Pedro R. M. Inácio

Security issues in cloud environments: a survey

In the last few years, the appealing features of cloud computing have been fueling the integration of cloud environments in the industry, which has been consequently motivating the research on related technologies by both the industry and the academia. The possibility of paying-as-you-go mixed with an on-demand elastic operation is changing the enterprise computing model, shifting on-premises infrastructures to off-premises data centers, accessed over the Internet and managed by cloud hosting providers. Regardless of its advantages, the transition to this computing paradigm raises security concerns, which are the subject of several studies. Besides of the issues derived from Web technologies and the Internet, clouds introduce new issues that should be cleared out first in order to further allow the number of cloud deployments to increase. This paper surveys the works on cloud security issues, making a comprehensive review of the literature on the subject. It addresses several key topics, namely vulnerabilities, threats, and attacks, proposing a taxonomy for their classification. It also contains a thorough review of the main concepts concerning the security state of cloud environments and discusses several open research topics.

Detection and classification of peer-to-peer traffic: A survey

The emergence of new Internet paradigms has changed the common properties of network data, increasing the bandwidth consumption and balancing traffic in both directions. These facts raise important challenges, making it necessary to devise effective solutions for managing network traffic. Since traditional methods are rather ineffective and easily bypassed, particular attention has been paid to the development of new approaches for traffic classification. This article surveys the studies on peer-to-peer traffic detection and classification, making an extended review of the literature. Furthermore, it provides a comprehensive analysis of the concepts and strategies for network monitoring.

On EPON security issues

We discuss in detail all major security-related issues inherently present in PON systems. Ethernet PON (EPON) type networks have very specific requirements for data- and system-level security, due to combining - for the first time using Ethernet links ¿ residential and business customers with different security awareness levels and protection demands. Various types of potential network structure targeted attacks are elaborated, starting from simple passive monitoring, through flavors of denial of service (DoS), towards masquerading and theft of service (ToS), presenting a complete and detailed image of security threats in EPONs. Authentication and security mechanisms, as well as their shortcomings, are also briefly examined.

Analysis of Peer-to-Peer Traffic Using a Behavioural Method Based on Entropy

The increasing number of applications offering their services over peer-to-peer (P2P) platforms is changing the properties of the traffic within computer networks. Their massive use raises a few imperative challenges for network administrators and Internet service providers, regarding the quality of service and security of their networks. It such scenario, it is important to develop mechanisms to control and efficiently manage the P2P traffic and prepare the networks to support it, for which it is necessary to study the effect of P2P applications in the traffic of computer networks and to develop methodologies to characterise its behaviour. In this paper, the characteristics of the traffic generated by P2P applications are analysed from the behavioural point of view, and entropy is used to measure the heterogeneity embedded in the packet sizes. The results obtained show evident difference between P2P and non-P2P traffic, being the proposed approach applicable to real-time and high-speed networks with encrypted P2P traffic, where the existing methodologies are useless.

Cloud Security: State of the Art

Throughout the end of the first half and during the second half of the past century, advances in technology allowed scientists to develop computer systems. In the beginning, mostly between the forties and the sixties, single computers would fill large rooms with electronics that would consume as much power as several hundreds of modern desktop computers.

Source traffic analysis

Traffic modeling and simulation plays an important role in the area of Network Monitoring and Analysis, for it provides practitioners with efficient tools to evaluate the performance of networks and of their elements. This article focus on the traffic generated by a single source, providing an overview of what was done in the field and studying the statistical properties of the traffic produced by a personal computer, including analysis of the autocorrelation structure. Different distributions were fitted to the interarrival times, packet sizes, and byte count processes with the goal of singling out the ones most suitable for traffic generation.

Secure user authentication in cloud computing management interfaces

The degradation of the security of password-based mechanisms, combined with the increasing number of perils on the Internet, is rendering one-factor authentication outdated. This threatens the security of online operations for enterprises and end users, and consequently affects cloud computing solutions. Although cloud computing provides appealing benefits in terms of costs reduction, while increasing productivity, it introduces uncharted security issues (e.g., see [1]) beyond the ones inherited from the Internet. The emergence of mobile computing also makes authentication a priority, and has been reinforcing the need to build stronger and more resilient mechanisms; and simultaneously providing the means to develop new authentication mechanisms, namely Multi-Factor Authentication (MFA) schemes. The convergence to Single Sign-On (SSO) models is being used to eliminate or decrease password management complexity. MFA mostly appears in the form of Two-Factor Authentication (2FA) mechanisms based on One-Time Passwords (OTPs) for the second factor after standard password authentication. Such mechanisms can be based on public-key cryptography and may resort to several technologies to improve user experience, namely Quick Response (QR) codes, Short Message Service (SMSes), Trusted Platform Modules (TPMs), or even contactless Near Field Communication (NFC). Another trend leans to the adoption of risk-based authentication. Efforts for securing authentication are mainly being undertaken by the Initiative for Open AuTHentication (OATH) and the Fast IDentity Online (FIDO) alliance.

Identification of Peer-to-Peer VoIP Sessions Using Entropy and Codec Properties

Voice over Internet Protocol (VoIP) applications based on peer-to-peer (P2P) communications have been experiencing considerable growth in terms of number of users. To overcome filtering policies or protect the privacy of their users, most of these applications implement mechanisms such as protocol obfuscation or payload encryption that avoid the inspection of their traffic, making it difficult to identify its nature. The incapacity to determine the application that is responsible for a certain flow raises challenges for the effective management of the network. In this paper, a new method for the identification of VoIP sessions is presented. The proposed mechanism classifies the flows, in real-time, based on the speech codec used in the session. To make the classification lightweight, the behavioral signatures for each analyzed codec were created using only the lengths of the packets. Unlike most previous approaches, the classifier does not use the lengths of the packets individually. Instead, it explores their level of heterogeneity in real time, using entropy to emphasize such feature. The results of the performance evaluation show that the proposed method is able to identify VoIP sessions accurately and simultaneously recognize the used speech codec.

10G EPON Standardization in IEEE 802.3av Project

The IEEE 802.3av Task Force is currently working on development of the next-generation, 10 Gbit/s capable Ethernet Passive Optical Network specifications, anticipating to bring a new flavour of PON technology to life by mid 2009.

Fast synthesis of persistent fractional Brownian motion

Due to the relevance of self-similarity analysis in several research areas, there is an increased interest in methods to generate realizations of self-similar processes, namely in the ones capable of simulating long-range dependence. This article describes a new algorithm to approximate persistent fractional Brownian motions with a predefined Hurst parameter. The algorithm presents a computational complexity of O(n) and generates sequences with n (n& in; N) values with a small multiple of log2(n) variables. Because it operates in a sequential manner, the algorithm is suitable for simulations demanding real-time operation. A network traffic simulator is presented as one of its possible applications.