Biblio

Traditional DDoS attacks mainly send massive data packets through the attacking machine, consuming the network resources or server resources of the target server, making users unable to use server resources to achieve the purpose of denial of service. This type of attack is called a Flooding-based DDoS (FDDoS) attack. It has the characteristics of large traffic and suddenness. However, Low-rate DDoS (LDDoS) attack is a new type of DDoS attack. LDDoS utilize the TCP congestion control mechanism and sends periodic pulses to attack, which can seriously reduce the TCP flow throughput of the attacked link. It has the characteristics of small traffic and strong concealment. Each of these two DDoS attack methods has its own hard-to-handle characteristics, so that there is currently no particularly effective method to prevent such attacks. This paper uses time-frequency analysis to classify and filter DDoS traffic. The proposed filtering method is designed as a system in the actual environment. Experimental results show that the designed filtering algorithm can resist not only FDDoS attacks, but also LDDoS attacks.

This paper introduces a robust random number generator that based on Bernoulli discrete chaotic map. An eight bit SAR ADC is used with discrete time chaotic map to generate random bit sequences. Compared to RNGs that use the continuous time chaotic map, sensitivity to process, voltage and temperature (PVT) variations are reduced. Thanks to utilizing switch capacitor circuits to implement Bernoulli chaotic map equations, power consumption decreased significantly. Proposed design that has a throughput of 500 Kbit/second is implemented in TSMC 180 nm process technology. Generated bit sequences has successfully passed all four primary tests of FIPS-140-2 test suite and all tests of NIST 820–22 test suite without post processing. Furthermore, data rate can be increased by sacrificing power consumption. Hence, proposed architecture could be utilized in high speed cryptography applications.

Cryptographic algorithms are playing an important role in the information security field. Strong and unbreakable algorithms provide high security and good throughput. The strength of any encryption algorithm is basically based on the degree of difficulty to obtain the encryption key by such cyber-attacks as brute. It is supposed that the bigger the key size, the more difficult it is to compute the key. But increasing the key size will increase both the computational complexity and the processing time of algorithms. In this paper, we proposed a reliable, effective, and more secure symmetric stream cipher algorithm for encryption and decryption called Symmetric Cipher based on Key Hashing Algorithm (SCKHA). The idea of this algorithm is based on hashing and splitting the encryption symmetric key. Hashing the key will hide the encrypted key to prevent any intruder from forging the hash code, and, thus, it satisfies the purpose of security, authentication, and integrity for a message on the network. In addition, the algorithm is secure against a brute-force attack by increasing the resources it takes for testing each possible key. Splitting the hashed value of the encryption key will divide the hashed key into two key chunks. The encryption process performed using such one chunk based on some calculations on the plaintext. This algorithm has three advantages that are represented in computational simplicity, security and efficiency. Our algorithm is characterized by its ability to search on the encrypted data where the plaintext character is represented by two ciphertext characters (symbols).

Wireless communications networks are an integral part of intelligent systems that enhance the automation of various activities and operations embarked by humans. For example, the development of intelligent devices imbued with sensors leverages emerging technologies such as machine learning (ML) and artificial intelligence (AI), which have proven to enhance military operations through communication, control, intelligence gathering, and situational awareness. However, growing concerns in cybersecurity imply that attackers are always seeking to take advantage of the widened attack surface to launch adversarial attacks which compromise the activities of legitimate users. To address this challenge, we leverage on deep learning (DL) and the principle of cyber-deception to propose a method for defending wireless networks from the activities of jammers. Specifically, we use DL to regulate the power allocated to users and the channel they use to communicate, thereby luring jammers into attacking designated channels that are considered to guarantee maximum damage when attacked. Furthermore, by directing its energy towards the attack on a specific channel, other channels are freed up for actual transmission, ensuring secure communication. Through simulations and experiments carried out, we conclude that this approach enhances security in wireless communication systems.

This paper integrates Software-Defined Networking (SDN) and Information -Centric Networking (ICN) framework to enable low latency-based stateful routing and caching management by leveraging a novel forwarding and caching strategy. The framework is implemented in a clean- slate environment that does not rely on the TCP/IP principle. It utilizes Pending Interest Tables (PIT) instead of Forwarding Information Base (FIB) to perform data dissemination among peers in the proposed IC-SDN framework. As a result, all data exchanged and cached in the system are organized in chunks with the same interest resulting in reduced packet overhead costs. Additionally, we propose an efficient caching strategy that leverages in- network caching and naming of contents through an IC-SDN controller to support off- path caching. The testbed evaluation shows that the proposed IC-SDN implementation achieves an increased throughput and reduced latency compared to the traditional information-centric environment, especially in the high load scenarios.

Congestion control is one of the essential keys to enhance network efficiency so that the network can perform well even in the case of packet drop. This problem is even more challenging in Information-Centric Networking (ICN), a typical Future Internet design, which employs the packet flooding policy for forwarding the information. To diminish the high traffic load due to the huge number of packets in the era of the Internet of Things (IoT), this paper proposes an effective caching and forwarding algorithm to diminish the congestion rate of the IoT wireless sensor in ICN. The proposed network system utilizes accumulative popularity-based delay transmission time for forwarding strategy and includes the consecutive chunks-based segment caching scheme. The evaluation results using ndnSIM, a widely-used ns-3 based ICN simulator, demonstrated that the proposed system can achieve less interest packet drop rate, more cache hit rate, and higher network throughput, compared to the relevant ICN-based benchmarks. These results prove that the proposed ICN design can achieve higher network efficiency with a lower congestion rate than that of the other related ICN systems using IoT sensors.

Based on the success of terrestrial Internet of Things (IoT), research has started on Underwater IoT (UIoT). The UIoT describes global network of connected underwater things that interact with water environment and communicate with terrestrial network through the underwater communication technologies. For UIoT device, it is important to choose the channel before transmission. This paper deals with UIoT communication technologies and ontology based path selection mechanism for UIoT.

In recent years, the security of automotive Cyber-Physical Systems (CPSs) is facing urgent threats due to the widespread use of legacy in-vehicle communication systems. As a representative legacy bus system, the Controller Area Network (CAN) hosts Electronic Control Units (ECUs) that are crucial for the vehicles functioning. In this scenario, malicious actors can exploit the CAN vulnerabilities, such as the lack of built-in authentication and encryption schemes, to launch CAN bus attacks. In this paper, we present TACAN (Transmitter Authentication in CAN), which provides secure authentication of ECUs on the legacy CAN bus by exploiting the covert channels. TACAN turns upside-down the originally malicious concept of covert channels and exploits it to build an effective defensive technique that facilitates transmitter authentication. TACAN consists of three different covert channels: 1) Inter-Arrival Time (IAT)-based, 2) Least Significant Bit (LSB)-based, and 3) hybrid covert channels. In order to validate TACAN, we implement the covert channels on the University of Washington (UW) EcoCAR (Chevrolet Camaro 2016) testbed. We further evaluate the bit error, throughput, and detection performance of TACAN through extensive experiments using the EcoCAR testbed and a publicly available dataset collected from Toyota Camry 2010.

In this paper, we study covert communications between a pair of legitimate transmitter-receiver against a watchful warden over slow fading channels. There coexist multiple friendly helper nodes who are willing to protect the covert communication from being detected by the warden. We propose an uncoordinated jammer selection scheme where those helpers whose instantaneous channel gains to the legitimate receiver fall below a pre-established selection threshold will be chosen as jammers radiating jamming signals to defeat the warden. By doing so, the detection accuracy of the warden is expected to be severely degraded while the desired covert communication is rarely affected. We then jointly design the optimal selection threshold and message transmission rate for maximizing covert throughput under the premise that the detection error of the warden exceeds a certain level. Numerical results are presented to validate our theoretical analyses. It is shown that the multi-jammer assisted covert communication outperforms the conventional single-jammer method in terms of covert throughput, and the maximal covert throughput improves significantly as the total number of helpers increases, which demonstrates the validity and superiority of our proposed scheme.

Sharding can significantly improve the blockchain scalability, by dividing nodes into small groups called shards that can handle transactions in parallel. However, all existing sharding systems adopt complete sharding, i.e., shards are isolated. It raises additional overhead to guarantee the atomicity and consistency of cross-shard transactions and seriously degrades the sharding performance. In this paper, we present Pyramid, the first layered sharding blockchain system, in which some shards can store the full records of multiple shards thus the cross-shard transactions can be processed and validated in these shards internally. When committing cross-shard transactions, to achieve consistency among the related shards, a layered sharding consensus based on the collaboration among several shards is presented. Compared with complete sharding in which each cross-shard transaction is split into multiple sub-transactions and cost multiple consensus rounds to commit, the layered sharding consensus can commit cross-shard transactions in one round. Furthermore, the security, scalability, and performance of layered sharding with different sharding structures are theoretically analyzed. Finally, we implement a prototype for Pyramid and its evaluation results illustrate that compared with the state-of-the-art complete sharding systems, Pyramid can improve the transaction throughput by 2.95 times in a system with 17 shards and 3500 nodes.

Sharding is considered to be the most promising solution to overcome and to improve the scalability limitations of blockchain networks. By doing this, the transaction throughput increases, at the same time compromises the security of blockchain networks. In this paper, a probability distribution model is proposed to analyze this trade-off between scalability and security of sharding-based blockchain networks. For this purpose hypergeometric distribution and Chebyshev's Inequality are mainly used. The upper bounds of hypergeometric distributed transaction processing and failure probabilities for shards are mainly evaluated. The model validation is accomplished with Class A (Omniledger, Elastico, Harmony, and Zilliqa), and Class B (RapidChain) sharding protocols. This validation shows that Class B protocols have a better performance compared to Class A protocols. The proposed model observes the transaction processing and failure probabilities are increased when shard size is reduced or the number of shards increased in sharding-based blockchain networks. This trade-off between the scalability and the security decides on the shard size of the blockchain network based on the real-world application and the blockchain platform. This explains the scalability trilemma in blockchain networks claiming that decentralization, scalability, and security cannot be met at primary grounds. In conclusion, this paper presents a comprehensive analysis providing essential directions to develop sharding protocols in the future to enhance the performance and the best-cost benefit of sharing-based blockchains by improving the scalability and the security at the same time.

TCP SYN Flood is one of the most widespread DoS attack types performed on computer networks nowadays. As a possible countermeasure, we implemented and deployed modified versions of three network-based mitigation techniques for TCP SYN authentication. All of them utilize the TCP three-way handshake mechanism to establish a security association with a client before forwarding its SYN data. These algorithms are especially effective against regular attacks with spoofed IP addresses. However, our modifications allow deflecting even more sophisticated SYN floods able to bypass most of the conventional approaches. This comes at the cost of the delayed first connection attempt, but all subsequent SYN segments experience no significant additional latency (\textbackslashtextless; 0.2ms). This paper provides a detailed description and analysis of the approaches, as well as implementation details with enhanced security tweaks. The discussed implementations are built on top of the hardware-accelerated FPGA-based DDoS protection solution developed by CESNET and are about to be deployed in its backbone network and Internet exchange point at NIX.CZ.

Smart grid monitoring, automation and control will completely rely on PMU based sensor data soon. Accordingly, a high throughput, low latency Information and Communication Technology (ICT) infrastructure should be opted in this regard. Due to the low cost, low power profile, dynamic nature, improved accuracy and scalability, wireless sensor networks (WSNs) can be a good choice. Yet, the efficiency of a WSN depends a lot on the network design and the routing technique. In this paper a new design of the ICT network for smart grid using WSN is proposed. In order to understand the interactions between different entities, detect their operational levels, design the routing scheme and identify false data injection by particular ICT entities, a new model of interdependency called the Multi State Implicative Interdependency Model (MSIIM) is proposed in this paper, which is an updated version of the Modified Implicative Interdependency Model (MIIM) [1]. MSIIM considers the data dependency and operational accuracy of entities together with structural and functional dependencies between them. A multi-path secure routing technique is also proposed in this paper which relies on the MSIIM model for its functioning. Simulation results prove that MSIIM based False Data Injection (FDI) detection and mitigation works better and faster than existing methods.

In present scenario features like low-cost, power-efficientand easy-to-implement Wireless Sensor Networks (WSN’s) has become one of growing prospects.though, its security issues have become a popular topic of research nowadays. Specific attacks often experience the security issues as they easily combined with other attacks to destroy the network. In this paper, we discuss about detecting the particular attacks like Sybil, Black-holeand Denial of Service (DoS) attacks on WSNs. These networks are more vulnerable to them. We attempt to investigate the security measures and the applicability of the AODV protocol to detect and manage specific types of network attacks in VANET.The RSA algorithm is proposed here, as it is capable of detecting sensor nodes ormessages transmitted from sensor nodes to the base station and prevents network from being attacked by the source node. It also improves the security mechanism of the AODV protocol. This simulation set up is performed using MATLAB simulation tool

Security is the main concern for wireless sensor nodes and exposed against malicious attacks. To secure the communication between sensor nodes several key managing arrangements are already implemented. The key managing method for any protected application must minimally deliver safety facilities such as truthfulness. Diffie–Hellman key exchange in the absence of authentication is exposed to MITM (man-in-the-middle) attacks due to which the attacker node can easily interrupt the communication, by appearing as a valid node in the network. In wireless sensor networks, single path routing is very common but it suffers with the two problems i:e link failure which results in data loss and if any node in single path is compromised, there is no alternative to send the data to the destination securely. To overcome this problem, multipath routing protocol is used which provides both availability and consistency of data. AOMDV (Ad-hoc On-demand Multipath Distance Vector Routing Protocol) is used in a proposed algorithm which provides alternative paths to reach the data packets to the destination. This paper presents an algorithm DH-SAM (Diffie-Hellman- Sybil Attack Mitigation) to spot and mitigate Sybil nodes and make the network trusted with the objective of solving the issue of MITM attack in the network. After node authentication, secure keys are established between two communicating nodes for data transmission using the Diffie-Hellman algorithm. Performance evaluation of DH-SAM is done by using different metrics such as detection rate, PDR, throughput, and average end to end (AE2E) delay.

In recent years, with the rapid development of DNN, the algorithm complexity in a series of fields such as computer vision and natural language processing is increasing rapidly. FPGA-based DNN accelerators have demonstrated superior flexibility and performance, with higher energy efficiency compared to high-performance devices such as GPU. However, the computing resources of a single FPGA are limited and it is difficult to flexibly meet the requirements of high throughput and high energy efficiency of different computing scales. Therefore, this paper proposes a DNN implementation method based on the scalable heterogeneous FPGA cluster to adapt to different tasks and achieve high throughput and energy efficiency. Firstly, the method divides a single enormous task into multiple modules and running each module on different FPGA as the pipeline structure between multiple boards. Secondly, a task deployment method based on dichotomy is proposed to maximize the balance of task execution time of different pipeline stages to improve throughput and energy efficiency. Thirdly, optimize DNN computing module according to the relationship between computing power and bandwidth, and improve energy efficiency by reducing waste of ineffective resources and improving resource utilization. The experiment results on Alexnet and VGG-16 demonstrate that we use Zynq 7035 cluster can at most achieves ×25.23 energy efficiency of optimized AMD AIO processor. Compared with previous works of single FPGA and FPGA cluster, the energy efficiency is improved by 59.5% and 18.8%, respectively.

Verifying the integrity of IoT data in cloud-based IoT architectures is crucial for building reliable IoT applications. Traditional data integrity verification methods rely on a Trusted Third Party (TTP) that has issues of risk and operational cost by centralization. Distributed Ledger Technology (DLT) has a high potential to verify IoT data integrity and overcome the problems with TTPs. However, the existing DLTs have low transaction throughput, high computational and storage overhead, and are unsuitable for IoT environments, where a massive scale of data is generated. Recently, Directed Acyclic Graph (DAG) based DLTs have been proposed to address the low transaction throughput of linear DLTs. However, the integration of IoT Gateways (GWs) into the peer to peer (P2P) DLT network is challenging because of their low storage and computational capacity. This paper proposes Lightweight and Scalable DAG based distributed ledger for IoT (LSDI) that can work with resource-constrained IoT GWs to provide fast and scalable IoT data integrity verification. LSDI uses two key techniques: Pruning and Clustering, to reduce 1) storage overhead in IoT GWs by removing sufficiently old transactions, and 2) computational overhead of IoT GWs by partitioning a large P2P network into smaller P2P networks. The evaluation results of the proof of concept implementation showed that the proposed LSDI system achieves high transaction throughput and scalability while efficiently managing storage and computation overhead of the IoT GWs.

Recently, methods are studied to overcome various problems for Named Data Networking(NDN). Among them, a new method which can overcome content storm problem is required to reduce network congestion and deliver content packet to consumer reliably. According to the various studies, the content storm problems could be overcame by scoped interest flooding. However, because these methods do not considers not only network congestion ratio but also the number another different paths, the correspond content packets could be transmitted unnecessary and network congestion could be worse. Therefore, in this paper, we propose a new content forwarding method for NDN to overcome the content storm problem. In the proposed method, if the network is locally congested and another paths are generated, an intermediate node could postpone or withdraw the content packet transmission to reduce congestion.

In this paper, we propose models and schemes for coded and uncoded packet transmission over time invariant (TIC) and time variant (TVC) channels. We provide an approximation of the delay induced assuming fmite number of time slots to transmit a given number of packets. We propose an adaptive physical layer (PHY)-aware coded scheme that designs smart acknowledgments (ACK) via an optimal selection of coded packets to transmit at a given SNR. We apply our proposed schemes to channels with complex fading behavior and high round trip (RTT) delays. We compare the accuracy of TVC coded scheme to the TIC coded scheme, and we show the throughput-delay efficacy of adaptive coded schemes driven by PHY-awareness in the mitigation of high RTT environments, with up to 3 fold gains.

In this paper, we study a wireless powered cellular network (WPCN) supported with network coding capability. In particular, we consider a network consisting of k cellular users (CUs) served by a hybrid access point (HAP) that takes over energy transfer to the users on top of information transmission over both the uplink (UL) and downlink (DL). Each CU has k+1 states representing its communication behavior, and collectively are referred to as the user demand profile. Opportunistically, when the CUs have information to be exchanged through the HAP, it broadcasts this information in coded format to the exchanging pairs, resulting in saving time slots over the DL. These saved slots are then utilized by the HAP to prolong the network lifetime and enhance the network throughput. We quantify, analytically, the performance gain of our network-coded WPCN over the conventional one, that does not employ network coding, in terms of network lifetime and throughput. We consider the two extreme cases of using all the saved slots either for energy boosting or throughput enhancement. In addition, a lifetime/throughput optimization is carried out by the HAP for balancing the saved slots assignment in an optimized fashion, where the problem is formulated as a mixed-integer linear programming optimization problem. Numerical results exhibit the network performance gains from the lifetime and throughput perspectives, for a uniform user demand profile across all CUs. Moreover, the effect of biasing the user demand profile of some CUs in the network reveals considerable improvement in the network performance gains.

As we all know, network coding can significantly improve the throughput and reliability of wireless networks. However, in the high-speed mobile environment, the packet loss rate of different wireless links may vary greatly due to the time-varying network state, which makes the adjustment of network coding redundancy very important. Because the network coding redundancy is too large, it will lead to excessive overhead and reduce the effective throughput. If the network coding redundancy is too small, it will lead to insufficient decoding, which will also reduce the effective throughput. In the design of multi-path transmission scheduling scheme, we introduce adaptive redundancy network coding scheme. By using multiple links to aggregate network bandwidth, we choose appropriate different coding redundancy for different links to resist the performance loss caused by link packet loss. The simulation results show that when the link packet loss rate is greatly different, the mechanism can not only ensure the transmission reliability, but also greatly reduce the total network redundancy to improve the network throughput very effectively.

Batched network coding (BNC) is a low-complexity solution to network transmission in feedbackless multi-hop packet networks with packet loss. BNC encodes the source data into batches of packets. As a network coding scheme, the intermediate nodes perform recoding on the received packets instead of just forwarding them. Blockwise adaptive recoding (BAR) is a recoding strategy which can enhance the throughput and adapt real-time changes in the incoming channel condition. In wireless applications, in order to combat burst packet loss, interleavers can be applied for BNC in a hop-by-hop manner. In particular, a batch-stream interleaver that permutes packets across blocks can be applied with BAR to further boost the throughput. However, the previously proposed minimal communication protocol for BNC only supports permutation of packets within a block, called intrablock interleaving, and so it is not compatible with the batch-stream interleaver. In this paper, we design an intrablock interleaver for BAR that is backward compatible with the aforementioned minimal protocol, so that the throughput can be enhanced without upgrading all the existing devices.

Wireless relay network is a solution for transmitting information from a source node to a sink node far away by installing a relay in between. The broadcasting nature of wireless communication allows the sink node to receive part of the data sent by the source node. In this way, the relay does not need to receive the whole piece of data from the source node and it does not need to forward everything it received. In this paper, we consider the application of batched network coding, a practical form of random linear network coding, for a better utilization of such a network. The amount of innovative information at the relay which is not yet received by the sink node, called the innovative rank, plays a crucial role in various applications including the design of the transmission scheme and the analysis of the throughput. We present a visualization of the innovative rank which allows us to understand and derive formulae related to the innovative rank with ease.

Machine learning inference engine is of great interest to smart edge computing. Compute-in-memory (CIM) architecture has shown significant improvements in throughput and energy efficiency for hardware acceleration. Emerging nonvolatile memory (eNVM) technologies offer great potentials for instant on and off by dynamic power gating. Inference engine is typically pre-trained by the cloud and then being deployed to the field. There is a new security concern on cloning of the weights stored on eNVM-based CIM chip. In this paper, we propose a countermeasure to the weight cloning attack by exploiting the process variations of the periphery circuitry. In particular, we use weight fine-tuning to compensate the analog-to-digital converter (ADC) offset for a specific chip instance while inducing significant accuracy drop for cloned chip instances. We evaluate our proposed scheme on a CIFAR-10 classification task using a VGG- 8 network. Our results show that with precisely chosen transistor size on the employed SAR-ADC, we could maintain 88% 90% accuracy for the fine-tuned chip while the same set of weights cloned on other chips will only have 20 40% accuracy on average. The weight fine-tune could be completed within one epoch of 250 iterations. On average only 0.02%, 0.025%, 0.142% of cells are updated for 2-bit, 4-bit, 8-bit weight precisions in each iteration.

Ad Hoc Network is wireless networks that get more attention from past to present. Mobile ad hoc network (MANET) is one of the types of ad hoc networks, it deployed rapidly because it infrastructure-less. A node in a mobile ad hoc network communicates through wireless links without wired channels. When source nodes want to communicate with the destination outside its transmission range it uses multi-hop mechanisms. The intermediate node forwards the data packet to the next node until the data packet reaches its destination. Due wireless links and lack of centralized administration device, mobile ad hoc network is more vulnerable for security attacks. The rushing attack is one of the most dangerous attacks in the on-demand routing protocol of mobile ad hoc networks. Rushing attack highly transmits route request with higher transmission power than the genuine nodes and become participate between source and destination nodes, after that, it delays or drop actual data pass through it. In this study, the researcher incorporates rushing attack in one of the most commonly used mobile ad hoc network routing protocols namely Ad hoc on-demand multipath distance vector and provides a rushing attack prevention method based on the time threshold value and random route selection. Based on the time RREQ arrives a node takes a decision, if the RREQ packet arrives before threshold value, the RREQ packet consider as came from an attacker and discarded else RREQ packet received then randomly select RREQ to forward. In this study performance metrics like packet delivery ratio, end-to-end delay and throughput have been evaluated using Network simulation (NS-2.35). As a result of simulation shows newly proposed prevention mechanism improves network performance in all cases than the network under attacker. For example, the average packet delivery ratio enhanced from 54.37% to 97.69%, throughput increased from 20.84bps to 33.06bpsand the average delay decreased from 1147.22ms to 908.04ms. It is concluded that the new proposed techniques show improvement in all evaluated performance metrics.