Flexible Verification of MPEG-4 Stream in Peer-to-Peer CDN

Abstract. The current packet based stream authentication schemes provide effective and efficient authentication over a group of packets transmitted on erasure channels. However, by fixing the packets in transmission, any packet manipulation will cause authentication failure. In p2p content delivery network where a proxy-in-the-middle is able to store, forward, transcode and transform the stream, previous schemes are simply unapplicable. To address the problem, we propose a flexible verification scheme that relies on special stream formats (i.e. Unequal Loss Protection ULP scheme [7]). We apply the so called Unequal Loss Verification ULV scheme into MPEG-4 framework. The encoding, packing, amortizing and verifying methods are elaborated in this paper. Our analysis shows that the scheme is secure and cost effective. The scheme is indeed content aware and ensures the verification rate intuitively reflecting a meaningful stream. Further on, we describe the general method of publishing and retrieving a stream in p2p CDN.

Time valid one-time signature for time-critical multicast data authentication

Abstract-It is challenging to provide authentication to timecritical multicast data, where low end-to-end delay is of crucial importance. Consequently, it requires not only efficient authentication algorithms to minimize computational cost, but also avoidance of buffering packets so that the data can be immediately processed once being presented. Desirable properties for a multicast authentication scheme also include small communication overhead, tolerance to packet loss, and resistance against malicious attacks. In this paper, we propose a novel signature model -Time Valid One-Time Signature (TV-OTS) -to boost the efficiency of regular one-time signature schemes. Based on the TV-OTS model, we design an efficient multicast authentication scheme "TV-HORS" to meet the above needs. TV-HORS combines one-way hash chains with TV-OTS to avoid frequent public key distribution. It provides fast signing/verification and buffering-free data processing, which make it one of the fastest multicast authentication schemes to date in terms of end-to-end computational latency (on the order of microseconds). In addition, TV-HORS has perfect tolerance to packet loss and strong robustness against malicious attacks. The communication overhead of TV-HORS is much smaller than regular OTS schemes, and even smaller than RSA signature. The only drawback of TV-HORS is a relatively large public key of size 8KB to 10KB, depending on parameters

Performances of Cryptographic Accumulators

International audienceCryptographic accumulators are space/time efficient data structures used to verify if a value belongs to a set. They have found many applications in networking and distributed systems since their in- troduction by Benaloh and de Mare in 1993. Despite this popularity, there is currently no performance evaluation of the different existing de- signs. Symmetric and asymmetric accumulators are used likewise without any particular argument to support either of the design. We aim to es- tablish the speed of each design and their application's domains in terms of their size and the size of the values

Performances of Cryptographic Accumulators

International audienceCryptographic accumulators are space/time efficient data structures used to verify if a value belongs to a set. They have found many applications in networking and distributed systems since their in- troduction by Benaloh and de Mare in 1993. Despite this popularity, there is currently no performance evaluation of the different existing de- signs. Symmetric and asymmetric accumulators are used likewise without any particular argument to support either of the design. We aim to es- tablish the speed of each design and their application's domains in terms of their size and the size of the values

Power-benefit analysis of erasure encoding with redundant routing in sensor networks.

One of the problems sensor networks face is adversaries corrupting nodes along the path to the base station. One way to reduce the effect of these attacks is multipath routing. This introduces some intrusion-tolerance in the network by way of redundancy but at the cost of a higher power consumption by the sensor nodes. Erasure coding can be applied to this scenario in which the base station can receive a subset of the total data sent and reconstruct the entire message packet at its end. This thesis uses two commonly used encodings and compares their performance with respect to power consumed for unencoded data in multipath routing. It is found that using encoding with multipath routing reduces the power consumption and at the same time enables the user to send reasonably large data sizes. The experiments in this thesis were performed on the Tiny OS platform with the simulations done in TOSSIM and the power measurements were taken in PowerTOSSIM. They were performed on the simple radio model and the lossy radio model provided by Tiny OS. The lossy radio model was simulated with distances of 10 feet, 15 feet and 20 feet between nodes. It was found that by using erasure encoding, double or triple the data size can be sent at the same power consumption rate as unencoded data. All the experiments were performed with the radio set at a normal transmit power, and later a high transmit power

Cybersecurity and Quantum Computing: friends or foes?

L'abstract è presente nell'allegato / the abstract is in the attachmen

Development of efficient data management and analytics tools for Intelligent sanitation network design.

Williams, Leon - Associate SupervisorAccording to the World Health Organisation, billions of people lack access to basic sanitation facilities and services, resulting in estimated 2.9 million cases of diseases and 95,000 deaths each year. This is because poor planning, design, maintenance, and access in traditional sanitation networks. Nowadays, intelligent sanitation systems leveraging the Internet of Things (IoT) technology can provide efficient and sustainable services, incorporating sensors, hardware, software, and wireless communication. Furthermore, advanced data analytics tools combined with the intelligent sanitation systems can provide a deeper insight into operations, make informed decisions, and enhance user experience, thereby improving sanitation services. The thesis provides a comprehensive review of literature on intelligent sanitation systems from both academic and industrial perspectives, with the objective of identifying recent advances, research gaps, opportunities, and challenges. Existing solutions for intelligent sanitation are fragmented and immature due to a lack of a unified framework and tool. To address these issues, the thesis introduces a generalised Sanitation-IoT (San-IoT) framework to manage sanitation facilities and a standardised Sanitation-IoT-Data Analytics (San-IoT-DA) tool to analyse sanitation data. The framework and tool can serve as a foundation for future research and development in intelligent sanitation systems. The San-IoT framework can enhance the connectivity, operability, and management of IoT-based sanitation networks. The San-IoT-DA tool is designed to standardise the collection, analysis, and management of sanitation data for providing efficient data processing and improving decision making. The feasibility of the proposed framework and tool was evaluated on a case study of the Cranfield intelligent toilet. The San-IoT framework has the potential to enable system monitoring and control, user health monitoring, user behaviour analysis, improve water usage efficiency, reduce energy consumption, and facilitate decision-making among global stakeholders. The San-IoT-DA tool can detect patterns, identify trends, predict outcomes, and detect anomalies. The thesis offers valuable insights to practitioners, academics, engineers, policymakers, and other stakeholders on leveraging IoT and data analytics to improve the efficiency, accessibility, and sustainability of the sanitation industry.PhD in Desig

Um sistema baseado na Teoria do Perigo para detectar ataques Jamming em Manets

Orientador : Prof. Dr. Aldri Luiz dos SantosCoorientadora : Profa. Dra. Michele Nogueira LimaDissertação (mestrado) - Universidade Federal do Paraná, Setor de Ciencias Exatas, Programa de Pós-Graduação em Informática. Defesa: Curitiba, 16/09/2011Bibliografia: fls. 77-87Resumo: As redes sem fio possibilitam a comunica¸c˜ao de dispositivos computacionais port'ateis, como celulares, notebooks, palmtops, entre outros. Um principal desafio 'a seguran¸ca das aplica¸c˜oes e servi¸cos dependentes das redes sem fio 'e a vulnerabilidade das comunica¸c˜oes aos ataques jamming. No escopo das redes sem fio, as redes m'oveis ad hoc (MANETs - Mobile Ad hoc Networks) permitem que os usu'arios tenham mobilidade e acessem as informa¸c˜oes de forma descentralizada empregando ondas eletromagn'eticas atrav'es do meio de transmiss˜ao sem fio. Para tentar garantir a existˆencia de uma MANET segura, robusta e confi'avel, 'e necess'ario desenvolver um sistema de detec¸c˜ao como contramedida inicial aos ataques jamming. Em face 'as limita¸c˜oes dos sistemas de detec¸c˜ao de ataques jamming existentes, este trabalho prop˜oe um sistema de detec¸c˜ao distribu'?do e flex'?vel contra ataques jamming em MANETs. O sistema de detec¸c˜ao proposto, denominado DANTE (do inglˆes, Detecting jAmming attacks by the daNger ThEory), tem como inspira¸c˜ao a teoria do perigo, a qual possui caracter'?sticas que inspiram o desenvolvimento de um sistema de detec¸c˜ao de ataques jamming nas MANETs, como a descentraliza¸c˜ao, a dinamicidade e a quantifica ¸c˜ao. O sistema DANTE 'e composto por uma arquitetura com trˆes m'odulos, denominados medi¸c˜oes e informa¸c˜oes, detec¸c˜ao bio-inspirada e resposta ao ataque jamming. O m'odulo de medi¸c˜oes e informa¸c˜oes calcula os valores das medi¸c˜oes estat'?sticas e coleta os dados provenientes da camada de enlace que sofreram interferˆencia. O m'odulo de detec ¸c˜ao bio-inspirada determina e quantifica os ataques na rede. O m'odulo de resposta ao ataque jamming toma uma a¸c˜ao apropriada de acordo com a quantifica¸c˜ao do ataque. Para avaliar o desempenho do sistema DANTE s˜ao empregados dois tipos diferentes de cen'arios. Os cen'arios s˜ao compostos por trˆes dispositivos, os quais dois deles s˜ao leg'?timos e um atua como o atacante. No primeiro cen'ario, os dispositivos s˜ao vizinhos entre si, j'a no segundo cen'ario, o dispositivo atacante 'e vizinho somente de um dispositivo leg'?timo. A fim de avaliar o sistema DANTE s˜ao empregadas as m'etricas de desempenho denominadas acur'acia e precis˜ao. Al'em disso, o sistema DANTE 'e comparado a um outro sistema de detec¸c˜ao de ataques jamming encontrado na literatura, denominado neste trabalho como CLADE. Os resultados de simula¸c˜ao mostram que o sistema DANTE possui um desempenho superior ao sistema CLADE. Al'em de obter a precis˜ao de 100% nos ataques jamming deceptivo e reativo, o sistema DANTE alcan¸cou os maiores resultados para a acur'acia nos ataques jamming deceptivo, aleat'orio e reativo.Abstract: Wireless networks make possible the communication between portable devices, such as cell phones, laptops, palmtops, among others. A main challenge to security of applications and services dependent of wireless networks is the communications vulnerability to jamming attacks. In wireless networks context, mobile ad hoc networks (MANETs) allow users to have mobility and access information in a decentralized way using electromagnetic waves to communicate by wireless medium. In order to assure the existence of a secure, robust and trustworthy MANET, it is necessary to develop a detection system against jamming attacks as initial countermeasure. In face of existing detection systems limitations, this work proposes a detection system against jamming attacks to MANETs. The detection system proposed, called DANTE (Detecting jAmming attacks by the daNger ThEory), has as inspiration danger theory, that is supported by the argumentation that immune system discerns between danger and absence of danger. DANTE system comprises an architecture with three modules, called informations and measures, bio-inspired detection and jamming response. Information and measurements module captures data from the link layer that suffered interference and calculates the values of statistical measures. Bio-inspired detection module identifies and quantifies the presence of jammers in a bio-inspired manner. The jamming response module takes an action, based on quantification, to mitigate the impact of jamming attack. The performance of DANTE system is evaluated using two different scenarios. They comprise three devices, in which two serve as sender and receiver, and one acts as the attacker. In the first scenario all devices are neighbors, and in the second one, the attacker is neighbor only of sender. Two performance metrics, called accuracy and precision, are used in order to evaluate DANTE system. Further, DANTE system is compared with another jamming detection system, called in this work as CLADE. Simulation results show that DANTE system reaches a superior performance than CLADE system. Besides DANTE system obtains a precision rate of 100% in deceptive and reactive jamming at tacks, it reaches higher values than CLADE system to accuracy rate in deceptive, random and reactive jamming attacks