Abstract: In one embodiment, a discrepancy detection application automatically detects and addresses unauthorized activities associated with one or more authorization keys based on a request log and a provider log. The request log specifies activities that a client initiated, where the activities are associated with the authorization keys. The provider log specifies activities that a cloud provider performed, where the activities are associated with the authorization keys. In operation, the discrepancy detection application determines that one or more unauthorized activities have occurred based on comparing the request log to the provider log. The discrepancy detection application then performs an action that addresses the unauthorized activities.

Abstract: A method of continuous multi-factor authentication may include executing wireless sensing based at least in part on execution of a continuous multi-factor authentication (CMFA) application at a computing device, collecting channel state information (CSI) data from a network device communicatively coupled to the computing device, transmitting the CSI data to a CMFA device, and receiving a trust score from the CMFA device based on the CSI data.

Abstract: The present disclosure provides a hierarchical method of identifying unauthorized network traffic in a network by applying, at one of a first plurality of nodes of a network, a first level of network traffic analysis to identify received network traffic as one of authorized or suspicious network traffic, the one of the first plurality of nodes having a first path for traffic routing and a second path to one of a second plurality of nodes of the network, the second path being used for forwarding the suspicious network traffic to the one of the second plurality of nodes; tagging the received network traffic as the suspicious network traffic; and sending the suspicious network traffic to the one of the second plurality of nodes over the second path, the second network node applying a second level of network analysis to determine if the received network traffic is authorized, unauthorized or remains suspicious.

Abstract: The present technology pertains to a system, method, and non-transitory computer-readable medium for evaluating the impact of network changes. The technology can detect a temporal event, wherein the temporal event is associated with a change in a network configuration, implementation, or utilization; define a first period prior to the temporal event and a second period posterior to the temporal event; and compare network data collected in the first period and network data collected in the second period.

Abstract: The present disclosure provides a packet tracing mechanism will be described that provides packet tracing information to a mobile network controller. In one aspect, a method includes receiving a data packet sent from a source node to a destination node; determining if the data packet is to be updated with packet tracing information; and upon determining that the data packet is to be updated, updating the packet tracing information of the data packet to include identification of the network device and an ingress timestamp of the data packet at the network device for a corresponding network controller to determining network routing policies.

Abstract: Technologies for testing resiliency of a data network with real-world accuracy without affecting the flow of production data through the network. A method according to the technologies may include receiving a production data packet and determining a preferred data route toward a destination node for the production data packet based on a first routing information base, wherein the first routing information base includes a database where routes and route metadata are stored according to a routing protocol. The method may also include, receiving a test data packet, and determining an alternate data route toward the destination node for the test data packet based on a second routing information base, wherein the second routing information base simulates an error in the preferred data route. The method may include sending the production data packet to the preferred data route and sending the test data packet to the alternate data route.

Abstract: Techniques are described for providing a method and apparatus for determining source address validation of a data packet in a network in the presence of asymmetric routing. When a data packet is received by a node such as a router, a reverse path forwarding lookup is performed to determine if the data packet was received on a next-hop interface and if the reverse path forwarding fails, a Shortest Path First (SPF) computation at the router advertising the source route will be performed using the link state database to determine whether the data packet arrived from a valid path of the network.

Abstract: Techniques for managing migrations of QUIC connection session(s) across proxy nodes, data centers, and/or private application nodes are described herein. A global key-value datastore, accessible by proxy nodes and/or application nodes, may store mappings between a first QUIC connection, associated with a proxy node and a client device, on the frontend of the proxy node and a second QUIC connection, associated with the proxy node and an application node, on the backend of the proxy node. With the global key-value datastore being accessible by the proxy nodes, when a proxy node receives a QUIC packet on the front end or the back end, the proxy node may determine where to map this connection to on the opposite end. Additionally, with the global key-value datastore being accessible to the application nodes, when an application node receives a QUIC packet, the application node may determine the client device associated with the connection.

Abstract: Systems, methods, and computer-readable media are disclosed for dynamically onboarding a UE between private 5G networks. In one aspect, a private 5G (P5G) federation system can receive a request from a user device for registration with a serving private 5G network, which is part of a P5G federation system. The P5G federation system can further determine that the user device is authenticated with a home private 5G network of the user device, which is also part of the P5G federation system. The P5G federation system can transmit, to the serving private 5G network, a security profile of the user device that is received from the home private 5G network. As follows, the P5G federation system can facilitate onboarding of the user device to the serving private 5G network with the security profile.

Abstract: In one embodiment, a device may obtain an identifier of a proof of location process (PLP) and an identifier of a node where the PLP is executed. The device may receive a query from a compliance engine for a proof of location of the node where the PLP is executed. The device may identify, based on the identifier of the PLP and the identifier of the node, a physical location of the node. The device may provide, to the compliance engine, a response to the query that is indicative of the physical location of the node, wherein the compliance engine enforces one or more data compliance policies with respect to a workload executed by the node and based on the physical location of the node.

Abstract: Aspects described herein provide for hardening an RF signature by dynamically utilizing a sending device carrier frequency offset (CFO) as part of the RF signature. The CFO and the CFO varying pattern of wireless devices observed. A radio frequency signature at a sending device is paired to a frequency offset estimation algorithm at a receiving device, the final CFO estimation error may be bounded to a small range for various applications and communication protocols, and utilized to properly identify the sending device at the receiving device.

Abstract: A monitoring device for troubleshooting events in a datacenter network identifies a first network event for a time period, and provides an initial display page, one or more additional display pages, selectable display objects, and a representation of the first network event. The device generates a dynamic troubleshooting path for the first network event to track a user navigation between display pages, a manipulation of the one or more selectable display objects, and a last-current display page, and also provides an indication of a second network event associated with higher resolution priority relative to the first network event. Retrieving the dynamic troubleshooting path causes the interface to present the last-current display page, apply the manipulation of the one or more selectable display objects, and load the user navigation between the initial dashboard display page and the one or more additional display pages in a cache.

Abstract: A system and associated methods provide a scalable solution for managing multiple multicast flows within a multicast group of a multicast network. The system groups redundant sources of the multicast group according to their associated multicast flows, assigns flow identifiers to each redundant source indicative of their associated multicast flows, and facilitates Single Forwarder election to select a Single Forwarder that belongs to the appropriate multicast flow. The system provides control plane extensions that enable signaling of which redundant source belongs to which multicast flow.

Abstract: Determining location of a Backscatter Devices (BKD) may be provided. A first quadrant of the first AP where the BKD is potentially located based on a first signal level, a second signal level, and a third signal level. A second quadrant of a second AP where the BKD is potentially located may be determined. A third quadrant of a third AP where the BKD is potentially located may be determined. A location of the BKD may be determined at an intersection of the first quadrant, the second quadrant, and the third quadrant.

Abstract: Access Point (AP) coordination and, specifically, Multi-AP Coordination (MAPC) for Non-Simultaneous Transmit and Receive (NSTR) cross-band Physical Layer Protocol Data Unit (PPDU) alignment may be provided. The coordination can include determining to communicate with a client using MAPC Multi-Link-Device (MLD) operation. A first AP operating on a first band with a first link to the client and a second AP operating on second band with a second link to the client may be determined to communicate with the client. The first AP and the second AP may be coordinated to send one or more PPDUs with synchronized end times. The first AP may be instructed to transmit to the client via the first link and the second AP may be instructed to transmit to the client via the second link according to the coordination.

Abstract: Coordinated customization of harvesting conditions to ambient power devices may be provided. receive Radio Frequency (RF) characteristics associated with a backscatter communication device may be received. Based on the RF characteristics and a Received Signal Strength Indicator (RSSI) from the backscatter communication device, it may be determined that the computing device has an ability to charge the backscatter communication device to at least meet a predetermined energy need of the backscatter communication device. Next, in response to determining that the computing device has the ability to charge the backscatter communication device, charging of the backscatter communication device to at least meet the predetermined energy need of the backscatter communication device may be scheduled.

Abstract: Secure communication with a Backscatter Device (BKD) may be provided. A temporal key may be created. The temporal key and a network Identifier (ID) may be encrypted with a public key of a public private key pair associated with the BKD. An excitation frame including the encrypted temporal key and the encrypted network ID may be transmitted to the BKD. The AMP BKD may include a sensor. A BKD frame may be received from the BKD in response to the excitation frame. The BKD frame may include a sensor data encoded with the temporal key and the network ID as a target destination. The BKD frame may be signed using a private key of the public private key pair.

Abstract: Enhancing Multi-Access Point (AP) Coordination (MAPC) null-steering may be provided. Enhancing null-steering may include sending a coordination request for MAPC. A coordination response may be received from one or more APs. A Channel State Information (CSI) request may then be sent. CSI of one or more clients associated with the one or more APs may be received. Next, one or more precoder and decoder matrices may be determined based on the CSI of the one or more clients. The one or more precoder matrices may be sent to the one or more APs, and the one or more decoder matrices may be sent to the one or more clients. A transmission may be sent to a first client using null-steering and interference alignment based on the one or more precoder matrices, wherein the transmitting is synchronized with transmissions by the one or more APs to the one or more clients.

Abstract: Backscatter Device (BKD) placement and placement calibration may be provided. A plurality of ambient energy sources of a Three-Dimensional (3D) space may be caused to transmit charging frames for Backscatter Devices (BKDs). Each of the charging frames may include a payload having a Media Access Control (MAC) address of transmitting ambient energy source. An amount of ambient energy received from the charging frames of the plurality of ambient energy sources and each contributing source may be received from survey devices placed at positions along a sub-space of the 3D space. The amount of ambient energy available from each contributing source at each positions along the sub-space per predetermined time period may be predicted based on the amount of ambient energy received from the plurality of ambient energy sources.

Abstract: Physical Layer Protocol Data Units (PPDUs) with an extension and specifically PPDUs with an extension for Ambient Power (AMP) Backscatter Device (BKD) excitation may be provided. A PPDU with an AMP BKD excitation extension can include an AMP BKD excitation extension field indicating the version and duration of the AMP BKD excitation extension. A method for providing the PPDU with the AMP BKD excitation extension includes generating the PPDU with the AMP BKD excitation extension and the AMP BKD excitation extension field and transmitting the PPDU with the AMP BKD excitation extension.