54,656 research outputs found
Privacy-preserving Cross-domain Routing Optimization -- A Cryptographic Approach
Today's large-scale enterprise networks, data center networks, and wide area
networks can be decomposed into multiple administrative or geographical
domains. Domains may be owned by different administrative units or
organizations. Hence protecting domain information is an important concern.
Existing general-purpose Secure Multi-Party Computation (SMPC) methods that
preserves privacy for domains are extremely slow for cross-domain routing
problems. In this paper we present PYCRO, a cryptographic protocol specifically
designed for privacy-preserving cross-domain routing optimization in Software
Defined Networking (SDN) environments. PYCRO provides two fundamental routing
functions, policy-compliant shortest path computing and bandwidth allocation,
while ensuring strong protection for the private information of domains. We
rigorously prove the privacy guarantee of our protocol. We have implemented a
prototype system that runs PYCRO on servers in a campus network. Experimental
results using real ISP network topologies show that PYCRO is very efficient in
computation and communication costs
Recommended from our members
LCDMA: Lightweight Cross-domain Mutual Identity Authentication scheme for Internet of Things
With the widespread popularity of mobile terminals in the Internet of things (IoT), the demand for cross-domain access of mobile terminals between different regions has also increased significantly. The nature of wireless communication media makes mobile terminals vulnerable to security threats in cross-domain access. Identity authentication is a prerequisite for secure data transmission in cross-domain, and it is also the first step to guarantee the credibility of data sources. Most existing authentication schemes are based on bilinear pairing or public key encryption and decryption with high computation overhead, which are not suitable for the resource-limited mobile IoT terminals. Moreover, these schemes have some security drawbacks and cannot meet the security requirements of cross-domain access. In this paper, we propose a lightweight cross-domain mutual identity authentication (LCDMA) for mobile IoT environments. LCDMA uses symmetric polynomials instead of high-complexity bilinear pairing in the traditional schemes. We theoretically analyze the security performance under the random oracle model. Our results show that LCDMA not only resists common attacks but also preserves secure traceability while guaranteeing anonymity. Performance evaluation further demonstrates that our scheme has better performance in terms of computation and communication overhead, compared with other existing representative schemes
Reconfigurable Security: Edge Computing-based Framework for IoT
In various scenarios, achieving security between IoT devices is challenging
since the devices may have different dedicated communication standards,
resource constraints as well as various applications. In this article, we first
provide requirements and existing solutions for IoT security. We then introduce
a new reconfigurable security framework based on edge computing, which utilizes
a near-user edge device, i.e., security agent, to simplify key management and
offload the computational costs of security algorithms at IoT devices. This
framework is designed to overcome the challenges including high computation
costs, low flexibility in key management, and low compatibility in deploying
new security algorithms in IoT, especially when adopting advanced cryptographic
primitives. We also provide the design principles of the reconfigurable
security framework, the exemplary security protocols for anonymous
authentication and secure data access control, and the performance analysis in
terms of feasibility and usability. The reconfigurable security framework paves
a new way to strength IoT security by edge computing.Comment: under submission to possible journal publication
Authentication and authorisation in entrusted unions
This paper reports on the status of a project whose aim is to implement and demonstrate in a real-life environment an integrated eAuthentication and eAuthorisation framework to enable trusted collaborations and delivery of services across different organisational/governmental jurisdictions. This aim will be achieved by designing a framework with assurance of claims, trust indicators, policy enforcement mechanisms and processing under encryption to address the security and confidentiality requirements of large distributed infrastructures. The framework supports collaborative secure distributed storage, secure data processing and management in both the cloud and offline scenarios and is intended to be deployed and tested in two pilot studies in two different domains, viz, Bio-security incident management and Ambient Assisted Living (eHealth). Interim results in terms of security requirements, privacy preserving authentication, and authorisation are reported
- …