On Cyber Attacks and the Maximum-Weight Rooted-Subtree Problem

This paper makes three contributions to cyber-security research. First, we define a model for cyber-security systems and the concept of a cyber-security attack within the model's framework. The model highlights the importance of game-over components - critical system components which if acquired will give an adversary the ability to defeat a system completely. The model is based on systems that use defense-in-depth/layered-security approaches, as many systems do. In the model we define the concept of penetration cost, which is the cost that must be paid in order to break into the next layer of security. Second, we define natural decision and optimization problems based on cyber-security attacks in terms of doubly weighted trees, and analyze their complexity. More precisely, given a tree T rooted at a vertex r, a penetrating cost edge function c on T, a target-acquisition vertex function p on T, the attacker's budget and the game-over threshold B,G ϵ Q+ respectively, we consider the problem of determining the existence of a rooted subtree T' of T within the attacker's budget (that is, the sum of the costs of the edges in T' is less than or equal to B) with total acquisition value more than the game-over threshold (that is, the sum of the target values of the nodes in T' is greater than or equal to G). We prove that the general version of this problem is intractable, but does admit a polynomial time approximation scheme. We also analyze the complexity of three restricted versions of the problems, where the penetration cost is the constant function, integer-valued, and rational-valued among a given fixed number of distinct values. Using recursion and dynamic-programming techniques, we show that for constant penetration costs an optimal cyber-attack strategy can be found in polynomial time, and for integer-valued and rational-valued penetration costs optimal cyber-attack strategies can be found in pseudo-polynomial time. Third, we provide a list of open problems relating to the architectural design of cyber-security systems and to the model

The Structure of Rooted Weighted Trees Modeling Layered Cyber-security Systems

In this paper we consider the structure and topology of a layered-security model in which the containers and their nestings are given in the form of a rooted tree T. A cyber-security model is an ordered three-tuple M = (T, C, P) where C and P are multisets of penetration costs for the containers and target-acquisition values for the prizes that are located within the containers, respectively, both of the same cardinality as the set of the non-root vertices of T. The problem that we study is to assign the penetration costs to the edges and the target-acquisition values to the vertices of the tree T in such a way that minimizes the total prize that an attacker can acquire given a limited budget. The attacker breaks into containers starting at the root of T and once a vertex has been broken into, its children can be broken into by paying the associated penetration costs. The attacker must deduct the corresponding penetration cost from the budget, as each new container is broken into. For a given assignment of costs and target values we obtain a security system. We show that in general it is not possible to develop an optimal security system for a given cyber-security model M. We define P- and C-models where the penetration costs and prizes, respectively, all have unit value. We show that if T is a rooted tree such that any P- or C-model M = (T, C, P) has an optimal security system, then T is one of the following types: (i) a rooted path, (ii) a rooted star, (iii) a rooted 3-caterpillar, or (iv) a rooted 4-spider. Conversely, if T is one of these four types of trees, then we show that any P- or C-model M = (T, C, P) does have an optimal security system. Finally, we study a duality between P- and C-models that allows us to translate results for P-models into corresponding results for C-models and vice versa. The results obtained give us some mathematical insights into how layered-security defenses should be organized

Envisioning the Future of Cyber Security in Post-Quantum Era: A Survey on PQ Standardization, Applications, Challenges and Opportunities

The rise of quantum computers exposes vulnerabilities in current public key cryptographic protocols, necessitating the development of secure post-quantum (PQ) schemes. Hence, we conduct a comprehensive study on various PQ approaches, covering the constructional design, structural vulnerabilities, and offer security assessments, implementation evaluations, and a particular focus on side-channel attacks. We analyze global standardization processes, evaluate their metrics in relation to real-world applications, and primarily focus on standardized PQ schemes, selected additional signature competition candidates, and PQ-secure cutting-edge schemes beyond standardization. Finally, we present visions and potential future directions for a seamless transition to the PQ era

SoK: Diving into DAG-based Blockchain Systems

Blockchain plays an important role in cryptocurrency markets and technology services. However, limitations on high latency and low scalability retard their adoptions and applications in classic designs. Reconstructed blockchain systems have been proposed to avoid the consumption of competitive transactions caused by linear sequenced blocks. These systems, instead, structure transactions/blocks in the form of Directed Acyclic Graph (DAG) and consequently re-build upper layer components including consensus, incentives, \textit{etc.} The promise of DAG-based blockchain systems is to enable fast confirmation (complete transactions within million seconds) and high scalability (attach transactions in parallel) without significantly compromising security. However, this field still lacks systematic work that summarises the DAG technique. To bridge the gap, this Systematization of Knowledge (SoK) provides a comprehensive analysis of DAG-based blockchain systems. Through deconstructing open-sourced systems and reviewing academic researches, we conclude the main components and featured properties of systems, and provide the approach to establish a DAG. With this in hand, we analyze the security and performance of several leading systems, followed by discussions and comparisons with concurrent (scaling blockchain) techniques. We further identify open challenges to highlight the potentiality of DAG-based solutions and indicate their promising directions for future research.Comment: Full versio

Algorithms for interactive, distributed and networked systems

In recent years, massive growth in internet usage has spurred the emergence of complex large-scale networking systems to serve growing user bases, bandwidth and computation requirements. For example, data center facilities -- workhorses of today's internet -- have evolved to house upward of several hundreds of thousands of servers; content distribution networks with high capacity and wide coverage have emerged as a de facto content dissemination modality, and peer-to-peer applications with hundreds of thousands of users are increasingly becoming popular. At these scales, it becomes critical to operate at high efficiencies as the price of idling resources can be significant. In particular, the interaction between agents (servers, peers etc.) is a defining factor of efficiency in these systems -- applications are often communication intensive, whereas agents share links of only limited bandwidth. This necessitates the use of principled algorithms, as efficient communication to a large extent depends on the interaction protocols. We study data center networks and peer-to-peer networks as canonical examples of modern-day large-scale networking systems. Server-to-server interaction is an integral part of the data center's operation. The latency of these interactions is often a significant bottleneck toward overall job completion times. We study complementary approaches toward reducing this latency: (i) design of computation algorithms that minimize interaction and (ii) optimal scheduling algorithms to maximally utilize the network fabric. We also consider peer-to-peer networks as an emerging mode of content distribution and sharing. Unlike data centers, these networks are flexible in their network structure and also scale well, but require decentralized algorithms for control. Of central importance here is the design of a network topology that enables efficient peer interactions for optimal application performance. We propose novel topology designs for two popular applications: (i) multimedia streaming and (ii) anonymity in Bitcoin's peer-to-peer network

Development of Energy and Delay Efficient Protocols for WSAN

Wireless sensor-actor network (WSAN) is a collection of resource conservative sensors and few resource-rich actors. It is widely used in various applications such as environmental monitoring, battlefield surveillance, industrial process control, and home applications. In these real-time applications, data should be delivered with minimum delay and energy. In this thesis, delay and energy efficient protocols are designed to achieve these objectives. The first contribution proposes a delay and energy aware coordination protocol (DEACP) to improve the network performance. It consists of two-level hierarchical K-hop clustering and backup cluster head (BCH) selection mechanism to provide coordination among sensors and actors. Further, a priority based event forwarding mechanism has also been proposed to forward the maximum number of packets within the bounded delay. The simulation results demonstrate the effectiveness of DEACP over existing protocols. In the second work, an interference aware multi-channel MAC protocol (IAMMAC) has been suggested to assign channels for the communication among nodes in the DEACP. An actor assigns the static channels to all of its cluster members for sensor-sensor and sensor-actor coordination. Subsequently, a throughput based dynamic channel selection mechanism has been developed for actor-actor coordination. It is inferred from the simulation results that the proposed IAMMAC protocol outperforms its competitive protocols. Even though its performance is superior, it is susceptible to be attacked because it uses a single static channel between two sensors in the entire communication. To overcome this problem, a lightweight dynamic multi-channel MAC protocol (DM-MAC) has been designed for sensor sensor coordination. Each sensor dynamically selects a channel which provides maximum packet reception ratio among the available hannels with the destination. The comparative analysis shows that DM-MAC protocol performs better than the existing MAC protocols in terms of different performance parameters. WSAN is designed to operate in remote and hostile environments and hence, sensors and actors are vulnerable to various attacks. The fourth contribution proposes a secure coordination mechanism (SCM) to handle the data forwarding attacks in DEACP. In the SCM, each sensor computes the trust level of its neighboring sensors based on the experience, recommendation, and knowledge. The actor analyzes the trust values of all its cluster members to identify the malicious node. Secure hash algorithm-3 is used to compute the message authentication code for the data. The sensor selects a neighbor sensor which has the highest trust value among its 1-hop sensors to transfer data to the actor. The SCM approach outperforms the existing security mechanisms