Visible to the public Communications Security

SoS Newsletter- Advanced Book Block

SoS Logo

Communications Security

This collection of citations covers a range of issues in communications security from a theoretic or scientific level.  Included are topics such as secure MSR regenerating codes, OS fingerprinting, jamming resilient codes, and irreducible pentanomials.  These works were presented or published in 2014.

Sasidharan, B.; Kumar, P.V.; Shah, N.B.; Rashmi, K.V.; Ramachandran, K., "Optimality of the Product-Matrix Construction For Secure MSR Regenerating Codes," Communications, Control and Signal Processing (ISCCSP), 2014 6th International Symposium on, pp.10,14, 21-23 May 2014 doi: 10.1109/ISCCSP.2014.6877804 In this paper, we consider the security of exact-repair regenerating codes operating at the minimum-storage-regenerating (MSR) point. The security requirement (introduced in Shah et. al.) is that no information about the stored data file must be leaked in the presence of an eavesdropper who has access to the contents of ℓ1 nodes as well as all the repair traffic entering a second disjoint set of ℓ2 nodes. We derive an upper bound on the size of a data file that can be securely stored that holds whenever ℓ2 ≤ d - k + 1. This upper bound proves the optimality of the product-matrix-based construction of secure MSR regenerating codes by Shah et. al.

Keywords: encoding; matrix algebra; MSR point; data file; eavesdropper; exact repair regenerating code security; minimum storage regenerating point; product matrix; product matrix construction; repair traffic; secure MSR regenerating codes; Bandwidth; Data collection; Entropy; Maintenance engineering; Random variables; Security; Upper bound; MSR codes; Secure regenerating codes; product-matrix construction; regenerating codes (ID#: 15-3600)



Gu, Y.; Fu, Y.; Prakash, A.; Lin, Z.; Yin, H., "Multi-Aspect, Robust, and Memory Exclusive Guest OS Fingerprinting," Cloud Computing, IEEE Transactions on vol. PP, no.99, pp. 1, 1, 11 July 2014. doi: 10.1109/TCC.2014.2338305 Precise fingerprinting of an operating system (OS) is critical to many security and forensics applications in the cloud, such as virtual machine (VM) introspection, penetration testing, guest OS administration, kernel dump analysis, and memory forensics. The existing OS fingerprinting techniques primarily inspect network packets or CPU states, and they all fall short in precision and usability. As the physical memory of a VM always exists in all these applications, in this article, we present OSSOMMELIER +, a multi-aspect, memory exclusive approach for precise and robust guest OS fingerprinting in the cloud. It works as follows: given a physical memory dump of a guest OS, OS-SOMMELIER+ first uses a code hash based approach from kernel code aspect to determine the guest OS version. If code hash approach fails, OS-SOMMELIER+ then uses a kernel data signature based approach from kernel data aspect to determine the version. We have implemented a prototype system, and tested it with a number of Linux kernels. Our evaluation results show that the code hash approach is faster but can only fingerprint the known kernels, and data signature approach complements the code signature approach and can fingerprint even unknown kernels.

Keywords:  (not provided) (ID#: 15-3601)



Liu, Yuanyuan; Cheng, Jianping; Zhang, Li; Xing, Yuxiang; Chen, Zhiqiang; Zheng, Peng, "A Low-Cost Dual Energy CT System With Sparse Data," Tsinghua Science and Technology , vol.19, no.2, pp.184,194, April 2014. doi: 10.1109/TST.2014.6787372 Dual Energy CT (DECT) has recently gained significant research interest owing to its ability to discriminate materials, and hence is widely applied in the field of nuclear safety and security inspection. With the current technological developments, DECT can be typically realized by using two sets of detectors, one for detecting lower energy X-rays and another for detecting higher energy X-rays. This makes the imaging system expensive, limiting its practical implementation. In 2009, our group performed a preliminary study on a new low-cost system design, using only a complete data set for lower energy level and a sparse data set for the higher energy level. This could significantly reduce the cost of the system, as it contained much smaller number of detector elements. Reconstruction method is the key point of this system. In the present study, we further validated this system and proposed a robust method, involving three main steps: (1) estimation of the missing data iteratively with TV constraints; (2) use the reconstruction from the complete lower energy CT data set to form an initial estimation of the projection data for higher energy level; (3) use ordered views to accelerate the computation. Numerical simulations with different number of detector elements have also been examined. The results obtained in this study demonstrate that 1 + 14% CT data is sufficient enough to provide a rather good reconstruction of both the effective atomic number and electron density distributions of the scanned object, instead of 2 sets CT data.

Keywords: Computed tomography; Detectors; Energy states; Image reconstruction; Reconstruction algorithms; TV; X-rays; ART-TV; X-ray imaging; dual energy CT system; material discrimination; reconstruction; sparse samples (ID#: 15-3602)



Yao, H.; Silva, D.; Jaggi, S.; Langberg, M., "Network Codes Resilient to Jamming and Eavesdropping," Networking, IEEE/ACM Transactions on, vol. PP, no.99, pp.1,1, 3 Feb 2014. doi: 10.1109/TNET.2013.2294254 We consider the problem of communicating information over a network secretly and reliably in the presence of a hidden adversary who can eavesdrop and inject malicious errors. We provide polynomial-time distributed network codes that are information-theoretically rate-optimal for this scenario, improving on the rates achievable in prior work by Ngai  Our main contribution shows that as long as the sum of the number of links the adversary can jam (denoted by $ Z_{O}$ ) and the number of links he can eavesdrop on (denoted by $ Z_{I}$) is less than the network capacity (denoted by $ C$) (i.e., $ Z_{O}+ Z_{I}< C$), our codes can communicate (with vanishingly small error probability) a single bit correctly and without leaking any information to the adversary. We then use this scheme as a module to design codes that allow communication at the source rate of $ C- Z_{O}$ when there are no security requirements, and codes that allow communication at the source rate of $ C- Z_{O}- Z_{I}$ while keeping the communicated message provably secret from the adversary. Interior nodes are oblivious to the presence of adversaries and perform random linear network coding; only the source and destination need to be tweaked. We also prove that the rate-region obtained is information-theoretically optimal. In proving our results, we correct an error in prior work by a subset of the authors in this paper.

Keywords: Error probability; Jamming; Network coding; Robustness; Transforms; Vectors; Achievable rates; adversary; error control; network coding; secrecy  (ID#: 15-3603)



Yang, J.-S.; Chang, J.-M.; Pai, K.-J.; Chan, H.-C., "Parallel Construction of Independent Spanning Trees on Enhanced Hypercubes," Parallel and Distributed Systems, IEEE Transactions on, vol. PP, no. 99, pp.1, 1, 5 Nov 2014. doi: 10.1109/TPDS.2014.2367498 The use of multiple independent spanning trees (ISTs) for data broadcasting in networks provides a number of advantages, including the increase of fault-tolerance, bandwidth and security. Thus, the designs of multiple ISTs on several classes of networks have been widely investigated. In this paper, we give an algorithm to construct ISTs on enhanced hypercubes Qn;k, which contain folded hypercubes as a subclass. Moreover, we show that these ISTs are near optimal for heights and path lengths. Let D(Qn;k) denote the diameter of Qn;k. If n k is odd or n k 2 f2; ng, we show that all the heights of ISTs are equal to D(Qn;k) + 1, and thus are optimal. Otherwise, we show that each path from a node to the root in a spanning tree has length at most D(Qn;k) + 2. In particular, no more than 2.15% of nodes have the maximum path length. As a by-product, we improve the upper bound of wide diameter (respectively, fault diameter) of Qn;k from these path lengths.

Keywords: Broadcasting; Educational institutions; Electronic mail; Fault tolerance; Fault tolerant systems; Hypercubes; Vegetation; enhanced hypercubes; fault diameter; folded hypercubes ;independent spanning trees; interconnection networks; wide diameter  (ID#: 15-3604)



Ben Othman, S.; Trad, A.; Youssef, H., "Security Architecture For At-Home Medical Care Using Wireless Sensor Network," Wireless Communications and Mobile Computing Conference (IWCMC), 2014 International, pp.304,309, 4-8 Aug. 2014. doi: 10.1109/IWCMC.2014.6906374 Distributed wireless sensor network technologies have become one of the major research areas in healthcare industries due to rapid maturity in improving the quality of life. Medical Wireless Sensor Network (MWSN) via continuous monitoring of vital health parameters over a long period of time can enable physicians to make more accurate diagnosis and provide better treatment. The MWSNs provide the options for flexibilities and cost saving to patients and healthcare industries. Medical data sensors on patients produce an increasingly large volume of increasingly diverse real-time data. The transmission of this data through hospital wireless networks becomes a crucial problem, because the health information of an individual is highly sensitive. It must be kept private and secure. In this paper, we propose a security model to protect the transfer of medical data in hospitals using MWSNs. We propose Compressed Sensing + Encryption as a strategy to achieve low-energy secure data transmission in sensor networks.

Keywords: body sensor networks; compressed sensing; cryptography; health care; hospitals; patient monitoring; MWSN; at-home medical care;compressed sensing-encryption; distributed wireless sensor network technologies; healthcare industries; hospital wireless networks; low-energy secure data transmission; medical data sensors; medical wireless sensor network; security architecture; vital health parameter continuous monitoring; Encryption; Medical services; Sensors; Servers; Wireless sensor networks; Data Transmission; Encryption; Medical Wireless Sensor Network; Security (ID#: 15-3605)



Xi Xiong; Haining Fan, "GF(2n) Bit-Parallel Squarer Using Generalised Polynomial Basis For New Class Of Irreducible Pentanomials," Electronics Letters , vol. 50, no.9, pp. 655, 657, April 24 2014. doi: 10.1049/el.2014.0006 Explicit formulae and complexities of bit-parallel GF(2n) squarers for a new class of irreducible pentanomials xn + xn-1 + xk + x + 1, where n is odd and 1 <; k <; (n - 1)/2 are presented. The squarer is based on the generalised polynomial basis of GF(2n). Its gate delay matches the best results, whereas its XOR gate complexity is n + 1, which is only about two thirds of the current best results.

Keywords: logic gates; polynomials; GF(2n) bit-parallel squarer; XOR gate; gate delay; generalised polynomial basis; irreducible pentanomial (ID#: 15-3606)



Mo, Y.; Sinopoli, B., "Secure Estimation in the Presence of Integrity Attacks," Automatic Control, IEEE Transactions on, vol. PP, no. 99, pp.1, 1, 21 August 2014. doi: 10.1109/TAC.2014.2350231 We consider the estimation of a scalar state based on m measurements that can be potentially manipulated by an adversary. The attacker is assumed to have full knowledge about the true value of the state to be estimated and about the value of all the measurements. However, the attacker has limited resources and can only manipulate up to l of the m measurements. The problem is formulated as a minimax optimization, where one seeks to construct an optimal estimator that minimizes the “worst-case” expected cost against all possible manipulations by the attacker. We show that if the attacker can manipulate at least half the measurements (l m=2), then the optimal worst-case estimator should ignore all measurements and be based solely on the a-priori information. We provide the explicit form of the optimal estimator when the attacker can manipulate less than half the measurements (l < m=2), which is based on m 2l local estimators. We further prove that such an estimator can be reduced into simpler forms for two special cases, i.e., either the estimator is symmetric and monotone or m = 2l + 1. Finally we apply the proposed methodology in the case of Gaussian measurements.

Keywords: Cost function; Security; Sensors; State estimation; Vectors (ID#: 15-3607)



Yan-Xiao Liu, "Efficient t-Cheater Identifiable (k, n) Secret-Sharing Scheme for t ⩽ [((k - 2)/2)]," Information Security, IET  vol.  8, no. 1, pp.37, 41, Jan. 2014. doi: 10.1049/iet-ifs.2012.0322 In Eurocrypt 2011, Obana proposed a (k, n) secret-sharing scheme that can identify up to [((k - 2)/2)] cheaters. The number of cheaters that this scheme can identify meets its upper bound. When the number of cheaters t satisfies t ≤ [((k - 1)/3)], this scheme is extremely efficient since the size of share |Vi| can be written as |Vi| = |S|/ε, which almost meets its lower bound, where |S| denotes the size of secret and ε denotes the successful cheating probability; when the number of cheaters t is close to ((k - 2)/2)], the size of share is upper bounded by |Vi| = (n·(t + 1) · 23t-1|S|)/ε. A new (k, n) secret-sharing scheme capable of identifying [((k - 2)/2)] cheaters is presented in this study. Considering the general case that k shareholders are involved in secret reconstruction, the size of share of the proposed scheme is |Vi| = (2k - 1|S| )/ε, which is independent of the parameters t and n. On the other hand, the size of share in Obana's scheme can be rewritten as |Vi| = (n · (t + 1) · 2k - 1|S|)/ε under the same condition. With respect to the size of share, the proposed scheme is more efficient than previous one when the number of cheaters t is close to [((k - 2)/2)].

Keywords: probability; public key cryptography; (k, n) secret-sharing scheme; Obana's scheme; cheating probability; k-shakeholders; secret reconstruction (ID#: 15-3608)



Ta-Yuan Liu; Mukherjee, P.; Ulukus, S.; Shih-Chun Lin; Hong, Y.-W.P., "Secure DoF of MIMO Rayleigh block fading wiretap channels with No CSI anywhere," Communications (ICC), 2014 IEEE International Conference on, pp.1959,1964, 10-14 June 2014. doi: 10.1109/ICC.2014.6883610 We consider the block Rayleigh fading multiple-input multiple-output (MIMO) wiretap channel with no prior channel state information (CSI) available at any of the terminals. The channel gains remain constant in a coherence time of T symbols, and then change to another independent realization. The transmitter, the legitimate receiver and the eavesdropper have nt, nr and ne antennas, respectively. We determine the exact secure degrees of freedom (s.d.o.f.) of this system when T ≥ 2 min(nt, nr). We show that, in this case, the s.d.o.f. is exactly (min(nt, nr) - ne)+(T - min(nt, nr))/T. The first term can be interpreted as the eavesdropper with ne antennas taking away ne antennas from both the transmitter and the legitimate receiver. The second term can be interpreted as a fraction of s.d.o.f. being lost due to the lack of CSI at the legitimate receiver. In particular, the fraction loss, min(nt, nr)/T, can be interpreted as the fraction of channel uses dedicated to training the legitimate receiver for it to learn its own CSI. We prove that this s.d.o.f. can be achieved by employing a constant norm channel input, which can be viewed as a generalization of discrete signalling to multiple dimensions.

Keywords: MIMO communication; Rayleigh channels; radio receivers; radio transmitters; receiving antennas; telecommunication security; transmitting antennas; CSI; MIMO Rayleigh block fading wiretap channels secure DoF; antennas; channel state information; degrees of freedom; discrete signalling; multiple input multiple output; receiver; s.d.o.f; transmitter; Coherence; Fading; MIMO; Receivers; Transmitting antennas; Upper bound  (ID#: 15-3609)



Yanbing Liu; Qingyun Liu; Ping Liu; Jianlong Tan; Li Guo, "A Factor-Searching-Based Multiple String Matching Algorithm For Intrusion Detection," Communications (ICC), 2014 IEEE International Conference on, pp.653, 658, 10-14 June 2014. doi: 10.1109/ICC.2014.6883393 Multiple string matching plays a fundamental role in network intrusion detection systems. Automata-based multiple string matching algorithms like AC, SBDM and SBOM are widely used in practice, but the huge memory usage of automata prevents them from being applied to a large-scale pattern set. Meanwhile, poor cache locality of huge automata degrades the matching speed of algorithms. Here we propose a space-efficient multiple string matching algorithm BVM, which makes use of bit-vector and succinct hash table to replace the automata used in factor-searching-based algorithms. Space complexity of the proposed algorithm is O(rm2 + ΣpϵP |p|), that is more space-efficient than the classic automata-based algorithms. Experiments on datasets including Snort, ClamAV, URL blacklist and synthetic rules show that the proposed algorithm significantly reduces memory usage and still runs at a fast matching speed. Above all, BVM costs less than 0.75% of the memory usage of AC, and is capable of matching millions of patterns efficiently.

Keywords: {automata theory; security of data; string matching; AC; ClamAV; SBDM; SBOM; Snort; URL blacklist; automata-based multiple string matching algorithms; bit-vector; factor searching-based algorithms; factor-searching-based multiple string matching algorithm; huge memory usage; matching speed; network intrusion detection systems; space complexity; space-efficient multiple string matching algorithm BVM; succinct hash table; synthetic rules; Arrays; Automata; Intrusion detection; Pattern matching; Time complexity; automata; intrusion detection; multiple string matching; space-efficient (ID#: 15-3610)



Baofeng Wu; Qingfang Jin; Zhuojun Liu; Dongdai Lin, "Constructing Boolean Functions With Potentially Optimal Algebraic Immunity Based On Additive Decompositions Of Finite Fields (Extended Abstract)," Information Theory (ISIT), 2014 IEEE International Symposium on, pp.1361,1365, June 29 2014-July 4 2014. doi: 10.1109/ISIT.2014.6875055 We propose a general approach to construct cryptographic significant Boolean functions of (r + 1)m variables based on the additive decomposition F2rm × F2m of the finite field F2(r+1)m, where r ≥ 1 is odd and m ≥ 3. A class of unbalanced functions is constructed first via this approach, which coincides with a variant of the unbalanced class of generalized Tu-Deng functions in the case r = 1. Functions belonging to this class have high algebraic degree, but their algebraic immunity does not exceed m, which is impossible to be optimal when r > 1. By modifying these unbalanced functions, we obtain a class of balanced functions which have optimal algebraic degree and high nonlinearity (shown by a lower bound we prove). These functions have optimal algebraic immunity provided a combinatorial conjecture on binary strings which generalizes the Tu-Deng conjecture is true. Computer investigations show that, at least for small values of number of variables, functions from this class also behave well against fast algebraic attacks.

Keywords: Boolean functions; combinatorial mathematics; cryptography; additive decomposition; algebraic immunity; binary strings; combinatorial conjecture; cryptographic significant Boolean functions; fast algebraic attacks; finite field; generalized Tu-Deng functions; optimal algebraic degree; unbalanced functions; Additives; Boolean functions; Cryptography; Electronic mail; FAA; Information theory; Transforms (ID#: 15-3611)



Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.