Deep Medhi

Location-aware key management scheme for wireless sensor networks

Sensor networks are composed of a large number of low power sensor devices. For secure communication among sensors, secret keys must be established between them. Recently, several pairwise key schemes have been proposed for large distributed sensor networks. These schemes randomly select a set of keys from a key pool and install the keys in the memory of each sensor. After deployment, the sensors can set up keys by using the preinstalled keys. Due to lack of tamper-resistant hardware, the sensor networks are vulnerable to node capture attacks. The information gained from captured nodes can be used to compromise communication among uncompromised sensors. Du et al. [1], Liu and Ning [2] proposed to use the known deployment information to reduce the memory requirements and mitigate the consequences of node capture attack. Our analysis shows that the assumption of random capture of sensors is too <i>weak</i>. An <i>intelligent</i> attacker can selectively capture sensors to get more information with less efforts. In addition to selective node capture attack, all recent proposals are vulnerable to node fabrication attack, in which an attacker can fabricate new sensors by manipulating the compromised secret keys and then deploy the fabricated sensors into the sensor system. To counter these attacks, we propose a grid-group scheme which uses known deployment information. Unlike the pairwise key scheme using deployment information proposed by Du et al., we uniformly deploy sensors in a large area; instead of randomly distributing keys from a large key pool to each sensor, we systematically distribute secret keys to each sensor from a structured key pool. Our performance analysis shows that our scheme requires less number of keys preinstalled for each sensor and is resilient to selective node capture attack and node fabrication attack.

A unified approach to network survivability for teletraffic networks: models, algorithms and analysis

Addresses the problem of network survivability by presenting a unified approach where the wide-area circuit-switched teletraffic network and the underlying transmission facility network are considered simultaneously. The author assumes the backbone circuit-switched teletraffic network to be nonhierarchical with dynamic call routing capabilities. The transmission facility network is considered to be sparse (as is observed for emerging fiber optic networks) and is assumed to be two-arc connected. The approach addresses the network survivability objective by considering two grade-of-service parameters: one for the traffic network under normal operating condition and the other for affected part of the network under a network failure. The author presents unified mathematical models and develops heuristic algorithms. The author then presents computational results to demonstrate the effectiveness of the unified approach. >

Dependability and security models

There is a need to quantify system properties methodically. Dependability and security models have evolved nearly independently. Therefore, it is crucial to develop a classification of dependability and security models which can meet the requirement of professionals in both fault-tolerant computing and security community. In this paper, we present a new classification of dependability and security models. First we present the classification of threats and mitigations in systems and networks. And then we present several individual model types such as availability, confidentiality, integrity, performance, reliability, survivability, safety and maintainability. Finally we show that each model type can be combined and represented by one of the model representation techniques: combinatorial (such as reliability block diagrams (RBD), reliability graphs, fault trees, attack trees), state-space (continuous time Markov chains, stochastic Petri nets, fluid stochastic Petri nets, etc) and hierarchical (e.g., fault trees in the upper level and Markov chains in the lower level). We show case studies for each individual model types as well as composite model types.

ARCH-based traffic forecasting and dynamic bandwidth provisioning for periodically measured nonstationary traffic

Network providers are often interested in providing dynamically provisioned bandwidth to customers based on periodically measured nonstationary traffic while meeting service level agreements (SLAs). In this paper, we propose a dynamic bandwidth provisioning framework for such a situation. In order to have a good sense of nonstationary periodically measured traffic data, measurements were first collected over a period of three weeks excluding the weekends in three different months from an Internet access link. To characterize the traffic data rate dynamics of these data sets, we develop a seasonal autoregressive conditional heteroskedasticity (ARCH) based model with the innovation process (disturbances) generalized to the class of heavy-tailed distributions. We observed a strong empirical evidence for the proposed model. Based on the ARCH-model, we present a probability-hop forecasting algorithm, an augmented forecast mechanism using the confidence-bounds of the mean forecast value from the conditional forecast distribution. For bandwidth estimation, we present different bandwidth provisioning schemes that allocate or deallocate the bandwidth based on the traffic forecast generated by our forecasting algorithm. These provisioning schemes are developed to allow trade off between the underprovisioning and the utilization, while addressing the overhead cost of updating bandwidth. Based on extensive studies with three different data sets, we have found that our approach provides a robust dynamic bandwidth provisioning framework for real-world periodically measured nonstationary traffic.

Multi-hour, multi-traffic class network design for virtual path-based dynamically reconfigurable wide-area ATM networks

The virtual path (VP) concept has been gaining attention in terms of effective deployment of asynchronous transfer mode (ATM) networks in recent years. In a recent paper, we outlined a framework and models for network design and management of dynamically reconfigurable ATM networks based on the virtual path concept from a network planning and management perspective. Our approach has been based on statistical multiplexing of traffic within a traffic class by using a virtual path for the class and deterministic multiplexing of different virtual paths, and on providing dynamic bandwidth and reconfigurability through virtual path concept depending on traffic load during the course of the day. In this paper, we discuss in detail, a multi-hour, multi-traffic class network (capacity) design model for providing specified quality-of-service in such dynamically reconfigurable networks. This is done based on the observation that statistical multiplexing of virtual circuits for a traffic class in a virtual path, and the deterministic multiplexing of different virtual paths leads to decoupling of the network dimensioning problem into the bandwidth estimation problem and the combined virtual path routing and capacity design problem. We discuss how bandwidth estimation can be done, then how the design problem can be solved by a decomposition algorithm by looking at the dual problem and using subgradient optimization. We provide computational results for realistic network traffic data to show the effectiveness of our approach. We show for the test problems considered, our approach does between 6% to 20% better than a local shortest-path heuristic. We also show that considering network dynamism through variation of traffic during the course of a day by doing dynamic bandwidth and virtual path reconfiguration can save between 10% and 14% in network design costs compared to a static network based on maximum busy hour traffic.

SARA: Segment aware rate adaptation algorithm for dynamic adaptive streaming over HTTP

Dynamic adaptive HTTP (DASH) based streaming is steadily becoming the most popular online video streaming technique. DASH streaming provides seamless playback by adapting the video quality to the network conditions during the video playback. A DASH server supports adaptive streaming by hosting multiple representations of the video and each representation is divided into small segments of equal playback duration. At the client end, the video player uses an adaptive bitrate selection (ABR) algorithm to decide the bitrate to be selected for each segment depending on the current network conditions. Currently, proposed ABR algorithms ignore the fact that the segment sizes significantly vary for a given video bitrate. Due to this, even though an ABR algorithm is able to measure the network bandwidth, it may fail to predict the time to download the next segment In this paper, we propose a segment-aware rate adaptation (SARA) algorithm that considers the segment size variation in addition to the estimated path bandwidth and the current buffer occupancy to accurately predict the time required to download the next segment We also developed an open source Python based emulated DASH video player, that was used to compare the performance of SARA and a basic ABR. Our results show that SARA provides a significant gain over the basic algorithm in the video quality delivered, without noticeably impacting the video switching rates.

Some approaches to solving a multihour broadband network capacity design problem with single-path routing

In this paper, we consider solution approaches to a multihour combined capacity design and routing problem which arises in the design of dynamically reconfigurable broadband communication networks that uses the virtual path concept. We present a comparative evaluation of four approaches, namely: a genetic algorithm, a Lagrangian relaxation based subgradient optimization method, a generalized proximal point algorithm with subgradient optimization, and, finally, a hybrid approach where the subgradient based method is combined with a genetic algorithm. Our computational experience on a set of test problems of varying network sizes services) shows that the hybrid approach often is the desirable choice in obtaining the minimum cost network while the genetic algorithm based approach has the most difficulty in solving large scale problems.

Multi-layered network survivability-models, analysis, architecture, framework and implementation: an overview

A major attack can significantly reduce the capability to deliver services in large-scale networked information systems. In this project, we have addressed the survivability of large scale heterogeneous information systems which consist of various services provided over multiple interconnected networks with different technologies. The communications network portions of such systems are referred to as multi-networks. We specifically address the issue of survivability due to physical attacks that destroy links and nodes in multi-networks. The end goal is to support critical services in the face of a major attack by making optimum use of network resources while minimizing network congestion. This is an area which is little studied, especially for large-scale heterogeneous systems. In this paper we present an overview of our contributions in this area.

A secure group key management scheme for hierarchical mobile ad hoc networks

In this paper, we present a secure group key management scheme for hierarchical mobile ad hoc networks. Our approach aims to improve both scalability and survivability of group key management for large-scale wireless ad hoc networks. To achieve our goal, we propose the following approaches: (1) a multi-level security model, which follows a modified Bell-La Padula security model that is suitable in a hierarchical mobile ad hoc networking environment, and (2) a decentralized group key management infrastructure to achieve such a multi-level security model. Our approaches reduce the key management overhead and improve resilience to any single point failure problem. In addition, we have developed a roaming protocol that is able to provide secure group communication involving group members from different groups without requiring new keys; an advantage of this protocol is that it is able to provide continuous group communication even when the group manager fails.

A hierarchical model to evaluate quality of experience of online services hosted by cloud computing

As online service providers utilize cloud computing to host their services, they are challenged by evaluating the quality of experience and designing redirection strategies in this complicated environment. We propose a hierarchical modeling approach that can easily combine all components of this environment. Identifying interactions among the components is the key to construct such models. In this particular environment, we first construct four sub-models: an outbound bandwidth model, a cloud computing availability model, a latency model and a cloud computing response time model. Then we use a redirection strategy graph to glue them together. We also introduce an all-in-one barometer to ease the evaluation. The numeric results show that our model serves as a very useful analytical tool for online service providers to evaluate cloud computing providers and design redirection strategies.