Somnuk Puangpronpitag

An efficient and feasible solution to ARP Spoof problem

ARP Spoof (aka. ARP cache poisoning) is a serious security problem. It can be used for Denial of Service (DoS) or Man In The Middle (MITM) attacks. There have been several solutions, proposed to solve this problem. Yet, all of the previous have some critical drawbacks such as infeasibility, unmanageability, high cost, performance penalty and ineffectiveness. Hence, in this paper, we have proposed a new solution, which is feasible, manageable, effective, low cost, platform independent and usable for both small and medium network sizes. A prototyped system, called Dynamic ARP-spoof Protection & Surveillance (DAPS) System has also been implemented and experimented on. The experimental results have demonstrated the favorable features of our solution in comparison to the previous ones.

Content-Based Text Classifiers for Pornographic Web Filtering

Due to the flood of pornographic web sites on the internet, effective Web filtering systems are essential. Web filtering based on content has become one of the important techniques to handle and filter inappropriate information on the web. We examine two machine learning algorithms (support vector machines and Naive Bayes) for pornographic web filtering based on text content. We then focus initially on Thai-language and English-language web sites. In this paper, we aim to investigate whether machine learning algorithms are suitable for web sites classification. The empirical results show that the classifier based support vector machines are more effective for pornographic web filtering than Naive Bayes classifier after testing, especially an effectiveness for the over-blocking problem.

Simple and Lightweight HTTPS Enforcement to Protect against SSL Striping Attack

SSL is a protocol for secured traffic connections. By using the SSL, HTTPS has been designed to prevent eavesdroppers and malicious users from web application services. However, man-in-the-middle attack techniques based on stripping and sniffing the HTTPS connections are still possible, causing security problems on web applications. Several scrip-kiddy tools to launch such attacks are easy to find and available on the Internet. In this paper, we therefore proposed a solution to protect against SSL striping attack. By enforcing a connection to HTTPS, our techniques determine the web URL and enforce the communication to HTTPS for protecting against the SSL striping attack. The experimental results on a test-bed have demonstrated an effectiveness and efficiency of our solution.

Explicit rate adjustment: an efficient congestion control protocol for layered multicast

In this paper, we introduce explicit rate adjustment (ERA), a new multi-rate multicast congestion control (MR-MCC) algorithm. Via ERA, the receiver explicitly adjusts its reception rate according to the network conditions using the TCP throughput equation and packet-pair probe. The design goals are responsiveness, efficiency in network utilization, scalability and fairness (including inter-protocol fairness, intra-protocol fairness, intra-session fairness and TCP-friendliness) as well as simple implementation. We have built ERA into a network simulator (ns2) and demonstrate via simulations that the goals are reached.

Cross-layer optimization of Vehicle-to-Vehicle video streaming for overtaking maneuver assistance systems

Overtaking maneuver on roads without a clear view can cause serious accident. Hence, real-time video streaming deliveries between two vehicles over Vehicular Ad Hoc Networks (VANETs) have been proposed as an overtaking maneuver assistance system. The system is also known as a V2V see-through system since it sends real-time video scenes seeing by a front vehicle to the driver of the back vehicle to help him decide on overtaking maneuver. However, sending real-time video streaming over VANET is still problematic due to delay and packet loss. Several solutions have previously proposed to fix the problems, but all of them still have some drawbacks. So, we propose in this paper a cross-layer optimization of video streams (video frame skipping, video transcoding and frame rate reduction) for overtaking environments. The proposed approach is based on IEEE 802.11 EDCA. Experimental results on our approach using OMNET++ have demonstrated some favorable points, such as bandwidth waste avoidance and acceptable video latency.

A fast and efficient authentication scheme for WAVE unicast services in vehicular networks

Recently, there have been several potential attacks (e.g., bogus message, eavesdropping, source modification, invasion of privacy, and replays) on Wireless Access in Vehicular Environment (WAVE). Several solutions have been previously proposed. However, most of them are based on Public Key Infrastructure (PKI) and authentication in broadcast services. The PKI can cause cryptographic overhead and the management difficulties of public key certificates. Also, the broadcast services would incur network congestion. Hence, this paper proposes a fast and efficient authentication scheme for WAVE unicast services to reduce the network congestion and the PKI overhead between vehicles and Road Side Units (RSU). Our scheme is based on a Pairwise Transient Key (PTK) procedure with few extra authentication steps. Performance evaluation of the new scheme has been experimented on a network simulator (NS-2). The experimental results have demonstrated the favorable features of the new scheme.

A novel challenge & response scheme against selective forwarding attacks in MANETs

A selective forwarding attack is a notorious security problem in MANET environments. The attacking method can seriously cause a failure in MANET transmission. So, several previous schemes have proposed to solve the problem. However, all of the previous schemes still have some drawbacks. Hence, in this paper, we have designed a new challenge and response scheme to detect the selective forwarding attack. The prototype of our design has also been implemented on CORE emulator, and been experimented on. The experimental results have demonstrated that our new scheme can effectively identify the selective forwarding attacker.

A Novel Authentication Scheme for V2I Communication Based on WAVE Unicast Services

One of the most challenging issues in vehicular network designs is security matter. Particularly, there have been several potential attacks (e.g., message alteration, eavesdropping, privacy violation, and replay) on Vehicle to Infrastructure (V2I) communication. Most previous studies have based on Public Key Infrastructure (PKI) and authentication in broadcast services. By relying on the PKI solutions, cryptographic overhead and the management difficulties of public key certificates can be problematic. Furthermore, broadcast services can cause network flooding. Hence, this paper proposes a novel authentication scheme based on WAVE unicast services to reduce the PKI overhead between vehicles and Road Side Units (RSU). The new scheme is based on Pairwise Transient Key (PTK) procedures with a few extra authentication steps. To evaluate the new scheme, we have experimented on a Network Simulator (NS-2) under both city and highway scenarios. The experimental results have demonstrated that our new scheme introduces only small WAVE Short Message (WSM) delay. The new scheme is also flexible to use in various scenarios under different road situations.

Multi-Rate Multicast Congestion Control by Explicit Rate Adjustment and Multicast-encouraging TCP-friendliness

Strict TCP-friendliness is a problematic issue that discourages multicast deployment on the Internet. In this paper, we therefore propose a new design of multi-rate multicast congestion control (MR-MCC) by revising our previous proposed MR-MCC protocol, namely explicit rate adjustment (ERA). In the new design, a multicast-supportive TCP-friendliness bandwidth allocation is used at intermediate nodes (routers) to motivate multicast deployment by giving more bandwidth to ERA without starving TCP. At the end node, an explicit reception rate adjustment algorithm is used. The receiver adjusts its reception rates according to the network conditions using packet-pair probe (PP). The implementation of our new ERA is done on the network simulator 2 (ns2). We demonstrate via simulations that the new ERA could provide responsiveness, fairness and the motivation for multicast deployment.

Classifying peer-to-peer traffic using protocol hierarchy

Detection and classification of peer-to-peer traffic are still difficult tasks for bandwidth shapers. First, peer-to-peer traffic is not easy to detect, and can be a serious problem. Second, some peer-to-peer applications may be desirable, while some may be undesirable. Hence, different peer-to-peer applications should also be treated differently. The previous work of peer-to-peer traffic detection still faces both problems. So, in this paper, we propose new classification mechanisms to solve the problems. Our proposed solution has been implemented by using JAVA, and experimented on a network test-bed. Experimental results have demonstrated that our extended classification mechanism can improve the peer-to-peer traffic detection and classification.