Keesook J. Han

Signatures for Content Distribution with Network Coding

Recent research has shown that network coding can be used in content distribution systems to improve the speed of downloads and the robustness of the systems. However, such systems are very vulnerable to attacks by malicious nodes, and we need to have a signature scheme that allows nodes to check the validity of a packet without decoding. In this paper, we propose such a signature scheme for network coding. Our scheme makes use of the linearity property of the packets in a coded system, and allows nodes to check the integrity of the packets received easily. We show that the proposed scheme is secure, and its overhead is negligible for large files.

Botnet Research Survey

Botnets are emerging threat with hundreds of millions of computers infected. A study shows that about 40% of all computers connected to the internet in the world are infected bots and controlled by attackers. This article is a survey of recent advances in botnet research. The survey classifies the botnet research into three areas: understanding botnets, detecting and tracking botnets, and defending against botnets. While botnets are widespread, the research and solutions for botnets are still in their infancy. The paper also summarizes the existing research and proposes future directions for botnet research.

On network coding for security

The use of network coding in military networks opens many interesting issues for security. The mixing of data inherent to network coding may at first appear to pose challenges, but it also enables new security approaches. In this paper, we overview the recent current theoretical understanding and application areas for network-coding based security in the areas of robustness to Byzantine attackers and of distributed signature schemes for downloads.

On counteracting Byzantine attacks in network coded peer-to-peer networks

Random linear network coding can be used in peer-to- peer networks to increase the efficiency of content distribution and distributed storage. However, these systems are particularly susceptible to Byzantine attacks. We quantify the impact of Byzantine attacks on the coded system by evaluating the probability that a receiver node fails to correctly recover a file. We show that even for a small probability of attack, the system fails with overwhelming probability. We then propose a novel signature scheme that allows packet-level Byzantine detection. This scheme allows one-hop containment of the contamination, and saves bandwidth by allowing nodes to detect and drop the contaminated packets. We compare the net cost of our signature scheme with various other Byzantine schemes, and show that when the probability of Byzantine attacks is high, our scheme is the most bandwidth efficient.

Near-Real-Time Cloud Auditing for Rapid Response

Due to the rapid emergence of Information Technology, cloud computing provides assorted advantages to service providers, developers, organizations, and customers with respect to scalability, flexibility, cost-effectiveness, and availability. However, it also introduces new challenges and concerns, especially in terms of security and privacy. One of the major security obstacles to widespread adoption of cloud computing is the lack of near-real-time audit ability. In particular, near-real-time cloud auditing, which provides timely evaluation results and rapid response, is the key to assuring the cloud. In this paper, we discuss security and privacy concerns in cloud computing and the current status of cloud auditing efforts. Next, we address the strategies for reliable cloud auditing and analyze the deficiencies of current approaches. We then discuss the summary of our case study with Amazon Cloud Watch, which is one of the most developed cloud-monitoring APIs.

T-dominance: Prioritized defense deployment for BYOD security

Bring Your Own Device (BYOD) is an enterprise information technology (IT) policy that encourages employees to use their own devices to access sensitive corporate data at work through the enterprise IT infrastructure. Many current BYOD security practices are costly to implement and intrusive to employees, which, to some degree, negate BYODs perceived benefits. To address such tension, we propose prioritized defense deployment: Instead of employing the same costly and intrusive security measures on each BYOD smartphone, more stringent threat detection/mitigation mechanisms are deployed on those representative smartphones, each of which represents, security-wise, a group of smartphones in the whole BYOD device pool. To this end, we propose a concept and a distributed algorithm, both named T-dominance, to capture the temporal-spatial pattern in an enterprise environment. We identify a few desirable properties of prioritized defense deployment, and analytically show that T-dominance satisfies such properties. We complement our analysis with simulations on real Wi-Fi association traces.

Enhancing the classification accuracy of IP geolocation

The ability to localize Internet hosts is appealing for a range of applications from online advertising to localizing cyber attacks. Recently, measurement-based approaches have been proposed to accurately identify the location of Internet hosts. These approaches typically produce erroneous results due to measurement errors. In this paper, we propose an Enhanced Learning Classifier approach for estimating the geolocation of Internet hosts with increased accuracy. Our approach extends an exisiting machine learning based approach by extracting six features from network measurements and implementing a new landmark selection policy. These enhancements allow us to mitigate problems with measurement errors and reduces average error distance in estimating location of Internet hosts. To demonstrate the accuracy of our approach, we evaluate the performance on network routers using ping measurements from PlanetLab nodes with known geographic placement. Our results demonstrate that our approach improves average accuracy by geolocating internet hosts 100 miles closer to the true geographic location versus prior measurement-based approaches.

Approximate privacy-preserving data mining on vertically partitioned data

In todays ever-increasingly digital world, the concept of data privacy has become more and more important. Researchers have developed many privacy-preserving technologies, particularly in the area of data mining and data sharing. These technologies can compute exact data mining models from private data without revealing private data, but are generally slow. We therefore present a framework for implementing efficient privacy-preserving secure approximations of data mining tasks. In particular, we implement two sketching protocols for the scalar (dot) product of two vectors which can be used as sub-protocols in larger data mining tasks. These protocols can lead to approximations which have high accuracy, low data leakage, and one to two orders of magnitude improvement in efficiency. We show these accuracy and efficiency results through extensive experimentation. We also analyze the security properties of these approximations under a security definition which, in contrast to previous definitions, allows for very efficient approximation protocols.

Intrusion Detection System Modeling

Database management system (DBMS) controls and manages the data to eliminate data redundancy and to ensure data integrity, consistency and availability, among other features. Even though DBMS vendors continue to offer greater automation and simplicity in managing databases, the need for intrusion database modeling and management practices have not been considered. Our research focuses on not only anomaly detection but also intrusion database management through planning and best practice adoption to improve operational efficiency, lower costs, privacy and security

A model for trust-based access control and delegation in mobile clouds

Abstract : Multi-tenancy, elasticity and dynamicity pose several novel challenges for access control in mobile smartphone clouds such as the Android cloud. Accessing subjects may dynamically change, resources requiring protection may be created or modified, and a subjects access requirements to resources may change during the course of the application execution. Cloud tenants may need to acquire permissions from different administrative domains based on the services they require. Moreover, all the entities participating in a cloud may not be trusted to the same degree. Traditional access control models are not adequate for mobile clouds. In this work, we propose a new access control framework for mobile smartphone clouds. We formalize a trust-based access control model with delegation for providing fine-grained access control. Our model incorporates the notion of trust in the Role-Based Access Control (RBAC) model and also formalizes the concept of trustworthy delegation.