Liumei Zhang

Efficiency optimisation signature scheme for time-critical multicast data origin authentication

A great challenge of providing authentication to time-critical multicast data is the existence of low end-to-end delay in many applications such as pay-TV and the power grid scenarios. Consequently, to balance security and efficiency is still a difficult issue. The group of secret keys reused scheme of TV-HORS still cannot meet the requirements of low time delay of computation. To describe the relationship between security and efficiency for the time-critical multicast communication scenarios, we present a Game Model of Multicast Data Origin Authentication, in this paper. By analysing our model with Shannons information and game theory, we propose an optimised re-keying scheme, contraposing the TV-HORS scheme. The advantage of breaking the security goal is negligible, even in the lowest risk-level parameter. The experiment results show that our scheme does significantly promote the efficiency of TV-HORS scheme and is the most efficient multicast data origin authentication signature scheme.

From high-availability to collapse: quantitative analysis of Cloud-Droplet-Freezing attack threats to virtual machine migration in cloud computing

Virtual machines (VM) migration can improve availability, manageability, performance and fault tolerance of systems. Current migration researches mainly focus on the promotion of the efficiency by using shared storage, priority-based policy etc.. But the effect of migration is not well concerned. In fact, once physical servers are overloaded from denial-of-service attack (DDoS) attack, a hasty migration operation not only unable to alleviate the harm of the attack, but also increases the harmfulness. In this paper, a novel DDoS attack, Cloud-Droplet-Freezing (CDF) attack, is described according to the characteristics of cloud computing cluster. Our experiments show that such attack is able to congest internal network communication of cloud server cluster, whilst consume resources of physical server. Base on the analysis of CDF attack, we highlight the method of evaluating potential threats hidden behind the normal VM migration and analyze the flaws of existing intrusion detection systems/prevention system for defensing the CDF attack.

A rational framework for secure communication

Abstract In this paper, we review the classical secure communication issues, which is always described as a set of interactive rules following a specified sequence, in the perspective of game theory. By introducing rational communication participants, we model the secure communication process in the manner of game theory to capture the interactions of distrusted communication parties. More specifically, we propose a formal framework to provide a precise description of the computation and communication rules in a secure communication game. Each player tends to behave in a way that maximizes their profits in this framework. Following the framework, the fairness of a protocol is presented according to Nash equilibrium of the communication game, as well as the equivalence condition towards a fair protocol. To verify the effectiveness of this framework, we design and implement a series of experiments. The experimental results show that our rational framework is more secure and closer to the practice compared with traditional cryptographic models, which can be a promising analysis solution for future cryptographic protocols.

PSO-BP Neural Network in Reservoir Parameter Dynamic Prediction

In compare with the traditional Artificial Neural Network, PSO-BP neutral network has fast convergence and is immune to local minimum. This paper presents an application of PSO-BP neural network for dynamic predicting small layer reservoir parameters of fault block E1f11-1 in well ZHuang 2. By defining input and output neuron number, our method firstly realizes quantization of input neuron. Then we choose proper samples for training neural network in order to build a dynamic prediction model of reservoir parameters. Such model has been successfully tested and the model itself is appropriate for predicting unknown reservoir parameters. Testing result indicates that PSO-BP neural network is superior to the genetic algorithm optimized BP neural network and the pure neural network. Finally, PSO-BP neural network gained certain achievements for dynamically predicting reservoir parameters according as dynamic production information.

Dynamic game model of botnet DDoS attack and defense

Botnet has become a popular technique for deploying Internet crimes. The command of botnet has evolved into a major way for attackers to launch Distributed Denial of Service attacks on network servers. Modelized analysis methods need to be studied for botnet attacks implements, defense, and prediction. In this paper, we propose a novel game theory-based model to describe the scenario, in which the botmaster launching Distributed Denial of Service attacks using a botnet while the defender equipped a firewall defending. In our model, we consider the following: firstly, the botmaster and the defender can be rational or irrational; secondly, the interaction between the botmaster and the defender is modeled as a dynamic game; thirdly, their supporting or not self-learning databases. We detail the analysis of eight sub-scenarios for the assumptions and give an easy-to-use algorithm for adjustment of offensive and defensive strategy. We use the OPNET to validate our model and its effectiveness. The experiment result shows that our strategy can improve the firewall abilities to lower false alarm rate FR and improve the botmaster lower exposure rate of botnet to avoid detection. Furthermore, the model is helpful to evaluate defense ability of the defender towards current botmaster attacks by analyzing attack log in sandbox. Copyright

Towards Secure P2P Network: Degenerated Node Identification and Evaluation

The security improvement of service provided by peer-to-peer (P2P) network has been widely studied. Se- curity issue of P2P is mainly related to the users of P2P services and threat of malicious software. Especially, some malicious software could threaten other P2P users and even threaten the security of the entire P2P network. In this paper, based on the analytical hierarchy process, a degenerated node evaluation model has been proposed to evaluate the node resource usage of the P2P. Moreover, an attribute clustering based collaborative filtering algorithm is de- picted for calculating the similarities between the identified degenerated node and all other nodes within a hybrid autonomous cluster. The algorithm utilizes similarity characteristics of node task resource attributes, especially CPU related attributes, to filter redundant data by feature selection. Experiments show that, the proposed model and method is feasible and has the vital significance for providing decision support and recommendation to the search node. It is practical for secure computing of P2P network.

Game Optimization for Time-Critical Multicast Data Origin Authentication: Trade Off between Security and Efficiency

Security and efficiency of messages transmission are crucial requirements for multicast data origin authentication, especially in time-critical scenarios, such as pay-TV and the smart grid. However, how to balance such equirements is still a difficult issue. Through analysis, we find that TV-HORS is more suitable for the time-critical scenarios than RSA-based and MAC-based scheme. However, the reuse times of TV-HORS scheme is still too small to suit some scenarios. In this paper, we present a Game Model of Multicast Data Origin Authentication (GMMDOA), to describe the relationship between security and efficiency for the time-critical multicast communication, contra posing the TV-HORS scheme. By analyzing our model with Shannons information and game theory, we propose an optimization scheme for update the private key. Through the security analysis of our model, the signature valid time is negligible compared with the adversary attacking time. Thus, the security of our scheme is still secure even in the lowest risk-level parameter. We present measurement results from experiments and discuss performance comparisons. It shows that, our scheme does significantly to promote the efficiency of multicast data origin authentication.