Abstract: In Wi-Fi 8, backscatter devices (BKDs) may be viewed as part of the 802.11 wireless local area network (WLAN). BKDs in a WLAN have limited transmission interactions with a Wi-Fi access point (AP). Onboarding BKDs to the WLAN is described, which allows for the AP and BKD to participate as elements of the same local network, with security controls. The onboarding of the BKD to a WLAN may occur after discovery of the BKD at an AP and includes replacing an Initial Device Identifier (IDevID) on the BKD with a Local Device Identifier (LDevID) in order to provide for secure communications between the BKD and the WLAN.

Abstract: A method of continuous multi-factor authentication may include executing wireless sensing based at least in part on execution of a continuous multi-factor authentication (CMFA) application at a computing device, collecting channel state information (CSI) data from a network device communicatively coupled to the computing device, transmitting the CSI data to a CMFA device, and receiving a trust score from the CMFA device based on the CSI data.

Abstract: The present technology pertains to a system, method, and non-transitory computer-readable medium for evaluating the impact of network changes. The technology can detect a temporal event, wherein the temporal event is associated with a change in a network configuration, implementation, or utilization; define a first period prior to the temporal event and a second period posterior to the temporal event; and compare network data collected in the first period and network data collected in the second period.

Abstract: A monitoring device for troubleshooting events in a datacenter network identifies a first network event for a time period, and provides an initial display page, one or more additional display pages, selectable display objects, and a representation of the first network event. The device generates a dynamic troubleshooting path for the first network event to track a user navigation between display pages, a manipulation of the one or more selectable display objects, and a last-current display page, and also provides an indication of a second network event associated with higher resolution priority relative to the first network event. Retrieving the dynamic troubleshooting path causes the interface to present the last-current display page, apply the manipulation of the one or more selectable display objects, and load the user navigation between the initial dashboard display page and the one or more additional display pages in a cache.

Abstract: A system and associated methods provide a scalable solution for managing multiple multicast flows within a multicast group of a multicast network. The system groups redundant sources of the multicast group according to their associated multicast flows, assigns flow identifiers to each redundant source indicative of their associated multicast flows, and facilitates Single Forwarder election to select a Single Forwarder that belongs to the appropriate multicast flow. The system provides control plane extensions that enable signaling of which redundant source belongs to which multicast flow.

Abstract: Techniques are described for providing a method and apparatus for determining source address validation of a data packet in a network in the presence of asymmetric routing. When a data packet is received by a node such as a router, a reverse path forwarding lookup is performed to determine if the data packet was received on a next-hop interface and if the reverse path forwarding fails, a Shortest Path First (SPF) computation at the router advertising the source route will be performed using the link state database to determine whether the data packet arrived from a valid path of the network.

Abstract: Technologies for testing resiliency of a data network with real-world accuracy without affecting the flow of production data through the network. A method according to the technologies may include receiving a production data packet and determining a preferred data route toward a destination node for the production data packet based on a first routing information base, wherein the first routing information base includes a database where routes and route metadata are stored according to a routing protocol. The method may also include, receiving a test data packet, and determining an alternate data route toward the destination node for the test data packet based on a second routing information base, wherein the second routing information base simulates an error in the preferred data route. The method may include sending the production data packet to the preferred data route and sending the test data packet to the alternate data route.

Abstract: In one embodiment, a device may obtain an identifier of a proof of location process (PLP) and an identifier of a node where the PLP is executed. The device may receive a query from a compliance engine for a proof of location of the node where the PLP is executed. The device may identify, based on the identifier of the PLP and the identifier of the node, a physical location of the node. The device may provide, to the compliance engine, a response to the query that is indicative of the physical location of the node, wherein the compliance engine enforces one or more data compliance policies with respect to a workload executed by the node and based on the physical location of the node.

Abstract: Systems, methods, and computer-readable media are disclosed for dynamically onboarding a UE between private 5G networks. In one aspect, a private 5G (P5G) federation system can receive a request from a user device for registration with a serving private 5G network, which is part of a P5G federation system. The P5G federation system can further determine that the user device is authenticated with a home private 5G network of the user device, which is also part of the P5G federation system. The P5G federation system can transmit, to the serving private 5G network, a security profile of the user device that is received from the home private 5G network. As follows, the P5G federation system can facilitate onboarding of the user device to the serving private 5G network with the security profile.

Abstract: Techniques for managing migrations of QUIC connection session(s) across proxy nodes, data centers, and/or private application nodes are described herein. A global key-value datastore, accessible by proxy nodes and/or application nodes, may store mappings between a first QUIC connection, associated with a proxy node and a client device, on the frontend of the proxy node and a second QUIC connection, associated with the proxy node and an application node, on the backend of the proxy node. With the global key-value datastore being accessible by the proxy nodes, when a proxy node receives a QUIC packet on the front end or the back end, the proxy node may determine where to map this connection to on the opposite end. Additionally, with the global key-value datastore being accessible to the application nodes, when an application node receives a QUIC packet, the application node may determine the client device associated with the connection.

Abstract: The present disclosure provides a packet tracing mechanism will be described that provides packet tracing information to a mobile network controller. In one aspect, a method includes receiving a data packet sent from a source node to a destination node; determining if the data packet is to be updated with packet tracing information; and upon determining that the data packet is to be updated, updating the packet tracing information of the data packet to include identification of the network device and an ingress timestamp of the data packet at the network device for a corresponding network controller to determining network routing policies.

Abstract: The present disclosure provides a hierarchical method of identifying unauthorized network traffic in a network by applying, at one of a first plurality of nodes of a network, a first level of network traffic analysis to identify received network traffic as one of authorized or suspicious network traffic, the one of the first plurality of nodes having a first path for traffic routing and a second path to one of a second plurality of nodes of the network, the second path being used for forwarding the suspicious network traffic to the one of the second plurality of nodes; tagging the received network traffic as the suspicious network traffic; and sending the suspicious network traffic to the one of the second plurality of nodes over the second path, the second network node applying a second level of network analysis to determine if the received network traffic is authorized, unauthorized or remains suspicious.

Abstract: Aspects described herein provide for hardening an RF signature by dynamically utilizing a sending device carrier frequency offset (CFO) as part of the RF signature. The CFO and the CFO varying pattern of wireless devices observed. A radio frequency signature at a sending device is paired to a frequency offset estimation algorithm at a receiving device, the final CFO estimation error may be bounded to a small range for various applications and communication protocols, and utilized to properly identify the sending device at the receiving device.

Abstract: Determining location of a Backscatter Devices (BKD) may be provided. A first quadrant of the first AP where the BKD is potentially located based on a first signal level, a second signal level, and a third signal level. A second quadrant of a second AP where the BKD is potentially located may be determined. A third quadrant of a third AP where the BKD is potentially located may be determined. A location of the BKD may be determined at an intersection of the first quadrant, the second quadrant, and the third quadrant.

Abstract: Backscatter Device (BKD) placement and placement calibration may be provided. A plurality of ambient energy sources of a Three-Dimensional (3D) space may be caused to transmit charging frames for Backscatter Devices (BKDs). Each of the charging frames may include a payload having a Media Access Control (MAC) address of transmitting ambient energy source. An amount of ambient energy received from the charging frames of the plurality of ambient energy sources and each contributing source may be received from survey devices placed at positions along a sub-space of the 3D space. The amount of ambient energy available from each contributing source at each positions along the sub-space per predetermined time period may be predicted based on the amount of ambient energy received from the plurality of ambient energy sources.

Abstract: Enhancing Multi-Access Point (AP) Coordination (MAPC) null-steering may be provided. Enhancing null-steering may include sending a coordination request for MAPC. A coordination response may be received from one or more APs. A Channel State Information (CSI) request may then be sent. CSI of one or more clients associated with the one or more APs may be received. Next, one or more precoder and decoder matrices may be determined based on the CSI of the one or more clients. The one or more precoder matrices may be sent to the one or more APs, and the one or more decoder matrices may be sent to the one or more clients. A transmission may be sent to a first client using null-steering and interference alignment based on the one or more precoder matrices, wherein the transmitting is synchronized with transmissions by the one or more APs to the one or more clients.

Abstract: Granular guard interval tuning may be provided. A delay profile for a plurality of sub-bands in a serving channel may be created. Then delay spread information from at least one calibration helper device for the plurality of sub-bands in the serving channel may be received. Next, a delay spread matrix based on the delay profile, the delay spread information, and a location of the calibration helper devices may be created. The delay spread matrix may then be used to determine optimal Guard Intervals (GIs).

Abstract: Crowdsourcing client devices as backscatter relays may be provided. A first computing device may determine that a communication is coming from a backscatter communication device. Then the communication may be repackaged into a repackaged communication. The repackaged communication may then be sent to a second computing device.

Abstract: Physical Layer Protocol Data Units (PPDUs) with an extension and specifically PPDUs with an extension for Ambient Power (AMP) Backscatter Device (BKD) excitation may be provided. A PPDU with an AMP BKD excitation extension can include an AMP BKD excitation extension field indicating the version and duration of the AMP BKD excitation extension. A method for providing the PPDU with the AMP BKD excitation extension includes generating the PPDU with the AMP BKD excitation extension and the AMP BKD excitation extension field and transmitting the PPDU with the AMP BKD excitation extension.

Abstract: Secure communication with a Backscatter Device (BKD) may be provided. A temporal key may be created. The temporal key and a network Identifier (ID) may be encrypted with a public key of a public private key pair associated with the BKD. An excitation frame including the encrypted temporal key and the encrypted network ID may be transmitted to the BKD. The AMP BKD may include a sensor. A BKD frame may be received from the BKD in response to the excitation frame. The BKD frame may include a sensor data encoded with the temporal key and the network ID as a target destination. The BKD frame may be signed using a private key of the public private key pair.