54,872 research outputs found
Efficient and Secure 5G Core Network Slice Provisioning Based on VIKOR Approach
Network slicing in 5G is expected to essentially change the way in which network operators deploy and manage vertical services with different performance requirements. Efficient and secure slice provisioning algorithms are important since network slices share the limited resources of the physical network. In this article, we first analyze the security issues in network slicing and formulate an Integer Linear Programming (ILP) model for secure 5G core network slice provisioning. Then, we propose a heuristic 5G core network slice provisioning algorithm called VIKOR-CNSP based on VIKOR, which is a multi-criteria decision making (MCDM) method. In the slice node provisioning stage, the node importance is ranked with the VIKOR approach by considering the node resource and topology attributes. The slice nodes are then provisioned according to the ranking results. In the slice link provisioning stage, the k shortest path algorithm is implemented to obtain the candidate physical paths for the slice link, and a strategy for selecting a candidate physical path is proposed to increase the slice acceptance ratio. The strategy first calculates the path factor P which is the product of the maximum link bandwidth utilization of the candidate physical path and its hop-count, and then chooses the candidate physical path with the smallest P to host the slice link. Extensive simulations show that the proposed algorithm can achieve the highest slice acceptance ratio and the largest provisioning revenue-to-cost ratio, satisfying the security constraints of 5G core network slice requests. f
Privacy-Preserving Shortest Path Computation
Navigation is one of the most popular cloud computing services. But in
virtually all cloud-based navigation systems, the client must reveal her
location and destination to the cloud service provider in order to learn the
fastest route. In this work, we present a cryptographic protocol for navigation
on city streets that provides privacy for both the client's location and the
service provider's routing data. Our key ingredient is a novel method for
compressing the next-hop routing matrices in networks such as city street maps.
Applying our compression method to the map of Los Angeles, for example, we
achieve over tenfold reduction in the representation size. In conjunction with
other cryptographic techniques, this compressed representation results in an
efficient protocol suitable for fully-private real-time navigation on city
streets. We demonstrate the practicality of our protocol by benchmarking it on
real street map data for major cities such as San Francisco and Washington,
D.C.Comment: Extended version of NDSS 2016 pape
Efficient Wireless Security Through Jamming, Coding and Routing
There is a rich recent literature on how to assist secure communication
between a single transmitter and receiver at the physical layer of wireless
networks through techniques such as cooperative jamming. In this paper, we
consider how these single-hop physical layer security techniques can be
extended to multi-hop wireless networks and show how to augment physical layer
security techniques with higher layer network mechanisms such as coding and
routing. Specifically, we consider the secure minimum energy routing problem,
in which the objective is to compute a minimum energy path between two network
nodes subject to constraints on the end-to-end communication secrecy and
goodput over the path. This problem is formulated as a constrained optimization
of transmission power and link selection, which is proved to be NP-hard.
Nevertheless, we show that efficient algorithms exist to compute both exact and
approximate solutions for the problem. In particular, we develop an exact
solution of pseudo-polynomial complexity, as well as an epsilon-optimal
approximation of polynomial complexity. Simulation results are also provided to
show the utility of our algorithms and quantify their energy savings compared
to a combination of (standard) security-agnostic minimum energy routing and
physical layer security. In the simulated scenarios, we observe that, by
jointly optimizing link selection at the network layer and cooperative jamming
at the physical layer, our algorithms reduce the network energy consumption by
half
Dovetail: Stronger Anonymity in Next-Generation Internet Routing
Current low-latency anonymity systems use complex overlay networks to conceal
a user's IP address, introducing significant latency and network efficiency
penalties compared to normal Internet usage. Rather than obfuscating network
identity through higher level protocols, we propose a more direct solution: a
routing protocol that allows communication without exposing network identity,
providing a strong foundation for Internet privacy, while allowing identity to
be defined in those higher level protocols where it adds value.
Given current research initiatives advocating "clean slate" Internet designs,
an opportunity exists to design an internetwork layer routing protocol that
decouples identity from network location and thereby simplifies the anonymity
problem. Recently, Hsiao et al. proposed such a protocol (LAP), but it does not
protect the user against a local eavesdropper or an untrusted ISP, which will
not be acceptable for many users. Thus, we propose Dovetail, a next-generation
Internet routing protocol that provides anonymity against an active attacker
located at any single point within the network, including the user's ISP. A
major design challenge is to provide this protection without including an
application-layer proxy in data transmission. We address this challenge in path
construction by using a matchmaker node (an end host) to overlap two path
segments at a dovetail node (a router). The dovetail then trims away part of
the path so that data transmission bypasses the matchmaker. Additional design
features include the choice of many different paths through the network and the
joining of path segments without requiring a trusted third party. We develop a
systematic mechanism to measure the topological anonymity of our designs, and
we demonstrate the privacy and efficiency of our proposal by simulation, using
a model of the complete Internet at the AS-level
- …