Anonymous Networking amidst Eavesdroppers

The problem of security against timing based traffic analysis in wireless networks is considered in this work. An analytical measure of anonymity in eavesdropped networks is proposed using the information theoretic concept of equivocation. For a physical layer with orthogonal transmitter directed signaling, scheduling and relaying techniques are designed to maximize achievable network performance for any given level of anonymity. The network performance is measured by the achievable relay rates from the sources to destinations under latency and medium access constraints. In particular, analytical results are presented for two scenarios: For a two-hop network with maximum anonymity, achievable rate regions for a general m x 1 relay are characterized when nodes generate independent Poisson transmission schedules. The rate regions are presented for both strict and average delay constraints on traffic flow through the relay. For a multihop network with an arbitrary anonymity requirement, the problem of maximizing the sum-rate of flows (network throughput) is considered. A selective independent scheduling strategy is designed for this purpose, and using the analytical results for the two-hop network, the achievable throughput is characterized as a function of the anonymity level. The throughput-anonymity relation for the proposed strategy is shown to be equivalent to an information theoretic rate-distortion function

Threats and countermeasures for network security

In the late 1980's, the traditional threat of anonymous break-ins to networked computers was joined by viruses and worms, multiplicative surrogates that carry out the bidding of their authors. Technologies for authentication and secrecy, supplemented by good management practices, are the principal countermeasures. Four articles on these subjects are presented

Analytical and Empirical Analysis of Countermeasures to Traffic Analysis Attacks

This paper studies countermeasures to traffic analysis attacks. A common strategy for such countermeasures is traffic padding. We consider systems where payload traffic may be padded to have either constant inter-arrival times or variable inter-arrival times for their packets. The adversary applies statistical recognition techniques to detect the payload traffic rates and may use statistical measures, such as sample mean, sample variance, or sample entropy, to perform such a detection. We evaluate quantitatively the ability of the adversary to make a correct detection. We derive closed-form formulas for the detection rate based on analytical models we establish. Extensive experiments were carried out to validate the system performance predicted by the analytical method. Based on the systematic evaluations, we develop design guidelines that allow a manager to properly configure a system in order to minimize the detection rate.

A Security Framework Supporting Domain Based Access Control in Distributed Systems

Accepted versio

COUNTER MODE DEVELOPMENT FOR BLOCK CIPHER OPERATIONS

There are two basic types of symmetric cipher: block ciphers and stream ciphers. Block ciphers operate on blocks of plaintext and ciphertext—usually of 64 bits but sometimes longer. Stream ciphers operate on streams of plaintext and ciphertext one bit or byte (sometimes even one 32-bit word) at a time. The Block cipher modes of operation can be applied as both stream and block cipher.In this paper we introduce three developments of Counter Mode of Operation of Block cipher. These developments merge between advantages of Counter Mode with other Modes. This gives a good secure Modes for General purpose block-oriented transmission Authentication, Random access, Stream-oriented transmission over noisy channel

Engineering a Principle: 'End-to-End' in the Design of the Internet

The term 'end-to-end' has become a familiar characterization of the architecture of the Internet, not only in engineering discourse, but in contexts as varied as political manifestos, commercial promotions, and legal arguments. Its ubiquity and opacity cloaks the complexity of the technology it describes, and stands in for a richer controversy about the details of network design. This essay considers the appearance, in the 1970s, of the term 'end-to-end' in computer science discourse, and how the term became a point of contention within disputes about how to build a packet-switched network. I argue that the resolution of some of those disputes depended on the transformation of the term from descriptor to 'principle'. This transformation attempted to close specific design debates, and, in the process, made the term dramatically more useful in those discourses beyond engineering that eventually took a keen interest in the design of digital communication networks. The term, drawn from common parlance and given not only meaning but conviction, was shaped and polished so as to be mobile. As such, it actively managed and aligned disparate structural agendas, and has had subtle consequences for how the Internet has been understood, sold, legislated, and even re-designed

A Look Back at "Security Problems in the TCP/IP Protocol Suite"

About fifteen years ago, I wrote a paper on security problems in the TCP/IP protocol suite. In particular, I focused on protocol-level issues, rather than implementation flaws. It is instructive to look back at that paper, to see where my focus and my predictions were accurate, where I was wrong, and where dangers have yet to happen. This is a reprint of the original paper, with added commentary

Fault tolerant Medical Network (MEDNET)

This investigation describes the development of a new fault tolerant Medical Network (MEDNET) model based on the existing Public Switch Telephone Network (PSTN), Integrated Services Digital Network (ISDN) and Intemetworking (Internet). This research includes the original design, development and testing of the required hardware and software interfaces to provide a complete Medical Network model. MEDNET ties the Doctor, the Patient, the Hospital, the Medical Lab, and the Pharmacy for near real time and fault tolerant exchange of medical information. The MEDNET model includes the following modules: 1 Central Database Server, 2. Remote Client Access, and 3. Communication Interface. This work proves that medical images and data can be exchanged between healthcare providers which are not geographically adjacent, in a cost effective, timely, and secure manne

How to Sign Paper Contracts? Conjectures & Evidence Related to Equitable & Efficient Collaborative Task Scheduling

This paper explores ways of performing commutative tasks by $N$ parties. Tasks are defined as {\sl commutative} if the order at which parties perform tasks can be freely changed without affecting the final result. It is easy to see that arbitrary $N$-party commutative tasks cannot be completed in less than $N-1$ basic time units. We conjecture that arbitrary $N$-party commutative tasks cannot be performed in $N-1$ time units by exchanging less than $4N-6$ messages and provide computational evidence in favor this conjecture. We also explore the most equitable commutative task protocols

A Security Framework Supporting Domain-Based Access Conttol

Abstrac