András Méhes

Can you infect me now?: malware propagation in mobile phone networks

In this paper we evaluate the effects of malware propagating usingcommunication services in mobile phone networks. Although self-propagating malware is well understood in the Internet, mobile phone networks have very different characteristics in terms of topologies, services, provisioning and capacity, devices, and communication patterns. To investigate malware in this new environment, we have developed an event-driver simulator that captures the characteristics and constraints of mobile phone networks. In particular, the simulator models realistic topologies and provisioned capacities of the network infrastructure, as well as the contactgraphs determined by cell phone address books. We evaluate the speedand severity of random contact worms in mobile phone networks, characterize the denial-of-service effects such worms could have on the network, investigate approaches to accelerate malware propagation, and discuss the implications of defending networks against such attacks.

Defending Mobile Phones from Proximity Malware

As mobile phones increasingly become the target of propagating malware, their use of direct pair-wise communication mechanisms, such as Bluetooth and WiFi, pose considerable challenges to malware detection and mitigation. Unlike malware that propagates using the network, where the provider can employ centralized defenses, proximity malware can propagate in an entirely distributed fashion. In this paper we consider the dynamics of mobile phone malware that propagates by proximity contact, and we evaluate potential defenses against it. Defending against proximity malware is particularly challenging since it is difficult to piece together global dynamics from just pair-wise device interactions. Whereas traditional network defenses depend upon observing aggregated network activity to detect correlated or anomalous behavior, proximity malware detection must begin at the device. As a result, we explore three strategies for detecting and mitigating proximity malware that span the spectrum from simple local detection to a globally coordinated defense. Using insight from a combination of real-world traces, analytic epidemic models, and synthetic mobility models, we simulate proximity malware propagation and defense at the scale of a university campus. We find that local proximity-based dissemination of signatures can limit malware propagation. Globally coordinated strategies with broadcast dissemination are substantially more effective, but rely upon more demanding infrastructure within the provider.

Binary lattice vector quantization with linear block codes and affine index assignments

We determine analytic expressions for the performance of some low-complexity combined source-channel coding systems. The main tool used is the Hadamard transform. In particular, we obtain formulas for the average distortion of binary lattice vector quantization with affine index assignments, linear block channel coding, and a binary-symmetric channel. The distortion formulas are specialized to nonredundant channel codes for a binary-symmetric channel, and then extended to affine index assignments on a binary-asymmetric channel. Various structured index assignments are compared. Our analytic formulas provide a computationally efficient method for determining the performance of various coding schemes. One interesting result shown is that for a uniform source and uniform quantizer, the natural binary code is never optimal for a nonsymmetric channel, even though it is known to be optimal for a symmetric channel.

Randomly chosen index assignments are asymptotically bad for uniform sources

It is known that among all redundancy free codes (or index assignments) the natural binary code minimizes the mean squared error of the uniform source and uniform quantizer on a binary symmetric channel. We derive a code which maximizes the mean squared error, and demonstrate that the code is linear and its distortion is asymptotically equivalent, as the blocklength grows, to the expected distortion of an index assignment chosen uniformly at random.

Ambient Network Attachment

The efficiency of network attachment plays a crucial role in the performance of accessing services in new environments. As an example, when a moving network is changing its location relative to attachment points, the detection of the candidate access networks along with their properties and security relationships needs to be carefully managed. This paper presents the framework and mechanisms for network attachment of Ambient Networks. Different steps required for optimizing the network attachment procedure are studied, and a secure network attachment protocol is proposed.

Performance of quantizers on noisy channels using structured families of codes

Achievable distortion bounds are derived for the cascade of structured families of binary linear channel codes and binary lattice vector quantizers. It is known that for the cascade of asymptotically good channel codes and asymptotically good vector quantizers the end-to-end distortion decays to zero exponentially fast as a function of the overall transmission rate, and is achieved by choosing a channel code rate that is independent of the overall transmission rate. We show that for certain families of practical channel codes and binary lattice vector quantizers, the overall distortion can be made to decay to zero exponentially fast as a function of the square root of transmission rate. This is achieved by carefully choosing a channel code rate that decays to zero as the transmission rate grows. Explicit channel code rate schedules are obtained for several well-known families of channel codes.

Source and channel rate allocation for channel codes satisfying the Gilbert-Varshamov or Tsfasman-Vladut-Zink bounds

We derive bounds for optimal rate allocation between source and channel coding for linear channel codes that meet the Gilbert-Varshamov or Tsfasman-Vladut-Zink (1984) bounds. Formulas giving the high resolution vector quantizer distortion of these systems are also derived. In addition, we give bounds on how far below the channel capacity the transmission rate should be for a given delay constraint. The bounds obtained depend on the relationship between channel code rate and relative minimum distance guaranteed by the Gilbert-Varshamov bound, and do not require sophisticated decoding beyond the error correction limit. We demonstrate that the end-to-end mean-squared error decays exponentially fast as a function of the overall transmission rate, which need not be the case for certain well-known structured codes such as Hamming codes.

Affine index assignments for binary lattice quantization with channel noise

Two major issues in noisy channel vector quantization are complexity and sensitivity to channel errors. Structured vector quantizers and index assignments provide a low complexity solution for enhancing channel robustness. A general formula is given for the MSE performance of affine index assignments for a binary symmetric channel with an arbitrary source and a binary lattice quantizer. The result is then used to compare some well-known redundancy free codes. The binary asymmetric channel is considered for a uniform input distribution and a class of affine codes.

On the performance of affine index assignments for redundancy free source-channel coding

Summary form only given. Many popular redundancy free codes are linear or affine, including the natural binary code (NBC), the folded binary code (FBC), the Gray code (GC), and the twos complement code (TCC). A theorem which considers the channel distortion of a uniform 2/sup n/ level scalar quantizer with stepsize /spl Delta/, which uses an affine index assignment with generator matrix G to transmit across a binary symmetric channel with crossover probability q, is given. Using this theorem we compare the NBC and the FBC for any source distribution.

Classifying Security Threats in Cloud Networking

A central component of managing risks in cloud computing is to understand the nature of security threats. The relevance of security concerns are evidenced by the efforts from both the academic community and technological organizations such as NIST, ENISA and CSA, to investigate security threats and vulnerabilities related to cloud systems. Provisioning secure virtual networks (SVNs) in a multi-tenant environment is a fundamental aspect to ensure trust in public cloud systems and to encourage their adoption. However, comparing existing SVN-oriented solutions is a difficult task due to the lack of studies summarizing the main concerns of network virtualization and providing a comprehensive list of threats those solutions should cover. To address this issue, this paper presents a threat classification for cloud networking, describing threat categories and attack scenarios that should be taken into account when designing, comparing, or categorizing solutions. The classification is based o n the CSA threat report, building upon studies and surveys from the specialized literature to extend the CSA list of threats and to allow a more detailed analysis of cloud network virtualization issues.