667 research outputs found
Network coding meets multimedia: a review
While every network node only relays messages in a traditional communication system, the recent network coding (NC) paradigm proposes to implement simple in-network processing with packet combinations in the nodes. NC extends the concept of "encoding" a message beyond source coding (for compression) and channel coding (for protection against errors and losses). It has been shown to increase network throughput compared to traditional networks implementation, to reduce delay and to provide robustness to transmission errors and network dynamics. These features are so appealing for multimedia applications that they have spurred a large research effort towards the development of multimedia-specific NC techniques. This paper reviews the recent work in NC for multimedia applications and focuses on the techniques that fill the gap between NC theory and practical applications. It outlines the benefits of NC and presents the open challenges in this area. The paper initially focuses on multimedia-specific aspects of network coding, in particular delay, in-network error control, and mediaspecific error control. These aspects permit to handle varying network conditions as well as client heterogeneity, which are critical to the design and deployment of multimedia systems. After introducing these general concepts, the paper reviews in detail two applications that lend themselves naturally to NC via the cooperation and broadcast models, namely peer-to-peer multimedia streaming and wireless networkin
Routing Security Issues in Wireless Sensor Networks: Attacks and Defenses
Wireless Sensor Networks (WSNs) are rapidly emerging as an important new area
in wireless and mobile computing research. Applications of WSNs are numerous
and growing, and range from indoor deployment scenarios in the home and office
to outdoor deployment scenarios in adversary's territory in a tactical
battleground (Akyildiz et al., 2002). For military environment, dispersal of
WSNs into an adversary's territory enables the detection and tracking of enemy
soldiers and vehicles. For home/office environments, indoor sensor networks
offer the ability to monitor the health of the elderly and to detect intruders
via a wireless home security system. In each of these scenarios, lives and
livelihoods may depend on the timeliness and correctness of the sensor data
obtained from dispersed sensor nodes. As a result, such WSNs must be secured to
prevent an intruder from obstructing the delivery of correct sensor data and
from forging sensor data. To address the latter problem, end-to-end data
integrity checksums and post-processing of senor data can be used to identify
forged sensor data (Estrin et al., 1999; Hu et al., 2003a; Ye et al., 2004).
The focus of this chapter is on routing security in WSNs. Most of the currently
existing routing protocols for WSNs make an optimization on the limited
capabilities of the nodes and the application-specific nature of the network,
but do not any the security aspects of the protocols. Although these protocols
have not been designed with security as a goal, it is extremely important to
analyze their security properties. When the defender has the liabilities of
insecure wireless communication, limited node capabilities, and possible
insider threats, and the adversaries can use powerful laptops with high energy
and long range communication to attack the network, designing a secure routing
protocol for WSNs is obviously a non-trivial task.Comment: 32 pages, 5 figures, 4 tables 4. arXiv admin note: substantial text
overlap with arXiv:1011.152
Security and Privacy Issues in Wireless Mesh Networks: A Survey
This book chapter identifies various security threats in wireless mesh
network (WMN). Keeping in mind the critical requirement of security and user
privacy in WMNs, this chapter provides a comprehensive overview of various
possible attacks on different layers of the communication protocol stack for
WMNs and their corresponding defense mechanisms. First, it identifies the
security vulnerabilities in the physical, link, network, transport, application
layers. Furthermore, various possible attacks on the key management protocols,
user authentication and access control protocols, and user privacy preservation
protocols are presented. After enumerating various possible attacks, the
chapter provides a detailed discussion on various existing security mechanisms
and protocols to defend against and wherever possible prevent the possible
attacks. Comparative analyses are also presented on the security schemes with
regards to the cryptographic schemes used, key management strategies deployed,
use of any trusted third party, computation and communication overhead involved
etc. The chapter then presents a brief discussion on various trust management
approaches for WMNs since trust and reputation-based schemes are increasingly
becoming popular for enforcing security in wireless networks. A number of open
problems in security and privacy issues for WMNs are subsequently discussed
before the chapter is finally concluded.Comment: 62 pages, 12 figures, 6 tables. This chapter is an extension of the
author's previous submission in arXiv submission: arXiv:1102.1226. There are
some text overlaps with the previous submissio
Spectrum sensing, spectrum monitoring, and security in cognitive radios
Spectrum sensing is a key function of cognitive radios and is used to determine whether a primary user is present in the channel or not. In this dissertation, we formulate and solve the generalized likelihood ratio test (GLRT) for spectrum sensing when both primary user transmitter and the secondary user receiver are equipped with multiple antennas. We do not assume any prior information about the channel statistics or the primary user’s signal structure. Two cases are considered when the secondary user is aware of the energy of the noise and when it is not. The final test statistics derived from GLRT are based on the eigenvalues of the sample covariance matrix. In-band spectrum sensing in overlay cognitive radio networks requires that the secondary users (SU) periodically suspend their communication in order to determine whether the primary user (PU) has started to utilize the channel. In contrast, in spectrum monitoring the SU can detect the emergence of the PU from its own receiver statistics such as receiver error count (REC). We investigate the problem of spectrum monitoring in the presence of fading where the SU employs diversity combining to mitigate the channel fading effects. We show that a decision statistic based on the REC alone does not provide a good performance. Next we introduce new decision statistics based on the REC and the combiner coefficients. It is shown that the new decision statistic achieves significant improvement in the case of maximal ratio combining (MRC). Next we consider the problem of cooperative spectrum sensing in cognitive radio networks (CRN) in the presence of misbehaving radios. We propose a novel approach based on the iterative expectation maximization (EM) algorithm to detect the presence of the primary users, to classify the cognitive radios, and to compute their detection and false alarm probabilities. We also consider the problem of centralized binary hypothesis testing in a cognitive radio network (CRN) consisting of multiple classes of cognitive radios, where the cognitive radios are classified according to the probability density function (PDF) of their received data (at the FC) under each hypotheses
Decentralizing Trust with Resilient Group Signatures in Blockchains
Blockchains have the goal of promoting the decentralization of transactions in a P2Pbased
internetworking model that does not depend on centralized trust parties. Along
with research on better scalability, performance, consistency control, and security guarantees
in their service planes, other challenges aimed at better trust decentralization and
fairness models on the research community’s agenda today.
Asymmetric cryptography and digital signatures are key components of blockchain
systems. As a common flaw in different blockchains, public keys and verification of
single-signed transactions are handled under the principle of trust centralization. In this
dissertation, we propose a better fairness and trust decentralization model by proposing
a service plane for blockchains that provides support for collective digital signatures
and allowing transactions to be collaboratively authenticated and verified with groupbased
witnessed guarantees. The proposed solution is achieved by using resilient group
signatures from randomly and dynamically assigned groups. In our approach we use
Threshold-Byzantine Fault Tolerant Digital Signatures to improve the resilience and robustness
of blockchain systems while preserving their decentralization nature.
We have designed and implemented a modular and portable cryptographic provider
that supports operations expressed by smart contracts. Our system is designed to be a
service plane agnostic and adaptable to the base service planes of different blockchains.
Therefore, we envision our solution as a portable, adaptable and reusable plugin service
plane for blockchains, as a way to provide authenticated group-signed transactions with
decentralized auditing, fairness, and long-term security guarantees and to leverage a
better decentralized trust model. We conducted our experimental evaluations in a cloudbased
testbench with at least sixteen blockchain nodes distributed across four different
data centers, using two different blockchains and observing the proposed benefits.As blockchains tem principal objetivo de promover a descentralização das transações
numa rede P2P, baseada num modelo não dependente de uma autoridade centralizada.
Em conjunto com maior escalabilidade, performance, controlos de consistência e garantias
de segurança nos planos de serviço, outros desafios como a melhoria do modelo de
descentralização e na equidade estão na agenda da comunidade científica.
Criptografia assimétrica e as assinaturas digitais são a componente chave dos sistemas
de blockchains. Porém, as blockchains, chaves públicas e verificações de transações
assinadas estão sobre o princípio de confiança centralizada. Nesta dissertação, vamos
propor uma solução que inclui melhores condições de equidade e descentralização de
confiança, modelado por um plano de serviços para a blockchain que fornece suporte para
assinaturas coletivas e permite que as transações sejam autenticadas colaborativamente
e verificadas com garantias das testemunhadas. Isto será conseguido usando assinaturas
resilientes para grupos formados de forma aleatória e dinamicamente. A nossa solução
para melhorar a resiliência das blockchains e preservar a sua natureza descentralizada,
irá ser baseada em assinaturas threshold à prova de falhas Bizantinas.
Com esta finalidade, iremos desenhar e implementar um provedor criptográfico modelar
e portável para suportar operações criptográficas que podem ser expressas por
smart-contracts. O nosso sistema será desenhado de uma forma agnóstica e adaptável
a diferentes planos de serviços. Assim, imaginamos a nossa solução como um plugin
portável e adaptável para as blockchains, que oferece suporte para auditoria descentralizada,
justiça, e garantias de longo termo para criar modelo melhor da descentralização
da base de confiança. Iremos efetuar as avaliações experimentais na cloud, correndo o
nosso plano de serviço com duas implementações de blockchain e pelo menos dezasseis
nós distribuídos em quatro data centres, observando os benefícios da solução proposta
Network coding for robust wireless networks
Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2012.This electronic version was submitted by the student author. The certified thesis is available in the Institute Archives and Special Collections.Cataloged from student submitted PDF version of thesis.Includes bibliographical references (p. 157-167).Wireless networks and communications promise to allow improved access to services and information, ubiquitous connectivity, and mobility. However, current wireless networks are not well-equipped to meet the high bandwidth and strict delay requirements of future applications. Wireless networks suffer from frequent losses and low throughput. We aim to provide designs for robust wireless networks. This dissertation presents protocols and algorithms that significantly improve wireless network performance and effectively overcome interference, erasures, and attacks. The key idea behind this dissertation is in understanding that wireless networks are fundamentally different from wired networks, and recognizing that directly applying techniques from wired networks to wireless networks limits performance. The key ingredient underlying our algorithms and protocols is network coding. By recognizing the algebraic nature of information, network coding breaks the convention of routing networks, and allows mixing of information in the intermediate nodes and routers. This mixing has been shown to have numerous performance benefits, e.g. increase in throughput and robustness against losses and failures. We present three protocols and algorithms, each using network coding to harness a different characteristic of the wireless medium. We address the problem of interference, erasures, and attacks in wireless networks with the following network coded designs. -- Algebraic NC exploits strategic interference to provide a distributed, randomized code construction for multi-user wireless networks. Network coding framework simplifies the multi-user wireless network model, and allows us to describe the multi-user wireless networks in an algebraic framework. This algebraic framework provides a randomized, distributed code construction, which we show achieves capacity for multicast connections as well as a certain set of non-multicast connections. -- TCP/NC efficiently and reliably delivers data over unreliable lossy wireless networks. TCP, which was designed for reliable transmission over wired networks, often experiences severe performance degradation in wireless networks. TCP/NC combines network coding's erasure correction capabilities with TCP's congestion control mechanism and reliability. We show that TCP/NC achieves significantly higher throughput than TCP in lossy networks; therefore, TCP/NC is well suited for reliable communication in lossy wireless networks. -- Algebraic Watchdog takes advantage of the broadcast nature of wireless networks to provide a secure global self-checking network. Algebraic Watchdog allows nodes to detect malicious behaviors probabilistically, and police their neighbors locally using overheard messages. Unlike traditional detection protocols which are receiver-based, this protocol gives the senders an active role in checking the nodes downstream. We provide a trellis-based inference algorithm and protocol for detection, and analyze its performance. The main contribution of this dissertation is in providing algorithms and designs for robust wireless networks using network coding. We present how network coding can be applied to overcome the challenges of operating in wireless networks. We present both analytical and simulation results to support that network coded designs, if designed with care, can bring forth significant gains, not only in terms of throughput but also in terms of reliability, security, and robustness.by MinJi Kim.Ph.D
Distributed control of coded networks
Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2010.Cataloged from PDF version of thesis.Includes bibliographical references (p. 97-101).The introduction of network coding has the potential to revolutionize the way people operate networks. For the benefits of network coding to be realized, distributed solutions are needed for various network problems. In this work, we look at three aspects of distributed control of coded networks. The first one is distributed algorithms for establishing minimum-cost multicast connections in coded networks. The subgraph optimization problem can be viewed as an linear optimization problem, and we look at algorithms that solve this problem for both static and dynamic multicasts. For static multicast, we present decentralized dual subgradient algorithms to find the min-cost subgraph. Due to the special structure of the network coding problem, we can recover a feasible primal solution after each iteration, and also derive theoretical bounds on the convergence rate in both the dual and the primal spaces. In addition, we propose heuristics to further improve our algorithm, and demonstrate through simulations that the distributed algorithm converges to the optimal subgraph quickly and is robust against network topology changes. For dynamic multicast, we introduce two types of rearrangements, link rearrangement and code rearrangement, to characterize disturbances to users. We present algorithms to solve the online network coding problem, and demonstrate through simulations that the algorithms can adapt to changing demands of the multicast group while minimizing disturbances to existing users.(cont.) The second part of our work focuses on analysis of COPE, a distributed opportunistic network coding system for wireless mesh networks. Experiments have shown that COPE can improve network throughput significantly, but current theoretical analysis fails to fully explain this performance. We argue that the key factor that shapes COPE's performance curve is the interaction between COPE and the MAC protocol. We also propose a simple modification to COPE that can further increase the network throughput. Finally, we study network coding for content distribution in peer-to-peer networks. Such systems can improve the speed of downloads and the robustness of the systems. However, they are very vulnerable to Byzantine attacks, and we need to have a signature scheme that allows nodes to check the validity of a packet without decoding. In this work, we propose such a signature scheme for network coding. Our scheme makes use of the linearity property of the packets in a coded system, and allows nodes to check the integrity of the packets received easily. We show that the proposed scheme is secure, and its overhead is negligible for large files.by Fang Zhao.Ph.D
Hardware-Assisted Dependable Systems
Unpredictable hardware faults and software bugs lead to application crashes, incorrect computations, unavailability of internet services, data losses, malfunctioning components, and consequently financial losses or even death of people. In particular, faults in microprocessors (CPUs) and memory corruption bugs are among the major unresolved issues of today. CPU faults may result in benign crashes and, more problematically, in silent data corruptions that can lead to catastrophic consequences, silently propagating from component to component and finally shutting down the whole system. Similarly, memory corruption bugs (memory-safety vulnerabilities) may result in a benign application crash but may also be exploited by a malicious hacker to gain control over the system or leak confidential data.
Both these classes of errors are notoriously hard to detect and tolerate. Usual mitigation strategy is to apply ad-hoc local patches: checksums to protect specific computations against hardware faults and bug fixes to protect programs against known vulnerabilities. This strategy is unsatisfactory since it is prone to errors, requires significant manual effort, and protects only against anticipated faults. On the other extreme, Byzantine Fault Tolerance solutions defend against all kinds of hardware and software errors, but are inadequately expensive in terms of resources and performance overhead.
In this thesis, we examine and propose five techniques to protect against hardware CPU faults and software memory-corruption bugs. All these techniques are hardware-assisted: they use recent advancements in CPU designs and modern CPU extensions. Three of these techniques target hardware CPU faults and rely on specific CPU features: ∆-encoding efficiently utilizes instruction-level parallelism of modern CPUs, Elzar re-purposes Intel AVX extensions, and HAFT builds on Intel TSX instructions. The rest two target software bugs: SGXBounds detects vulnerabilities inside Intel SGX enclaves, and “MPX Explained” analyzes the recent Intel MPX extension to protect against buffer overflow bugs.
Our techniques achieve three goals: transparency, practicality, and efficiency. All our systems are implemented as compiler passes which transparently harden unmodified applications against hardware faults and software bugs. They are practical since they rely on commodity CPUs and require no specialized hardware or operating system support. Finally, they are efficient because they use hardware assistance in the form of CPU extensions to lower performance overhead
- …