S. No. | IEEE TITLE | ABSTRACT | IEEE YEAR |
1 | Authenticated Key Exchange Protocols for Parallel Network File Systems | We study the problem of key establishment for secure many-to-many communications. The problem is inspired by the proliferation of large-scale distributed file systems supporting parallel access to multiple storage devices. Our work focuses on the current Internet standard for such file systems, i.e., parallel Network File System (pNFS), which makes use of Kerberos to establish parallel session keys between clients and storage devices. Our review of the existing Kerberos-based protocol shows that it has a number of limitations: (i) a metadata server facilitating key exchange between the clients and the storage devices has heavy workload that restricts the scalability of the protocol; (ii) the protocol does not provide forward secrecy; (iii) the metadata server generates itself all the session keys that are used between the clients and storage devices, and this inherently leads to key escrow. In this paper, we propose a variety of authenticated key exchange protocols that are designed to address the above issues. We show that our protocols are capable of reducing up to approximately 54 percent of the workload of the metadata server and concurrently supporting forward secrecy and escrow-freeness. All this requires only a small fraction of increased computation overhead at the client. | 2016 |
2 | Automated Data Partitioning for Highly Scalable and Strongly Consistent Transactions | Modern transactional processing systems need to be fast and scalable, but this means many such systems settled for weak consistency models. It is however possible to achieve all of strong consistency, high scalability and high performance, by using fine-grained partitions and light-weight concurrency control that avoids superfluous synchronization and other overheads such as lock management. Independent transactions are one such mechanism, that rely on good partitions and appropriately defined transactions. On the downside, it is not usually straightforward to determine optimal partitioning schemes, especially when dealing with non-trivial amounts of data. Our work attempts to solve this problem by automating the partitioning process, choosing the correct transactional primitive, and routing transactions appropriately. | 2016 |
3 | Strategy Configurations of Multiple Users Competition for Cloud Service Reservation | In this paper, we focus on strategy configurations of multiple users to make cloud service reservation. We consider the problem from a game theoretic perspective and formulate it into a non-cooperative game among the multiple cloud users, in which each user is informed with incomplete information of other users. For each user, we design a utility function which combines the net profit with time efficiency and try to maximize its value. We solve the problem by employing variational inequality (VI) theory and prove that there exists a Nash equilibrium solution set for the formulated game. Then, we propose an iterative proximal algorithm (IPA), which is designed to compute a Nash equilibrium solution. The convergence of the IPA algorithm is also analyzed and we find that it converges to a Nash equilibrium if several conditions are satisfied. Finally, we conduct some numerical calculations to verify our theoretical analysis. The experimental results show that our proposed IPA algorithm converges to a stable state very quickly and improves the utilities of all users to certain extent by configuring a proper request strategy. | 2016 |
4 | TIGER: Thermal-Aware File Assignment in Storage Clusters | In this paper, we present a thermal-aware file assignment technique called TIGER for reducing the cooling cost of storage clusters in data centers. We show that peak inlet temperatures of storage nodes depend on not only CPU utilization but also I/O activities, which rely on file assignments in a cluster. The TIGER scheme aims to lower peak inlet temperatures of storage clusters by dynamic thermal management through file placements. TIGER makes use of cross-interference coefficients to estimate the re-circulation of hot air from the outlets to the inlets of data nodes. TIGER first calculates the thresholds of disks in each data node based on its contribution to heat re-circulation in a data center. TIGER undertakes two steps to achieve high I/O performance while reducing cooling cost. First, TIGER assigns groups of files with similar service times to shorten I/O response times. Second, TIGER ensures that load imbalance does not exceed a specified threshold. We evaluate performance of TIGER in terms of both cooling energy conservation and response time of a storage cluster. Our results confirm that TIGER reduces cooling-power requirements for clusters by offering about 10 to 15 percent cooling-energy savings without significantly degrading I/O performance. | 2016 |
5 | A Heuristic Clustering-Based Task Deployment Approach for Load Balancing Using Bayes Theorem in Cloud Environment | Aiming at the current problems that most physical hosts in the cloud data center are so overloaded that it makes the whole cloud data center’ load imbalanced and that existing load balancing approaches have relatively high complexity, this paper has focused on the selection problem of physical hosts for deploying requested tasks and proposed a novel heuristic approach called Load Balancing based on Bayes and Clustering (LB-BC). Most previous works, generally, utilize a series of algorithms through optimizing the candidate target hosts within an algorithm cycle and then picking out the optimal target hosts to achieve the immediate load balancing effect. However, the immediate effect doesn’t guarantee high execution efficiency for the next task although it has abilities in achieving high resource utilization. Based on this argument, LB-BC introduces the concept of achieving the overall load balancing in a long-term process in contrast to the immediate load balancing approaches in the current literature. LB-BC makes a limited constraint about all physical hosts aiming to achieve a task deployment approach with global search capability in terms of the performance function of computing resource. The Bayes theorem is combined with the clustering process to obtain the optimal clustering set of physical hosts finally. Simulation results show that compared with the existing works, the proposed approach has reduced the failure number of task deployment events obviously, improved the throughput, and optimized the external services performance of cloud data centers. | 2016 |
6 | A Secure Anti-Collusion Data Sharing Scheme for Dynamic Groups in the Cloud | Benefited from cloud computing, users can achieve an effective and economical approach for data sharing among group members in the cloud with the characters of low maintenance and little management cost. Meanwhile, we must provide security guarantees for the sharing data files since they are outsourced. Unfortunately, because of the frequent change of the membership, sharing data while providing privacy-preserving is still a challenging issue, especially for an untrusted cloud due to the collusion attack. Moreover, for existing schemes, the security of key distribution is based on the secure communication channel, however, to have such channel is a strong assumption and is difficult for practice. In this paper, we propose a secure data sharing scheme for dynamic members. First, we propose a secure way for key distribution without any secure communication channels, and the users can securely obtain their private keys from group manager. Second, our scheme can achieve fine-grained access control, any user in the group can use the source in the cloud and revoked users cannot access the cloud again after they are revoked. Third, we can protect the scheme from collusion attack, which means that revoked users cannot get the original data file even if they conspire with the untrusted cloud. In our approach, by leveraging polynomial function, we can achieve a secure user revocation scheme. Finally, our scheme can achieve fine efficiency, which means previous users need not to update their private keys for the situation either a new user joins in the group or a user is revoked from the group. | 2016 |
7 | Circuit Ciphertext-Policy Attribute-Based Hybrid Encryption with Verifiable Delegation in Cloud Computing | In the cloud, for achieving access control and keeping data confidential, the data owners could adopt attribute-based encryption to encrypt the stored data. Users with limited computing power are however more likely to delegate the mask of the decryption task to the cloud servers to reduce the computing cost. As a result, attribute-based encryption with delegation emerges. Still, there are caveats and questions remaining in the previous relevant works. For instance, during the delegation, the cloud servers could tamper or replace the delegated ciphertext and respond a forged computing result with malicious intent. They may also cheat the eligible users by responding them that they are ineligible for the purpose of cost saving. Furthermore, during the encryption, the access policies may not be flexible enough as well. Since policy for general circuits enables to achieve the strongest form of access control, a construction for realizing circuit ciphertext-policy attribute-based hybrid encryption with verifiable delegation has been considered in our work. In such a system, combined with verifiable computation and encrypt-then-mac mechanism, the data confidentiality, the fine-grained access control and the correctness of the delegated computing results are well guaranteed at the same time. Besides, our scheme achieves security against chosen-plaintext attacks under the k-multilinear Decisional Diffie-Hellman assumption. Moreover, an extensive simulation campaign confirms the feasibility and efficiency of the proposed solution. | 2016 |
8 | Code-Based Neighbor Discovery Protocols in Mobile Wireless Networks | In mobile wireless networks, the emerging proximity-based applications have led to the need for highly effective and energy-efficient neighbor discovery protocols. However, existing works cannot realize the optimal worst-case latency in the symmetric case, and their performances with asymmetric duty cycles can still be improved. In this paper, we investigate asynchronous neighbor discovery through a code-based approach, including the symmetric and asymmetric cases. We derive the tight worst-case latency bound in the case of symmetric duty cycle. We design a novel class of symmetric patterns called Diff-Codes, which is optimal when the Diff-Code can be extended from a perfect difference set. We further consider the asymmetric case and design ADiff-Codes. To evaluate (A)Diff-Codes, we conduct both simulations and testbed experiments. Both simulation and experiment results show that (A)Diff-Codes significantly outperform existing neighbor discovery protocols in both the median case and worst case. Specifically, in the symmetric case, the maximum worst-case improvement is up to 50%; in both symmetric and asymmetric cases, the median case gain is as high as 30%. | 2016 |
9 | Duplicate Detectable Opportunistic Forwarding in Duty-Cycled Wireless Sensor Networks | Opportunistic routing, offering relatively efficient and adaptive forwarding in low-duty-cycled sensor networks, generally allows multiple nodes to forward the same packet simultaneously, especially in networks with intensive traffic. Uncoordinated transmissions often incur a number of duplicate packets, which are further forwarded in the network, occupy the limited network resource, and hinder the packet delivery performance. Existing solutions to this issue, e.g., overhearing or coordination based approaches, either cannot scale up with the system size, or suffer high control overhead. We present Duplicate-Detectable Opportunistic Forwarding (DOF), a duplicate-free opportunistic forwarding protocol for low-duty-cycled wireless sensor networks. DOF enables senders to obtain the information of all potential forwarders via a slotted acknowledgment scheme, so the data packets can be sent to the deterministic next-hop forwarder. Based on light-weight coordination, DOF explores the opportunities as many as possible and removes duplicate packets from the forwarding process. We implement DOF and evaluate its performance on an indoor testbed with 20 TelosB nodes. The experimental results show that DOF reduces the average duplicate ratio by 90%, compared to state-of-the-art opportunistic protocols, and achieves 61.5% enhancement in network yield and 51.4% saving in energy consumption. | 2016 |
10 | Optimal Partial Relaying for Energy-Harvesting Wireless Networks | In this paper, we asses the benefits of using partial relaying in energy-harvesting networks. We consider a system composed of a source, a relay, and a destination. Each of the source and the relay has energy-harvesting capability and generates its own traffic. The source is helped by the relay through a partial relaying network-level cooperation protocol. The relay regulates the arrivals from the source by accepting only a proportion of the successfully received packets at the relay. The relaying parameter, which determines the proportion of packets to be accepted, is selected based on the parameters of the network to ensure the stability of the source and the relay data queues. In this work, we provide an exact characterization of the stability region of the network. We derive the optimal value of the relaying parameter to maximize the stable throughput of the source for a given data arrival rate to the relay. Also, we compare the stability region of the proposed strategy with partial relaying to the stability regions of simple transmission strategies. Finally, we consider the problem of network utility optimization in which we optimize over the value of the relaying parameter for a given pair of data arrival rates for the source and the relay. | 2016 |
11 | Optimizing Cost for Online Social Networks on Geo-Distributed Clouds | Geo-distributed clouds provide an intriguing platform to deploy online social network (OSN) services. To leverage the potential of clouds, a major concern of OSN providers is optimizing the monetary cost spent in using cloud resources while considering other important requirements, including providing satisfactory quality of service (QoS) and data availability to OSN users. In this paper, we study the problem of cost optimization for the dynamic OSN on multiple geo-distributed clouds over consecutive time periods while meeting predefined QoS and data availability requirements. We model the cost, the QoS, as well as the data availability of the OSN, formulate the problem, and design an algorithm named . We carry out extensive experiments with a large-scale real-world Twitter trace over 10 geo-distributed clouds all across the US. Our results show that, while always ensuring the QoS and the data availability as required, can reduce much more one-time cost than the state-of-the-art methods, and it can also significantly reduce the accumulative cost when continuously evaluated over 48 months, with OSN dynamics comparable to real-world cases. | 2016 |
12 | A Time Efficient Approach for Detecting Errors in Big Sensor Data on Cloud
|
Big sensor data is prevalent in both industry and scientific research applications where the data is generated with high volume and velocity it is difficult to process using on-hand database management tools or traditional data processing applications. Cloud computing provides a promising platform to support the addressing of this challenge as it provides a flexible stack of massive computing, storage, and software services in a scalable manner at low cost. Some techniques have been developed in recent years for processing sensor data on cloud, such as sensor-cloud. However, these techniques do not provide efficient support on fast detection and locating of errors in big sensor data sets. For fast data error detection in big sensor data sets, in this paper, we develop a novel data error detection approach which exploits the full computation potential of cloud platform and the network feature of WSN. Firstly, a set of sensor data error types are classified and defined. Based on that classification, the network feature of a clustered WSN is introduced and analyzed to support fast error detection and location. Specifically, in our proposed approach, the error detection is based on the scale-free network topology and most of detection operations can be conducted in limited temporal or spatial data blocks instead of a whole big data set. Hence the detection and location process can be dramatically accelerated. Furthermore, the detection and location tasks can be distributed to cloud platform to fully exploit the computation power and massive storage. Through the experiment on our cloud computing platform of U-Cloud, it is demonstrated that our proposed approach can significantly reduce the time for error detection and location in big data sets generated by large scale sensor network systems with acceptable error detecting accuracy.
|
2015 |
13 | ACPN: A Novel Authentication Framework with Conditional Privacy-Preservation and Non-Repudiation for VANETs | In Vehicular Ad hoc NETworks (VANETs), authentication is a crucial security service for both inter-vehicle and vehicle-roadside communications. On the other hand, vehicles have to be protected from the misuse of their private data and the attacks on their privacy, as well as to be capable of being investigated for accidents or liabilities from non-repudiation. In this paper, we investigate the authentication issues with privacy preservation and non-repudiation in VANETs. We propose a novel framework with preservation and repudiation (ACPN) for VANETs. In ACPN, we introduce the public-key cryptography (PKC) to the pseudonym generation, which ensures legitimate third parties to achieve the non-repudiation of vehicles by obtaining vehicles’ real IDs. The self-generated PKC-based pseudonyms are also used as identifiers instead of vehicle IDs for the privacy-preserving authentication, while the update of the pseudonyms depends on vehicular demands. The existing ID-based signature (IBS) scheme and the ID-based online/offline signature (IBOOS) scheme are used, for the authentication between the road side units (RSUs) and vehicles, and the authentication among vehicles, respectively. Authentication, privacy preservation, non-repudiation and other objectives of ACPN have been analyzed for VANETs. Typical performance evaluation has been conducted using efficient IBS and IBOOS schemes. We show that the proposed ACPN is feasible and adequate to be used efficiently in the VANET environment.
|
2015 |
14 | Secrecy Capacity Optimization via Cooperative Relaying and Jamming for WANETs | Cooperative wireless networking, which is promising in improving the system operation efficiency and reliability by acquiring more accurate and timely information, has attracted considerable attentions to support many services in practice. However, the problem of secure cooperative communication has not been well investigated yet. In this paper, we exploit physical layer security to provide secure cooperative communication for wireless ad hoc networks (WANETs) where involve multiple source-destination pairs and malicious eavesdroppers. By characterizing the security performance of the system by secrecy capacity, we study the secrecy capacity optimization problem in which security enhancement is achieved via cooperative relaying and cooperative jamming. Specifically, we propose a system model where a set of relay nodes can be exploited by multiple source-destination pairs to achieve physical layer security. We theoretically present a corresponding formulation for the relay assignment problem and develop an optimal algorithm to solve it in polynomial time. To further increase the system secrecy capacity, we exploit the cooperative jamming technique and propose a smart jamming algorithm to interfere the eavesdropping channels. Through extensive experiments, we validate that our proposed algorithms significantly increase the system secrecy capacity under various network settings.
|
2015 |
15 | Secure Spatial Top-k Query Processing via Untrusted Location-Based Service Providers
|
This paper considers a novel distributed system for collaborative location-based information generation and sharing which become increasingly popular due to the explosive growth of Internet-capable and location-aware mobile devices. The system consists of a data collector, data contributors, location-based service providers (LBSPs), and system users. The data collector gathers reviews about points-of-interest (POIs) from data contributors, while LBSPs purchase POI data sets from the data collector and allow users to perform spatial top-k queries which ask for the POIs in a certain region and with the highest k ratings for an interested POI attribute. In practice, LBSPs are untrusted and may return fake query results for various bad motives, e.g., in favor of POIs willing to pay. This paper presents three novel schemes for users to detect fake spatial snapshot and moving top-k query results as an effort to foster the practical deployment and use of the proposed system. The efficacy and efficiency of our schemes are thoroughly analyzed and evaluated. | 2015 |