Biblio

Distributed Denial of Service (DDoS) attacks remain one of the top threats to enterprise networks and ISPs nowadays. It can cause tremendous damage by bringing down online websites or services. Existing DDoS defense solutions either brings high cost such as upgrading existing firewall or IPS, or bring excessive traffic delay by using third-party cloud-based DDoS filtering services. In this work, we propose a DDoS defense framework that utilizes Network Function Virtualization (NFV) architecture to provide low cost and highly flexible solutions for enterprises. In particular, the system uses virtual network agents to perform attack traffic filtering before they are forwarded to the target server. Agents are created on demand to verify the authenticity of the source of packets, and drop spoofed packets in order protect the target server. Furthermore, we design a scalable and flexible dispatcher to forward packets to corresponding agents for processing. A bucket-based forwarding mechanism is used to improve the scalability of the dispatcher through batching forwarding. The dispatcher can also adapt to agent addition and removal. Our simulation results demonstrate that the dispatcher can effectively serve a large volume of traffic with low dropping rate. The system can successfully mitigate SYN flood attack by introducing minimal performance degradation to legitimate traffic.

Multi-state logic presents a promising avenue for more-than-Moore scaling, since efficient implementation of multi-valued logic (MVL) can significantly reduce switching and interconnection requirements and result in significant benefits compared to binary CMOS. So far, traditional approaches lag behind binary CMOS due to: (a) reliance on logic decomposition approaches [4][5][6] that result in many multi-valued minterms [4], complex polynomials [5], and decision diagrams [6], which are difficult to implement, and (b) emulation of multi-valued computation and communication through binary switches and medium that require data conversion, and large circuits. In this paper, we propose a fundamentally different approach for MVL decomposition, merging concepts from data science and nanoelectronics to tackle the problems, (a) First, we do linear regression on all inputs and outputs of a multivalued function, and find an expression that fits most input and output combinations. For unmatched combinations, we do successive regressions to find linear expressions. Next, using our novel visual pattern matching technique, we find conditions based on input and output conditions to select each expression. These expressions along with associated selection criteria ensure that for all possible inputs of a specific function, correct output can be reached. Our selection of regression model to find linear expressions, coefficients and conditions allow efficient hardware implementation. We discuss an approach for solving problem (b) and show an example of quaternary sum circuit. Our estimates show 65.6% saving of switching components compared with a 4-bit CMOS adder.

Entity authentication is one of the fundamental information security properties for secure transactions and communications. The combination of biometrics with cryptography is an emerging topic for authentication protocol design. Among the existing biometrics (e.g., fingerprint, face, iris, voice, heart), the heart-signal contains liveness property of biometric samples. In this paper, a remote entity authentication protocol has been proposed based on the randomness of heart biometrics combined with chaos cryptography. To this end, initial keys are generated for chaotic logistic maps based on the heart-signal. The authentication parameters are generated from the initial keys that can be used for claimants and verifiers to authenticate and verify each other, respectively. In this proposed technique, as each session of communication is different from others, therefore many session-oriented attacks are prevented. Experiments have been conducted on sample heart-signal for remote authentication. The results show that the randomness property of the heart-signal can help to implement one of the famous secure encryption, namely one-time pad encryption.