On Counteracting Byzantine Attacks in Network Coded Peer-to-Peer Networks

Random linear network coding can be used in peer-to-peer networks to increase the efficiency of content distribution and distributed storage. However, these systems are particularly susceptible to Byzantine attacks. We quantify the impact of Byzantine attacks on the coded system by evaluating the probability that a receiver node fails to correctly recover a file. We show that even for a small probability of attack, the system fails with overwhelming probability. We then propose a novel signature scheme that allows packet-level Byzantine detection. This scheme allows one-hop containment of the contamination, and saves bandwidth by allowing nodes to detect and drop the contaminated packets. We compare the net cost of our signature scheme with various other Byzantine schemes, and show that when the probability of Byzantine attacks is high, our scheme is the most bandwidth efficient.Comment: 26 pages, 9 figures, Submitted to IEEE Journal on Selected Areas in Communications (JSAC) "Mission Critical Networking

High performance cloud auditing and applications

This book mainly focuses on cloud security and high performance computing for cloud auditing. The book discusses emerging challenges and techniques developed for high performance semantic cloud auditing, and presents the state of the art in cloud auditing, computing and security techniques with focus on technical aspects and feasibility of auditing issues in federated cloud computing environments.   In summer 2011, the United States Air Force Research Laboratory (AFRL) CyberBAT Cloud Security and Auditing Team initiated the exploration of the cloud security challenges and future cloud auditing research directions that are covered in this book. This work was supported by the United States government funds from the Air Force Office of Scientific Research (AFOSR), the AFOSR Summer Faculty Fellowship Program (SFFP), the Air Force Research Laboratory (AFRL) Visiting Faculty Research Program (VFRP), the National Science Foundation (NSF) and the National Institute of Health (NIH). All chapters were partially supported by the AFOSR Information Operations and Security Program extramural and intramural funds (AFOSR/RSL Program Manager: Dr. Robert Herklotz).   Key Features: ·         Contains surveys of cyber threats and security issues in cloud computing and presents secure cloud architectures ·         Presents in-depth cloud auditing techniques, federated cloud security architectures, cloud access control models, and access assured information sharing technologies ·         Outlines a wide range of challenges and provides solutions to manage and control very large and complex data sets                                           

A Model for Trust-Based Access Control and Delegation in Mobile Clouds

Part 6: Mobile ComputingInternational audienceMulti-tenancy, elasticity and dynamicity pose several novel challenges for access control in mobile smartphone clouds such as the Android\textsuperscript\texttrademark cloud. Accessing subjects may dynamically change, resources requiring protection may be created or modified, and a subject’s access requirements to resources may change during the course of the application execution. Cloud tenants may need to acquire permissions from different administrative domains based on the services they require. Moreover, all the entities participating in a cloud may not be trusted to the same degree. Traditional access control models are not adequate for mobile clouds. In this work, we propose a new access control framework for mobile smartphone clouds. We formalize a trust-based access control model with delegation for providing fine-grained access control. Our model incorporates the notion of trust in the Role-Based Access Control (RBAC) model and also formalizes the concept of trustworthy delegation

Signatures for content distribution with network coding

Abstract — Recent research has shown that network coding can be used in content distribution systems to improve the speed of downloads and the robustness of the systems. However, such systems are very vulnerable to attacks by malicious nodes, and we need to have a signature scheme that allows nodes to check the validity of a packet without decoding. In this paper, we propose such a signature scheme for network coding. Our scheme makes use of the linearity property of the packets in a coded system, and allows nodes to check the integrity of the packets received easily. We show that the proposed scheme is secure, and its overhead is negligible for large files. I

On network coding for security

Abstract The use of network coding in military networks opens many interesting issues for security. The mixing of data inherent to network coding may at first appear to pose challenges, but it also enables new security approaches. In this paper, we overview the recent current theoretical understanding and application areas for network-coding based security in the areas of robustness to Byzantine attackers and of distributed signature schemes for downloads. I

T-dominance: Prioritized Defense Deployment for BYOD Security

Abstract—Bring Your Own Device (BYOD) is an enterprise information technology (IT) policy that encourages employees to use their own devices to access sensitive corporate data at work through the enterprise IT infrastructure. Many current BYOD security practices are costly to implement and intrusive to employees, which, to some degree, negate BYOD’s perceived benefits. To address such tension, we propose prioritized defense deployment: Instead of employing the same costly and intrusive security measures on each BYOD smartphone, more stringent threat detection/mitigation mechanisms are deployed on those representative smartphones, each of which represents, securitywise, a group of smartphones in the whole BYOD device pool. To this end, we propose a concept and a distributed algorithm, both named T-dominance, to capture the temporal-spatial pattern in an enterprise environment. We identify a few desirable properties of prioritized defense deployment, and analytically show that T-dominance satisfies such properties. We complement our analysis with simulations on real Wi-Fi association traces. Index terms—BYOD, prioritized defense deployment, security representativeness, temporal-spatial pattern I