TECHNOLOGY: JAVA
DOMAIN: NETWORKING
S. No. | IEEE TITLE | ABSTRACT | IEEE YEAR |
1. | A Distributed Fault-Tolerant Topology Control Algorithm for Heterogeneous Wireless Sensor Networks | This paper introduces a distributed fault-tolerant topology control algorithm, called the Disjoint Path Vector (DPV), for heterogeneous wireless sensor networks composed of a large number of sensor nodes with limited energy and computing capability and several supernodes with unlimited energy resources. The DPV algorithm addresses the k -degree Anycast Topology Control problem where the main objective is to assign each sensor’s transmission range such that each has at least k -vertex-disjoint paths to supernodes and the total power consumption is minimum. The resulting topologies are tolerant to k – 1 node failures in the worst case. We prove the correctness of our approach by showing that topologies generated by DPV are guaranteed to satisfy k -vertex supernode connectivity. Our simulations show that the DPV algorithm achieves up to 4-fold reduction in total transmission power required in the network and 2-fold reduction in maximum transmission power required in a node compared to existing solutions. | 2015 |
2. | Cost-Aware SEcure Routing (CASER) Protocol Design for Wireless Sensor Networks | Lifetime optimization and security are two conflicting design issues for multi-hop wireless sensor networks (WSNs) with non-replenishable energy resources. In this paper, we first propose a novel secure and efficient Cost-Aware SEcure Routing (CASER) protocol to address these two conflicting issues through two adjustable parameters: energy balance control (EBC) and probabilistic-based random walking. We then discover that the energy consumption is severely disproportional to the uniform energy deployment for the given network topology, which greatly reduces the lifetime of the sensor networks. To solve this problem, we propose an efficient non-uniform energy deployment strategy to optimize the lifetime and message delivery ratio under the same energy resource and security requirement. We also provide a quantitative security analysis on the proposed routing protocol. Our theoretical analysis and OPNET simulation results demonstrate that the proposed CASER protocol can provide an excellent tradeoff between routing efficiency and energy balance, and can significantly extend the lifetime of the sensor networks in all scenarios. For the non-uniform energy deployment, our analysis shows that we can increase the lifetime and the total number of messages that can be delivered by more than four times under the same assumption. We also demonstrate that the proposed CASER protocol can achieve a high message delivery ratio while preventing routing traceback attacks. | 2015 |
3. | Improving the Network Lifetime of MANETs through Cooperative MAC Protocol Design | Cooperative communication, which utilizes nearby terminals to relay the overhearing information to achieve the diversity gains, has a great potential to improve the transmitting efficiency in wireless networks. To deal with the complicated medium access interactions induced by relaying and leverage the benefits of such cooperation, an efficient Cooperative Medium Access Control (CMAC) protocol is needed. In this paper, we propose a novel cross-layer distributed energy-adaptive location-based CMAC protocol, namely DEL-CMAC, for Mobile Ad-hoc NETworks (MANETs). The design objective of DEL-CMAC is to improve the performance of the MANETs in terms of network lifetime and energy efficiency. A practical energy consumption model is utilized in this paper, which takes the energy consumption on both transceiver circuitry and transmit amplifier into account. A distributed utility-based best relay selection strategy is incorporated, which selects the best relay based on location information and residual energy. Furthermore, with the purpose of enhancing the spatial reuse, an innovative network allocation vector setting is provided to deal with the varying transmitting power of the source and relay terminals. We show that the proposed DEL-CMAC significantly prolongs the network lifetime under various circumstances even for high circuitry energy consumption cases by comprehensive simulation study. | 2015 |
4. | Secure and Reliable Routing Protocols for Heterogeneous Multihop Wireless Networks | In this paper, we propose E-STAR for establishing stable and reliable routes in heterogeneous multihop wireless networks. E-STAR combines payment and trust systems with a trust-based and energy-aware routing protocol. The payment system rewards the nodes that relay others’ packets and charges those that send packets. The trust system evaluates the nodes’ competence and reliability in relaying packets in terms of multi-dimensional trust values. The trust values are attached to the nodes’ public-key certificates to be used in making routing decisions. We develop two routing protocols to direct traffic through those highly-trusted nodes having sufficient energy to minimize the probability of breaking the route. By this way, E-STAR can stimulate the nodes not only to relay packets, but also to maintain route stability and report correct battery energy capability. This is because any loss of trust will result in loss of future earnings. Moreover, for the efficient implementation of the trust system, the trust values are computed by processing the payment receipts. Analytical results demonstrate that E-STAR can secure the payment and trust calculation without false accusations. Simulation results demonstrate that our routing protocols can improve the packet delivery ratio and route stability. | 2015 |
5. | Secure and Distributed Data Discovery and Dissemination in Wireless Sensor Networks | A data discovery and dissemination protocol for wireless sensor networks (WSNs) is responsible for updating configuration parameters of, and distributing management commands to, the sensor nodes. All existing data discovery and dissemination protocols suffer from two drawbacks. First, they are based on the centralized approach; only the base station can distribute data items. Such an approach is not suitable for emergent multi-owner-multi-user WSNs. Second, those protocols were not designed with security in mind and hence adversaries can easily launch attacks to harm the network. This paper proposes the first secure and distributed data discovery and dissemination protocol named DiDrip. It allows the network owners to authorize multiple network users with different privileges to simultaneously and directly disseminate data items to the sensor nodes. Moreover, as demonstrated by our theoretical analysis, it addresses a number of possible security vulnerabilities that we have identified. Extensive security analysis show DiDrip is provably secure. We also implement DiDrip in an experimental network of resource- limited sensor nodes to show its high efficiency in practice. | 2015 |
6. | Efficient and Truthful Bandwidth Allocation in Wireless Mesh Community Networks | Nowadays, the maintenance costs of wireless devices represent one of the main limitations to the deployment of wireless mesh networks (WMNs) as a means to provide Internet access in urban and rural areas. A promising solution to this issue is to let the WMN operator lease its available bandwidth to a subset of customers, forming a wireless mesh community network, in order to increase network coverage and the number of residential users it can serve. In this paper, we propose and analyze an innovative marketplace to allocate the available bandwidth of a WMN operator to those customers who are willing to pay the higher price for the requested bandwidth, which in turn can be subleased to other residential users. We formulate the allocation mechanism as a combinatorial truthful auction considering the key features of wireless multihop networks and further present a greedy algorithm that finds efficient and fair allocations even for large-scale, real scenarios while maintaining the truthfulness property. Numerical results show that the greedy algorithm represents an efficient, fair, and practical alternative to the combinatorial auction mechanism. | 2015 |
7. | On iBGP Routing Policies | Internet service providers (ISPs) run the internal Border Gateway Protocol (iBGP) to distribute interdomain routing information among their BGP routers. Previous research consistently assumed that iBGP is always configured as a mere dispatcher of interdomain routes. However, router configuration languages offer operators the flexibility of fine-tuning iBGP. In this paper, we study the impact of deploying routing policies in iBGP. First, we devise a provably correct inference technique to pinpoint iBGP policies from public BGP data. We show that the majority of large transit providers and many small transit providers do apply policies in iBGP. Then, we discuss how iBGP policies can help achieve traffic engineering and routing objectives. We prove that, unfortunately, the presence of iBGP policies exacerbates the iBGP convergence problem and invalidates fundamental assumptions for previous results, affecting their applicability. Hence, we propose provably correct configuration guidelines to achieve traffic engineering goals with iBGP policies, without sacrificing BGP convergence guarantees. Finally, for the cases in which our guidelines are not applicable, we propose a novel technique to verify the correctness of an iBGP configuration with iBGP policies. We implement a prototype tool and show the feasibility of offline analyses of arbitrary policies on both real-world and in vitro configurations. | 2015 |
8. | Enabling Trustworthy Service Evaluation in Service-Oriented Mobile Social Networks | In this paper, we propose a Trustworthy Service Evaluation (TSE) system to enable users to share service reviews in service-oriented mobile social networks (S-MSNs). Each service provider independently maintains a TSE for itself, which collects and stores users’ reviews about its services without requiring any third trusted authority. The service reviews can then be made available to interested users in making wise service selection decisions. We identify three unique service review attacks, i.e., linkability, rejection, and modification attacks, and develop sophisticated security mechanisms for the TSE to deal with these attacks. Specifically, the basic TSE (bTSE) enables users to distributedly and cooperatively submit their reviews in an integrated chain form by using hierarchical and aggregate signature techniques. It restricts the service providers to reject, modify, or delete the reviews. Thus, the integrity and authenticity of reviews are improved. Further, we extend the bTSE to a Sybil-resisted TSE (SrTSE) to enable the detection of two typical sybil attacks. In the SrTSE, if a user generates multiple reviews toward a vendor in a predefined time slot with different pseudonyms, the real identity of that user will be revealed. Through security analysis and numerical results, we show that the bTSE and the SrTSE effectively resist the service review attacks and the SrTSE additionally detects the sybil attacks in an efficient manner. Through performance evaluation, we show that the bTSE achieves better performance in terms of submission rate and delay than a service review system that does not adopt user cooperation. | 2014 |
9. | A Tag Encoding Scheme against Pollution Attack to Linear Network Coding | Network coding allows intermediate nodes to encode data packets to improve network throughput and robustness. However, it increases the propagation speed of polluted data packets if a malicious node injects fake data packets into the network, which degrades the bandwidth efficiency greatly and leads to incorrect decoding at sinks. In this paper, insights on new mathematical relations in linear network coding are presented and a key predistribution-based tag encoding scheme KEPTE is proposed, which enables all intermediate nodes and sinks to detect the correctness of the received data packets. Furthermore, the security of KEPTE with regard to pollution attack and tag pollution attack is quantitatively analyzed. The performance of KEPTE is competitive in terms of: 1) low computational complexity; 2) the ability that all intermediate nodes and sinks detect pollution attack; 3) the ability that all intermediate nodes and sinks detect tag pollution attack; and 4) high fault-tolerance ability. To the best of our knowledge, the existing key predistribution-based schemes aiming at pollution detection can only achieve at most three points as described above. Finally, discussions on the application of KEPTE to practical network coding are also presented. | 2014 |
10. | Exploiting Service Similarity for Privacy in Location-Based Search Queries | Location-based applications utilize the positioning capabilities of a mobile device to determine the current location of a user, and customize query results to include neighboring points of interests. However, location knowledge is often perceived as personal information. One of the immediate issues hindering the wide acceptance of location-based applications is the lack of appropriate methodologies that offer fine grain privacy controls to a user without vastly affecting the usability of the service. While a number of privacy-preserving models and algorithms have taken shape in the past few years, there is an almost universal need to specify one’s privacy requirement without understanding its implications on the service quality. In this paper, we propose a user-centric location based service architecture where a user can observe the impact of location inaccuracy on the service accuracy before deciding the geo-coordinates to use in a query. We construct a local search application based on this architecture and demonstrate how meaningful information can be exchanged between the user and the service provider to allow the inference of contours depicting the change in query results across a geographic area. Results indicate the possibility of large default privacy regions (areas of no change in result set) in such applications. | 2014 |
11. | Network Coding Aware Cooperative MAC Protocol for Wireless Ad Hoc Networks | Cooperative communication, which utilizes neighboring nodes to relay the overhearing information, has been employed as an effective technique to deal with the channel fading and to improve the network performances. Network coding, which combines several packets together for transmission, is very helpful to reduce the redundancy at the network and to increase the overall throughput. Introducing network coding into the cooperative retransmission process enables the relay node to assist other nodes while serving its own traffic simultaneously. To leverage the benefits brought by both of them, an efficient Medium Access Control (MAC) protocol is needed. In this paper, we propose a novel network coding aware cooperative MAC protocol, namely NCAC-MAC, for wireless ad hoc networks. The design objective of NCAC-MAC is to increase the throughput and reduce the delay. Simulation results reveal that NCAC-MAC can improve the network performance under general circumstances comparing with two benchmarks. | 2014 |
12. | A Probabilistic Misbehavior Detection Scheme toward Efficient Trust Establishment in Delay-Tolerant Networks | Malicious and selfish behaviors represent a serious threat against routing in delay/disruption tolerant networks (DTNs). Due to the unique network characteristics, designing a misbehavior detection scheme in DTN is regarded as a great challenge. In this paper, we propose iTrust, a probabilistic misbehavior detection scheme, for secure DTN routing toward efficient trust establishment. The basic idea of iTrust is introducing a periodically available Trusted Authority (TA) to judge the node’s behavior based on the collected routing evidences and probabilistically checking. We model iTrust as the inspection game and use game theoretical analysis to demonstrate that, by setting an appropriate investigation probability, TA could ensure the security of DTN routing at a reduced cost. To further improve the efficiency of the proposed scheme, we correlate detection probability with a node’s reputation, which allows a dynamic detection probability determined by the trust of the users. The extensive analysis and simulation results demonstrate the effectiveness and efficiency of the proposed scheme. | 2014 |
13. | A System for Denial-of-Service Attack Detection Based on Multivariate Correlation Analysis | Interconnected systems, such as Web servers, database servers, cloud computing servers and so on, are now under threads from network attackers. As one of most common and aggressive means, denial-of-service (DoS) attacks cause serious impact on these computing systems. In this paper, we present a DoS attack detection system that uses multivariate correlation analysis (MCA) for accurate network traffic characterization by extracting the geometrical correlations between network traffic features. Our MCA-based DoS attack detection system employs the principle of anomaly based detection in attack recognition. This makes our solution capable of detecting known and unknown DoS attacks effectively by learning the patterns of legitimate network traffic only. Furthermore, a triangle-area-based technique is proposed to enhance and to speed up the process of MCA. The effectiveness of our proposed detection system is evaluated using KDD Cup 99 data set, and the influences of both non-normalized data and normalized data on the performance of the proposed detection system are examined. The results show that our system outperforms two other previously developed state-of-the-art approaches in terms of detection accuracy. | 2014 |
14. | Behavioral Malware Detection in Delay Tolerant Networks | The delay-tolerant-network (DTN) model is becoming a viable communication alternative to the traditional infrastructural model for modern mobile consumer electronics equipped with short-range communication technologies such as Bluetooth, NFC, and Wi-Fi Direct. Proximity malware is a class of malware that exploits the opportunistic contacts and distributed nature of DTNs for propagation. Behavioral characterization of malware is an effective alternative to pattern matching in detecting malware, especially when dealing with polymorphic or obfuscated malware. In this paper, we first propose a general behavioral characterization of proximity malware which based on naive Bayesian model, which has been successfully applied in non-DTN settings such as filtering email spams and detecting botnets. We identify two unique challenges for extending Bayesian malware detection to DTNs (“insufficient evidence versus evidence collection risk” and “filtering false evidence sequentially and distributedly”), and propose a simple yet effective method, look ahead, to address the challenges. Furthermore, we propose two extensions to look ahead, dogmatic filtering, and adaptive look ahead, to address the challenge of “malicious nodes sharing false evidence.” Real mobile network traces are used to verify the effectiveness of the proposed methods. | 2014 |
15. | PACK: Prediction-Based Cloud Bandwidth and Cost Reduction System | In this paper, we present PACK (Predictive ACKs), a novel end-to-end traffic redundancy elimination (TRE) system, designed for cloud computing customers. Cloud-based TRE needs to apply a judicious use of cloud resources so that the bandwidth cost reduction combined with the additional cost of TRE computation and storage would be optimized. PACK’s main advantage is its capability of offloading the cloud-server TRE effort to end clients, thus minimizing the processing costs induced by the TRE algorithm. Unlike previous solutions, PACK does not require the server to continuously maintain clients’ status. This makes PACK very suitable for pervasive computation environments that combine client mobility and server migration to maintain cloud elasticity. PACK is based on a novel TRE technique, which allows the client to use newly received chunks to identify previously received chunk chains, which in turn can be used as reliable predictors to future transmitted chunks. We present a fully functional PACK implementation, transparent to all TCP-based applications and network devices. Finally, we analyze PACK benefits for cloud users, using traffic traces from various sources. | 2014 |
16. | Secure Data Retrieval for Decentralized Disruption-Tolerant Military Networks | Mobile nodes in military environments such as a battlefield or a hostile region are likely to suffer from intermittent network connectivity and frequent partitions. Disruption-tolerant network (DTN) technologies are becoming successful solutions that allow wireless devices carried by soldiers to communicate with each other and access the confidential information or command reliably by exploiting external storage nodes. Some of the most challenging issues in this scenario are the enforcement of authorization policies and the policies update for secure data retrieval. Ciphertext-policy attribute-based encryption (CP-ABE) is a promising cryptographic solution to the access control issues. However, the problem of applying CP-ABE in decentralized DTNs introduces several security and privacy challenges with regard to the attribute revocation, key escrow, and coordination of attributes issued from different authorities. In this paper, we propose a secure data retrieval scheme using CP-ABE for decentralized DTNs where multiple key authorities manage their attributes independently. We demonstrate how to apply the proposed mechanism to securely and efficiently manage the confidential data distributed in the disruption-tolerant military network. | 2014 |