Biblio

In the era of big data, many users and companies start to move their data to cloud storage to simplify data management and reduce data maintenance cost. However, security and privacy issues become major concerns because third-party cloud service providers are not always trusty. Although data contents can be protected by encryption, the access patterns that contain important information are still exposed to clouds or malicious attackers. In this paper, we apply the ORAM algorithm to enable privacy-preserving access to big data that are deployed in distributed file systems built upon hundreds or thousands of servers in a single or multiple geo-distributed cloud sites. Since the ORAM algorithm would lead to serious access load unbalance among storage servers, we study a data placement problem to achieve a load balanced storage system with improved availability and responsiveness. Due to the NP-hardness of this problem, we propose a low-complexity algorithm that can deal with large-scale problem size with respect to big data. Extensive simulations are conducted to show that our proposed algorithm finds results close to the optimal solution, and significantly outperforms a random data placement algorithm.
 

This paper addresses the minimum transmission broadcast (MTB) problem for the many-to-all scenario in wireless multihop networks and presents a network-coding broadcast protocol with priority-based deadlock prevention. Our main contributions are as follows: First, we relate the many-to-all-with-network-coding MTB problem to a maximum out-degree problem. The solution of the latter can serve as a lower bound for the number of transmissions. Second, we propose a distributed network-coding broadcast protocol, which constructs efficient broadcast trees and dictates nodes to transmit packets in a network coding manner. Besides, we present the priority-based deadlock prevention mechanism to avoid deadlocks. Simulation results confirm that compared with existing protocols in the literature and the performance bound we present, our proposed network-coding broadcast protocol performs very well in terms of the number of transmissions.

In order to strengthen network security and improve the network's active defense intrusion detection capabilities, this paper presented and established one active defense intrusion detection system which based on the mixed interactive honeypot. The system can help to reduce the false information, enhance the stability and security of the network. Testing and simulation experiments show that: the system improved active defense of the network's security, increase the honeypot decoy capability and strengthen the attack predictive ability. So it has better application and promotion value.
 

In adaptive processing applications, the design of the adaptive filter requires estimation of the unknown interference-plus-noise covariance matrix from secondary training data. The presence of outliers in the training data can severely degrade the performance of adaptive processing. By exploiting the sparse prior of the outliers, a Bayesian framework to develop a computationally efficient outlier-resistant adaptive filter based on sparse Bayesian learning (SBL) is proposed. The expectation-maximisation (EM) algorithm is used therein to obtain a maximum a posteriori (MAP) estimate of the interference-plus-noise covariance matrix. Numerical simulations demonstrate the superiority of the proposed method over existing methods.

Storage area networking is driving commodity data center switches to support lossless Ethernet (DCB). Unfortunately, to enable DCB for all traffic on arbitrary network topologies, we must address several problems that can arise in lossless networks, e.g., large buffering delays, unfairness, head of line blocking, and deadlock. We propose TCP-Bolt, a TCP variant that not only addresses the first three problems but reduces flow completion times by as much as 70%. We also introduce a simple, practical deadlock-free routing scheme that eliminates deadlock while achieving aggregate network throughput within 15% of ECMP routing. This small compromise in potential routing capacity is well worth the gains in flow completion time. We note that our results on deadlock-free routing are also of independent interest to the storage area networking community. Further, as our hardware testbed illustrates, these gains are achievable today, without hardware changes to switches or NICs.

Location privacy preservation has become an important issue in providing location based services (LBSs). When the mobile users report their locations to the LBS server or the third-party servers, they risk the leak of their location information if such servers are compromised. To address this issue, we propose a Location Privacy Preservation Scheme (LPPS) based on distributed cache pushing which is based on Markov Chain. The LPPS deploys distributed cache proxies in the most frequently visited areas to store the most popular location-related data and pushes them to mobile users passing by. In the way that the mobile users receive the popular location-related data from the cache proxies without reporting their real locations, the users' location privacy is well preserved, which is shown to achieve k-anonymity. Extensive experiments illustrate that the proposed LPPS achieve decent service coverage ratio and cache hit ratio with low communication overhead.
 

In wireless networks, spoofing attack is one of the most common and challenging attacks. Due to these attacks the overall network performance would be degraded. In this paper, a medoid based clustering approach has been proposed to detect a multiple spoofing attacks in wireless networks. In addition, a Enhanced Partitioning Around Medoid (EPAM) with average silhouette has been integrated with the clustering mechanism to detect a multiple spoofing attacks with a higher accuracy rate. Based on the proposed method, the received signal strength based clustering approach has been adopted for medoid clustering for detection of attacks. In order to prevent the multiple spoofing attacks, dynamic MAC address allocation scheme using MD5 hashing technique is implemented. The experimental results shows, the proposed method can detect spoofing attacks with high accuracy rate and prevent the attacks. Thus the overall network performance is improved with high accuracy rate.
 

The interaction between information technology and phys ical world makes Cyber-Physical Systems (CPS) vulnerable to malicious attacks beyond the standard cyber attacks. This has motivated the need for attack-resilient state estimation. Yet, the existing state-estimators are based on the non-realistic assumption that the exact system model is known. Consequently, in this work we present a method for state estimation in presence of attacks, for systems with noise and modeling errors. When the the estimated states are used by a state-based feedback controller, we show that the attacker cannot destabilize the system by exploiting the difference between the model used for the state estimation and the real physical dynamics of the system. Furthermore, we describe how implementation issues such as jitter, latency and synchronization errors can be mapped into parameters of the state estimation procedure that describe modeling errors, and provide a bound on the state-estimation error caused by modeling errors. This enables mapping control performance requirements into real-time (i.e., timing related) specifications imposed on the underlying platform. Finally, we illustrate and experimentally evaluate this approach on an unmanned ground vehicle case-study.
 

In modern parallel storage systems (e.g., cloud storage and data centers), it is important to provide data availability guarantees against disk (or storage node) failures via redundancy coding schemes. One coding scheme is X-code, which is double-fault tolerant while achieving the optimal update complexity. When a disk/node fails, recovery must be carried out to reduce the possibility of data unavailability. We propose an X-code-based optimal recovery scheme called minimum-disk-read-recovery (MDRR), which minimizes the number of disk reads for single-disk failure recovery. We make several contributions. First, we show that MDRR provides optimal single-disk failure recovery and reduces about 25 percent of disk reads compared to the conventional recovery approach. Second, we prove that any optimal recovery scheme for X-code cannot balance disk reads among different disks within a single stripe in general cases. Third, we propose an efficient logical encoding scheme that issues balanced disk read in a group of stripes for any recovery algorithm (including the MDRR scheme). Finally, we implement our proposed recovery schemes and conduct extensive testbed experiments in a networked storage system prototype. Experiments indicate that MDRR reduces around 20 percent of recovery time of the conventional approach, showing that our theoretical findings are applicable in practice.

The trusted network connection is a hot spot in trusted computing field and the trust measurement and access control technology are used to deal with network security threats in trusted network. But the trusted network connection lacks fine-grained states and real-time measurement support for the client and the authentication mechanism is difficult to apply in the trusted network connection, it is easy to cause the loss of identity privacy. In order to solve the above-described problems, this paper presents a trust measurement scheme suitable for clients in the trusted network, the scheme integrates the following attributes such as authentication mechanism, state measurement, and real-time state measurement and so on, and based on the authentication mechanism and the initial state measurement, the scheme uses the real-time state measurement as the core method to complete the trust measurement for the client. This scheme presented in this paper supports both static and dynamic measurements. Overall, the characteristics of this scheme such as fine granularity, dynamic, real-time state measurement make it possible to make more fine-grained security policy and therefore it overcomes inadequacies existing in the current trusted network connection.

Wireless information security generates shared secret keys from reciprocal channel dynamics. Current solutions are mostly based on temporal per-frame channel measurements of signal strength and suffer from low key generate rate (KGR), large budget in channel probing, and poor secrecy if a channel does not temporally vary significantly. This paper designs a cross-layer solution that measures noise-free per-symbol channel dynamics across both time and frequency domain and derives keys from the highly fine-grained per-symbol reciprocal channel measurements. This solution consists of merits that: (1) the persymbol granularity improves the volume of available uncorrelated channel measurements by orders of magnitude over per-frame granularity in conventional solutions and so does KGR; 2) the solution exploits subtle channel fluctuations in frequency domain that does not force users to move to incur enough temporal variations as conventional solutions require; and (3) it measures noise-free channel response that suppresses key bit disagreement between trusted users. As a result, in every aspect, the proposed solution improves the security performance by orders of magnitude over conventional solutions. The performance has been evaluated on both a GNU SDR testbed in practice and a local GNU Radio simulator. The cross-layer solution can generate a KGR of 24.07 bits per probing frame on testbed or 19 bits in simulation, although conventional optimal solutions only has a KGR of at most one or two bit per probing frame. It also has a low key bit disagreement ratio while maintaining a high entropy rate. The derived keys show strong independence with correlation coefficients mostly less than 0.05. Furthermore, it is empirically shown that any slight physical change, e.g. a small rotation of antenna, results in fundamentally different cross-layer frequency measurements, which implies the strong secrecy and high efficiency of the proposed solution.
 

Deadlock freedom is a key challenge in the design of communication networks. Wormhole switching is a popular switching technique, which is also prone to deadlocks. Deadlock analysis of routing functions is a manual and complex task. We propose an algorithm that automatically proves routing functions deadlock-free or outputs a minimal counter-example explaining the source of the deadlock. Our algorithm is the first to automatically check a necessary and sufficient condition for deadlock-free routing. We illustrate its efficiency in a complex adaptive routing function for torus topologies. Results are encouraging. Deciding deadlock freedom is co-NP-Complete for wormhole networks. Nevertheless, our tool proves a 13 × 13 torus deadlock-free within seconds. Finding minimal deadlocks is more difficult. Our tool needs four minutes to find a minimal deadlock in a 11 × 11 torus while it needs nine hours for a 12 × 12 network.

Nowadays, the design of a secure access authentication protocol in heterogeneous networks achieving seamless roaming across radio access technologies for mobile users (MUs) is a major technical challenge. This paper proposes a Distributed Anonymous Authentication (DAA) protocol to resolve the problems of heavy signaling overheads and long signaling delay when authentication is executed in a centralized manner. By applying MUs and point of attachments (PoAs) as group members, the adopted group signature algorithms provide identity verification directly without sharing secrets in advance, which significantly reduces signaling overheads. Moreover, MUs sign messages on behalf of the group, so that anonymity and unlinkability against PoAs are provided and thus privacy is preserved. Performance analysis confirm the advantages of DAA over existing solutions.

Effective Personalized Mobile Search Using KNN, implements an architecture to improve user's personalization effectiveness over large set of data maintaining security of the data. User preferences are gathered through clickthrough data. Clickthrough data obtained is sent to the server in encrypted form. Clickthrough data obtained is classified into content concepts and location concepts. To improve classification and minimize processing time, KNN(K Nearest Neighborhood) algorithm is used. Preferences identified(location and content) are merged to provide effective preferences to the user. System make use of four entropies to balance weight between content concepts and location concepts. System implements client server architecture. Role of client is to collect user queries and to maintain them in files for future reference. User preference privacy is ensured through privacy parameters and also through encryption techniques. Server is responsible to carry out the tasks like training, reranking of the search results obtained and the concept extraction. Experiments are carried out on Android based mobile. Results obtained through experiments show that system significantly gives improved results over previous algorithm for the large set of data maintaining security.

The inappropriate use of features intended to improve usability and interactivity of web applications has resulted in the emergence of various threats, including Cross-Site Scripting(XSS) attacks. In this work, we developed ETSS Detector, a generic and modular web vulnerability scanner that automatically analyzes web applications to find XSS vulnerabilities. ETSS Detector is able to identify and analyze all data entry points of the application and generate specific code injection tests for each one. The results shows that the correct filling of the input fields with only valid information ensures a better effectiveness of the tests, increasing the detection rate of XSS attacks.
 

The need to protect big data, particularly those relating to information security (IS) maintenance (ISM) of an enterprise's IT infrastructure, is shown. A worldwide experience of addressing big data ISM issues is briefly summarized and a big data protection problem statement is formulated. An infrastructure for big data ISM is proposed. New applications areas for big data IT after addressing ISM issues are listed in conclusion.
 

Cryptographic misuse affects a sizeable portion of Android applications. However, there is only an empirical study that has been made about this problem. In this paper, we perform a systematic analysis on the cryptographic misuse, build the cryptographic misuse vulnerability model and implement a prototype tool Crypto Misuse Analyser (CMA). The CMA can perform static analysis on Android apps and select the branches that invoke the cryptographic API. Then it runs the app following the target branch and records the cryptographic API calls. At last, the CMA identifies the cryptographic API misuse vulnerabilities from the records based on the pre-defined model. We also analyze dozens of Android apps with the help of CMA and find that more than a half of apps are affected by such vulnerabilities.
 

Identity management system has gained significance for any organization today for not only storing details of its employees but securing its sensitive information and safely managing access to its resources. This system being an enterprise based application has time taking deployment process, involving many complex and error prone steps. Also being globally used, its continuous running on servers lead to large carbon emissions. This paper proposes a novel architecture that integrates the Identity management system together with virtual appliance technology to reduce the overall deployment time of the system. It provides an Identity management system as pre-installed, pre-configured and ready to go solution that can be easily deployed even by a common user. The proposed architecture is implemented and the results have shown that there is decrease in deployment time and decrease in number of steps required in previous architecture. The hardware required by the application is also reduced as its deployed on virtual machine monitor platform, which can be installed on already used servers. This contributes to the green computing practices and gives costs benefits for enterprises. Also there is ease of migration of system from one server to another and the enterprises which do not want to depend on third party cloud for security and cost reasons, can easily deploy their identity management system in their own premises.
 

Currently, most electrophotographic printers use halftoning technique to print continuous tone images, so scanned images obtained from such hard copies are usually corrupted by screen like artifacts. In this paper, a new model of scanned halftone image is proposed to consider both printing distortions and halftone patterns. Based on this model, an adaptive filtering based descreening method is proposed to recover high quality contone images from the scanned images. Image redundancy based denoising algorithm is first adopted to reduce printing noise and attenuate distortions. Then, screen frequency of the scanned image and local gradient features are used for adaptive filtering. Basic contone estimate is obtained by filtering the denoised scanned image with an anisotropic Gaussian kernel, whose parameters are automatically adjusted with the screen frequency and local gradient information. Finally, an edge-preserving filter is used to further enhance the sharpness of edges to recover a high quality contone image. Experiments on real scanned images demonstrate that the proposed method can recover high quality contone images from the scanned images. Compared with the state-of-the-art methods, the proposed method produces very sharp edges and much cleaner smooth regions.

In many Twitter applications, developers collect only a limited sample of tweets and a local portion of the Twitter network. Given such Twitter applications with limited data, how can we classify Twitter users as either bots or humans? We develop a collection of network-, linguistic-, and application-oriented variables that could be used as possible features, and identify specific features that distinguish well between humans and bots. In particular, by analyzing a large dataset relating to the 2014 Indian election, we show that a number of sentimentrelated factors are key to the identification of bots, significantly increasing the Area under the ROC Curve (AUROC). The same method may be used for other applications as well.

In SDN, the underlying infrastructure is usually abstracted for applications that can treat the network as a logical or virtual entity. Commonly, the “mappings” between virtual abstractions and their actual physical implementations are not one-to-one, e.g., a single “big switch” abstract object might be implemented using a distributed set of physical devices. A key question is, what abstractions could be mapped to multiple physical elements while faithfully preserving their native semantics? E.g., can an application developer always expect her abstract “big switch” to act exactly as a physical big switch, despite being implemented using multiple physical switches in reality? We show that the answer to that question is “no” for existing virtual-to-physical mapping techniques: behavior can differ between the virtual “big switch” and the physical network, providing incorrect application-level behavior.

We also show that that those incorrect behaviors occur despite the fact that the most pervasive correctness invariants, such as per-packet consistency, are preserved throughout. These examples demonstrate that for practical notions of correctness, new systems and a new analytical framework are needed. We take the first steps by defining end-to-end correctness, a correctness condition that focuses on applications only, and outline a research vision to obtain virtualization systems with correct virtual to physical mappings.

The availability of sophisticated source attribution techniques raises new concerns about privacy and anonymity of photographers, activists, and human right defenders who need to stay anonymous while spreading their images and videos. Recently, the use of seam-carving, a content-aware resizing method, has been proposed to anonymize the source camera of images against the well-known photoresponse nonuniformity (PRNU)-based source attribution technique. In this paper, we provide an analysis of the seam-carving-based source camera anonymization method by determining the limits of its performance introducing two adversarial models. Our analysis shows that the effectiveness of the deanonymization attacks depend on various factors that include the parameters of the seam-carving method, strength of the PRNU noise pattern of the camera, and an adversary's ability to identify uncarved image blocks in a seam-carved image. Our results show that, for the general case, there should not be many uncarved blocks larger than the size of 50×50 pixels for successful anonymization of the source camera.

Insect-Scale Flapping-Wing Micro-Air Vehicles (FW-MAVs), can be particularly sensitive to control deficits caused by ongoing wing damage and degradation. Since any such degradation could occur during flight and likely in ways difficult to predict apriori, any automated methods to apply correction would also need to be applied in-flight. Previous work has demonstrated effective recovery of correct flight behavior via online (in service) evolutionary algorithm based learning of new wing-level oscillation patterns. In those works, Evolutionary Algorithms (EAs) were used to continuously adapt wing motion patterns to restore the force generation expected by the flight controller. Due to the requirements for online learning and fast recovery of correct flight behavior, the choice of EA is critical. The work described in this paper replaces previously used oscillator learning algorithms with an Evolution Strategy (ES), an EA variant never previously tested for this application. This paper will demonstrate that this approach is both more effective and faster than previously employed methods. The paper will conclude with a discussion of future applications of the technique within this problem domain.

Evolutionary Computation has been suggested as a means of providing ongoing adaptation of robot controllers. Most often, using Evolutionary Computation to that end focuses on recovery of acceptable robot performance with less attention given to diagnosing the nature of the failure that necessitated the adaptation. In previous work, we introduced the concept of Evolutionary Model Consistency Checking in which candidate robot controller evaluations were dual-purposed for both evolving control solutions and extracting robot fault diagnoses. In that less developed work, we could only detect single wing damage faults in a simulated Flapping Wing Micro Air Vehicle. We now extend the method to enable detection and diagnosis of both single wing and dual wing faults. This paper explains those extensions, demonstrates their efficacy via simulation studies, and provides discussion on the possibility of augmenting EC adaptation by exploiting extracted fault diagnoses to speed EC search.