Guiyi Wei

A game-theoretic method of fair resource allocation for cloud computing services

As cloud-based services become more numerous and dynamic, resource provisioning becomes more and more challenging. A QoS constrained resource allocation problem is considered in this paper, in which service demanders intend to solve sophisticated parallel computing problem by requesting the usage of resources across a cloud-based network, and a cost of each computational service depends on the amount of computation. Game theory is used to solve the problem of resource allocation. A practical approximated solution with the following two steps is proposed. First, each participant solves its optimal problem independently, without consideration of the multiplexing of resource assignments. A Binary Integer Programming method is proposed to solve the independent optimization. Second, an evolutionary mechanism is designed, which changes multiplexed strategies of the initial optimal solutions of different participants with minimizing their efficiency losses. The algorithms in the evolutionary mechanism take both optimization and fairness into account. It is demonstrated that Nash equilibrium always exists if the resource allocation game has feasible solutions.

Internet Traffic Classification Using Constrained Clustering

Statistics-based Internet traffic classification using machine learning techniques has attracted extensive research interest lately, because of the increasing ineffectiveness of traditional port-based and payload-based approaches. In particular, unsupervised learning, that is, traffic clustering, is very important in real-life applications, where labeled training data are difficult to obtain and new patterns keep emerging. Although previous studies have applied some classic clustering algorithms such as K-Means and EM for the task, the quality of resultant traffic clusters was far from satisfactory. In order to improve the accuracy of traffic clustering, we propose a constrained clustering scheme that makes decisions with consideration of some background information in addition to the observed traffic statistics. Specifically, we make use of equivalence set constraints indicating that particular sets of flows are using the same application layer protocols, which can be efficiently inferred from packet headers according to the background knowledge of TCP/IP networking. We model the observed data and constraints using Gaussian mixture density and adapt an approximate algorithm for the maximum likelihood estimation of model parameters. Moreover, we study the effects of unsupervised feature discretization on traffic clustering by using a fundamental binning method. A number of real-world Internet traffic traces have been used in our evaluation, and the results show that the proposed approach not only improves the quality of traffic clusters in terms of overall accuracy and per-class metrics, but also speeds up the convergence.

Unreconciled Collisions Uncover Cloning Attacks in Anonymous RFID Systems

Cloning attacks threaten radio-frequency identification (RFID) applications but are hard to prevent. Existing cloning attack detection methods are enslaved to the knowledge of tag identifiers (IDs). Tag IDs, however, should be protected to enable and secure privacy-sensitive applications in anonymous RFID systems. In a first step, this paper tackles cloning attack detection in anonymous RFID systems without requiring tag IDs as a priori. To this end, we leverage unreconciled collisions to uncover cloning attacks. An unreconciled collision is probably due to responses from multiple tags with the same ID, exactly the evidence of cloning attacks. This insight inspires GREAT, our pioneer protocol for cloning attack detection in anonymous RFID systems. We evaluate the performance of GREAT through theoretical analysis and extensive simulations. The results show that GREAT can detect cloning attacks in anonymous RFID systems fairly fast with required accuracy. For example, when only six out of 50,000 tags are cloned, GREAT can detect the cloning attack in 75.5 s with a probability of at least 0.99.

Anonymous proxy re-encryption

Proxy re-encryption (PRE) is a public key encryption that allows a semi-trusted proxy with some information (a.k.a., re-encryption key) to transform a ciphertext under one public key into another ciphertext under another public key. Because of this special property, PRE has many applications, such as the distributed file system. Some of these applications demand that the underlying PRE scheme is anonymous under chosen-ciphertext attacks (CCAs); that is, the adversary cannot identify the recipient of the original/transformed ciphertext, even if it knows the PRE key and can launch the CCA. However, to the best of our knowledge, none of the existing PRE schemes satisfy this requirement. In this work, we propose the first anonymous PRE with CCA security and collusion resistance. Our proposal is proved in the random oracle model based on the DDH assumption. Copyright

CCA-secure ABE with outsourced decryption for fog computing

Fog computing is not a replacement but an extension of cloud computing for the prevalence of the Internet of Things (IoT) applications. In particular, fog computing inserts a middle layer named fog into the infrastructure of cloud computing to obtain the low latency, mobility and location-awareness. Due to the fog layer, the sensitive data stored in fog computing is facing more sophisticated attacks, such as chosen ciphertext attacks, than that in cloud computing. Currently, the attribute-based encryption (ABE) with outsourced decryption is the best solution for data protection in cloud computing for IoT applications. However, none of the existing schemes are CCA secure. To fill this gap, we firstly propose the CCA security model for ABE with outsourced decryption, and then present a concrete CCA-secure ABE scheme with outsourced decryption. The security analysis and experimental results show that our proposal is secure and practical for fog computing. The CCA security model for ABE with outsourced decryption is proposed.A concrete CCA-secure ABE scheme with outsourced decryption is proposed.The security analysis and experimental results show that our proposal is secure and practical for fog computing.

Identity-Based Conditional Proxy Re-Encryption

This paper proposes a new cryptographic primitive, named identity-based conditional proxy re-encryption (IBCPRE). In this primitive, a proxy with some information (a.k.a. re-encryption key) is allowed to transform a subset of ciphertexts under an identity to other ciphertexts under another identity. Due to the specific transformation, IBCPRE is very useful in encrypted email forwarding. Furthermore, we propose a concrete IBCPRE scheme based on Boneh-Franklin identity-based encryption. The proposed IBCPRE scheme is secure against the chosen ciphertext and identity attack in the random oracle.

Scheduling Parallel Cloud Computing Services: An Evolutional Game

Cloud computing is a natural evolution for data and compute centers with automated systems management, workload balancing, and virtualization technologies. Cloud-based services integrate globally distributed resources into seamless computing platforms. In an open cloud computing framework, scheduling tasks with guaranteeing QoS constrains presents a challenging technical problem. This paper presents a game theoretic method to schedule dependent computational cloud computing services with time and cost constrained. An evolutionary mechanism is designed to fairly and approximately solve the NP-hard scheduling problem.

Multi-Use Unidirectional Proxy Re-Encryption

This paper presents the first multi-use unidirectional proxy re-encryption scheme proven-secure against chosenciphertext attacks and collusion attacks in the standard model. Although our proposal features a linear ciphertext size and decryption time in the number of translations, we emphasize that it is the first multi-use and unidirectional realization of the primitive satisfying the chosen-ciphertext security and collusion resistance. The proposal gives an answer to the problem proposed by Canetti and Hohenberger at ACM CCS 2007.

EFADS: Efficient, flexible and anonymous data sharing protocol for cloud computing with proxy re-encryption

The concept of cloud computing has emerged as the next generation of computing infrastructure to reduce the costs associated with the management of hardware and software resources. It is vital to its success that cloud computing is featured efficient, flexible and secure characteristics. In this paper, we propose an efficient and anonymous data sharing protocol with flexible sharing style, named EFADS, for outsourcing data onto the cloud. Through formal security analysis, we demonstrate that EFADS provides data confidentiality and data sharers anonymity without requiring any fully-trusted party. From experimental results, we show that EFADS is more efficient than existing competing approaches. Furthermore, the proxy re-encryption scheme we propose in this paper may be independent of interests, i.e., compared to those previously reported proxy re-encryption schemes, the proposed scheme is the first pairing-free, anonymous and unidirectional proxy re-encryption scheme in the standard model.

A Game Theoretic Model for Wireless Sensor Networks with Hidden-Action Attacks

The unattended nature of wireless sensor networks makes them very vulnerable to an adversarys malicious attack. In this paper, we propose to apply game theory into solving the network security problem of wireless network. We explore game theory algorithms to model situation for wireless network with malicious nodes and investigate the attack and detection problem by modeling it as pairwise simultaneous game and spatial structured game. We consider the relationship between the nodes in a wireless sensor network to formulate the game and give the game theory algorithms in detail. We also evaluate the approach with a simulation experiment and analyze the simulation results in detail. We argue that the approach is able to support secure end-to-end communication in wireless sensor networks.