Steven Cheung

An efficient message authentication scheme for link state routing

We study methods for reducing the cost of secure link state routing. In secure link state routing, routers may need to verify the authenticity of many routing updates, and some routers such as border routers may need to sign many routing updates. Previous work such as public-key based schemes are very expensive computationally or have certain limitations. This paper presents an efficient solution, based on a detection-diagnosis-recovery approach, for the link state routing update authentication problem. Our scheme is scalable to handle large networks, applicable to routing protocols that use multiple-valued cost metrics, and applicable even, when link states change frequently.

Culture, Gender, and Response Bias: An Analysis of Responses to the Self-Description Questionnaire

The possibility of culture and gender differences in response styles was explored. The responses of 1,717 participants aged 12-14 years from Australia, China, Nepal, Nigeria, and the Philippines to the Self-Description Questionnaire-I (SDQ-1) were analyzed for evidence of inconsistent responding, negativity or positivity bias, lack of profile variation, and social desirability. No evidence of a major social desirability factor but relatively substantial (effect sizes above 0.20) country and Country x Gender differences in response styles were found. These styles tended to correlate with scores on the academic rather than nonacademic self-esteem scales. This result may be due to participants with higher academic ability being more able to cope with the cognitive task of interpreting and answering consistently the items of the SDQ-1. Interpretations in terms of cultural dimensions such as individualism-collectivism were considered.

Protecting routing infrastructures from denial of service using cooperative intrusion detection

We present a solution to the denial of service problem for routing infrastructures. When a network suffers from denial of service, packets cannot reach their destinations. Existing routing protocols are not, well-equipped to deal with denial of service; a misbehaving router-which may be caused by software/hardware faults, misconfiguration, or malicious attacks-may be able to disable entire networks. To protect network infrastructures from routers that incorrectly drop packets and misroute packets, we hypothesize failure models for routers and present protocols that detect and respond to those misbehaving routers. Based on realistic assumptions, we prove that our protocols have the following properties: (1) A well-behaved router never incorrectly claims another router as a misbehaving router; (2) If a network has misbehaving routers, one or more of them can be located; (3) Misbehaving routers will eventually be removed.

A lower bound for permutation routing on two-dimensional bused meshes

Abstract We prove a 0.691n lower bound for the permutation routing problem in n×n meshes with row and column buses whose propagation delay is one time unit. For meshes having non-unit-time buses, we use similar arguments to derive some simple lower bounds for the permutation routing problem.

A formal-specification based approach for protecting the domain name system

Many network applications depend on the security of the domain name system (DNS). Attacks on the DNS can cause denial of service and entity authentication to fail. In our approach, we use formal specifications to characterize DNS clients and DNS name servers, and to define a security goal. A name server should only use DNS data that is consistent with data from name servers that manage the corresponding domains (i.e. authoritative name servers). To enforce the security goal, we formally specify a DNS wrapper that examines the incoming and outgoing DNS messages of a name server to detect messages that could cause violations of the security goal, cooperates with the corresponding authoritative name servers to diagnose those messages, and drops the messages that are identified as threats. Based on the wrapper specification, we implemented a wrapper prototype and evaluated its performance. Out experiments show that the wrapper incurs reasonable overhead and is effective against DNS attacks such as cache poisoning and certain spoofing attacks.

Mesh permutation routing with locality

Given the permutation routing problem on mesh-connected arrays with a known maximum distance, d, between any source- destination pair, we show how sorting and the greedy algorithm can be combined to yield a deterministic, asymptotically optimal algorithm for solving the problem. This simple algorithm runs in d+O(df(d)) time and requires an O(f;(d)) buffer size (or O(d) time and constant buffer size if we choose f(d) to be a constant). It also gives efficient solutions to the k-k routing problem with locality.

Common Techniques Panel: Common Techniques in Fault-Tolerance and Security

It is our opinion that the security community should draw on the techniques developed by the fault-tolerance community to a significant extent; presently, there seems to be less opportunity for transfer in the other direction. The fault-tolerance community has given significant attention to the development of systems where reliability is a key requirement which pervades all aspects of the design. Security, although clearly a requirement, is often achieved through retrofitting, e.g. intrusion detection, and firewalls.

TIME LOWER BOUNDS FOR PERMUTATION ROUTING ON MULTI-DIMENSIONAL BUSED MESHES

We present time lower bounds for the permutation routing problem on three- and higher-dimensional n x…x n meshes with buses. We prove an (r–1)n/r lower bound for the general case of an r-dimensional bused mesh, r≥2, which is not as strong for low-dimensional as for higher-dimensional cases. We then use a different approach to construct a 0.705n lower bound for the three-dimensional case.

Routing with locality in partitioned-bus meshes

We show that adding partitioned-buses (as opposed to long buses that span an entire row or column) to ordinary meshes can reduce the routing time by approximately one-third for permutation routing with locality. A matching time lower bound is also proved. The result can be generalized to multi-packet routing.<<ETX>>