Showing total 9,878 results

1. Attacks Against GSMA’s M2M Remote Provisioning (Short Paper)

Author

Ben Smyth, Elizabeth A. Quaglia, and Maxime Meyer

Subjects

Subscriber identity module, 021110 strategic, defence & security studies, Service (systems architecture), business.industry, Computer science, Short paper, 0211 other engineering and technologies, 020207 software engineering, Provisioning, 02 engineering and technology, Adversary, law.invention, law, 0202 electrical engineering, electronic engineering, information engineering, Cellular network, Architecture, business, Computer network

Abstract

GSMA is developing and standardizing specifications for embedded SIM cards with remote provisioning, called eUICCs, which are expected to revolutionize the cellular network subscription model. We study GSMA’s “Remote Provisioning Architecture for Embedded UICC” specification, which focuses on M2M devices, and we analyze the security of remote provisioning. Our analysis reveals weaknesses in the specification that would result in eUICCs being vulnerable to attacks: we demonstrate how a network adversary can exhaust an eUICC’s memory, and we identify three classes of attacks by malicious insiders that prevent service. We disclosed our findings to GSMA; GSMA confirmed the validity of these attacks and acknowledged their potential to disrupt the cellular industry. We propose fixes, which GSMA is incorporating into its specification. Thus, we improve security of next generation telecommunication networks.

Published

2018

2. An Analysis of Longitudinal TCP Passive Measurements (Short Paper)

Author

Kensuke Fukuda

Subjects

Upgrade, business.industry, Computer science, Tcp sack, Short paper, Traffic trace, Timestamp, business, Computer network

Abstract

This paper reports on the longitudinal dynamics of TCP flows at an international backbone link over the period from 2001 to 2010. The dataset was a collection of traffic traces called MAWI data consisting of daily 15min pcap traffic trace measured at a trans-pacific link between Japan and the US. The environment of the measurement link has changed in several aspects (i.e., congestion, link upgrade, application). The main findings of the paper are as follows. (1) A comparison of the AS-level delays between 2001 and 2010 shows that the mean delay decreased in 55% of ASes, but the median value increased. Moreover, largely inefficient paths disappeared. (2) The deployment of TCP SACK increased from 10% to 90% over the course of 10 years. On the other hand, the window scale and timestamp options remained under-deployed (less than 50%).

Published

2011

3. Optimal One Round Almost Perfectly Secure Message Transmission (Short Paper)

Author

Mohammed Ashraful Alam Tuhin and Reihaneh Safavi-Naini

Subjects

Secure message transmission, Theoretical computer science, business.industry, Computer science, Transmission rate, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Short paper, Modular construction, business, Protocol (object-oriented programming), Computer network

Abstract

In this paper we consider 1-round almost perfectly secure message transmission protocols with optimal transmission rate, and give constructions for two levels of connectivity, n=2t+k and $n = (2+c)t, c > \frac{1}{t}$ . Here n and t are the total number of wires and the number of corrupted wires, respectively, and k and c are constants. The first protocol has a modular construction that with appropriate instantiations of each module results in optimal protocols for n=2t+k. The second protocol is the first construction for optimal protocol when n=(2+c)t.

Published

2012

4. An Enhanced N-Way Exchange-Based Incentive Scheme for P2P File Sharing (Short Paper)

Author

Ziyao Xu, Chunyang Yuan, Yeping He, and Lingli Deng

Subjects

Scheme (programming language), Matching (statistics), business.industry, Computer science, Computation, Distributed computing, Short paper, Peer-to-peer, computer.software_genre, Incentive, File sharing, business, computer, computer.programming_language, Computer network

Abstract

Cooperation between participants is essential to P2P applications' viability. Due to obscure possibility to match peers' needs and supplies in pairs, the widely used pair-wise exchange-based incentive schemes perform poorly. The N-way exchange-based incentive scheme enlarges the matching possibility by introducing n person exchanges. But some old problems remain and some new ones emerge with the N-way design. In this paper we present an enhanced n-way exchange-based incentive scheme for P2P file sharing systems. By distributing extra tasks to all the peers involved in an n-way exchange, the proposed scheme eliminates prohibitive computation and communication cost on the cooperators, resulting in greater efficiency, effectiveness, and security.

Published

2006

5. Monitoring of Tunneled IPv6 Traffic Using Packet Decapsulation and IPFIX (Short Paper)

Author

Matěj Grégr, Pavel Čeleda, and Martin Elich

Subjects

ISATAP, computer.internet_protocol, business.industry, Computer science, Network packet, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, 020206 networking & telecommunications, 02 engineering and technology, Network monitoring, Security policy, IPv4, IPv6, FlowMon, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, 6to4, business, computer, Computer network

Abstract

IPv6 is being deployed but many Internet Service Providers have not implemented its support yet. Most of the end users have IPv6 ready computers but their network doesn’t support native IPv6 connection so they are forced to use transition mechanisms to transport IPv6 packets through IPv4 network. We do not know, what kind of traffic is inside of these tunnels, which services are used and if the traffic does not bypass security policy. This paper proposes an approach, how to monitor IPv6 tunnels even on high-speed networks. The proposed approach allows to monitor traffic on 10, Gbps links, because it supports hardware-accelerated packet distribution on multi-core processors. A system based on the proposed approach is deployed at the CESNET2 network, which is the largest academic network in the Czech Republic. This paper also presents several statistics about tunneled traffic on the CESNET2 backbone links.

Published

2011

6. Timing Attacks on PIN Input in VoIP Networks (Short Paper)

Author

Simone Fischer-Hübner and Ge Zhang

Subjects

Authentication, Timing attack, Voice over IP, Brute-force attack, Packet loss, business.industry, Computer science, Network packet, Key (cryptography), business, Encryption, Computer network

Abstract

To access automated voice services, Voice over IP (VoIP) users sometimes are required to provide their Personal Identification Numbers (PIN) for authentication. Therefore when they enter PINs, their user-agents generate packets for each key pressed and send them immediately over the networks. This paper shows that a malicious intermediary can recover the inter-keystroke time delay for each PIN input even if the standard encryption mechanism has been applied. The inter-keystroke delay can leak information of what has been typed: Our experiments show that the average search space of a brute force attack on PIN can be reduced by around 80%.

Published

2011

7. Cooperative Spectrum Sensing in Ad-Hoc Networks (Invited Paper)

Author

Vladimir Atanasovski and Liljana Gavrilovska

Subjects

business.industry, Wireless ad hoc network, Computer science, Testbed, Feature (machine learning), Context (language use), Network performance, business, Spectrum (topology), Computer network

Abstract

Spectrum sensing is a distinct feature of cognitive ad-hoc nodes that have the ability to opportunistically use vacant spectrum bands for its own communication purposes. Possible cooperation among the nodes may prove vital for increasing network performance. It yields the cognitive ad-hoc nodes to exchange relevant environmental and context information in order to enhance its own networking experience. This paper overviews the approaches, techniques and strategies for cooperative spectrum sensing and gives a practical example of a realized testbed implementation in an ad-hoc environment.

Published

2010

8. Evaluation of a QoS-Aware Protocol with Adaptive Feedback Scheme for Mobile Ad Hoc Networks (Short Paper)

Author

Wilder E. Castellanos, Pau Arce, Patricia Acelas, and Juan Carlos Guerri

Subjects

Vehicular ad hoc network, Optimized Link State Routing Protocol, Adaptive quality of service multi-hop routing, Wireless ad hoc network, business.industry, Computer science, Ad hoc On-Demand Distance Vector Routing, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Wireless Routing Protocol, Mobile ad hoc network, Ad hoc wireless distribution service, business, Computer network

Abstract

Due to bandwidth constraint and highly dynamic topology in ad hoc network systems, one of the major challenges is the deployment of end-to-end quality-of service support mechanisms. Time-sensitive communications like video applications may be seriously disrupted if these QoS support mechanisms don’t exist. In this paper we propose a QoS routing protocol based on AODV (AQA-AODV), which creates routes according to application QoS requirements. We have introduced link and path available bandwidth estimation mechanisms and an adaptive scheme that can provide feedback to the source node about the current network state, to allow the application to appropriately adjust the transmission rate. The simulation results reveal the performance improvements in terms of packet loss and delay while the end-to-end throughput is not affected compared with the throughput achieved by other protocols like AODV.

Published

2009

9. A Secure Round-Based Timestamping Scheme with Absolute Timestamps (Short Paper)

Author

Duc-Phong Le, Alexis Bonnecaze, and Alban Gabillon

Subjects

Scheme (programming language), Authentication, business.industry, Computer science, Real-time computing, Timestamping, Merkle tree, Certificate, Security token, Timestamp, Trusted timestamping, business, computer, computer.programming_language, Computer network

Abstract

The aim of timestamping systems is to provide a proof-of-existence of a digital document at a given time. Such systems are important to ensure integrity and non-repudiation of digital data over time. Most of the existing timestamping schemes use the notions of round (a period of time) and round token (a single value aggregating the timestamping requests received during one round). Such schemes have the following drawbacks: (i) Clients who have submitted a timestamping request must wait for the end of the round before receiving their timestamping certificate (ii) TimeStamping Authorities (TSA) based on such schemes are discrete-time systems and provide relative temporal authentication only, i.e. all the documents submitted during the same round are timestamped with the same date and time. (iii) the TSA can tamper timestamps before the round token is published in a widely distributed media. In this paper, we define a new timestamping scheme which overcomes these drawbacks.

Published

2008

10. Best Paper: Stabilizing Clock Synchronization for Wireless Sensor Networks

Author

Ted Herman and Chen Zhang

Subjects

Wireless network, Computer science, business.industry, Vector clock, Wireless ad hoc network, Node (networking), ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Clock synchronization, Synchronization, Computer Science::Hardware Architecture, Key distribution in wireless sensor networks, Computer Science::Networking and Internet Architecture, Self-clocking signal, business, Wireless sensor network, Computer network

Abstract

One of the simplest protocols for clock synchronization in wireless ad hoc and sensor networks is the converge-to-max protocol, which has the simple logic of adjusting each node's clock to be at least as large as any neighbor's. This paper examines the converge-to-max protocol, showing it to be stabilizing even when node clocks have skew, bounded domains, and dynamic communication links.

Published

2006

11. Hardware-and-Software-Based Security Architecture for Broadband Router (Short Paper)

Author

Yang Jian-zu, Lan Julong, Li Yufeng, and Gu Xiaozhuo

Subjects

Router, business.industry, computer.internet_protocol, Computer science, Fast path, Enterprise information security architecture, Encryption, Core router, IPsec, Embedded system, One-armed router, business, Software architecture, computer, Computer network

Abstract

Implementing IP security in broadband router without sacrificing the performance is main work we focused on. To meet the need of protecting wire speed forwarding data passing through fast path of the router, security module implemented with encryption chip was adopted; to protect non real time data passing through slow path of the router, the scheme of implementing IP security inside kernel of Master control module with software was introduced. Security architecture and several testing architectures were finely designed and depicted in the paper. Testing of security architecture was undergone in SR1880s router, which was developed by National Digital Switching System Engineering & Technological R&D Center of China (NDSC). Testing results show that the two schemes work well together.

Published

2006

12. Tracing HTTP Activity Through Non-cooperating HTTP Proxies (Short Paper)

Author

R. Edell, Uri Meth, and Peter Kruus

Subjects

Web server, business.industry, computer.internet_protocol, Transmission Control Protocol, Transaction processing, Computer science, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Tracing, computer.software_genre, Computer security, law.invention, SOCKS, law, Lightweight Directory Access Protocol, Server, Internet Protocol, business, computer, Computer network

Abstract

Tracing nefarious HTTP activity to its source is sometimes extremely difficult when HTTP (and/or SOCKS) proxies are used for origin obfuscation. This paper describes a technique for tracing HTTP traffic through one or more non-cooperating HTTP (and/or SOCKS) proxies. The technique uses only passive observations of TCP/IP headers. Furthermore, the technique need only observe a single direction of the underlying TCP flows, i.e. the technique is asymmetric-route-robust. The technique represents a set of HTTP transactions as an activity profile. These profiles may be either distilled from passive network observations, or logged by a cooperating web server. Using statistical correlation techniques, we can trace both end-to-end SSL-encrypted HTTP, and unencrypted HTTP despite the source obfuscation methods employed by many contemporary proxies. The technique may be used to narrow the search space before applying other more resource intensive traceback techniques.

Published

2006

13. Manycast Service in Optical Burst/Packet Switched (OBS/OPS) Networks (Invited Paper)

Author

Balagangadhar G. Bathula and Vinod M. Vokkarane

Subjects

Transmission delay, Multicast, business.industry, Computer science, Quality of service, Distributed computing, Propagation delay, computer.software_genre, Scheduling (computing), Grid computing, Burst switching, Switched communication network, business, computer, Computer network

Abstract

Recently there is an emergence of many Internet applications such as distributed interactive simulations (DIS), and high-performance scientific computations such Grid computing. These applications require huge amount of bandwidth and a viable communication paradigm to coordinate with multiple sources and destinations. In this work we propose variation of multicasting called quorumcasting or manycasting. In manycasting destinations are to be determined rather than given unlike in the case of multicasting. We first present a need to support manycasting over OBS networks. Quality of Service (QoS) policies implemented in IP does apply does not apply for optical burst switched (OBS) networks, as the optical counterpart for store-and forward model does not exist. Hence there is a need to support QoS for manycasting over OBS networks. In this work we focus on QoS parameters such as contention, optical signal quality, reliability, and propagation delay. Burst loss in OBS network can occur due to contention or bit-error rate (BER). We propose algorithms to decrease the overall burst loss. We show that IP based manycasting has poor performance compared to our proposed algorithms. Our simulation results are verified with the help of analytical model. This work is further extended as to multi-constrained manycast problem (MCMP). In this problem, we address the burst scheduling for multiple QoS constraints. We propose algorithms to minimize burst loss based on given service requirements. The goal of this work is to develop service-oriented optical networks (SOON) for many emerging Internet applications.

Published

2009

14. TCP-Peach++: Enhancement of TCP-Peach+ for Satellite IP Networks with Asymmetrical Bandwidth and Persistent Fades—(Invited Paper)

Author

Jian Fang and Ozgur B. Akan

Subjects

Transmission Control Protocol, Computer science, business.industry, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Congestion window, Throughput, Data_CODINGANDINFORMATIONTHEORY, law.invention, Computer Science::Performance, Network congestion, Sack, law, Physics::Space Physics, Internet Protocol, Computer Science::Networking and Internet Architecture, Bit error rate, Bandwidth (computing), business, Protocol (object-oriented programming), Computer Science::Information Theory, Computer network

Abstract

In this paper, an improvement to TCP-Peach+, called TCP-Peach++, is proposed to improve the throughput performance for satellite IP networks with asymmetrical bandwidth and persistent fades. The delayed SACK scheme is adopted to address the problems due to bandwidth asymmetrical satellite links. A new protocol procedure, Hold State, is developed to address the link outages due to persistent fades. The simulation results show that TCP-Peach++ improves the throughput performance during rain fades and addresses the bandwidth asymmetry problems in Satellite IP Networks.

Published

2005

15. IP Traffic Load Distribution in NGEO Broadband Satellite Networks – (Invited Paper)

Author

Yoshiaki Nemoto, Tarik Taleb, Nei Kato, and Abbas Jamalipour

Subjects

Routing protocol, Broadband networks, business.industry, Computer science, Network packet, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Satellite constellation, Internet traffic, Load balancing (computing), law.invention, law, Traffic engineering, Asynchronous Transfer Mode, Broadband, Internet Protocol, Satellite, business, Computer network

Abstract

Given the fact that more than half of the world lacks a wired network infrastructure, satellite networks are seen as an important alternative to achieve global coverage. Since most of the world population lives around the equator or in middle-latitude regions, satellite constellations have to deal with different communication requirements from different regions. The traffic requirements become further unbalanced as the population density varies among urban and rural areas. This results in the congestion of some satellites while others remain underused. The issue of traffic engineering over satellite networks can be resolved by distributing the traffic in a balanced way over underutilized links. This paper proposes an Explicit Load Balancing (ELB) routing protocol which is based on information of traffic load at the next hop on the remainder of the path to the destination. A satellite with high traffic load sends signals to its neighboring satellites requesting them to decrease their sending rates before it gets congested and packets are ultimately dropped. Neighboring satellites should accordingly respond and search for other alternate paths that do not include the satellite in question. The performance of the proposed scheme is evaluated through simulations. From the simulation results, the proposed scheme achieves a more balanced distribution of traffic load, and reduces the number of packet drops and queuing delays. The resulting satellite constellation is a better-utilized and traffic-balanced network.

Published

2005

16. QoS-Predictions Service: Infrastructural Support for Proactive QoS- and Context-Aware Mobile Services (Position Paper)

Author

Aart van Halteren, Dimitri Konstantas, and Katarzyna Wac

Subjects

Service (business), Service quality, business.industry, Computer science, Wireless network, Service delivery framework, Quality of service, Mobile broadband, Mobile computing, Mobile QoS, Service provider, Computer security, computer.software_genre, Context awareness, The Internet, business, computer, Mobile network operator, Mobile service, Computer network

Abstract

Today's mobile data applications aspire to deliver services to a user anywhere – anytime while fulfilling his Quality of Service (QoS) requirements However, the success of the service delivery heavily relies on the QoS offered by the underlying networks As the services operate in a heterogeneous networking environment, we argue that the generic information about the networks' offered-QoS may enable an anyhow mobile service delivery based on an intelligent (proactive) selection of ‘any' network available in the user's context (location and time). Towards this direction, we develop a QoS-predictions service provider, which includes functionality for the acquisition of generic offered-QoS information and which, via a multidimensional processing and history-based reasoning, will provide predictions of the expected offered-QoS in a reliable and timely manner. We acquire the generic QoS-information from distributed mobile services' components quantitatively (actively and passively) measuring the applicationlevel QoS, while the reasoning is based on statistical data mining and pattern recognition techniques.

Published

2006

17. Experiments in Adaptable and Secure Multimedia Database Systems (Invited Paper)

Author

Shunge Li and Bharat Bhargava

Subjects

Adaptive quality of service multi-hop routing, business.industry, Computer science, Quality of service, Multimedia database, Digital video, Video processing, computer.software_genre, Video quality, Uncompressed video, Videoconferencing, Video tracking, Ciphertext, business, computer, Computer network, Data compression

Abstract

In the lack of system and network support for guaranteed services, application-level QoS control mechanisms become indispensible. This paper presents several adaptive QoS control techniques for video conferencing under run-time resource constraints. Due to the importance of multimedia security to QoS, this paper also presents a fast MPEG video encryption alrogithm that bounds computation time for any video frame size and is robust to both plaintext and ciphertext attack. Our implementation shows that the algorithm adds only small overhead to video compression process, therefore minimizing its QoS impact on video streams while offering security to digital video applications.

Published

1999

18. Dynamics and Convergence of Resource Prices in Market-Oriented Overlay Networks

Author

Yutaka Okaie and Tadashi Nakano

Subjects

Resource (project management), Computer science, business.industry, Dynamics (music), Market oriented, Distributed computing, Convergence (routing), Short paper, Overlay network, The Internet, business, Common currency, Computer network

Abstract

Overlay networks use computational powers available at the edges of the Internet to provide large-scale computing and networking environments. In this paper, we consider market-oriented overlay networks in which peers trade resources and services through a common currency. From the perspective of market economics, the dynamics and convergence of resource prices in such networks is investigated by simulation and mathematical modeling, and the results are briefly reported in this short paper.

Published

2012

19. Throughput Potential of Overlay Cognitive Wireless Mesh Networks

Author

Jonathan Backens and Min Song

Subjects

Wireless mesh network, Computer science, business.industry, Node (networking), ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Order One Network Protocol, Throughput, Shared mesh, Cognitive radio, Computer Science::Networking and Internet Architecture, Dirty paper coding, Switched mesh, business, Computer network

Abstract

In this paper we consider a cognitive radio overlay model applied to single channel, single radio wireless mesh network and investigate the performance and fairness. Specifically we challenge the nominal mesh capacity of $O(\frac{1}{n})$ and provide proof that under certain constraints total mesh capacity can approach $O(\frac{1}{2})$ with an average per node throughput of $O(\frac{1}{n_a})$ where n a is the number of data generating active nodes. We provide an analysis of overlay communication using dirty paper coding on the sequential transmissions in wireless mesh networks.

Published

2009

20. Interfacing Living Cells via Molecular Communication

Author

Shouhei Kobayashi, Tokuko Haraguchi, and Tadashi Nakano

Subjects

Transmission (telecommunications), Molecular communication, business.industry, Interfacing, Computer science, Event (computing), Short paper, business, Computer network

Abstract

Molecular communication provides a direct method for interfacing living cells via transmission of chemical signals. Here we report our recent result of developing a novel molecular communication method based on the cellular event called autophagy. The method currently under investigation uses micrometer-sized objects coated with bio-reactive molecules as information carrying molecules, which are selectively incorporated into and decoded within biological cells. This short paper briefly describes the method, experimental results, and theoretical model for the molecular communication method based on autophagy.

Published

2012

21. Never Trust a Bunny

Author

Bernstein, D.J., Lange, T., Hoepman, J.H., Verbauwhede, I., Discrete Mathematics, and Coding Theory and Cryptology

Subjects

Authentication, Computer science, business.industry, Rfid authentication, Computational problem, Computer security, computer.software_genre, business, computer, Protocol (object-oriented programming), Computer network

Abstract

"Lapin" is a new RFID authentication protocol proposed at FSE 2012. "Ring-LPN" (Ring-Learning-Parity-with-Noise) is a new computational problem proposed in the same paper; there is a proof relating the security of Lapin to the difficulty of Ring-LPN. This paper presents an attack against Ring-LPN-512 and Lapin-512. The attack is not practical but nevertheless violates specific security claims in the FSE 2012 paper.

Published

2013

22. Cross-Layer Deanonymization Methods in the Lightning Protocol

Author

Peter Sebastian Nordholt, Bernhard Haslhofer, Pedro Moreno-Sanchez, Matteo Romiti, Matteo Maffei, and Friedhelm Victor

Subjects

Lightning (connector), Computer science, Heuristic, business.industry, 03 medical and health sciences, 0302 clinical medicine, 030220 oncology & carcinogenesis, Cross layer, Layer (object-oriented design), Heuristics, business, Cluster analysis, Protocol (object-oriented programming), 030217 neurology & neurosurgery, Anonymity, Computer network

Abstract

Bitcoin (BTC) pseudonyms (layer 1) can effectively be deanonymized using heuristic clustering techniques. However, while performing transactions off-chain (layer 2) in the Lightning Network (LN) seems to enhance privacy, a systematic analysis of the anonymity and privacy leakages due to the interaction between the two layers is missing. We present (Please, find the full version of this paper with appendix at https://arxiv.org/abs/2007.00764.) clustering heuristics that group BTC addresses, based on their interaction with the LN, as well as LN nodes, based on shared naming and hosting information. We also present linking heuristics that link \(45.97\)% of all LN nodes to \(29.61\)% BTC addresses interacting with the LN. These links allow us to attribute information (e.g., aliases, IP addresses) to \(21.19\)% of the BTC addresses contributing to their deanonymization. Further, these deanonymization results suggest that the security and privacy of LN payments are weaker than commonly believed, with LN users being at the mercy of as few as five actors that control 36 nodes and over \(33\%\) of the total capacity. Overall, this is the first paper to present a method for linking LN nodes with BTC addresses across layers and to discuss privacy and security implications.

Published

2021

23. Reliability of Cooperative Vehicular Applications on Real Scenarios Over an IEEE 802.11p Communications Architecture

Author

Idoia De-la-Iglesia and Unai Hernandez-Jayo

Subjects

Emergency vehicle, IEEE 802.11u, IEEE 802.11w-2009, Computer science, business.industry, Reliability (computer networking), ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, IEEE 802.11p, Architecture, business, Intersection (aeronautics), Computer network

Abstract

In this paper, the performance of the NEC LinkBird-MX communications gateways and three safety applications are tested. These communications modules allow developers to design and deploy cooperative vehicular applications over Vehicular Ad-hoc Networks. In this work, it is analyzed how the reliability of these applications depends mainly on the goodness of the V2V or I2V radio links. The results of the analysis of these three cooperative applications (intersection crossing warning, emergency vehicle warning and roadwork warning) are shown in this paper.

Published

2014

24. Encryption Schemes Secure Against Profiling Adversaries

Author

Debrup Chakraborty and Sandra Diaz-Santiago

Subjects

business.industry, Computer science, Public key infrastructure, Adversary, Encryption, Computer security, computer.software_genre, Secret sharing, Multiple encryption, Probabilistic encryption, Profiling (information science), business, computer, Key exchange, Computer network

Abstract

A profiling adversary is an adversary which aims to classify messages into pre-defined profiles and thus gain useful information regarding the sender or receiver of such messages. User profiling has gained lot of importance today, this activity supports the big business of online advertising at the cost of user privacy. Usual chosen-plaintext secure encryption schemes are capable of securing information from profilers, but these schemes provide more security than required for this purpose. In this paper we study the requirements for an encryption algorithm to be secure only against profilers and finally give a precise notion of security for such schemes. We also present a full protocol for secure (against profiling adversaries) communication, which neither requires a key exchange nor a public key infrastructure. Our protocol guarantees security against non-human profilers and is constructed using CAPTCHAs and secret sharing schemes. The security notions developed in this paper are also further used to analyze an existing scheme meant for providing security against profilers.

Published

2014

25. An Ambient ASM Model of Client-to-Client Interaction via Cloud Computing and an Anonymously Accessible Docking Service

Author

Károly Bósa

Subjects

Service (systems architecture), Engineering, business.industry, Cloud computing, computer.software_genre, Formal methods, Ambient calculus, Use of services, Abstract state machines, Operating system, Architecture, business, computer, Computer network

Abstract

In our former work we have given a high-level formal model of a cloud service architecture in terms of a novel formal method approach which combines the advantages of the mathematically well-founded software engineering method called abstract state machines and of the calculus of mobile agents called ambient calculus. This paper presents an extension for this cloud model which enables client-to-client interaction in an almost direct way, so that the involvement of cloud services is transparent to the users. The discussed solution for transparent use of services is a kind of switching service, where registered cloud users communicate with each other, and the only role the cloud plays is to switch resources from one client to another. We also show in an example at the end of this paper how our novel client-to-client interaction mechanism can be utilized for the development of the anonymously accessible cloud services.

Published

2014

26. Software Authentication to Enhance Trust in Body Sensor Networks

Author

Groot, de, J.A., Bui, T.V., Linnartz, J.P.M.G., Lukkien, J.J., Verhoeven, R., Jøsang, A., Samarati, P., Petrocchi, M., Signal Processing Systems, Mathematics and Computer Science, Interconnected Resource-aware Intelligent Systems, Lighting and IoT Lab, and Center for Wireless Technology Eindhoven

Subjects

Scheme (programming language), Authentication, Computer science, business.industry, Computer security, computer.software_genre, Clinical decision support system, Variety (cybernetics), Software, Sensor node, business, computer, Wireless sensor network, Vulnerability (computing), computer.programming_language, Computer network

Abstract

This paper studies an approach to enhance the trust in the widespread use of Body Sensor Networks (BSN) in Healthcare. To address the wide variety in medical indications and differences between patients, we assume that such BSNs are programmable and highly flexible in their functionality. Yet this opens a vulnerability to malicious attacks and intrusion of the patient’s privacy. We study the work flow in a typical medical scenario, we map the (implied or evidence-based) trust relations and we use this to propose a scheme for verifying the authenticity and trustworthiness without prohibitively interfering with common practices. Our proposed framework is currently being refined in the VITRUVIUS project, for instance to test the feasibility of its implementation.

Published

2013

27. Stability and Performance of Wireless Sensor Networks during the Tracking of Dynamic Targets

Author

Sesh Commuri and Phuong L. Pham

Subjects

Tracking error, Key distribution in wireless sensor networks, Computer science, Covariance matrix, business.industry, Filter (video), Node (networking), Real-time computing, Mobile wireless sensor network, Kalman filter, business, Wireless sensor network, Computer network

Abstract

The performance of Wireless Sensor Networks (WSNs) during the tracking of dynamic targets is addressed in this paper. The strategy outlined in this paper uses a Distributed implementation of a Kalman Filter to track dynamic targets. In contrast to the results reported in the literature, the approach in this paper has the Kalman Filter running on only one network node at any given time. The knowledge learned by this node, i.e. the system state and the covariance matrix, is passed on to the subsequent node running the filter. Since a finite subset of the sensor nodes is active at any given time, target tracking can be accomplished using lower power compared to centralized implementations of the Kalman Filter. The tracking problem in WSNs is formulated mathematically and the stability and tracking error of the proposed strategy is rigorously analyzed. Numerical simulations are then used to demonstrate the utility of the proposed technique. The results in this paper show that the proposed technique for target tracking will result in significant savings in power consumption and will extend the useful life of the WSN.

Published

2011

28. Spoofed ARP Packets Detection in Switched LAN Networks

Author

Khaled Shuaib and Zouheir Trabelsi

Subjects

Spoofing attack, Proxy ARP, business.industry, Network packet, Computer science, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Computer security, computer.software_genre, Application layer, Host-based intrusion detection system, Packet analyzer, ARP spoofing, business, computer, Computer network, Data link layer

Abstract

Spoofed ARP packets are used by malicious users to redirect network’s traffic to their hosts. The potential damage to a network from an attack of this nature can be very important. This paper discusses first how malicious users redirect network traffic using spoofed ARP packets. Then, the paper proposes a practical and efficient mechanism for detecting malicious hosts that are performing traffic redirection attack against other hosts in switched LAN networks. The proposed mechanism consists of sending first spoofed packets to the network’s hosts. Then, by collecting and analyzing the responses packets, it is shown how hosts performing traffic redirection attack can be identified efficiently and accurately. The affect of the proposed mechanism on the performance of the network is discussed and shown to be minimal. The limits of current IDSs regarding their ability to detect malicious traffic redirection attack, based on spoofed ARP packets, in switched LAN networks are discussed. Our work is concerned with the detection of malicious network traffic redirection attack, at the Data Link layer. Other works proposed protection mechanisms against this attack, but at the Application layer, using cryptographic techniques and protocols.

Published

2008

29. Use of AGPS Call Data Records for Non-GPS Terminal Positioning in Cellular Networks

Author

Jeongkeun Lee, Semun Lee, Taekyoung Kwon, Tae Joon Ha, Tae Il Kim, and Yanghee Choi

Subjects

business.industry, Computer science, RSS, Real-time computing, computer.file_format, law.invention, Upload, Terminal (electronics), Relay, law, Global Positioning System, Cellular network, Overhead (computing), Pattern matching, business, computer, Computer network

Abstract

This paper presents a novel method of user terminal positioning in cellular networks. A pattern matching technology based on received-signal-strength (RSS) from the pilot channels of cell towers has been the most popular network-based positioning method. In response to a position request, a terminal measures RSSs of pilot channels from surrounding cell towers and then the terminal’s RSS pattern is compared with a pattern database to find the most correlated one which indicates the position of the terminal. Although the pattern matching method can provide accurate positioning, its database construction and maintenance require a high overhead of periodic labor-intensive pattern collection. In this paper, we propose to exploit the call data records (CDRs) that are uploaded by Assisted Global Positioning System (AGPS) terminals as inputs to the pattern database, which removes or reduces the pattern collection overhead. In AGPS systems, terminals measure satellite signals and cellular network parameters (such as RSS) and relay them to the cellular infrastructure, which in turn calculates the terminal position using both that satellite and cellular network data. The proposed AGPS CDR based pattern matching method takes advantage of the increasing number of AGPS terminals in service: non-AGPS terminals can obtain more precise positioning results in areas where more AGPS calls are generated (e.g. hotspots). To do so, we analyze the characteristics of RSS patterns and AGPS CDRs. Based on the analysis, a pattern-distance metric and an AGPS CDR based pattern matching system are proposed and their performances are evaluated by examining field data of several urban downtown areas of Seoul, Korea. We obtain promising results: the position of the user terminal can be estimated with the accuracy (or, positioning error) at the level of 96.5m and 149.8m for the 67% and the 95% confidence interval, respectively.

Published

2008

30. Cooperative Intrusion Detection Model Based on State Transition Analysis

Author

Xiufen Fu, Shaohua Teng, Wei Zhang, and Naiqi Wu

Subjects

Host-based intrusion detection system, Sequence, Transformation (function), Computer science, business.industry, Anomaly-based intrusion detection system, Real-time computing, State (computer science), Intrusion detection system, Intrusion prevention system, Login, business, Computer network

Abstract

Many intrusion behaviors can be characterized as the execution of a sequence of crucial commands that results in an unauthorized access. Lots of attack sequences can be derived by either exchanging properly orders of crucial commands or replacing crucial commands with the functionally similar commands, which have the same performance. Therefore, it is very difficult to detect such attacks. In this paper, we propose a cooperative intrusion detection model based on state transition analysis, in which the topological order and isomorphic transformation are adopted. For a given sequence of crucial commands of an intrusion, all the possible derived sequences as an intrusion scenario can be generated by means of the model. We may also use the model to detect the attacks from different cooperating attackers and the attacks from one attacker in different login sessions. Furthermore, a derived intrusion can be seen as an unknown intrusion, in this sense that the technique presented in this paper can detect some unknown intrusions.

Published

2008

31. A Dynamic Scalable Video Conference System Based on SIP

Author

Zhen Yang, Ji Zhang, and Huadong Ma

Subjects

Service (systems architecture), Session Initiation Protocol, Multimedia, Computer science, business.industry, computer.internet_protocol, InformationSystems_INFORMATIONSYSTEMSAPPLICATIONS, Teleconference, SIP trunking, computer.software_genre, User agent, Videoconferencing, Server, Scalability, business, computer, Computer network

Abstract

The Session Initiation Protocol (SIP) provides powerful and flexible signaling capabilities for building video conferencing services. Traditionally, for SIP-based centralized video conference systems, the conferencing scale is mainly limited by both the capability of conference server and the availability of bandwidth. In this paper, our design focuses on how to provide dynamic scalability for the SIP-based video conferencing system when the number of conference users increases continually. Based on the study of the SIP protocol and the existing video conferencing models, we propose a dynamic scalable service model that can support to dynamically increase the number of conference servers without negative influence on the stability of system. This enables the extra service requests to be transferred and served in the cooperated conference servers. The paper also addresses the SIP-enabled conferencing flows based on the model in detail. We developed a prototype of video conference system based on the proposed model. Experimental results demonstrate the validity of this service model.

Published

2006

32. A Comparison of Current Web Protocols for Usage in Cloud based Automation Systems

Author

Aniket Salvi, Dhavalkumar Shekhada, and Michael Stiller

Subjects

WebSocket, Industry 4.0, business.industry, Computer science, Web application, Cloud computing, Latency (engineering), business, Process automation system, Automation, WebRTC, Computer network

Abstract

Web protocols are critical factor in successful implementation of web based industrial applications. Nevertheless, the main issue that significantly affects the real-time performance of such application is Web latency. Traditional web communication technologies, such as HTTP1.1, provide a uni-directional link and a request/ response message exchange model. This solution is not feasible in web based applications involving large number of different interconnected devices, such as Industrial Internet of things. In this paper, we focus on bi-directional web protocols WebSocket, WebRTC and HTTP/2.0. We compare the performance parameters like latency, reliability, and security of these three protocols. At the end of this paper, we will present some suggestions how to optimize the usage of web protocols in industrial process automation applications.

Published

2017

33. State of the Art and Future Applications of Industrial Wireless Sensor Networks

Author

Marco Ehrlich, Jurgen Jasperneite, and Lukasz Wisniewski

Subjects

Computer science, business.industry, 010401 analytical chemistry, 020206 networking & telecommunications, 02 engineering and technology, 01 natural sciences, 0104 chemical sciences, Domain (software engineering), Open research, 0202 electrical engineering, electronic engineering, information engineering, Wireless, State (computer science), Architecture, business, Wireless sensor network, Computer network

Abstract

In this paper an investigation of the State of the Art of Industrial Wireless Sensor Networks (IWSNs) is performed. Therefore the given industrial requirements, different wireless communication protocols, the defined basic architecture and open research questions will be analysed. Furthermore, current challenges from the research domain will be discussed and a real use case of IWSNs from a research project in cooperation with a local industrial partner will be evaluated. To conclude this paper an outlook of further developments and possible future applications of IWSNs will be sketched.

Published

2017

34. Implementation of the New Integration Model of Security and QoS for MANET to the OPNET

Author

Jan Papaj, Anton Čižmár, and Ľubomír Doboš

Subjects

Security service, Computer science, business.industry, Quality of service, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Cross layer design, Mobile ad hoc network, business, Field (computer science), Computer network

Abstract

The implementation of the new designed model used to integrating security and Quality of Service (QoS) as one parameter in mobile ad-hoc network (MANET) is introduced and studied in this paper. Security and QoS represent a highly important field of research in MANET and they are still being considered separately with no mechanisms used to establish cooperation between them. This new model provides alternative to cooperation between QoS and Security via Cross Layer Design (CLD) and modified Security Service Vector (SSV). Main motivation of this paper is indicating how could be security integrated as a QoS parameter to the MANET via this model. The performance analysis of the new designed model in the well-know simulator OPNET Modeler is also provides.

Published

2011

35. RUDP Design and Implementation Using OPNET Simulation

Author

Kyungryong Seo and Jun-Ho Huh

Subjects

Internet Draft, Network packet, Packet loss, Wireless network, Computer science, business.industry, Retransmission, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Minification, Data loss, Latency (engineering), business, Computer network

Abstract

TCP suffers from high packet loss rate and tends to overreact to the ever-changing network dynamism of wireless network that experiences considerable delay variation. And also, it undergoes backoff state repeatedly and enters into a slow starting mode, which in turn leading to the low throughput and excessive end-to-end latency. On the other hand, UDP does not consider recovery of lost packets and the problem of out-of-order delivery resulting in much more data loss. For these reasons, RUDP was proposed at the IETF Internet Draft[1]. In this paper, we focused on the minimization of data packet delay time and aimed to reduce packet loss and deliver the data in order with the proposed protocol. Hence, using OPNET Modeler 14.5 PL8 program under the identical environment, we conducted the comparative analysis simulations between TCP, UDP and RUDP considering "Retransmission function" and sequence acknowledge numbers that are used to monitor packet loss and the order of the received packets, and various timers as major testing factors. The purposes of the simulations conducted for RUDP in this paper are to supplement "unreliable" characteristics of UDP, which is considered as a major problem, and thereby produce reliable data like TCP produces by making use of better characteristic of UDP not just imitating TCP’s characteristics.

Published

2015

36. Key Factors for a Proper Available-Bandwidth-Based Flow Admission Control in Ad-Hoc Wireless Sensor Networks

Author

Thomas Kunz and Muhammad Omer Farooq

Subjects

Vehicular ad hoc network, business.industry, Wireless network, Computer science, Network packet, Wireless ad hoc network, Retransmission, Node (networking), ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Admission control, Ad hoc wireless distribution service, Key distribution in wireless sensor networks, Mobile wireless sensor network, business, Wireless sensor network, Computer network

Abstract

In this paper, first, we present our simulation studies that help to outline key factors for a proper available-bandwidth-based flow admission control in ad-hoc Wireless Sensor Networks (WSNs). In most cases, WSNs use the IEEE 802.15.4 standard, therefore our simulation studies are based on the same standard. The identified key factors are: (i) the overheads (back-off, retransmission, contention window, ACK packet, and ACK waiting time) associated with the unslotted IEEE 802.15.4 Carrier Sense Multiple Access Collision Avoidance (CSMA-CA) MAC layer protocol reduce the amount of available bandwidth, (ii) the impact of the MAC layer overheads on a node’s available bandwidth is a function of the number of active transmitters and data traffic load within the interference range of the node, (iii) contention count on a node that is not on a flow’s data forwarding path is a function of the number of active transmitters (along the flow’s data forwarding path) within the interference range of the node, and (iv) a flow’s intra-flow contention count on a node (along the flow’s data forwarding path) depends on the hop-count distance of the node from the source and the destination nodes, and the node’s interference range. Second, we present a survey of state-of-the-art flow admission control algorithms for ad-hoc wireless networks. The survey demonstrates that the state-of-the-art flow admission control algorithms do not completely consider the key identified factors or make incorrect assumptions about them. Third, we propose techniques that an available-bandwidth-based flow admission control algorithm can use to incorporate the key identified factors. Hence, the work presented in this paper can serve as a basis of a more effective available-bandwidth-based flow admission control algorithm for ad-hoc wireless networks.

Published

2015

37. Research on Tracking Mobile Targets Based on Wireless Video Sensor Networks

Author

Zhenfei Gong, Jiawen Wang, Zixi Jia, and Linzhuo Pang

Subjects

Scheme (programming language), business.industry, Computer science, Real-time computing, Process (computing), Sensor fusion, Key distribution in wireless sensor networks, Trajectory, Mobile wireless sensor network, business, computer, Wireless sensor network, Camera resectioning, computer.programming_language, Computer network

Abstract

The motivation of the paper is to position and track moving targets in real time by means of wireless video sensor networks (WVSNs), and with the aid of selecting and associating information from multi-view videos to obtain the trajectory of targets in the world coordinates system(WCS). The whole process includes camera calibration, target localization, tracking trajectory in WCS, time synchronization calibration of multi-view videos and data fusion. The innovation point of the paper is that aimed at time synchronization phenomenon of multi-view videos while associating data, we propose a new scheme of information selection and recognition. For validating the effectiveness of the scheme, the comparison of the real trajectory and the estimated one is conducted through MATLAB simulation, and the proposed scheme has a satisfactory performance.

Published

2015

38. A Security Protocol based-on Mutual Authentication Application toward Wireless Sensor Network

Author

SuHyun Park, Hyeong Rag Kim, Ndibanje Bruce, Hoon-Jae Lee, and Young-Jin Kang

Subjects

Challenge-Handshake Authentication Protocol, business.industry, computer.internet_protocol, Computer science, Mutual authentication, Key distribution in wireless sensor networks, Wireless Transport Layer Security, Authentication protocol, IPsec, Network Access Control, Lightweight Extensible Authentication Protocol, business, computer, Computer network

Abstract

This paper presents an application of security protocol based-on mu-tual authentication procedure between involved entities that providing data and network security in wireless sensor environment communication. Through WSN, a user can access base station of wireless sensor networks and gets the data. This paper proposes a secure authentication protocol where involved enti-ties are mutual strongly verified before accessing the data. The proposal pro-vides secure features standards such as data integrity, mutual authentication and session key establishment. Furthermore, an extensive analysis shows that the proposed scheme possesses many advantages against popular attacks, achieves better efficiency and can be safeguard to real wireless sensor network applications.

Published

2015

39. Guiding Users to Shops Using the Near-Field Communication between Signages and Mobile Terminals

Author

Kazumasa Takami, Daiki Takahashi, and Yoshio Suga

Subjects

Engineering, business.industry, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Limiting, Destinations, USable, Near field communication, Traffic congestion, Signage, Global Positioning System, Digital signage, business, Telecommunications, Computer network

Abstract

This paper proposes two algorithms for navigating users to their destinations using near-field communication between their mobile terminals and digital signage units in an underground area where GPS is not usable. One algorithm focuses on the angle to the destination while the other looks at the distance to the destination. The paper also proposes an algorithm for avoiding traffic congestion by limiting the number of mobile terminals that communicate with a signage unit simultaneously. We have built an underground mall model on a simulator, and evaluated the algorithms in terms of the rate of successful arrival at the destination and the time it takes to reach the destination.

Published

2015

40. Improved Cryptanalysis of the DECT Standard Cipher

Author

Ignacio Sanchez and Iwen Coisel

Subjects

Computer science, business.industry, Stream cipher attack, Brute-force search, Digital Enhanced Cordless Telecommunications, Plaintext, Data_CODINGANDINFORMATIONTHEORY, law.invention, Cipher, law, Known-plaintext attack, Cryptanalysis, business, Stream cipher, Algorithm, Computer network

Abstract

The DECT Standard Cipher (DSC) is a 64-bit key stream cipher used in the Digital Enhanced Cordless Telecommunications (DECT) standard to protect the confidentiality of the communications. In this paper we present an improved cryptanalysis approach which is more effective than the Nohl-Tews-Weinmann (NTW) attack and requires four times less plaintext material. Under the best conditions, our known plaintext attack requires only 3 min of communication compared to 10 min for the NTW attack. Our approach is able to quickly recover the secret key with a success rate of more than 50 % by analysing \(2^{13}\) keystreams and performing an exhaustive search over \(2^{31}\) keys. Additionally, the attack was successfully conducted against real intercepted DECT traffic where the plaintext was only 90 % accurate. To the best of our knowledge, the approach we present in this paper is the most effective cryptanalysis published so far against the DSC cipher.

Published

2015

41. A Distributed Strategy for Defensing Objective Function Attack in Large-scale Cognitive Networks

Author

Huiqiang Wang, Xiaoyu Zhao, Hongwu Lv, Qiao Zhao, Junyu Lin, and Guangsheng Feng

Subjects

Mathematical optimization, business.industry, Network packet, Computer science, Scale (chemistry), Saddle point, Big data, Differential game, Network performance, Large range, Cognitive network, business, Computer network

Abstract

Most of existed strategies for defending OFA (Objective Function Attack)are centralized, only suitable for small-scale networks and stressed on the computation complexity and traffic load are usually neglected. In this paper, we pay more attentions on the OFA problem in large-scale cognitive networks, where the big data generated from the network must be considered and the traditional methods could be of helplessness. In this paper, we first analyze the interactive processes between attacker and defender in detail, and then a defense strategy for OFA based on differential game is proposed, abbreviated as DSDG. Secondly, the game saddle point and optimal defense strategy have proved to be existed simultaneously. Simulation results show that the proposed DSDG has a less influence on network performance and a lower rate of packet loss.More importantly, it can cope with the large range OFA effectively.

Published

2015

42. Sybil-Resist: A New Protocol for Sybil Attack Defense in Social Network

Author

Wei Ma, Sen-Zhe Hu, Ting-Ting Wang, Qiong Dai, and Yin-Fei Huang

Subjects

Scheme (programming language), Engineering, Social network, business.industry, Network security, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Computer security, computer.software_genre, Running time, Sybil attack, The Internet, business, Byzantine fault tolerance, computer, Protocol (object-oriented programming), computer.programming_language, Computer network

Abstract

Currently, most of the existing social networks on Internet are distributed, decentralized systems, and they are particularly vulnerable to Sybil attack in which a single malicious user introduces multiple bogus identities and pretends to be multiple and real users in the network. With these controlled identities, the malicious user can create a Byzantine failure in collaborative tasks by ‘out vote’ the real identities. This paper conducts a survey on the network security of social networks to provide the overview of the current online security of the social networks and the corresponding defend methods. Based on the survey, this paper proposes Sybil-Resist, a Random Walk-based Sybil attack defense protocol devoting to identifying the Sybil nodes and the Sybil region efficiently. The simulation results obtained by a more realistic simulation topology show that the proposed scheme outperforms existing solutions in terms of detection accuracy and running time.

Published

2014

43. Large-Scale Traffic Anomaly Detection: Analysis of Real Netflow Datasets

Author

Luigi V. Mancini, Antonio Villani, Domenico Vitali, Roberto Battistoni, and Angelo Spognardi

Subjects

Computer science, Network security, computer.internet_protocol, Attack detection, Distributed denial-of-service attacks, Denial-of-service attack, Internet security, computer.software_genre, Synthetic data, Information divergence, Autonomous Systems, NetFlow, Relative Entropy, netflow analysis, Distributed denial-of-service attacks, Information divergence, Relative Entropy, Network security, Autonomous Systems, Internet security, Attack detection, business.industry, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Autonomous system (Internet), Flow network, anomaly detection, Anomaly detection, Data mining, business, computer, WAN, Computer network

Abstract

The analysis of large amount of traffic data is the daily routine of Autonomous Systems and ISP operators. The detection of anomalies like denial-of-service (DoS) or distributed denial-of-service (DDoS) is also one of the main issues for critical services and infrastructures. The suitability of metrics coming from the information theory for detecting DoS and DDoS episodes has been widely analyzed in the past. Unfortunately, their effectiveness are often evaluated on synthetic data set, or, in other cases, on old and unrepresentative data set, e.g. the DARPA network dump. This paper presents the evaluation by means of main metrics proposed in the literature of a real and large network flow dataset, collected from an Italian transit tier II Autonomous System (AS) located in Rome. We show how we effectively detected and analyzed several attacks against Italian critical IT services, some of them also publicly announced. We further report the study of others legitimate and malicious activities we found by ex-post analysis.

Published

2014

44. Towards Decentralized, Energy- and Privacy-Aware Device-to-Device Content Delivery

Author

David Hausheer and Leonhard Nobach

Subjects

Energy loss, Operator (computer programming), business.industry, Computer science, Distributed generation, Device to device, Content delivery, business, Mobile device, Energy (signal processing), Computer network

Abstract

Device-to-Device (D2D) content delivery is a new approach to directly exchange content between mobile devices, which allows to offload traffic from infrastructure-based networks and thus reduces the risk of congestion. While centralized D2D approaches rely on the mobile operator to discover nearby devices and initiate a content transfer, in decentralized D2D the devices autonomously and opportunistically organize themselves to deliver content to each other. The latter approach is more flexible as it does not depend on a single operator, however, it typically requires more energy for scanning other devices. Another issue is privacy, since the decentralized approach reveals a user’s interest for content to all devices in proximity. Therefore, this paper sketches an new approach towards decentralized energy- and privacy-aware D2D content delivery. The proposed approach addresses the energy loss that occurs when constantly and spontaneously scanning multiple unknown devices for content. Furthermore, the paper identifies privacy requirements and proposes first steps towards a privacy-aware D2D solution.

Published

2014

45. Assessment of Multimedia Services QoS/QoE over LTE Networks

Author

Gerardo Gómez, Raquel García, Estefanía Arias, Javier Lorca, Esther de Torres, and Quiliano Pérez

Subjects

Service quality, Voice over IP, Computer science, business.industry, Quality of service, Mean opinion score, Mobile QoS, Quality of experience, Data as a service, business, Application layer, Computer network

Abstract

The evaluation of the Quality of Experience (QoE) for data services over wireless technologies is currently a hot topic. In this paper we present service performance evaluation method that is able to estimate both the Quality of Service (QoS) and QoE for different data services over cellular networks. This method is based on specific performance indicators that are evaluated at each layer of the terminal’s protocol stack following a bottom-up process from the physical layer up to the application layer. Then, specific utility functions for each data service are used to map QoS into QoE in terms of Mean Opinion Score (MOS). Three different data services (web, YouTube and voice over IP) have been evaluated over a typical LTE network scenario. Performance results show that the MOS is largely affected by the radio level performance (error rate, throughput and delay), so proper protocols’ configuration critical to achieve a desired service quality.

Published

2014

46. A Study of RPL DODAG Version Attacks

Author

Anthéa Mayzaud, Anuj Sehgal, Isabelle Chrisment, Jürgen Schönwälder, Rémi Badonnel, Management of dynamic networks and services (MADYNES), Inria Nancy - Grand Est, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Networks, Systems and Services (LORIA - NSS), Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL), Jacobs University [Bremen], INRIA Lorraine, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université Henri Poincaré - Nancy 1 (UHP)-Université Nancy 2-Institut National Polytechnique de Lorraine (INPL)-Centre National de la Recherche Scientifique (CNRS)-Université Henri Poincaré - Nancy 1 (UHP)-Université Nancy 2-Institut National Polytechnique de Lorraine (INPL)-Centre National de la Recherche Scientifique (CNRS), Anna Sperotto, Guillaume Doyen, Steven Latré, Marinos Charalambides, Burkhard Stiller, TC 6, WG 6.6, Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), and Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)

Subjects

Routing protocol, Exploit, business.industry, Computer science, Network packet, Node (networking), 020206 networking & telecommunications, 02 engineering and technology, Network topology, [INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI], 0202 electrical engineering, electronic engineering, information engineering, Overhead (computing), 020201 artificial intelligence & image processing, Routing (electronic design automation), business, Protocol (object-oriented programming), Computer network

Abstract

Best Paper Award; International audience; The IETF designed the Routing Protocol for Low power and Lossy Networks (RPL) as a candidate for use in constrained networks. Keeping in mind the different requirements of such networks, the protocol was designed to support multiple routing topologies, called DODAGs, constructed using different objective functions, so as to optimize routing based on divergent metrics. A DODAG versioning system is incorporated into RPL in order to ensure that the topology does not become stale and that loops are not formed over time. However, an attacker can exploit this versioning system to gain an advantage in the topology and also acquire children that would be forced to route packets via this node. In this paper we present a study of possible attacks that exploit the DODAG version system. The impact on overhead, delivery ratio, end-to-end delay, rank inconsistencies and loops is studied.

Published

2014

47. Decision Engine Based Access Router Discovery Scheme in IEEE 802.11

Author

SungJai Choi, Daewon Lee, Doo-Soon Park, and HwaMin Lee

Subjects

Router, IEEE 802.11u, Inter-Access Point Protocol, Service set, Wireless network, Computer science, business.industry, computer.internet_protocol, Network topology, Neighbor Discovery Protocol, IEEE 802.11, business, computer, Computer network

Abstract

In this paper, we focus on AR selection problem of mobile host (MH). A mobile host (MH) may have several available networks when entering a new area. The user of MH decides to use one of access router (AR) at AR list. However, the decision only with the subsystem identification (SSID) and signal strength could not provide appropriate connection to the MH. To provide appropriate connection, more information of AR is needed. In this paper, we extend prefix information option on router advertisement message to obtain AR’s status information. Then, we proposed decision engine (DE) on the MH that analyzes ARs and decides the appropriate AR automatically by AR’s status information. In experimental analysis, proposed AR discovery process has several advantages. For the MH, wireless connection period is increased, the power consumption is decreased, and the signaling overhead is reduced. For AR and router, the load balancing is provided and the network topology can also be more efficient.

Published

2014

48. Obligation Based Access Control

Author

Laurent Gomez and Slim Trabelsi

Subjects

Stateless protocol, Computer access control, business.industry, Context (language use), Access control, Computer security, computer.software_genre, Stateful firewall, Role-based access control, Obligation, State (computer science), business, computer, Computer network

Abstract

Access control systems can be categorized in two classes: stateless or stateful. While stateless access control systems consider only current state of the system for access decision, stateful access control integrates past and current state of the system. The state of the system can change depending on the way how resources were used. We also observe that stateful access control systems strongly rely on centralised state monitoring infrastructure. In the context of distributed systems, state monitoring is very difficult to achieve, both for security and technical reasons. In this paper, we propose to use obligation execution proof to evaluate current distributed system state. Data usage conditions are defined as obligations expressing the actions that must be executed before or after granted access. In this paper, we aim at fostering distributed access control enforcement relying on certified obligations.

Published

2014

49. Power Control Research Based on Interference Coordination for D2D Underlaying Cellular Networks

Author

Jianbin Xue, Bing Wen, and Supan Wei

Subjects

Computer Science::Computer Science and Game Theory, Computer science, business.industry, Interference (wave propagation), Cellular communication, Base station, Computer Science::Multimedia, Telecommunications link, Poisson point process, Computer Science::Networking and Internet Architecture, Cellular network, business, Stochastic geometry, Computer network, Power control

Abstract

This paper considers a device-to-device (D2D) underlaying cellular network where an uplink cellular user communicates with the base station while multiple direct D2D links share the uplink spectrum. This paper proposes a random network model based on stochastic geometry and develops centralized power control algorithm. The goal of the proposed power control algorithm is two-fold: ensure the cellular users have sufficient coverage probability by limiting the interference created by underlaid D2D users, while also attempting to support as many D2D links as possible. This paper adopts the two level control strategy: Cellular link SINR(signal-to-interference-plus noise ratio) and sum rate maximization, to ensure the cellular communication and improve the coverage probability of D2D and cellular links. Numerical results show the gains of the proposed power control algorithm and accuracy of the analysis.

Published

2014

50. Privacy Protection Based on Key-changed Mutual Authentication Protocol in Internet of Things

Author

Wang Ru-chuan, Chen Long, Li Peng, and Su Xiao-yu

Subjects

Challenge-Handshake Authentication Protocol, Information privacy, Spoofing attack, computer.internet_protocol, Computer science, Privacy software, business.industry, Denial-of-service attack, Computer security, computer.software_genre, Application layer, IPsec, Authentication protocol, business, computer, Computer network

Abstract

This paper concentrates in the privacy protection in Internet of things. It firstly focuses on the security issues and attack risks of Internet of things from four aspects, which are perception layer, transport layer, application layer and the integrated networking system. And it puts forward some proposals on wireless sensor network and RFID (Radio Frequency Identification) security system structure. The researches are theoretical basis in security defense of Internet of things. Furthermore, in order to reduce the security risks in Internet of things communication process, this paper puts forward key-changed mutual authentication protocol. The protocol integrates random number generator in the tag and reader, and adopts the one-way Hash function, key refresh in real time, key backup and other mechanisms. The analysis shows that this protocol is able to be well applied to low cost Internet of things system and effectively prevent the network from replay, replication, denial of service, spoofing and tag tracking attacks.

Published

2014