Network coding meets multimedia: a review

While every network node only relays messages in a traditional communication system, the recent network coding (NC) paradigm proposes to implement simple in-network processing with packet combinations in the nodes. NC extends the concept of "encoding" a message beyond source coding (for compression) and channel coding (for protection against errors and losses). It has been shown to increase network throughput compared to traditional networks implementation, to reduce delay and to provide robustness to transmission errors and network dynamics. These features are so appealing for multimedia applications that they have spurred a large research effort towards the development of multimedia-specific NC techniques. This paper reviews the recent work in NC for multimedia applications and focuses on the techniques that fill the gap between NC theory and practical applications. It outlines the benefits of NC and presents the open challenges in this area. The paper initially focuses on multimedia-specific aspects of network coding, in particular delay, in-network error control, and mediaspecific error control. These aspects permit to handle varying network conditions as well as client heterogeneity, which are critical to the design and deployment of multimedia systems. After introducing these general concepts, the paper reviews in detail two applications that lend themselves naturally to NC via the cooperation and broadcast models, namely peer-to-peer multimedia streaming and wireless networkin

Routing Security Issues in Wireless Sensor Networks: Attacks and Defenses

Wireless Sensor Networks (WSNs) are rapidly emerging as an important new area in wireless and mobile computing research. Applications of WSNs are numerous and growing, and range from indoor deployment scenarios in the home and office to outdoor deployment scenarios in adversary's territory in a tactical battleground (Akyildiz et al., 2002). For military environment, dispersal of WSNs into an adversary's territory enables the detection and tracking of enemy soldiers and vehicles. For home/office environments, indoor sensor networks offer the ability to monitor the health of the elderly and to detect intruders via a wireless home security system. In each of these scenarios, lives and livelihoods may depend on the timeliness and correctness of the sensor data obtained from dispersed sensor nodes. As a result, such WSNs must be secured to prevent an intruder from obstructing the delivery of correct sensor data and from forging sensor data. To address the latter problem, end-to-end data integrity checksums and post-processing of senor data can be used to identify forged sensor data (Estrin et al., 1999; Hu et al., 2003a; Ye et al., 2004). The focus of this chapter is on routing security in WSNs. Most of the currently existing routing protocols for WSNs make an optimization on the limited capabilities of the nodes and the application-specific nature of the network, but do not any the security aspects of the protocols. Although these protocols have not been designed with security as a goal, it is extremely important to analyze their security properties. When the defender has the liabilities of insecure wireless communication, limited node capabilities, and possible insider threats, and the adversaries can use powerful laptops with high energy and long range communication to attack the network, designing a secure routing protocol for WSNs is obviously a non-trivial task.Comment: 32 pages, 5 figures, 4 tables 4. arXiv admin note: substantial text overlap with arXiv:1011.152

Security and Privacy Issues in Wireless Mesh Networks: A Survey

This book chapter identifies various security threats in wireless mesh network (WMN). Keeping in mind the critical requirement of security and user privacy in WMNs, this chapter provides a comprehensive overview of various possible attacks on different layers of the communication protocol stack for WMNs and their corresponding defense mechanisms. First, it identifies the security vulnerabilities in the physical, link, network, transport, application layers. Furthermore, various possible attacks on the key management protocols, user authentication and access control protocols, and user privacy preservation protocols are presented. After enumerating various possible attacks, the chapter provides a detailed discussion on various existing security mechanisms and protocols to defend against and wherever possible prevent the possible attacks. Comparative analyses are also presented on the security schemes with regards to the cryptographic schemes used, key management strategies deployed, use of any trusted third party, computation and communication overhead involved etc. The chapter then presents a brief discussion on various trust management approaches for WMNs since trust and reputation-based schemes are increasingly becoming popular for enforcing security in wireless networks. A number of open problems in security and privacy issues for WMNs are subsequently discussed before the chapter is finally concluded.Comment: 62 pages, 12 figures, 6 tables. This chapter is an extension of the author's previous submission in arXiv submission: arXiv:1102.1226. There are some text overlaps with the previous submissio

Spectrum sensing, spectrum monitoring, and security in cognitive radios

Spectrum sensing is a key function of cognitive radios and is used to determine whether a primary user is present in the channel or not. In this dissertation, we formulate and solve the generalized likelihood ratio test (GLRT) for spectrum sensing when both primary user transmitter and the secondary user receiver are equipped with multiple antennas. We do not assume any prior information about the channel statistics or the primary user’s signal structure. Two cases are considered when the secondary user is aware of the energy of the noise and when it is not. The final test statistics derived from GLRT are based on the eigenvalues of the sample covariance matrix. In-band spectrum sensing in overlay cognitive radio networks requires that the secondary users (SU) periodically suspend their communication in order to determine whether the primary user (PU) has started to utilize the channel. In contrast, in spectrum monitoring the SU can detect the emergence of the PU from its own receiver statistics such as receiver error count (REC). We investigate the problem of spectrum monitoring in the presence of fading where the SU employs diversity combining to mitigate the channel fading effects. We show that a decision statistic based on the REC alone does not provide a good performance. Next we introduce new decision statistics based on the REC and the combiner coefficients. It is shown that the new decision statistic achieves significant improvement in the case of maximal ratio combining (MRC). Next we consider the problem of cooperative spectrum sensing in cognitive radio networks (CRN) in the presence of misbehaving radios. We propose a novel approach based on the iterative expectation maximization (EM) algorithm to detect the presence of the primary users, to classify the cognitive radios, and to compute their detection and false alarm probabilities. We also consider the problem of centralized binary hypothesis testing in a cognitive radio network (CRN) consisting of multiple classes of cognitive radios, where the cognitive radios are classified according to the probability density function (PDF) of their received data (at the FC) under each hypotheses

Decentralizing Trust with Resilient Group Signatures in Blockchains

Blockchains have the goal of promoting the decentralization of transactions in a P2Pbased internetworking model that does not depend on centralized trust parties. Along with research on better scalability, performance, consistency control, and security guarantees in their service planes, other challenges aimed at better trust decentralization and fairness models on the research community’s agenda today. Asymmetric cryptography and digital signatures are key components of blockchain systems. As a common flaw in different blockchains, public keys and verification of single-signed transactions are handled under the principle of trust centralization. In this dissertation, we propose a better fairness and trust decentralization model by proposing a service plane for blockchains that provides support for collective digital signatures and allowing transactions to be collaboratively authenticated and verified with groupbased witnessed guarantees. The proposed solution is achieved by using resilient group signatures from randomly and dynamically assigned groups. In our approach we use Threshold-Byzantine Fault Tolerant Digital Signatures to improve the resilience and robustness of blockchain systems while preserving their decentralization nature. We have designed and implemented a modular and portable cryptographic provider that supports operations expressed by smart contracts. Our system is designed to be a service plane agnostic and adaptable to the base service planes of different blockchains. Therefore, we envision our solution as a portable, adaptable and reusable plugin service plane for blockchains, as a way to provide authenticated group-signed transactions with decentralized auditing, fairness, and long-term security guarantees and to leverage a better decentralized trust model. We conducted our experimental evaluations in a cloudbased testbench with at least sixteen blockchain nodes distributed across four different data centers, using two different blockchains and observing the proposed benefits.As blockchains tem principal objetivo de promover a descentralização das transações numa rede P2P, baseada num modelo não dependente de uma autoridade centralizada. Em conjunto com maior escalabilidade, performance, controlos de consistência e garantias de segurança nos planos de serviço, outros desafios como a melhoria do modelo de descentralização e na equidade estão na agenda da comunidade científica. Criptografia assimétrica e as assinaturas digitais são a componente chave dos sistemas de blockchains. Porém, as blockchains, chaves públicas e verificações de transações assinadas estão sobre o princípio de confiança centralizada. Nesta dissertação, vamos propor uma solução que inclui melhores condições de equidade e descentralização de confiança, modelado por um plano de serviços para a blockchain que fornece suporte para assinaturas coletivas e permite que as transações sejam autenticadas colaborativamente e verificadas com garantias das testemunhadas. Isto será conseguido usando assinaturas resilientes para grupos formados de forma aleatória e dinamicamente. A nossa solução para melhorar a resiliência das blockchains e preservar a sua natureza descentralizada, irá ser baseada em assinaturas threshold à prova de falhas Bizantinas. Com esta finalidade, iremos desenhar e implementar um provedor criptográfico modelar e portável para suportar operações criptográficas que podem ser expressas por smart-contracts. O nosso sistema será desenhado de uma forma agnóstica e adaptável a diferentes planos de serviços. Assim, imaginamos a nossa solução como um plugin portável e adaptável para as blockchains, que oferece suporte para auditoria descentralizada, justiça, e garantias de longo termo para criar modelo melhor da descentralização da base de confiança. Iremos efetuar as avaliações experimentais na cloud, correndo o nosso plano de serviço com duas implementações de blockchain e pelo menos dezasseis nós distribuídos em quatro data centres, observando os benefícios da solução proposta

Network coding for robust wireless networks

Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2012.This electronic version was submitted by the student author. The certified thesis is available in the Institute Archives and Special Collections.Cataloged from student submitted PDF version of thesis.Includes bibliographical references (p. 157-167).Wireless networks and communications promise to allow improved access to services and information, ubiquitous connectivity, and mobility. However, current wireless networks are not well-equipped to meet the high bandwidth and strict delay requirements of future applications. Wireless networks suffer from frequent losses and low throughput. We aim to provide designs for robust wireless networks. This dissertation presents protocols and algorithms that significantly improve wireless network performance and effectively overcome interference, erasures, and attacks. The key idea behind this dissertation is in understanding that wireless networks are fundamentally different from wired networks, and recognizing that directly applying techniques from wired networks to wireless networks limits performance. The key ingredient underlying our algorithms and protocols is network coding. By recognizing the algebraic nature of information, network coding breaks the convention of routing networks, and allows mixing of information in the intermediate nodes and routers. This mixing has been shown to have numerous performance benefits, e.g. increase in throughput and robustness against losses and failures. We present three protocols and algorithms, each using network coding to harness a different characteristic of the wireless medium. We address the problem of interference, erasures, and attacks in wireless networks with the following network coded designs. -- Algebraic NC exploits strategic interference to provide a distributed, randomized code construction for multi-user wireless networks. Network coding framework simplifies the multi-user wireless network model, and allows us to describe the multi-user wireless networks in an algebraic framework. This algebraic framework provides a randomized, distributed code construction, which we show achieves capacity for multicast connections as well as a certain set of non-multicast connections. -- TCP/NC efficiently and reliably delivers data over unreliable lossy wireless networks. TCP, which was designed for reliable transmission over wired networks, often experiences severe performance degradation in wireless networks. TCP/NC combines network coding's erasure correction capabilities with TCP's congestion control mechanism and reliability. We show that TCP/NC achieves significantly higher throughput than TCP in lossy networks; therefore, TCP/NC is well suited for reliable communication in lossy wireless networks. -- Algebraic Watchdog takes advantage of the broadcast nature of wireless networks to provide a secure global self-checking network. Algebraic Watchdog allows nodes to detect malicious behaviors probabilistically, and police their neighbors locally using overheard messages. Unlike traditional detection protocols which are receiver-based, this protocol gives the senders an active role in checking the nodes downstream. We provide a trellis-based inference algorithm and protocol for detection, and analyze its performance. The main contribution of this dissertation is in providing algorithms and designs for robust wireless networks using network coding. We present how network coding can be applied to overcome the challenges of operating in wireless networks. We present both analytical and simulation results to support that network coded designs, if designed with care, can bring forth significant gains, not only in terms of throughput but also in terms of reliability, security, and robustness.by MinJi Kim.Ph.D

Distributed control of coded networks

Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2010.Cataloged from PDF version of thesis.Includes bibliographical references (p. 97-101).The introduction of network coding has the potential to revolutionize the way people operate networks. For the benefits of network coding to be realized, distributed solutions are needed for various network problems. In this work, we look at three aspects of distributed control of coded networks. The first one is distributed algorithms for establishing minimum-cost multicast connections in coded networks. The subgraph optimization problem can be viewed as an linear optimization problem, and we look at algorithms that solve this problem for both static and dynamic multicasts. For static multicast, we present decentralized dual subgradient algorithms to find the min-cost subgraph. Due to the special structure of the network coding problem, we can recover a feasible primal solution after each iteration, and also derive theoretical bounds on the convergence rate in both the dual and the primal spaces. In addition, we propose heuristics to further improve our algorithm, and demonstrate through simulations that the distributed algorithm converges to the optimal subgraph quickly and is robust against network topology changes. For dynamic multicast, we introduce two types of rearrangements, link rearrangement and code rearrangement, to characterize disturbances to users. We present algorithms to solve the online network coding problem, and demonstrate through simulations that the algorithms can adapt to changing demands of the multicast group while minimizing disturbances to existing users.(cont.) The second part of our work focuses on analysis of COPE, a distributed opportunistic network coding system for wireless mesh networks. Experiments have shown that COPE can improve network throughput significantly, but current theoretical analysis fails to fully explain this performance. We argue that the key factor that shapes COPE's performance curve is the interaction between COPE and the MAC protocol. We also propose a simple modification to COPE that can further increase the network throughput. Finally, we study network coding for content distribution in peer-to-peer networks. Such systems can improve the speed of downloads and the robustness of the systems. However, they are very vulnerable to Byzantine attacks, and we need to have a signature scheme that allows nodes to check the validity of a packet without decoding. In this work, we propose such a signature scheme for network coding. Our scheme makes use of the linearity property of the packets in a coded system, and allows nodes to check the integrity of the packets received easily. We show that the proposed scheme is secure, and its overhead is negligible for large files.by Fang Zhao.Ph.D

Hardware-Assisted Dependable Systems

Unpredictable hardware faults and software bugs lead to application crashes, incorrect computations, unavailability of internet services, data losses, malfunctioning components, and consequently financial losses or even death of people. In particular, faults in microprocessors (CPUs) and memory corruption bugs are among the major unresolved issues of today. CPU faults may result in benign crashes and, more problematically, in silent data corruptions that can lead to catastrophic consequences, silently propagating from component to component and finally shutting down the whole system. Similarly, memory corruption bugs (memory-safety vulnerabilities) may result in a benign application crash but may also be exploited by a malicious hacker to gain control over the system or leak confidential data. Both these classes of errors are notoriously hard to detect and tolerate. Usual mitigation strategy is to apply ad-hoc local patches: checksums to protect specific computations against hardware faults and bug fixes to protect programs against known vulnerabilities. This strategy is unsatisfactory since it is prone to errors, requires significant manual effort, and protects only against anticipated faults. On the other extreme, Byzantine Fault Tolerance solutions defend against all kinds of hardware and software errors, but are inadequately expensive in terms of resources and performance overhead. In this thesis, we examine and propose five techniques to protect against hardware CPU faults and software memory-corruption bugs. All these techniques are hardware-assisted: they use recent advancements in CPU designs and modern CPU extensions. Three of these techniques target hardware CPU faults and rely on specific CPU features: ∆-encoding efficiently utilizes instruction-level parallelism of modern CPUs, Elzar re-purposes Intel AVX extensions, and HAFT builds on Intel TSX instructions. The rest two target software bugs: SGXBounds detects vulnerabilities inside Intel SGX enclaves, and “MPX Explained” analyzes the recent Intel MPX extension to protect against buffer overflow bugs. Our techniques achieve three goals: transparency, practicality, and efficiency. All our systems are implemented as compiler passes which transparently harden unmodified applications against hardware faults and software bugs. They are practical since they rely on commodity CPUs and require no specialized hardware or operating system support. Finally, they are efficient because they use hardware assistance in the form of CPU extensions to lower performance overhead