Your search keyword '"Minseok Kwon"' showing total 5 results

1. Proof-Carrying Network Code

Author

Sahil Gupta, Minseok Kwon, David Darias, Kyle I. Diller, Christian Skalka, Steffen Smolka, Nate Foster, and John H. Ring

Subjects

021110 strategic, defence & security studies, Computer science, 020208 electrical & electronic engineering, Control (management), 0211 other engineering and technologies, 02 engineering and technology, Security policy, Computer security, computer.software_genre, Home health, 0202 electrical engineering, electronic engineering, information engineering, Code (cryptography), Trust management (information system), Network code, Software-defined networking, Formal verification, computer

Abstract

Computer networks often serve as the first line of defense against malicious attacks. Although there are a growing number of tools for defining and enforcing security policies in software-defined networks (SDNs), most assume a single point of control and are unable to handle the challenges that arise in networks with multiple administrative domains. For example, consumers may want want to allow their home IoT networks to be configured by device vendors, which raises security and privacy concerns. In this paper we propose a framework called Proof-Carrying Network Code (PCNC) for specifying and enforcing security in SDNs with interacting administrative domains. Like Proof-Carrying Authorization (PCA), PCNC provides methods for managing authorization domains, and like Proof-Carrying Code (PCC), PCNC provides methods for enforcing behavioral properties of network programs. We develop theoretical foundations for PCNC and evaluate it in simulated and real network settings, including a case study that considers security in IoT networks for home health monitoring.

Published

2019

2. Position-aware cuckoo filters

Author

Minseok Kwon, Vijay Shankar, and Pedro Reviriego

Subjects

Hardware_MEMORYSTRUCTURES, biology, Computer science, Fingerprint (computing), 020206 networking & telecommunications, 02 engineering and technology, Bloom filter, biology.organism_classification, Filter (video), Position (vector), 0202 electrical engineering, electronic engineering, information engineering, False positive rate, Packet classification, Cuckoo, Algorithm

Abstract

Cuckoo filters have been recently proposed as an efficient structure to perform approximate membership checks. In this paper, it is shown that the false positive rate of a cuckoo filter can be reduced by storing in addition to the fingerprint the information that tell us if a given fingerprint has been inserted in the first or the second bucket. This improvement of the cuckoo filter is denoted as Position Aware (PA) cuckoo filter.

Published

2018

3. Use of Cuckoo Filters with FD.io VPP for Software IPv6 Routing Lookup

Author

Pragash Vijayaragavan, Arjun Dhuliya, Shailesh Vajpayee, Minseok Kwon, and John William Marshall

Subjects

Hardware_MEMORYSTRUCTURES, biology, business.industry, Computer science, Node (networking), Packet processing, Packet forwarding, 020206 networking & telecommunications, 02 engineering and technology, Bloom filter, biology.organism_classification, IPv6, Filter (video), 020204 information systems, Embedded system, 0202 electrical engineering, electronic engineering, information engineering, Routing (electronic design automation), business, Cuckoo, Computer hardware

Abstract

The filter technologies, e.g., Bloom filters, have been used for IP lookup for their compactness and efficiency. We investigate the performance of cuckoo filters with Cisco's VPP (Vector Packet Processing) for IP lookup. We also introduce a variant called a length-aware cuckoo filter that treats incoming IP addresses discriminatively, and study its performance with VPP. As proof-of-concept, we implement cuckoo filters with VPP, and test them on both functions and performance with focus on the ip6-input node in VPP.

Published

2017

4. Secure routing in peer-to-peer distributed hash tables

Author

Minseok Kwon and Keith Needels

Subjects

Primary clustering, business.industry, Computer science, Distributed computing, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Hash function, Hash table, Hash tree, Content addressable network, SHA-2, Key-based routing, Cryptographic hash function, Hash chain, Chord (peer-to-peer), business, Computer network

Abstract

Distributed hash tables (DHTs) provide efficient and scalable lookup mechanisms for locating data in peer-to-peer (p2p) networks. Several issues, however, prevent DHT-based p2p networks from being widely deployed -- one of which is security. Malicious peers may modify, drop, misroute lookup requests, or even collude to deny the availability of target data. To address these security concerns, we propose an extension to Chord named Sechord. The main idea is that the source can determine whether the next hop is valid or invalid by estimating how far the next hop is from its finger pointer. If the next hop is too far away from the finger pointer, especially compared to the average distance between two consecutive peers, the source can infer some ongoing malicious activities. Our modifications require no trust between two nodes except node join. Moreover, each node utilizes locally available information to evaluate hops encountered during the lookup routing process for validity. These modifications have been implemented and evaluated in the presence of malicious nodes. Our results show that Sechord significantly enhances the security of structured p2p systems at the expense of slightly increased hop count.

Published

2009

5. Topology-aware overlay networks for group communication

Author

Sonia Fahmy and Minseok Kwon

Subjects

Protocol Independent Multicast, Multicast, Computer science, business.industry, Distributed computing, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Distance Vector Multicast Routing Protocol, Overlay network, Topology, Source-specific multicast, Multicast address, Xcast, business, Pragmatic General Multicast, Computer network

Abstract

We propose an application level multicast approach, Topology Aware Grouping (TAG), which exploits underlying network topology information to build efficient overlay networks among multicast group members. TAG uses information about path overlap among members to construct a tree that reduces the overlay relative delay penalty, and reduces the number of duplicate copies of a packet on the same link. We study the properties of TAG, and model and experiment with its economies of scale factor to quantify its benefits compared to unicast and IP multicast. We also compare the TAG approach with the ESM approach in a variety of simulation configurations including a number of real Internet topologies and generated topologies. Our results indicate the effectiveness of the algorithm in reducing delays and duplicate packets, with reasonable algorithm time and space complexities.

Published

2002