IEEE PROJECT ON NETWORK SECURITY

On the Implementation of the Discrete Fourier Transform in
the Encrypted Domain
Abstract: Signal-processing modules working directly on encrypted data provide
an elegant solution to application scenarios where valuable signals must be
protected from a malicious processing device. In this paper, we investigate the
implementation of the discrete Fourier transform (DFT) in the encrypted domain
by using the homomorphic properties of the underlying cryptosystem. Several
important issues are considered for the direct DFT: the radix-2 and the radix-4 fast
Fourier algorithms, including the error analysis and the maximum size of the
sequence that can be transformed. We also provide computational complexity
analyses and comparisons. The results show that the radix-4 fast Fourier transform
is best suited for an encrypted domain implementation in the proposed scenarios.



Personal Authentication Using Finger Knuckle Surface
Abstract: This paper investigates a new approach for personal authentication
using fingerback surface imaging. The texture pattern produced by the finger
knuckle bending is highly unique and makes the surface a distinctive biometric
identifier. The finger geometry features can be simultaneously acquired from the
same image at the same time and integrated to further improve the useridentification
accuracy of such a system. The fingerback surface images from
each user are normalized to minimize the scale, translation, and rotational
variations in the knuckle images. This paper details the development of such an
approach using peg-free imaging. The experimental results from the proposed
approach are promising and confirm the usefulness of such an approach for
personal authentication.


SMOCK: A Scalable Method of Cryptographic Key
Management for Mission-Critical Wireless Ad-Hoc
Networks
Abstract: Mission-critical networks show great potential in emergency response
and/or recovery, health care, critical infrastructure monitoring, etc. Such missioncritical
applications demand that security service be “anywhere,” “anytime,” and
“anyhow.” However, it is challenging to design a key management scheme in
current mission-critical networks to fulfill the required attributes of secure
communications, such as data integrity, authentication, confidentiality,
nonrepudiation, and service availability. In this paper, we present a self-contained
public key-management scheme, a scalable method of cryptographic key
management (SMOCK), which achieves almost zero communication overhead for
authentication, and offers high service availability. In our scheme, a small number
of cryptographic keys are stored offline at individual nodes before they are
deployed in the network. To provide good scalability in terms of the number of
nodes and storage space, we utilize a combinatorial design of public-private key
pairs, which means nodes combine more than one key pair to encrypt and decrypt
messages. We also show that SMOCK provides controllable resilience when
malicious nodes compromise a limited number of nodes before key revocation
and renewal.



Hypothesis Testing Approach to Semifragile Watermark-
Based Authentication
Abstract: This paper studies the problem of achieving watermark semifragility
in watermark-based authentication systems through a composite hypothesis
testing approach. Embedding a semifragile watermark serves to distinguish
legitimate distortions caused by signal-processing manipulations from illegitimate
ones caused by malicious tampering. This leads us to consider authentication
verification as a composite hypothesis testing problem with the watermark as side
information. Based on the hypothesis testing model, we investigate effective
embedding strategies to assist the watermark verifier to make correct decisions.
Our results demonstrate that quantization-based watermarking is more appropriate
than spread-spectrum-based methods to achieve the semifragility tradeoff between
two error probabilities. This observation is confirmed by a case study of an
additive Gaussian white noise channel with a Gaussian source using two figures
of merit: 1) relative entropy of the two hypothesis distributions and 2) the receiver
operating characteristic. Finally, we focus on common signal-processing
distortions, such as JPEG compression and image filtering, and investigate the
discrimination statistic and optimal decision regions to distinguish legitimate and
illegitimate distortions. The results of this paper show that our approach provides
insights for authentication watermarking and allows for better control of
semifragility in specific applications.


Dividing PKI in Strongest Availability Zones
Abstract: Key management involves two aspects: key distribution and key
revocation. This paper presents the geographic server distributed model for key
revocation which concerns about the security and performance of the system. The
concept presented in this paper is more reliable, faster and scalable than the
existing revocation techniques used in Public Key Infrastructure (PKI) framework
in various countries, as it optimises key authentication in a network. It proposes
autoseeking of a geographically distributed certifying authority's key revocation
server, which holds the revocation lists by the client, based on the best service
availability. The network is divided itself into the strongest availability zones
(SAZ), which automatically allows the new receiver to update the address of the
authentication server and replace the old address with the new address of the SAZ,
in case it moves to another location in the zone, or in case the server becomes
unavailable in the same zone. Our scheme eases out the revocation mechanism
and enables key revocation in the legacy systems.


Mobile DRM System based on a Three-step User
Authentication Process
Abstract: With the development of communication network technology, many
studies are being conducted on content protection techniques in the mobile digital
contents area as well. In this paper, a mobile DRM system is presented for
protection of digital contents based on a three-step authentication process. In this
approach, we constructed a secure digital contents distribution system through a
three-step user authentication process. For robust user authentication, we
reinforced the security of the contents using the AES algorithm in the first and
second authentication processes.


A New RMI Framework for Outdoor Objects Recognition
Abstract: In this paper, we present an extension to the Recurrent Motion Image
(RMI) motion-based object recognition framework for use in development of
automated video surveillance systems. We extended the object classes of RMI to
include four-legged animals (such as dog and cat) and enhanced the preprocessing
and shadow removal algorithms for better object segmentation and recognition.
Under the new framework, object blobs obtained from background subtraction of
scenes are tracked using region correspondence. In turn, we calculate the RMI
signatures based on the silhouettes of the object blobs for proper classification.
This new framework is tested on several real world 320 x 240 resolution color
image sequences captured with a low-end digital camera, and all of the moving
objects in our samples are properly detected, tracked and classified - indicating
the applicability of the new framework in similar task environment.


Security Analysis of The Louis Protocol for Location
Privacy
Abstract: Many location-based services for alerting persons of nearby friends
have been deployed in practice. A drawback of most approaches to providing such
services is that friends always learn each other’s location even when they are not
actually nearby. The Louis protocol proposed by Zhong, Goldberg and Hengartner
aims to ensure that a friend’s location is revealed to another friend if and only if
the friends are actually nearby. The protocol lets a third party learn whether the
friends are nearby, without the third party learning their location. The third party
communicates the answer to the person who invokes the service. A key feature of
the protocol is that a person can detect misbehavior by the third party or the
person’s friend. This paper reveals a flaw in the way the protocol handles the
detection of the misbehaving party, leading to an unauthorized disclosure of a
person’s location. Two alternatives for fixing the flaw in the protocol are
proposed and a heuristic analysis is given.


Symmetry structured SPN block cipher algorithm
Abstract: Feistel and SPN are the two main structures in designing a block
cipher algorithm. Unlike Feistel, an SPN has an asymmetric structure in
encryption and decryption. In this paper we propose an SPN algorithm which has
a symmetric structure in encryption and decryption. The whole operations in our
SPN algorithm are composed of the even numbers of N rounds where the first half
of them, 1 to N/2, applies function and the last half of them, (N+1)/2 to N,
employs inverse function. Symmetry layer is executed to create a symmetry block
in between function layer and inverse function layer. AES encryption and
decryption algorithm, whose safety is already proved, are exploited for function
and inverse function, respectively. Proposed symmetry layer is the simple logical
operation, because this doesn't effect at the whole process time of encryption and
decryption. The proposed algorithm can be easily applied to the algorithm which
has different encryption and decryption and make it same, and it can be good idea
to be used to design a new block cipher algorithm.


The Evaluation Report of SHA-256 Crypt Analysis Hash
Function
Abstract This paper describes the study of cryptographic hash functions, one of
the most important classes of primitives used in recent techniques in
cryptography. The main aim is the development of recent crypt analysis hash
function. We present different approaches to defining security properties more
formally and present basic attack on hash function. We recall Merkle-Damgard
security properties of iterated hash function. The Main aim of this paper is the
development of recent techniques applicable to crypt Analysis hash function,
mainly from SHA family. Recent proposed attacks an MD5 & SHA motivate a
new hash function design. It is designed not only to have higher security but also
to be faster than SHA-256. The performance of the new hash function is at least
30% better than that of SHA-256 in software. And it is secure against any known
cryptographic attacks on hash functions.


Three way Challenge-Response authentication in smart card
Using Elliptic Curve Cryptosystem
Abstract: In this paper presents an authentication protocol for challenge-response
exchange in smart card. Cryptographic authentication is necessary to protect
branded goods from forgery. Existing protocols do not include cryptographic
authentication mechanisms. Therefore, a new approach for authentication is
proposed in this paper. Because of the limited computing power, low die- size and
low- power requirements, a three way challenge- response authentication scheme
is used between the devices and the smart card. The goal of this paper is to create
authentication data between card and device using encryption algorithms key pair
and pseudo- random number generation including the analysis of properties of
common pseudorandom number generators. Furthermore, cryptographic
applications heavily rely on pseudorandom number generator to generate secrets
such as session keys, passwords and key pairs. ECC algorithms are developed
using visual C++ environment to obtain data transmission more secure and
efficient.


System level Security modeling using Attack trees
Abstract: Vulnerabilities in intrusion tolerant systems have dependence on
various dynamic aspects such as redundant mechanisms, fault and error recovery
mechanisms, and different operation modes. The conventional nodes of attack
trees can not adequately capture the attacks towards those systems, thus
constructing security models for the systems is very difficult. This paper
introduces new nodes to model the security of those systems. The nodes include:
PAND node, k/n node, SEQ node, CSUB node, and Housing node. We provide
the syntax and graphical representation for each node. The nodes allow us to
model attacks that require exploitation of vulnerabilities which have dependence
on ordering events, sequence-dependant events, conditional failures and
mechanisms which involve configuration changes with time. We use the nodes to
construct attack trees for different security related systems.

Visual Secret Sharing schemes for Color Images using Half
toning via Direct Binary search
Abstract: This paper proposes a method of encoding a color image into n
meaningful halftone shares using the scheme of halftone visual cryptography. The
proposed method can encode the secret pixels into the shares via direct binary
search (DBS) half toning method for color images. The error between the halftone
shares and the continuous-tone images are minimized with respect to a human
visual system (HVS) model [4]. Simulation results show that the proposed method
can improve halftone image quality for the enclosed shares compared with
previous techniques.


Email Worm Detection by Wavelet Analysis of DNS Query
Streams
Abstract: The high prevalence of email worms indicates that current in-network
defense mechanisms are incapable of mitigating this Internet threat. Moreover,
commonly applied approaches against this class of propagating malicious
program do not target reducing unwanted email traffic traversing the Internet. In
this paper, we take a step toward better understanding of email worms, and
explore their effect on the flow-level characteristics of Domain Name System
(DNS) query streams that user machines generate. We propose a novel method,
which uses time series analysis and unsupervised learning, to detect email worms
as they appear on local name servers. To evaluate our detection method, we have
constructed a DNS query dataset that consists of 71 email worms. We
demonstrate that our method is very effective.

JigDFS: A Secure Distributed File System
Abstract: Ubiquitous connectivity and availability of P2P resources creates
opportunities for building new services. This paper describes Jigsaw Distributed
File System (Jig DFS) which can be used to securely store and retrieve files on a
P2P network anonymously. Jig DFS is designed to provide strong encryption and
a certain level of plausible deniability. Files in Jig DFS are sliced into small
segments using an Information Dispersal Algorithm (IDA) and distributed onto
different nodes recursively to increase fault tolerance against node failures.
Moreover, layered encryption is applied to each file with keys produced by a
hashed-key chain algorithm, so that data (file segments) and keys reside on
different hosts. In such a scheme, if an attacker compromises a host and retrieves
the data, the attacker will still need the correct key to decipher the data.
Furthermore, recursive IDA and layered encryption ensure users’ anonymity. It is
difficult for an adversary to identify who owns a file, even who has retrieved a file
in Jig DFS. Often, a strong adversary may have the power to monitor the network
or even force a user to give up the password. Design of Jig DFS provides users
with plausible deniability which enhances privacy. When being questioned, a Jig
DFS user can simply argue that he/she is merely a relaying node, rather than the
file owner. Moreover, a user, when forced, can give up a valid, however, incorrect
encryption key. There is no way for an adversary to verify either correctness of a
key or the identity of file owner. Jig DFS is developed using platform independent
Java technologies and is envisioned to utilize mobile computing elements such as
PDAS and smart phones.

Visual Similarity-based Phishing Detection without Victim
Site Information
Abstract: Phishing attacks, which steal users’ account information by fake
websites, have become a serious problem on the Internet. There are two major
approaches in Phishing detection: the blacklist- and the heuristics-based approach.
Heuristics based approaches employ common characteristics of Phishing sites
such as distinctive keywords used in web pages or URLs in order to detect new
Phishing sites that are not yet listed in blacklists. However, these kinds of
heuristics can be easily circumvented by phishers once their mechanism is
revealed. In order to overcome this weakness, visual similarity-based detection
techniques have been proposed. Because Phishing sites have to mimic victim
sites, visual similarity between Phishing sites and their victim sites is supposed to
be an inherent and not easily concealable characteristic. However, these
techniques require images of real victim sites for detection. In this paper, we
propose a Phishing detection mechanism based on visual similarity among
Phishing sites that mimic the same victim site. Surprisingly, just by analyzing
visual similarity among web pages without a priori knowledge, our method
automatically extracts 224 distinct web page layouts mimicked by 2,262 Phishing
sites and achieves a detection rate of over 80% while keeping the false-positive
rate to 17.5 %. We also find that the false-positive rate can be reduced.


An Improved Authentication Protocol Based on One-Way
Hash Functions and Diffie-Hellman Key Exchange
Abstract: Recently, Yoon and Yoo proposed a new authentication protocol
based on a one-way hash function and Diffie-Hellman key exchange, which is
based on the protocol by Wu-Chieu and Lee-Lin- Chang. They claim that their
protocol is secure, but we show it is susceptible to password guessing if an
adversary gains possession of the smart card. Additionally, we propose an
improved protocol which can withstand the presented attack.

Visualization of Security Events Using an Efficient
Correlation Technique
Abstract: The timely and reliable data transfer required by many networked
applications necessitates the development of comprehensive security solutions to
monitor and protect against an increasing number of malicious attacks. However,
providing complete cyber space situation awareness is extremely challenging
because of the lack of effective translation mechanisms from low-level situation
information to high-level human cognition for decision making and action support.
We propose an adaptive cyber security monitoring system that integrates a number
of component techniques to collect time series situation information, perform
intrusion detection, keep track of event evolution, characterize and identify security
events, and present a visual representation in order to provide comprehensive
situational view so that corresponding defense actions can be taken in a timely and
effective manner. We explore the principles of designing and applying appropriate
visualization techniques for situation monitoring by defining graphical
representations of security events. This differs from the traditional rule-based pattern
matching techniques in that security events in the proposed system are represented
as forms of correlation networks using random matrix theory and identified through
the computation of network similarity measurement. The events and corresponding
event types are visualized using a stem plot to show location and quantity. Extensive
simulation results on event identification illustrate the efficacy of the proposed
system.


A Signature Scheme Associated with Universal Resigncryption
Abstract: Today, with increasing deversity of network technologies, people have
been likely to be interested in anonymity. The attacker might threaten anonymity of
senders and receivers by confirming link ability between their sessions. Recently,
Golle et al. proposed the re-encryption scheme applicable to Mix, called Universal
Re-encryption. In this scheme, a cipher text is supposed to be re-encrypted without
public information corresponding to it. Moreover, only a subject that re-enctypts a
cipher text can know the correspondence of original cipher text and it, and the
computational complexity to break the unlink ability property is equal to the
semantic secrecy. In this paper, we consider and improve the Universal Reencryption
scheme, and propose a scheme that can verify who transmit the message
by adding the property of signature.


Optimal Replica Placement under TTL-Based Consistency
Abstract: Geographically replicating popular objects in the Internet speeds up
content distribution at the cost of keeping the replicas consistent and up-to-date. The
overall effectiveness of replication can be measured by the total communication cost
consisting of client accesses and consistency management, both of which depend on
the locations of the replicas. This paper investigates the problem of placing replicas
under the widely used TTL-based consistency scheme. A polynomial-time algorithm
is proposed to compute the optimal placement of a given number of replicas in a
network. The new replica placement scheme is compared, using real Internet
topologies and Web traces, against two existing approaches which do not consider
consistency management or assume invalidation-based consistency scheme. The
factors affecting their performance are identified and discussed.

Towards Intrusion Detection for Encrypted Networks
Abstract: Traditionally, network-based Intrusion Detection Systems (NIDS)
monitor network traffic for signs of malicious activities. However, with the
growing use of Virtual Private Networks (VPNS) that encrypt network traffic, the
NIDS can no longer analyse the encrypted data. This essentially negates any
protection offered by the NIDS. Although the encrypted traffic can be decrypted
at a network gateway for analysis, this compromises on data confidentiality. In
this paper, we propose a detection framework which allows a traditional NIDS to
continue functioning, without compromising the confidentiality afforded by the
VPN. Our approach uses Shamir’s secret-sharing scheme and randomized
network proxies to enable detection of malicious activities in encrypted channels.
Additionally, this approach is able to detect any malicious attempts to forge
network traffic with the intention of evading detection. Our experiments show that
the probability of a successful evasion is low, at about 0.98% in the worst case.
We implement our approach in a prototype and present some preliminary results.
Overall, the proposed approach is able to consistently detect intrusions and does
not introduce any additional false positives.

Network Coding Protocols Approach for Secret Key
Distribution
Abstract: We consider the problem of secret key distribution in a sensor network
with multiple scattered sensor nodes and a mobile device that can be used to
bootstrap the network. Our main contribution is a set of secure protocols that rely
on simple network coding operations to provide a robust and low-complexity
solution for sharing secret keys among sensor nodes, including pair wise keys,
cluster keys, key revocation, and mobile node authentication. Despite its role as a
key enabler for this approach, the mobile node only has access to an encrypted
version of the keys, providing information-theoretic security with respect to
attacks focused on the mobile node. Our results include performance evaluation in
terms of security metrics and a detailed analysis of resource utilization. The basic
scheme was implemented and tested in a real-life sensor network test bed. We
deem this class of network coding protocols to be particularly well suited for
highly constrained dynamic systems such as wireless sensor networks.


Strategy proof Mechanisms for Scheduling Divisible Loads
in Bus-Networked Distributed Systems
Abstract: The scheduling of arbitrarily divisible loads on a distributed system is
studied by Divisible Load Theory (DLT). DLT has the underlying assumption that
the processors will not cheat. In the real world, this assumption is unrealistic as
the processors are owned and operated by autonomous rational organizations that
have no a priori motivation for cooperation. Consequently, they will manipulate
the algorithms if it benefits them to do so. In this work, we propose strategy proof
mechanisms for scheduling divisible loads on three types of bus-connected
distributed systems. These mechanisms provide incentives to the processors to
obey the prescribed algorithms and to truthfully report their parameters, leading to
an efficient load allocation and execution.


Packet Concatenation at IP level
Abstract: Wireless local area networks experience performance degradation in
presence of small packets. The main reason for that is the large overhead added at
the physical and link layers. This paper proposes a concatenation algorithm which
groups IP layer packets prior to transmission, called PAC-IP. As a result, the
overhead added at the physical and the link layers is shared among the grouped
packets. Along with performance improvement, PAC-IP enables packet-based
fairness in medium access as well as includes QOS support module handling
delay-sensitive traffic demands. The performance of the proposed algorithm is
evaluated through both simulations and an experimental WLAN test bed
environment covering the single-hop and the widespread infrastructure network
scenarios. Obtained results underline significant performance enhancement in
different operating scenarios and channel conditions.


CONTENT ADAPTION TECHNIQUE FOR WEBPAGE
Abstract: This paper presents content adaptation technique for providing
adaptive content delivery and presentation based on students' learning
environment. We have applied content adaptation to enhance mobile learning on
blackboard learning system in our university. The experiment results show that
content adaptation can extend the time and space of learning and improve the
collaboration among students


Dynamic Service Composition in Pervasive Computing
Abstract: Service-oriented architectures (SOAS) promise to provide
transparency to resource access by exposing the resources available as services.
SOAS have been employed within pervasive computing systems to provide
essential support to user tasks by creating services representing the available
resources. The mechanism of combining two or more basic services into a
possibly complex service is known as service composition. Existing solutions to
service composition employ a template-matching approach, where the user needs
are expressed as a request template, and through composition, a system would
identify services to populate the entities within the request template. However,
with the dynamism involved in pervasive environments, the user needs have to be
met by exploiting available resources, even when an exact match does not exist.
In this paper, we present a novel service composition mechanism for pervasive
computing. We employ the service-oriented middleware platform called pervasive
information communities organization (PICO) to model and represent resources
as services. The proposed service composition mechanism models services as
directed attributed graphs, maintains a repository of service graphs, and
dynamically combines multiple basic services into complex services. Further, we
present a hierarchical overlay structure created among the devices to exploit the
resource unevenness, resulting in the capability of providing essential servicerelated
support to resource-poor devices. Results of extensive simulation studies
are presented to illustrate the suitability of the proposed mechanism in meeting the
challenges of pervasive computing user mobility, heterogeneity, and the uncertain
nature of involved resources.


CONTENT ADAPTION TECHNIQUE FOR WEBPAGE
Abstract: This paper presents content adaptation technique for providing
adaptive content delivery and presentation based on students' learning
environment. We have applied content adaptation to enhance mobile learning on
blackboard learning system in our university. The experiment results show that
content adaptation can extend the time and space of learning and improve the
collaboration among students


Dynamic Service Composition in Pervasive Computing
Abstract: Service-oriented architectures (SOAS) promise to provide
transparency to resource access by exposing the resources available as services.
SOAS have been employed within pervasive computing systems to provide
essential support to user tasks by creating services representing the available
resources. The mechanism of combining two or more basic services into a
possibly complex service is known as service composition. Existing solutions to
service composition employ a template-matching approach, where the user needs
are expressed as a request template, and through composition, a system would
identify services to populate the entities within the request template. However,
with the dynamism involved in pervasive environments, the user needs have to be
met by exploiting available resources, even when an exact match does not exist.
In this paper, we present a novel service composition mechanism for pervasive
computing. We employ the service-oriented middleware platform called pervasive
information communities organization (PICO) to model and represent resources
as services. The proposed service composition mechanism models services as
directed attributed graphs, maintains a repository of service graphs, and
dynamically combines multiple basic services into complex services. Further, we
present a hierarchical overlay structure created among the devices to exploit the
resource unevenness, resulting in the capability of providing essential servicerelated
support to resource-poor devices. Results of extensive simulation studies
are presented to illustrate the suitability of the proposed mechanism in meeting the
challenges of pervasive computing user mobility, heterogeneity, and the uncertain
nature of involved resources.

Defense against Injecting Traffic Attacks inWireless Mobile
Ad-Hoc Networks
Abstract: In ad-hoc networks, nodes need to cooperatively forward packets for
each other. Without necessary countermeasures, such networks are extremely
vulnerable to injecting traffic attacks, especially those launched by insider
attackers. Injecting an overwhelming amount of traffic into the network can easily
cause network congestion and decrease the network lifetime. In this paper, we
focus on those injecting traffic attacks launched by insider attackers. After
investigating the possible types of injecting traffic attacks, we have proposed two
sets of defense mechanisms to combat such attacks. The first set of defense
mechanisms is fully distributed, while the second is centralized with decentralized
implementation. The detection performance of the proposed mechanisms has also
been formally analyzed. Both theoretical analysis and experimental studies have
demonstrated that under the proposed defense mechanisms, there is almost no
gain to launch injecting traffic attacks from the attacker's point of view


A Fault Attack on Pairing-Based Cryptography
Abstract: Current fault attacks against public key cryptography focus on
traditional schemes, such as RSA and ECC, and, to a lesser extent, on primitives
such as XTR. However, bilinear maps, or pairings, have presented theorists with a
new and increasingly popular way of constructing cryptographic protocols. Most
notably, this has resulted in efficient methods for Identity Based Encryption
(IBE). Since identity-based cryptography seems an ideal partner for identity aware
devices such as smart-cards, in this paper, we examine the security of concrete
pairing instantiations in terms of fault attack.

A Cooperative Game Framework for QOS Guided Job
Allocation Schemes in Grids
Abstract: A grid differs from traditional high performance computing systems in
the heterogeneity of the computing nodes as well as the communication links that
connect the different nodes together. In grids there exist users and service
providers. The service providers provide the service for jobs that the users
generate. Typically the amount of jobs generated by all the users are more than
any single provider can handle alone with any acceptable quality of service
(QOS). As such, the service providers need to cooperate and allocate jobs among
them so that each is providing an acceptable QOS to their customers. QOS is of
particular concerns to service providers as it directly affects customers?
Satisfaction and loyalty. In this paper, we propose a game theoretic solution to the
QOS sensitive, grid job allocation problem. We model the QOS based, grid job
allocation problem as a cooperative game and present the structure of the Nash
Bargaining Solution. The proposed algorithm is fair to all users and represents a
Pareto optimal solution to the QOS objective. One advantage of our scheme is the
relatively low overhead and robust performance against inaccuracies in
performance prediction


Privacy Protection against Malicious Adversaries in
Distributed Information Sharing Systems
Abstract: We address issues related to sharing information in a distributed
system consisting of autonomous entities, each of which holds a private database.
We consider threats from malicious adversaries that can deviate from the
designated protocol and change their input databases. We classify malicious
adversaries into two widely existing subclasses, namely weakly and strongly
malicious adversaries, and propose protocols that can effectively and efficiently
protect privacy against malicious adversaries.

On the Performance Benefits of Multi homing Route
Control
Abstract: Multi homing is increasingly being employed by large enterprises and
data centers to extract good performance and reliability from their ISP
connections. Multi homed end networks today can employ a variety of route
control products to optimize their Internet access performance and reliability.
However, little is known about the tangible benefits that such products can offer
the mechanisms they employ and their trade-offs. This paper makes two important
contributions. First, we present a study of the potential improvements in Internet
round-trip times (RTTS) and transfer speeds from employing multi homing route
control. Our analysis shows that multi homing to three or more ISPs and cleverly
scheduling traffic across the ISPs can improve Internet RTTS and throughputs by
up to 25% and 20%, respectively. However, a careful selection of ISPs is
important to realize the performance improvements. Second, focusing on large
enterprises, we propose and evaluate a wide-range of route control mechanisms
and evaluate their design trade-offs. We implement the proposed schemes on a
Linux-based Web proxy and perform a trace-based evaluation of their
performance. We show that both passive and active measurement-based
techniques are equally effective and could improve the Web response times of
enterprise networks by up to 25% on average, compared to using a single ISP. We
also outline several "best common practices" for the design of route control
products


Integrated Unified Messaging System
Abstract: A system and method for transmitting a message generated by a
message source to diverse communication devices. The types of
communication devices to receive the message and their respective sites
are selected in response to message parameters contained in the message
file. The message is converted to a format

Optimal Replica Placement under TTL-Based Consistency
Abstract: Geographically replicating popular objects in the Internet speeds up
content distribution at the cost of keeping the replicas consistent and up-to-date.
The overall effectiveness of replication can be measured by the total
communication cost consisting of client accesses and consistency management,
both of which depend on the locations of the replicas. This paper investigates the
problem of placing replicas under the widely used TTL-based consistency
scheme. A polynomial-time algorithm is proposed to compute the optimal
placement of a given number of replicas in a network. The new replica placement
scheme is compared, using real Internet topologies and Web traces, against two
existing approaches which do not consider consistency management or assume
invalidation-based consistency scheme. The factors affecting their performance
are identified and discussed.


Network Coding Protocols Approach for Secret Key
Distribution
Abstract: We consider the problem of secret key distribution in a sensor network
with multiple scattered sensor nodes and a mobile device that can be used to
bootstrap the network. Our main contribution is a set of secure protocols that rely
on simple network coding operations to provide a robust and low-complexity
solution for sharing secret keys among sensor nodes, including pair wise keys,
cluster keys, key revocation, and mobile node authentication. Despite its role as a
key enabler for this approach, the mobile node only has access to an encrypted
version of the keys, providing information-theoretic security with respect to
attacks focused on the mobile node. Our results include performance evaluation in
terms of security metrics and a detailed analysis of resource utilization. The basic
scheme was implemented and tested in a real-life sensor network test bed. We
deem this class of network coding protocols to be particularly well suited for
highly constrained dynamic systems such as wireless sensor networks.


An Operation-Centered Approach to Fault Detection in
Symmetric Cryptography Ciphers
Abstract: One of the most effective ways of attacking a cryptographic device is
by deliberate fault injection during computation, which allows retrieving the
secret key with a small number of attempts. Several attacks on symmetric and
public-key cryptosystems have been described in the literature and some
dedicated error-detection techniques have been proposed to foil them. The
proposed techniques are ad hoc ones and exploit specific properties of the
cryptographic algorithms. In this paper, we propose a general framework for error
detection in symmetric ciphers based on an operation-centered approach. We first
enumerate the arithmetic and logic operations included in the cipher and analyze
the efficacy and hardware complexity of several error-detecting codes for each
such operation. We then recommend an error-detecting code for the cipher as a
whole based on the operations it employs. We also deal with the trade-off between
the frequency of checking for errors and the error coverage. We demonstrate our
framework on a representative group of 11 symmetric ciphers. Our conclusions
are supported by both analytical proofs and extensive simulation experiment



An Efficient Mobile Authentication Scheme for Wireless
Networks
Abstract: This paper proposes an efficient authentication scheme, which is
suitable for low-power mobile devices. It uses an elliptic-curve-cryptosystem
based trust delegation mechanism to generate a delegation pass code for mobile
station authentication, and it can effectively defend all known attacks to mobile
networks including the denial-of-service attack. Moreover, the mobile station only
needs to receive one message and send one message to authenticate itself to a
visitor's location register, and the scheme only requires a single elliptic-curve
scalar point multiplication on a mobile device. Therefore, this scheme enjoys both
computation efficiency and communication efficiency as compared to known
mobile authentication schemes


Experiences in Engineering Active Replication into a
Traditional Three-tiered Client-server System
Abstract: The Internet is going through several major changes. It has become a
vehicle of Web services rather than just a repository of information. Many
organizations are putting their core business competencies on the Internet as a
collection of Web services. An important challenge is to integrate them to create
new value-added Web services in ways that could never be foreseen forming what
is known as Business-to-Business (B2B) services. Therefore, there is a need for
modeling techniques and tools for reliable Web service composition. In this paper,
we propose a Petri net-based algebra, used to model control flows, as a necessary
constituent of reliable Web service composition process. This algebra is
expressive enough to capture the semantics of complex Web service
combinations.


Controlling IP Spoofing through Inter domain Packet
Filters
Abstract: The Distributed Denial of Services (DDOS) attack is a serious threat
to the legitimate use of the Internet. Prevention mechanisms are thwarted by the
ability of attackers to forge, or spoof, the source addresses in IP packets. By
employing IP spoofing, attackers can evade detection and put a substantial burden
on the destination network for policing attack packets. In this paper, we propose
an inter-domain packet filter (IDPF) architecture that can mitigate the level of IP
spoofing on the Internet. A key feature of our scheme is that it does not require
global routing information. IDPFS are constructed from the information implicit
in BGP route updates and are deployed in network border routers. We establish
the conditions under which the IDPF framework works correctly in that it does
not discard packets with valid source addresses. Based on extensive simulation
studies, we show that even with partial deployment on the Internet, IDPFS can
proactively limit the spoofing capability of attackers. In addition, they can help
localize the origin of an attack packet to a small number of candidate networks.


A Self-Repairing Tree Topology Enabling Content-Based
Routing in Mobile Ad Hoc Network
Abstract: Content-based routing (CBR) provides a powerful and flexible
foundation for distributed applications. Its communication model, based on
implicit addressing, fosters decoupling among the communicating components,
therefore meeting the needs of many dynamic scenarios, including mobile ad hoc
networks (MANETS). Unfortunately, the characteristics of the CBR model are
only rarely met by available systems, which typically assume that applicationlevel
routers are organized in a tree-shaped network with a fixed topology. In this
paper we present COMAN, a protocol to organize the nodes of a MANET in a
tree-shaped network able to i) self-repair to tolerate the frequent topological
reconfigurations characteristic of MANETS; ii) achieve this goal through repair
strategies that minimize the changes that may impact the CBR layer exploiting the
tree. COMAN is implemented and publicly available. Here we report about its
performance in simulated scenarios as well as in real-world experiments. The
results confirm that its characteristics enable reliable and efficient CBR on
MANETS.


Context based Application Level Intrusion Detection
System
Abstract: In today’s interconnected networks, Intrusion Detection Systems
(IDSS), encryption devices and firewalls are crucial in providing a complete
security solution. As network security has become a growing concern, system
administrators lock down their networks by blocking traffic through certain ports
and allowing traffic via only selected authorized ports such as HTTP. A recent
survey has indicated that around 80 percent of attacks originate in the application
layer. In this paper, a framework has been proposed to detect complex application
level attacks that easily include packet level inspection solution. The proposed
method enhances detection capability. By performing Application-level protocol
analysis using semantic classification tree technique. The protocol analysis
method extracts only specific fields of the protocol thereby providing significant
search space reduction. The grammar based semantic processing method provides
a higher level of abstraction and scalability and is a suitable option to improve
detection accuracy.


Content-Based Web Medical Imaging Retrieval via Multi-
Agent Architecture
Abstract: A novel scalable architecture for automating and speeding up contentbased
image retrieval (CBIR) on the web is presented by using mobile multiagent.
Traditional web CBIR functions are encapsulated in six agent classes via
object-oriented idea. The retrieval domain is modeled as a multi-agent system,
where, agent objects operate autonomously while cooperate with each other, and
its coordination with outside environment can result in web CBIR. During
retrieval, the system can decide an optimized retrieval strategy by automatically
analyzing initial query input with its repository, and through feedback, it can also
make corresponding adjustment by intelligently deducing user intent and interest,
without any human interference if necessary.
Furthermore, the mobility enables the search agent to perform local image match
at database source, which is expected to improve retrieval speed and reliability by
minimizing network traffic and dependence on network status. In addition, the
repository management agent with heterogeneous database classifying and
indexing ability is also expected to further extend search range and ensure
retrieval efficiency. Simulation results validate the effectiveness of this approach
by significantly outperforming its traditional counterparts. In this paper, we
presented a novel flexible web CBIR architecture based on mobile multi-agent
With intriguing properties of MMAS itself, such as mobility, autonomy,
scalability and adaptively, the web CBIR can perform local image retrieval, and
optimize task distribution within the retrieval agent domain and effectively
cooperated with outside environment, which enables the system to be much faster
and more reliable than its traditional counterparts Though this MMAS approach
here is only used to perform database image retrieval, by involving text
combination, similar strategy can also be extended to image retrieval of pictorial
web pages. However, as agent itself is under development, there still exist
difficulties. For example, its appealing autonomy allows more flexible system,
which in turn, may also cause uncertain or unstable running, making the relation
among agents difficult to predict and manage. Furthermore, AOP in the real sense
is still under research. These problems remain to be solved before agent is able to
achieve more successful applications.


A joint signal processing and cryptographic approach to
multimedia encryption
Abstract: In recent years, there has been an increasing trend for multimedia
applications to use delegate service providers for content distribution, archiving,
search, and retrieval. These delegate services have brought new challenges to the
protection of multimedia content confidentiality. This paper discusses the
importance and feasibility of applying a joint signal processing and cryptographic
approach to multimedia encryption, in order to address the access control issues
unique to multimedia applications. We propose two atomic encryption operations
that can preserve standard compliance and are friendly to delegate processing.
Quantitative analysis for these operations is presented to demonstrate that a good
tradeoff can be made between security and bit rate overhead. In assisting the
design and evaluation of media security systems, we also propose a set of
multimedia-oriented security scores to quantify the security against approximation
attacks and to complement the existing notion of generic data security. Using
video as an example, we present a systematic study on how to strategically
integrate different atomic operations to build a video encryption system. The
resulting system can provide superior performance over both generic encryption
and its simple adaptation to video in terms of a joint consideration of security, bit
rate overhead, and friendliness to delegate processing


Cryptography Using Neural Network
Abstract: The goal of any cryptographic system is the exchange of information
among the intended users without any leakage of information to others who may
have unauthorized access to it. In 1976, Diffie & Hellmann found that a common
secret key could be created over a public channel accessible to any opponent.
Since then many public key cryptography have been presented which are based on
number theory and they demand large computational power. Moreover the
process involved in generating public key is very complex and time consuming.
To overcome these disadvantages, the neural networks can be used to generate
common secret key. This is the motivation for this present work on interacting
neural networks and cryptography. In the case of neural cryptography, both the
communicating networks receive an identical input vector, generate an output bit
and are trained based on the output bit. The dynamics of the two networks and
their weight vectors is found to exhibit a novel phenomenon, where the networks
synchronize to a state with identical time -dependent weights. This concept of
synchronization by mutual learning can be applied to a secret key exchange
protocol over a public channel. The generation of secret key over a public channel
has been studied and the generated key is used for encrypting and decrypting the
given message using DES algorithm which is simulated and synthesized using
NN.
Interacting neural networks have been calculated analytically. At each training
step two networks receive a common random input vector and learn their mutual
output bits. A new phenomenon has been observed: Synchronization by mutual
learning. The two partners can agree on a common secret key over a public
channel. An opponent who is recording the public exchange of training examples
cannot obtain full information about the secrete key used for encryption .This
works if the two partners use multilayer networks, parity machines. The opponent
has all the information (except the initial weight vectors) of the two partners and
uses the same algorithms. Nevertheless he does not synchronize. This
phenomenon may be used as a key exchange protocol. The two partners select
secret initial weight vectors, agree on a public sequence of input vectors and
exchange public bits. After a few steps they have identical weight vectors which
are used for a secret encryption key. For each communication they agree on a new
secret key, without having stored any secret information before. In contrast to
number theoretical methods the networks are very fast; essentially they are linear
filters, the complexity to generate a key of length N scales with N (for sequential
update of the weights). In fact, ensembles of opponents have a better chance to
synchronize. These may be good news for a possible attacker.

No comments: