm the capacity of network links or of the applications. In traditional networks and distributed systems, flow-control and congestion-control policies either drop data or force the sender to pause. When the data sender is sensing the physical environment, however, a pause is equivalent to dropping data. Arbitrary data drops are not necessarily acceptable to the reactive mobile applications receiving sensor data. Data distribution systems must support application-specific policies that selectively drop data objects when network or application buffers overflow. \par In this paper we present a data-dissemination service, PACK, which allows applications to specify customized data-reduction policies. These policies define how to discard or summarize data flows wherever buffers overflow on the dissemination path, notably at the mobile hosts where applications often reside. The PACK service provides an overlay infrastructure to support mobile data sources and sinks, using application-specific data-reduction policies where necessary along the data path. We uniformly apply the data-stream ``packing'' abstraction to buffer overflow caused by network congestion, slow receivers, and the temporary disconnections caused by end-host mobility. We demonstrate the effectiveness of our approach with an application example and experimental measurements.}, } @TechReport{chen:traces, author = {Guanling Chen and David Kotz}, title = {{A Case Study of Four Location Traces}}, institution = {Dartmouth Computer Science}, year = 2004, month = {February}, number = {TR2004-490}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/chen-traces/index.html}, abstract = {Location is one of the most important context information that an ubiquitous-computing application may leverage. Thus understanding the location systems and how location-aware applications interact with them is critical for design and deployment of both the location systems and location-aware applications. In this paper, we analyze a set of traces collected from two small-scale one-building location system and two large-scale campus-wide location systems. Our goal is to study characteristics of these location systems ant how these factors should be taken into account by a potentially large number of location-aware applications with different needs. We make empirical measurements of several important metrics and compare the results across these location systems. We discuss the implication of these results on location-aware applications and their supporting software infrastructure, and how location systems could be improved to better serve applications' needs. In places where possible, we use location-aware applications discussed in existing literatures as illustrating examples.}, } @TechReport{gray:compare-tr, author = {Robert S. Gray and David Kotz and Calvin Newport and Nikita Dubrovsky and Aaron Fiske and Jason Liu and Christopher Masone and Susan McGrath and Yougu Yuan}, title = {{Outdoor Experimental Comparison of Four Ad Hoc Routing Algorithms}}, institution = {Dartmouth Computer Science}, year = 2004, month = {June}, number = {TR2004-511}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/gray-compare-tr/index.html}, abstract = {Most comparisons of wireless ad hoc routing algorithms involve simulated or indoor trial runs, or outdoor runs with only a small number of nodes, potentially leading to an incorrect picture of algorithm performance. In this paper, we report on the results of an outdoor trial run of four different routing algorithms, APRL, AODV, GPSR, and STARA, running on top of thirty-three 802.11-enabled laptops moving randomly through an athletic field. The laptops generated random traffic according to the traffic patterns observed in a prototype application, and ran each routing algorithm for a fifteen-minute period over the course of the hour-long trial run. The 33-laptop experiment represents one of the largest outdoor tests of wireless routing algorithms, and three of the algorithms each come from a different algorithmic class, providing insight into the behavior of ad hoc routing algorithms at larger real-world scales than have been considered so far. In addition, we compare the outdoor results with both indoor (``tabletop'') and simulation results for the same algorithms, examining the differences between the indoor results and the outdoor reality. The paper also describes the software infrastructure that allowed us to implement the ad hoc routing algorithms in a comparable way, and use the same codebase for indoor, outdoor, and simulated trial runs.}, } @InProceedings{gray:compare, author = {Robert S. Gray and David Kotz and Calvin Newport and Nikita Dubrovsky and Aaron Fiske and Jason Liu and Christopher Masone and Susan McGrath and Yougu Yuan}, title = {{Outdoor Experimental Comparison of Four Ad Hoc Routing Algorithms}}, booktitle = {{Proceedings of the ACM/IEEE International Symposium on Modeling, Analysis and Simulation of Wireless and Mobile Systems (MSWiM)}}, year = 2004, month = {October}, pages = {220--229}, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/1023663.1023703}, URL = {https://www.cs.dartmouth.edu/~kotz/research/gray-compare/index.html}, abstract = {Most comparisons of wireless ad hoc routing algorithms involve simulated or \emph{indoor} trial runs, or outdoor runs with only a small number of nodes, potentially leading to an incorrect picture of algorithm performance. In this paper, we report on an outdoor comparison of four different routing algorithms, APRL, AODV, ODMRP, and STARA, running on top of thirty-three 802.11-enabled laptops moving randomly through an athletic field. This comparison provides insight into the behavior of ad hoc routing algorithms at larger real-world scales than have been considered so far. In addition, we compare the outdoor results with both indoor (``tabletop'') and simulation results for the same algorithms, examining the differences between the indoor results and the outdoor reality. Finally, we describe the software infrastructure that allowed us to implement the ad hoc routing algorithms in a comparable way, and use the \emph{same} codebase for indoor, outdoor, and simulated trial runs.}, } @TechReport{henderson:voice-tr, author = {Tristan Henderson and David Kotz and Ilya Abyzov}, title = {{The Changing Usage of a Mature Campus-wide Wireless Network}}, institution = {Dartmouth Computer Science}, year = 2004, month = {March}, number = {TR2004-496}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/henderson-voice-tr/index.html}, abstract = {Wireless Local Area Networks (WLANs) are now common on academic and corporate campuses. As ``Wi-Fi'' technology becomes ubiquitous, it is increasingly important to understand trends in the usage of these networks. This paper analyzes an extensive network trace from a mature 802.11 WLAN, including more than 550 access points and 7000 users over seventeen weeks. We employ several measurement techniques, including syslogs, telephone records, SNMP polling and tcpdump packet sniffing. This is the largest WLAN study to date, and the first to look at a large, mature WLAN and consider geographic mobility. We compare this trace to a trace taken after the network's initial deployment two years ago. \par We found that the applications used on the WLAN changed dramatically. Initial WLAN usage was dominated by Web traffic; our new trace shows significant increases in peer-to-peer, streaming multimedia, and voice over IP (VoIP) traffic. On-campus traffic now exceeds off-campus traffic, a reversal of the situation at the WLAN's initial deployment. Our study indicates that VoIP has been used little on the wireless network thus far, and most VoIP calls are made on the wired network. Most calls last less than a minute. \par We saw more heterogeneity in the types of clients used, with more embedded wireless devices such as PDAs and mobile VoIP clients. We define a new metric for mobility, the ``session diameter.'' We use this metric to show that embedded devices have different mobility characteristics than laptops, and travel further and roam to more access points. Overall, users were surprisingly non-mobile, with half remaining close to home about 98\% of the time.}, } @InProceedings{henderson:voice, author = {Tristan Henderson and David Kotz and Ilya Abyzov}, title = {{The Changing Usage of a Mature Campus-wide Wireless Network}}, booktitle = {{Proceedings of the ACM International Conference on Mobile Computing and Networking (MobiCom)}}, year = 2004, month = {September}, pages = {187--201}, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/1023720.1023739}, URL = {https://www.cs.dartmouth.edu/~kotz/research/henderson-voice/index.html}, abstract = {Wireless Local Area Networks (WLANs) are now commonplace on many academic and corporate campuses. As ``Wi-Fi'' technology becomes ubiquitous, it is increasingly important to understand trends in the usage of these networks. \par This paper analyzes an extensive network trace from a mature 802.11 WLAN, including more than 550 access points and 7000 users over seventeen weeks. We employ several measurement techniques, including syslogs, telephone records, SNMP polling and tcpdump packet sniffing. This is the largest WLAN study to date, and the first to look at a large, mature WLAN and consider geographic mobility. We compare this trace to a trace taken after the network's initial deployment two years ago. \par We found that the applications used on the WLAN changed dramatically. Initial WLAN usage was dominated by Web traffic; our new trace shows significant increases in peer-to-peer, streaming multimedia, and voice over IP (VoIP) traffic. On-campus traffic now exceeds off-campus traffic, a reversal of the situation at the WLAN's initial deployment. Our study indicates that VoIP has been used little on the wireless network thus far, and most VoIP calls are made on the wired network. Most calls last less than a minute. \par We saw greater heterogeneity in the types of clients used, with more embedded wireless devices such as PDAs and mobile VoIP clients. We define a new metric for mobility, the ``session diameter.'' We use this metric to show that embedded devices have different mobility characteristics than laptops, and travel further and roam to more access points. Overall, users were surprisingly non-mobile, with half remaining close to home about 98\% of the time.}, } @TechReport{kotz:axioms-tr2, author = {David Kotz and Calvin Newport and Robert S. Gray and Jason Liu and Yougu Yuan and Chip Elliott}, title = {{Experimental evaluation of wireless simulation assumptions}}, institution = {Dartmouth Computer Science}, year = 2004, month = {June}, number = {TR2004-507}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-axioms-tr2/index.html}, abstract = {All analytical and simulation research on ad hoc wireless networks must necessarily model radio propagation using simplifying assumptions. Although it is tempting to assume that all radios have circular range, have perfect coverage in that range, and travel on a two-dimensional plane, most researchers are increasingly aware of the need to represent more realistic features, including hills, obstacles, link asymmetries, and unpredictable fading. Although many have noted the complexity of real radio propagation, and some have quantified the effect of overly simple assumptions on the simulation of ad hoc network protocols, we provide a comprehensive review of six assumptions that are still part of many ad hoc network simulation studies. In particular, we use an extensive set of measurements from a large outdoor routing experiment to demonstrate the weakness of these assumptions, and show how these assumptions cause simulation results to differ significantly from experimental results. We close with a series of recommendations for researchers, whether they develop protocols, analytic models, or simulators for ad hoc wireless networks.}, } @InProceedings{kotz:axioms, author = {David Kotz and Calvin Newport and Robert S. Gray and Jason Liu and Yougu Yuan and Chip Elliott}, title = {{Experimental Evaluation of Wireless Simulation Assumptions}}, booktitle = {{Proceedings of the ACM/IEEE International Symposium on Modeling, Analysis and Simulation of Wireless and Mobile Systems (MSWiM)}}, year = 2004, month = {October}, pages = {78--82}, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/1023663.1023679}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-axioms/index.html}, abstract = {All analytical and simulation research on ad hoc wireless networks must necessarily model radio propagation using simplifying assumptions. We provide a comprehensive review of six assumptions that are still part of many ad hoc network simulation studies, despite increasing awareness of the need to represent more realistic features, including hills, obstacles, link asymmetries, and unpredictable fading. We use an extensive set of measurements from a large outdoor routing experiment to demonstrate the weakness of these assumptions, and show how these assumptions cause simulation results to differ significantly from experimental results. We close with a series of recommendations for researchers, whether they develop protocols, analytic models, or simulators for ad hoc wireless networks.}, } @InProceedings{kotz:ists, author = {David Kotz}, title = {{The Institute for Security Technology Studies (ISTS): overview}}, booktitle = {{Proceedings of the SPIE Defense and Security Symposium}}, year = 2004, month = {April}, pages = {9--17}, publisher = {SPIE}, copyright = {Society of Photo-Optical Instrumentation Engineers (SPIE)}, address = {Orlando, FL}, DOI = {10.1117/12.555797}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-ists/index.html}, note = {Invited paper}, abstract = {The Institute for Security Technology Studies (ISTS) was founded at Dartmouth College in 2000 as a national center of security research and development. The Institute conducts interdisciplinary research and development projects addressing the challenges of cyber and homeland security, to protect the integrity of the Internet, computer networks, and other interdependent information infrastructures. ISTS also develops technology for providing the information and tools necessary to assist communities and first responders with the evolving, complex security landscape. ISTS is a member of and administers the Institute for Information Infrastructure Protection (I3P), a consortium of 24 leading academic institutions, non-profits and federal laboratories that brings industry, academia and government together to articulate and focus on problems that need to be solved to help ensure the nation's information infrastructure is safe, secure, and robust.}, } @TechReport{kotz:privacy, author = {David Kotz}, title = {{Technological Implications for Privacy}}, institution = {Dartmouth Computer Science}, year = 2004, month = {June}, number = {TR2004-505}, copyright = {the author}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-privacy/index.html}, note = {Originally written during Summer 1998 Ethics Institute at Dartmouth College}, abstract = {The World-Wide Web is increasingly used for commerce and access to personal information stored in databases. Although the Web is ``just another medium'' for information exchange, the fact that all the information is stored in computers, and all of the activity happens in computers and computer networks, makes it easier (cheaper) than every to track users' activities. By recording and analyzing user's activities in the Web, activities that may seem to be quite private to many users, it is more likely than ever before that a person's privacy may be threatened. In this paper I examine some of the technology in the Web, and how it affects the privacy of Web users. I also briefly summarize some of the efforts to regulate privacy on the Internet.}, } @InProceedings{liu:direx, author = {Jason Liu and Yougu Yuan and David M. Nicol and Robert S. Gray and Calvin C. Newport and David Kotz and Luiz Felipe Perrone}, title = {{Simulation Validation Using Direct Execution of Wireless Ad-Hoc Routing Protocols}}, booktitle = {{Proceedings of the Workshop on Parallel and Distributed Simulation (PADS)}}, year = 2004, month = {May}, pages = {7--16}, publisher = {ACM}, copyright = {IEEE}, DOI = {10.1109/PADS.2004.1301280}, URL = {https://www.cs.dartmouth.edu/~kotz/research/liu-direx/index.html}, abstract = {Computer simulation is the most common approach to studying wireless ad-hoc routing algorithms. The results, however, are only as good as the models the simulation uses. One should not underestimate the importance of \emph{validation}, as inaccurate models can lead to wrong conclusions. In this paper, we use direct-execution simulation to validate radio models used by ad-hoc routing protocols, against real-world experiments. This paper documents a common testbed that supports direct execution of a set of ad-hoc routing protocol implementations in a wireless network simulator. The testbed reads traces generated from real experiments, and uses them to drive direct-execution implementations of the routing protocols. Doing so we reproduce the same network conditions as in real experiments. By comparing routing behavior \emph{measured} in real experiments with behavior \emph{computed} by the simulation, we are able to validate the models of radio behavior upon which protocol behavior depends. We conclude that it is \emph{possible} to have fairly accurate results using a simple radio model, but the routing behavior is quite sensitive to one of this model's parameters. The implication is that one should i) use a more complex radio model that explicitly models point-to-point path loss, or ii) use measurements from an environment typical of the one of interest, or iii) study behavior over a range of environments to identify sensitivities.}, } @TechReport{minami:csa-tr, author = {Kazuhiro Minami and David Kotz}, title = {{Secure Context-sensitive Authorization}}, institution = {Dartmouth Computer Science}, year = 2004, month = {December}, number = {TR2004-529}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/minami-csa-tr/index.html}, abstract = {There is a recent trend toward rule-based authorization systems to achieve flexible security policies. Also, new sensing technologies in pervasive computing make it possible to define context-sensitive rules, such as ``allow database access only to staff who are currently located in the main office.'' However, these rules, or the facts that are needed to verify authority, often involve sensitive context information. This paper presents a secure context-sensitive authorization system that protects confidential information in facts or rules. Furthermore, our system allows multiple hosts in a distributed environment to perform the evaluation of an authorization query in a collaborative way; we do not need a universally trusted central host that maintains all the context information. The core of our approach is to decompose a proof for making an authorization decision into a set of sub-proofs produced on multiple different hosts, while preserving the integrity and confidentiality policies of the mutually untrusted principals operating these hosts. We prove the correctness of our algorithm.}, } @TechReport{song:predict-tr, author = {Libo Song and David Kotz and Ravi Jain and Xiaoning He}, title = {{Evaluating location predictors with extensive Wi-Fi mobility data}}, institution = {Dartmouth Computer Science}, year = 2004, month = {February}, number = {TR2004-491}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/song-predict-tr/index.html}, abstract = {Location is an important feature for many applications, and wireless networks may serve their clients better by anticipating client mobility. As a result, many location predictors have been proposed in the literature, though few have been evaluated with empirical evidence. This paper reports on the results of the first extensive empirical evaluation of location predictors using a two-year trace of the mobility patterns of more than 6,000 users on Dartmouth's campus-wide Wi-Fi wireless network. The surprising results provide critical evidence for anyone designing or using mobility predictors. We implemented and compared the prediction accuracy of several location predictors drawn from four major families of domain-independent predictors, namely, Markov-based, compression-based, PPM, and SPM predictors. We found that low-order Markov predictors performed as well or better than the more complex and more space-consuming compression-based predictors.}, } @InProceedings{song:predict, author = {Libo Song and David Kotz and Ravi Jain and Xiaoning He}, title = {{Evaluating location predictors with extensive Wi-Fi mobility data}}, booktitle = {{Proceedings of the Annual Joint Conference of the IEEE Computer and Communications Societies (INFOCOM)}}, year = 2004, month = {March}, volume = 2, pages = {1414--1424}, publisher = {IEEE}, copyright = {IEEE}, DOI = {10.1109/INFCOM.2004.1357026}, URL = {https://www.cs.dartmouth.edu/~kotz/research/song-predict/index.html}, abstract = {Location is an important feature for many applications, and wireless networks can better serve their clients by anticipating client mobility. As a result, many location predictors have been proposed in the literature, though few have been evaluated with empirical evidence. This paper reports on the results of the first extensive empirical evaluation of location predictors, using a two-year trace of the mobility patterns of over 6,000 users on Dartmouth's campus-wide Wi-Fi wireless network. \par We implemented and compared the prediction accuracy of several location predictors drawn from two major families of domain-independent predictors, namely Markov-based and compression-based predictors. We found that low-order Markov predictors performed as well or better than the more complex and more space-consuming compression-based predictors. Predictors of both families fail to make a prediction when the recent context has not been previously seen. To overcome this drawback, we added a simple fallback feature to each predictor and found that it significantly enhanced its accuracy in exchange for modest effort. Thus the Order-2 Markov predictor with fallback was the best predictor we studied, obtaining a median accuracy of about 72\% for users with long trace lengths. We also investigated a simplification of the Markov predictors, where the prediction is based not on the most frequently seen context in the past, but the most recent, resulting in significant space and computational savings. We found that Markov predictors with this recency semantics can rival the accuracy of standard Markov predictors in some cases. Finally, we considered several seemingly obvious enhancements, such as smarter tie-breaking and aging of context information, and discovered that they had little effect on accuracy. The paper ends with a discussion and suggestions for further work.}, } @TechReport{vengroff:holesome-tr, author = {Darren Erik Vengroff and David Kotz}, title = {{A Holesome File System}}, institution = {Dartmouth Computer Science}, year = 2004, month = {May}, number = {TR2004-497}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/vengroff-holesome-tr/index.html}, note = {Originally written in July 1995; released May 2004.}, abstract = {We present a novel approach to fully dynamic management of physical disk blocks in Unix file systems. By adding a single system call, \emph{zero()}, to an existing file system, we permit applications to create \emph{holes}, that is, regions of files to which no physical disk blocks are allocated, far more flexibly than previously possible. \emph{zero} can create holes in the middle of existing files. \par Using \emph{zero()}, it is possible to efficiently implement applications including a variety of databases and I/O-efficient computation systems on top of the Unix file system. \emph{zero()} can also be used to implement an efficient file-system-based paging mechanism. In some I/O-efficient computations, the availability of \emph{zero()} effectively doubles disk capacity by allowing blocks of temporary files to be reallocated to new files as they are read. \par Experiments on a Linux \emph{ext2} file system augmented by \emph{zero()} demonstrate that where their functionality overlaps, \emph{zero()} is more efficient than \emph{ftruncate()}. Additional experiments reveal that in exchange for added effective disk capacity, I/O-efficient code pays only a small performance penalty.}, } @TechReport{wang:meeting-tr, author = {Jue Wang and Guanling Chen and David Kotz}, title = {{A meeting detector and its applications}}, institution = {Dartmouth Computer Science}, year = 2004, month = {March}, number = {TR2004-486}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/wang-meeting-tr/index.html}, abstract = {In this paper we present a context-sensing component that recognizes meetings in a typical office environment. Our prototype detects the meeting start and end by combining outputs from pressure and motion sensors installed on the chairs. We developed a telephone controller application that transfers incoming calls to voice-mail when the user is in a meeting. Our experiments show that it is feasible to detect high-level context changes with ``good enough'' accuracy, using low-cost, off-the-shelf hardware, and simple algorithms without complex training. We also note the need for better metrics to measure context detection performance, other than just accuracy. We propose several metrics appropriate for our application in this paper. It may be useful, however, for the community to define a set of general metrics as a basis to compare different approaches of context detection.}, } @InProceedings{wang:meeting, author = {Jue Wang and Guanling Chen and David Kotz}, title = {{A sensor-fusion approach for meeting detection}}, booktitle = {{Proceedings of the MobiSys 2004 Workshop on Context Awareness}}, year = 2004, month = {June}, numpages = 7, publisher = {ACM}, copyright = {ACM}, URL = {https://www.cs.dartmouth.edu/~kotz/research/wang-meeting/index.html}, abstract = {In this paper we present a context-sensing component that recognizes meetings in a typical office environment. Our prototype detects the meeting start and end by combining outputs from pressure and motion sensors installed on the chairs. We developed a telephone controller application that transfers incoming calls to voice-mail when the user is in a meeting. Our experiments show that it is feasible to detect high-level context changes with ``good enough'' accuracy, using low-cost, off-the-shelf hardware, and simple algorithms without complex training. We also note the need for better metrics to measure context detection performance, other than just accuracy. We propose several metrics appropriate for our application in this paper. It may be useful, however, for the community to define a set of general metrics as a basis to compare different approaches of context detection.}, } @PhdThesis{chen:thesis, author = {Guanling Chen}, title = {{Solar: Building A Context Fusion Network for Pervasive Computing}}, school = {Dartmouth College Computer Science}, year = 2004, month = {August}, copyright = {Guanling Chen}, address = {Hanover, NH}, URL = {https://www.cs.dartmouth.edu/~kotz/research/chen-thesis/index.html}, note = {Available as Dartmouth Computer Science Technical Report TR2004-514}, abstract = {The complexity of developing context-aware pervasive-computing applications calls for distributed software infrastructures that assist applications to collect, aggregate, and disseminate contextual data. In this dissertation, we present a Context Fusion Network (CFN), called Solar, which is built with a scalable and self-organized service overlay. Solar is flexible and allows applications to select distributed data sources and compose them with customized data-fusion operators into a directed acyclic information flow graph. Such a graph represents how an application computes high-level understandings of its execution context from low-level sensory data. To manage application-specified operators on a set of overlay nodes called Planets, Solar provides several unique services such as application-level multicast with policy-driven data reduction to handle buffer overflow, context-sensitive resource discovery to handle environment dynamics, and proactive monitoring and recovery to handle common failures. Experimental results show that these services perform well on a typical DHT-based peer-to-peer routing substrate. In this dissertation, we also discuss experience, insights, and lessons learned from our quantitative analysis of the input sensors, a detailed case study of a Solar application, and development of other applications in different domains.}, } @TechReport{newport:thesis, author = {Calvin Newport}, title = {{Simulating mobile ad hoc networks: a quantitative evaluation of common MANET simulation models}}, institution = {Dartmouth Computer Science}, year = 2004, month = {June}, number = {TR2004-504}, copyright = {the author}, address = {Hanover, NH}, URL = {https://www.cs.dartmouth.edu/~kotz/research/newport-thesis/index.html}, note = {Available as Dartmouth Computer Science Technical Report TR2004-504}, abstract = {Because it is difficult and costly to conduct real-world mobile ad hoc network experiments, researchers commonly rely on computer simulation to evaluate their routing protocols. However, simulation is far from perfect. A growing number of studies indicate that simulated results can be dramatically affected by several sensitive simulation parameters. It is also commonly noted that most simulation models make simplifying assumptions about radio behavior. This situation casts doubt on the reliability and applicability of many ad hoc network simulation results. \par In this study, we begin with a large outdoor routing experiment testing the performance of four popular ad hoc algorithms (AODV, APRL, ODMRP, and STARA). We present a detailed comparative analysis of these four implementations. Then, using the outdoor results as a baseline of reality, we disprove a set of common assumptions used in simulation design, and quantify the impact of these assumptions on simulated results. We also more specifically validate a group of popular radio models with our real-world data, and explore the sensitivity of various simulation parameters in predicting accurate results. We close with a series of specific recommendations for simulation and ad hoc routing protocol designers.}, } @MastersThesis{wang:thesis, author = {Jue Wang}, title = {{Performance Evaluation of a Resource Discovery Service}}, school = {Dartmouth College Computer Science}, year = 2004, month = {October}, copyright = {Jue Wang}, address = {Hanover, NH}, URL = {https://www.cs.dartmouth.edu/~kotz/research/wang-thesis/index.html}, note = {Available as Dartmouth Computer Science Technical Report TR2004-513}, abstract = {In a pervasive computing environment, the number and variety of resources (services, devices, and contextual information resources) make it necessary for applications to accurately discover the best ones quickly. Thus a resource-discovery service, which locates specific resources and establishes network connections as better resources become available, is necessary for those applications. The performance of the resource-discovery service is important when the applications are in a dynamic and mobile environment. In this thesis, however, we do not focus on the resource-discovery technology itself, but the evaluation of the scalability and mobility of the resource discovery module in Solar, a context fusion middleware. Solar has a naming service that provides resource discovery, since the resource names encode static and dynamic attributes. The results of our experiments show that Solar's resource discovery performed generally well in a typical dynamic environment, although Solar can not be scaled as well as it should. And we identify the implementation issues related to that problem. We also discuss experience, insights, and lessons learned from our quantitative analysis of the experiment results.}, } @InProceedings{aslam:toolkit-p, author = {Javed Aslam and Sergey Bratus and David Kotz and Ron Peterson and Daniela Rus and Brett Tofel}, title = {{The Kerf toolkit for intrusion analysis (Poster abstract)}}, booktitle = {{Proceedings of the IEEE Workshop on Information Assurance}}, year = 2003, month = {June}, pages = {301--303}, publisher = {IEEE}, copyright = {IEEE}, address = {West Point, NY}, DOI = {10.1109/SMCSIA.2003.1232441}, URL = {https://www.cs.dartmouth.edu/~kotz/research/aslam-toolkit-p/index.html}, abstract = {We consider the problem of intrusion analysis and present the Kerf toolkit, whose purpose is to provide an efficient and flexible infrastructure for the analysis of attacks. The Kerf toolkit includes a mechanism for securely recording host and network logging information for a network of workstations, a domain-specific language for querying this stored data, and an interface for viewing the results of such a query, providing feedback on these results, and generating new queries in an iterative fashion. We describe the architecture of Kerf in detail, present examples to demonstrate the power of our query language, and discuss the performance of our implementation of this system.}, } @Article{bredin:jgame, author = {Jonathan Bredin and Rajiv T. Maheswaran and {\c{C}}agri Imer and Tamer Ba{\c{s}}ar and David Kotz and Daniela Rus}, title = {{Computational Markets to Regulate Mobile-Agent Systems}}, journal = {Autonomous Agents and Multi-Agent Systems}, year = 2003, month = {May}, volume = 6, number = 3, pages = {235--263}, publisher = {Kluwer Academic Publishers}, copyright = {Kluwer Academic Publishers}, DOI = {10.1023/A:1022923422570}, URL = {https://www.cs.dartmouth.edu/~kotz/research/bredin-jgame/index.html}, abstract = {Mobile-agent systems allow applications to distribute their resource consumption across the network. By prioritizing applications and publishing the cost of actions, it is possible for applications to achieve faster performance than in an environment where resources are evenly shared. We enforce the costs of actions through markets where user applications bid for computation from host machines. \par We represent applications as collections of mobile agents and introduce a distributed mechanism for allocating general computational priority to mobile agents. We derive a bidding strategy for an agent that plans expenditures given a budget and a series of tasks to complete. We also show that a unique Nash equilibrium exists between the agents under our allocation policy. We present simulation results to show that the use of our resource-allocation mechanism and expenditure-planning algorithm results in shorter mean job completion times compared to traditional mobile-agent resource allocation. We also observe that our resource-allocation policy adapts favorably to allocate overloaded resources to higher priority agents, and that agents are able to effectively plan expenditures even when faced with network delay and job-size estimation error.}, } @InProceedings{chen:naming, author = {Guanling Chen and David Kotz}, title = {{Context-Sensitive Resource Discovery}}, booktitle = {{Proceedings of the IEEE International Conference on Pervasive Computing and Communications (PerCom)}}, year = 2003, month = {March}, pages = {243--252}, publisher = {IEEE}, copyright = {IEEE}, DOI = {10.1109/PERCOM.2003.1192747}, URL = {https://www.cs.dartmouth.edu/~kotz/research/chen-naming/index.html}, abstract = {This paper presents the ``Solar'' system framework that allows resources to advertise context-sensitive names and for applications to make context-sensitive name queries. The heart of our framework is a small specification language that allows composition of ``context-processing operators'' to calculate the desired context. Resources use the framework to register and applications use the framework to lookup context-sensitive name descriptions. The back-end system executes these operators and constantly updates the context values, adjusting advertised names and informing applications about changes. We report experimental results from a prototype, using a modified version of the Intentional Naming System (INS) as the core directory service.}, } @TechReport{henderson:problems, author = {Tristan Henderson and David Kotz}, title = {{Problems with the Dartmouth wireless SNMP data collection}}, institution = {Dartmouth Computer Science}, year = 2003, month = {December}, number = {TR2003-480}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/henderson-problems/index.html}, abstract = {The original Dartmouth wireless network study used SNMP to query the college's Cisco 802.11b access points. The perl scripts that performed the SNMP queries suffered from some problems, in that they queried inappropriate SNMP values, or misunderstood the meaning of other values. This data was also used in a subsequent analysis. The same scripts were used to collect data for a subsequent study of another wireless network. This document outlines these problems and indicates which of the data collected by the original scripts may be invalid.}, } @TechReport{kotz:axioms-tr, author = {David Kotz and Calvin Newport and Chip Elliott}, title = {{The mistaken axioms of wireless-network research}}, institution = {Dartmouth Computer Science}, year = 2003, month = {July}, number = {TR2003-467}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-axioms-tr/index.html}, abstract = {Most research on ad-hoc wireless networks makes simplifying assumptions about radio propagation. The ``Flat Earth'' model of the world is surprisingly popular: all radios have circular range, have perfect coverage in that range, and travel on a two-dimensional plane. CMU's ns-2 radio models are better but still fail to represent many aspects of realistic radio networks, including hills, obstacles, link asymmetries, and unpredictable fading. We briefly argue that key ``axioms'' of these types of propagation models lead to simulation results that do not adequately reflect real behavior of ad-hoc networks, and hence to network protocols that may not work well (or at all) in reality. We then present a set of 802.11 measurements that clearly demonstrate that these ``axioms'' are contrary to fact. The broad chasm between simulation and reality calls into question many of results from prior papers, and we summarize with a series of recommendations for researchers considering analytic or simulation models of wireless networks.}, } @Article{song:predict-poster, author = {Libo Song and David Kotz and Ravi Jain and Xiaoning He}, title = {{MobiCom Poster: Evaluating location predictors with extensive Wi-Fi mobility data}}, journal = {ACM SIGMOBILE Mobile Computing and Communication Review}, year = 2003, month = {October}, volume = 7, number = 4, pages = {64--65}, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/965732.965747}, URL = {https://www.cs.dartmouth.edu/~kotz/research/song-predict-poster/index.html}, } @TechReport{lee:thesis, author = {Clara Lee}, title = {{Persistence and Prevalence in the Mobility of Dartmouth Wireless Network Users}}, institution = {Dartmouth Computer Science}, year = 2003, month = {May}, number = {TR2003-455}, copyright = {the author}, address = {Hanover, NH}, URL = {https://www.cs.dartmouth.edu/~kotz/research/lee-thesis/index.html}, note = {The data in this paper is highly suspect; see TR2003-480. Available as Dartmouth Computer Science Technical Report TR2003-455}, abstract = {Wireless local-area networks (WLANs) are increasing in popularity. As more people use WLANs it is important to understand how these users behave. We analyzed data collected over three months of 2002 to measure the persistence and prevalence of users of the Dartmouth wireless network. \par We found that most of the users of Dartmouth's network have short association times and a high rate of mobility. This observation fits with the predominantly student population of Dartmouth College, because students do not have a fixed workplace and are moving to and from classes all day.}, } @PhdThesis{oldfield:thesis, author = {Ron Oldfield}, title = {{Efficient I/O for Computational Grid Applications}}, school = {Dartmouth College Computer Science}, year = 2003, month = {May}, copyright = {Ron Oldfield}, address = {Hanover, NH}, URL = {https://www.cs.dartmouth.edu/~kotz/research/oldfield-thesis/index.html}, note = {Available as Dartmouth Computer Science Technical Report TR2003-459}, abstract = {High-performance computing increasingly occurs on ``computational grids'' composed of heterogeneous and geographically distributed systems of computers, networks, and storage devices that collectively act as a single ``virtual'' computer. A key challenge in this environment is to provide efficient access to data distributed across remote data servers. This dissertation explores some of the issues associated with I/O for wide-area distributed computing and describes an I/O system, called Armada, with the following features: a framework to allow application and dataset providers to flexibly compose graphs of processing modules that describe the distribution, application interfaces, and processing required of the dataset before or after computation; an algorithm to restructure application graphs to increase parallelism and to improve network performance in a wide-area network; and a hierarchical graph-partitioning scheme that deploys components of the application graph in a way that is both beneficial to the application and sensitive to the administrative policies of the different administrative domains. Experiments show that applications using Armada perform well in both low- and high-bandwidth environments, and that our approach does an exceptional job of hiding the network latency inherent in grid computing.}, } @TechReport{chen:abstraction-tr, author = {Guanling Chen and David Kotz}, title = {{Context Aggregation and Dissemination in Ubiquitous Computing Systems}}, institution = {Dartmouth Computer Science}, year = 2002, month = {February}, number = {TR2002-420}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/chen-abstraction-tr/index.html}, abstract = {Many ``ubiquitous computing'' applications need a constant flow of information about their environment to be able to adapt to their changing context. To support these ``context-aware'' applications we propose a graph-based abstraction for collecting, aggregating, and disseminating context information. The abstraction models context information as events, produced by sources and flowing through a directed acyclic graph of event-processing operators and delivered to subscribing applications. Applications describe their desired event stream as a tree of operators that aggregate low-level context information published by existing sources into the high-level context information needed by the application. The operator graph is thus the dynamic combination of all applications' subscription trees. \par In this paper, we motivate and describe our graph abstraction, and discuss a variety of critical design issues. We also sketch our Solar system, an implementation that represents one point in the design space for our graph abstraction.}, } @InProceedings{chen:abstraction, author = {Guanling Chen and David Kotz}, title = {{Context Aggregation and Dissemination in Ubiquitous Computing Systems}}, booktitle = {{Proceedings of the IEEE Workshop on Mobile Computing Systems and Applications (WMCSA)}}, year = 2002, month = {June}, pages = {105--114}, publisher = {IEEE}, copyright = {IEEE}, DOI = {10.1109/MCSA.2002.1017490}, URL = {https://www.cs.dartmouth.edu/~kotz/research/chen-abstraction/index.html}, abstract = {Many ``ubiquitous computing'' applications need a constant flow of information about their environment to be able to adapt to their changing context. To support these ``context-aware'' applications we propose a graph-based abstraction for collecting, aggregating, and disseminating context information. The abstraction models context information as events, produced by sources and flowing through a directed acyclic graph of event-processing operators and delivered to subscribing applications. Applications describe their desired event stream as a tree of operators that aggregate low-level context information published by existing sources into the high-level context information needed by the application. The operator graph is thus the dynamic combination of all applications' subscription trees. \par In this paper, we motivate and describe our graph abstraction, and discuss a variety of critical design issues. We also sketch our Solar system, an implementation that represents one point in the design space for our graph abstraction.}, } @TechReport{chen:pervasive-tr, author = {Guanling Chen and David Kotz}, title = {{Solar: A pervasive-computing infrastructure for context-aware mobile applications}}, institution = {Dartmouth Computer Science}, year = 2002, month = {February}, number = {TR2002-421}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/chen-pervasive-tr/index.html}, abstract = {Emerging pervasive computing technologies transform the way we live and work by embedding computation in our surrounding environment. To avoid increasing complexity, and allow the user to concentrate on her tasks, applications must automatically adapt to their changing \emph{context}, the physical and computational environment in which they run. To support these ``context-aware'' applications we propose a graph-based abstraction for collecting, aggregating, and disseminating context information. The abstraction models context information as \emph{events}, which are produced by \emph{sources}, flow through a directed acyclic graph of event-processing \emph{operators}, and are delivered to subscribing applications. Applications describe their desired event stream as a tree of operators that aggregate low-level context information published by existing sources into the high-level context information needed by the application. The \emph{operator graph} is thus the dynamic combination of all applications' subscription trees. In this paper, we motivate our graph abstraction by discussing several applications under development, sketch the architecture of our system (``Solar'') that implements our abstraction, report some early experimental results from the prototype, and outline issues for future research.}, } @InProceedings{chen:pervasive, author = {Guanling Chen and David Kotz}, title = {{Solar: An Open Platform for Context-Aware Mobile Applications}}, booktitle = {{Proceedings of the International Conference on Pervasive Computing (Pervasive) (Short paper)}}, year = 2002, month = {June}, pages = {41--47}, publisher = {Springer}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/chen-pervasive/index.html}, note = {In an informal companion volume of short papers.}, abstract = {Emerging pervasive computing technologies transform the way we live and work by embedding computation in our surrounding environment. To avoid increasing complexity, and allow the user to concentrate on her tasks, applications in a pervasive computing environment must automatically adapt to their changing \emph{context}, including the user state and the physical and computational environment in which they run. Solar is a middleware platform to help these ``context-aware'' applications aggregate desired context from heterogeneous sources and to locate environmental services depending on the current context. By moving most of the context computation into the infrastructure, Solar allows applications to run on thin mobile clients more effectively. By providing an open framework to enable dynamic injection of context processing modules, Solar shares these modules across many applications, reducing application development cost and network traffic. By distributing these modules across network nodes and reconfiguring the distribution at runtime, Solar achieves parallelism and online load balancing.}, } @InCollection{gray:motivation, author = {Robert S. Gray and George Cybenko and David Kotz and Daniela Rus}, title = {{Mobile agents: Motivations and State of the Art}}, booktitle = {{Handbook of Agent Technology}}, editor = {Jeffrey Bradshaw}, year = 2002, chapter = 0, publisher = {AAAI/MIT Press}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/gray-motivation/index.html}, note = {Accepted for publication, but the book never published. Draft available as Technical Report TR2000-365, Department of Computer Science, Dartmouth College}, abstract = {A mobile agent is an executing program that can migrate, at times of its own choosing, from machine to machine in a heterogeneous network. On each machine, the agent interacts with stationary service agents and other resources to accomplish its task. In this chapter, we first make the case for mobile agents, discussing six strengths of mobile agents and the applications that benefit from these strengths. Although none of these strengths are unique to mobile agents, no competing technique shares all six. In other words, a mobile-agent system provides a single general framework in which a wide range of distributed applications can be implemented efficiently and easily. We then present a representative cross-section of current mobile-agent systems.}, } @Article{gray:spe, author = {Robert S. Gray and George Cybenko and David Kotz and Ronald A. Peterson and Daniela Rus}, title = {{D'Agents: Applications and Performance of a Mobile-Agent System}}, journal = {Software--- Practice and Experience}, year = 2002, month = {May}, volume = 32, number = 6, pages = {543--573}, publisher = {John Wiley \& Sons}, copyright = {John Wiley \& Sons}, DOI = {10.1002/spe.449}, URL = {https://www.cs.dartmouth.edu/~kotz/research/gray-spe/index.html}, note = {Invited paper}, abstract = {D'Agents is a mobile-agent system that is used primarily for information-retrieval applications. In this paper, we first examine two such applications, where mobile agents greatly simplify the task of providing efficient but application-specific access to remote information resources. Then we describe the D'Agents system, which supports multiple languages, Tcl, Java and Scheme, and strong mobility for Tcl and Java. After considering the D'Agents implementation, we present some recent performance and scalability experiments that compare D'Agent mobile agents with traditional client/server approaches. The experiments show that mobile agents often outperform client/server solutions, but also demonstrate the deep interaction between environmental and application parameters. The mobile-agent performance space as a whole is complex, and significant additional experiments are needed to characterize it. Finally, after discussing current and future experiments, we explore the differences between D'Agents and other mobile-agent systems.}, } @InProceedings{grimstrup:gmas, author = {Arne Grimstrup and Robert Gray and David Kotz and Maggie Breedy and Marco Carvalho and Thomas Cowin and Daria Chac{\"{o}}n and Joyce Barton and Chris Garrett and Martin Hofmann}, title = {{Toward Dynamic Interoperability of Mobile Agent Systems}}, booktitle = {{Proceedings of the IEEE International Conference on Mobile Agents}}, series = {Lecture Notes in Computer Science}, year = 2002, month = {October}, volume = 2535, pages = {106--120}, publisher = {Springer}, copyright = {Springer-Verlag}, DOI = {10.1007/3-540-36112-X_8}, URL = {https://www.cs.dartmouth.edu/~kotz/research/grimstrup-gmas/index.html}, abstract = {Mobile agents are an increasingly popular paradigm and in recent years there has been a proliferation of mobile-agent systems. These systems are, however, largely incompatible with each other. In particular, agents cannot migrate to a host that runs a different mobile-agent system. Prior approaches to interoperability have tried to force agents to use a common API and so far none have succeeded. This goal led to our efforts to develop mechanisms that support dynamic runtime interoperability of mobile-agent systems. This paper describes the \emph{Grid Mobile-Agent System}, which allows agents to migrate to different mobile-agent systems.}, } @TechReport{kotz:campus-tr, author = {David Kotz and Kobby Essien}, title = {{Characterizing Usage of a Campus-wide Wireless Network}}, institution = {Dartmouth Computer Science}, year = 2002, month = {March}, number = {TR2002-423}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-campus-tr/index.html}, abstract = {Wireless local-area networks (WLANs) are increasingly common, but little is known about how they are used. A clear understanding of usage patterns in real WLANs is critical information to those who develop, deploy, and manage WLAN technology, as well as those who develop systems and application software for wireless networks. This paper presents results from the largest and most comprehensive trace of network activity in a large, production wireless LAN. For eleven weeks we traced the activity of nearly two thousand users drawn from a general campus population, using a campus-wide network of 476 access points spread over 161 buildings. Our study expands on those done by Tang and Baker, with a significantly larger and broader population. \par We found that residential traffic dominated all other traffic, particularly in residences populated by newer students; students are increasingly choosing a wireless laptop as their primary computer. Although web protocols were the single largest component of traffic volume, network backup and file sharing contributed an unexpectedly large amount to the traffic. Although there was some roaming within a network session, we were surprised by the number of situations in which cards roamed excessively, unable to settle on one access point. Cross-subnet roams were an especial problem, because they broke IP connections, indicating the need for solutions that avoid or accommodate such roams.}, } @TechReport{kotz:campus-tr2, author = {David Kotz and Kobby Essien}, title = {{Analysis of a Campus-wide Wireless Network}}, institution = {Dartmouth Computer Science}, year = 2002, month = {September}, number = {TR2002-432}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-campus-tr2/index.html}, abstract = {Understanding usage patterns in wireless local-area networks (WLANs) is critical for those who develop, deploy, and manage WLAN technology, as well as those who develop systems and application software for wireless networks. This paper presents results from the largest and most comprehensive trace of network activity in a large, production wireless LAN. For eleven weeks we traced the activity of nearly two thousand users drawn from a general campus population, using a campus-wide network of 476 access points spread over 161 buildings. Our study expands on those done by Tang and Baker, with a significantly larger and broader population. \par We found that residential traffic dominated all other traffic, particularly in residences populated by newer students; students are increasingly choosing a wireless laptop as their primary computer. Although web protocols were the single largest component of traffic volume, network backup and file sharing contributed an unexpectedly large amount to the traffic. Although there was some roaming within a network session, we were surprised by the number of situations in which cards roamed excessively, unable to settle on one access point. Cross-subnet roams were an especial problem, because they broke IP connections, indicating the need for solutions that avoid or accommodate such roams.}, } @InProceedings{kotz:campus, author = {David Kotz and Kobby Essien}, title = {{Analysis of a Campus-wide Wireless Network}}, booktitle = {{Proceedings of the ACM International Conference on Mobile Computing and Networking (MobiCom)}}, year = 2002, month = {September}, pages = {107--118}, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/570645.570659}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-campus/index.html}, note = {Revised and corrected as Dartmouth CS Technical Report TR2002-432. Winner of ACM SIGMOBILE Test-of-Time award, 2017}, abstract = {Understanding usage patterns in wireless local-area networks (WLANs) is critical for those who develop, deploy, and manage WLAN technology, as well as those who develop systems and application software for wireless networks. This paper presents results from the largest and most comprehensive trace of network activity in a large, production wireless LAN. For eleven weeks we traced the activity of nearly two thousand users drawn from a general campus population, using a campus-wide network of 476 access points spread over 161 buildings. Our study expands on those done by Tang and Baker, with a significantly larger and broader population. \par We found that residential traffic dominated all other traffic, particularly in residences populated by newer students; students are increasingly choosing a wireless laptop as their primary computer. Although web protocols were the single largest component of traffic volume, network backup and file sharing contributed an unexpectedly large amount to the traffic. Although there was some roaming within a network session, we were surprised by the number of situations in which cards roamed excessively, unable to settle on one access point. Cross-subnet roams were an especial problem, because they broke IP connections, indicating the need for solutions that avoid or accommodate such roams.}, } @TechReport{kotz:dwta-tr, author = {David Kotz and Robert Gray and Daniela Rus}, title = {{Future Directions for Mobile-Agent Research}}, institution = {Dartmouth Computer Science}, year = 2002, month = {January}, number = {TR2002-415}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-dwta-tr/index.html}, note = {Based on a conversation with Jeff Bradshaw, Colin Harrison, Guenter Karjoth, Amy Murphy, Gian Pietro Picco, M. Ranganathan, Niranjan Suri, and Christian Tschudin.}, abstract = {During a discussion in September 2000 the authors examined the future of research on mobile agents and mobile code. (A mobile agent is a running program that can move from host to host in network at times and to places of its own choosing.) In this paper we summarize and reflect on that discussion. It became clear that the field should shift its emphasis toward mobile code, in all its forms, rather than to continue its narrow focus on mobile agents. Furthermore, we encourage the development of modular components, so that application designers may take advantage of code mobility without needing to rewrite their application to fit in a monolithic mobile-agent system. There are many potential applications that may productively use mobile code, but there is no ``killer application'' for mobile agents. Finally, we note that although security is an important and challenging problem, there are many applications and environments with security requirements well within the capability of existing mobile-code and mobile-agent frameworks.}, } @Article{kotz:dwta, author = {David Kotz and Robert Gray and Daniela Rus}, title = {{Future Directions for Mobile-Agent Research}}, journal = {IEEE Distributed Systems Online}, year = 2002, month = {August}, volume = 3, number = 8, numpages = 6, publisher = {IEEE}, copyright = {IEEE}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-dwta/index.html}, note = {Based on a conversation with Jeff Bradshaw, Colin Harrison, Guenter Karjoth, Amy Murphy, Gian Pietro Picco, M. Ranganathan, Niranjan Suri, and Christian Tschudin.}, abstract = {The field of mobile agents should shift its emphasis toward mobile code, in all its forms, rather than continue focusing on mobile agents. The development of modular components will help application designers take advantage of code mobility without having to rewrite their applications to fit in monolithic, mobile agent systems.}, } @Article{kotz:jmodel, author = {David Kotz and George Cybenko and Robert S. Gray and Guofei Jiang and Ronald A. Peterson and Martin O. Hofmann and Daria A. Chac{\"{o}}n and Kenneth R. Whitebread and James Hendler}, title = {{Performance Analysis of Mobile Agents for Filtering Data Streams on Wireless Networks}}, journal = {Mobile Networks and Applications (MONET)}, year = 2002, month = {April}, volume = 7, number = 2, pages = {163--174}, publisher = {Kluwer Academic Publishers}, copyright = {Kluwer Academic Publishers}, DOI = {10.1023/A:1013778922814}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-jmodel/index.html}, note = {Invited paper}, abstract = {Wireless networks are an ideal environment for mobile agents, since their mobility allows them to move across an unreliable link to reside on a wired host, next to or closer to the resources that they need to use. Furthermore, client-specific data transformations can be moved across the wireless link and run on a wired gateway server, reducing bandwidth demands. In this paper we examine the tradeoffs faced when deciding whether to use mobile agents in a data-filtering application where numerous wireless clients filter information from a large data stream arriving across the wired network. We develop an analytical model and use parameters from filtering experiments conducted during a U.S. Navy Fleet Battle Experiment (FBE) to explore the model's implications.}, } @InProceedings{mills-tettey:mvoip, author = {G. Ayorkor Mills-Tettey and David Kotz}, title = {{Mobile Voice Over IP (MVOIP): An Application-level Protocol for Call Hand-off in Real Time Applications}}, booktitle = {{Proceedings of the IEEE International Phoenix Conference on Computers and Communications (IPCCC)}}, year = 2002, month = {April}, pages = {271--279}, publisher = {IEEE}, copyright = {IEEE}, DOI = {10.1109/IPCCC.2002.995160}, URL = {https://www.cs.dartmouth.edu/~kotz/research/mills-tettey-mvoip/index.html}, abstract = {This paper presents Mobile Voice Over IP, an application-level protocol to support terminal mobility in real-time applications such as voice over IP, on a wireless local area network. We describe our MVOIP implementation based on the ITU-T H.323 protocol stack, present experimental results on call hand-off latency, and discuss various implementation issues, including the task of quickly and accurately determining when call hand-off is necessary. We also discuss how MVOIP relates to other proposed mobility support schemes, and how it can be generalized to provide application-level mobility support in a wide range of real and non real-time applications.}, } @TechReport{minami:aclprop-tr, author = {Kazuhiro Minami and David Kotz}, title = {{Controlling access to pervasive information in the ``Solar'' system}}, institution = {Dartmouth Computer Science}, year = 2002, month = {February}, number = {TR2002-422}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/minami-aclprop-tr/index.html}, abstract = {Pervasive-computing infrastructures necessarily collect a lot of context information to disseminate to their context-aware applications. Due to the personal or proprietary nature of much of this context information, however, the infrastructure must limit access to context information to authorized persons. In this paper we propose a new access-control mechanism for event-based context-distribution infrastructures. The core of our approach is based on a conservative information-flow model of access control, but users may express discretionary relaxation of the resulting access-control list (ACL) by specifying relaxation functions. This combination of automatic ACL derivation and user-specified ACL relaxation allows access control to be determined and enforced in a decentralized, distributed system with no central administrator or central policy maker. It also allows users to express their personal balance between functionality and privacy. Finally, our infrastructure allows access-control policies to depend on context-sensitive roles, allowing great flexibility. \par We describe our approach in terms of a specific context-dissemination framework, the Solar system, although the same principles would apply to systems with similar properties.}, } @TechReport{oldfield:emulab-tr, author = {Ron Oldfield and David Kotz}, title = {{Using Emulab network testbed to evaluate the Armada I/O framework for computational grids}}, institution = {Dartmouth Computer Science}, year = 2002, month = {September}, number = {TR2002-433}, copyright = {the authors}, address = {Hanover, NH}, URL = {https://www.cs.dartmouth.edu/~kotz/research/oldfield-emulab-tr/index.html}, abstract = {This short report describes our experiences using the Emulab network testbed at the University of Utah to test performance of the Armada framework for parallel I/O on computational grids.}, } @Article{oldfield:framework, author = {Ron Oldfield and David Kotz}, title = {{Armada: a parallel I/O framework for computational grids}}, journal = {Future Generation Computing Systems (FGCS)}, year = 2002, month = {March}, volume = 18, number = 4, pages = {501--523}, publisher = {Elsevier Science Press}, copyright = {Elsevier Science}, DOI = {10.1016/S0167-739X(01)00076-0}, URL = {https://www.cs.dartmouth.edu/~kotz/research/oldfield-framework/index.html}, abstract = {High-performance computing increasingly occurs on ``computational grids'' composed of heterogeneous and geographically distributed systems of computers, networks, and storage devices that collectively act as a single ``virtual'' computer. One of the great challenges for this environment is to provide efficient access to data that is distributed across remote data servers in a grid. In this paper, we describe our solution, a framework we call Armada. Armada allows applications to flexibly compose modules to access their data, and to place those modules at appropriate hosts within the grid to reduce network traffic.}, } @InProceedings{oldfield:wip, author = {Ron Oldfield and David Kotz}, title = {{The Armada framework for parallel I/O on computational grids}}, booktitle = {{Proceedings of the USENIX Conference on File and Storage Technologies (FAST)}}, year = 2002, month = {January}, publisher = {USENIX Association}, copyright = {the authors}, location = {Monterrey, CA}, URL = {https://www.cs.dartmouth.edu/~kotz/research/oldfield-wip/index.html}, note = {Work-in-progress report}, } @TechReport{masone:thesis-2002, author = {Christopher P. Masone}, title = {{Role Definition Language (RDL): A Language to Describe Context-Aware Roles}}, institution = {Dartmouth Computer Science}, year = 2002, month = {May}, number = {TR2002-426}, copyright = {the author}, address = {Hanover, NH}, URL = {https://www.cs.dartmouth.edu/~kotz/research/masone-thesis-2002/index.html}, note = {Available as Dartmouth Computer Science Technical Report TR2002-426}, abstract = {As wireless networks become more prevalent, a widening array of computational resources becomes available to the mobile user. Since not all users should have unrestricted access to these resources, a method of access control must be devised. In a context-aware environment, context information can be used to supplement more conventional password-based access control systems. We believe the best way to achieve this is through the use of Context-Aware Role-Based Access Control, a model in which permissions are assigned to entities called roles, each principal is a member of one or more roles, and a role's membership is determined using context information. We designed and implemented RDL (Role-Definition Language), a simple, expressive and somewhat extensible programming language to facilitate the description of roles in terms of context information.}, } @TechReport{white-abram:thesis, author = {A. Abram White}, title = {{Performance and Interoperability In Solar}}, institution = {Dartmouth Computer Science}, year = 2002, month = {June}, number = {TR2002-427}, copyright = {the author}, address = {Hanover, NH}, URL = {https://www.cs.dartmouth.edu/~kotz/research/white-abram-thesis/index.html}, note = {Available as Dartmouth Computer Science Technical Report TR2002-427}, abstract = {Ubiquitous computing promises to integrate computers into our physical environment, surrounding us with applications that are able to adapt to our dynamics. Solar is a software infrastructure designed to deliver contextual information to these applications. To serve the large number and wide variety of context-aware devices envisioned by ubiquitous computing, Solar must exhibit both high performance and the ability to interoperate with many computing platforms. We created a testing framework to measure the performance of distributed systems such as Solar, as well as a pluggable data-transfer mechanism to support the dissemination of information to heterogeneous applications. This paper explores the testing framework developed, analyzes its findings concerning the performance of the current Solar prototype, presents several optimizations to Solar and their effects, and finally discusses the design of the pluggable data-transfer mechanism.}, } @Misc{kotz:radio-patent, author = {David Kotz and Daniela Rus and David Maramros and John C. Artz}, title = {{Methods and apparatus for personalized content presentation}}, howpublished = {U.S. Patent Application PCT/US2001/049518; International Patent Application WO2002052374A2}, year = 2002, month = {July}, day = 4, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-radio-patent/index.html}, note = {Priority date 2000-12-26; Filed 2001-12-26; Published 2002-07-04; Abandoned 2003-06-26. Note third author's name is misspelled; the correct spelling is Marmaros.}, abstract = {Methods and structure for dynamically tailoring selection of rich content for recommendation to a user wherein the recommendation process determines recommendations in accordance with past user selections. A server process (102) provides lists of recommended content to a client process (100), through a WAN (104), associated with an identified user. The user on the client process (100) then selects content and provides the server process (102) with a rating through the user feedback input (112).}, } @InProceedings{aslam:position, author = {Jay Aslam and Marco Cremonini and David Kotz and Daniela Rus}, title = {{Using Mobile Agents for Analyzing Intrusion in Computer Networks}}, booktitle = {{Proceedings of the Workshop on Mobile Object Systems at ECOOP}}, year = 2001, month = {July}, numpages = 2, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/aslam-position/index.html}, } @InCollection{bredin:game-book, author = {Jonathan Bredin and David Kotz and Daniela Rus and Rajiv T. Maheswaran and {\c{C}}agri Imer and Tamer Ba{\c{s}}ar}, title = {{A Market-Based Model for Resource Allocation in Agent Systems}}, booktitle = {{Coordination of Internet Agents Models, Technologies, and Applications}}, editor = {Franco Zambonelli}, year = 2001, chapter = 17, pages = {426--441}, publisher = {Springer-Verlag}, copyright = {Springer-Verlag}, ISBN = {3-540-41613-7}, URL = {https://www.cs.dartmouth.edu/~kotz/research/bredin-game-book/index.html}, abstract = {In traditional computational systems, resource owners have no incentive to subject themselves to additional risk and congestion associated with providing service to arbitrary agents, but there are applications that benefit from open environments. We argue for the use of markets to regulate agent systems. With market mechanisms, agents have the abilities to assess the cost of their actions, behave responsibly, and coordinate their resource usage both temporally and spatially. \par We discuss our market structure and mechanisms we have developed to foster secure exchange between agents and hosts. Additionally, we believe that certain agent applications encourage repeated interactions that benefit both agents and hosts, giving further reason for hosts to fairly accommodate agents. We apply our ideas to create a resource-allocation policy for mobile-agent systems, from which we derive an algorithm for a mobile agent to plan its expenditure and travel. With perfect information, the algorithm guarantees the agent's optimal completion time. \par We relax the assumptions underlying our algorithm design and simulate our planning algorithm and allocation policy to show that the policy prioritizes agents by endowment, handles bursty workloads, adapts to situations where network resources are overextended, and that delaying agents' actions does not catastrophically affect agents' performance.}, } @Misc{bredin:info, author = {Jonathan Bredin and David Kotz and Daniela Rus}, title = {{The Role of Information in Computational-Resource Allocation, for the TASK Electronic Commerce REF}}, howpublished = {Invited paper at the DARPA TASK PI meeting}, year = 2001, month = {May}, copyright = {the authors}, location = {Santa Fe, NM}, URL = {https://www.cs.dartmouth.edu/~kotz/research/bredin-info/index.html}, abstract = {We examine the role of information in markets that allocate computation to software agents. The comparison of two types of markets illuminates the importance of information and the incentives for buyers and sellers to share their preferences with each other. In our comparison, the distinguishing feature of the two markets types is the alignment of agents' interests. We define a closed-interest market as one where resources are collectively owned among the agents. An open-interest market makes no assumptions on the interests of agents or resource owners. \par The incentives of agents in the two markets drastically differ. The open-interest model motivates agents to be less trusting and to not share information. This aspect stems from the model's greater applicability to resource allocation, but has a deep impact on system efficiency. In this paper, we summarize some economic theory and allegorical evidence from our models and system implementations that support the claim, and conclude with guidelines for system development. }, } @TechReport{chen:solar-tr, author = {Guanling Chen and David Kotz}, title = {{Supporting Adaptive Ubiquitous Applications with the SOLAR System}}, institution = {Dartmouth Computer Science}, year = 2001, month = {May}, number = {TR2001-397}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/chen-solar-tr/index.html}, abstract = {As we embed more computers into our daily environment, ubiquitous computing promises to make them less noticeable and help to prevent information overload. We see, however, few ubiquitous applications that are able to adapt to the dynamics of user, physical, and computational context. We believe that there are two challenges causing this lack of ubiquitous applications: there is no flexible and scalable way to support information collection and dissemination in a ubiquitous and mobile environment, and there is no general approach to building adaptive applications given heterogeneous contextual information. We propose a system infrastructure, Solar, to meet these challenges. Solar uses a subscription-based operator graph abstraction and allows dynamic composition of stackable operators to manage ubiquitous information sources. After developing a set of diverse adaptive applications, we expect to identify fundamental techniques for context-aware adaptation. Our expectation is that Solar's end-to-end support for information collection, dissemination, and utilization will make it easy to build adaptive applications for a ubiquitous mobile environment with many users and devices.}, } @InProceedings{chen:solar, author = {Guanling Chen and David Kotz}, title = {{SOLAR: Towards a Flexible and Scalable Data-Fusion Infrastructure for Ubiquitous Computing}}, booktitle = {{Proceedings of the UbiTools workshop at UbiComp 2001}}, year = 2001, month = {October}, numpages = 4, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/chen-solar/index.html}, abstract = {As we embed more computers into our daily environment, ubiquitous computing promises to make them less noticeable and to avoid information overload. We see, however, few ubiquitous applications that are able to adapt to the dynamics of user, physical, and computational context. The challenge is to allow applications flexible access to these sources, and yet scale to thousands of devices and sensors. In this paper we introduce our proposed infrastructure, Solar. In Solar, information sources produce events. Applications may subscribe to interesting sources directly, or they may instantiate and subscribe to a tree of operators that filter, transform, merge and aggregate events. Applications use a subscription language to describe the tree, based on event streams registered in a context-sensitive naming hierarchy. Solar is flexible: modular operators can be composed to produce new event streams. Solar is scalable: it distributes operators across hosts called Planets, and it re-uses common subgraphs in the operator network.}, } @TechReport{gray:scalability-tr, author = {Robert S. Gray and David Kotz and Ronald A. Peterson and Peter Gerken and Martin Hofmann and Daria Chac{\"{o}}n and Greg Hill and Niranjan Suri}, title = {{Mobile-Agent versus Client/Server Performance: Scalability in an Information-Retrieval Task}}, institution = {Dartmouth Computer Science}, year = 2001, month = {January}, number = {TR2001-386}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/gray-scalability-tr/index.html}, abstract = {Mobile agents are programs that can jump from host to host in the network, at times and to places of their own choosing. Many groups have developed mobile-agent software platforms, and several mobile-agent applications. Experiments show that mobile agents can, among other things, lead to faster applications, reduced bandwidth demands, or less dependence on a reliable network connection. There are few if any studies of the scalability of mobile-agent servers, particularly as the number of clients grows. We present some recent performance and scalability experiments that compare three mobile-agent platforms with each other and with a traditional client/server approach. The experiments show that mobile agents often outperform client/server solutions, but also demonstrate the deep interaction between environmental and application parameters. The three mobile-agent platforms have similar behavior but their absolute performance varies with underlying implementation choices.}, } @InProceedings{gray:scalability, author = {Robert S. Gray and David Kotz and Ronald A. Peterson and Joyce Barton and Daria Chac{\"{o}}n and Peter Gerken and Martin Hofmann and Jeffrey Bradshaw and Maggie Breedy and Renia Jeffers and Niranjan Suri}, title = {{Mobile-Agent versus Client/Server Performance: Scalability in an Information-Retrieval Task}}, booktitle = {{Proceedings of the IEEE International Conference on Mobile Agents}}, series = {Lecture Notes in Computer Science}, year = 2001, month = {December}, volume = 2240, pages = {229--243}, publisher = {Springer-Verlag}, copyright = {Springer-Verlag}, address = {Atlanta, Georgia}, DOI = {10.1007/3-540-45647-3_16}, URL = {https://www.cs.dartmouth.edu/~kotz/research/gray-scalability/index.html}, note = {A corrected version of this paper is available on the Dartmouth web site.}, abstract = {Building applications with mobile agents often reduces the bandwidth required for the application, and improves performance. The cost is increased server workload. There are, however, few studies of the scalability of mobile-agent systems. We present scalability experiments that compare four mobile-agent platforms with a traditional client/server approach. The four mobile-agent platforms have similar behavior, but their absolute performance varies with underlying implementation choices. Our experiments demonstrate the complex interaction between environmental, application, and system parameters.}, } @TechReport{grimstrup:gmas-tr, author = {Arne Grimstrup and Robert Gray and David Kotz and Thomas Cowin and Greg Hill and Niranjan Suri and Daria Chac{\"{o}}n and Martin Hofmann}, title = {{Write Once, Move Anywhere: Toward Dynamic Interoperability of Mobile Agent Systems}}, institution = {Dartmouth Computer Science}, year = 2001, month = {July}, number = {TR2001-411}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/grimstrup-gmas-tr/index.html}, abstract = {Mobile agents are an increasingly popular paradigm, and in recent years there has been a proliferation of mobile-agent systems. These systems are, however, largely incompatible with each other. In particular, agents cannot migrate to a host that runs a different mobile-agent system. Prior approaches to interoperability have tried to force agents to use a common API, and so far none have succeeded. Our goal, summarized in the catch phrase ``Write Once, Move Anywhere,'' led to our efforts to develop mechanisms that support dynamic runtime interoperability of mobile-agent systems. This paper describes the Grid Mobile-Agent System, which allows agents to migrate to different mobile-agent systems.}, } @InCollection{kotz:bdiskdir, author = {David Kotz}, title = {{Disk-directed I/O for MIMD Multiprocessors}}, booktitle = {{High Performance Mass Storage and Parallel I/O: Technologies and Applications}}, editor = {Hai Jin and Toni Cortes and Rajkumar Buyya}, year = 2001, month = {September}, chapter = 35, pages = {513--535}, publisher = {Wiley-IEEE Press}, copyright = {Wiley-IEEE Press}, ISBN13 = {978-0-471-20809-9}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-bdiskdir/index.html}, abstract = {Many scientific applications that run on today's multiprocessors, such as weather forecasting and seismic analysis, are bottlenecked by their file-I/O needs. Even if the multiprocessor is configured with sufficient I/O hardware, the file-system software often fails to provide the available bandwidth to the application. Although libraries and enhanced file-system interfaces can make a significant improvement, we believe that fundamental changes are needed in the file-server software. We propose a new technique, disk-directed I/O, to allow the disk servers to determine the flow of data for maximum performance. Our simulations show that tremendous performance gains are possible both for simple reads and writes and for an out-of-core application. Indeed, our disk-directed I/O technique provided consistent high performance that was largely independent of data distribution, obtained up to 93\% of peak disk bandwidth, and was as much as 18 times faster than the traditional technique.}, } @InCollection{kotz:bpractical, author = {David Kotz and Carla Schlatter Ellis}, title = {{Practical Prefetching Techniques for Multiprocessor File Systems}}, booktitle = {{High Performance Mass Storage and Parallel I/O: Technologies and Applications}}, editor = {Hai Jin and Toni Cortes and Rajkumar Buyya}, year = 2001, month = {September}, chapter = 17, pages = {245--258}, publisher = {Wiley-IEEE Press}, copyright = {Wiley-IEEE Press}, ISBN13 = {978-0-471-20809-9}, address = {New York, NY}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-bpractical/index.html}, abstract = {Improvements in the processing speed of multiprocessors are outpacing improvements in the speed of disk hardware. Parallel disk I/O subsystems have been proposed as one way to close the gap between processor and disk speeds. In a previous paper we showed that prefetching and caching have the potential to deliver the performance benefits of parallel file systems to parallel applications. In this paper we describe experiments with practical prefetching policies that base decisions only on on-line reference history, and that can be implemented efficiently. We also test the ability of these policies across a range of architectural parameters.}, } @InProceedings{oldfield:armada, author = {Ron Oldfield and David Kotz}, title = {{Armada: A parallel file system for computational grids}}, booktitle = {{Proceedings of the IEEE/ACM International Symposium on Cluster Computing and the Grid (ccGrid)}}, year = 2001, month = {May}, pages = {194--201}, publisher = {IEEE}, copyright = {IEEE}, address = {Brisbane, Australia}, DOI = {10.1109/CCGRID.2001.923193}, URL = {https://www.cs.dartmouth.edu/~kotz/research/oldfield-armada/index.html}, abstract = {High-performance distributed computing appears to be shifting away from tightly-connected supercomputers to computational grids composed of heterogeneous systems of networks, computers, storage devices, and various other devices that collectively act as a single geographically distributed virtual computer. One of the great challenges for this environment is providing efficient parallel data access to remote distributed datasets. In this paper, we discuss some of the issues associated with parallel I/O and computatational grids and describe the design of a flexible parallel file system that allows the application to control the behavior and functionality of virtually all aspects of the file system.}, } @InCollection{oldfield:bapp-pario, author = {Ron Oldfield and David Kotz}, title = {{Scientific Applications using Parallel I/O}}, booktitle = {{High Performance Mass Storage and Parallel I/O: Technologies and Applications}}, editor = {Hai Jin and Toni Cortes and Rajkumar Buyya}, year = 2001, month = {September}, chapter = 45, pages = {655--666}, publisher = {Wiley-IEEE Press}, copyright = {Wiley-IEEE Press}, ISBN13 = {978-0-471-20809-9}, URL = {https://www.cs.dartmouth.edu/~kotz/research/oldfield-bapp-pario/index.html}, abstract = {Scientific applications are increasingly being implemented on massively parallel supercomputers. Many of these applications have intense I/O demands, as well as massive computational requirements. This paper is essentially an annotated bibliography of papers and other sources of information about scientific applications using parallel I/O.}, } @PhdThesis{bredin:thesis, author = {Jonathan L. Bredin}, title = {{Market-based Control of Mobile-agent Systems}}, school = {Dartmouth College Computer Science}, year = 2001, month = {June}, copyright = {Jonathan L. Bredin}, address = {Hanover, NH}, URL = {https://www.cs.dartmouth.edu/~kotz/research/bredin-thesis/index.html}, note = {Available as Dartmouth Computer Science Technical Report TR2001-408}, abstract = {Modern distributed systems scatter sensors, storage, and computation throughout the environment. Ideally these devices communicate and share resources, but there is seldom motivation for a device's owner to yield control to another user. We establish markets for computational resources to motivate principals to share resources with arbitrary users, to enforce priority in distributed systems, to provide flexible and rational limitations on the potential of an application, and to provide a lightweight structure to balance the workload over time and between devices. As proof of concept, we implement a structure software agents can use to discover and negotiate access to networked resources. The structure separates discovery, authentication, and consumption enforcement as separate orthogonal issues to give system designers flexibility. \par Mobile agents represent informational and computational flow. We develop mechanisms that distributively allocate computation among mobile agents in two settings. The first models a situation where users collectively own networked computing resources and require priority enforcement. We extend the allocation mechanism to allow resource reservation to mitigate utility volatility. The second, more general model relaxes the ownership assumption. We apply our computational market to an open setting where a principal's chief concern is revenue maximization. \par Our simulations compare the performance of market-based allocation policies to traditional policies and relate the cost of ownership and consumption separation. We observe that our markets effectively prioritize applications' performance, can operate under uncertainty and network delay, provide metrics to balance network load, and allow measurement of market-participation risk versus reservation-based computation. \par In addition to allocation problems, we investigate resource selection to optimize execution time. The problem is NP-complete if the costs and latencies are constant. Both metrics' dependence on the chosen set complicates matters. We study how a greedy approach, a novel heuristic, and a shortest-constrained-path strategy perform in mobile-agent applications. \par Market-based computational-resource allocation fertilizes applications where previously there was a dearth of motive for or means of cooperation. The rationale behind mobile-agent performance optimization is also useful for resource allocation in general distributed systems where an application has a sequence of dependent tasks or when data collection is expensive.}, } @TechReport{khalid:thesis, author = {Ammar Khalid}, title = {{A Directory Infrastructure to Support Mobile Services}}, institution = {Dartmouth Computer Science}, year = 2001, month = {June}, number = {TR2001-391}, copyright = {the author}, address = {Hanover, NH}, URL = {https://www.cs.dartmouth.edu/~kotz/research/khalid-thesis/index.html}, note = {Available as Dartmouth Computer Science Technical Report TR2001-391}, abstract = {Traditional Voice-over-IP applications such as Microsoft NetMeeting assume that the user is on a machine with a fixed IP address. If, however, the user connects to the Internet, via a wireless network, on a handheld device, his IP address frequently changes as he moves from one subnet to another. In such a situation, we need a service that can be queried for the most current IP address of a person whom we wish to contact. In this project, we design and implement such a directory service. The service authenticates all callers and callees, is robust against most host failure, and scales to several thousand registered users.}, } @TechReport{mathias:thesis, author = {Arun Mathias}, title = {{SmartReminder: A Case Study on Context-Sensitive Applications}}, institution = {Dartmouth Computer Science}, year = 2001, month = {June}, number = {TR2001-392}, copyright = {the author}, address = {Hanover, NH}, URL = {https://www.cs.dartmouth.edu/~kotz/research/mathias-thesis/index.html}, note = {Available as Dartmouth Computer Science Technical Report TR2001-392}, abstract = {Designing context-sensitive applications is challenging. We design and implement SmartReminder to explore designing context-sensitive applications and to demonstrate how the SOLAR system can be used in developing such applications. SmartReminder is an application that reminds the user based on contextual information. Current appointment-reminder applications remind the user about their appointments at an arbitrarily specified time. For instance, they might remind the user ten minutes before each appointment. SmartReminder, on the other hand, uses contextual information, like location, to better estimate the appropriate reminder time for each appointment. It reminds the user based on where they are, where they need to be, and how long it will take them to get there. This paper presents SmartReminder as an illustration of how context-sensitive applications can be designed using the SOLAR system for dissemination of contextual information.}, } @TechReport{mills:tettey-thesis, author = {G. Ayorkor Mills-Tettey}, title = {{Mobile Voice Over IP (MVOIP): An Application-level Protocol}}, institution = {Dartmouth Computer Science}, year = 2001, month = {June}, number = {TR2001-390}, copyright = {the author}, address = {Hanover, NH}, URL = {https://www.cs.dartmouth.edu/~kotz/research/mills-tettey-thesis/index.html}, note = {Available as Dartmouth Computer Science Technical Report TR2001-390}, abstract = {Current Voice over Internet Protocol (VOIP) protocols require participating hosts to have fixed IP addresses for the duration of a VOIP call. When using a wireless-enabled host, such as a tablet computer on an 802.11 wireless network, it is possible for a participant in a VOIP call to roam around the network, moving from one subnet to another and needing to change IP addresses. This address change creates the need for mobility support in VOIP applications. \par We present the design of Mobile Voice over IP (MVOIP), an application-level protocol that enables such mobility in a VOIP application based on the ITU H.323 protocol stack. An MVOIP application uses hints from the surrounding network to determine that it has switched subnets. It then initiates a hand-off procedure that comprises pausing its current calls, obtaining a valid IP address for the current subnet, and reconnecting to the remote party with whom it was in a call. Testing the system shows that on a Windows 2000 platform there is a perceivable delay in the hand-off process, most of which is spent in the Windows API for obtaining DHCP addresses. Despite this bottleneck, MVOIP works well on a wireless network.}, } @TechReport{stern:thesis, author = {Pablo Stern}, title = {{Measuring early usage of Dartmouth's wireless network}}, institution = {Dartmouth Computer Science}, year = 2001, month = {June}, number = {TR2001-393}, copyright = {the author}, address = {Hanover, NH}, URL = {https://www.cs.dartmouth.edu/~kotz/research/stern-thesis/index.html}, note = {Available as Dartmouth Computer Science Technical Report TR2001-393}, abstract = {In Spring 2001, Dartmouth College installed a campus-wide 802.11b wireless network. To understand how that network is used, we examined the usage characteristics of the network over a five-week period. We monitored access points to determine user behavior, and user and network traffic characteristics. Because our study coincided with the deployment of the access points, our analysis captures the growth of a wireless network. The results of this study help understand the behavior of mobile users and provide a reference to network engineers wishing to deploy and expand similar wireless networks.}, } @InProceedings{bredin:game, author = {Jonathan Bredin and Rajiv T. Maheswaran and {\c{C}}agri Imer and Tamer Ba{\c{s}}ar and David Kotz and Daniela Rus}, title = {{A Game-Theoretic Formulation of Multi-Agent Resource Allocation}}, booktitle = {{Proceedings of the International Conference on Autonomous Agents}}, year = 2000, month = {June}, pages = {349--356}, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/336595.337525}, URL = {https://www.cs.dartmouth.edu/~kotz/research/bredin-game/index.html}, abstract = {This paper considers resource allocation in a network with mobile agents competing for computational priority. We formulate this problem as a multi-agent game with the players being agents purchasing service from a common server. We show that there exists a computable Nash equilibrium when agents have perfect information into the future. From our game, we build a market-based CPU allocation policy and a strategy with which an agent may plan its expenditures for a multi-hop itinerary. We simulate a network of hosts and agents using our strategy to show that our resource-allocation mechanism effectively prioritizes agents according to their endowments and that our planning algorithm handles network delay gracefully.}, } @InProceedings{bredin:risk, author = {Jonathan Bredin and David Kotz and Daniela Rus}, title = {{Trading Risk in Mobile-Agent Computational Markets}}, booktitle = {{International Conference on Computing in Economics and Finance}}, year = 2000, month = {July}, numpages = 10, publisher = {Kluwer Academic Publishers}, copyright = {Kluwer}, address = {Barcelona, Spain}, URL = {https://www.cs.dartmouth.edu/~kotz/research/bredin-risk/index.html}, note = {No proceedings available}, abstract = {Mobile-agent systems allow user programs to autonomously relocate from one host site to another. This autonomy provides a powerful, flexible architecture on which to build distributed applications. The asynchronous, decentralized nature of mobile-agent systems makes them flexible, but also hinders their deployment. We argue that a market-based approach where agents buy computational resources from their hosts solves many problems faced by mobile-agent systems. \par In our earlier work, we propose a policy for allocating general computational priority among agents posed as a competitive game for which we derive a unique computable Nash equilibrium. Here we improve on our earlier approach by implementing resource guarantees where mobile-agent hosts issue call options on computational resources. Call options allow an agent to reserve and guarantee the cost and time necessary to complete its itinerary before the agent begins execution. \par We present an algorithm based upon the binomial options-pricing model that estimates future congestion to allow hosts to evaluate call options; methods for agents to measure the risk associated with their performance and compare their expected utility of competing in the computational spot market with utilizing resource options; and test our theory with simulations to show that option trade reduces variance in agent completion times.}, } @TechReport{chen:survey-tr, author = {Guanling Chen and David Kotz}, title = {{A Survey of Context-Aware Mobile Computing Research}}, institution = {Dartmouth Computer Science}, year = 2000, month = {November}, number = {TR2000-381}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/chen-survey-tr/index.html}, abstract = {Context-aware computing is a mobile computing paradigm in which applications can discover and take advantage of contextual information (such as user location, time of day, nearby people and devices, and user activity). Since it was proposed about a decade ago, many researchers have studied this topic and built several context-aware applications to demonstrate the usefulness of this new technology. Context-aware applications (or the system infrastructure to support them), however, have never been widely available to everyday users. In this survey of research on context-aware systems and applications, we looked in depth at the types of context used and models of context information, at systems that support collecting and disseminating context, and at applications that adapt to the changing context. Through this survey, it is clear that context-aware research is an old but rich area for research. The difficulties and possible solutions we outline serve as guidance for researchers hoping to make context-aware computing a reality.}, } @TechReport{gray:motivation-tr, author = {Robert S. Gray and George Cybenko and David Kotz and Daniela Rus}, title = {{Mobile agents: Motivations and State of the Art}}, institution = {Dartmouth Computer Science}, year = 2000, month = {April}, number = {TR2000-365}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/gray-motivation-tr/index.html}, abstract = {A mobile agent is an executing program that can migrate, at times of its own choosing, from machine to machine in a heterogeneous network. On each machine, the agent interacts with stationary service agents and other resources to accomplish its task. In this chapter, we first make the case for mobile agents, discussing six strengths of mobile agents and the applications that benefit from these strengths. Although none of these strengths are unique to mobile agents, no competing technique shares all six. In other words, a mobile-agent system provides a single general framework in which a wide range of distributed applications can be implemented efficiently and easily. We then present a representative cross-section of current mobile-agent systems.}, } @InProceedings{howell:end-to-end, author = {Jon Howell and David Kotz}, title = {{End-to-end authorization}}, booktitle = {{Proceedings of the Symposium on Operating Systems Design and Implementation (OSDI)}}, year = 2000, month = {October}, pages = {151--164}, publisher = {USENIX Association}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/howell-end-to-end/index.html}, abstract = {Many boundaries impede the flow of authorization information, forcing applications that span those boundaries into hop-by-hop approaches to authorization. We present a unified approach to authorization. Our approach allows applications that span administrative, network, abstraction, and protocol boundaries to understand the end-to-end authority that justifies any given request. The resulting distributed systems are more secure and easier to audit. \par We describe boundaries that can interfere with end-to-end authorization, and outline our unified approach. We describe the system we built and the applications we adapted to use our unified authorization system, and measure its costs. We conclude that our system is a practical approach to the desirable goal of end-to-end authorization.}, } @Article{howell:restricted, author = {Jon Howell and David Kotz}, title = {{Restricted delegation: seamlessly spanning administrative boundaries}}, journal = {ACM Operating Systems Review}, year = 2000, month = {April}, volume = 34, number = 2, pages = {38--39}, publisher = {ACM}, copyright = {the authors}, DOI = {10.1145/346152.346268}, URL = {https://www.cs.dartmouth.edu/~kotz/research/howell-restricted/index.html}, } @TechReport{howell:spki-tr, author = {Jon Howell and David Kotz}, title = {{A Formal Semantics for SPKI}}, institution = {Dartmouth Computer Science}, year = 2000, month = {March}, number = {TR2000-363}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/howell-spki-tr/index.html}, abstract = {We extend the logic and semantics of authorization due to Abadi, Lampson, et al. to support restricted delegation. Our formal model provides a simple interpretation for the variety of constructs in the Simple Public Key Infrastructure (SPKI), and lends intuition about possible extensions. We discuss both extensions that our semantics supports and extensions that it cautions against.}, } @InProceedings{howell:spki, author = {Jon Howell and David Kotz}, title = {{A Formal Semantics for SPKI}}, booktitle = {{Proceedings of the European Symposium on Research in Computer Security (ESORICS)}}, series = {Lecture Notes in Computer Science}, year = 2000, month = {October}, volume = 1895, pages = {140--158}, publisher = {Springer-Verlag}, copyright = {Springer-Verlag}, DOI = {10.1007/10722599_9}, URL = {https://www.cs.dartmouth.edu/~kotz/research/howell-spki/index.html}, abstract = {We extend the logic and semantics of authorization due to Abadi, Lampson, et al. to support restricted delegation. Our formal model provides a simple interpretation for the variety of constructs in the Simple Public Key Infrastructure (SPKI), and lends intuition about possible extensions. We discuss both extensions that our semantics supports and extensions that it cautions against.}, } @TechReport{kotz:model-tr, author = {David Kotz and Guofei Jiang and Robert Gray and George Cybenko and Ronald A. Peterson}, title = {{Performance Analysis of Mobile Agents for Filtering Data Streams on Wireless Networks}}, institution = {Dartmouth Computer Science}, year = 2000, month = {May}, number = {TR2000-366}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-model-tr/index.html}, abstract = {Wireless networks are an ideal environment for mobile agents, because their mobility allows them to move across an unreliable link to reside on a wired host, next to or closer to the resources they need to use. Furthermore, client-specific data transformations can be moved across the wireless link, and run on a wired gateway server, with the goal of reducing bandwidth demands. In this paper we examine the tradeoffs faced when deciding whether to use mobile agents to support a data-filtering application, in which numerous wireless clients filter information from a large data stream arriving across the wired network. We develop an analytical model and use parameters from our own experiments to explore the model's implications.}, } @TechReport{kotz:model-tr2, author = {David Kotz and George Cybenko and Robert S. Gray and Guofei Jiang and Ronald A. Peterson and Martin O. Hofmann and Daria A. Chacon and Kenneth R. Whitebread and James Hendler}, title = {{Performance Analysis of Mobile Agents for Filtering Data Streams on Wireless Networks}}, institution = {Dartmouth Computer Science}, year = 2000, month = {October}, number = {TR2000-377}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-model-tr2/index.html}, abstract = {Wireless networks are an ideal environment for mobile agents, since their mobility allows them to move across an unreliable link to reside on a wired host, next to or closer to the resources that they need to use. Furthermore, client-specific data transformations can be moved across the wireless link and run on a wired gateway server, reducing bandwidth demands. In this paper we examine the tradeoffs faced when deciding whether to use mobile agents in a data-filtering application where numerous wireless clients filter information from a large data stream arriving across the wired network. We develop an analytical model and use parameters from filtering experiments conducted during a U.S. Navy Fleet Battle Experiment (FBE) to explore the model's implications.}, } @InProceedings{kotz:model, author = {David Kotz and Guofei Jiang and Robert Gray and George Cybenko and Ronald A. Peterson}, title = {{Performance Analysis of Mobile Agents for Filtering Data Streams on Wireless Networks}}, booktitle = {{Proceedings of the Workshop on Modeling, Analysis and Simulation of Wireless and Mobile Systems (MSWiM)}}, year = 2000, month = {August}, pages = {85--94}, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/346855.346868}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-model/index.html}, abstract = {Wireless networks are an ideal environment for mobile agents, because their mobility allows them to move across an unreliable link to reside on a wired host, next to or closer to the resources they need to use. Furthermore, client-specific data transformations can be moved across the wireless link, and run on a wired gateway server, with the goal of reducing bandwidth demands. In this paper we examine the tradeoffs faced when deciding whether to use mobile agents to support a data-filtering application, in which numerous wireless clients filter information from a large data stream arriving across the wired network. We develop an analytical model and use parameters from our own experiments to explore the model's implications.}, } @Misc{kotz:pario-sw, author = {David Kotz}, title = {{Bibliography about Parallel I/O}}, howpublished = {BibTeX bibliography}, year = 2000, copyright = {David Kotz}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-pario-sw/index.html}, note = {Original version published 1994}, abstract = {A bibliography of many references on parallel I/O and multiprocessor file-systems issues. As of the fifth edition, it is available in HTML format.}, } @TechReport{artz:thesis, author = {John C. Artz}, title = {{Personal Radio}}, institution = {Dartmouth Computer Science}, year = 2000, month = {June}, number = {TR2000-372}, copyright = {the author}, address = {Hanover, NH}, URL = {https://www.cs.dartmouth.edu/~kotz/research/artz-thesis/index.html}, note = {Available as Dartmouth Computer Science Technical Report TR2000-372}, abstract = { With the development of new technologies that allow the broadcast of digital data over radio signals, there are many possibilities for improving upon the traditional radio station model for content delivery. The idea of Personal Radio is a system that tailors content to meet the needs of each individual. Using Global Positioning System (GPS) technology to play location specific content, the listening history to play content an appropriate number of times, and user feedback to learn personal preferences, the Personal Radio provides the listener with the content that is the most useful/interesting to them. This paper will examine the general design of such a system and present solutions developed in the implementation of several pieces of the design.}, } @TechReport{chyi:thesis, author = {Debbie O. Chyi}, title = {{An Infrastructure for a Mobile-Agent System that Provides Personalized Services to Mobile Devices}}, institution = {Dartmouth Computer Science}, year = 2000, month = {May}, number = {TR2000-370}, copyright = {the author}, address = {Hanover, NH}, URL = {https://www.cs.dartmouth.edu/~kotz/research/chyi-thesis/index.html}, note = {Available as Dartmouth Computer Science Technical Report TR2000-370}, abstract = {In this paper, we present the design of a mobile-agent system that provides a mobile user with a personalized information retrieval service and we describe the implementation of the infrastructure for such a system. This "Personal Agent System" gathers information from the Internet and uses context-aware mechanisms to manage the information according to a mobile user's needs and preferences. The user's schedule and location are the context indicators in this system. These indicators are critical in ensuring that users obtain only the information they want, receive information in a form that is most useful for viewing on their mobile device, and is notified of new information in a minimally intrusive manner. The system incorporates a rule-based learning system to enhance the personalization achieved by the system.}, } @PhdThesis{howell:thesis, author = {Jonathan R. Howell}, title = {{Naming and sharing resources across administrative boundaries}}, school = {Dartmouth College Computer Science}, year = 2000, month = {June}, copyright = {Jonathan R. Howell}, address = {Hanover, NH}, URL = {https://www.cs.dartmouth.edu/~kotz/research/howell-thesis/index.html}, note = {Available as Dartmouth Computer Science Technical Reports TR2000-378, 379, and 380}, abstract = {I tackle the problem of naming and sharing resources across administrative boundaries. Conventional systems manifest the hierarchy of typical administrative structure in the structure of their own mechanism. While natural for communication that follows hierarchical patterns, such systems interfere with naming and sharing that cross administrative boundaries, and therefore cause headaches for both users and administrators. I propose to organize resource naming and security, not around administrative domains, but around the sharing patterns of users. \par The dissertation is organized into four main parts. First, I discuss the challenges and tradeoffs involved in naming resources and consider a variety of existing approaches to naming. \par Second, I consider the architectural requirements for user-centric sharing. I evaluate existing systems with respect to these requirements. \par Third, to support the sharing architecture, I develop a formal logic of sharing that captures the notion of restricted delegation. Restricted delegation ensures that users can use the same mechanisms to share resources consistently, regardless of the origin of the resource, or with whom the user wishes to share the resource next. A formal semantics gives unambiguous meaning to the logic. I apply the formalism to the Simple Public Key Infrastructure and discuss how the formalism either supports or discourages potential extensions to such a system. \par Finally, I use the formalism to drive a user-centric sharing implementation for distributed systems. I show how this implementation enables end-to-end authorization, a feature that makes heterogeneous distributed systems more secure and easier to audit. Conventionally, gateway services that bridge administrative domains, add abstraction, or translate protocols typically impede the flow of authorization information from client to server. In contrast, end-to-end authorization enables us to build gateway services that preserve authorization information, hence we reduce the size of the trusted computing base and enable more effective auditing. I demonstrate my implementation and show how it enables end-to-end authorization across various boundaries. I measure my implementation and argue that its performance tracks that of similar authorization mechanisms without end-to-end structure. \par I conclude that my user-centric philosophy of naming and sharing benefits both users and administrators.}, } @TechReport{bredin:game-tr, author = {Jonathan Bredin and Rajiv T. Maheswaran and {\c{C}}agri Imer and Tamer Ba{\c{s}}ar and David Kotz and Daniela Rus}, title = {{A Game-Theoretic Formulation of Multi-Agent Resource Allocation}}, institution = {Dartmouth Computer Science}, year = 1999, month = {October}, number = {PCS-TR99-360}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/bredin-game-tr/index.html}, abstract = {This paper considers resource allocation in a network with mobile agents competing for computational priority. We formulate this problem as a multi-agent game with the players being agents purchasing service from a common server. We show that there exists a computable Nash equilibrium when agents have perfect information into the future. We simulate a network of hosts and agents using our strategy to show that our resource-allocation mechanism effectively prioritizes agents according to their endowments.}, } @TechReport{bredin:lottery-tr, author = {Jonathan Bredin and David Kotz and Daniela Rus}, title = {{Mobile-Agent Planning in a Market-Oriented Environment}}, institution = {Dartmouth Computer Science}, year = 1999, month = {May}, number = {PCS-TR99-345}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/bredin-lottery-tr/index.html}, note = {Revision 1 of May 20, 1999}, abstract = {We propose a method for increasing incentives for sites to host arbitrary mobile agents in which mobile agents purchase their computing needs from host sites. We present a scalable market-based CPU allocation policy and an on-line algorithm that plans a mobile agent's expenditure over a multihop ordered itinerary. The algorithm chooses a set of sites at which to execute and computational priorities at each site to minimize execution time while preserving a prespecified budget constraint. We present simulation results of our algorithm to show that our allocation policy and planning algorithm scale well as more agents are added to the system.}, } @InProceedings{bredin:position, author = {Jonathan Bredin and David Kotz and Daniela Rus}, title = {{Economic Markets as a Means of Open Mobile-Agent Systems}}, booktitle = {{Proceedings of the Mobile Agents in the Context of Competition and Cooperation (MAC3) Workshop at Autonomous Agents'99}}, year = 1999, month = {May}, pages = {43--49}, publisher = {ACM}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/bredin-position/index.html}, abstract = {Mobile-agent systems have gained popularity in use because they ease the application design process by giving software engineers greater flexibility. Although the value of any network is dependent on both the number of users and the number of sites participating in the network, there is little motivation for systems to donate resources to arbitrary agents. We propose to remedy the problem by imposing an economic market on mobile-agent systems where agents purchase resources from host sites and sell services to users and other agents. Host sites accumulate revenues, which are distributed to users to be used to launch more agents. We argue for the use of markets to regulate mobile-agent systems and discuss open issues in implementing market-based mobile-agent systems.}, } @InCollection{brewington:IR, author = {Brian Brewington and Robert Gray and Katsuhiro Moizumi and David Kotz and George Cybenko and Daniela Rus}, title = {{Mobile Agents for Distributed Information Retrieval}}, booktitle = {{Intelligent Information Agents}}, editor = {Matthias Klusch}, year = 1999, chapter = 15, pages = {355--395}, publisher = {Springer-Verlag}, copyright = {Springer-Verlag}, ISBN = {3-540-65112-8}, URL = {https://www.cs.dartmouth.edu/~kotz/research/brewington-IR/index.html}, abstract = {A mobile agent is an executing program that can migrate during execution from machine to machine in a heterogeneous network. On each machine, the agent interacts with stationary service agents and other resources to accomplish its task. Mobile agents are particularly attractive in distributed information-retrieval applications. By moving to the location of an information resource, the agent can search the resource locally, eliminating the transfer of intermediate results across the network and reducing end-to-end latency. In this chapter, we first discuss the strengths of mobile agents, and argue that although none of these strengths are unique to mobile agents, no competing technique shares all of them. Next, after surveying several representative mobile-agent systems, we examine one specific information-retrieval application, searching distributed collections of technical reports, and consider how mobile agents can be used to implement this application efficiently and easily. Then we spend the bulk of the chapter describing two planning services that allow mobile agents to deal with dynamic network environments and information resources: (1) planning algorithms that let an agent choose the best migration path through the network, given its current task and the current network conditions, and (2) planning algorithms that tell an agent how to observe a changing set of documents in a way that detects changes as soon as possible while minimizing overhead. Finally, we consider the types of errors that can occur when information from multiple sources is merged and filtered, and argue that the structure of a mobile-agent application determines the extent to which these errors affect the final result.}, } @TechReport{howell:calculus-tr, author = {Jon Howell and David Kotz}, title = {{An Access-Control Calculus for Spanning Administrative Domains}}, institution = {Dartmouth Computer Science}, year = 1999, month = {November}, number = {PCS-TR99-361}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/howell-calculus-tr/index.html}, abstract = {In our quest to give users uniform access to resources unimpeded by administrative boundaries, we discovered that we needed transitive sharing among users, with the possibility of restricted access along each sharing link. To achieve that goal, we extend Lampson et al.'s calculus for access control to support restricted delegations. We discuss the advantages of our extension, including the simplification of constructs like ACLs and statement expiration. We also apply our extension to model the Simple Public Key Infrastructure and make suggestions about its future development. Our extended calculus exposes some surprising consequences in such systems that use restricted delegation.}, } @InCollection{kotz:bmobile, author = {David Kotz and Robert Gray and Saurab Nog and Daniela Rus and Sumit Chawla and George Cybenko}, title = {{Mobile Agents for Mobile Computing}}, booktitle = {{Mobility: Processes, Computers, and Agents}}, editor = {Dejan S. Miloji{\v{c}}i{\'c} and Frederick Douglis and Richard G. Wheeler}, year = 1999, month = {April}, chapter = {14.3}, pages = {513--523}, publisher = {Addison Wesley and ACM Press}, copyright = {IEEE}, ISBN13 = 9780201379280, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-bmobile/index.html}, abstract = {Mobile computers have become increasingly popular as users discover the benefits of having their electronic work available at all times. However, because network conditions vary from connection to connection, using Internet resources from a mobile platform is a major challenge. Mobile agents are one solution. A mobile agent is an autonomous program that can move from machine to machine in a heterogeneous network under its own control. It can suspend its execution at any point, transport itself to a new machine, and resume execution on the new machine from the point at which it left off. On each machine, it interacts with service agents and other resources to accomplish its task, returning to its home site with a final result when that task is finished. \par Agent Tcl is a mobile-agent system whose agents can be written in Tcl, Java, and Scheme. Agent Tcl has extensive navigation and communication services, security mechanisms, and debugging and tracking tools. In this article we focus on Agent Tcl's architecture and security mechanisms, its RPC system, and its docking system, which lets an agent move transparently among mobile computers, regardless of when they are connected to the network.}, } @InCollection{kotz:encyc1, author = {David Kotz and Ravi Jain}, title = {{I/O in Parallel and Distributed Systems}}, booktitle = {{Encyclopedia of Computer Science and Technology}}, editor = {Allen Kent and James G. Williams}, year = 1999, volume = 40, chapter = 0, pages = {141--154}, publisher = {Marcel Dekker, Inc.}, copyright = {Marcel Dekker, Inc.}, ISBN13 = 9780824722937, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-encyc1/index.html}, note = {Supplement 25}, abstract = {We sketch the reasons for the I/O bottleneck in parallel and distributed systems, pointing out that it can be viewed as a special case of a general bottleneck that arises at all levels of the memory hierarchy. We argue that because of its severity, the I/O bottleneck deserves systematic attention at all levels of system design. We then present a survey of the issues raised by the I/O bottleneck in six key areas of parallel and distributed systems: applications, algorithms, languages and compilers, run-time libraries, operating systems, and architecture.}, } @InProceedings{kotz:future, author = {David Kotz and Robert S. Gray}, title = {{Mobile Code: The Future of the Internet}}, booktitle = {{Proceedings of the Mobile Agents in the Context of Competition and Cooperation (MAC3) Workshop at Autonomous Agents'99}}, year = 1999, month = {May}, pages = {6--12}, publisher = {ACM}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-future/index.html}, abstract = {Use of the Internet has exploded in recent years with the appearance of the World-Wide Web. In this paper, we show how current technological trends necessarily lead to a system based substantially on mobile code, and in many cases, mobile agents. We discuss several technical and non-technical hurdles along the path to that eventuality. Finally, we predict that, within five years, nearly all major Internet sites will be capable of hosting and willing to host some form of mobile agents.}, } @Article{kotz:future2, author = {David Kotz and Robert S. Gray}, title = {{Mobile Agents and the Future of the Internet}}, journal = {ACM Operating Systems Review}, year = 1999, month = {August}, volume = 33, number = 3, pages = {7--13}, publisher = {ACM}, copyright = {the authors}, DOI = {10.1145/311124.311130}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-future2/index.html}, abstract = {Use of the Internet has exploded in recent years with the appearance of the World-Wide Web. In this paper, we show how current technological trends may lead to a system based substantially on mobile code, and in many cases, mobile agents. We discuss several technical and non-technical hurdles along the path to that eventuality. It seems likely that, within a few years, nearly all major Internet sites will be capable of hosting and willing to host some form of mobile code or mobile agents.}, } @TechReport{bredin:demand-tr, author = {Jonathan Bredin and David Kotz and Daniela Rus}, title = {{Utility Driven Mobile-Agent Scheduling}}, institution = {Dartmouth Computer Science}, year = 1998, month = {May}, number = {PCS-TR98-331}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/bredin-demand-tr/index.html}, note = {Revised October 3, 1998}, abstract = {Mobile agents are programs capable of migrating from one host machine to another. We propose that mobile agents purchase resource access rights from host machines thereby establishing a market for computational resources and giving agents a metric to evenly distribute themselves throughout the network. Market participation requires quantitative information about resource consumption to define demand and calculate utility. \par We create a formal utility model to derive user-demand functions, allowing agents to efficiently plan expenditure and deal with price fluctuations. By quantifying demand and utility, resource owners can precisely set a value for a good. We simulate our model in a mobile agent scheduling environment and show how mobile agents may use server prices to distribute themselves evenly throughout a network.}, } @InProceedings{bredin:market, author = {Jonathan Bredin and David Kotz and Daniela Rus}, title = {{Market-based Resource Control for Mobile Agents}}, booktitle = {{Proceedings of the International Conference on Autonomous Agents}}, year = 1998, month = {May}, pages = {197--204}, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/280765.280801}, URL = {https://www.cs.dartmouth.edu/~kotz/research/bredin-market/index.html}, abstract = {Mobile agents are programs that can migrate from machine to machine in a heterogeneous, partially disconnected network. As mobile agents move across a network, they consume resources. We discuss a system for controlling the activities of mobile agents that uses electronic cash, a banking system, and a set of resource managers. We describe protocols for transactions between agents. We present fixed-pricing and dynamic-pricing policies for resources. We focus on and analyze the sealed-bid second-price auction as a mechanism for dynamic pricing.}, } @TechReport{carter:vesta, author = {Matthew P. Carter and David Kotz}, title = {{An Implementation of the Vesta Parallel File System API on the Galley Parallel File System}}, institution = {Dartmouth Computer Science}, year = 1998, month = {April}, number = {PCS-TR98-329}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/carter-vesta/index.html}, abstract = {To demonstrate the flexibility of the Galley parallel file system and to analyze the efficiency and flexibility of the Vesta parallel file system interface, we implemented Vesta's application-programming interface on top of Galley. We implemented the Vesta interface using Galley's file-access methods, whose design arose from extensive testing and characterization of the I/O requirements of scientific applications for high-performance multiprocessors. We used a parallel CPU, parallel I/O, out-of-core matrix-multiplication application to test the Vesta interface in both its ability to specify data access patterns and in its run-time efficiency. In spite of its powerful ability to specify the distribution of regular, non-overlapping data access patterns across disks, we found that the Vesta interface has some significant limitations. We discuss these limitations in detail in the paper, along with the performance results.}, } @InCollection{gray:security-book, author = {Robert S. Gray and David Kotz and George Cybenko and Daniela Rus}, title = {{D'Agents: Security in a multiple-language, mobile-agent system}}, booktitle = {{Mobile Agents and Security}}, editor = {Giovanni Vigna}, series = {Lecture Notes in Computer Science}, year = 1998, volume = 1419, chapter = 9, pages = {154--187}, publisher = {Springer-Verlag}, copyright = {Springer-Verlag}, ISBN13 = {978-3-540-68671-2}, DOI = {10.1007/3-540-68671-1}, URL = {https://www.cs.dartmouth.edu/~kotz/research/gray-security-book/index.html}, abstract = {Mobile-agent systems must address three security issues: protecting an individual machine, protecting a group of machines, and protecting an agent. In this chapter, we discuss these three issues in the context of D'Agents, a mobile-agent system whose agents can be written in Tcl, Java and Scheme. (D'Agents was formerly known as Agent Tcl.) First we discuss mechanisms existing in D'Agents for protecting an individual machine: (1) cryptographic authentication of the agent's owner, (2) resource managers that make policy decisions based on the owner's identity, and (3) secure execution environments for each language that enforce the decisions of the resource managers. Then we discuss our planned market-based approach for protecting machine groups. Finally we consider several (partial) solutions for protecting an agent from a malicious machine.}, } @TechReport{howell:snowflake2-tr, author = {Jon Howell and David Kotz}, title = {{Snowflake: Spanning Administrative Domains}}, institution = {Dartmouth Computer Science}, year = 1998, month = {December}, number = {PCS-TR98-343}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/howell-snowflake2-tr/index.html}, abstract = {Many distributed systems provide a ``single-system image'' to their users, so the user has the illusion that they are using a single system when in fact they are using many distributed resources. It is a powerful abstraction that helps users to manage the complexity of using distributed resources. The goal of the Snowflake project is to discover how single-system images can be made to span administrative domains. Our current prototype organizes resources in namespaces and distributes them using Java Remote Method Invocation. Challenging issues include how much flexibility should be built into the namespace interface, and how transparent the network and persistent storage should be. We outline future work on making Snowflake administrator-friendly.}, } @TechReport{oldfield:app-pario, author = {Ron Oldfield and David Kotz}, title = {{Applications of Parallel I/O}}, institution = {Dartmouth Computer Science}, year = 1998, month = {August}, number = {PCS-TR98-337}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/oldfield-app-pario/index.html}, note = {Supplement to PCS-TR96-297}, abstract = {Scientific applications are increasingly being implemented on massively parallel supercomputers. Many of these applications have intense I/O demands, as well as massive computational requirements. This paper is essentially an annotated bibliography of papers and other sources of information about scientific applications using parallel I/O. It will be updated periodically.}, } @TechReport{bredin:market-tr, author = {Jonathan Bredin and David Kotz and Daniela Rus}, title = {{Market-based Resource Control for Mobile Agents}}, institution = {Dartmouth Computer Science}, year = 1997, month = {December}, number = {PCS-TR97-326}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/bredin-market-tr/index.html}, abstract = {Mobile agents are programs that can migrate from machine to machine in a heterogeneous, partially disconnected network. As mobile agents move across a network, they consume resources. We discuss a system for controlling the activities of mobile agents that uses electronic cash, a banking system, and a set of resource managers. We describe protocols for transactions between agents. We present fixed-pricing and dynamic-pricing policies for resources. We focus on and analyze the sealed-bid second-price auction as a mechanism for dynamic pricing.}, } @InCollection{gray:bookchap, author = {Robert Gray and David Kotz and George Cybenko and Daniela Rus}, title = {{Agent Tcl}}, booktitle = {{Mobile Agents: Explanations and Examples}}, editor = {William Cockayne and Michael Zyda}, year = 1997, month = {March}, chapter = 4, pages = {58--95}, publisher = {Manning Publishing}, copyright = {Manning Publishing}, ISBN13 = 9780138582425, URL = {https://www.cs.dartmouth.edu/~kotz/research/gray-bookchap/index.html}, note = {Imprints by Manning Publishing and Prentice Hall}, } @InProceedings{gray:mobile, author = {Robert Gray and David Kotz and Saurab Nog and Daniela Rus and George Cybenko}, title = {{Mobile Agents: The Next Generation in Distributed Computing}}, booktitle = {{Proceedings of the Aizu International Symposium on Parallel Algorithms and Architectures Synthesis (pAs)}}, year = 1997, month = {March}, pages = {8--24}, publisher = {IEEE}, copyright = {IEEE}, address = {Fukushima, Japan}, DOI = {10.1109/AISPAS.1997.581620}, URL = {https://www.cs.dartmouth.edu/~kotz/research/gray-mobile/index.html}, note = {Invited paper}, abstract = {Mobile agents are programs that can move through a network under their own control, migrating from host to host and interacting with other agents and resources on each. we argue that these mobile, autonomous agents have the potential to provide a convenient, efficient and robust programming paradigm for distributed applications, particularly when partially connected computers are involved. partially connected computers include mobile computers such as laptops and personal digital assistants as well as modem-connected home computers, all of which are often disconnected from the network. in this paper, we describe the design and implementation of our mobile-agent system, agent tcl, and the specific features that support mobile computers and disconnected operation. these features include network-sensing tools and a \emph{docking} system that allows an agent to transparently move between mobile computers, regardless of when the computers connect to the network.}, } @TechReport{hirschl:agdb, author = {Melissa Hirschl and David Kotz}, title = {{AGDB: A Debugger for Agent Tcl}}, institution = {Dartmouth Computer Science}, year = 1997, month = {February}, number = {PCS-TR97-306}, copyright = {the authors}, address = {Hanover, NH}, URL = {https://www.cs.dartmouth.edu/~kotz/research/hirschl-agdb/index.html}, abstract = {The Agent Tcl language is an extension of Tcl/Tk that supports distributed programming in the form of transportable agents. AGDB is a debugger for the Agent Tcl language. AGDB mixes of traditional and distributed debugging facilities. Traditional debugging features include breakpoints (line-specific, conditional, and once-only), watch conditions and variables, and interrupts. Distributed-debugging features address issues inherent in distributed programming such as migration and communication. These capabilities make debugging distributed programs difficult because they add complexities like race conditions to the set of problems a program can encounter. This paper discusses how AGDB uses distributed debugging features to debug agents.}, } @TechReport{khanna:group, author = {Sanjay Khanna and David Kotz}, title = {{A Split-Phase Interface for Parallel File Systems}}, institution = {Dartmouth Computer Science}, year = 1997, month = {March}, number = {PCS-TR97-312}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/khanna-group/index.html}, abstract = {We describe the effects of a new user-level library for the Galley Parallel File System. This library allows some pre-existing sequential programs to make use of the Galley Parallel File System with minimal modification. It permits programs to efficiently use the parallel file system because the user-level library groups accesses together. We examine the performance of our library, and we show how code needs to be modified to use the library.}, } @Article{kotz:jdiskdir, author = {David Kotz}, title = {{Disk-directed I/O for MIMD Multiprocessors}}, journal = {ACM Transactions on Computer Systems}, year = 1997, month = {February}, volume = 15, number = 1, pages = {41--74}, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/244764.244766}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-jdiskdir/index.html}, abstract = {Many scientific applications that run on today's multiprocessors, such as weather forecasting and seismic analysis, are bottlenecked by their file-I/O needs. Even if the multiprocessor is configured with sufficient I/O hardware, the file-system software often fails to provide the available bandwidth to the application. Although libraries and enhanced file-system interfaces can make a significant improvement, we believe that fundamental changes are needed in the file-server software. We propose a new technique, disk-directed I/O, to allow the disk servers to determine the flow of data for maximum performance. Our simulations show that tremendous performance gains are possible both for simple reads and writes and for an out-of-core application. Indeed, our disk-directed I/O technique provided consistent high performance that was largely independent of data distribution, obtained up to 93\% of peak disk bandwidth, and was as much as 18 times faster than the traditional technique.}, } @Article{kotz:jmobile, author = {David Kotz and Robert Gray and Saurab Nog and Daniela Rus and Sumit Chawla and George Cybenko}, title = {{Agent Tcl: Targeting the Needs of Mobile Computers}}, journal = {IEEE Internet Computing}, year = 1997, month = {July}, volume = 1, number = 4, pages = {58--67}, publisher = {IEEE}, copyright = {IEEE}, DOI = {10.1109/4236.612217}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-jmobile/index.html}, abstract = {Mobile computers have become increasingly popular as users discover the benefits of having their electronic work available at all times. However, because network conditions vary from connection to connection, using Internet resources from a mobile platform is a major challenge. Mobile agents are one solution. A mobile agent is an autonomous program that can move from machine to machine in a heterogeneous network under its own control. It can suspend its execution at any point, transport itself to a new machine, and resume execution on the new machine from the point at which it left off. On each machine, it interacts with service agents and other resources to accomplish its task, returning to its home site with a final result when that task is finished. \par Agent Tcl is a mobile-agent system whose agents can be written in Tcl, Java, and Scheme. Agent Tcl has extensive navigation and communication services, security mechanisms, and debugging and tracking tools. In this article we focus on Agent Tcl's architecture and security mechanisms, its RPC system, and its docking system, which lets an agent move transparently among mobile computers, regardless of when they are connected to the network.}, } @Article{nieuwejaar:jgalley, author = {Nils Nieuwejaar and David Kotz}, title = {{The Galley Parallel File System}}, journal = {Parallel Computing}, year = 1997, month = {June}, volume = 23, number = 4, pages = {447--476}, publisher = {North-Holland (Elsevier Scientific)}, copyright = {North-Holland (Elsevier Scientific)}, DOI = {10.1016/S0167-8191(97)00009-4}, URL = {https://www.cs.dartmouth.edu/~kotz/research/nieuwejaar-jgalley/index.html}, abstract = {Most current multiprocessor file systems are designed to use multiple disks in parallel computing, using the high aggregate bandwidth to meet the growing I/O requirements of parallel scientific applications. Many multiprocessor file systems provide applications with a conventional Unix-like interface, allowing the application to access multiple disks transparently. This interface conceals the parallelism within the file system, increasing the ease of programmability, but making it difficult or impossible for sophisticated programmers and libraries to use knowledge about their I/O needs to exploit that parallelism. In addition to providing an insufficient interface, most current multiprocessor file systems are optimized for a different workload than they are being asked to support. We introduce Galley, a new parallel file system that is intended to efficiently support realistic scientific multiprocessor workloads. We discuss Galley's file structure and application interface, as well as the performance advantages offered by that interface.}, } @InProceedings{rus:autonomous2, author = {Daniela Rus and Robert Gray and David Kotz}, title = {{Transportable Information Agents}}, booktitle = {{Proceedings of the International Conference on Autonomous Agents}}, year = 1997, month = {February}, pages = {228--236}, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/267658.267721}, URL = {https://www.cs.dartmouth.edu/~kotz/research/rus-autonomous2/index.html}, abstract = {Transportable agents are autonomous programs. They can move through a heterogeneous network of computers under their own control, migrating from host to host. They can sense the state of the network, monitor software conditions, and interact with other agents or resources. The network-sensing tools allow our agents to adapt to the network configuration and to navigate under the control of reactive plans. In this paper we describe the design and implementation of the navigation system that gives our agents autonomy. We also discuss the intelligent and adaptive behavior of autonomous agents in distributed information-gathering tasks.}, } @Article{rus:autonomous3, author = {Daniela Rus and Robert Gray and David Kotz}, title = {{Transportable Information Agents}}, journal = {Journal of Intelligent Information Systems}, year = 1997, month = {November}, volume = 9, pages = {215--238}, publisher = {Kluwer Academic Publishers}, copyright = {Kluwer Academic Publishers}, DOI = {10.1023/A:1008622002816}, URL = {https://www.cs.dartmouth.edu/~kotz/research/rus-autonomous3/index.html}, abstract = {Transportable agents are autonomous programs. They can move through a heterogeneous network of computers under their own control, migrating from host to host. They can sense the state of the network, monitor software conditions, and interact with other agents or resources. The network-sensing tools allow our agents to adapt to the network configuration and to navigate under the control of reactive plans. In this paper we describe the design and implementation of the navigation system that gives our agents autonomy. We also discuss the intelligent and adaptive behavior of autonomous agents in distributed information-gathering tasks.}, } @InCollection{rus:autonomous4, author = {Daniela Rus and Robert Gray and David Kotz}, title = {{Transportable Information Agents}}, booktitle = {{Readings in Agents}}, editor = {Michael Huhns and Munindar Singh}, year = 1997, month = {October}, chapter = {3.3}, pages = {283--291}, publisher = {Morgan Kaufmann Publishers}, copyright = {Morgan Kaufmann Publishers}, ISBN13 = {978-1-55860-495-7}, address = {San Francisco}, DOI = {10.5555/284860.284912}, URL = {https://www.cs.dartmouth.edu/~kotz/research/rus-autonomous4/index.html}, abstract = {Transportable agents are autonomous programs. They can move through a heterogeneous network of computers under their own control, migrating from host to host. They can sense the state of the network, monitor software conditions, and interact with other agents or resources. The network-sensing tools allow our agents to adapt to the network configuration and to navigate under the control of reactive plans. In this paper we describe the design and implementation of the navigation system that gives our agents autonomy. We also discuss the intelligent and adaptive behavior of autonomous agents in distributed information-gathering tasks.}, } @InProceedings{ap:enwrich, author = {Apratim Purakayastha and Carla Schlatter Ellis and David Kotz}, title = {{ENWRICH: A Compute-Processor Write Caching Scheme for Parallel File Systems}}, booktitle = {{Proceedings of the Workshop on Input/Output in Parallel and Distributed Systems (IOPADS)}}, year = 1996, month = {May}, pages = {55--68}, publisher = {ACM}, copyright = {ACM}, address = {Philadelphia}, DOI = {10.1145/236017.236034}, URL = {https://www.cs.dartmouth.edu/~kotz/research/ap-enwrich/index.html}, abstract = {Many parallel scientific applications need high-performance I/O. Unfortunately, end-to-end parallel-I/O performance has not been able to keep up with substantial improvements in parallel-I/O hardware because of poor parallel file-system software. Many radical changes, both at the interface level and the implementation level, have recently been proposed. One such proposed interface is \emph{collective I/O}, which allows parallel jobs to request transfer of large contiguous objects in a single request, thereby preserving useful semantic information that would otherwise be lost if the transfer were expressed as per-processor non-contiguous requests. Kotz has proposed \emph{disk-directed I/O} as an efficient implementation technique for collective-I/O operations, where the compute processors make a single collective data-transfer request, and the I/O processors thereafter take full control of the actual data transfer, exploiting their detailed knowledge of the disk-layout to attain substantially improved performance. \par Recent parallel file-system usage studies show that writes to write-only files are a dominant part of the workload. Therefore, optimizing writes could have a significant impact on overall performance. In this paper, we propose ENWRICH, a compute-processor write-caching scheme for write-only files in parallel file systems. ENWRICH combines low-overhead write caching at the compute processors with high performance disk-directed I/O at the I/O processors to achieve both low latency and high bandwidth. This combination facilitates the use of the powerful disk-directed I/O technique independent of any particular choice of interface. By collecting writes over many files and applications, ENWRICH lets the I/O processors optimize disk I/O over a large pool of requests. We evaluate our design via simulated implementation and show that ENWRICH achieves high performance for various configurations and workloads.}, } @Article{choudhary:sdcr, author = {Alok Choudhary and David Kotz}, title = {{Large-Scale File Systems with the Flexibility of Databases}}, journal = {ACM Computing Surveys}, year = 1996, month = {December}, volume = {28A}, number = 4, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/242224.242488}, URL = {https://www.cs.dartmouth.edu/~kotz/research/choudhary-sdcr/index.html}, note = {Position paper for the Working Group on Storage I/O for Large-Scale Computing, ACM Workshop on Strategic Directions in Computing Research. Available on-line only.}, abstract = {We note that large-scale computing includes many applications with intensive I/O demands. A data-storage system for such applications must address two issues: locating the appropriate data set, and accessing the contents of the data set. Today, there are two extreme models of data location and management: 1) file systems, which can be fast but which require a user to manage the structure of the file-name space and, often, of the file contents; and 2) object-oriented-database systems, in which even the smallest granule of data is stored as an object with associated access methods, which is very flexible but often slow. We propose a solution that may provide the performance of file systems with the flexibility of object databases.}, } @TechReport{gray:mobile-tr, author = {Robert Gray and David Kotz and Saurab Nog and Daniela Rus and George Cybenko}, title = {{Mobile agents for mobile computing}}, institution = {Dartmouth Computer Science}, year = 1996, month = {May}, number = {PCS-TR96-285}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/gray-mobile-tr/index.html}, abstract = {Mobile agents are programs that can move through a network under their own control, migrating from host to host and interacting with other agents and resources on each. we argue that these mobile, autonomous agents have the potential to provide a convenient, efficient and robust programming paradigm for distributed applications, particularly when partially connected computers are involved. partially connected computers include mobile computers such as laptops and personal digital assistants as well as modem-connected home computers, all of which are often disconnected from the network. in this paper, we describe the design and implementation of our mobile-agent system, agent tcl, and the specific features that support mobile computers and disconnected operation. these features include network-sensing tools and a \emph{docking} system that allows an agent to transparently move between mobile computers, regardless of when the computers connect to the network.}, } @InProceedings{kotz:agents, author = {David Kotz and Robert Gray and Daniela Rus}, title = {{Transportable Agents Support Worldwide Applications}}, booktitle = {{Proceedings of the ACM SIGOPS European Workshop}}, year = 1996, month = {September}, pages = {41--48}, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/504450.504458}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-agents/index.html}, abstract = {Worldwide applications exist in an environment that is inherently distributed, dynamic, heterogeneous, insecure, unreliable, and unpredictable. In particular, the latency and bandwidth of network connections varies tremendously from place to place and time to time, particularly when considering wireless networks, mobile devices, and satellite connections. Applications in this environment must be able to adapt to different and changing conditions. We believe that transportable autonomous agents provide an excellent mechanism for the construction of such applications. We describe our prototype transportable-agent system and several applications.}, } @TechReport{kotz:app-pario, author = {David Kotz}, title = {{Applications of Parallel I/O}}, institution = {Dartmouth Computer Science}, year = 1996, month = {October}, number = {PCS-TR96-297}, copyright = {David Kotz}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-app-pario/index.html}, note = {Release 1}, abstract = {Scientific applications are increasingly being implemented on massively parallel supercomputers. Many of these applications have intense I/O demands, as well as massive computational requirements. This paper is essentially an annotated bibliography of papers and other sources of information about scientific applications using parallel I/O. It will be updated periodically.}, } @Article{kotz:flexibility, author = {David Kotz and Nils Nieuwejaar}, title = {{Flexibility and Performance of Parallel File Systems}}, journal = {ACM Operating Systems Review}, year = 1996, month = {April}, volume = 30, number = 2, pages = {63--73}, publisher = {ACM}, copyright = {the authors}, DOI = {10.1145/232302.232314}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-flexibility/index.html}, abstract = {Many scientific applications for high-performance multiprocessors have tremendous I/O requirements. As a result, the I/O system is often the limiting factor of application performance. Several new parallel file systems have been developed in recent years, each promising better performance for some class of parallel applications. As we gain experience with parallel computing, and parallel file systems in particular, it becomes increasingly clear that a single solution does not suit all applications. For example, it appears to be impossible to find a single appropriate interface, caching policy, file structure, or disk management strategy. Furthermore, the proliferation of file-system interfaces and abstractions make application portability a significant problem. \par We propose that the traditional functionality of parallel file systems be separated into two components: a fixed core that is standard on all platforms, encapsulating only primitive abstractions and interfaces, and a set of high-level libraries to provide a variety of abstractions and application-programmer interfaces (APIs). We think of this approach as the ``RISC'' of parallel file-system design. \par We present our current and next-generation file systems as examples of this structure. Their features, such as a three-dimensional file structure, strided read and write interfaces, and I/O-node programs, are specifically designed with the flexibility and performance necessary to support a wide range of applications.}, } @InProceedings{kotz:flexibility2, author = {David Kotz and Nils Nieuwejaar}, title = {{Flexibility and Performance of Parallel File Systems}}, booktitle = {{Proceedings of the International Conference of the Austrian Center for Parallel Computation (ACPC)}}, series = {Lecture Notes in Computer Science}, year = 1996, month = {September}, volume = 1127, pages = {1--11}, publisher = {Springer-Verlag}, copyright = {Springer-Verlag}, DOI = {10.1007/3-540-61695-0_1}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-flexibility2/index.html}, note = {Invited paper}, abstract = {As we gain experience with parallel file systems, it becomes increasingly clear that a single solution does not suit all applications. For example, it appears to be impossible to find a single appropriate interface, caching policy, file structure, or disk-management strategy. Furthermore, the proliferation of file-system interfaces and abstractions make applications difficult to port. \par We propose that the traditional functionality of parallel file systems be separated into two components: a fixed core that is standard on all platforms, encapsulating only primitive abstractions and interfaces, and a set of high-level libraries to provide a variety of abstractions and application-programmer interfaces (APIs). \par We present our current and next-generation file systems as examples of this structure. Their features, such as a three-dimensional file structure, strided read and write interfaces, and I/O-node programs, re specifically designed with the flexibility and performance necessary to support a wide range of applications.}, } @Article{kotz:jdapple, author = {David Kotz}, title = {{A DAta-Parallel Programming Library for Education (DAPPLE)}}, journal = {Computer Science Education}, year = 1996, volume = 6, number = 2, pages = {141--159}, publisher = {Ablex Publishing}, copyright = {Ablex Publishing}, DOI = {10.1080/0899340950060203}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-jdapple/index.html}, abstract = {In the context of our goal to bring parallel computing into the undergraduate curriculum, we needed a parallel-programming language that was accessible to students and independent of any particular hardware platform. Finding nothing appropriate, we chose to design our own language. The result, DAPPLE, is a C++ class library designed to provide the illusion of a data-parallel programming language on conventional hardware and with conventional compilers. DAPPLE defines \emph{Vector} and \emph{Matrix} classes, with most C++ operators overloaded to provide elementwise arithmetic, and supports data-parallel operations like scans, permutations, and reductions. DAPPLE also provides a parallel if-then-else statement to restrict the scope of the above operations to partial vectors or matrices. In this article we describe the DAPPLE language, the pedagogical decisions that went into its design, and our experience using DAPPLE in the classroom. DAPPLE is freely available on the Internet.}, } @Misc{kotz:lecture, author = {David Kotz}, title = {{Parallel File Systems}}, howpublished = {A multimedia lecture included in the CD-ROM ``Introductory Lectures on Data-Parallel Computing'', published by AK Peters, Ltd.}, year = 1996, month = {March}, copyright = {AK Peters, Ltd.}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-lecture/index.html}, } @InCollection{kotz:pioarch, author = {David Kotz}, title = {{Introduction to Multiprocessor I/O Architecture}}, booktitle = {{Input/Output in Parallel and Distributed Computer Systems}}, editor = {Ravi Jain and John Werth and James C. Browne}, series = {The Kluwer International Series in Engineering and Computer Science}, year = 1996, volume = 362, chapter = 4, pages = {97--123}, publisher = {Kluwer Academic Publishers}, copyright = {Kluwer Academic Publishers}, ISBN13 = {978-1-4613-1401-1}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-pioarch/index.html}, abstract = {The computational performance of multiprocessors continues to improve by leaps and bounds, fueled in part by rapid improvements in processor and interconnection technology. I/O performance thus becomes ever more critical, to avoid becoming the bottleneck of system performance. In this paper we provide an introduction to I/O architectural issues in multiprocessors, with a focus on disk subsystems. While we discuss examples from actual architectures and provide pointers to interesting research in the literature, we do not attempt to provide a comprehensive survey. We concentrate on a study of the architectural design issues, and the effects of different design alternatives.}, } @TechReport{kotz:tuning, author = {David Kotz}, title = {{Tuning STARFISH}}, institution = {Dartmouth Computer Science}, year = 1996, month = {October}, number = {PCS-TR96-296}, copyright = {David Kotz}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-tuning/index.html}, abstract = {STARFISH is a parallel file-system simulator we built for our research into the concept of disk-directed I/O. In this report, we detail steps taken to tune the file systems supported by STARFISH, which include a traditional parallel file system (with caching) and a disk-directed I/O system. In particular, we now support two-phase I/O, use smarter disk scheduling, increased the maximum number of outstanding requests that a compute processor may make to each disk, and added gather/scatter block transfer. We also present results of the experiments driving the tuning effort.}, } @InProceedings{nieuwejaar:galley-perf, author = {Nils Nieuwejaar and David Kotz}, title = {{Performance of the Galley Parallel File System}}, booktitle = {{Proceedings of the Workshop on Input/Output in Parallel and Distributed Systems (IOPADS)}}, year = 1996, month = {May}, pages = {83--94}, publisher = {ACM}, copyright = {ACM}, address = {Philadelphia}, DOI = {10.1145/236017.236038}, URL = {https://www.cs.dartmouth.edu/~kotz/research/nieuwejaar-galley-perf/index.html}, abstract = {As the I/O needs of parallel scientific applications increase, file systems for multiprocessors are being designed to provide applications with parallel access to multiple disks. Many parallel file systems present applications with a conventional Unix-like interface that allows the application to access multiple disks transparently. This interface conceals the parallelism within the file system, which increases the ease of programmability, but makes it difficult or impossible for sophisticated programmers and libraries to use knowledge about their I/O needs to exploit that parallelism. Furthermore, most current parallel file systems are optimized for a different workload than they are being asked to support. We introduce Galley, a new parallel file system that is intended to efficiently support realistic parallel workloads. Initial experiments, reported in this paper, indicate that Galley is capable of providing high-performance I/O to applications that access data in patterns that have been observed to be common.}, } @InProceedings{nieuwejaar:galley, author = {Nils Nieuwejaar and David Kotz}, title = {{The Galley Parallel File System}}, booktitle = {{Proceedings of the ACM International Conference on Supercomputing (ICS)}}, year = 1996, month = {May}, pages = {374--381}, publisher = {ACM}, copyright = {ACM}, address = {Philadelphia}, DOI = {10.1145/237578.237639}, URL = {https://www.cs.dartmouth.edu/~kotz/research/nieuwejaar-galley/index.html}, abstract = {As the I/O needs of parallel scientific applications increase, file systems for multiprocessors are being designed to provide applications with parallel access to multiple disks. Many parallel file systems present applications with a conventional Unix-like interface that allows the application to access multiple disks transparently. This interface conceals the parallelism within the file system, which increases the ease of programmability, but makes it difficult or impossible for sophisticated programmers and libraries to use knowledge about their I/O needs to exploit that parallelism. Furthermore, most current parallel file systems are optimized for a different workload than they are being asked to support. We introduce Galley, a new parallel file system that is intended to efficiently support realistic parallel workloads. We discuss Galley's file structure and application interface, as well as an application that has been implemented using that interface.}, } @TechReport{nieuwejaar:jgalley-tr, author = {Nils Nieuwejaar and David Kotz}, title = {{The Galley Parallel File System}}, institution = {Dartmouth Computer Science}, year = 1996, month = {May}, number = {PCS-TR96-286}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/nieuwejaar-jgalley-tr/index.html}, abstract = {Most current multiprocessor file systems are designed to use multiple disks in parallel, using the high aggregate bandwidth to meet the growing I/O requirements of parallel scientific applications. Many multiprocessor file systems provide applications with a conventional Unix-like interface, allowing the application to access multiple disks transparently. This interface conceals the parallelism within the file system, increasing the ease of programmability, but making it difficult or impossible for sophisticated programmers and libraries to use knowledge about their I/O needs to exploit that parallelism. In addition to providing an insufficient interface, most current multiprocessor file systems are optimized for a different workload than they are being asked to support. We introduce Galley, a new parallel file system that is intended to efficiently support realistic scientific multiprocessor workloads. We discuss Galley's file structure and application interface, as well as the performance advantages offered by that interface.}, } @InCollection{nieuwejaar:strided2-book, author = {Nils Nieuwejaar and David Kotz}, title = {{Low-level Interfaces for High-level Parallel I/O}}, booktitle = {{Input/Output in Parallel and Distributed Computer Systems}}, editor = {Ravi Jain and John Werth and James C. Browne}, series = {The Kluwer International Series in Engineering and Computer Science}, year = 1996, volume = 362, chapter = 9, pages = {205--223}, publisher = {Kluwer Academic Publishers}, copyright = {Kluwer Academic Publishers}, ISBN13 = {978-1-4613-1401-1}, URL = {https://www.cs.dartmouth.edu/~kotz/research/nieuwejaar-strided2-book/index.html}, abstract = {As the I/O needs of parallel scientific applications increase, file systems for multiprocessors are being designed to provide applications with parallel access to multiple disks. Many parallel file systems present applications with a conventional Unix-like interface that allows the application to access multiple disks transparently. By tracing all the activity of a parallel file system in a production, scientific computing environment, we show that many applications exhibit highly regular, but non-consecutive I/O access patterns. Since the conventional interface does not provide an efficient method of describing these patterns, we present three extensions to the interface that support \emph{strided}, \emph{nested-strided}, and \emph{nested-batched} I/O requests. We show how these extensions can be used to express common access patterns.}, } @Article{nieuwejaar:workload, author = {Nils Nieuwejaar and David Kotz and Apratim Purakayastha and Carla Schlatter Ellis and Michael Best}, title = {{File-Access Characteristics of Parallel Scientific Workloads}}, journal = {IEEE Transactions on Parallel and Distributed Systems}, year = 1996, month = {October}, volume = 7, number = 10, pages = {1075--1089}, publisher = {IEEE}, copyright = {IEEE}, DOI = {10.1109/71.539739}, URL = {https://www.cs.dartmouth.edu/~kotz/research/nieuwejaar-workload/index.html}, abstract = {Phenomenal improvements in the computational performance of multiprocessors have not been matched by comparable gains in I/O system performance. This imbalance has resulted in I/O becoming a significant bottleneck for many scientific applications. One key to overcoming this bottleneck is improving the performance of multiprocessor file systems. \par The design of a high-performance multiprocessor file system requires a comprehensive understanding of the expected workload. Unfortunately, until recently, no general workload studies of multiprocessor file systems have been conducted. The goal of the CHARISMA project was to remedy this problem by characterizing the behavior of several production workloads, on different machines, at the level of individual reads and writes. The first set of results from the CHARISMA project describe the workloads observed on an Intel iPSC/860 and a Thinking Machines CM-5. This paper is intended to compare and contrast these two workloads for an understanding of their essential similarities and differences, isolating common trends and platform-dependent variances. Using this comparison, we are able to gain more insight into the general principles that should guide multiprocessor file-system design.}, } @TechReport{nog:rpc-tr, author = {Saurab Nog and Sumit Chawla and David Kotz}, title = {{An RPC Mechanism for Transportable Agents}}, institution = {Dartmouth Computer Science}, year = 1996, month = {March}, number = {PCS-TR96-280}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/nog-rpc-tr/index.html}, abstract = {Transportable agents are autonomous programs that migrate from machine to machine, performing complex processing at each step to satisfy client requests. As part of their duties agents often need to communicate with other agents. We propose to use remote procedure call (RPC) along with a flexible interface definition language (IDL), to add structure to inter-agent communication. The real power of our Agent RPC comes from a client-server binding mechanism based on flexible IDL matching and from support for multiple simultaneous bindings. Our agents are programmed in Agent Tcl; we describe how the Tcl implementation made RPC particularly easy to implement. Finally, although our RPC is designed for Agent Tcl programs, the concepts would also work for standard Tcl programs.}, } @InProceedings{rus:autonomous, author = {Daniela Rus and Robert Gray and David Kotz}, title = {{Autonomous and Adaptive Agents that Gather Information}}, booktitle = {{Proceedings of the AAAI International Workshop on Intelligent Adaptive Agents}}, year = 1996, month = {August}, pages = {107--116}, publisher = {AAAI Press}, copyright = {AAAI Press}, URL = {https://www.cs.dartmouth.edu/~kotz/research/rus-autonomous/index.html}, note = {Proceedings available as AAAI Technical Report WS-96-04}, abstract = {We have designed and implemented autonomous software agents. Autonomous software agents navigate independently through a heterogeneous network of computers. They can sense the state of the network, monitor software conditions, and interact with other agents. The network-sensing tools allow our agents to adapt to the network configuration and to navigate under the control of reactive plans. In this paper we illustrate the intelligent and adaptive behavior of autonomous agents in distributed information-gathering tasks.}, } @Misc{kotz:starfish-sw, author = {David Kotz}, title = {{STARFISH parallel file-system simulator}}, howpublished = {The basis for my research on disk-directed I/O; used by at least two other research groups}, year = 1996, month = {October}, copyright = {the author}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-starfish-sw/index.html}, note = {Third release}, abstract = {STARFISH is a simulator for experimenting with concepts in parallel file systems. It is based on Eric Brewer's Proteus simulator from MIT, version 3.01, and runs only on (MIPS-based) DECstations. I have used this simulator in experiments for several research papers about disk-directed I/O.}, } @PhdThesis{nieuwejaar:thesis, author = {Nils A. Nieuwejaar}, title = {{Galley: A New Parallel File System for Parallel Applications}}, school = {Dartmouth College Computer Science}, year = 1996, month = {November}, copyright = {Nils A. Nieuwejaar}, address = {Hanover, NH}, URL = {https://www.cs.dartmouth.edu/~kotz/research/nieuwejaar-thesis/index.html}, note = {Available as Dartmouth Computer Science Technical Report PCS-TR96-300}, abstract = {Most current multiprocessor file systems are designed to use multiple disks in parallel, using the high aggregate bandwidth to meet the growing I/O requirements of parallel scientific applications. Most multiprocessor file systems provide applications with a conventional Unix-like interface, allowing the application to access those multiple disks transparently. This interface conceals the parallelism within the file system, increasing the ease of programmability, but making it difficult or impossible for sophisticated application and library programmers to use knowledge about their I/O to exploit that parallelism. In addition to providing an insufficient interface, most current multiprocessor file systems are optimized for a different workload than they are being asked to support. \par In this work we examine current multiprocessor file systems, as well as how those file systems are used by scientific applications. Contrary to the expectations of the designers of current parallel file systems, the workloads on those systems are dominated by requests to read and write small pieces of data. Furthermore, rather than being accessed sequentially and contiguously, as in uniprocessor and supercomputer workloads, files in multiprocessor file systems are accessed in regular, structured, but non-contiguous patterns. \par Based on our observations of multiprocessor workloads, we have designed Galley, a new parallel file system that is intended to efficiently support realistic scientific multiprocessor workloads. In this work, we introduce Galley and discuss its design and implementation. We describe Galley's new three-dimensional file structure and discuss how that structure can be used by parallel applications to achieve higher performance. We introduce several new data-access interfaces, which allow applications to explicitly describe the regular access patterns we found to be common in parallel file system workloads. We show how these new interfaces allow parallel applications to achieve tremendous increases in I/O performance. Finally, we discuss how Galley's new file structure and data-access interfaces can be useful in practice.}, } @TechReport{silver:thesis, author = {Scott M. Silver}, title = {{Implementation and Analysis of Software Based Fault Isolation}}, institution = {Dartmouth Computer Science}, year = 1996, month = {June}, number = {PCS-TR96-287}, copyright = {the author}, address = {Hanover, NH}, URL = {https://www.cs.dartmouth.edu/~kotz/research/silver-thesis/index.html}, note = {Available as Dartmouth Computer Science Technical Report PCS-TR96-287}, abstract = {Extensible applications rely upon user-supplied, untrusted modules to extend their functionality. To remain reliable, applications must isolate themselves from user modules. One method places each user module in a separate address space (process), which uses hardware virtual memory support to isolate the user process. Costly inter-process communication, however, prohibits frequent communication between the application and the untrusted module. We implemented and analyzed a software method for isolating an application from user modules. The technique uses a single address space. We provide a logical address space and per-module access to system resources for each module. Our software technique is a two-step process. First, we augment a module's code so that it cannot access any address outside of an assigned range. Second, we prevent the module from using system calls to access resources outside of its fault domain. \par This method for software isolation has two particular advantages over processes. First, for frequently communicating modules, we significantly reduce context switch time. Thus, we demonstrate near-optimal inter-module communication using software fault isolation. Second, our software-based techniques provide an efficient and expedient solution in situations where only one address space is available (e.g., kernel, or a single-address-space operating system).}, } @TechReport{thomas:thesis, author = {Joel T. Thomas}, title = {{The Panda Array I/O Library on the Galley Parallel File System}}, institution = {Dartmouth Computer Science}, year = 1996, month = {June}, number = {PCS-TR96-288}, copyright = {the author}, address = {Hanover, NH}, URL = {https://www.cs.dartmouth.edu/~kotz/research/thomas-thesis/index.html}, note = {Available as Dartmouth Computer Science Technical Report PCS-TR96-288}, abstract = {The Panda Array I/O library, created at the University of Illinois, Urbana-Champaign, was built especially to address the needs of high-performance scientific applications. I/O has been one of the most frustrating bottlenecks to high performance for quite some time, and the Panda project is an attempt to ameliorate this problem while still providing the user with a simple, high-level interface. The Galley File System, with its hierarchical structure of files and strided requests, is another attempt at addressing the performance problem. My project was to redesign the Panda Array library for use on the Galley file system. This project involved porting Panda's three main functions: a checkpoint function for writing a large array periodically for 'safekeeping,' a restart function that would allow a checkpointed file to be read back in, and finally a timestep function that would allow the user to write a group of large arrays several times in a sequence. Panda supports several different distributions in both the compute-node memories and I/O-node disks. \par We have found that the Galley File System provides a good environment on which to build high-performance libraries, and that the mesh of Panda and Galley was a successful combination.}, } @Article{kotz:jaddrtrace, author = {David Kotz and Preston Crow}, title = {{The Expected Lifetime of Single-Address-Space Operating Systems}}, journal = {Computing Systems}, year = 1996, month = {Summer}, volume = 9, number = 3, pages = {155--178}, publisher = {MIT Press}, copyright = {USENIX Association}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-jaddrtrace/index.html}, abstract = {Trends toward shared-memory programming paradigms, large (64-bit) address spaces, and memory-mapped files have led some to propose the use of a single virtual-address space, shared by all processes and processors. To simplify address-space management, some have claimed that a 64-bit address space is sufficiently large that there is no need to ever re-use addresses. Unfortunately, there has been no data to either support or refute these claims, or to aid in the design of appropriate address-space management policies. In this paper, we present the results of extensive kernel-level tracing of the workstations on our campus, and discuss the implications for single-address-space operating systems. We found that single-address-space systems will probably not outgrow the available address space, but only if reasonable space-allocation policies are used, and only if the system can adapt as larger address spaces become available.}, } @TechReport{ap:enwrich-tr, author = {Apratim Purakayastha and Carla Schlatter Ellis and David Kotz}, title = {{ENWRICH: A Compute-Processor Write Caching Scheme for Parallel File Systems}}, institution = {Dept. of Computer Science, Duke University}, year = 1995, month = {October}, number = {CS-1995-22}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/ap-enwrich-tr/index.html}, abstract = {Many parallel scientific applications need high-performance I/O. Unfortunately, end-to-end parallel-I/O performance has not been able to keep up with substantial improvements in parallel-I/O hardware because of poor parallel file-system software. Many radical changes, both at the interface level and the implementation level, have recently been proposed. One such proposed interface is \emph{collective I/O}, which allows parallel jobs to request transfer of large contiguous objects in a single request, thereby preserving useful semantic information that would otherwise be lost if the transfer were expressed as per-processor non-contiguous requests. Kotz has proposed \emph{disk-directed I/O} as an efficient implementation technique for collective-I/O operations, where the compute processors make a single collective data-transfer request, and the I/O processors thereafter take full control of the actual data transfer, exploiting their detailed knowledge of the disk-layout to attain substantially improved performance. \par Recent parallel file-system usage studies show that writes to write-only files are a dominant part of the workload. Therefore, optimizing writes could have a significant impact on overall performance. In this paper, we propose ENWRICH, a compute-processor write-caching scheme for write-only files in parallel file systems. ENWRICH combines low-overhead write caching at the compute processors with high performance disk-directed I/O at the I/O processors to achieve both low latency and high bandwidth. This combination facilitates the use of the powerful disk-directed I/O technique independent of any particular choice of interface. By collecting writes over many files and applications, ENWRICH lets the I/O processors optimize disk I/O over a large pool of requests. We evaluate our design via simulated implementation and show that ENWRICH achieves high performance for various configurations and workloads.}, } @InProceedings{ap:workload, author = {Apratim Purakayastha and Carla Schlatter Ellis and David Kotz and Nils Nieuwejaar and Michael Best}, title = {{Characterizing Parallel File-Access Patterns on a Large-Scale Multiprocessor}}, booktitle = {{Proceedings of the International Parallel Processing Symposium (IPPS)}}, year = 1995, month = {April}, pages = {165--172}, publisher = {IEEE}, copyright = {IEEE}, DOI = {10.1109/IPPS.1995.395928}, URL = {https://www.cs.dartmouth.edu/~kotz/research/ap-workload/index.html}, abstract = {High-performance parallel file systems are needed to satisfy tremendous I/O requirements of parallel scientific applications. The design of such high-performance parallel file systems depends on a comprehensive understanding of the expected workload, but so far there have been very few usage studies of multiprocessor file systems. This paper is part of the CHARISMA project, which intends to fill this void by measuring real file-system workloads on various production parallel machines. In particular, here we present results from the CM-5 at the National Center for Supercomputing Applications. Our results are unique because we collect information about nearly every individual I/O request from the mix of jobs running on the machine. Analysis of the traces leads to various recommendations for parallel file-system design.}, } @InProceedings{kotz:dapple, author = {David Kotz}, title = {{A DAta-Parallel Programming Library for Education (DAPPLE)}}, booktitle = {{Proceedings of the SIGCSE Technical Symposium on Computer Science Education}}, year = 1995, month = {March}, pages = {76--81}, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/199688.199730}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-dapple/index.html}, abstract = {In the context of our overall goal to bring the concepts of parallel computing into the undergraduate curriculum, we set out to find a parallel-programming language for student use. To make it accessible to students at all levels, and to be independent of any particular hardware platform, we chose to design our own language, based on a data-parallel model and on C++. The result, DAPPLE, is a C++ class library designed to provide the illusion of a data-parallel programming language on conventional hardware and with conventional compilers. DAPPLE defines \emph{Vectors} and \emph{Matrices} as basic classes, with all the usual C++ operators overloaded to provide elementwise arithmetic. In addition, DAPPLE provides typical data-parallel operations like scans, permutations, and reductions. Finally, DAPPLE provides a parallel if-then-else statement to restrict the scope of the above operations to partial vectors or matrices.}, } @TechReport{kotz:expand-tr, author = {David Kotz}, title = {{Expanding the Potential for Disk-Directed I/O}}, institution = {Dartmouth Computer Science}, year = 1995, month = {March}, number = {PCS-TR95-254}, copyright = {David Kotz}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-expand-tr/index.html}, abstract = {As parallel computers are increasingly used to run scientific applications with large data sets, and as processor speeds continue to increase, it becomes more important to provide fast, effective parallel file systems for data storage and for temporary files. In an earlier work we demonstrated that a technique we call disk-directed I/O has the potential to provide consistent high performance for large, collective, structured I/O requests. In this paper we expand on this potential by demonstrating the ability of a disk-directed I/O system to read irregular subsets of data from a file, and to filter and distribute incoming data according to data-dependent functions.}, } @InProceedings{kotz:expand, author = {David Kotz}, title = {{Expanding the Potential for Disk-Directed I/O}}, booktitle = {{Proceedings of the IEEE Symposium on Parallel and Distributed Processing (SPDP)}}, year = 1995, month = {October}, pages = {490--495}, publisher = {IEEE}, copyright = {IEEE}, address = {San Antonio, TX}, DOI = {10.1109/SPDP.1995.530723}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-expand/index.html}, abstract = {As parallel computers are increasingly used to run scientific applications with large data sets, and as processor speeds continue to increase, it becomes more important to provide fast, effective parallel file systems for data storage and for temporary files. In an earlier work we demonstrated that a technique we call disk-directed I/O has the potential to provide consistent high performance for large, collective, structured I/O requests. In this paper we expand on this potential by demonstrating the ability of a disk-directed I/O system to read irregular subsets of data from a file, and to filter and distribute incoming data according to data-dependent functions.}, } @InProceedings{kotz:explore, author = {David Kotz and Ting Cai}, title = {{Exploring the use of I/O Nodes for Computation in a MIMD Multiprocessor}}, booktitle = {{Proceedings of the IPPS Workshop on Input/Output in Parallel and Distributed Systems (IOPADS)}}, year = 1995, month = {April}, pages = {78--89}, publisher = {ACM}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-explore/index.html}, abstract = {As parallel systems move into the production scientific-computing world, the emphasis will be on cost-effective solutions that provide high throughput for a mix of applications. Cost-effective solutions demand that a system make effective use of all of its resources. Many MIMD multiprocessors today, however, distinguish between ``compute'' and ``I/O'' nodes, the latter having attached disks and being dedicated to running the file-system server. This static division of responsibilities simplifies system management but does not necessarily lead to the best performance in workloads that need a different balance of computation and I/O. \par Of course, computational processes sharing a node with a file-system service may receive less CPU time, network bandwidth, and memory bandwidth than they would on a computation-only node. In this paper we begin to examine this issue experimentally. We found that high-performance I/O does not necessarily require substantial CPU time, leaving plenty of time for application computation. There were some complex file-system requests, however, which left little CPU time available to the application. (The impact on network and memory bandwidth still needs to be determined.) For applications (or users) that cannot tolerate an occasional interruption, we recommend that they continue to use only compute nodes. For tolerant applications needing more cycles than those provided by the compute nodes, we recommend that they take full advantage of \emph{both} compute and I/O nodes for computation, and that operating systems should make this possible.}, } @TechReport{kotz:int-ddio, author = {David Kotz}, title = {{Interfaces for Disk-Directed I/O}}, institution = {Dartmouth Computer Science}, year = 1995, month = {September}, number = {PCS-TR95-270}, copyright = {David Kotz}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-int-ddio/index.html}, abstract = {In other papers I propose the idea of disk-directed I/O for multiprocessor file systems. Those papers focus on the performance advantages and capabilities of disk-directed I/O, but say little about the application-programmer's interface or about the interface between the compute processors and I/O processors. In this short note I discuss the requirements for these interfaces, and look at many existing interfaces for parallel file systems. I conclude that many of the existing interfaces could be adapted for use in a disk-directed I/O system.}, } @TechReport{kotz:lu-tr, author = {David Kotz}, title = {{Disk-directed I/O for an Out-of-core Computation}}, institution = {Dartmouth Computer Science}, year = 1995, month = {January}, number = {PCS-TR95-251}, copyright = {David Kotz}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-lu-tr/index.html}, abstract = {New file systems are critical to obtain good I/O performance on large multiprocessors. Several researchers have suggested the use of \emph{collective} file-system operations, in which all processes in an application cooperate in each I/O request. Others have suggested that the traditional low-level interface (\emph{read, write, seek}) be augmented with various higher-level requests (e.g., \emph{read matrix}), allowing the programmer to express a complex transfer in a single (perhaps collective) request. Collective, high-level requests permit techniques like \emph{two-phase I/O} and \emph{disk-directed I/O} to significantly improve performance over traditional file systems and interfaces. Neither of these techniques have been tested on anything other than simple benchmarks that read or write matrices. Many applications, however, intersperse computation and I/O to work with data sets that cannot fit in main memory. In this paper, we present the results of experiments with an ``out-of-core'' LU-decomposition program, comparing a traditional interface and file system with a system that has a high-level, collective interface and disk-directed I/O. We found that a collective interface was awkward in some places, and forced additional synchronization. Nonetheless, disk-directed I/O was able to obtain much better performance than the traditional system.}, } @InProceedings{kotz:lu, author = {David Kotz}, title = {{Disk-directed I/O for an Out-of-core Computation}}, booktitle = {{Proceedings of the IEEE International Symposium on High Performance Distributed Computing (HPDC)}}, year = 1995, month = {August}, pages = {159--166}, publisher = {IEEE}, copyright = {IEEE}, DOI = {10.1109/HPDC.1995.518706}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-lu/index.html}, abstract = {New file systems are critical to obtain good I/O performance on large multiprocessors. Several researchers have suggested the use of \emph{collective} file-system operations, in which all processes in an application cooperate in each I/O request. Others have suggested that the traditional low-level interface (\emph{read, write, seek}) be augmented with various higher-level requests (e.g., \emph{read matrix}). Collective, high-level requests permit a technique called \emph{disk-directed I/O} to significantly improve performance over traditional file systems and interfaces, at least on simple I/O benchmarks. In this paper, we present the results of experiments with an ``out-of-core'' LU-decomposition program. Although its collective interface was awkward in some places, and forced additional synchronization, disk-directed I/O was able to obtain much better overall performance than the traditional system.}, } @Article{kotz:review-brawer, author = {David Kotz}, title = {{Review of `Introduction to Parallel Programming', by Steven Brawer}}, journal = {Scientific Programming}, year = 1995, volume = 4, pages = {115--118}, publisher = {John Wiley \& Sons}, copyright = {John Wiley \& Sons}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-review-brawer/index.html}, note = {Reviewed June 1993}, } @TechReport{nieuwejaar:strided2-tr, author = {Nils Nieuwejaar and David Kotz}, title = {{Low-level Interfaces for High-level Parallel I/O}}, institution = {Dartmouth Computer Science}, year = 1995, month = {March}, number = {PCS-TR95-253}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/nieuwejaar-strided2-tr/index.html}, note = {Revised 4/18/95 and appeared in IOPADS workshop at IPPS'95}, abstract = {As the I/O needs of parallel scientific applications increase, file systems for multiprocessors are being designed to provide applications with parallel access to multiple disks. Many parallel file systems present applications with a conventional Unix-like interface that allows the application to access multiple disks transparently. By tracing all the activity of a parallel file system in a production, scientific computing environment, we show that many applications exhibit highly regular, but non-consecutive I/O access patterns. Since the conventional interface does not provide an efficient method of describing these patterns, we present three extensions to the interface that support \emph{strided}, \emph{nested-strided}, and \emph{nested-batched} I/O requests. We show how these extensions can be used to express common access patterns.}, } @InProceedings{nieuwejaar:strided2, author = {Nils Nieuwejaar and David Kotz}, title = {{Low-level Interfaces for High-level Parallel I/O}}, booktitle = {{Proceedings of the IPPS Workshop on Input/Output in Parallel and Distributed Systems (IOPADS)}}, year = 1995, month = {April}, pages = {47--62}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/nieuwejaar-strided2/index.html}, abstract = {As the I/O needs of parallel scientific applications increase, file systems for multiprocessors are being designed to provide applications with parallel access to multiple disks. Many parallel file systems present applications with a conventional Unix-like interface that allows the application to access multiple disks transparently. By tracing all the activity of a parallel file system in a production, scientific computing environment, we show that many applications exhibit highly regular, but non-consecutive I/O access patterns. Since the conventional interface does not provide an efficient method of describing these patterns, we present three extensions to the interface that support \emph{strided}, \emph{nested-strided}, and \emph{nested-batched} I/O requests. We show how these extensions can be used to express common access patterns.}, } @TechReport{nieuwejaar:workload-tr, author = {Nils Nieuwejaar and David Kotz and Apratim Purakayastha and Carla Schlatter Ellis and Michael Best}, title = {{File-Access Characteristics of Parallel Scientific Workloads}}, institution = {Dartmouth Computer Science}, year = 1995, month = {August}, number = {PCS-TR95-263}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/nieuwejaar-workload-tr/index.html}, abstract = {Phenomenal improvements in the computational performance of multiprocessors have not been matched by comparable gains in I/O system performance. This imbalance has resulted in I/O becoming a significant bottleneck for many scientific applications. One key to overcoming this bottleneck is improving the performance of parallel file systems. \par The design of a high-performance parallel file system requires a comprehensive understanding of the expected workload. Unfortunately, until recently, no general workload studies of parallel file systems have been conducted. The goal of the CHARISMA project was to remedy this problem by characterizing the behavior of several production workloads, on different machines, at the level of individual reads and writes. The first set of results from the CHARISMA project describe the workloads observed on an Intel iPSC/860 and a Thinking Machines CM-5. This paper is intended to compare and contrast these two workloads for an understanding of their essential similarities and differences, isolating common trends and platform-dependent variances. Using this comparison, we are able to gain more insight into the general principles that should guide parallel file-system design.}, } @TechReport{nog:networks, author = {Saurab Nog and David Kotz}, title = {{A Performance Comparison of TCP/IP and MPI on FDDI, Fast Ethernet, and Ethernet}}, institution = {Dartmouth Computer Science}, year = 1995, month = {November}, number = {PCS-TR95-273}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/nog-networks/index.html}, note = {Revised January 8, 1996}, abstract = {Communication is a very important factor affecting distributed applications. Getting a close handle on network performance (both bandwidth and latency) is thus crucial to understanding overall application performance. We benchmarked some of the metrics of network performance using two sets of experiments, namely roundtrip and datahose. The tests were designed to measure a combination of network latency, bandwidth, and contention. We repeated the tests for two protocols (TCP/IP and MPI) and three networks (100 Mbit FDDI (Fiber Distributed Data Interface), 100 Mbit Fast Ethernet, and 10 Mbit Ethernet). The performance results provided interesting insights into the behaviour of these networks under different load conditions and the software overheads associated with an MPI implementation (MPICH). This document presents details about the experiments, their results, and our analysis of the performance. \par Revised on 1/8/96 to emphasize our use of a particular MPI implementation, MPICH.}, } @TechReport{harker:thesis, author = {Kenneth Harker}, title = {{TIAS: A Transportable Intelligent Agent System}}, institution = {Dartmouth Computer Science}, year = 1995, month = {June}, number = {PCS-TR95-258}, copyright = {the author}, address = {Hanover, NH}, URL = {https://www.cs.dartmouth.edu/~kotz/research/harker-thesis/index.html}, note = {Available as Dartmouth Computer Science Technical Report PCS-TR95-258}, abstract = {Abstract: In recent years, there has been an explosive growth in the amount of information available to our society. In particular, the amount of information available on-line through vast networks like the global Internet has been growing at a staggering rate. This growth rate has by far exceeded the rate of growth in network speeds, as has the number of individuals and organizations seeking access to this information. There is thus a motivation to find abstract methods of manipulating this on-line data in ways that both serve the needs of end users efficiently and use network resources intelligently. In lieu of a traditional client-server model of information processing, which is both inflexible and potentially very inefficient, a Transportable Intelligent Agent system has the potential to achieve a more efficient and flexible network system. An intelligent agent is a program that models the information space for a user, and allows the user to specify how the information is to be processed. A transportable agent can suspend its execution, transport itself to a new location on a network, and resume execution at the new location. This is a particularly attractive model for both wireless and dialup networks where a user might not be able to maintain a permanent network connection, as well as for situations where the amount of information to be processed is large relative to the network bandwidth. Preliminary work in the field has shown that such agent systems are possible and deserve further study. This thesis describes a prototype transportable intelligent agent system that extends work already done in the field. Agents are written in a modified version of the Tcl programming language and transported using TCP/IP connections. Several simple examples demonstrate the properties of the system.}, } @TechReport{toh:thesis, author = {Song Bac Toh}, title = {{Simulation of a Video-on-Demand System}}, institution = {Dartmouth Computer Science}, year = 1995, month = {June}, number = {PCS-TR95-260}, copyright = {the author}, address = {Hanover, NH}, URL = {https://www.cs.dartmouth.edu/~kotz/research/toh-thesis/index.html}, note = {Available as Dartmouth Computer Science Technical Report PCS-TR95-260}, abstract = {This paper presents a simulation study of a video-on-demand system. The focus of the study is the effectiveness of different caching strategies on a video-on-demand system with two levels of cache, RAM and disks, in front of a tape library. Using an event-driven simulator, I show that caching was helpful in increasing the service capacity of the system. On-demand caching showed its advantages especially when the requests were clustered around a few popular titles (in other words, there was temporal locality).}, } @Article{reed:panel, author = {Daniel A. Reed and Charles Catlett and Alok Choudhary and David Kotz and Marc Snir}, title = {{Parallel I/O: Getting Ready for Prime Time}}, journal = {IEEE Parallel and Distributed Technology}, year = 1995, month = {Summer}, volume = 3, number = 2, pages = {64--71}, publisher = {IEEE}, copyright = {IEEE}, DOI = {10.1109/MPDT.1995.9283668}, URL = {https://www.cs.dartmouth.edu/~kotz/research/reed-panel/index.html}, note = {Edited transcript of panel discussion at the 1994 International Conference on Parallel Processing}, abstract = {During the \emph{International Conference on Parallel Processing}, held August 15-19, 1994, we convened a panel to discuss the state of the art in parallel I/O, tools and techniques to address current problems, and challenges for the future. The following is an edited transcript of that panel.}, } @Article{kotz:jworkload, author = {David Kotz and Nils Nieuwejaar}, title = {{File-System Workload on a Scientific Multiprocessor}}, journal = {IEEE Parallel and Distributed Technology}, year = 1995, month = {Spring}, volume = 3, number = 1, pages = {51--60}, publisher = {IEEE}, copyright = {IEEE}, DOI = {10.1109/88.384584}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-jworkload/index.html}, abstract = {The Charisma project records individual read and write requests in live, multiprogramming parallel workloads. This information can be used to design more efficient multiprocessor systems. We present the first results from the project: a characterization of the file-system workload on an iPSC/860 multiprocessor running production, parallel scientific applications at NASA Ames Research Center. We use the resulting information to address the following questions: What did the job mix look like (that is, how many jobs ran concurrently?) How many files were read and written? Which were temporary files? What were their sizes? What were typical read and write request sizes, and how were they spaced in the file? Were the accesses sequential? What forms of locality were there? How might caching be useful? What are the implications for file-system design?}, } @TechReport{ap:workload-tr, author = {Apratim Purakayastha and Carla Schlatter Ellis and David Kotz and Nils Nieuwejaar and Michael Best}, title = {{Characterizing Parallel File-Access Patterns on a Large-Scale Multiprocessor}}, institution = {Dept. of Computer Science, Duke University}, year = 1994, month = {October}, number = {CS-1994-33}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/ap-workload-tr/index.html}, abstract = {Rapid increases in the computational speeds of multiprocessors have not been matched by corresponding performance enhancements in the I/O subsystem. To satisfy the large and growing I/O requirements of some parallel scientific applications, we need parallel file systems that can provide high-bandwidth and high-volume data transfer between the I/O subsystem and thousands of processors. \par Design of such high-performance parallel file systems depends on a thorough grasp of the expected workload. So far there have been no comprehensive usage studies of multiprocessor file systems. Our CHARISMA project intends to fill this void. The first results from our study involve an iPSC/860 at NASA Ames. This paper presents results from a different platform, the CM-5 at the National Center for Supercomputing Applications. The CHARISMA studies are unique because we collect information about every individual read and write request and about the entire mix of applications running on the machines. \par The results of our trace analysis lead to recommendations for parallel file system design. First, the file system should support efficient concurrent access to many files, and I/O requests from many jobs under varying load condit ions. Second, it must efficiently manage large files kept open for long periods. Third, it should expect to see small requests, predominantly sequential access patterns, application-wide synchronous access, no concurrent file-sharing between jobs, appreciable byte and block sharing between processes within jobs, and strong interprocess locality. Finally, the trace data suggest that node-level write caches and collective I/O request interfaces may be useful in certain environments.}, } @InProceedings{johnson:freshmen, author = {Donald Johnson and David Kotz and Fillia Makedon}, title = {{Teaching Parallel Computing to Freshmen}}, booktitle = {{Proceedings of the Conference on Parallel Computing for Undergraduates}}, organization = {Colgate University}, editor = {Chris Nevison}, year = 1994, month = {June}, numpages = 7, publisher = {Colgate University}, copyright = {Colgate University}, URL = {https://www.cs.dartmouth.edu/~kotz/research/johnson-freshmen/index.html}, abstract = {Parallelism is the future of computing and computer science and should therefore be at the heart of the CS curriculum. Instead of continuing along the evolutionary path by introducing parallel computation ``top down'' (first in special junior-senior level courses), we are taking a radical approach and introducing parallelism at the earliest possible stages of instruction. Specifically, we are developing a completely new freshman-level course on data structures that integrates parallel computation naturally, and retains the emphasis on laboratory instruction. This will help to steer our curriculum as expeditiously as possible toward parallel computing. \par Our approach is novel in three distinct and essential ways. First, we will teach parallel computing to freshmen in a course designed from beginning to end to do so. Second, we will motivate the course with examples from scientific computation. Third, we use multimedia and visualization as instructional aids. We have two primary objectives: to begin a reform of our undergraduate curriculum with an laboratory-based freshman course on parallel computation, and to produce tools and methodologies that improve student understanding of the basic principles of parallel computing.}, } @InProceedings{kotay:agents, author = {Keith D. Kotay and David Kotz}, title = {{Transportable Agents}}, booktitle = {{Proceedings of the CIKM Workshop on Intelligent Information Agents, Third International Conference on Information and Knowledge Management}}, year = 1994, month = {December}, numpages = 15, publisher = {CIKM}, copyright = {the authors}, address = {Gaithersburg, Maryland}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotay-agents/index.html}, abstract = {As network information resources grow in size, it is often most efficient to process queries and updates at the site where the data is located. This processing can be accomplished by using a traditional client-server network interface, which constrains the client to the set of queries supported by the server, or requires the server to send all data to the client for processing. The former is inflexible; the latter is inefficient. Transportable agents, which support the movement of the client computation to the location of the remote resource, have the potential to be more flexible and more efficient. Transportable agents are capable of suspending their execution, transporting themselves to another host on a network, and resuming execution from the point at which they were suspended. Transportable agents consume fewer network resources and can support systems that do not have permanent network connections, such as mobile computers and personal digital assistants. We describe a prototype transportable-agent implementation that facilitates research in this area. Agents are written in a script language that supports agent relocation, and the language is processed at each host by an agent interpreter. Electronic mail is the current transport mechanism and we plan to explore others. We present a technical-report searching agent as a demonstration of the capabilities of our prototype implementation.}, } @InProceedings{kotz:addrtrace, author = {David Kotz and Preston Crow}, title = {{The Expected Lifetime of ``Single-Address-Space'' Operating Systems}}, booktitle = {{Proceedings of the ACM SIGMETRICS Conference on Measurement and Modeling of Computer Systems}}, year = 1994, month = {May}, pages = {161--170}, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/183019.183036}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-addrtrace/index.html}, abstract = {Trends toward shared-memory programming paradigms, large (64-bit) address spaces, and memory-mapped files have led some to propose the use of a single virtual-address space, shared by all processes and processors. Typical proposals require the single address space to contain all process-private data, shared data, and stored files. To simplify management of an address space where stale pointers make it difficult to re-use addresses, some have claimed that a 64-bit address space is sufficiently large that there is no need to ever re-use addresses. Unfortunately, there has been no data to either support or refute these claims, or to aid in the design of appropriate address-space management policies. In this paper, we present the results of extensive kernel-level tracing of the workstations in our department, and discuss the implications for single-address-space operating systems. We found that single-address-space systems will not outgrow the available address space, but only if reasonable space-allocation policies are used, and only if the system can adapt as larger address spaces become available.}, } @TechReport{kotz:dapple-tr, author = {David Kotz}, title = {{A DAta-Parallel Programming Library for Education (DAPPLE)}}, institution = {Dartmouth Computer Science}, year = 1994, month = {November}, number = {PCS-TR94-235}, copyright = {David Kotz}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-dapple-tr/index.html}, abstract = {In the context of our overall goal to bring the concepts of parallel computing into the undergraduate curriculum, we set out to find a parallel-programming language for student use. To make it accessible to students at all levels, and to be independent of any particular hardware platform, we chose to design our own language, based on a data-parallel model and on C++. The result, DAPPLE, is a C++ class library designed to provide the illusion of a data-parallel programming language on conventional hardware and with conventional compilers. DAPPLE defines \emph{Vectors} and \emph{Matrices} as basic classes, with all the usual C++ operators overloaded to provide elementwise arithmetic. In addition, DAPPLE provides typical data-parallel operations like scans, permutations, and reductions. Finally, DAPPLE provides a parallel if-then-else statement to restrict the scope of the above operations to partial vectors or matrices.}, } @TechReport{kotz:diskdir-tr, author = {David Kotz}, title = {{Disk-directed I/O for MIMD Multiprocessors}}, institution = {Dartmouth Computer Science}, year = 1994, month = {July}, number = {PCS-TR94-226}, copyright = {David Kotz}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-diskdir-tr/index.html}, note = {Revised November 8, 1994}, abstract = {Many scientific applications that run on today's multiprocessors are bottlenecked by their file I/O needs. Even if the multiprocessor is configured with sufficient I/O hardware, the file-system software often fails to provide the available bandwidth to the application. Although libraries and improved file-system interfaces can make a significant improvement, we believe that fundamental changes are needed in the file-server software. We propose a new technique, \emph{disk-directed I/O}, that flips the usual relationship between server and client to allow the disks (actually, disk servers) to determine the flow of data for maximum performance. Our simulations show that tremendous performance gains are possible. Indeed, disk-directed I/O provided consistent high performance that was largely independent of data distribution, and close to the maximum disk bandwidth.}, } @InProceedings{kotz:diskdir, author = {David Kotz}, title = {{Disk-directed I/O for MIMD Multiprocessors}}, booktitle = {{Proceedings of the Symposium on Operating Systems Design and Implementation (OSDI)}}, year = 1994, month = {November}, pages = {61--74}, publisher = {USENIX Association}, copyright = {David Kotz}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-diskdir/index.html}, note = {Updated as Dartmouth TR PCS-TR94-226 on November 8, 1994}, abstract = {Many scientific applications that run on today's multiprocessors are bottlenecked by their file I/O needs. Even if the multiprocessor is configured with sufficient I/O hardware, the file-system software often fails to provide the available bandwidth to the application. Although libraries and improved file-system interfaces can make a significant improvement, we believe that fundamental changes are needed in the file-server software. We propose a new technique, \emph{disk-directed I/O}, that flips the usual relationship between server and client to allow the disks (actually, disk servers) to determine the flow of data for maximum performance. Our simulations show that tremendous performance gains are possible. Indeed, disk-directed I/O provided consistent high performance that was largely independent of data distribution, and close to the maximum disk bandwidth.}, } @TechReport{kotz:diskmodel, author = {David Kotz and Song Bac Toh and Sriram Radhakrishnan}, title = {{A Detailed Simulation Model of the HP 97560 Disk Drive}}, institution = {Dartmouth Computer Science}, year = 1994, month = {July}, number = {PCS-TR94-220}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-diskmodel/index.html}, abstract = {We implemented a detailed model of the HP 97560 disk drive, to replicate a model devised by Ruemmler and Wilkes (both of Hewlett-Packard, HP). Our model simulates one or more disk drives attached to one or more SCSI buses, using a small discrete-event simulation module included in our implementation. The design is broken into three components: a test driver, the disk model itself, and the discrete-event simulation support. Thus, the disk model can be easily extracted and used in other simulation environments. We validated our model using traces obtained from HP, using the same ``demerit'' measure as Ruemmler and Wilkes. We obtained a demerit figure of 3.9\%, indicating that our model was extremely accurate. This paper describes our implementation, and is meant for those wishing to understand our model or to implement their own.}, } @TechReport{kotz:explore-tr, author = {David Kotz and Ting Cai}, title = {{Exploring the use of I/O Nodes for Computation in a MIMD Multiprocessor}}, institution = {Dartmouth Computer Science}, year = 1994, month = {October}, number = {PCS-TR94-232}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-explore-tr/index.html}, note = {Revised 2/20/95}, abstract = {Most MIMD multiprocessors today are configured with two distinct types of processor nodes: those that have disks attached, which are dedicated to file I/O, and those that do not have disks attached, which are used for running applications. Several architectural trends have led some to propose configuring systems so that all processors are used for application processing, even those with disks attached. We examine this idea experimentally, focusing on the impact of remote I/O requests on local computational processes. We found that in an efficient file system the I/O processors can transfer data at near peak speeds with little CPU overhead, leaving substantial CPU power for running applications. On the other hand, we found that some complex file-system features could require substantial CPU overhead. Thus, for a multiprocessor system to obtain good I/O and computational performance on a mix of applications, the file system (both operating system and libraries) must be prepared to adapt their policies to changing conditions.}, } @TechReport{kotz:workload-tr, author = {David Kotz and Nils Nieuwejaar}, title = {{Dynamic File-Access Characteristics of a Production Parallel Scientific Workload}}, institution = {Dept. of Math and Computer Science, Dartmouth College}, year = 1994, month = {April}, number = {PCS-TR94-211}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-workload-tr/index.html}, note = {Revised May 11, 1994}, abstract = {Multiprocessors have permitted astounding increases in computational performance, but many cannot meet the intense I/O requirements of some scientific applications. An important component of any solution to this I/O bottleneck is a parallel file system that can provide high-bandwidth access to tremendous amounts of data \emph{in parallel} to hundreds or thousands of processors. \par Most successful systems are based on a solid understanding of the characteristics of the expected workload, but until now there have been no comprehensive workload characterizations of multiprocessor file systems. We began the CHARISMA project in an attempt to fill that gap. We instrumented the common node library on the iPSC/860 at NASA Ames to record all file-related activity over a two-week period. Our instrumentation is different from previous efforts in that it collects information about every read and write request and about the \emph{mix} of jobs running in the machine (rather than from selected applications). \par The trace analysis in this paper leads to many recommendations for designers of multiprocessor file systems. First, the file system should support simultaneous access to many different files by many jobs. Second, it should expect to see many small requests, predominantly sequential and regular access patterns (although of a different form than in uniprocessors), little or no concurrent file-sharing between jobs, significant byte- and block-sharing between processes within jobs, and strong interprocess locality. Third, our trace-driven simulations showed that these characteristics led to great success in caching, both at the compute nodes and at the I/O nodes. Finally, we recommend supporting strided I/O requests in the file-system interface, to reduce overhead and allow more performance optimization by the file system.}, } @InProceedings{kotz:workload, author = {David Kotz and Nils Nieuwejaar}, title = {{Dynamic File-Access Characteristics of a Production Parallel Scientific Workload}}, booktitle = {{Proceedings of Supercomputing}}, year = 1994, month = {November}, pages = {640--649}, publisher = {IEEE}, copyright = {IEEE}, address = {Washington, DC}, DOI = {10.1109/SUPERC.1994.344328}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-workload/index.html}, abstract = {Multiprocessors have permitted astounding increases in computational performance, but many cannot meet the intense I/O requirements of some scientific applications. An important component of any solution to this I/O bottleneck is a parallel file system that can provide high-bandwidth access to tremendous amounts of data \emph{in parallel} to hundreds or thousands of processors. \par Most successful systems are based on a solid understanding of the characteristics of the expected workload, but until now there have been no comprehensive workload characterizations of multiprocessor file systems. We began the CHARISMA project in an attempt to fill that gap. We instrumented the common node library on the iPSC/860 at NASA Ames to record all file-related activity over a two-week period. Our instrumentation is different from previous efforts in that it collects information about every read and write request and about the \emph{mix} of jobs running in the machine (rather than from selected applications). \par The trace analysis in this paper leads to many recommendations for designers of multiprocessor file systems. First, the file system should support simultaneous access to many different files by many jobs. Second, it should expect to see many small requests, predominantly sequential and regular access patterns (although of a different form than in uniprocessors), little or no concurrent file-sharing between jobs, significant byte- and block-sharing between processes within jobs, and strong interprocess locality. Third, our trace-driven simulations showed that these characteristics led to great success in caching, both at the compute nodes and at the I/O nodes. Finally, we recommend supporting strided I/O requests in the file-system interface, to reduce overhead and allow more performance optimization by the file system.}, } @TechReport{nieuwejaar:strided, author = {Nils Nieuwejaar and David Kotz}, title = {{A Multiprocessor Extension to the Conventional File System Interface}}, institution = {Dartmouth Computer Science}, year = 1994, month = {September}, number = {PCS-TR94-230}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/nieuwejaar-strided/index.html}, abstract = {As the I/O needs of parallel scientific applications increase, file systems for multiprocessors are being designed to provide applications with parallel access to multiple disks. Many parallel file systems present applications with a conventional Unix-like interface that allows the application to access multiple disks transparently. By tracing all the activity of a parallel file system in a production, scientific computing environment, we show that many applications exhibit highly regular, but non-consecutive I/O access patterns. Since the conventional interface does not provide an efficient method of describing these patterns, we present an extension which supports \emph{strided} and \emph{nested-strided} I/O requests.}, } @Misc{kotz:dapple-sw, author = {David Kotz}, title = {{DAta-Parallel Programming Library for Education DAPPLE}}, howpublished = {a C++ class library that provides the illusion of data-parallel programming on sequential computers}, year = 1994, copyright = {the author}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-dapple-sw/index.html}, abstract = {DAPPLE is a C++ class library designed to provide the illusion of a data-parallel programming language on conventional hardware and with conventional compilers. DAPPLE defines Vectors and Matrices as basic classes, with all the C operators overloaded to provide for elementwise arithmetic. In addition, DAPPLE provides typical data-parallel operations such as scans, permutations, and reductions. Finally, DAPPLE provides a parallel if-then-else statement to restrict the context of the above operations to subsets of vectors or matrices.}, } @Misc{kotz:diskmodel-sw, author = {David Kotz}, title = {{HP 97560 disk simulation module}}, howpublished = {Used in STARFISH and several other research projects}, year = 1994, copyright = {the author}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-diskmodel-sw/index.html}, abstract = {We implemented a detailed model of the HP 97560 disk drive, to replicate a model devised by Ruemmler and Wilkes (both of Hewlett-Packard).}, } @TechReport{gochee:thesis, author = {James Gochee}, title = {{SPEDE: Simple Programming Environment for Distributed Execution}}, institution = {Dartmouth Computer Science}, year = 1994, month = {June}, number = {PCS-TR94-218}, copyright = {the author}, address = {Hanover, NH}, URL = {https://www.cs.dartmouth.edu/~kotz/research/gochee-thesis/index.html}, abstract = { One of the main goals for people who use computer systems, particularly computational scientists, is speed. In the quest for ways to make applications run faster, engineers have developed parallel computers, which use more than one CPU to solve a task. However, many institutions already posses significant computational power in networks of workstations. Through software, it is possible to glue together clusters of machines to simulate a parallel environment. SPEDE is one such system, designed to place the potential of local machines at the fingertips of the programmer. Through a simple interface, users design computational objects that can be linked and run in parallel. The goal of the project is to have a small portable environment that allows various types of computer systems to interact. SPEDE requires no altering of the kernel and does not require system privileges to use. Using SPEDE, programmers can get significant speedup for computationally intensive problems. As an example, a Mandelbrot image generator was implemented, that attained a five-fold speedup with eight processors. }, } @Article{kotz:diskdir2, author = {David Kotz}, title = {{Disk-directed I/O for MIMD Multiprocessors}}, journal = {Bulletin of the IEEE Technical Committee on Operating Systems and Application Environments}, year = 1994, month = {Autumn}, pages = {29--42}, publisher = {IEEE}, copyright = {David Kotz}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-diskdir2/index.html}, abstract = {Many scientific applications that run on today's multiprocessors are bottlenecked by their file I/O needs. Even if the multiprocessor is configured with sufficient I/O hardware, the file-system software often fails to provide the available bandwidth to the application. Although libraries and improved file-system interfaces can make a significant improvement, we believe that fundamental changes are needed in the file-server software. We propose a new technique, \emph{disk-directed I/O}, that flips the usual relationship between server and client to allow the disks (actually, disk servers) to determine the flow of data for maximum performance. Our simulations show that tremendous performance gains are possible. Indeed, disk-directed I/O provided consistent high performance that was largely independent of data distribution, and close to the maximum disk bandwidth.}, } @InProceedings{astrachan:contest, author = {Owen Astrachan and Vivek Khera and David Kotz}, title = {{The Internet Programming Contest: A Report and Philosophy}}, booktitle = {{Proceedings of the SIGCSE Technical Symposium on Computer Science Education}}, year = 1993, month = {February}, pages = {48--52}, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/169070.169105}, URL = {https://www.cs.dartmouth.edu/~kotz/research/astrachan-contest/index.html}, abstract = {Programming contests can provide a high-profile method for attracting interest in computer science. We describe our philosophy as it pertains to the purpose and merits of programming contests as well as their implementation. We believe that we have successfully combined the theoretical and practical aspects of computer science in an enjoyable contest in which many people can participate. \par The contests we describe have distinct advantages over contests such as the ACM scholastic programming contest. The primary advantage is that there is no travel required --- the whole contest is held in cyberspace. All interaction between participants and judges is via electronic mail. \par Of course all contests build on and learn from others, and ours is no exception. This paper is intended to provide a description and philosophy of programming contests that will foster discussion, that will provide a model, and that will increase interest in programming as an essential aspect of computer science.}, } @TechReport{cormen:integrate-tr, author = {Thomas H. Cormen and David Kotz}, title = {{Integrating Theory and Practice in Parallel File Systems}}, institution = {Dept. of Math and Computer Science, Dartmouth College}, year = 1993, month = {March}, number = {PCS-TR93-188}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/cormen-integrate-tr/index.html}, note = {Revised 9/20/94}, abstract = {Several algorithms for parallel disk systems have appeared in the literature recently, and they are asymptotically optimal in terms of the number of disk accesses. Scalable systems with parallel disks must be able to run these algorithms. We present a list of capabilities that must be provided by the system to support these optimal algorithms: control over declustering, querying about the configuration, independent I/O, turning off file caching and prefetching, and bypassing parity. We summarize recent theoretical and empirical work that justifies the need for these capabilities.}, } @InProceedings{cormen:integrate, author = {Thomas H. Cormen and David Kotz}, title = {{Integrating Theory and Practice in Parallel File Systems}}, booktitle = {{Proceedings of the Dartmouth Institute for Advanced Graduate Studies (DAGS)}}, organization = {Dartmouth Institute for Advanced Graduate Studies (DAGS)}, year = 1993, month = {June}, pages = {64--74}, publisher = {Dartmouth College}, copyright = {the authors}, address = {Hanover, NH}, URL = {https://www.cs.dartmouth.edu/~kotz/research/cormen-integrate/index.html}, note = {Revised as Dartmouth PCS-TR93-188 on 9/20/94}, abstract = {Several algorithms for parallel disk systems have appeared in the literature recently, and they are asymptotically optimal in terms of the number of disk accesses. Scalable systems with parallel disks must be able to run these algorithms. We present for the first time a list of capabilities that must be provided by the system to support these optimal algorithms: control over declustering, querying about the configuration, independent I/O, and turning off parity, file caching, and prefetching. We summarize recent theoretical and empirical work that justifies the need for these capabilities. In addition, we sketch an organization for a parallel file interface with low-level primitives and higher-level operations.}, } @TechReport{kotz:addrtrace-tr, author = {David Kotz and Preston Crow}, title = {{The Expected Lifetime of ``Single-Address-Space'' Operating Systems}}, institution = {Dept. of Math and Computer Science, Dartmouth College}, year = 1993, month = {October}, number = {PCS-TR93-198}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-addrtrace-tr/index.html}, note = {Revised version appeared in SIGMETRICS '94, and revised again on March 15, 1996}, abstract = {Trends toward shared-memory programming paradigms, large (64-bit) address spaces, and memory-mapped files have led some to propose the use of a single virtual-address space, shared by all processes and processors. To simplify address-space management, some have claimed that a 64-bit address space is sufficiently large that there is no need to ever re-use addresses. Unfortunately, there has been no data to either support or refute these claims, or to aid in the design of appropriate address-space management policies. In this paper, we present the results of extensive kernel-level tracing of the workstations on our campus, and discuss the implications for single-address-space operating systems. We found that single-address-space systems will probably not outgrow the available address space, but only if reasonable space-allocation policies are used, and only if the system can adapt as larger address spaces become available.}, } @InProceedings{kotz:fsint2, author = {David Kotz}, title = {{Multiprocessor File System Interfaces}}, booktitle = {{Proceedings of the International Conference on Parallel and Distributed Information Systems (PDIS)}}, year = 1993, month = {January}, pages = {194--201}, publisher = {IEEE}, copyright = {IEEE}, DOI = {10.1109/PDIS.1993.253093}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-fsint2/index.html}, abstract = {Increasingly, file systems for multiprocessors are designed with parallel access to multiple disks, to keep I/O from becoming a serious bottleneck for parallel applications. Although file system software can transparently provide high-performance access to parallel disks, a new file system interface is needed to facilitate parallel access to a file from a parallel application. We describe the difficulties faced when using the conventional (Unix-like) interface in parallel applications, and then outline ways to extend the conventional interface to provide convenient access to the file for parallel programs, while retaining the traditional interface for programs that have no need for explicitly parallel file access. Our interface includes a single naming scheme, a \emph{multiopen} operation, local and global file pointers, mapped file pointers, logical records, \emph{multifiles}, and logical coercion for backward compatibility.}, } @Article{kotz:jpractical, author = {David Kotz and Carla Schlatter Ellis}, title = {{Practical Prefetching Techniques for Multiprocessor File Systems}}, journal = {Journal of Distributed and Parallel Databases}, year = 1993, month = {January}, volume = 1, number = 1, pages = {33--51}, publisher = {Kluwer Academic Publishers}, copyright = {Kluwer Academic Publishers}, DOI = {10.1007/BF01277519}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-jpractical/index.html}, abstract = {Improvements in the processing speed of multiprocessors are outpacing improvements in the speed of disk hardware. Parallel disk I/O subsystems have been proposed as one way to close the gap between processor and disk speeds. In a previous paper we showed that prefetching and caching have the potential to deliver the performance benefits of parallel file systems to parallel applications. In this paper we describe experiments with practical prefetching policies that base decisions only on on-line reference history, and that can be implemented efficiently. We also test the ability of these policies across a range of architectural parameters.}, } @Article{kotz:jwriteback, author = {David Kotz and Carla Schlatter Ellis}, title = {{Caching and Writeback Policies in Parallel File Systems}}, journal = {Journal of Parallel and Distributed Computing}, year = 1993, month = {January}, volume = 17, number = {1--2}, pages = {140--145}, publisher = {Academic Press}, copyright = {Academic Press}, DOI = {10.1006/jpdc.1993.1012}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-jwriteback/index.html}, abstract = {Improvements in the processing speed of multiprocessors are outpacing improvements in the speed of disk hardware. Parallel disk I/O subsystems have been proposed as one way to close the gap between processor and disk speeds. Such parallel disk systems require parallel file system software to avoid performance-limiting bottlenecks. We discuss cache management techniques that can be used in a parallel file system implementation for multiprocessors with scientific workloads. We examine several writeback policies, and give results of experiments that test their performance.}, } @TechReport{kotz:throughput, author = {David Kotz}, title = {{Throughput of Existing Multiprocessor File Systems}}, institution = {Dept. of Math and Computer Science, Dartmouth College}, year = 1993, month = {May}, number = {PCS-TR93-190}, copyright = {David Kotz}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-throughput/index.html}, abstract = {Fast file systems are critical for high-performance scientific computing, since many scientific applications have tremendous I/O requirements. Many parallel supercomputers have only recently obtained fully parallel I/O architectures and file systems, which are necessary for scalable I/O performance. Scalability aside, I show here that many systems lack sufficient absolute performance. I do this by surveying the performance reported in the literature, summarized in an informal table.}, } @TechReport{kotz:fsint, author = {David Kotz}, title = {{Multiprocessor File System Interfaces}}, institution = {Dept. of Math and Computer Science, Dartmouth College}, year = 1992, month = {March}, number = {PCS-TR92-179}, copyright = {David Kotz}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-fsint/index.html}, abstract = {Increasingly, file systems for multiprocessors are designed with parallel access to multiple disks, to keep I/O from becoming a serious bottleneck for parallel applications. Although file system software can transparently provide high-performance access to parallel disks, a new file system interface is needed to facilitate parallel access to a file from a parallel application. We describe the difficulties faced when using the conventional (Unix-like) interface in parallel applications, and then outline ways to extend the conventional interface to provide convenient access to the file for parallel programs, while retaining the traditional interface for programs that have no need for explicitly parallel file access. Our interface includes a single naming scheme, a \emph{multiopen} operation, local and global file pointers, mapped file pointers, logical records, \emph{multifiles}, and logical coercion for backward compatibility.}, } @InProceedings{kotz:fsint2p, author = {David Kotz}, title = {{Multiprocessor File System Interfaces}}, booktitle = {{Proceedings of the USENIX File Systems Workshop (WOFS)}}, year = 1992, month = {May}, pages = {149--150}, publisher = {USENIX Association}, copyright = {the author}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-fsint2p/index.html}, } @TechReport{kotz:pan, author = {David Kotz and Fillia Makedon and Matt Bishop and Scot Drysdale and Donald Johnson and Takis Metaxis}, title = {{Parallel Computer Needs at Dartmouth College}}, institution = {Dartmouth Computer Science}, year = 1992, month = {January}, number = {PCS-TR92-176}, copyright = {the authors}, address = {Hanover, NH 03775}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-pan/index.html}, abstract = {To determine the need for a parallel computer on campus, a committee of the Graduate Program in Computer Science surveyed selected Dartmouth College faculty and students in December, 1991, and January, 1992. We hope that the information in this report can be used by many groups on campus, including the Computer Science graduate program and DAGS summer institute, Kiewit's NH Supercomputer Initiative, and by numerous researchers hoping to collaborate with people in other disciplines. \par We found significant interest in parallel supercomputing on campus. An on-campus parallel supercomputing facility would not only support numerous courses and research projects, but would provide a locus for intellectual activity in parallel computing, encouraging interdisciplinary collaboration. We believe that this report is a first step in that direction. }, } @InProceedings{kotz:practical, author = {David Kotz and Carla Schlatter Ellis}, title = {{Practical Prefetching Techniques for Parallel File Systems}}, booktitle = {{Proceedings of the International Conference on Parallel and Distributed Information Systems (PDIS)}}, year = 1991, month = {December}, pages = {182--189}, publisher = {IEEE}, copyright = {IEEE}, DOI = {10.1109/PDIS.1991.183101}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-practical/index.html}, abstract = {Parallel disk subsystems have been proposed as one way to close the gap between processor and disk speeds. In a previous paper we showed that prefetching and caching have the potential to deliver the performance benefits of parallel file systems to parallel applications. In this paper we describe experiments with practical prefetching policies, and show that prefetching can be implemented efficiently even for the more complex parallel file access patterns. We test these policies across a range of architectural parameters.}, } @PhdThesis{kotz:thesis, author = {David Kotz}, title = {{Prefetching and Caching Techniques in File Systems for MIMD Multiprocessors}}, school = {Duke University}, year = 1991, month = {April}, copyright = {David Kotz}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-thesis/index.html}, note = {Available as technical report CS-1991-016}, abstract = {The increasing speed of the most powerful computers, especially multiprocessors, makes it difficult to provide sufficient I/O bandwidth to keep them running at full speed for the largest problems. Trends show that the difference in the speed of disk hardware and the speed of processors is increasing, with I/O severely limiting the performance of otherwise fast machines. This widening access-time gap is known as the ``I/O bottleneck crisis.'' One solution to the crisis, suggested by many researchers, is to use many disks in parallel to increase the overall bandwidth. \par This dissertation studies some of the file system issues needed to get high performance from parallel disk systems, since parallel hardware alone cannot guarantee good performance. The target systems are large MIMD multiprocessors used for scientific applications, with large files spread over multiple disks attached in parallel. The focus is on automatic caching and prefetching techniques. We show that caching and prefetching can transparently provide the power of parallel disk hardware to both sequential and parallel applications using a conventional file system interface. We also propose a new file system interface (compatible with the conventional interface) that could make it easier to use parallel disks effectively. \par Our methodology is a mixture of implementation and simulation, using a software testbed that we built to run on a BBN GP1000 multiprocessor. The testbed simulates the disks and fully implements the caching and prefetching policies. Using a synthetic workload as input, we use the testbed in an extensive set of experiments. The results show that prefetching and caching improved the performance of parallel file systems, often dramatically.}, } @InProceedings{kotz:writeback, author = {David Kotz and Carla Schlatter Ellis}, title = {{Caching and Writeback Policies in Parallel File Systems}}, booktitle = {{Proceedings of the IEEE Symposium on Parallel and Distributed Processing (SPDP)}}, year = 1991, month = {December}, pages = {60--67}, publisher = {IEEE}, copyright = {IEEE}, DOI = {10.1109/SPDP.1991.218296}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-writeback/index.html}, abstract = {Improvements in the processing speed of multiprocessors are outpacing improvements in the speed of disk hardware. Parallel disk I/O subsystems have been proposed as one way to close the gap between processor and disk speeds. Such parallel disk systems require parallel file system software to avoid performance-limiting bottlenecks. We discuss cache management techniques that can be used in a parallel file system implementation. We examine several writeback policies, and give results of experiments that test their performance.}, } @Misc{kotz:rapid-transit-sw, author = {David Kotz}, title = {{RAPID-Transit parallel file-system simulator}}, howpublished = {The software basis for my Ph.D dissertation}, year = 1991, copyright = {David Kotz}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-rapid-transit-sw/index.html}, abstract = {RAPID-Transit was a testbed for experimenting with caching and prefetching algorithms in parallel file systems (RAPID means ``Read-Ahead for Parallel Independent Disks''), and was part of the larger NUMAtic project at Duke University. The testbed ran on Duke's 64-processor Butterfly GP1000. The model we used had a disk attached to every processor, and that each file was striped across all disks. Of course, Duke's GP1000 had only one real disk, so our testbed simulated its disks. The implementation and some of the policies were dependent on the shared-memory nature of the machine; for example, there was a single shared file cache accessible to all processors. We found several policies that were successful at prefetching in a variety of parallel file-access patterns.}, } @Article{ellis:numatic, author = {C. Ellis and M. Holliday and R. LaRowe and D. Kotz and V. Khera and S. Owen and C. Connelly}, title = {{NUMAtic Project and the DUnX OS}}, journal = {IEEE Technical Committee on Operating Systems and Application Environments (Newsletter)}, year = 1991, month = {Winter}, volume = 5, number = 4, pages = {12--14}, publisher = {IEEE}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/ellis-numatic/index.html}, } @TechReport{astrachan:contest-tr, author = {Owen Astrachan and Vivek Khera and David Kotz}, title = {{The Duke Internet Programming Contest}}, institution = {Dept. of Computer Science, Duke University}, year = 1990, month = {December}, number = {CS-1990-21}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/astrachan-contest-tr/index.html}, abstract = { On the evening of October 23, 1990 electronic mail messages started to pour into the computers at the Duke University Computer Science Department. Teams of programmers from all over the world were registering to compete in the first global (as far as the authors are aware) programming contest to be held on the Internet. During the three-hour competition, modeled after the annual ACM scholastic programming contest, 60 teams from 37 institutions in 5 countries attempted to solve a set of six programming problems using C or Pascal. Their solutions were sent by electronic mail to Duke, where their programs were judged and the results returned by electronic mail. At the conclusion of the contest, 330 program submissions had been judged and 65 clarification requests were answered.}, } @Article{kotz:prefetch, author = {David F. Kotz and Carla Schlatter Ellis}, title = {{Prefetching in File Systems for MIMD Multiprocessors}}, journal = {IEEE Transactions on Parallel and Distributed Systems}, year = 1990, month = {April}, volume = 1, number = 2, pages = {218--230}, publisher = {IEEE}, copyright = {IEEE}, DOI = {10.1109/71.80133}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-prefetch/index.html}, abstract = {The problem of providing file I/O to parallel programs has been largely neglected in the development of multiprocessor systems. There are two essential elements of any file system design intended for a highly parallel environment: parallel I/O and effective caching schemes. This paper concentrates on the second aspect of file system design and specifically, on the question of whether prefetching blocks of the file into the block cache can effectively reduce overall execution time of a parallel computation, even under favorable assumptions. \par Experiments have been conducted with an interleaved file system testbed on the Butterfly Plus multiprocessor. Results of these experiments suggest that 1) the hit ratio, the accepted measure in traditional caching studies, may not be an adequate measure of performance when the workload consists of parallel computations and parallel file access patterns, 2) caching with prefetching can significantly improve the hit ratio and the average time to perform an I/O operation, and 3) an improvement in overall execution time has been observed in most cases. In spite of these gains, prefetching sometimes results in increased execution times (a negative result, given the optimistic nature of the study). \par We explore why is it not trivial to translate savings on individual I/O requests into consistently better overall performance and identify the key problems that need to be addressed in order to improve the potential of prefetching techniques in this environment.}, } @InProceedings{ellis:prefetch, author = {Carla Schlatter Ellis and David Kotz}, title = {{Prefetching in File Systems for MIMD Multiprocessors}}, booktitle = {{Proceedings of the International Conference on Parallel Processing (ICPP)}}, year = 1989, month = {August}, volume = 1, pages = {306--314}, publisher = {Pennsylvania State University Press}, copyright = {Pennsylvania State University Press}, ISBN = {0-271-00686-2}, address = {St. Charles, IL}, URL = {https://www.cs.dartmouth.edu/~kotz/research/ellis-prefetch/index.html}, abstract = {The problem of providing file I/O to parallel programs has been largely neglected in the development of multiprocessor systems. There are two essential elements of any file system design intended for a highly parallel environment: parallel I/O and effective caching schemes. This paper concentrates on the second aspect of file system design and specifically, on the question of whether prefetching blocks of the file into the block cache can effectively reduce overall execution time of a parallel computation, even under favorable assumptions. \par Experiments have been conducted with an interleaved file system testbed on the Butterfly Plus multiprocessor. Results of these experiments suggest that 1) the hit ratio, the accepted measure in traditional caching studies, may not be an adequate measure of performance when the workload consists of parallel computations and parallel file access patterns, 2) caching with prefetching can significantly improve the hit ratio and the average time to perform an I/O operation, and 3) an improvement in overall execution time has been observed in most cases. In spite of these gains, prefetching sometimes results in increased execution times (a negative result, given the optimistic nature of the study). \par We explore why is it not trivial to translate savings on individual I/O requests into consistently better overall performance and identify the key problems that need to be addressed in order to improve the potential of prefetching techniques in this environment.}, } @InProceedings{kotz:pools, author = {David Kotz and Carla Ellis}, title = {{Evaluation of Concurrent Pools}}, booktitle = {{Proceedings of the International Conference on Distributed Computer Systems (ICDCS)}}, year = 1989, month = {June}, pages = {378--385}, publisher = {IEEE}, copyright = {IEEE}, DOI = {10.1109/ICDCS.1989.37968}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-pools/index.html}, abstract = {The assignment of resources or tasks to processors in a distributed or parallel system needs to be done in a fashion that helps to balance the load and scales to large configurations. In an architectural model that distinguishes between local and remote data access, it is important to base these allocation functions on a mechanism that preserves locality and avoids high-latency remote references. This paper explores performance considerations affecting the design of such a mechanism, the Concurrent Pools data structure. We evaluate the effectiveness of three different implementations of concurrent pools under a variety of stressful workloads. Our experiments expose several interesting effects with strong implications for practical concurrent pool algorithms.}, } @Misc{kotz:umiacs, author = {David Kotz}, title = {{High-performance File System Design for MIMD Parallel Processors}}, howpublished = {A talk presented at the DARPA Workshop on Parallel Processing at UMIACS}, year = 1989, month = {August}, copyright = {the author}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-umiacs/index.html}, note = {Audiovisual presentation}, } @TechReport{ellis:prefetchTR, author = {Carla Schlatter Ellis and David Kotz}, title = {{Prefetching in File Systems for MIMD Multiprocessors}}, institution = {Dept. of Computer Science, Duke University}, year = 1988, month = {November}, number = {CS-1988-23}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/ellis-prefetchTR/index.html}, abstract = {The problem of providing file I/O to parallel programs has been largely neglected in the development of multiprocessor systems. There are two essential elements of any file system design intended for a highly parallel environment: parallel I/O and effective caching schemes. This paper concentrates on the second aspect of file system design and specifically, on the question of whether prefetching blocks of the file into the block cache can effectively reduce overall execution time of a parallel computation. MIMD multiprocessor architectures have a profound impact on the nature of the workloads they support. In particular, it is the collective behavior of the processes in a parallel computation that often determines the performance. The assumptions about file access patterns that underlie much of the work in uniprocessor file management are called into question. Results from experiments performed on the Butterfly Plus multiprocessor are presented showing the benefits that can be derived from prefetching (e.g. significant improvements in the cache miss ratio and the average time to perform an I/O operation). We explore why it is not trivial to translate these gains into much better overall performance. }, } @TechReport{kotz:bfplus, author = {David Kotz}, title = {{The Architecture of the Butterfly Plus Parallel Processor}}, institution = {Dept. of Computer Science, Duke University}, year = 1988, month = {January}, number = {CS-1988-6}, copyright = {David Kotz}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-bfplus/index.html}, abstract = {This paper investigates the architecture of the Butterfly Plus Parallel Processor, an MIMD shared-memory machine based on the Motorola MC68020 microprocessor and a multi-stage interconnection network. The primary emphasis is on the interaction of components of the system rather than the details of its components, especially the standard Motorola components. However, particular attention is paid to the memory management issues since this is the significant difference between the Butterfly Plus and its predecessor, the Butterfly Parallel Processor.}, } @TechReport{kotz:poolsTR, author = {David Kotz and Carla Ellis}, title = {{Evaluation of Concurrent Pools}}, institution = {Dept. of Computer Science, Duke University}, year = 1987, month = {October}, number = {CS-1987-30}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-poolsTR/index.html}, abstract = {In a parallel environment, requests for allocation and deallocation of resources or assignment of tasks should be served in a fashion that helps to balance the load and minimize the total parallel runtime. It is important to perform this allocation in a manner that preserves locality and by avoiding remote references (and hence interference with other processes). Concurrent pools, as described by Manber, provide an appropriate data structure for addressing these goals. This paper eveluates the effectiveness of the pool structure under a variety of stressful workloads. It was found that the simpler algorithm than that described by Manber may actually provide better performance. }, } @TechReport{sullivan:prism, author = {Neil Sullivan and Jonathan B. Rosenberg and Mark T. Jones and David Kotz and R. James Nusbaum and James W. O'Neil and Herve Tardif}, title = {{Prism: A Distributed VLSI Design System}}, institution = {Dept. of Computer Science, Duke University}, year = 1987, month = {June}, number = {CS-1987-21}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/sullivan-prism/index.html}, abstract = {Chip and cell design take several forms. There are mask-level systems, symbolic-level systems, silicon compilers, and standard cell systems, just to name a few. Many of these forms can be used together to help create an entire design. \par This design paper describes a symbolic design system called Prism. The motivation for designing Prism arose from the desire to improve symbolic-to-mask compaction -- specifically in the VIVID system. Current compactors run as totally batch processes. Running batch, a compactor must either smash the chip hierarchy and compact the entire chip as one cell or compact individual cells, making assumptions about the environment and connections for each cell. In either case, the area of the mask suffers. Also, compactors can take an extraordinary amount of time, and one small change -- even if it would make no change in the area of the compacted mask -- requires a total recompaction. \par Experiences with using and creating VIVID indicated more reasons to build Prism. VIVID is of the best existing symbolic systems, but strides in state-of-the-art communications, user interfaces, and design automation software engineering have left it behind. Prism is a descendant of VIVID, but Prism is a new model for symbolic design.}, } @Misc{kotz:gnuplot-sw, author = {Thomas Williams and Colin Kelley and others}, title = {{gnuplot plotting software}}, howpublished = {Major contributor 1987--91}, year = 1987, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-gnuplot-sw/index.html}, abstract = {Gnuplot is a portable command-line driven graphing utility for Linux, OS/2, MS Windows, OSX, VMS, and many other platforms. It was originally created to allow scientists and students to visualize mathematical functions and data interactively. Gnuplot has been supported and under active development since 1986.}, } @Misc{kotz:wheelock, author = {David Kotz}, title = {{Eleazar Wheelock's Surveying Instruments: A Historical View}}, howpublished = {Term paper for History 12}, year = 1985, month = {October}, day = 16, copyright = {the author}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-wheelock/index.html}, }