Verifying Authenticity of Currency and Tracking Duplicates

To enable merchants and other persons to verify the validity and/or authenticity of paper currency notes, a digital signature can be applied to the currency notes. The digital signature is generated based on a serial number included on the note and a private key. Persons can verify the authenticity of the notes by sending either the serial number and signature, or a photograph of the note, to a server. The server can indicate whether the signature is valid for the serial number, indicating the authenticity of the note. In case of counterfeit notes that duplicate the serial numbers and signatures of valid notes, the server can track the verifications of notes, and if the same note is verified at remote locations within a short time span, the note, locations, and time can be flagged to follow up for a possible duplicated, counterfeit note

Organizational productivity metrics from document collaboration

Research has identified many characteristics of productive teams, e.g., initiative, helpfulness, time efficiency, work quality, etc. A metric for productivity that provides a measure of team productivity can help teams identify specific areas of improvement. Techniques disclosed herein identify different aspects of productivity that can be observed in online communication and document creation/management systems. For example, such aspects can include creation of documents, collaborative editing of documents, and communication between users. Further, these aspects are measured to compute a productivity metric. A multigraph is constructed with nodes representing users and edges representing the weight (quality) of creation, collaboration, and communication events. The productivity metric is computed based on the connectivity of the multigraph, the quality of the edges, and the individual nodes

DoubleCheck: Multi-path Verification Against Man-in-the-Middle Attacks

Self signed certificates for SSL and self generated hosts keys for SSH are popular zero cost, simple alternatives to public key infrastructure (PKI). They provide security against man in the middle attacks, as long as the the client connecting to those services knows the certificates or host keys a priori. A simple solution used in practice is to trust the certificate or the host key when the client connects to a server for the first time. This approach is susceptible to man in the middle attacks, a fact exploited by adversaries in a variety of attacks against unsuspecting users. We develop a simple and scalable solution named DoubleCheck to protect against such attacks. Our solution is achieved by retrieving the certificate from a remote host using multiple alternate paths. Our scheme does not require any new infrastructure; we make use of the Tor anonymity system to reach the destination using multiple independent paths. Hence our solution is easy to deploy in practice. Our solution does not introduce any privacy concerns. We have implemented DoubleCheck as SSH and Firefox extensions, demonstrating its practicality. Our experimental evaluation shows that the impact of DoubleCheck on performance is minimal, since the Tor network is used only for retrieving the certificate for the first time, while the data transfer and subsequent connection establishment follow normal routing rules. Our scheme is an effective way of mitigating the impact of man in the middle attacks without requiring new infrastructure and at low overhead

Distributed Firewall For MANETs

Mobile Ad-hoc Networks (MANETs) are increasingly used in military tactical situations and in civil rapid-deployment networks, including emergency rescue operations and {\it ad hoc} disaster-relief networks. The flexibility of MANETs comes at a price, when compared to wired and basestation-based wireless networks: MANETs are susceptible to both insider (compromised node) and outsider attacks due to the lack of a well-defined perimeter in which to deploy firewalls, intrusion detection systems, and other mechanisms commonly used for network access and admission control. In this paper, we define a distributed firewall architecture that is designed specifically for MANETs. Our approach harnesses and extends the concept of a {\it network capability}, and is especially suited for environments where the communicating nodes have different roles and hence different communication requirements, such as in tactical networks. Our model enforces communication restrictions among MANET nodes and services, allowing hop-by-hop policy enforcement in a distributed manner. We use a ''deny-by-default'' model where compromised nodes have access only to authorized services, without the ability to disrupt or interfere with end-to-end service connectivity and nodes beyond their local communication radius. Our simulations show that our solution has minimal overhead in terms of bandwidth and latency, works well even in the presence of routing changes due to mobile nodes, and is effective in containing misbehaving nodes

Misuse Detection in Consent-based Networks

Consent-based networking, which requires senders to have permission to send traffic, can protect against multiple attacks on the network. Highly dynamic networks like Mobile Ad-hoc Networks (MANETs) require destination-based consent networking, where consent needs to be given to send to a destination in any path. These networks are susceptible to multipath misuses by misbehaving nodes. In this paper, we identify the misuses in destination-based consent networking, and provide solution for detecting and recovering from the misuses. Our solution is based on our previously introduced DIPLOMA architecture. DIPLOMA is a deny-by-default distributed policy enforcement architecture that can protect the end-host services and network bandwidth. DIPLOMA uses capabilities to provide consent for sending traffic. In this paper, we identify how senders and receivers can misuse capabilities by using them in multiple paths, and provide distributed solutions for detecting those misuses. To that end, we modify the capabilities to aid in misuse detection and provide protocols for exchanging information for distributed detection. We also provide efficient algorithms for misuse detection, and protocols for providing proof of misuse. Our solutions can handle privacy issues associated with the exchange of information for misuse detection. We have implemented the misuse detection and recovery in DIPLOMA systems running on Linux operating systems, and conducted extensive experimental evaluation of the system in Orbit MANET testbed. The results show our system is effective in detecting and containing multipath misuses

Local heuristic for the refinement of multi-path routing in wireless mesh networks

We consider wireless mesh networks and the problem of routing end-to-end traffic over multiple paths for the same origin-destination pair with minimal interference. We introduce a heuristic for path determination with two distinguishing characteristics. First, it works by refining an extant set of paths, determined previously by a single- or multi-path routing algorithm. Second, it is totally local, in the sense that it can be run by each of the origins on information that is available no farther than the node's immediate neighborhood. We have conducted extensive computational experiments with the new heuristic, using AODV and OLSR, as well as their multi-path variants, as underlying routing methods. For two different CSMA settings (as implemented by 802.11) and one TDMA setting running a path-oriented link scheduling algorithm, we have demonstrated that the new heuristic is capable of improving the average throughput network-wide. When working from the paths generated by the multi-path routing algorithms, the heuristic is also capable to provide a more evenly distributed traffic pattern

Modelling energy consumption of network transfers and virtual machine migration

Reducing energy consumption has become a key issue for data centres, not only because of economical benefits but also for environmental and marketing reasons. Therefore, assessing their energy consumption requires precise models. In the past years, many models targeting different hardware components, such as CPU, storage and network interface cards (NIC) have been proposed. However, most of them neglect energy consumption related to VM migration. Since VM migration is a network-intensive process, to accurately model its energy consumption we also need energy models for network transfers, comprising their complete software stacks with different energy characteristics. In this work, we present a comparative analysis of the energy consumption of the software stack of two of today's most used NICs in data centres, Ethernet and Infiniband. We carefully design for this purpose a set of benchmark experiments to assess the impact of different traffic patterns and interface settings on energy consumption. Using our benchmark results, we derive an energy consumption model for network transfers. Based on this model, we propose an energy consumption model for VM migration providing accurate predictions for paravirtualised VMs running on homogeneous hosts. We present a comprehensive analysis of our model on different machine sets and compare it with other models for energy consumption of VM migration, showing an improvement of up to 24% in accuracy, according to the NRMSE error metric. © 2015 Elsevier B.V