Zhou Su

Enhancing cloud storage security against roll-back attacks with a new fair multi-party non-repudiation protocol

Along with variant advantages, cloud storage also poses new security challenges. Potential users are reluctant to move important and sensitive data to cloud unless security challenges have been well addressed. This paper reports our on-going efforts to address three data security issues in cloud storage: repudiation, fairness, and roll-back attacks. We proposed a novel fair multi-party non-repudiation (MPNR) protocol, which provide a fair non-repudiation storage cloud and is capable of preventing roll-back attacks.

ToMo: A Two-Layer Mesh/Tree Structure for Live Streaming in P2P Overlay Network

In this paper, we introduce a hybrid approach for overlay construction and data delivery in an application-layer multicast. We combine the strong points of a tree-based structure and a mesh-based data delivery to form ToMo, a two-layer hybrid overlay. We try to reduce the number of replicated packets at a source, and reduce an effect when slow connection peers are located near the source. The overlay is constructed in the fashion of a mesh layer over a tree layer. This structure allocates the source to multicast each piece of the packet to a specific group of child peers only. Different from other approaches, we employ only push-based data delivery in order to minimize the latency. The redundancy is avoided by defining a set of well-organized mesh connections. Furthermore, in our approach, the isolated peers affected by parent departure are not facing data loss during the rejoin process since they still receive data from their neighbors via mesh connections. Simulations through ns2 demonstrate the efficiency of this solution.

Weighted trust evaluation-based malicious node detection for wireless sensor networks

Deployed in a hostile environment, the individual Sensor Node (SN) of a Wireless Sensor Network (WSN) could be easily compromised by an adversary due to constraints such as limited memory space and computing capability. Therefore, it is critical to detect and isolate compromised nodes in order to avoid being misled by the falsified information injected by adversaries through compromised nodes. However, it is challenging to secure the flat topology networks effectively because of the poor scalability and high communication overhead. On top of a hierarchical WSN architecture, a novel algorithm based on Weighted Trust Evaluation (WTE) to detect malicious nodes for hierarchical sensor networks is proposed in this paper. The hierarchical network can reduce the communication overhead among SNs by utilising clustered topology. The proposed algorithm models a cluster of SNs and detects malicious nodes by examining their weights that represent the reliability of SNs. Through intensive simulations, the accuracy and effectiveness of the proposed detection algorithm are verified.

Mitigating DDoS Attacks Using Protection Nodes in Mobile Ad Hoc Networks

Mobile Ad Hoc Networks (MANETs) allow mobile hosts to form a communication network without a prefixed infrastructure. Although it provides high flexibility, it also brings more challenges for MANETs to fight against malicious attacks. However, the property of mobility and redundancy also inspires new ideas to design defence strategy. In this paper, we propose a strategy to mitigate DDoS attacks in MANETs. Assume that a malicious attacker normally targets specific victims. The attacker will give up if the attack failed to achieve the desired goals after a certain length of attacking time. In our protection strategy, we take advantage of high redundancy and select a protection node. Once a DDoS attack has been detected, the suspicious traffic will be redirected to the protection node. The victim will function normally, and it is reasonable to expect that the attacker will stop the meaningless efforts. Through intensive simulation experiment using NS-2, we have verified the effectiveness of our approach and evaluated the cost and overhead of the system.

Overlay tree construction to distribute layered streaming by application layer multicast

With the development of broadband technologies, more and more multimedia contents such as video or bulk file are being distributed over the Internet. However, an important issue to be resolved is how to construct an efficient overlay to provide users with the acceptable throughput and delay, while receiving multimedia contents. Therefore, this paper designs a tree construction algorithm by distributing the layered steaming over the ALM in order to improve both throughput and user delay. Firstly, to improve the throughput, based on theory analysis, we define a layered degree, out/in-degree and the corresponding constraints to manage the layered streaming and nodes. Secondly, a novel method, called Bi-cast, is proposed to reduce user delay during data-transmission. Thirdly, by using the defined degrees and the Bi-cast, we present a tree construction algorithm. Both the simulation and the implementation are carried out, and the results show that our proposal can obtain better performance than other conventional methods.

Consistency Control to Manage Dynamic Contents over Vehicular Communication Networks

To improve driving comfort and provide entertainment services, vehicular communication networks (VCNs) have appeared as an emerging solution, which consists of road-side units (RSUs) and on-board units (OBUs) to distribute multimedia contents. However, as most of OBUs always request the stored contents in the RSUs, how to update the contents in these RSUs when the original changes at its original servers has become an important issue to be dealt with. This paper proposes a novel method to resolve the above problem. Firstly, based on the characteristics of peers and geographical information, we decide which replica of which content in RSUs should be updated when its original changes. Secondly, by comparing the delivery cost of wired and wireless transmission, we decide whether the updated content should be delivered from a fixed peer or other mobile peers. Lastly, the detailed algorithm is presented and summarized.

D-DOG: Securing Sensitive Data in Distributed Storage Space by Data Division and Out-Of-Order Keystream Generation

Migrating from server-attached storage to distributed storage brings new vulnerabilities in creating a secure data storage and access facility. Particularly it is a challenge on top of insecure networks or unreliable storage service providers. For example, in applications such as cloud computing where data storage is transparent to the owner. It is even harder to protect the data stored in unreliable hosts. More robust security scheme is desired to prevent adversaries from obtaining sensitive information when the data is in their hands. Meanwhile, the performance gap between the execution speed of security software and the amount of data to be processed is ever widening. A common solution to close the performance gap is through hardware implementation. This paper proposes D-DOG (Data Division and Out-of-order keystream Generation), a novel encryption method to protect data in the distributed storage environments. Aside from verifying the correctness and effectiveness of the D-DOG scheme through theoretical analysis and experimental study, we also preliminarily evaluated its hardware implementation.

An integrated Retrieval and Pre-fetching algorithms for Segmented Streaming in Mobile Peer-to-Peer Networks

In contrast to conventional P2P systems in wired networks that consist of static peers, mobile P2P are subjected to the limitations of battery power, wireless bandwidth, and the dynamically changed network topology. Challenges arise in how to improve the source discovery and data replication. In this paper, we talk about an integrated searching and prefetching algorithm for the segmented streaming in mobile peer-to-peer (P2P) Networks. Firstly, each stream is divided into several segments and each segment is assigned a priority based on theory analyses. Then, for a given segment, the different number of queries is sent to search it and the length of the query for this segment is also dynamically decided by the segment-priority to avoid the unnecessary overhead. Next, along the path where a stream is sent from the requester node, parts of the nodes on this path are selected to pre-fetch the requested segment to reduce the user delay for the next possible request. Finally, Simulation results show that better performance than the conventional methods can be achieved

An optimized design of reconfigurable PSD accelerator for online shrew DDoS attacks detection

Shrew Distributed Denial-of-Service (DDoS) attacks are stealthy, concealing their malicious activities in normal traffic. Although it is difficult to detect shrew DDoS attacks in the time domain, the existent energy exposes them in frequency domain. For this purpose, online Power Spectral Density (PSD) analysis necessitates real-time PSD data conversion. In this paper, an optimized FPGA based accelerator for real-time PSD conversion is proposed, which is based on our innovative component-reusable Auto-Correlation (AC) algorithm and the adapted 2N-point real-valued Discrete Fourier Transform (DFT) algorithm. Further optimization is achieved through the exploration of algorithm characteristics and hardware parallelism for this case. Evaluation results from both simulation and synthesis are provided. The overall design can be easily placed in a Xilinx Virtex2 Pro FGPA.

A location aware virtual infrastructure for VANETs

The dynamical network topology is the source of most challenges in VANETs (Vehicle Ad hoc Networks). In urban area, however, it is feasible to meet the challenge by taking advantage of the heavy traffic. This paper proposes a location aware virtual infrastructure (LAVI) based on recognition memory. Combining the memory of past cooperation with the location information, the mobile nodes can construct cooperative groups with recognized peers and in turn to provide a virtual infrastructure.