13 research outputs found
Hybrid Digital/Analog Schemes for Secure Transmission with Side Information
Recent results on source-channel coding for secure transmission show that
separation holds in several cases under some less-noisy conditions. However, it
has also been proved through a simple counterexample that pure analog schemes
can be optimal and hence outperform digital ones. According to these
observations and assuming matched-bandwidth, we present a novel hybrid
digital/analog scheme that aims to gather the advantages of both digital and
analog ones. In the quadratic Gaussian setup when side information is only
present at the eavesdropper, this strategy is proved to be optimal.
Furthermore, it outperforms both digital and analog schemes and cannot be
achieved via time-sharing. An application example to binary symmetric sources
with side information is also investigated.Comment: 11 pages, 6 figures, 1 table. To be presented at ITW 201
End-to-end security in active networks
Active network solutions have been proposed to many of the problems caused by the increasing heterogeneity of the Internet. These ystems allow nodes within the network to process data passing through in several ways. Allowing code from various sources to run on routers introduces numerous security concerns that have been addressed by research into safe languages, restricted execution environments, and other related areas. But little attention has been paid to an even more critical question: the effect on end-to-end security of active flow manipulation. This thesis first examines the threat model implicit in active networks. It develops a framework of security protocols in use at various layers of the networking stack, and their utility to multimedia transport and flow processing, and asks if it is reasonable to give active routers access to the plaintext of these flows. After considering the various security problem introduced, such as vulnerability to attacks on intermediaries or coercion, it concludes not. We then ask if active network systems can be built that maintain end-to-end security without seriously degrading the functionality they provide. We describe the design and analysis of three such protocols: a distributed packet filtering system that can be used to adjust multimedia bandwidth requirements and defend against denial-of-service attacks; an efficient composition of link and transport-layer reliability mechanisms that increases the performance of TCP over lossy wireless links; and a distributed watermarking servicethat can efficiently deliver media flows marked with the identity of their recipients. In all three cases, similar functionality is provided to designs that do not maintain end-to-end security. Finally, we reconsider traditional end-to-end arguments in both networking and security, and show that they have continuing importance for Internet design. Our watermarking work adds the concept of splitting trust throughout a network to that model; we suggest further applications of this idea
Multi-layer traffic control for wireless networks
Le reti Wireless LAN, così come definite dallo standard IEEE 802.11, garantiscono connettività senza fili nei cosiddetti “hot-spot” (aeroporti, hotel, etc.), nei campus universitari, nelle intranet aziendali e nelle abitazioni. In tali scenari, le WLAN sono denotate come “ad infrastruttura” nel senso che la copertura della rete è basata sulla presenza di un “Access Point” che fornisce alle stazioni mobili l’accesso alla rete cablata. Esiste un ulteriore approccio (chiamato “ad-hoc”) in cui le stazioni mobili appartenenti alla WLAN comunicano tra di loro senza l’ausilio dell’Access Point.
Le Wireless LAN tipicamente sono connesse alla rete di trasporto (che essa sia Internet o una Intranet aziendale) usando un’infrastruttura cablata. Le reti wireless Mesh ad infrastruttura (WIMN) rappresentano un’alternativa valida e meno costosa alla classica infrastruttura cablata. A testimonianza di quanto appena affermato vi è la comparsa e la crescita sul mercato di diverse aziende specializzate nella fornitura di infrastrutture di trasporto wireless e il lancio di varie attività di standardizzazione (tra cui spicca il gruppo 802.11s).
La facilità di utilizzo, di messa in opera di una rete wireless e i costi veramente ridotti hanno rappresentato fattori critici per lo straordinario successo di tale tecnologia. Di conseguenza possiamo affermare che la tecnologia wireless ha modificato lo stile di vita degli utenti, il modo di lavorare, il modo di passare il tempo libero (video conferenze, scambio foto, condivisione di brani musicali, giochi in rete, messaggistica istantanea ecc.).
D’altro canto, lo sforzo per garantire lo sviluppo di reti capaci di supportare servizi dati ubiqui a velocità di trasferimento elevate è strettamente legato a numerose sfide tecniche tra cui: il supporto per l’handover tra differenti tecnologie (WLAN/3G), la certezza di accesso e autenticazione sicure, la fatturazione e l’accounting unificati, la garanzia di QoS ecc.
L’attività di ricerca svolta nell’arco del Dottorato si è focalizzata sulla definizione di meccanismi multi-layer per il controllo del traffico in reti wireless. In particolare, nuove soluzioni di controllo del traffico sono state realizzate a differenti livelli della pila protocollare (dallo strato data-link allo strato applicativo) in modo da fornire: funzionalità avanzate (autenticazione sicura, differenziazione di servizio, handover trasparente) e livelli soddisfacenti di Qualità del Servizio.
La maggior parte delle soluzioni proposte in questo lavoro di tesi sono state implementate in test-bed reali.
Questo lavoro riporta i risultati della mia attività di ricerca ed è organizzato nel seguente modo: ogni capitolo presenta, ad uno specifico strato della pila protocollare, un meccanismo di controllo del traffico con l’obiettivo di risolvere le problematiche presentate precedentemente.
I Capitoli 1 e 2 fanno riferimento allo strato di Trasporto ed investigano il problema del mantenimento della fairness per le connessioni TCP. L’unfairness TCP conduce ad una significativa degradazione delle performance implicando livelli non soddisfacenti di QoS. Questi capitoli descrivono l’attività di ricerca in cui ho impiegato il maggior impegno durante gli studi del dottorato. Nel capitolo 1 viene presentato uno studio simulativo delle problematiche di unfairness TCP e vengono introdotti due possibili soluzioni basate su rate-control. Nel Capitolo 2 viene derivato un modello analitico per la fairness TCP e si propone uno strumento per la personalizzazione delle politiche di fairness. Il capitolo 3 si focalizza sullo strato Applicativo e riporta diverse soluzioni di controllo del traffico in grado di garantire autenticazione sicura in scenari di roaming tra provider wireless. Queste soluzioni rappresentano parte integrante del framework UniWireless, un testbed nazionale sviluppato nell’ambito del progetto TWELVE.
Il capitolo 4 descrive, nuovamente a strato Applicativo, una soluzione (basata su SIP) per la gestione della mobilità degli utenti in scenari di rete eterogenei ovvero quando diverse tecnologie di accesso radio sono presenti (802.11/WiFi, Bluetooth, 2.5G/3G).
Infine il Capitolo 5 fa riferimento allo strato Data-Link presentando uno studio preliminare di un approccio per il routing e il load-balancing in reti Mesh infrastrutturate.Wireless LANs, as they have been defined by the IEEE 802.11 standard, are shared media enabling connectivity in the so-called “hot-spots” (airports, hotel lounges, etc.), university campuses, enterprise intranets, as well as “in-home” for home internet access.
With reference to the above scenarios, WLANs are commonly denoted as “infra-structured” in the sense that WLAN coverage is based on “Access Points” which provide the mobile stations with access to the wired network. In addition to this approach, there exists also an “ad-hoc” mode to organize WLANs where mobile stations talk to each other without the need of Access Points.
Wireless LANs are typically connected to the wired backbones (Internet or corporate intranets) using a wired infrastructure. Wireless Infrastructure Mesh Networks (WIMN) may represent a viable and cost-effective alternative to this traditional wired approach. This is witnessed by the emergence and growth of many companies specialized in the provisioning of wireless infrastructure solutions, as well as the launch of standardization activities (such as 802.11s).
The easiness of deploying and using a wireless network, and the low deployment costs have been critical factors in the extraordinary success of such technology. As a logical consequence, the wireless technology has allowed end users being connected everywhere – every time and it has changed several things in people’s lifestyle, such as the way people work, or how they live their leisure time (videoconferencing, instant photo or music sharing, network gaming, etc.).
On the other side, the effort to develop networks capable of supporting ubiquitous data services with very high data rates in strategic locations is linked with many technical challenges including seamless vertical handovers across WLAN and 3G radio technologies, security, 3G-based authentication, unified accounting and billing, consistent QoS and service provisioning, etc.
My PhD research activity have been focused on multi-layer traffic control for Wireless LANs. In particular, specific new traffic control solutions have been designed at different layers of the protocol stack (from the link layer to the application layer) in order to guarantee i) advanced features (secure authentication, service differentiation, seamless handover) and ii) satisfactory level of perceived QoS. Most of the proposed solutions have been also implemented in real testbeds.
This dissertation presents the results of my research activity and is organized as follows: each Chapter presents, at a specific layer of the protocol stack, a traffic control mechanism in order to address the introduced above issues.
Chapter 1 and Charter 2 refer to the Transport Layer, and they investigate the problem of maintaining fairness for TCP connections. TCP unfairness may result in significant degradation of performance leading to users perceiving unsatisfactory Quality of Service. These Chapters describe the research activity in which I spent the most significant effort. Chapter 1 proposes a simulative study of the TCP fairness issues and two different solutions based on Rate Control mechanism. Chapter 2 illustrates an analytical model of the TCP fairness and derives a framework allowing wireless network providers to customize fairness policies.
Chapter 3 focuses on the Application Layer and it presents new traffic control solutions able to guarantee secure authentication in wireless inter-provider roaming scenarios. These solutions are an integral part of the UniWireless framework, a nationwide distributed Open Access testbed that has been jointly realized by different research units within the TWELVE national project.
Chapter 4 describes again an Application Layer solution, based on Session Initiation Protocol to manage user mobility and provide seamless mobile multimedia services in a heterogeneous scenario where different radio access technologies are used (802.11/WiFi, Bluetooth, 2.5G/3G networks).
Finally Chapter 5 refers to the Data Link Layer and presents a preliminary study of a general approach for routing and load balancing in Wireless Infrastructure Mesh Network. The key idea is to dynamically select routes among a set of slowly changing alternative network paths, where paths are created through the reuse of classical 802.1Q multiple spanning tree mechanisms
Security for correlated sources across wiretap network
A thesis submitted in ful llment of the requirements
for the degree of Doctor of Philosophy
in the
School of Electrical and Information Engineering
Faculty of Engineering
University of the Witwatersrand
July 2015This thesis presents research conducted for the security aspects of correlated sources
across a wiretap network. Correlated sources are present in communication systems
where protocols ensure that there is some predetermined information for sources to
transmit. Systems that contain correlated sources are for example broadcast channels,
smart grid systems, wireless sensor networks and social media networks. In these systems
there exist common information between the nodes in a network, which gives rise to
security risks as common information can be determined about more than one source.
In this work the security aspects of correlated sources are investigated. Correlated source
coding in terms of the Slepian-Wolf theorem is investigated to determine the amount of
information leakage for various correlated source models. The perfect secrecy approach
developed by Shannon has also been incorporated as a security approach. In order to
explore these security aspects the techniques employed range from typical sequences used
to prove Slepian-Wolf's theorem to coding methods incorporating matrix partitions for
correlated sources.
A generalized correlated source model is presented and the procedure to determine the
information leakage is initially illustrated using this model. A novel scenario for two
correlated sources across a channel with eavesdroppers is also investigated. It is a basic
model catering for the correlated source applications that have been detailed. The
information leakage quanti cation is provided, where bounds specify the quantity of information
leaked for various cases of eavesdropped channel information. The required
transmission rates for perfect secrecy when some channel information has been wiretapped
is further determined, followed by a method to reduce the key length required
for perfect secrecy. The implementation thereafter provided shows how the information
leakage is determined practically. In the same way using the information leakage
quanti cation, Shannon's cipher system approach and practical implementation a novel
two correlated source model where channel information and some source data symbols
(predetermined information) are wiretapped is investigated. The adversary in this situation
has access to more information than if a link is wiretapped only and can thus
determine more about a particular source. This scenario caters for an application where
the eavesdropper has access to some predetermined information. The security aspects
and coding implementation have further been developed for a novel correlated source
model with a heterogeneous encoding method. The model caters for situations where a
wiretapper is able to easily access a particular source.
iii
The interesting link between information theory and coding theory is explored for the
novel models presented in this research. A matrix partition method is utilized and the
information leakage for various cases of wiretapped syndromes are presented.
The research explores the security for correlated sources in the presence of wiretappers.
Both the information leakage and Shannon's cipher system approach are used to achieve
these security aspects. The implementation shows the practicality of using these security
aspects in communications systems. The research contained herein is signi cant as
evident from the various applications it may be used for and to the author's knowledge
is novel
Encaminhamento confiável e energeticamente eficiente para redes ad hoc
Doutoramento em InformáticaIn Mobile Ad hoc NETworks (MANETs), where cooperative behaviour is
mandatory, there is a high probability for some nodes to become overloaded
with packet forwarding operations in order to support neighbor data exchange.
This altruistic behaviour leads to an unbalanced load in the network in terms of
traffic and energy consumption. In such scenarios, mobile nodes can benefit
from the use of energy efficient and traffic fitting routing protocol that better
suits the limited battery capacity and throughput limitation of the network. This
PhD work focuses on proposing energy efficient and load balanced routing
protocols for ad hoc networks. Where most of the existing routing protocols
simply consider the path length metric when choosing the best route between a
source and a destination node, in our proposed mechanism, nodes are able to
find several routes for each pair of source and destination nodes and select the
best route according to energy and traffic parameters, effectively extending the
lifespan of the network. Our results show that by applying this novel
mechanism, current flat ad hoc routing protocols can achieve higher energy
efficiency and load balancing. Also, due to the broadcast nature of the wireless
channels in ad hoc networks, other technique such as Network Coding (NC)
looks promising for energy efficiency. NC can reduce the number of
transmissions, number of re-transmissions, and increase the data transfer rate
that directly translates to energy efficiency. However, due to the need to access
foreign nodes for coding and forwarding packets, NC needs a mitigation
technique against unauthorized accesses and packet corruption. Therefore, we
proposed different mechanisms for handling these security attacks by, in
particular by serially concatenating codes to support reliability in ad hoc
network. As a solution to this problem, we explored a new security framework
that proposes an additional degree of protection against eavesdropping
attackers based on using concatenated encoding. Therefore, malicious
intermediate nodes will find it computationally intractable to decode the
transitive packets. We also adopted another code that uses Luby Transform
(LT) as a pre-coding code for NC. Primarily being designed for security
applications, this code enables the sink nodes to recover corrupted packets
even in the presence of byzantine attacks.Nas redes móveis ad hoc (MANETs), onde o comportamento cooperativo é
obrigatório, existe uma elevada probabilidade de alguns nós ficarem
sobrecarregados nas operações de encaminhamento de pacotes no apoio à
troca de dados com nós vizinhos. Este comportamento altruísta leva a uma
sobrecarga desequilibrada em termos de tráfego e de consumo de energia.
Nestes cenários, os nós móveis poderão beneficiar do uso da eficiência
energética e de protocolo de encaminhamento de tráfego que melhor se
adapte à sua capacidade limitada da bateria e velocidade de processamento.
Este trabalho de doutoramento centra-se em propor um uso eficiente da
energia e protocolos de encaminhamento para balanceamento de carga nas
redes ad hoc. Actualmente a maioria dos protocolos de encaminhamento
existentes considera simplesmente a métrica da extensão do caminho, ou seja
o número de nós, para a escolha da melhor rota entre fonte (S) e um nó de
destino (D); no mecanismo aqui proposto os nós são capazes de encontrar
várias rotas por cada par de nós de origem e destino e seleccionar o melhor
caminho segundo a energia e parâmetros de tráfego, aumentando o tempo de
vida útil da rede. Os nossos resultados mostram que pela aplicação deste novo
mecanismo, os protocolos de encaminhamento ad hoc actuais podem alcançar
uma maior eficiência energética e balanceamento de carga.
Para além disso, devido à natureza de difusão dos canais sem fio em redes
ad-hoc, outras técnicas, tais como a Codificação de Rede (NC), parecem ser
também promissoras para a eficiência energética. NC pode reduzir o número
de transmissões, e número de retransmissões e aumentar a taxa de
transferência de dados traduzindo-se directamente na melhoria da eficiência
energética. No entanto, devido ao acesso dos nós intermediários aos pacotes
em trânsito e sua codificação, NC necessita de uma técnica que limite as
acessos não autorizados e a corrupção dos pacotes. Explorou-se o
mecanismo de forma a oferecer um novo método de segurança que propõe um
grau adicional de protecção contra ataques e invasões. Por conseguinte, os
nós intermediários mal-intencionados irão encontrar pacotes em trânsito
computacionalmente intratáveis em termos de descodificação. Adoptou-se
também outro código que usa Luby Transform (LT) como um código de précodificação
no NC. Projectado inicialmente para aplicações de segurança, este
código permite que os nós de destino recuperem pacotes corrompidos mesmo
em presença de ataques bizantinos
Secure VoIP Performance Measurement
This project presents a mechanism for instrumentation of secure VoIP calls. The experiments were run under different network conditions and security systems. VoIP services such as Google Talk, Express Talk and Skype were under test. The project allowed analysis of the voice quality of the VoIP services based on the Mean Opinion Score (MOS) values generated by Perceptual valuation of Speech Quality (PESQ). The quality of the audio streams
produced were subjected to end-to-end delay, jitter, packet loss and extra processing in the networking hardware and end devices due to Internetworking Layer security or Transport Layer
security implementations. The MOS values were mapped to Perceptual Evaluation of Speech Quality for wideband (PESQ-WB) scores. From these PESQ-WB scores, the graphs of the mean of 10 runs and box and whisker plots for each parameter were drawn. Analysis on the graphs was performed in order to deduce the quality of each VoIP service. The E-model was
used to predict the network readiness and Common vulnerability Scoring System (CVSS) was used to predict the network vulnerabilities. The project also provided the mechanism to measure the throughput for each test case. The overall performance of each VoIP service was determined by PESQ-WB scores, CVSS scores and the throughput. The experiment demonstrated the relationship among VoIP performance, VoIP security and VoIP service type. The experiment also suggested that, when compared to an unsecure IPIP tunnel, Internetworking
Layer security like IPSec ESP or Transport Layer security like OpenVPN TLS would improve
a VoIP security by reducing the vulnerabilities of the media part of the VoIP signal. Morever,
adding a security layer has little impact on the VoIP voice quality
Secure lossy source-channel wiretapping with side information at the receiving terminals
International audienc
LIPIcs, Volume 251, ITCS 2023, Complete Volume
LIPIcs, Volume 251, ITCS 2023, Complete Volum
Optimization and Communication in UAV Networks
UAVs are becoming a reality and attract increasing attention. They can be remotely controlled or completely autonomous and be used alone or as a fleet and in a large set of applications. They are constrained by hardware since they cannot be too heavy and rely on batteries. Their use still raises a large set of exciting new challenges in terms of trajectory optimization and positioning when they are used alone or in cooperation, and communication when they evolve in swarm, to name but a few examples. This book presents some new original contributions regarding UAV or UAV swarm optimization and communication aspects