Preventing State-Led Cyberattacks Using the Bright Internet and Internet Peace Principles

The Internet has engendered serious cybersecurity problems due to its anonymity, transnationality, and technical shortcomings. This paper addresses state-led cyberattacks (SLCAs) as a particular source of threats. Recently, the concept of the Bright Internet was proposed as a means of shifting the cybersecurity paradigm from self-defensive protection to the preventive identification of malevolent origins through adopting five cohesive principles. To design a preventive solution against SLCAs, we distinguish the nature of SLCAs from that of private-led cyberattacks (PLCAs). We then analyze what can and cannot be prevented according to the principles of the Bright Internet. For this research, we collected seven typical SLCA cases and selected three illustrative PLCA cases with eleven factors. Our analysis demonstrated that Bright Internet principles alone are insufficient for preventing threats from the cyberterror of noncompliant countries. Thus, we propose a complementary measure referred to here as the Internet Peace Principles, which define that the Internet should be used only for peaceful purposes in accordance with international laws and norms. We derive these principles using an approach that combines the extension of physical conventions to cyberspace, the expansion of international cybersecurity conventions to global member countries, and analogical international norms. Based on this framework, we adopt the Charter of the United Nations, the Responsibility of States for Internationally Wrongful Acts, Recommendations by the United Nations Group of Governmental Experts, the Tallinn Manual, and Treaty of the Non-Proliferation of Nuclear Weapons, and others as reference norms that we use to derive the consistent international order embodied by the Internet Peace Principles

Improvement on a Masked White-box Cryptographic Implementation

White-box cryptography is a software technique to protect secret keys of cryptographic algorithms from attackers who have access to memory. By adapting techniques of differential power analysis to computation traces consisting of runtime information, Differential Computation Analysis (DCA) has recovered the secret keys from white-box cryptographic implementations. In order to thwart DCA, a masked white-box implementation has been suggested. However, each byte of the round output was not masked and just permuted by byte encodings. This is the main reason behind the success of DCA variants on the masked white-box implementation. In this paper, we improve the masked white-box cryptographic implementation in such a way to protect against DCA variants by obfuscating the round output with random masks. Specifically, we implement a white-box AES implementation applying masking techniques to the key-dependent intermediate value and the several outer-round outputs. Our analysis and experimental results show that the proposed method can protect against DCA variants including DCA with a 2-byte key guess, collision and bucketing attacks. This work requires approximately 3.7 times the table size and 0.7 times the number of lookups compared to the previous masked WB-AES implementation

Dynamic Voltage Scaling Techniques for Power Efficient Video Decoding

This paper presents a comparison of power-aware video decoding techniques that utilize dynamic voltage scaling (DVS). These techniques reduce the power consumption of a processor by exploiting high frame variability within a video stream. This is done through scaling of the voltage and frequency of the processor during the video decoding process. However, DVS causes frame deadline misses due to inaccuracies in decoding time predictions and granularity of processor settings used. Four techniques were simulated and compared in terms of power consumption, accuracy, and deadline misses. In addition, this paper proposes the frame-data computation aware (FDCA) technique, which is a useful power-saving technique not only for stored video but also for real-time video applications. The FDCA method is compared with the GOP, Direct, and Dynamic methods, which tend to be more suited for stored video applications. The simulation results indicated that the Dynamic per-frame technique, where the decoding time prediction adapts to the particular video being decoded, provides the most power saving with performance comparable to the ideal case. On the other hand, the FDCA method consumes more power than the Dynamic method but can be used for stored video and real-time time video scenarios without the need for any preprocessing. Our findings also indicate that, in general, DVS improves power savings, but the number of deadline misses also increase as the number of available processor settings increases. More importantly, most of these deadline misses are within 10–20% of the playout interval and thus have minimal affect on video quality. However, video clips with high variability in frame complexities combined with inaccurate decoding time predictions may degrade the video quality. Finally, our results show that a processor with 13 voltage/frequency settings is sufficient to achieve near maximum performance with the experimental environment and the video workloads we have used

Dynamic Voltage Scaling Techniques for Power Efficient Video Decoding

This paper presents a comparison of power-aware video decoding techniques that utilize dynamic voltage scaling (DVS). These techniques reduce the power consumption of a processor by exploiting high frame variability within a video stream. This is done through scaling of the voltage and frequency of the processor during the video decoding process. However, DVS causes frame deadline misses due to inaccuracies in decoding time predictions and granularity of processor settings used. Four techniques were simulated and compared in terms of power consumption, accuracy, and deadline misses. In addition, this paper proposes the frame-data computation aware (FDCA) technique, which is a useful power-saving technique not only for stored video but also for real-time video applications. The FDCA method is compared with the GOP, Direct, and Dynamic methods, which tend to be more suited for stored video applications. The simulation results indicated that the Dynamic per-frame technique, where the decoding time prediction adapts to the particular video being decoded, provides the most power saving with performance comparable to the ideal case. On the other hand, the FDCA method consumes more power than the Dynamic method but can be used for stored video and real-time time video scenarios without the need for any preprocessing. Our findings also indicate that, in general, DVS improves power savings, but the number of deadline misses also increase as the number of available processor settings increases. More importantly, most of these deadline misses are within 10–20% of the playout interval and thus have minimal affect on video quality. However, video clips with high variability in frame complexities combined with inaccurate decoding time predictions may degrade the video quality. Finally, our results show that a processor with 13 voltage/frequency settings is sufficient to achieve near maximum performance with the experimental environment and the video workloads we have used

Isomorphic Strategy for Processor Allocation in k-Ary n-Cube Systems

Due to its topological generality and flexibility, the k-ary n-cube architecture has been actively researched for various applications. However, the processor allocation problem has not been adequately addressed for the k-ary n-cube architecture, even though it has been studied extensively for hypercubes and meshes. The earlier k-ary n-cube allocation schemes based on conventional slice partitioning suffer from internal fragmentation of processors. In contrast, algorithms based on job-based partitioning alleviate the fragmentation problem but require higher time complexity. This paper proposes a new allocation scheme based on isomorphic partitioning, where the processor space is partitioned into higher dimensional isomorphic subcubes. The proposed scheme minimizes the fragmentation problem and is general in the sense that any size request can be supported and the host architecture need not be isomorphic. Extensive simulation study reveals that the proposed scheme significantly outperforms earlier schemes in terms of mean response time for practical size k-ary and n-cube architectures. The simulation results also show that reduction of external fragmentation is more substantial than internal fragmentation with the proposed scheme

Selective Advance Reservations Based on Host Movement Detection and Resource-Aware Handoff

This paper proposes a new mechanism, which addresses the excessive advance reservation requirements of QoS guarantee methods for mobile Internet. To save resources for excessive advance reservations, the proposed mechanism employs a movement detection scheme for a mobile host (MH) using link-layer functionalities. With the movement detection scheme, advance reservations can be established at only where a MH is likely to visit soon. Another novel feature of our mechanism is resource-aware handoff direction scheme that allows a MH to choose its next BS according to not only the link-layer signal strength, but also the available amount of resources in the reachable base stations (BSs). It considerably decreases a probability that QoS is disrupted due to the failure in advance reservation request. Also, the proposed mechanism requires fewer functional and structural changes to the current Internet components and protocols since all the enhanced features are integrated only into leaf BSs and MHs. It does not suffer from the problems of the conventional approaches based on Mobile IP and RSVP Tunnel, such as non-optimal routing path and signalling overhead. Our experiment results show that the proposed mechanism successfully eliminates the overhead for useless advance reservations while guaranteeing seamless QoS for MHs. The performance comparison demonstrates that our mechanism slightly outperforms the conventional approaches while requiring fewer modifications and additions to the existing Internet architecture. This performance advantage of the proposed mechanism becomes noticeable when the network is congested and the mobility of a host is high. Copyright © 2006 John Wiley & Sons, Ltd

Selective Advance Reservations Based on Host Movement Detection and Resource-Aware Handoff

This paper proposes a new mechanism, which addresses the excessive advance reservation requirements of QoS guarantee methods for mobile Internet. To save resources for excessive advance reservations, the proposed mechanism employs a movement detection scheme for a mobile host (MH) using link-layer functionalities. With the movement detection scheme, advance reservations can be established at only where a MH is likely to visit soon. Another novel feature of our mechanism is resource-aware handoff direction scheme that allows a MH to choose its next BS according to not only the link-layer signal strength, but also the available amount of resources in the reachable base stations (BSs). It considerably decreases a probability that QoS is disrupted due to the failure in advance reservation request. Also, the proposed mechanism requires fewer functional and structural changes to the current Internet components and protocols since all the enhanced features are integrated only into leaf BSs and MHs. It does not suffer from the problems of the conventional approaches based on Mobile IP and RSVP Tunnel, such as non-optimal routing path and signalling overhead. Our experiment results show that the proposed mechanism successfully eliminates the overhead for useless advance reservations while guaranteeing seamless QoS for MHs. The performance comparison demonstrates that our mechanism slightly outperforms the conventional approaches while requiring fewer modifications and additions to the existing Internet architecture. This performance advantage of the proposed mechanism becomes noticeable when the network is congested and the mobility of a host is high. Copyright © 2006 John Wiley & Sons, Ltd