Randy Chow

An efficient and secure authentication protocol using uncertified keys

Most authentication protocols for distributed systems achieve identification and key distributions on the belief that the use of a uncertified key, i.e. the key whose freshness and authenticity cannot be immediately verified by its receiving principal while being received, should be avoided during the mid-way of an authentication process. In this paper we claim that using a uncertified key prudently can give performance advantages and not necessarily reduces the security of authentication protocols, as long as the validity of the key can be verified at the end of an authentication process. A nonce-based authentication protocol using uncertified keys is proposed. Its total number of messages is shown to be the minimal of all authentication protocols with the same formalized goals of authentication. The properties which make the protocol optimal in terms of message complexity are elaborated, and a formal logical analysis to the protocol is performed. The protocol is extended to counter the session key compromise problem and to support repeated authentication, in a more secure and flexible way without losing its optimality.

Capacity-aware multicast algorithms on heterogeneous overlay networks

The global deployment of IP multicast has been slow due to the difficulties related to heterogeneity, scalability, manageability, and lack of a robust interdomain multicast routing protocol. Application-level multicast becomes a promising alternative. Many overlay multicast systems have been proposed in recent years. However, they are insufficient in supporting applications that require any-source multicast with varied host capacities and dynamic membership. In this paper, we propose two capacity-aware multicast systems that focus on host heterogeneity, any source multicast, dynamic membership, and scalability. We extend Chord and Koorde to be capacity-aware. We then embed implicit degree-varying multicast trees on top of the overlay network and develop multicast routines that automatically follow the trees to disseminate multicast messages. The implicit trees are well balanced with the workload evenly spread across the network. We rigorously analyze the expected performance of multisource capacity-aware multicasting, which was not thoroughly addressed in any previous work. We also perform extensive simulations to evaluate the proposed multicast systems.

A new perspective in defending against DDoS

Distributed denial of service (DDoS) is a major threat to the availability of Internet services. The anonymity allowed by IP networking, together with the distributed, large scale nature of the Internet, makes DDoS attacks stealthy and difficult to counter. As various attack tools become widely available and require minimum knowledge to operate, automated anti-DDoS systems are increasingly important. This paper studies the problem of providing an anti-DoS service (called AID) for general-purpose TCP-based public servers. We design a random peer-to-peer (RP2P) network that connects the registered client networks with the registered servers. RP2P is easy to manage and its longest path length is just three hops. The AID service ensures that the registered client networks can always access the registered servers even when they are under DoS attacks. It creates the financial incentive for commercial companies to provide the service, and meets the need for enterprises without the expertise to outsource their anti-DoS operations.

Resilient Capacity-Aware Multicast Based on Overlay Networks

The global deployment of IP multicast has been slow due to the difficulties related to heterogeneity, scalability, manageability, and lack of a robust inter-domain multicast routing protocol. Application-level multicast becomes a promising alternative. Many overlay multicast systems have been proposed in recent years. However, they are insufficient in supporting applications that require large-scale any-source multicast with highly varied host capacities and highly dynamic membership. In this paper, we propose two capacity-aware multicast systems that focus on host heterogeneity, dynamic membership, scalability, and any source multicast. We extend Chord and Koorde to be capacity-aware. We then embed implicit degree-varying multicast trees on top of the overlay network and develop multicast routines that automatically follow the trees to disseminate multicast messages. The implicit trees are well balanced with workload evenly spread across the network. We also perform extensive simulations to evaluate the proposed multicast systems

Traffic dispersion strategies for multimedia streaming

Traditional multimedia streaming techniques usually assume single-path (unicast) data delivery. But when the aggregate traffic between 2 nodes exceeds the bandwidth capacity of single link/path, a feasible solution is to appropriately disperse the aggregate traffic over multiple paths between these 2 nodes. In this paper we propose a set of multi-path streaming models for MPEG video traffic transmission. In addition to the attributes (such as load balancing and security) inherited from conventional data dispersion models, the proposed multimedia dispersion models are designed to achieve high error-free frame rate based on the characteristics of MPEG video structure. Our simulation results show that significant quality improvement can be observed if the proposed streaming models are employed appropriately.

Key assignment for enforcing access control policy exceptions in distributed systems

A cryptographic key assignment scheme is proposed to enforce access control policies in which antisymmetric and transitive exceptions are included, in addition to the policies with partial ordered set (POSet) properties. In current literature, all proposed cryptographic key assignment schemes assume a user hierarchy model which can only enforce policies with POSet properties. The POSet properties are suitable for hierarchical systems. However, there are many systems, especially distributed systems handling indirect remote accesses, that cannot be modeled as a strict hierarchy. A new access control model named user hierarchy-with-exception and its enforcing key assignment scheme are proposed for those systems.There is only one key assigned to each user class in enforcing the user hierarchy model. The cost to achieve our more powerful scheme in the user hierarchy-with-exception model is one more key for each user class to memorize or one more step to access its own data.

An information model for managing domain knowledge via Faceted Taxonomies

Faceted Taxonomies are often used for managing complex knowledge within a domain. They can be used as a reference model for bottom-up new information analysis and integration. This paper proposes a domain information model that quantifies the semantics (indexing concepts) of the faceted taxonomy nodes and uses them as indexer for integrating and managing knowledge such as software requirements. Through a working example, this paper shows how the indexing concepts and concepts in knowledge (indexed concepts) are associated via semantic similarity measurement and how the associations are used for managing domain knowledge, such as merging requirements.

Reaching Semantic Interoperability through Semantic Association of Domain Standards

The vision of semantic interoperability has led much research on ontology matching. Research in this area primarily focuses on discovering similarity between entities of ontologies. The performance of proposed approaches relies on the existence of such similarity relationship and sufficient data for inferring it. However, in reality, many distributed systems do not have such presumptions. This paper addresses this challenge by associating the entities through affinity semantic (to what degree they are related in their application context). Through the analysis of a motivating example in building construction industry, this paper formally defines semantic association based on multiple-perspective domain standards. This paper hypothesizes that the establishment and the use of such standards can practically serve as a framework for reaching semantic interoperability between autonomous information systems. This paper also shows that such framework has the potential to make revolutionary impacts on workflow automation, information retrieval, and ontology matching research areas

An Information Model for Security Integration

Research on security systems has typically focused on improving the performance and reliability of a single technique, algorithm or mechanism. There is also significant potential, however, in studying security as the product of a few key systems and then analyzing how those systems can best be integrated to achieve better overall system security. Most approaches that examine integrating one or more security mechanisms have focused on a specific implementation strategy. A systematic approach to integrated system security requires an analysis of the data relationships between all of the major mechanisms leading to a model that describes and relates all of the major elements in the domain. This paper proposes a information model for integrating access control, intrusion detection and intrusion response to enhance overall system security

AID: A global anti-DoS service

Distributed denial of service (DDoS) has long been an open security problem of the Internet. Most proposed solutions require the upgrade of routers across the Internet, which is extremely difficult to realize, considering that the Internet consists of a very large number of autonomous systems with routers from different vendors deployed over decades. A promising alternative strategy is to avoid the universal upgrade of router infrastructure and instead rely on an overlay of end systems. The prior anti-DoS overlays were designed to protect emergency services for authorized clients. They assume that trust exists between authorized clients and a private server. Only authenticated traffic can pass through the overlay network to reach the server, while the attack traffic is not admitted without passing the authentication. The follow-up extension of the anti-DoS overlays for web service has other serious limitations. This paper attempts to solve an important problem. How to design an anti-DoS overlay service (called AID) that protects general-purpose public servers while overcoming the limitations of the existing systems? Anyone, including the attackers, should be able to access the server. Authentication can no longer be the means of defense. While both normal and malicious clients are given the access, AID is designed to fend off attack traffic while letting legitimate-traffic through. Its operations are completely transparent to the users (humans or hosts), the client/server software, and the internal/core routers. To connect the AID service nodes (which are end systems), we choose a random overlay network for its rich, unpredictable connectivity, short diameter, and ease of management. We use a distributed virtual-clock packet scheduling algorithm to restrict the amount of data any client can impose on AID. We analyze the properties of the AID service based on probabilistic models. Our simulations demonstrate that AID can effectively protect legitimate-traffic from attack traffic. Even when 10% of all clients attack, just 1.4% of legitimate-traffic is mistakenly blocked, no matter how aggressive the attackers are.