IEEE 2017: Vehicular Cloud Data Collection for Intelligent Transportation Systems
IEEE 2017 Networking
Abstract: The Internet of Things (IoT) envisions to connect billions of sensors to the Internet, in order to provide new applications and services for smart cities. IoT will allow the evolution of the Internet of Vehicles (IoV) from existing Vehicular Ad hoc Networks (VANETs), in which the delivery of various services will be offered to drivers by integrating vehicles, sensors, and mobile devices into a global network. To serve VANET with computational resources, Vehicular Cloud Computing (VCC) is recently envisioned with the objective of providing traffic solutions to improve our daily driving. These solutions involve applications and services for the benefit of Intelligent Transportation Systems (ITS), which represent an important part of IoV. Data collection is an important aspect in ITS, which can effectively serve online travel systems with the aid of Vehicular Cloud (VC). In this paper, we involve the new paradigm of VCC to propose a data collection model for the benefit of ITS. We show via simulation results that the participation of low percentage of vehicles in a dynamic VC is sufficient to provide meaningful data collection
IEEE 2017: Optimizing Cloud-Service Performance: Efficient Resource Provisioning via Optimal Workload Allocation
IEEE 2017 Networking
Abstract: Cloud computing is being widely accepted and utilized in the business world. From the perspective of businesses utilizing the cloud, it is critical to meet their customers’ requirements by achieving service-level-objectives. Hence, the ability to accurately characterize and optimize cloud-service performance is of great importance. In this paper a stochastic multi-tenant framework is proposed to model the service of customer requests in a cloud infrastructure composed of heterogeneous virtual machines. Two cloud service performance metrics are mathematically characterized, namely the percentile and the mean of the stochastic response time of a customer request, in closed form. Based upon the proposed multi-tenant framework, a workload allocation algorithm, termed maxmin- cloud algorithm, is then devised to optimize the performance of the cloud service. A rigorous optimality proof of the max-min-cloud algorithm is also given. Furthermore, the resource-provisioning problem in the cloud is also studied in light of the max-min-cloud algorithm. In particular, an efficient resource-provisioning strategy is proposed for serving dynamically arriving customer requests. These findings can be used by businesses to build a better understanding of how much virtual resource in the cloud they may need to meet customers’ expectations subject to cost constraints.
IEEE 2017: Cost Minimization Algorithms for Data Center Management
IEEE 2017 Networking
Abstract: Due to the increasing usage of cloud computing applications, it is important to minimize energy cost consumed by a data center, and simultaneously, to improve quality of service via data center management. One promising approach is to switch some servers in a data center to the idle mode for saving energy while to keep a suitable number of servers in the active mode for providing timely service. In this paper, we design both online and offline algorithms for this problem. For the offline algorithm, we formulate data center management as a cost minimization problem by considering energy cost, delay cost (to measure service quality), and switching cost (to change servers’s active/idle mode). Then, we analyze certain properties of an optimal solution which lead to a dynamic programming based algorithm. Moreover, by revising the solution procedure, we successfully eliminate the recursive procedure and achieve an optimal offline algorithm with a polynomial complexity. For the online algorithm, We design it by considering the worst case scenario for future workload. In simulation, we show this online algorithm can always provide near-optimal solutions.
IEEE 2017: Multi-party secret key agreement over state-dependent wireless broadcast channels
IEEE 2016 Networking
Abstract: We consider a group of m trusted and authenticated nodes that aim to create a shared secret key K over a wireless channel in the presence of an eavesdropper Eve. We assume that there exists a state dependent wireless broadcast channel from one of the honest nodes to the rest of them including Eve. All of the trusted nodes can also discuss over a cost-free, noiseless and unlimited rate public channel which is also overheard by Eve. For this setup, we develop an information-theoretically secure secret key agreement protocol. We show the optimality of this protocol for “linear deterministic” wireless broadcast channels. This model generalizes the packet erasure model studied in literature for wireless broadcast channels. Here, the main idea is to convert a deterministic channel to multiple independent erasure channels by using superposition coding. For “state-dependent Gaussian” wireless broadcast channels, by using insights from the deterministic problem, we propose an achievability scheme based on a multi-layer wiretap code. By using the wiretap code, we can mimic the phenomenon of converting the wireless channel to multiple independent erasure channels. Then, finding the best achievable secret key generation rate leads to solving a non-convex power allocation problem over these channels (layers). We show that using a dynamic programming algorithm, one can obtain the best power allocation for this problem. Moreover, we prove the optimality of the proposed achievability scheme for the regime of high-SNR and large-dynamic range over the channel states in the (generalized) degrees of freedom sense.
IEEE 2016: Modified AODV Routing Protocol to Improve Security and Performance against Black Hole Attack
IEEE 2016 Networking
Abstract— A Mobile Ad hoc NETwork (MANET) is a collection of autonomous nodes that have the ability to communicate with each other without having fixed infrastructure or centralized access point such as a base station. This kind of networks is very susceptible to adversary's malicious attacks, due to the dynamic changes of the network topology, trusting the nodes to each other, lack of fixed substructure for the analysis of nodes behaviors and constrained resources. One of these attacks is black hole attack. In this attack, malicious nodes inject fault routing information to the network and lead all data packets toward themselves, then destroy them all. In this paper, we propose a solution, which enhances the security of the Ad-hoc On-demand Distance Vector (AODV) routing protocol to encounter the black hole attacks. Our solution avoids the black hole and the multiple black hole attacks. The simulation results using the Network Simulator NS2 shows that our protocol provides better security and better performance in terms of the packet delivery ratio than the AODV routing protocol in the presence of one or multiple black hole attacks with marginal rise in average end-to-end delay and normalized routing overhead.
IEEE 2017: Vehicular Cloud Data Collection for Intelligent Transportation Systems
IEEE 2017 Networking
Abstract: The Internet of Things (IoT) envisions to connect billions of sensors to the Internet, in order to provide new applications and services for smart cities. IoT will allow the evolution of the Internet of Vehicles (IoV) from existing Vehicular Ad hoc Networks (VANETs), in which the delivery of various services will be offered to drivers by integrating vehicles, sensors, and mobile devices into a global network. To serve VANET with computational resources, Vehicular Cloud Computing (VCC) is recently envisioned with the objective of providing traffic solutions to improve our daily driving. These solutions involve applications and services for the benefit of Intelligent Transportation Systems (ITS), which represent an important part of IoV. Data collection is an important aspect in ITS, which can effectively serve online travel systems with the aid of Vehicular Cloud (VC). In this paper, we involve the new paradigm of VCC to propose a data collection model for the benefit of ITS. We show via simulation results that the participation of low percentage of vehicles in a dynamic VC is sufficient to provide meaningful data collection
IEEE 2017: Optimizing Cloud-Service Performance: Efficient Resource Provisioning via Optimal Workload Allocation
IEEE 2017 Networking
Abstract: Cloud computing is being widely accepted and utilized in the business world. From the perspective of businesses utilizing the cloud, it is critical to meet their customers’ requirements by achieving service-level-objectives. Hence, the ability to accurately characterize and optimize cloud-service performance is of great importance. In this paper a stochastic multi-tenant framework is proposed to model the service of customer requests in a cloud infrastructure composed of heterogeneous virtual machines. Two cloud service performance metrics are mathematically characterized, namely the percentile and the mean of the stochastic response time of a customer request, in closed form. Based upon the proposed multi-tenant framework, a workload allocation algorithm, termed maxmin- cloud algorithm, is then devised to optimize the performance of the cloud service. A rigorous optimality proof of the max-min-cloud algorithm is also given. Furthermore, the resource-provisioning problem in the cloud is also studied in light of the max-min-cloud algorithm. In particular, an efficient resource-provisioning strategy is proposed for serving dynamically arriving customer requests. These findings can be used by businesses to build a better understanding of how much virtual resource in the cloud they may need to meet customers’ expectations subject to cost constraints.
IEEE 2017: Cost Minimization Algorithms for Data Center Management
IEEE 2017 Networking
Abstract: Due to the increasing usage of cloud computing applications, it is important to minimize energy cost consumed by a data center, and simultaneously, to improve quality of service via data center management. One promising approach is to switch some servers in a data center to the idle mode for saving energy while to keep a suitable number of servers in the active mode for providing timely service. In this paper, we design both online and offline algorithms for this problem. For the offline algorithm, we formulate data center management as a cost minimization problem by considering energy cost, delay cost (to measure service quality), and switching cost (to change servers’s active/idle mode). Then, we analyze certain properties of an optimal solution which lead to a dynamic programming based algorithm. Moreover, by revising the solution procedure, we successfully eliminate the recursive procedure and achieve an optimal offline algorithm with a polynomial complexity. For the online algorithm, We design it by considering the worst case scenario for future workload. In simulation, we show this online algorithm can always provide near-optimal solutions.
IEEE 2017: Multi-party secret key agreement over state-dependent wireless broadcast channels
IEEE 2016 Networking
Abstract: We consider a group of m trusted and authenticated nodes that aim to create a shared secret key K over a wireless channel in the presence of an eavesdropper Eve. We assume that there exists a state dependent wireless broadcast channel from one of the honest nodes to the rest of them including Eve. All of the trusted nodes can also discuss over a cost-free, noiseless and unlimited rate public channel which is also overheard by Eve. For this setup, we develop an information-theoretically secure secret key agreement protocol. We show the optimality of this protocol for “linear deterministic” wireless broadcast channels. This model generalizes the packet erasure model studied in literature for wireless broadcast channels. Here, the main idea is to convert a deterministic channel to multiple independent erasure channels by using superposition coding. For “state-dependent Gaussian” wireless broadcast channels, by using insights from the deterministic problem, we propose an achievability scheme based on a multi-layer wiretap code. By using the wiretap code, we can mimic the phenomenon of converting the wireless channel to multiple independent erasure channels. Then, finding the best achievable secret key generation rate leads to solving a non-convex power allocation problem over these channels (layers). We show that using a dynamic programming algorithm, one can obtain the best power allocation for this problem. Moreover, we prove the optimality of the proposed achievability scheme for the regime of high-SNR and large-dynamic range over the channel states in the (generalized) degrees of freedom sense.
IEEE 2016: Modified AODV Routing Protocol to Improve Security and Performance against Black Hole Attack
IEEE 2016 :An Enhanced Available Bandwidth Estimation Technique for an End-to-End Network Path
IEEE 2016 Networking
Abstract—This paper presents a unique probing scheme, a rate adjustment algorithm, and a modified excursion detection algorithm (EDA) for estimating the available bandwidth (ABW) of an end-to-end network path more accurately and less intrusively. The proposed algorithm is based on the well known concept of self-induced congestion and it features a unique probing train structure in which there is a region where packets are sampled more frequently than in other regions. This high-density region enables our algorithm to find the turning point more accurately. When the dynamic ABW is outside of this region, we readjust the lower rate and upper rate of the packet stream to fit the dynamic ABW into that region. We appropriately adjust the range between the lower rate and the upper rate using spread factors, which enables us to keep the number of packets low and we are thus able to measure the ABW less intrusively. Finally, to detect the ABW from the one-way queuing delay, we present a modified EDA from PathChirps’ original EDA to better deal with sudden increase and decrease in queuing delays due to cross traffic burstiness. For the experiments, an Android OS-based device was used to measure the ABW over a commercial 4G/LTE mobile network of a Japanese mobile operator, as well as real testbed measurements were conducted over fixed and WLAN network. Simulations and experimental results show that our algorithm can achieve ABW estimations in real time and outperforms other stat-of-the-art measurement algorithms in terms of accuracy, intrusiveness, and convergence time.
IEEE 2016 : STAMP: Enabling Privacy-Preserving Location Proofs for Mobile Users
IEEE 2016 Networking
Abstract—Location-based services are quickly becoming immensely popular. In addition to services based on users' current location, many potential services rely on users' location history, or their spatial-temporal provenance. Malicious users may lie about their spatial-temporal provenance without a carefully designed security system for users to prove their past locations. In this paper, we present the Spatial-Temporal provenance Assurance with Mutual Proofs (STAMP) scheme. STAMP is designed for ad-hoc mobile users generating location proofs for each other in a distributed setting. However, it can easily accommodate trusted mobile users and wireless access points. STAMP ensures the integrity and non-transferability of the location proofs and protects users' privacy. A semi-trusted Certification Authority is used to distribute cryptographic keys as well as guard users against collusion by a light-weight entropy-based trust evaluation approach. Our prototype implementation on the Android platform shows that STAMP is low-cost in terms of computational and storage resources. Extensive simulation experiments show that our entropy-based trust model is able to achieve high collusion detection accuracy.
IEEE 2016 : FRAppE: Detecting Malicious Facebook Applications
IEEE 2016 Networking
Abstract—With 20 million installs a day [1], third-party apps are a major reason for the popularity and addictiveness of Facebook. Unfortunately, hackers have realized the potential of using apps for spreading malware and spam. The problem is already significant, as we find that at least 13% of apps in our dataset are malicious. So far, the research community has focused on detecting malicious posts and campaigns.In this paper, we ask the question: given a Facebook application,can we determine if it is malicious? Our key contribution is in developing FRAppE—Facebook’s Rigorous Application Evaluator—arguably the first tool focused on detecting malicious apps on Facebook. To develop FRAppE, we use information gathered by observing the posting behavior of 111K Facebook apps seen across 2.2 million users on Facebook. First, we identify a set of features that help us distinguish malicious apps from benign ones. For example, we find that malicious apps often share names with other apps, and they typically request fewer permissions than benign apps. Second, leveraging these distinguishing features, we show that FRAppE can detect malicious apps with 99.5% accuracy, with no false positives and a low false negative rate (4.1%). Finally, we explore the ecosystem of malicious Facebook apps and identify mechanisms that these apps use to propagate. Interestingly, we find that many apps collude and support each other; in our dataset, we find 1,584 apps enabling the viral propagation of 3,723 other apps through their posts. Long-term, we see FRAppE as a step towards creating an independent watchdog for app assessment and ranking, so as to warn Facebook users before installing apps.
IEEE 2016: Toward Optimum Crowdsensing Coverage With Guaranteed Performance
IEEE 2016 Networking
IEEE 2016: PRISM: PRivacy-aware Interest Sharing and Matching in Mobile Social Networks
IEEE 2016 Networking
IEEE 2016: JOKER: A Novel Opportunistic Routing Protocol
IEEE 2016 Networking
Abstract—The increase in multimedia services has put energy saving on the top of current demands for mobile devices. Unfortunately, batteries’ lifetime has not been as extended as it would be desirable. For that reason, reducing energy consumption in every task performed by these devices is crucial. In this work, a novel opportunistic routing protocol, called JOKER, is introduced. This proposal presents novelties in both the candidate selection and coordination phases, which permit increasing the performance of the network supporting multimedia traffic as well as enhancing the nodes’ energy efficiency. JOKER is compared in different-nature test-benches with BATMAN routing protocol, showing its superiority in supporting a demanding service such as video-streaming in terms of QoE, while achieving a power draining reduction in routing tasks.
IEEE 2016 : Software Defined Networking with Pseudonym Systems for Secure Vehicular Clouds
IEEE 2016 Networking
Abstract: The vehicular cloud is a promising new paradigm where vehicular networking and mobile cloud computing are elaborately integrated to enhance the quality of vehicular information services. Pseudonym is a resource for vehicles to protect their location privacy, which should be efficiently utilized to secure vehicular clouds. However, only a few existing architectures of pseudonym systems take flexibility and efficiency into consideration, thus leading to potential threats to location privacy. In this paper, we exploit software-defined networking technology to significantly extend the flexibility and programmability for pseudonym management in vehicular clouds. We propose a software-defined pseudonym system where the distributed pseudonym pools are promptly scheduled and elastically managed in a hierarchical manner. In order to decrease the system overhead due to the cost of inter-pool communications, we leverage the two-sided matching theory to formulate and solve the pseudonym resource scheduling.We conducted extensive simulations based on the real map of San Francisco. Numerical results indicate that the proposed software-defined pseudonym system significantly improves the pseudonym resource utilization, and meanwhile, effectively enhances the vehicles’ location privacy by raising their entropy.
IEEE 2016 : An Enhanced Available Bandwidth Estimation Technique for an End-to-End Network Path
IEEE 2016 Networking
IEEE 2016 Networking
Abstract: This paper presents a unique probing scheme, a rate adjustment algorithm, and a modified excursion detection algorithm (EDA) for estimating the available bandwidth (ABW) of an end-to-end network path more accurately and less intrusively. The proposed algorithm is based on the well known concept of self-induced congestion and it features a unique probing train structure in which there is a region where packets are sampled more frequently than in other regions. This high-density region enables our algorithm to find the turning point more accurately. When the dynamic ABW is outside of this region, we readjust the lower rate and upper rate of the packet stream to fit the dynamic ABW into that region.We appropriately adjust the range between the lower rate and the upper rate using spread factors, which enables us to keep the number of packets low and we are thus able to measure the ABW less intrusively. Finally, to detect the ABW from the one-way queuing delay, we present a modified EDA from PathChirps’ original EDA to better deal with sudden increase and decrease in queuing delays due to cross traffic burstiness. For the experiments, an Android OS-based device was used to measure the ABW over a commercial 4G/LTE mobile network of a Japanese mobile operator, as well as real testbed measurements were conducted over fixed and WLAN network. Simulations and experimental results show that our algorithm can achieve ABW estimations in real time and outperforms other stat-of-the-art measurement algorithms in terms of accuracy, intrusiveness, and convergence time.
Abstract: A common functionality of many location-based social networking applications is a location sharing service that allows a group of friends to share their locations. With a potentially untrusted server, such a location sharing service may threaten the privacy of users. Existing solutions for Privacy-Preserving Location Sharing Services (PPLSS) require a trusted third party that has access to the exact location of all users in the system or rely on expensive algorithms or protocols in terms of computational or communication overhead. Other solutions can only provide approximate query answers. To overcome these limitations, we propose a new encryption notion, called Order-Retrievable Encryption (ORE), for PPLSS for social networking applications. The distinguishing characteristics of our PPLSS are that it (1) allows a group of friends to share their exact locations without the need of any third party or leaking any location information to any server or users outside the group, (2) achieves low computational and communication cost by allowing users to receive the exact location of their friends without requiring any direct communication between users or multiple rounds of communication between a user and a server, (3) provides efficient query processing by designing an index structure for our ORE scheme, (4) supports dynamic location updates, and (5) provides personalized privacy protection within a group of friends by specifying a maximum distance where a user is willing to be located by his/her friends. Experimental results show that the computational and communication cost of our PPLSS is much better than the state-of-the-art solution.
IEEE 2015 : Cost-Aware SEcure Routing (CASER) Protocol Design for
Wireless Sensor Networks
IEEE 2015 Transactions
on Networkings
Abstract— Lifetime optimization and security are two
conflicting design issues for multi-hop wireless sensor networks (WSNs) with
non-replenishable energy resources. In this paper, we first propose a novel
secure and efficient Cost-Aware SEcure Routing (CASER) protocol to address
these two conflicting issues through two adjustable parameters: energy balance
control (EBC) and probabilistic based random walking. We then discover that the
energy consumption is severely disproportional to the uniform energy deployment
for the given network topology, which greatly reduces the lifetime of the
sensor networks. To solve this problem, we propose an efficient non-uniform
energy deployment strategy to optimize the lifetime and message delivery ratio
under the same energy resource and security requirement. We also provide a
quantitative security analysis on the proposed routing protocol. Our
theoretical analysis and OPNET simulation results demonstrate that the proposed
CASER protocol can provide an excellent tradeoff between routing efficiency and
energy balance, and can significantly extend the lifetime of the sensor
networks in all scenarios. For the non-uniform energy deployment, our analysis
shows that we can increase the lifetime and the total number of messages that
can be delivered by more than four times under the same assumption. We also
demonstrate that the proposed CASER protocol can achieve a high message
delivery ratio while preventing routing trace back attacks.
IEEE 2015 Transactions on Networking
Abstract—Nowadays, the maintenance costs of wireless devices represent one of the
main limitations to the deployment of wireless mesh networks (WMNs) as a means
to provide Internet access in urban and rural areas. A promising solution to
this issue is to let the WMN operator lease its available bandwidth to a subset
of customers, forming a wireless mesh community network, in order to
increase network coverage and the number of residential users it can serve.
In this paper, we propose and analyze an innovative marketplace to
allocate the available bandwidth of a WMN operator to those customers who are
willing to pay the higher price for the requested bandwidth, which in turn can
be subleased to other residential users. We formulate the allocation mechanism
as a combinatorial truthful auction considering the key features of wireless
multihop networks and further present a greedy algorithm that finds efficient
and fair allocations even for large-scale, real scenarios while maintaining the
truthfulness property. Numerical results show that the greedy algorithm
represents an efficient, fair, and practical alternative to the combinatorial
auction mechanism.
IEEE 2015 Transactions on Networking
Abstract— Neighbor discovery is one of the first steps in configuring and managing
a wireless network. Most existing studies on neighbor discovery assume a
single-packet reception model where only a single packet can be received
successfully at a receiver. In this paper, motivated by the increasing
prevalence of multi packet reception (MPR) technologies such as CDMA and MIMO,
we study neighbor discovery in MPR networks that allow multiple packets to be
received successfully at a receiver. More specifically, we design and analyze a
series of randomized algorithms for neighbor discovery in MPR networks. We
start with a simple Aloha-like algorithm that assumes synchronous node
transmissions and the number of neighbors, n, is known. We show that the time
for all the nodes to discover their respective neighbors is Θ(ln n) in an
idealized MPR network that allows an arbitrary number of nodes to transmit
simultaneously. In a more realistic scenario, in which no more than k nodes can
transmit simultaneously, we show that the time to discover all neighbors is Θ(n
ln n k ). When a node knows whether its transmission is successful or not
(e.g., based on feedbacks from other nodes), we design an adaptive
Aloha-like algorithm that dynamically determines the transmission probability
for each node, and show that it yields a ln n improvement over the simple
Aloha-like scheme. Last, we extend our schemes to take into account a number of
practical considerations, such as lack of knowledge of the number of neighbors
and asynchronous algorithm operation, while resulting in only a constant or log
n factor slowdown in algorithm performance.
IEEE 2015 Transactions on Networking
Abstract— Due to the broadcast nature of radio propagation, the wireless
transmission can be readily overheard by unauthorized users for interception
purposes and is thus highly vulnerable to eavesdropping attacks. To this end,
physical-layer security is emerging as a promising paradigm to protect the
wireless communications against eavesdropping attacks by exploiting the
physical characteristics of wireless channels. This article is focused on the
investigation of diversity techniques to improve the physical layer security,
differing from the conventional artificial noise generation and beam forming
techniques which typically consume additional power for generating artificial
noise and exhibit high implementation complexity for beam former design. We
present several diversity approaches to improve the wireless physical-layer
security, including the multiple-input multiple-output (MIMO), multiuser
diversity, and cooperative diversity. To illustrate the security improvement
through diversity, we propose a case study of exploiting cooperative relays to
assist the signal transmission from source to destination while defending
against eavesdropping attacks. We evaluate the security performance of
cooperative relay transmission in Rayleigh fading environments in terms of
secrecy capacity and intercept probability. It is shown that as the number of
relays increases, the secrecy capacity and intercept probability of the
cooperative relay transmission both improve significantly, implying the
advantage of exploiting cooperative diversity to improve the physical-layer
security against eavesdropping attacks.
IEEE 2015
Transactions on Networking
Abstract— Cloud
computing is emerging as a prevalent data interactive paradigm to realize
users’ data remotely stored in an online cloud server. Cloud services provide
great conveniences for the users to enjoy the on-demand cloud applications
without considering the local infrastructure limitations. During the data
accessing, different users may be in a collaborative relationship, and thus
data sharing becomes significant to achieve productive benefits. The existing
security solutions mainly focus on the authentication to realize that a user’s
privative data cannot be unauthorized accessed, but neglect a subtle privacy
issue during a user challenging the cloud server to request other users for
data sharing. The challenged access request itself may reveal the user’s privacy
no matter whether or not it can obtain the data access permissions. In this
paper, we propose a shared authority based privacy-preserving authentication
protocol (SAPA) to address above privacy issue for cloud storage. In the SAPA,
1) shared access authority is achieved by anonymous access request matching
mechanism with security and privacy considerations (e.g., authentication, data
anonymity, user privacy, and forward security); 2) attribute based access
control is adopted to realize that the user can only access its own data
fields; 3) proxy re-encryption is applied by the cloud server to provide data
sharing among the multiple users. Meanwhile, universal compos ability (UC)
model is established to prove that the SAPA theoretically has the design correctness.
It indicates that the proposed protocol realizing privacy-preserving data
access authority sharing, is attractive for multi-user collaborative cloud
applications.
IEEE 2015 Transactions on Networking
Abstract— This paper considers the problem of routing packets across a multi-hop
network consisting of multiple sources of traffic and wireless links with
stochastic reliability while ensuring bounded expected delay. Each
packet transmission can be overheard by a random subset of receiver nodes
among which the next relay/router is selected opportunistically. The main
challenge in the design of minimum-delay routing policies is balancing the
tradeoff between routing the packets along the shortest paths to the
destination and controlling the congestion and distributing traffic uniformly
across the network. Simple opportunistic variants of shortest path routing may,
under heavy traffic scenarios, result in severe congestion and unbounded delay.
While the opportunistic variants of backpressure, which ensure a bounded
expected delay, are known to
exhibit extremely poor delay performance at low to medium traffic conditions.
Combining important aspects of shortest path routing with those of backpressure
routing, this paper provides an opportunistic routing policy with congestion
diversity (ORCD). ORCD uses a measure of draining time to opportunistically
identify and route packets along the paths with an expected low overall
congestion. Using a novel Lyapunov function construction, ORCD is proved to
ensure a bounded expected delay for all networks and under any admissible
traffic (without any knowledge of traffic statistics). Furthermore, the
expected delay encountered by the packets in the network under ORCD is compared
against known existing routing policies via simulations and substantial
improvements are observed. Finally, the paper proposes practical
implementations and discusses criticality of various assumptions in the
analysis.
IEEE 2015 Transactions on Networking
Abstract— This paper presents CSPR, a compressive sensing based approach for path reconstruction in wireless
sensor networks. By viewing the whole network as a path representation space,
an arbitrary routing path can be represented by a path vector in the space. As
path length is usually much smaller than the network size, such path vectors
are sparse, i.e., the majority of elements are zeros. By encoding sparse path
representation into packets, the path vector (and thus the represented path)
can be recovered from a small amount of packets using compressive sensing
technique. CSPR formalizes the sparse path representation and enables
accurate and efficient per-packet path reconstruction. CSPR is invulnerable to
network dynamics and lossy links due to its distinct design. A set of
optimization techniques are further proposed to improve the design. We evaluate
CSPR in both testbed-based experiments and large scale trace-driven
simulations. Evaluation results show that CSPR achieves high path recovery
accuracy (i.e., 100% and 96% in experiments and simulations, respectively), and
outperforms the state-of the- art approaches in various network settings.
IEEE 2015 Transactions on Networking
Abstract— K-anonymity has been used to protect location privacy for location
monitoring services in wireless sensor networks (WSNs), where sensor nodes work
together to report k-anonymized aggregate locations to a server. Each
k-anonymized aggregate location is a cloaked area that contains at least k
persons. However, we identify an attack model to show that overlapping
aggregate locations still pose privacy risks because an adversary can infer
some overlapping areas with less than k persons that violates the k-anonymity
privacy requirement. In this paper, we propose a reciprocal protocol for
location privacy (REAL) in WSNs.
In REAL, sensor nodes are required to autonomously organize their sensing areas
into a set of non-overlapping and highly accurate k-anonymized aggregate
locations. To confront the three key challenges in REAL, namely,
self-organization, reciprocity property and high accuracy, we design a state
transition process, a locking mechanism and a time delay mechanism,
respectively. We compare the performance of REAL with current protocols through
simulated experiments. The results show that REAL protects location privacy,
provides more accurate query answers, and reduces communication and
computational costs.
IEEE 2015 Transactions on Networking
Abstract— Real-time path planning can efficiently relieve traffic congestion in
urban scenarios. However, how to design an efficient path planning algorithm to
achieve a globally optimal vehicle traffic control still remains a challenging
problem, especially when we take drivers’ individual preferences into
consideration. In this paper, we first establish a hybrid intelligent
transportation system (ITS), i.e., a hybrid-VANET-enhanced ITS, which utilizes
both vehicular ad hoc networks (VANETs) and cellular systems of the public
transportation system to enable real-time communications among vehicles,
road-side units (RSUs), and a vehicle-traffic server in an efficient way. Then,
we propose a real-time path planning algorithm, which not only improves the
overall spatial utilization of a road network but also reduces average vehicle
travel cost for avoiding vehicles from getting stuck in congestion. Stochastic
Lyapunov optimization technique is exploited to address the globally optimal
path planning problem. Finally, the transmission delay of the hybrid VANET
enhanced ITS is evaluated in VISSIM to show the timeliness of the proposed
communication framework. Besides, system-level simulations conducted in Java
demonstrate that the proposed path planning algorithm outperforms the
traditional distributed path planning in terms of balancing the spatial
utilization and drivers’ travel cost.
IEEE 2015 : Secure
Data Aggregation Technique for Wireless Sensor Networks in the Presence of
Collusion Attacks
IEEE 2015 Transactions on Networking
Abstract— At present, due to limited computational power and energy resources of
sensor nodes, aggregation of data from multiple sensor nodes done at the
aggregating node is usually accomplished by simple methods such as averaging.
However, such aggregation has been known to be highly vulnerable to node
compromising attacks. Since WSN are usually unattended and without tamper resistant
hardware, they are highly susceptible to such attacks. Thus, ascertaining
trust- worthiness of data and reputation of sensor nodes has become crucially
important for WSN. As the performance of very low power processors dramatically
improves and their cost is drastically reduced, future aggregator nodes will be
capable of performing more sophisticated data aggregation algorithms, which
will make WSN less vulnerable to severe impact of compromised nodes.
Iterative filtering algorithms hold great promise for such a purpose.
Such algorithms simultaneously aggregate data from multiple sources and provide
trust assessment of these sources, usually in a form of corresponding weight
factors assigned to data provided by each source. In this paper we demonstrate
that a number of existing iterative filtering algorithms, while significantly
more robust against collusion attacks than the simple averaging methods, are
nevertheless susceptive to a novel sophisticated collusion attack we introduce.
To address this security issue, we propose an improvement for iterative
filtering techniques by providing an initial approximation for such algorithms
which makes them not only collusion robust, but also more accurate and faster
converging. We believe that so modified iterative filtering algorithms have a
great potential for deployment in the future WSN.
IEEE 2015 Transactions on Networking
Abstract— Security and energy efficiency are the most important concerns in
wireless sensor networks (WSNs) design. To save the power and extend the
lifetime of WSNs, various media access control (MAC) protocols are proposed.
Most traditional security solutions can not be applied in the WSNs due to the
limitation of power supply. The well-known security mechanisms usually awake
the sensor nodes before the sensor nodes can execute the security processes.
However, the Denial-of-Sleep attacks can exhaust the energy of sensor nodes and
shorten the lifetime of WSNs rapidly. Therefore, the existing designs of MAC
protocol are insufficient to protect the WSNs from Denial-of-Sleep attack in
MAC layer. The practical design is to simplify the authenticating process in
order to enhance the performance of the MAC protocol in countering the power
exhausting attacks. This paper proposes a cross-layer design of securescheme
integrating the MAC protocol. The analyses show that the proposed scheme can
counter the replay attack and forge attack in an energy-efficient way.
IEEE 2015 Transactions on Networking
Abstract— We address the problem of jamming-resistant broadcast
communications under an internal threat model. We propose a time delayed broadcast
scheme (TDBS), which implements the broadcast operation as a series of unicast
transmissions distributed in frequency and time. TDBS does not rely on commonly
shared secrets, or the existence of jamming-immune control channels for
coordinating broadcasts. Instead, each node follows a unique pseudo-noise (PN)
frequency hopping sequence. Contrary to conventional PN sequences designed for
multi-access systems, the PN sequences in TDBS exhibit correlation to enable
broadcast. Moreover, they are designed to limit the information leakage due to
the exposure of a subset of sequences by compromised nodes. We map the problem
of constructing such PN sequences to the 1-factorization problem for complete
graphs. We further accommodate dynamic broadcast groups by mapping the problem
of updating the assigned PN sequences to the problem of constructing
rainbow paths in proper edge-colored graphs.
IEEE 2015 : Secure Data Aggregation Technique for Wireless Sensor Networks in the Presence of Collusion Attacks
IEEE:2014 An Optimal Distributed Malware Defense System for Mobile
Networks with Heterogeneous Devices
IEEE 2014 Transactions
on Mobile Computing
Abstract— As malware
attacks become more frequent in mobile networks, deploying an efficient defense
system to protect against infection and to help the infected nodes to recover
is important to Contain serious spreading and outbreaks. The technical
challenges are that mobile devices are heterogeneous in terms of operating
systems, and the malware can infect the targeted system in any opportunistic
fashion via local and global connectivity, while the to-be-deployed defense
system on the other hand would be usually resource limited. In this paper, we
investigate the problem of optimal distribution of content-based signatures of
malware to minimize the number of infected nodes, which can help to detect the
corresponding malware and to disable further propagation. We model the defense
system with realistic assumptions addressing all the above challenges, which
have not been addressed in previous analytical work. Based on the proposed
framework of optimizing the system welfare utility through the signature
allocation, we provide an encounter-based distributed algorithm based on
Metropolis sampler. Through extensive simulations with both synthetic and real
mobility traces, we show that the distributed algorithm achieves the optimal
solution, and performs efficiently in realistic environments.
IEEE 2014:
Behavioral Detection and Containment of Proximity Malware in Delay Tolerant
Networks
IEEE 2014
Transactions on Parallel and Distributed Systems
Abstract—with the
universal presence of short-range connectivity technologies (e.g., Bluetooth
and, more recently, Wi-Fi Direct) in the consumer electronics market, the delay
tolerant-network (DTN) model is becoming a viable alternative to the
traditional infrastructural model. Proximity malware, Which exploits the
temporal dimension and distributed nature of DTNs in self-propagation, poses
threats to users of new technologies? In this paper, we address the proximity
malware detection and containment problem with explicit consideration for the
unique characteristics of DTNs. We formulate the malware detection process as a
decision problem under a general behavioral malware characterization framework.
We analyze the risk associated with the decision problem and design a simple
yet effective malware containment strategy, look-ahead, which is distributed by
nature and reflects an individual node’s intrinsic trade-off between staying
connected (with other nodes) and staying safe (from malware). Furthermore, we
consider the benefits of sharing assessments among directly connected nodes and
address the challenges derived from the DTN model to such sharing in the
presence of liars (i.e., malicious nodes sharing false assessments) and
defectors (i.e., good nodes that have turned malicious due to malware
infection).
IEEE 2014 Transactions on Parallel and Distributed
Systems
Abstract—Delay tolerant networks (DTNs)
are characterized by high end-to-end latency, frequent disconnection, and
opportunistic communication over unreliable wireless links. In this paper, we
design and validate a dynamic trust management protocol for secure routing
optimization in DTN environments in the presence of well-behaved, selfish and
malicious nodes. We develop a novel model-based methodology for the analysis of
our trust protocol and validate it via extensive simulation. Moreover, we
address dynamic trust management, i.e., determining and applying the best
operational settings at runtime in response to dynamically changing network
conditions to minimize trust bias and to maximize the routing application
performance. We perform a comparative analysis of our proposed routing protocol
against Bayesian trust-based and non-trust based (PROPHET and epidemic) routing
protocols. The results demonstrate that our protocol is able to deal with
selfish behaviors and is resilient against trust-related attacks. Furthermore,
our trust-based routing protocol can effectively trade off message overhead and
message delay for a significant gain in delivery ratio. Our trust-based routing
protocol operating under identified best settings outperforms Bayesian
trust-based routing and PROPHET, and approaches the ideal performance of epidemic
routing in delivery ratio and message delay without incurring high message or
protocol maintenance overhead.
E-MACs: Towards More Secure and More Efficient Constructions of
Secure Channels
IEEE 2014 Transactions on Computer
Abstract—In cryptography, secure channels enable the confidential
and authenticated message exchange between authorized users. A generic approach
of constructing such channels is by combining an encryption primitive with an
authentication primitive (MAC). In this work, we introduce the design of a new
cryptographic primitive to be used in the construction of secure channels.
Instead of using general purpose MACs, we propose the deployment of special
purpose MACs, named E-MACs. The main motivation behind this work is the observation
that, since the message must be both encrypted and authenticated, there might
be some redundancy in the computations performed by the two primitives.
Therefore, removing such redundancy can improve the efficiency of the overall
composition. Moreover, computations performed by the encryption algorithm can
be further utilized to improve the security of the authentication algorithm. In
particular, we will show how E-MACs can be designed to reduce the amount of
computation required by standard MACs based on universal hash functions, and
show how E-MACs can be secured against key-recovery attacks.
Optimal Multicast Capacity and Delay Tradeoffs in MANETs
IEEE 2014 Transactions on Mobile Computing
Abstract—In this paper, we give a global perspective of multicast
capacity and delay analysis in Mobile Ad Hoc Networks (MANETs). Specifically,
we consider four node mobility models: (1) two-dimensional i.i.d. mobility, (2)
two-dimensional hybrid random walk, (3) one-dimensional i.i.d. mobility, and
(4) one-dimensional hybrid random walk. Two mobility time-scales are
investigated in this paper: (i) Fast mobility where node mobility is at the
same time-scale as data transmissions; (ii) Slow mobility where node mobility
is assumed to occur at a much slower time-scale than data transmissions. Given
a delay constraint D, we first characterize the optimal multicast capacity for
each of the eight types of mobility models, and then we develop a scheme that
can achieve a capacity-delay tradeoff close to the upper bound up to a
logarithmic factor. In addition, we also study heterogeneous networks with
infrastructure support.
STARS: A Statistical Traffic Pattern Discovery System for Anonymous
MANET communications
IEEE 2014 Transactions on
Dependable and Secure Computing
Abstract—Anonymous MANET routing relies on techniques such as
re-encryption on each hop to hide end-to-end communication relations. However,
passive signal detectors and traffic analyzers can still retrieve sensitive
information from PHY and MAC layers to derive end-to-end communication
relations through statistical traffic analysis. In this paper, we propose a
Statistical Traffic pattern discovery System (STARS) based on Eigen analysis
which can greatly improve the accuracy to derive traffic patterns in MANETs. A
STAR intends to find out the sources and destinations of captured packets and
to discover the end-to-end communication relations. The proposed approach is
purely passive. It does not require analyzers to be actively involved in MANET
transmissions and to possess encryption keys to decrypt traffic. We present
theoretical models as well as extensive simulations to demonstrate our
solutions.
IEEE 2013: Security Analysis of a Single Sign-On
Mechanism for Distributed Computer Networks
IEEE 2013 Transactions
on Industrial Informatics
Abstract—Single sign-on (SSO) is a new authentication mechanism
that enables a legal user with a single credential to be authenticated by
multiple service providers in a distributed computer network. Recently, Chang
and Lee proposed a new SSO scheme and claimed its security by providing
well-organized security arguments. In this paper, however, we demonstrative
that their scheme is actually insecure as it fail to meet credential privacy
and soundness of authentication. Specifically, we present two Impersonation
attacks. The first attack allows a malicious service provider, who has
successfully communicated with a legal user twice, to recover the user’s
credential and then to impersonate the user to access resources and services
offered by other service providers. In another attack, an outsider without any
credential may be able to enjoy network services freely by impersonating any
legal user or a nonexistent user. We identify the flaws in their security
arguments to explain why attacks are possible against their SSO scheme. Our
attacks also apply to another SSO scheme proposed by Hsu and Chuang, which
inspired the design of the Chang–Lee scheme. Moreover, by employing an
efficient verifiable encryption of RSA signatures proposed by Ateniese, we
propose an improvement for repairing the Chang–Lee scheme. We promote the
formal study of the soundness of authentication as one open problem.
IEEE 2013: Vampire Attacks:
Draining Life from Wireless Ad Hoc Sensor Networks s
IEEE 2013 Transactions on Mobile
Computing
Abstract—Ad hoc
low-power wireless networks are an exciting research direction in sensing and
pervasive computing. Prior security work in this area has focused primarily on
denial of communication at the routing or medium access control levels. This
paper explores resource depletion attacks at the routing protocol layer, which
permanently disable networks by quickly draining nodes’ battery power. These
“Vampire” attacks are not specific to any specific protocol, but rather rely on
the properties of many popular classes of routing protocols. We find that all
examined protocols are susceptible to Vampire attacks, which are devastating,
difficult to detect, and are easy to carry out using as few as one malicious
insider sending only protocol-compliant messages. In the worst case, a single
Vampire can increase network-wide energy usage by a factor of OðNÞ, where N in
the number of network nodes. We discuss methods to mitigate these types of
attacks, including a new proof-of-concept protocol that provably bounds the
damage caused by Vampires during the packet forwarding phase.
IEEE 2013 Transactions on Mobile
Computing
Abstract—Ad hoc
low-power wireless networks are an exciting research direction in sensing and
pervasive computing. Prior security work in this area has focused primarily on
denial of communication at the routing or medium access control levels. This
paper explores resource depletion attacks at the routing protocol layer, which
permanently disable networks by quickly draining nodes’ battery power. These
“Vampire” attacks are not specific to any specific protocol, but rather rely on
the properties of many popular classes of routing protocols. We find that all
examined protocols are susceptible to Vampire attacks, which are devastating,
difficult to detect, and are easy to carry out using as few as one malicious
insider sending only protocol-compliant messages. In the worst case, a single
Vampire can increase network-wide energy usage by a factor of OðNÞ, where N in
the number of network nodes. We discuss methods to mitigate these types of
attacks, including a new proof-of-concept protocol that provably bounds the
damage caused by Vampires during the packet forwarding phase.
IEEE 2013: Virtually Transparent Epidermal Imagery
(VTEI): On New Approaches to In Vivo Wireless High-Definition Video and Image
Processing
IEEE Transactions on
Parallel and Distributed Systems
Abstract—This work first overviews a
novel design, and prototype implementation, of a virtually transparent
epidermal imagery (VTEI) system for laparo-endoscopic single-site (LESS)
surgery. The system uses a network of multiple, micro-cameras and multiview
mosaic king to obtain a panoramic view of the surgery area. The prototype VTEI
system also projects the generated panoramic view on the abdomen area to create
a transparent display effect that mimics equivalent, but higher risk,
open-cavity surgeries. The specific research focus of this paper is on two
important aspects of a VTEI system: in vivo wireless high-definition (HD)
video transmission and multi-image processing—both of which play key roles in
next-generation systems. For transmission and reception, this paper proposes a
theoretical wireless communication scheme for high-definition video in
situations that require extremely small-footprint image sensors and in
zero-latency applications. In such situations the typical optimized metrics in communication
schemes, such as power and data rate, are far less important than latency and
hardware footprint that absolutely preclude their use if not satisfied. This
work proposes the use of a novel Frequency-Modulated Voltage-Division
Multiplexing (FM-VDM) scheme where sensor data is kept analog and transmitted
via “voltage-multiplexed” signals that are also frequency-modulated. Once
images are received, a novel Homographic Image Mosaicking and Morphing (HIMM)
algorithm is proposed to stitch images from respective cameras that also
compensates for irregular surfaces in real-time, into a single cohesive view of the surgical
area. In VTEI, this view is then visible to the surgeon directly on the patient
to give an “open cavity” feel to laparoscopic procedures.
No comments:
Post a Comment