Biblio

A new Domain Name System (DNS) cache poisoning attack aiming at clients has emerged recently. It induced cloud users to visit fake web sites and thus reveal information such as account passwords. However, the design of current DNS defense architecture does not formally consider the protection of clients. Although the DNS traffic encryption technology can alleviate this new attack, its deployment is as slow as the new DNS architecture. Thus we propose a lightweight adaptive intelligent defense strategy, which only needs to be deployed on the client without any configuration support of DNS. Firstly, we model the attack and defense process as a static stochastic game with incomplete information under bounded rationality conditions. Secondly, to solve the problem caused by uncertain attack strategies and large quantities of game states, we adopt a deep reinforcement learning (DRL) with guaranteed monotonic improvement. Finally, through the prototype system experiment in Alibaba Cloud, the effectiveness of our method is proved against multiple attack modes with a success rate of 97.5% approximately.

Edge computing (EC) is a new developing computing technology where data are collected, and analysed nearer to the edge or sources of the data. Cloud to the edge, intelligent applications and analytics are part of the IoT applications and technology. Edge computing technology aims to bring cloud computing features near to edge devices. For time-sensitive applications in cloud computing, architecture massive volume of data is generated at the edge and stored and analysed in the cloud. Cloud infrastructure is a composition of data centres and large-scale networks, which provides reliable services to users. Traditional cloud computing is inefficient due to delay in response, network delay and congestion as simultaneous transactions to the cloud, which is a centralised system. This paper presents a literature review on cloud-based edge computing technologies for delay-sensitive applications and suggests a conceptual model of edge computing architecture. Further, the paper also presents the implementation of QoS support edge computing paradigm in Python for further research to improve the latency and throughput for time-sensitive applications.

Stochastic computing is based on probability concepts which are different from conventional mathematical operations. Advantages of stochastic computing in the fields of neural networks and digital image processing have been reported in literature recently. Arithmetic operations especially multiplications can be performed either by logical AND gates in unipolar format or by EXNOR gates in bipolar format in stochastic computation. Stochastic computing is inherently fault-tolerant and requires fewer logic gates to implement arithmetic operations. Long computing time and low accuracy are the main drawbacks of this system. In this presentation, to reduce hardware requirement and delay, modified stochastic multiplication using AND gate array and multiplexer are used for the design of Finite Impulse Response Filter cores. Performance parameters such as area, power and delay for FIR filter using modified stochastic computing methods are compared with conventional floating point computation.

The network attack such as Distributed Denial-of-Service (DDoS) attack could be critical to latency-critical systems such as Mobile Edge Computing (MEC) as such attacks significantly increase the response delay of the victim service. Intrusion prevention system (IPS) is a promising solution to defend against such attacks, but there will be a trade-off between IPS deployment and application resource reservation as the deployment of IPS will reduce the number of computation resources for MEC applications. In this paper, we proposed a game-theoretic framework to study the joint computation resource allocation and IPS deployment in the MEC architecture. We study the pricing strategy of the MEC platform operator and purchase strategy of the application service provider, given the expected attack strength and end user demands. The best responses of both MPO and ASPs are derived theoretically to identify the Stackelberg equilibrium. The simulation results confirm that the proposed solutions significantly increase the social welfare of the system.

Nowadays, hypervisors are the standard solution to integrate different domains into a shared hardware platform, while providing safety, security, and predictability. To this end, a hypervisor virtualizes the physical platform and orchestrates the access to each component. When the system needs to comply with certification requirements for safety-critical systems, virtualization latencies need to be analytically bounded for providing off-line guarantees. This paper presents a detailed modeling of three I/O virtualization techniques, providing analytical bounds for each of them under different metrics. Experimental results compare the bounds for a case study and quantify the contribution due to different sources of delay.

Cyber security is reliant on the actions of both machine and human and remains a domain of importance and continual evolution. While the study of human behavior has grown, less attention has been paid to the adversarial operator. Cyber environments consist of complex and dynamic situations where decisions are made with incomplete information. In such scenarios people form strategies based on simplified models of the world and are often efficient and effective, yet may result in judgement or decision-making bias. In this paper, we examine an initial list of biases affecting adversarial cyber actors. We use subject matter experts to derive examples and demonstrate these biases likely exist, and play a role in how attackers operate.

Fog computing extends the capability of cloud services to support latency sensitive applications. Adding fog computing nodes in proximity to a data generation/ actuation source can support data analysis tasks that have stringent deadline constraints. We introduce a real time, security-aware scheduling algorithm that can execute over a fog environment [1 , 2] . The applications we consider comprise of: (i) interactive applications which are less compute intensive, but require faster response time; (ii) computationally intensive batch applications which can tolerate some delay in execution. From a security perspective, applications are divided into three categories: public, private and semi-private which must be hosted over trusted, semi-trusted and untrusted resources. We propose the architecture and implementation of a distributed orchestrator for fog computing, able to combine task requirements (both performance and security) and resource properties.

This paper establishes a novel approach to supply chain risk management (SCRM), through establishing a risk assessment framework addressing the importance of SCRM and supply chain visibility (SCV). Through a quantitative assessment and empirical evidence, the paper also discusses the specific risks within the manufacturing industry. Based on survey data collected and a case study from Asia, the paper finds that supplier delays and poor product quality can be considered as prevailing risks relevant to the manufacturing industry. However, as supply chain risks are inter-related, one must increase supply chain visibility to fully consider risk causes that ultimately lead to the risk effects. The framework established can be applied to different industries with the view to inform organisations on prevailing risks and prompt motivate improvement in supply chain visibility, thereby, modify risk management strategies. Through suggesting possible risk sources, organisations can adopt proactive risk mitigation strategies so as to more efficiently manage their exposure.

PCIe (Peripheral Component Interconnect express) protocol is the de facto protocol to bridge CPU and peripheral devices like GPU, NIC, and SSD drive. There is an increasing demand to install more peripheral devices on a single machine, but the PCIe interfaces offered by Intel CPUs are fixed. To resolve such contention, PCIe switch, PCH (Platform Controller Hub), or virtualization cards are installed on the machine to allow multiple devices to share a PCIe interface. Congestion happens when the collective PCIe traffic from the devices overwhelm the PCIe link capacity, and transmission delay is then introduced.In this work, we found the PCIe delay not only harms device performance but also leaks sensitive information about a user who uses the machine. In particular, as user’s activities might trigger data movement over PCIe (e.g., between CPU and GPU), by measuring PCIe congestion, an adversary accessing another device can infer the victim’s secret indirectly. Therefore, the delay resulted from I/O congestion can be exploited as a side-channel. We demonstrate the threat from PCIe congestion through 2 attack scenarios and 4 victim settings. Specifically, an attacker can learn the workload of a GPU in a remote server by probing a RDMA NIC that shares the same PCIe switch and measuring the delays. Based on the measurement, the attacker is able to know the keystroke timings of the victim, what webpage is rendered on the GPU, and what machine-learning model is running on the GPU. Besides, when the victim is using a low-speed device, e.g., an Ethernet NIC, an attacker controlling an NVMe SSD can launch a similar attack when they share a PCH or virtualization card. The evaluation result shows our attack can achieve high accuracy (e.g., 96.31% accuracy in inferring webpage visited by a victim).

This paper investigates the impact of the delay resulting from a blockchain, a promising security measure, for a hierarchical control system of inverters connected to the grid. The blockchain communication network is designed at the secondary control layer for resilience against cyberattacks. To represent the latency in the communication channel, a model is developed based on the complexity of the blockchain framework. Taking this model into account, this work evaluates the plant’s performance subject to communication delays, introduced by the blockchain, among the hierarchical control agents. In addition, this article considers an optimal model-based control strategy that performs the system’s internal control loop. The work shows that the blockchain’s delay size influences the convergence of the power supplied by the inverter to the reference at the point of common coupling. In the results section, real-time simulations on OPAL-RT are performed to test the resilience of two parallel inverters with increasing blockchain complexity.

Many applications are bandwidth consuming but may tolerate longer flow completion times. Multipath protocols, such as multipath TCP (MPTCP), can offer bandwidth aggregation and resilience to link failures for such applications, and low priority congestion control (LPCC) mechanisms can make these applications yield to other time-sensitive ones. Properly combining the above two can improve the overall user experience. However, the existing LPCC mechanisms are not adequate for MPTCP. They do not take into account the characteristics of multiple network paths, and cannot ensure fairness among the same priority flows. Therefore, we propose a multipath LPCC mechanism, i.e., Dynamic Coupled Low Extra Delay Background Transport, named DC-LEDBAT. Our scheme is designed based on a standardized LPCC mechanism LEDBAT. To avoid unfairness among the same priority flows, DC-LEDBAT trades little throughput for precisely measuring the minimum delay. Moreover, to be friendly to single-path LEDBAT, our scheme leverages the correlation of the queuing delay to detect whether multiple paths go through a shared bottleneck. Then, DC-LEDBAT couples the congestion window at shared bottlenecks to control the sending rate. We implement DC-LEDBAT in a Linux kernel and experimental results show that DC-LEDBAT can not only utilize the excess bandwidth of MPTCP but also ensure fairness among the same priority flows.

The 2020 Corona pandemic has shown that on-line real-time multimedia communication is of vital importance when regular face-to-face meetings are not possible. One popular choice for conducting these meetings is the open standard WebRTC which is implemented in every major web browser. Even though this technology has found widespread use, there are still open issues with how different congestion control (CC) algorithms of Media- and DataChannels interact. In 2018 we have shown that the issue of self-inflicted queuing delay can be mitigated by introducing a CC coupling mechanism called FSE-NG. Originally, this solution was only capable of linking DataChannel flows controlled by TCP-style CCs and MediaChannels controlled by NADA CC. Standardization has progressed and along with NADA, IETF has also standardized the RTP CC SCReAM. This work extends the FSE-NG algorithm to also incorporate flows controlled by the latter algorithm. By means of simulation, we show that our approach is capable of drastically reducing end-to-end delays while also increasing RTP throughput and thus enabling WebRTC communication in scenarios where it has not been applicable before.

Frequently emergency services are required nationally and globally, in Mexico during 2020 of the 16,22,879 calls made to 911, statistics reveal that 58.43% were about security, 16.57% assistance, 13.49% medical, 6.29% civil protection, among others. However, the constant traffic of cities generates delays in the time of arrival to medical, military or civil protection services, wasting time that can be critical in an emergency. The objective is to create a connection between the road infrastructure (traffic lights) and emergency vehicles to reduce waiting time as a vehicle on a mission passes through a traffic light with Controller Area Network CAN controller to modify the color and give way to the emergency vehicle that will send signals to the traffic light controller through a controller located in the car. For this, the Controller Area Network Flexible Data (CAN-FD) controllers will be used in traffic lights since it is capable of synchronizing data in the same bus or cable to avoid that two messages arrive at the same time, which could end in car accidents if they are not it respects a hierarchy and the CANblue ll controller that wirelessly connects devices (vehicle and traffic light) at a speed of 1 Mbit / s to avoid delays in data exchange taking into account the high speeds that a car can acquire. It is intended to use the CAN controller for the development of improvements in response times in high-speed data exchange in cities with high traffic flow. As a result of the use of CAN controllers, a better data flow and interconnection is obtained.

In this paper, we investigated a self-oscillating ring system with variation of the delay time, which demonstrates the phenomenon of laminar chaos. The presence of laminar chaos is demonstrated for various laws of time delay variation - sinusoidal, sawtooth, and triangular. The behavior of coupled systems with laminar chaos and diffusive coupling is investigated. The presence of synchronous behavior is shown.

In this paper, we propose a very fast, yet compact, AES S-box, by applying two techniques to a composite field \$GF((2ˆ4)ˆ2)\$ fast AES S-box. The composite field fast S-box has three main components, namely the input transformation matrix, the inversion circuit, and the output transformation matrix. The core inversion circuit computes the multiplicative inverse over the composite field \$GF((2ˆ4)ˆ2)\$ and consists of three arithmetic blocks over subfield \$GF(2ˆ4)\$, namely exponentiation, subfield inverter, and output multipliers. For the first technique, we consider multiplication of the input of the composite field fast S-box by 255 nonzero 8-bit binary field elements. The multiplication constant increases the variety of the input and output transformation matrices of the S-box by a factor of 255, hence increasing the search space of the logic minimization algorithm correspondingly. For the second technique, we reduce the delay of the composite field fast S-box, by combining the output multipliers and the output transformation matrix. Moreover, we modify the architecture of the input transformation matrix and re-design the exponentiation block and the subfield inverter for lower delay and area. We find that 8 unique binary transformation matrices could be used to change from the binary field \$GF(2ˆ8)\$ to the composite field \$GF((2ˆ4)ˆ2)\$ at the input of the composite field S-box. We use Matla \$\textbackslashtextbackslashmathbfb\$ ® to derive all \$(255\textbackslashtextbackslashtimes 8=2040)\$ new input transformation matrices. We search the matrices for the fastest and lowest complexity implementation and the minimal one is selected for the proposed fast S-box. The proposed fast S-box is 24% faster (with 5% increase in area) than the composite field fast design and 10% faster (with about 1% increase in area) than the fastest S-box available in the literature, to the best of our knowledge.

The false data injection attacks (FDIAs) in smart grids can offset the power measurement data and it can bypass the traditional bad data detection mechanism. To solve this problem, a new detection mechanism called cosine similarity ratio which is based on the dynamic estimation algorithm of square root cubature Kalman filter (SRCKF) is proposed in this paper. That is, the detection basis is the change of the cosine similarity between the actual measurement and the predictive measurement before and after the attack. When the system is suddenly attacked, the actual measurement will have an abrupt change. However, the predictive measurement will not vary promptly with it owing to the delay of Kalman filter estimation. Consequently, the cosine similarity between the two at this moment has undergone a change. This causes the ratio of the cosine similarity at this moment and that at the initial moment to fluctuate considerably compared to safe operation. If the detection threshold is triggered, the system will be judged to be under attack. Finally, the standard IEEE-14bus test system is used for simulation experiments to verify the effectiveness of the proposed detection method.

This paper considers a multivariate quickest detection problem with false data injection (FDI) attacks in internet of things (IoT) systems. We derive a sequential generalized likelihood ratio test (GLRT) for zero-mean Gaussian FDI attacks. Exploiting the fact that covariance matrices are positive, we propose strategies to detect positive semi-definite matrix additions rather than arbitrary changes in the covariance matrix. The distribution of the GLRT is only known asymptotically whereas quickest detectors deal with short sequences, thereby leading to loss of performance. Therefore, we use a finite-sample correction to reduce the false alarm rate. Further, we provide a numerical approach to estimate the threshold sequences, which are analytically intractable to compute. We also compare the average detection delay of the proposed detector for constant and varying threshold sequences. Simulations showed that the proposed detector outperforms the standard sequential GLRT detector.

Satellite networks are booming to provide high-speed and low latency Internet access, but the transport layer becomes one of the main obstacles. Legacy end-to-end TCP is designed for terrestrial networks, not suitable for error-prone, propagation delay varying, and intermittent satellite links. It is necessary to make a clean-slate design for the satellite transport layer. This paper introduces a novel Information-centric Hop-by-Hop transport layer design, INTCP. It carries out hop-by-hop packets retransmission and hop-by-hop congestion control with the help of cache and request-response model. Hop-by-hop retransmission recovers lost packets on hop, reduces retransmission delay. INTCP controls traffic and congestion also by hop. Each hop tries its best to maximize its bandwidth utilization and improves end-to-end throughput. The capability of caching enables asynchronous multicast in transport layer. This would save precious spectrum resources in the satellite network. The performance of INTCP is evaluated with the simulated Starlink constellation. Long-distance communication with more than 1000km is carried out. The results demonstrate that, for the unicast scenario INTCP could reduce 42% one-way delay, 53% delay jitters, and improve 60% throughput compared with the legacy TCP. In multicast scenario, INTCP could achieve more than 6X throughput.

This note addresses the problem of distributed control for a class of nonlinear multi-agent systems over a communication graph. In many real practical systems, owing to communication limits and the vulnerability of communication networks to be overheard and modified by the adversary, consideration of communication delays and cyber-attacks in designing of the controller is important. To consider these challenges, in the presented approach, a distributed controller for a group of one-link flexible joint manipulators is provided which are connected via data delaying communication network in the presence of cyber-attacks. Sufficient conditions are provided to guarantee that the closed-loop system is stable with prescribed disturbance attenuation, and the parameter of the control law can be obtained by solving a set of linear matrix inequities (LMIs). Eventually, simulations results of four single-link manipulators are provided to demonstrate the performance of the introduced method.

Research has been conducted on wireless network single link failures. However, cascaded link failures due to fraudulent attacks have not received enough attention, whereas this requires solutions. This research developed an enhanced genetic algorithm (EGA) focused on capacity efficiency and fast restoration to rapidly resolve link-link failures. On complex nodes network, this fault-tolerant model was tested for such failures. Optimal alternative routes and the bandwidth required for quick rerouting of video traffic were generated by the proposed model. Increasing cascaded link failures increases bandwidth usage and causes transmission delay, which slows down video traffic routing. The proposed model outperformed popular Dijkstra models, in terms of time complexity. The survived solution paths demonstrate that the proposed model works well in maintaining connectivity despite cascaded link failures and would therefore be extremely useful in pandemic periods on emergency matters. The proposed technology is feasible for current business applications that require high-speed broadband networks.

This paper proposes a configurable architecture of butterfly unit (BU) supporting number theoretic transform (NTT) and inverse NTT (INTT) accelerators in the ring learning with error based homomorphic encryption. The proposed architecture is fully pipelined and carefully optimized the critical path delay. To compare with related works, several BU designs of different bit-size specific primes are synthesized and successfully placed-and-routed on the Xilinx Zynq UltraScale+ ZCU102 FPGA platform. Implementation results show that the proposed BU designs achieve 3× acceleration with more efficient resource utilization compared with previous works. Thus, the proposed BU architecture is worthwhile to develop NTTINTT accelerators in advanced homomorphic encryption systems.

This paper presents experimental results of evaluating the effect of network delay on the synchronization time of three parity machines. The possibility of using a hash function to confirm the synchronization of parity tree machines has been investigated. Three parity machines have been proposed as a modification of the symmetric encryption algorithm. One advantage of the method is the possibility to use the phenomenon of mutual synchronization of neural networks to generate an identical encryption key for users without the need to transfer it. As a result, the degree of influence of network delay and the type of hash function used on the synchronization time of neural networks was determined. The degree of influence of the network delay and hash function was determined experimentally. The hash function sha512 showed the best results. The tasks for further research have been defined.

Congestion control is one of the essential keys to enhance network efficiency so that the network can perform well even in the case of packet drop. This problem is even more challenging in Information-Centric Networking (ICN), a typical Future Internet design, which employs the packet flooding policy for forwarding the information. To diminish the high traffic load due to the huge number of packets in the era of the Internet of Things (IoT), this paper proposes an effective caching and forwarding algorithm to diminish the congestion rate of the IoT wireless sensor in ICN. The proposed network system utilizes accumulative popularity-based delay transmission time for forwarding strategy and includes the consecutive chunks-based segment caching scheme. The evaluation results using ndnSIM, a widely-used ns-3 based ICN simulator, demonstrated that the proposed system can achieve less interest packet drop rate, more cache hit rate, and higher network throughput, compared to the relevant ICN-based benchmarks. These results prove that the proposed ICN design can achieve higher network efficiency with a lower congestion rate than that of the other related ICN systems using IoT sensors.

Memristive nano crossbar array has paved the way for high density memories but in a very low power environment. But such high density circuits face multiple problems at the time of implementation. The sneak path problem in crossbar array is one such problem which causes difficulty in distinguishing the logical states of the memristors. On the other hand, hardware Trojan causes malfunctioning of the circuit or performance degradation. If any of these are present in the nano crossbar, it is difficult to identify whether the performance degradation is due to the sneak path problem or due to that of Hardware Trojan.This paper makes a comparative study of the sneak path problem and the hardware Trojan to understand the performance difference between both. It is observed that some parameters are affected by sneak path problem but remains unaffected in presence of Hardware Trojan and vice versa. Analyzing these parameters, we can classify whether the performance degradation is due to sneak path or due to Hardware Trojan. The experimental results well establish the proposed methods of detection of hardware Trojan in presence of sneak path in memristive nano crossbar circuits.

This paper aims to present a performance comparison of new authenticated encryption (AE) algorithm with the objective of high network security and better efficiency as compared to the defacto standard. This algorithm is based on a critical property of nonce-misuse-resistance incorporating DNA computation for securing the key, here the processing unit of DNA block converts the input key into its equivalent DNA base formats based on the ASCII code table. The need for secure exchange of keys through a public channel has become inevitable and thus, the proposed architecture will enhance the secrecy by using DNA cryptography. These implementations consider Advanced Encryption Standard in Galois Counter mode (AES-GCM) as a standard for comparison.