A privacy preserved and credible network protocol

This is the author accepted manuscript. The final version is available from Elsevier via the DOI in this recordThe identities of packet senders and receivers are treated as important privacy information in communication networks. Any packet can be attributed to its sender for evaluating its credibility. Existing studies mainly rely on third-party agents that contain the packet sender's identity to ensure the sender's privacy preservation and credibility. In this case, packet senders run the risk that their privacy might be leaked by the agent. To this end, this paper proposes a Privacy Preserved and Credible Network Protocol (PCNP), which authorizes the agent to hide the identities of senders and receivers, while guaranteeing the credibility of a packet. The feasibility of the PCNP deployment is analyzed, and its performance is evaluated through extensive experiments.Ministry of Science and Technology of ChinaChinese Academy of Scienc

An Architecture for Accountable Anonymous Access in the Internet-of-Things Network

This is the author accepted manuscript. The final version is available from IEEE via the DOI in this record.With the rapid development of the Internet, more and more devices are being connected to the Internet, making up the Internet-of-Things (IoT). The accountability and privacy are two important but contradictory factors to ensure the security of IoT networks. How to provide an accountable anonymous access to IoT networks is a challenging task. Since the IoT network is largely driven by services, in this paper we propose a new and efficient architecture to achieve accountable anonymous access to IoT networks based on services. In this architecture, a self-certifying identifier is proposed to efficiently identify a service. The efficiency and overhead of the proposed architecture are evaluated by virtue of the real trace collected from an Internet service provider. The experimental results show that the proposed architecture could efficiently balance accountability and privacy with acceptable overheads.This work is partially supported by the National Key Technology Research and Development Program (No. 2017YFB0801801), the National Science and Technology Major Project of the Ministry of Science and Technology of China (No. 2017ZX03001019), and the National Natural Science Foundation of China (No. 61672490 and No. 61303241)

Enhanced Internet Mobility and Privacy Using Public Cloud

Internet mobile users are concerned more and more about their privacy nowadays as both researches and real world incidents show that leaking of communication and location privacy can lead to serious consequence, and many research works have been done to anonymize individual user from aggregated location data. However, just the communication itself between the mobile users and their peers or website could collect considerable privacy of the mobile users, such as location history, to other parties. In this paper, we investigated the potential privacy risk of mobile Internet users and proposed a scalable system built on top of public cloud services that can hide mobile user’s network location and traffic from communication peers. This system creates a dynamic distributed proxy network for each mobile user to minimize performance overhead and operation cost

Privacy Protection and Mobility Enhancement in Internet

Indiana University-Purdue University Indianapolis (IUPUI)The Internet has substantially embraced mobility since last decade. Cellular data network carries majority of Internet mobile access traffic and become the de facto solution of accessing Internet in mobile fashion, while many clean-slate Internet mobility solutions were proposed but none of them has been largely deployed. Internet mobile users increasingly concern more about their privacy as both researches and real-world incidents show leaking of communication and location privacy could lead to serious consequences. Just the communication itself between mobile user and their peer users or websites could leak considerable privacy of mobile user, such as location history, to other parties. Additionally, comparing to ordinary Internet access, connecting through cellular network yet provides equivalent connection stability or longevity. In this research we proposed a novelty paradigm that leverages concurrent far-side proxies to maximize network location privacy protection and minimize interruption and performance penalty brought by mobility.To avoid the deployment feasibility hurdle we also investigated the root causes impeding popularity of existing Internet mobility proposals and proposed guidelines on how to create an economical feasible solution for this goal. Based on these findings we designed a mobility support system offered as a value-added service by mobility service providers and built on elastic infrastructure that leverages various cloud aided designs, to satisfy economic feasibility and explore the architectural trade-offs among service QoS, economic viability, security and privacy

Access Control Mechanisms in Named Data Networks:A Comprehensive Survey

Information-Centric Networking (ICN) has recently emerged as a prominent candidate for the Future Internet Architecture (FIA) that addresses existing issues with the host-centric communication model of the current TCP/IP-based Internet. Named Data Networking (NDN) is one of the most recent and active ICN architectures that provides a clean slate approach for Internet communication. NDN provides intrinsic content security where security is directly provided to the content instead of communication channel. Among other security aspects, Access Control (AC) rules specify the privileges for the entities that can access the content. In TCP/IP-based AC systems, due to the client-server communication model, the servers control which client can access a particular content. In contrast, ICN-based networks use content names to drive communication and decouple the content from its original location. This phenomenon leads to the loss of control over the content causing different challenges for the realization of efficient AC mechanisms. To date, considerable efforts have been made to develop various AC mechanisms in NDN. In this paper, we provide a detailed and comprehensive survey of the AC mechanisms in NDN. We follow a holistic approach towards AC in NDN where we first summarize the ICN paradigm, describe the changes from channel-based security to content-based security and highlight different cryptographic algorithms and security protocols in NDN. We then classify the existing AC mechanisms into two main categories: Encryption-based AC and Encryption-independent AC. Each category has different classes based on the working principle of AC (e.g., Attribute-based AC, Name-based AC, Identity-based AC, etc). Finally, we present the lessons learned from the existing AC mechanisms and identify the challenges of NDN-based AC at large, highlighting future research directions for the community.Comment: This paper has been accepted for publication by the ACM Computing Surveys. The final version will be published by the AC

APCN: A Scalable Architecture for Balancing Accountability and Privacy in Large-scale Content-based Networks

This is the author accepted manuscript. The final version is available from Elsevier via the DOI in this record. Balancing accountability and privacy has become extremely important in cyberspace, and the Internet has evolved to be dominated by content transmission. Several research efforts have been devoted to contributing to either accountability or privacy protection, but none of them has managed to consider both factors in content-based networks. An efficient solution is therefore urgently demanded by service and content providers. However, proposing such a solution is very challenging, because the following questions need to be considered simultaneously: (1) How can the conflict between privacy and accountability be avoided? (2) How is content identified and accountability performed based on packets belonging to that content? (3) How can the scalability issue be alleviated on massive content accountability in large-scale networks? To address these questions, we propose the first scalable architecture for balancing Accountability and Privacy in large-scale Content-based Networks (APCN). In particular, an innovative method for identifying content is proposed to effectively distinguish the content issued by different senders and from different flows, enabling the accountability of a content based on any of its packets. Furthermore, a new idea with double-delegate (i.e., source and local delegates) is proposed to improve the performance and alleviate the scalability issue on content accountability in large-scale networks. Extensive NS-3 experiments with real trace are conducted to validate the efficiency of the proposed APCN. The results demonstrate that APCN outperforms existing related solutions in terms of lower round-trip time and higher cache hit rate under different network configurations.National Key R&D Program of ChinaNational Science and Technology Major Project of the Ministry of Science and Technology of ChinaNational Natural Science Foundation of Chin