Publications written in Portuguese will be indicated by the flag .


Portnoi, M.; Shen, C. C. Location-Enhanced Authenticated Key Exchange. 2016 International Conference on Computing, Networking and Communications (ICNC 2016), February 2016.

Abstract: We introduce LOCATHE (Location-Enhanced Authenticated Key Exchange), a generic protocol that pools location, user attributes, access policy and desired services into a multi-factor authentication, allowing two peers to establish a secure, encrypted session and perform mutual authentication with pre-shared keys, passwords and other authentication factors. LOCATHE contributes to: (1) forward secrecy through ephemeral session keys; (2) security through zero-knowledge password proofs (ZKPP), such that no passwords can be learned from the exchange; (3) the ability to use not only location, but also multiple authentication factors from a user to a service; (4) providing a two-tiered privacy authentication scheme, in which a user may be authenticated either based on her attributes (hiding her unique identification), or with a full individual authentication; (5) employing the expressiveness and flexibility of Decentralized or Multi-Authority Ciphertext-Policy Attribute-Based Encryption, allowing multiple service providers to control their respective key generation and attributes.

Portnoi, M.; Shen, C. C. Loc-Auth: Location-Enabled Authentication Through Attribute-Based Encryption. 2015 International Conference on Computing, Networking and Communications (ICNC 2015), pages 89-93, February 2015.

Abstract: Traditional user authentication involves entering a username and password into a system. Strong authentication security demands, among other requirements, long, frequently hard-to-remember passwords. Two-factor authentication aids in the security, even though, as a side effect, might worsen user experience. We depict a mobile sign-on scheme that benefits from the dynamic relationship between a user’s attributes, the service the user wishes to utilize, and location (where the user is, and what services are available there) as an authentication factor. We demonstrate our scheme employing Bluetooth Low Energy beacons for location awareness and the expressiveness of Attribute-Based Encryption to capture and leverage the described relationship. Bluetooth Low Energy beacons broadcast encrypted messages with encoded access policies. Within range of the beacons, a user with appropriate attributes is able to decrypt the broadcast message and obtain parameters that allow the user to perform a short or simplified login.

Portnoi, M.; Schlachter, S.; Taufer, M. Study of the Network Impact on Earthquake Early Warning in the Quake-Catcher Network Project. 2014 International Conference on Computational Science (ICCS), v. 29, pages 453–464, 2014.

Abstract: The Quake-Catcher Network (QCN) project uses the low-cost sensors, i.e., accelerometers attached to volunteers’ computers, to detect earthquakes. The master-worker topology currently used in QCN and other similar projects suffers from major weaknesses. The centralized master can fail to collect data if the volunteers’ computers cannot connect to the network, or it can introduce significant delays in the warning if the network is congested. We propose to solve these problems by using multiple servers in a more advanced network topology than the simple master-worker configuration. We first consider several critical scenarios in which the current master-worker configuration can hinder the early warning of an earthquake, and then integrate the advanced network topology around multiple servers and emulate these critical scenarios in a simulation environment to quantify the benefits and costs of our proposed solution. By using metrics of interest that have a clear scientific meaning for the scope of the QCN project, we show how our solution can reduce the time to detect an earthquake from 1.8s to 173ms in case of network congestion and the number of lost trickle messages from 2,013 to 391 messages in case of network failure.

The code is available at (and a fork at

Portnoi, M.; Swany, M. & Zurawski, J. An information services algorithm to heuristically summarize IP addresses for a distributed, hierarchical directory service. Grid Computing (GRID), 2010 11th IEEE/ACM International Conference on, 2010, 129 -136.

Abstract: A distributed, hierarchical information service for computer networks might use several service instances, located in different layers. A distributed directory service, for example, might be comprised of upper level listings, and local directories. The upper level listings contain a compact version of the local directories. Clients desiring to access the information contained in local directories might first access the high-level listings, in order to locate the appropriate local instance. One of the keys for the competent operation of such service is the ability of properly summarizing the information which will be maintained in the upper level directories. We analyze the case of the Lookup Service in the Information Services plane of perfSONAR performance monitoring distributed architecture, which implements IP address summarization in its functions. We propose an empirical method, or heuristic, to perform the summarizations, based on the PATRICIA tree. We further apply the heuristic on a simulated distributed test bed and examine the results.

Moraes, P.; Sampaio, L.; Monteiro, J. & Portnoi, M. MonONTO: A Domain Ontology for Network Monitoring and Recommendation for Advanced Internet Applications Users. Network Operations and Management Symposium Workshops, 2008. NOMS Workshops 2008. IEEE, 2008, 116 -123.

Abstract: In order to make recommendations to users about the potential performance of advanced Internet applications - in the scope of network monitoring - it is not sufficient to just analyze the network performance metrics: it should be also considered information concerning the application type, the traffic generated, and the user profile. In the present paper, we propose a new approach for monitoring the performance of advanced Internet applications based on the use of an expert system. The expert system will infer from a domain ontology named MonONTO. This ontology amasses the main concepts and their relationships in the following sub-domains: quality of service of advanced applications, network performance measurements, and user profiles. The knowledge base, originated from MonONTO, demonstrated its use and importance in the domain described here through axioms creation and inferences performed using a specific experimental rule engine.

Portnoi, M. & Martins, J. S. B. TARVOS - an Event-Based Simulator for Performance Analysis, Supporting MPLS, RSVP-TE, and Fast Recovery. XIII Brazilian Symposium on Multimedia and the Web - Webmedia 2007, XIII Brazilian Symposium on Multimedia and the Web - Webmedia 2007, 2007, 1, 222-229.

Abstract: This paper presents a new discrete event-based network simulator named TARVOS - Computer Networks Simulator, being designed as part of the first Author's Masters research and will provide support to simulating MPLS architecture, several RSVP-TE protocol functionalities and fast recovery in case of link failure. The tool is used in a case study, where the impact of a link failure on a VoIP application, within an MPLS domain network, is analyzed. The paper displays a preliminary research of six already available simulators and reasons why they were not adopted as tools for the Masters research. Then, it follows to describe the basics of TARVOS implementation and exhibits the case study simulated by this new tool.

The code is available at

Portnoi, M. & Araujo, R. G. B. Network Simulator - visão geral da ferramenta de simulação de redes. Seminário Estudantil de Produção Acadêmica - SEPA, 2002, 6, 173-181. [slides]

Abstract: Este artigo visa descrever a ferramenta de simulação de redes de computadores denominada Network Simulator ? NS. Uma visão geral de sua filosofia será oferecida, abordando também seu funcionamento e características. Ao final, serão apresentandas todas as etapas de preparação para simulação de um modelo simples no NS.

Conference Posters

IEEE Conference on Communications and Network Security (CNS) 2013

Secure Zones and Context Inference for Safe Firearms [abstract] [poster]

Location-Aware Sign-On and Key Exchange using Attribute-Based Encryption and Bluetooth Beacons [abstract] [poster]

SuperComputing Conference 2010

ONE - Optimizing Network Environment [poster]

AToMS - Automatic Tuning of MPI Software [poster]

Periscope (Moraes, Priscilla) [poster]

Unified Network Information Services [poster]

Time-Series Analysis for Performance Monitoring and Anomaly Detection in Computer Networks [poster]

University of Delaware CIS Research Day 2010

Unified Network Information Services [abstract] [poster]

Time-Series Analysis for Performance Monitoring and Anomaly Detection in Computer Networks [abstract] [poster]

perfSONAR Workshop 2010, Arlington VA

Unified Network Information Services and IP Summarization [presentation] [poster]

Internet2 Member Meeting 2010, Arlington VA

Unified Network Information Services - UNIS [poster]Information Services Working Group

UNIS white paper (July 5, 2009)

STAMPEDE Workshop 2010

perfSONAR Overview [poster]

SuperComputing Conference 2009

ONE - Optimizing Network Environment [poster]

AToMS - Automatic Tuning of MPI Software [poster]

University of Delaware CIS Research Day 2009

Heuristic for IP Summarization in perfSONAR Performance Monitoring Architecture [abstract] [poster]

Application of Time Series Analisys for Computer Networks [abstract] [poster]

University of Delaware CIS Research Day 2008

perfSONAR IP Summarization Topic in the Lookup Service [abstract] [poster]


Study prepared for ESnet: Investigation of TCP performance over different switch buffer sizes (Oct 15, 2010)

Simulation report (pdf)

Simulations raw and processed trace files:

Master Thesis

Um Protótipo de Simulator de Redes de Computadores para Aplicações Específicas baseadas no Protocolo MPLS (pdf) (2007) - Dissertação de Mestrado em Sistemas e Computação .

The code is available at


"Várias aplicações de redes de computadores demandam requisitos de Qualidade de Serviço (Quality of Service – QoS). Aplicações de Voz sobre IP (VoIP), por exemplo, usualmente têm certa tolerância definida para atrasos e suportam baixas perdas de pacotes. Os procotolos convencionais de roteamento e encaminhamento usados nas redes, como o IP e OSPF, trabalham na filosofia de melhor esforço. Ou seja, métricas como capacidade de enlaces, características de tráfego e ainda reserva de recursos são conceitos não considerados. Apesar de serem estes protocolos robustos no tocante a recuperação de falhas na rede, como por exemplo falhas de enlace, o mecanismo de recuperação de falhas não leva em consideração o tempo de recuperação, que impacta diretamente sobre o desempenho das aplicações. O protocolo MPLS pode prover mecanismos que, em conjunto com o protocolo de sinalização RSVP-TE, possibilitam ser usados como ferramenta de Engenharia de Tráfego numa rede de computadores. Esta Engenharia de Tráfego pode compreender controle de fluxos de tráfego dentro da rede, controle de utilização de recursos, roteamento por restrição e ainda oferece uma mecânica de recuperação rápida em caso de falha. Estes fatores podem ser usados de modo a garantir níveis de QoS para diferentes aplicações. Partindo destes conceitos e de um primeiro interesse em examinar o efeito da recuperação rápida sobre o desempenho de uma aplicação usando simulação, apreciam-se alguns simuladores disponíveis. Decide-se, então, pela construção de um protótipo de simulador de redes de computadores, denominado TARVOS Computer Networks Simulator, orientado para a simulação da funcionalidade de recuperação rápida em redes MPLS com RSVP-TE. Os detalhes construtivos do TARVOS são demonstrados e seu funcionamento exposto, seguindo com um roteiro de modelagem de simulações. Além disso, como investigação e validação do protótipo confeccionado, estuda-se o efeito de falhas de enlace no desempenho de uma aplicação VoIP."

Palavras-chave: redes de computadores, simulador, recuperação de falhas, avaliação de desempenho, engenharia de tráfego, qualidade de serviço, QoS, MPLS, RSVP-TE, VoIP, recuperação rápida, simulação.

"Several applications for computer networks require certain levels of Quality of Service (QoS). Voice over IP (VoIP) applications, for instance, generally tolerate a certain amount of delay and support a low packet loss. Conventional routing and forwarding protocols, used in computer networks, such as IP and OSPF, work based on the best effort philosophy. I.e., metrics like link capacity, traffic characteristics, and moreover resource reservation are concepts not taken into consideration. Although these protocols are robust when it comes to network fault recovery, for instance link failures, the mechanism responsible for fault recovery does not take into account the recovery time, which impacts directly onto the performance of applications. The MPLS protocol, together with the signaling protocol RSVP-TE, provides functionalities that can be used as tools for Traffic Engineering in a computer network, comprising traffic flow control, resource utilization control, constraint routing, and also implementing an algorithm for fast recovery in case of failure. All these factors can be used as to guarantee QoS levels for different applications. From these concepts and from the initial interest in examining the effect of rapid recovery on an application’s performance, by using simulation, a number of available simulators are evaluated. This leads to the building of a prototype for a computer networks simulator, named TARVOS Computer Networks Simulator, oriented to simulate the fast recovery functionality in MPLS and RSVP-TE networks. TARVOS’ constructive details are demonstrated and its functionalities explained, followed by a guide to model simulations. Additionaly, in order to investigate and validate the prototype, the study of the effect of link failures on the performance of a VoIP application is presented.

Keywords: computer networks, simulator, fault recovery, performance analysis, traffic engineering, quality of service, QoS, MPLS, RSVP-TE, VoIP, fast recovery, rapid recovery , simulation

Undergraduate Dissertation, Electronics Engineering.

Estudo de Características de Fontes de Tráfego para Redes de Computadores Multi-Serviço (pdf) (2003) - Trabalho de Conclusão de Curso Engenharia Eletrônica .


"Esta monografia tem como objetivo o estudo de quatro tipos de fontes geradoras de tráfego para redes de computadores, com vistas a sua caracterização. Expõe-se modelos descritivos das fontes e, a partir de códigos disponíveis na Internet, inclui-se no escopo deste trabalho programas cujos algoritmos descrevem o processo de geração dos tráfegos."

Palavras-chave: fonte, tráfego, gerador, rede de computadores, voip, self-similar, fractal, vbr, mpeg, pareto, poisson, lan, ethernet

"This work intends to study four types of traffic sources for computer networks, aiming at the characterization of such sources. Descriptive models of the sources are presented and, based on code available in the internet, this work includes algorithms that describe the process of generating the traffic."

Keywords: source, network traffic, generator, computer network, voip, self-similar, fractal, vbr, mpeg, pareto, poisson, lan, ethernet.