Charles U. Martel

Authentic Third-party Data Publication

Integrity critical databases, such as financial data used in high-value decisions, are frequently published over the Internet. Publishers of such data must satisfy the integrity, authenticity, and non-repudiation requirements of clients. Providing this protection over public networks is costly.

A General Model for Authenticated Data Structures

Abstract Query answers from on-line databases can easily be corrupted by hackers or malicious database publishers. Thus it is important to provide mechanisms which allow clients to trust the results from on-line queries. Authentic publication allows untrusted publishers to answer securely queries from clients on behalf of trusted off-line data owners. Publishers validate answers using hard-to-forge verification objects VOs), which clients can check efficiently. This approach provides greater scalability, by making it easy to add more publishers, and better security, since on-line publishers do not need to be trusted. To make authentic publication attractive, it is important for the VOs to be small, efficient to compute, and efficient to verify. This has lead researchers to develop independently several different schemes for efficient VO computation based on specific data structures. Our goal is to develop a unifying framework for these disparate results, leading to a generalized security result. In this paper we characterize a broad class of data structures which we call Search DAGs, and we develop a generalized algorithm for the construction of VOs for Search DAGs. We prove that the VOs thus constructed are secure, and that they are efficient to compute and verify. We demonstrate how this approach easily captures existing work on simple structures such as binary trees, multi-dimensional range trees, tries, and skip lists. Once these are shown to be Search DAGs, the requisite security and efficiency results immediately follow from our general theorems. Going further, we also use Search DAGs to produce and prove the security of authenticated versions of two complex data models for efficient multi-dimensional range searches. This allows efficient VOs to be computed (size O(log N + T)) for typical one- and two-dimensional range queries, where the query answer is of size T and the database is of size N. We also show I/O-efficient schemes to construct the VOs. For a system with disk blocks of size B, we answer one-dimensional and three-sided range queries and compute the VOs with O(logB N + T/B) I/O operations using linear size data structures.

Authentic data publication over the internet

Integrity critical databases, such as financial information used in high-value decisions, are frequently published over the Internet. Publishers of such data must satisfy the integrity, authenticity, and nonrepudiation requirements of clients. Providing this protection over public data networks is an expensive proposition. This is, in part, due to the difficulty of building and running secure systems. In practice, large systems can not be verified to be secure and are frequently penetrated. The negative consequences of a system intrusion at the publisher can be severe. The problem is further complicated by data and server replication to satisfy availability and scalability requirements.To our knowledge this work is the first of its kind to give general approaches for reducing the trust required of publishers of large databases. To do this, we separate the roles of data owner and data publisher. With a few digital signatures on the part of the owner and no trust required of a publisher, we give techniques based on Merkle hash trees that publishers can use to provide authenticity and nonrepudiation of the answer to database queries posed by a client. This is done without requiring a key to be held in an on-line system, thus reducing the impact of system penetrations. By reducing the trust required of the publisher, our solution is a step towards the publication of large databases in a scalable manner.

Flexible authentication of XML documents

XML is increasingly becoming the format of choice for information exchange, in critical areas such as government, finance, healthcare and law, where integrity is of the essence. As this trend grows, one can expect that documents (or collections thereof) may get quite large, and clients may wish to query for specific segments of these documents. In critical applications, clients must be assured that they are getting complete and correct answers to their queries. Existing methods for signing XML documents cannot be used to establish that an answer to a query is complete. A simple approach has a server processing queries and certifying answers by digitally signing them with an on-line private key; however, the server, and its on-line private key, would be vulnerable to external hacking and insider attacks. We propose a new approach to signing XML documents which allows untrusted servers to answer certain types of path queries and selection queries over XML documents without the need for trusted on-line signing keys. This approach enhances both the security and scalability of publishing information in XML format over the internet. In addition, it provides greater flexibility in authenticating parts of XML documents, in response to commercial or security policy considerations.

Optimal circuits for parallel multipliers

We present new design and analysis techniques for the synthesis of parallel multiplier circuits that have smaller predicted delay than the best current multipliers. V.G. Oklobdzija et al. (1996) suggested a new approach, the Three-Dimensional Method (TDM), for Partial Product Reduction Tree (PPRT) design that produces multipliers that outperform the current best designs. The goal of TDM is to produce a minimum delay PPRT using full adders. This is done by carefully modeling the relationship of the output delays to the input delays in an adder and, then, interconnecting the adders in a globally optimal way. Oklobdzija et al. suggested a good heuristic for finding the optimal PPRT, but no proofs about the performance of this heuristic were given. We provide a formal characterization of optimal PPRT circuits and prove a number of properties about them. For the problem of summing a set of input bits within the minimum delay, we present an algorithm that produces a minimum delay circuit in time linear in the size of the inputs. Our techniques allow us to prove tight lower bounds on multiplier circuit delays. These results are combined to create a program that finds optimal TDM multiplier designs. Using this program, we can show that, while the heuristic used by Oklobdzija et al. does not always find the optimal TDM circuit, it performs very well in terms of overall PPRT circuit delay. However, our search algorithms find better PPRT circuits for reducing the delay of the entire multiplier.

Computing Maximal “Polymatroidal” Network Flows

In the “classical” network flow model, flows are constrained by the capacities of individual arcs. In the “polymatroidal” network flow model introduced in this paper, flows are constrained by the capacities of sets of arcs. Yet the essential features of the classical model are retained: the augmenting path theorem, the integral flow theorem and the max-flow min-cut theorem arc all shown to yield to straightforward generalization. We describe a maximal flow algorithm which finds augmenting paths by labeling arcs instead of nodes, as in the case of the classical model. As a counterpart of a known result for the classical model, we prove that the number of augmentations required to achieve a maximal value flow is bounded by the cube of the number of arcs in the network, provided each successive augmentation is made along a shortest augmenting path, with ties between shortest paths broken by lexicography.

Preemptive Scheduling with Release Times, Deadlines, and Due Times

Given n jobs, each of which has a release time, a deadline, and a processing requirement, the problem of determining whether there exists a preemptive schedule on m uniform machines which completes each job in the time interval between its release time and its deadline is examined. An o(m/sup 2/n/sup 4/+n/sup 5/) algorithm is presented which uses a generalisation of network flow techniques to construct such a schedule whenever one exists. This algorithm is then used with search techniques to find a schedule which minimises maximum lateness. 10 references.

Green Provisioning for Optical WDM Networks

Since the Internet consumes a large (and increasing) amount of energy, “green” strategies are desirable to help service providers (SP) operate their networks and provision services more energy efficiently. We focus on green provisioning strategies for optical wavelength-division multiplexing networks. A number of approaches from component layer to network layer are discussed, which should help improve the energy efficiency of the networks. Then, we consider a typical optical backbone network architecture, and minimize the operational power for provisioning. Typically, operational power depends on strategy (e.g., optical bypass versus traffic grooming), operations (e.g., electronic domain versus optical domain), and route. We analyze the constituents of operational power in various scenarios, and discuss the opportunities for energy savings. We propose a novel auxiliary graph, which can capture the power consumption of each provisioning operation. Based on the auxiliary graph, we develop a power-aware provisioning scheme to minimize the total operational power. Performance evaluation shows that our scheme always needs the least operational power, with comparison to a direct-lightpath approach and a traffic-grooming approach. The result also suggests proportional power consumption by operations (network equipment) and end-node traffic grooming to fully exploit the power-saving potential of optical networks.

Asynchronous PRAMs are (almost) as good as synchronous PRAMs

A PRAM (parallel random-access-machine) model that allows processors to have arbitrary asynchronous behavior is introduced. The main result shows that any n-processor CRCW (concurrent-read, concurrent-write) PRAM program can be simulated on an asynchronous CRCW PRAM using O(n) expected work per parallel step and up to n/log n log*n asynchronous processors. It is shown that a synchronization primitive for n parallel instructions can be computed using O(n) expected work by a system of asynchronous processors. Since a special case of asynchronous behavior is a fail-stop error, the simulation technique described above can convert any PRAM program into a PRAM program that is resistant to all fail-stop errors and has the same expected work as the original program.<<ETX>>

Survivable multipath provisioning with differential delay constraint in telecom mesh networks

Multipath provisioning is a key feature of next-generation SONET/SDH networks (which can be used on top of optical WDM) and they can support virtual concatenation (VCAT); thus, multipath provisioning can significantly outperform single-path provisioning in resource efficiency, service resilience, and flexibility. However, in multipath provisioning, differential delay is an important constraint which should not be ignored. We investigate survivability of service paths based on differential-delay constraint (DDC) and multipath provisioning together in a telecom backbone mesh network. We present a DDC-based K link-disjoint paths algorithm (DDCKDP) for multipath provisioning subject to DDC. We also compare it with the minimum-cost-flow (MCF) and K shortest link-disjoint paths (KDP) algorithm, using Shared Protection of the Largest Individual Traversed link (SPLIT), under dynamic service request with several different DDCs. We find that (1) exploiting link-disjoint paths is very efficient for survivable multipath provisioning; and (2) SPLIT-DDCKDP is resource efficient, has low signaling overhead, and has fast fault-recovery for survivable multipath provisioning with DDC. For a 5 ms DDC, DDCKDP can decrease the Bandwidth Blocking Ratio (BBR) by more than 100% compared with KDP in a typical US backbone network.Survivability is a critical concern in modern telecom mesh networks because the failure of a network element may cause tremendous data and revenue loss in such networks using high-capacity optical fibers employing wavelength-division multiplexing (WDM). Multipath provisioning is a key feature of next-generation SONET/SDH networks (which can be used on top of optical WDM), and they can support virtual concatenation (VCAT); thus, multipath provisioning can significantly outperform single-path provisioning in resource efficiency, service resilience, and flexibility. However, in multipath provisioning, differential delay is an important constraint that should be considered. We investigate survivability of service paths based on differential-delay constraint (DDC) and multipath provisioning together in telecom backbone mesh networks. We propose the Shared Protection of the Largest Individual Traversed link (SPLIT) method for survivable multipath provisioning and present a DDC-based algorithm for multipath routing subject to DDC. We also compare the DDC-based algorithm with the K shortest link-disjoint paths (KDP) algorithm, using SPLIT, under dynamic service requests. We find that exploiting link-disjoint paths is very efficient for survivable multipath provisioning, and our algorithm is resource-efficient, has low signaling overhead, and has fast fault recovery for survivable multipath provisioning with DDC. For a 5-ms DDC, our algorithm can decrease the bandwidth blocking ratio (BBR) significantly in typical U.S. backbone networks.