Security and Communication Networks

From the table in the succeeding text, we can see that the proposed scheme is more secure and more reasonable than Lee and Hsu's scheme. We also provide a new method to achieve three-factor authentication scheme.

Considered the unreliable and dynamic characteristics of cloud computing, cloud service failures are inevitable, which have an adverse effect on task execution and scheduling. To improve cloud service reliability, we first analyze the fault recovery mechanism, and then, cloud failures considered in this paper are classified into two categories: unrecoverable failures and recoverable failures. By integrating the existing dynamic level scheduling (DLS) algorithm, a novel scheduling algorithm based on fault recovery mechanism named fault recovery-based DLS algorithm is proposed to reduce the failure probability of task assignments. The experimental results confirm that fault recovery mechanism can meet the reliability requirements of cloud computing infrastructures and the proposed algorithm can effectively ensure trustworthy execution of tasks.

This paper considers security analysis of a cross-realm client-to-client password-authenticated for secure email. In this paper, it is shown that the protocol does not provide the claimed property of perfect forward secrecy; is vulnerable to some attacks including dictionary, replay, and password-compromise impersonation attacks; and has some other defects that are explained in the paper.

Our analyses show that with only a small number of SSSs and through chain counterattacks, Serum System can automatically and rapidly defeat related infected hosts. Compared with white worms whose spread cannot be controlled, Serum System only spreads on infected hosts. The amount of accumulative traffic saved by Serum System at time tick 450 reached 90%.

Asymmetric key establishment protocols for distributed sensor networks (DSNs) are more resilient to node impersonation and insider attacks, in comparison to symmetric protocols, but unfortunately, they are computationally expensive and thus impractical. In this paper, we present two key establishment protocols for static DSNs, a hybrid and a fully asymmetric protocol. Through simulations we measure their efficiency, in comparison with existing hybrid protocols, and we provide evidence of their feasibility for highly sensitive DSN applications.

Biometrics has widely been considered to strengthen security and privacy in the network security field. This study aims to evaluate biometrics and to provide suggestions for selection. The outcomes first indicate that technology assessment should be the key object in selecting biometric technologies. The outcomes also indicate that features of the target technologies should be considered when evaluating them. In addition, fingerprint recognition, iris recognition, and face recognition are the preferred biometrics in evaluation and selection.

In this paper, we propose an authentication framework for automatic dependent surveillance-broadcast system for the future e-enabled aircrafts. The proposed framework is based on our new online/offline identity-based signature scheme. This scheme resolves the public-key infrastructure management issue by using the identities of aircrafts as public keys and makes it possible to frequently sign automatic dependent surveillance-broadcast messages exchanged between aircrafts and ground controllers through online/offline signature generation.

In this paper, we use distance-2 coloring to traceback and mitigate distributed denial of service attacks. Routers probabilistically mark packets with their color but deterministically compute the path identifier (PID). Victim uses the PID to discriminate incoming packets and collect them in separate groups. Finally, the packets are sorted based on their count to construct the attack path. Performance analysis shows that the scheme is robust to Time To Live spoofing, color spoofing, and multi party traceback.

Wormhole attack is a devastating attack that haunts the network managers because of its severe effects. Lately, wormhole attack is been possible in low power and lossy network (LLN), because of the scarcity of resources in LLN-based networks. The effects of wormhole are more severe and lead to situations where it is difficult to diagnose the network. In order to tackle this, we propose a resilient Merkle tree based mechanism that avoids wormhole in the LLN-based networks. Simulation results suggest improvements in network performance and conservation of network resources, which is crucial for LLN-based networks.

This paper presents a Border Gateway Protocol (BGP) monitoring method, which is called cooperative information sharing model (CoISM). CoISM can provide autonomous systems with a more comprehensive information view. CoISM optimizes the information transmission by leveraging the data locality caused by BGP policy and implements ISP coordination with low communication and deployment cost. More specifically, CoISM provides a self-organizing and incentive mechanism, which drives autonomous systems to coordinate independently and shares information on-demand.

This paper enhanced the classic role-based access control model through two concepts: domain and virtual machines. We defined a new model named VRBAC in which authorized users can migrate or copy virtual machines from one domain to another without causing a conflict. Domain users or groups are allowed to share permissions of not only resources such as shared files but also virtual machines with others either from the same or a different domain.

A trust dynamic task allocation algorithm is proposed to address the task allocation problem for a heterogeneous wireless sensor network (WSN). A discrete particle swarm optimization is designed to generate a structure of the parallel coalitions. Task strategies and payoff functions by invoking the game theory in WSNs are designed.

This paper aims at identifying and discussing solution to OpenID Phishing by proposing a user authentication scheme that allows OpenID providers to identify a user using publicly known entities. The authentication scheme is also validated through detailed descriptions of use cases and prototype implementation.

This article proposes an architecture for mobile devices to address the most important security challenge: an end-to-end secure channel from users to services. Securing input and output is difficult because the complexity of current mobile platforms implies that they cannot be fully trusted. A combination of virtualization, secure hardware, and minor hardware additions can address the problem.

This paper presents AutoMal, a system for automatically extracting signatures from large-scale malware, and our main contribution is putting forward the concept hashing signature and developing the corresponding mechanism constituted by three methods in the paper. We utilize feature hashing for high-dimensional feature spaces reducing and propose cross association with median filtering for malware clustering then provide Bayesian selection for signature generating and evaluating. The results show that AutoMal can generate strongly noise-resisted signatures that exactly show the characteristics of malware.

This is the first time to propose heterogeneous network operating systems (NOSes) working together. This paper proposes a west–east bridge mechanism for distributed heterogeneous NOSes to cooperate in enterprise/data center/intra-autonomous system networks. To achieve a resilient peer-to-peer control plane of distributed heterogeneous NOSes, we propose a “maximum connection degree”-based connection algorithm. The implementation and deployment in three SDN networks (CERNET, Internet2, and CSTNET) proves the feasibility.

This paper proposes Comb, which is a hierarchical distributed hash table lookup service. Comb's overlay is organized as a two-layered architecture; workload is distributed evenly among nodes; and most queries can be routed in no more than two hops. Comb is capable to scale to large systems and resilient to fluctuate; it provides a self-managing and self-healing mechanism for supporting system recovery from inconsistence. Comb performs effectively with low bandwidth consumption and satisfactory fault tolerance even in a continuously changing environment.

Using Multi-channel will impact network connectivity. The mobility scenario will make the channel assignment even harder. This paper presents a channel usage-based dynamic assignment method for VANET, which can switch channels to utilize the multi-channel resource efficiently, while still keeping the network connectivity as good as single channel network.

In this paper, we propose the Mahalanobis distance similarity measure based template attack (MDSM-based TA). We show the relationship between MDSM-based TA and maximum likelihood principle based TA. Experimental results verify that, in the same attack scenario, the key-recovery efficiency of MDSM-based TA can be higher than that of maximum likelihood principle based TA.