Visible to the public Network Coding 2015Conflict Detection Enabled

SoS Newsletter- Advanced Book Block


SoS Logo

Network Coding



Network coding methods are used to improve a network’s throughput, efficiency, and scalability. They can also be a method for dealing with attacks and eavesdropping. For the Science of Security community, research into network coding is relevant to the general network problems associated with the hard problems of resiliency, composability, and predictive metrics, as well as cyber physical systems. The articles cited here were presented in 2015.

F. Chen, T. Xiang, Y. Yang, and S. Chow, “Secure Cloud Storage Meets with Secure Network Coding,” in IEEE Transactions on Computers, vol. 65, no. 6, pp.1936-1948, 2016. doi:10.1109/TC.2015.2456027
Abstract: This paper reveals an intrinsic relationship between secure cloud storage and secure network coding for the first time. Secure cloud storage was proposed only recently while secure network coding has been studied for more than ten years. Although the two areas are quite different in their nature and are studied independently, we show how to construct a secure cloud storage protocol given any secure network coding protocol. This gives rise to a systematic way to construct secure cloud storage protocols. Our construction is secure under a definition which captures the real world usage of the cloud storage. Furthermore, we propose two specific secure cloud storage protocols based on two recent secure network coding protocols. In particular, we obtain the first publicly verifiable secure cloud storage protocol in the standard model. We also enhance the proposed generic construction to support user anonymity and third-party public auditing, which both have received considerable attention recently. Finally, we prototype the newly proposed protocol and evaluate its performance. Experimental results validate the effectiveness of the protocol.
Keywords: Authentication; Cloud computing; Network coding; Protocols; Receivers; Secure storage; Cloud storage auditing; network coding; security; third-party public auditing; user anonymity (ID#: 16-10318)


Y. J. Chen, L. C. Wang, and C. H. Liao, “Eavesdropping Prevention for Network Coding Encrypted Cloud Storage Systems,” in IEEE Transactions on Parallel and Distributed Systems, vol. 27, no. 8, pp. 2261-2273, 2016. doi:10.1109/TPDS.2015.2486772
Abstract: Network coding is an important cloud storage technique, which can recover data with small repair bandwidth and high reliability compared to the existing erasure coding and replication methods. However, regardless of which data recovery technique is used, the repaired data in a geographically distributed cloud storage system are easy to be eavesdropped at the transmission link between the local datacenter and its remote backup site. This kind of network security issue is called link eavesdropping in this paper. For a network coded cloud storage system, we propose a systematic design methodology to determine the important data recovery system parameters for any specified security level. Through analysis, we present the performance curves to relate the remote repair bandwidth and the number of coded data fragments. Consequently, all the important system parameters of a network coded data recovery system, including the number of storage nodes and the link capacity between the datacenter and the backup site, can be precisely designed for satisfying different security level requirements.
Keywords: Bandwidth; Cloud computing; Distributed databases; Encoding; Maintenance engineering; Network coding; Security; Data security; Distributed storage; Network coding (ID#: 16-10319)


M. Sipos, J. Heide, D. Lucani, M. Pedersen, F. Fitzek, and H. Charaf, “Adaptive Network Coded Clouds: High Speed Downloads and Cost-Effective Version Control,” in IEEE Transactions on Cloud Computing, vol. PP, no.99, pp. 1-1, 2015. doi:10.1109/TCC.2015.2481433
Abstract: Although cloud systems provide a reliable and flexible storage solution, the use of a single cloud service constitutes a single point of failure, which can compromise data availability, download speed, and security. To address these challenges, we advocate for the use of multiple cloud storage providers simultaneously using network coding as the key enabling technology. Our goal is to study two challenges of network coded storage systems. First, the efficient update of the number of coded fragments per cloud in a system aggregating multiple clouds in order to boost the download speed of files. We developed a novel scheme using recoding with limited packets to trade-off storage space, reliability, and data retrieval speed. Implementation and measurements with commercial cloud providers show that up to 9x less network use is needed compared to other network coding schemes, while maintaining similar download speeds and reliability. Second, the ability to update coded fragments from a linear erasure code when the original file is modified. We exploit code structure to provide efficient representations of the evolution of the file. Evaluations using file changes on software library repositories show that a five-order of magnitude reduction in network and storage use is possible compared to state-of-the-art.
Keywords: Bandwidth; Cloud computing; Control systems; Decoding; Encoding; Network coding; Reliability; Distributed systems; Error control codes; Information Storage and Retrieval (ID#: 16-10320)


A. Le, A. Markopoulou, and A. G. Dimakis, “Auditing for Distributed Storage Systems,” in IEEE/ACM Transactions on Networking, vol. PP, no. 99, pp. 1-1, 2015. doi:10.1109/TNET.2015.2450761
Abstract: Distributed storage codes have recently received a lot of attention in the community. Independently, another body of work has proposed integrity-checking schemes for cloud storage, none of which, however, is customized for coding-based storage or can efficiently support repair. In this work, we bridge the gap between these two currently disconnected bodies of work. We propose {ssr NC {mathchar , a novel cryptography-based remote data integrity-checking scheme, designed specifically for network-coding-based distributed storage systems. {ssr NC {mathchar  combines, for the first time, the following desired properties: 1) efficient checking of data integrity; 2) efficient support for repairing failed nodes; and 3) protection against information leakage when checking is performed by a third party. The key ingredient of the design of {ssr NC {mathchar  is a novel combination of {ssr SpaceMac} , a homomorphic message authentication code (MAC) scheme for network coding, and {ssr NCrypt} , a novel chosen-plaintext attack (CPA) secure encryption scheme that preserves the correctness of {ssr SpaceMac} . Our evaluation of {ssr NC {mathchar  based on a real Java implementation shows that the proposed scheme has significantly lower overhead compared to the state-of-the-art schemes for both auditing and repairing of failed nodes.
Keywords: Bandwidth; Cloud computing; Cryptography; Distributed databases; Encoding; Maintenance engineering; Protocols; Auditing; distributed storage; encryption; integrity; network coding; security (ID#: 16-10321)


Z. Ren, L. Wang, Q. Wang, and M. Xu, “Dynamic Proofs of Retrievability for Coded Cloud Storage Systems,” in IEEE Transactions on Services Computing, vol. PP, no. 99, pp. 1-1, 2015. doi:10.1109/TSC.2015.2481880
Abstract: Cloud storage allows users to store their data in a remote server to get rid of expensive local storage and management costs and then access data of interest anytime anywhere. A number of solutions have been proposed to tackle the verification of remote data integrity and retrievability in cloud storage systems. Most of existing schemes, however, do not support efficient data dynamics and/or suffer from security vulnerabilities when involving dynamic data operations. In this paper, we propose a dynamic proof of retrievability scheme supporting public auditability and communication-efficient recovery from data corruptions. To this end, we split up the data into data blocks and encode each data block individually using outer code and inner code before outsourcing so that i) an update inside any data block only affects a few codeword symbols and ii) communication-efficient data repair for a breakdown server can be achieved and communication overhead for small data corruptions within a server can be eliminated. Based on the encoded data blocks, we utilize rb23Tree to enforce the data sequence for dynamic operations, preventing the cloud service provider from manipulating data block to pass the integrity check in the dynamic scenario. We also analyze the effectiveness of the proposed construction in defending against pollution attacks during data recovery. Formal security analysis and extensive experimental evaluations are conducted, showing that the proposed scheme is practical for use in cloud storage systems.
Keywords: Cloud computing; Encoding; Metadata; Network coding; Redundancy; Security; Servers; Cloud storage; Data availability; Data dynamics; Data integrity; Public audit (ID#: 16-10322)


T. Hayajneh, S. Ullah, B. J. Mohd, and K. Balagani, “An Enhanced WLAN Security System with FPGA Implementation for Multimedia Applications,” in IEEE Systems Journal, vol. PP, no. 99, pp. 1-10, 2015. doi:10.1109/JSYST.2015.2424702
Abstract: Maintaining a high level of data security with a low impact on system performance is more challenging in wireless multimedia applications. Protocols that are used for wireless local area network (WLAN) security are known to significantly degrade performance. In this paper, we propose an enhanced security system for a WLAN. Our new design aims to decrease the processing delay and increase both the speed and throughput of the system, thereby making it more efficient for multimedia applications. Our design is based on the idea of offloading computationally intensive encryption and authentication services to the end systems’ CPUs. The security operations are performed by the hosts’ central processor (which is usually a powerful processor) before delivering the data to a wireless card (which usually has a low-performance processor). By adopting this design, we show that both the delay and the jitter are significantly reduced. At the access point, we improve the performance of network processing hardware for real-time cryptographic processing by using a specialized processor implemented with field-programmable gate array technology. Furthermore, we use enhanced techniques to implement the Counter (CTR) Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) and the CTR protocol. Our experiments show that it requires timing in the range of 20–40 \mumbox{s}  to perform data encryption and authentication on different end-host CPUs (e.g., Intel Core i5, i7, and AMD 6-Core) as compared with 10–50 ms when performed using the wireless card. Furthermore, when compared with the standard WiFi protected access II (WPA2), results show that our proposed security system improved the speed to up to 3.7 times.
Keywords: Authentication; Encryption; Multimedia communication; Protocols; Throughput; Wireless LAN; Field-programmable gate array (FPGA); IEEE 802.11i; WiFi protected access II (WPA2); multimedia security; wireless local area network (WLAN) (ID#: 16-10323)


H. C. Chen, “TCABRP: A Trust-Based Cooperation Authentication Bit-Map Routing Protocol Against Insider Security Threats in Wireless Ad Hoc Networks,” in IEEE Systems Journal, vol. PP, no. 99, pp. 1-11, 2015. doi:10.1109/JSYST.2015.2437285
Abstract: In recent years, threats in wireless ad hoc networks (WANETs) could be further divided into outside and insider threats. It is important to consider that the majority of insider threats come from the users who are fully authorized to use the systems they are accessing. This new situation would greatly inhibit the normal activity for data communications, and cause the WANETs to spend a longer time for delivering the same data volumes. Therefore, a Trust-Based Cooperation Authentication Bit-Map Routing Protocol (TCABRP) against insider threats in WANETs is proposed in this paper. It could reduce the damages away from the insider threats in a WANET. Specifically, the cooperation evaluations are employed that include three factors: cooperative scores, cooperative trust values and authenticated codes. The routing protocol is not only a type of behavioral-based technique but also a kind of efficient cryptographic protocol. The cooperative evaluations route vector could protect the chain of the router vector authentication codes for verifying the delivery process and determining whether it is correct or incorrect. Moreover, the proposed routing protocol in WANET could not only prevent InTs efficiently, but also evaluate the behaviors of the compromised node or a selfish node as well.
Keywords: Authentication; Communication system security; Nickel; Public key; Routing protocols; Wireless communication; Cooperative routing protocol; route vector authentication code (RVAC); trusted routing protocol; wireless ad hoc networks (WANETs) (ID#: 16-10324)


A. K. Sood, S. Zeadally, and R. Bansal, “Exploiting Trust: Stealthy Attacks Through Socioware and Insider Threats,” in IEEE Systems Journal, vol. PP, no. 99, pp. 1-12, 2015. doi:10.1109/JSYST.2015.2388707
Abstract: Online social networks (OSNs) provide a new dimension to people’s lives by giving birth to online societies. OSNs have revolutionized the human experience, but they have also created a platform for attackers to distribute infections and conduct cybercrime. An OSN provides an opportunistic attack platform for cybercriminals through which they can spread infections at a large scale. We describe a category of malware (or attacks) known as socioware that exploits OSN environments for performing unauthorized and nefarious activities. Socioware can be an executable, an extension, an exploit code, etc., that conducts malicious operations in OSNs with serious impact on users. Furthermore, we discuss the socioware taxonomy highlighting the characteristics of socioware to illustrate the design and exploitation tactics of OSN malware. In contrast, insider threats (employees or contractors) are posing a grave threat to organizations, with a motivation to steal critical data and monetize it for financial gains. Insider threats have become a serious concern for many organizations today. We present a complete attack model to demonstrate how an insider threat exploits the online trust and confidentiality by transforming an OSN into a socioware distribution platform that infects other employees’ systems. Finally, we discuss security defenses that can be adopted to defend against socioware.
Keywords: Browsers; Facebook; Malware; Organizations; Servers; Taxonomy; Attack; cybercrime; insider threats; malware; online social networks (OSNs); vulnerability (ID#: 16-10325)


C. Fachkha and M. Debbabi, “Darknet as a Source of Cyber Intelligence: Survey, Taxonomy and Characterization,” in IEEE Communications Surveys & Tutorials, vol. 18, no. 2, pp. 1197-1227, Secondquarter, 2016. doi:10.1109/COMST.2015.2497690
Abstract: Today, the Internet security community is largely emphasizing on cyberspace monitoring for the purpose of generating cyber intelligence. In this paper, we present a survey on darknet. The latter is an effective approach to observe Internet activities and cyber attacks via passive monitoring. We primarily define and characterize darknet and indicate its alternative names. We further list other trap-based monitoring systems and compare them to darknet. Moreover, in order to provide realistic measures and analysis of darknet information, we report case studies, namely, Conficker worm in 2008 and 2009, Sality SIP scan botnet in 2011 and the largest amplification attack in 2014. Finally, we provide a taxonomy in relation to darknet technologies and identify research gaps that are related to three main darknet categories: deployment, traffic analysis, and visualization. Darknet projects are found to monitor various cyber threat activities and are distributed in one third of the global Internet. We further identify that Honeyd is probably the most practical tool to implement darknet sensors, and future deployment of darknet will include mobile-based VOIP technology. In addition, as far as darknet analysis is considered, computer worms and scanning activities are found to be the most common threats that can be investigated throughout darknet; Code Red and Slammer/Sapphire are the most analyzed worms. Furthermore, our study uncovers various lacks in darknet research. For instance, less than 1% of the contributions tackled Distributed Reflection Denial of Service (DRDoS) amplification investigations and at most 2% of research works pinpointed spoofing activities. Last but not least, our survey identifies specific darknet areas, such as IPv6 darknet, event monitoring and game engine visualization methods that require a significantly greater amount of attention from the research community.
Keywords: Computer crime; IP networks; Internet; Monitoring; Sensors; Taxonomy; Botnet; Cyber; Cyber Attacks; Darknet; Distributed Denial of Service (DDoS); Distributed Reflection Denial of Service (DRDoS); Intelligence; Probing; Security; Threats; Worms (ID#: 16-10326)


R. Koch, M. Golling, L. Stiemert, and G. D. Rodosek, “Using Geolocation for the Strategic Preincident Preparation of an IT Forensics Analysis,” in IEEE Systems Journal, vol. PP, no. 99, pp. 1-12, 2015. doi:10.1109/JSYST.2015.2389518
Abstract: Attack traceability and attribution are two of the main tasks of IT forensics. To support this, IT forensics is not limited to investigate data after the attack has taken place. Already before the attack, an optimal environment for a subsequent investigation has to be created. While this is primarily focused on ordinary logging, we propose to set both degree and characteristics of logging, based on geolocation. Thus, for conspicuous locations, more knowledge is gathered and stored in advance (georeputation). Next to this, due to the fact that the distribution of IP addresses is not static, additional information is stored to, e.g., determine the Internet service provider, which was responsible for the IP at the time the crime was committed. This additional data also contains geoinformation that can be used later to reconstruct attack routes and to identify and analyze distributed attacks. For these purposes, however, the IP localization mechanisms, i.e., the underlying method for geolocation, must be very accurate. Therefore, next to highlighting, the benefits of including geobased information and providing our architecture in order to do so, this publication also investigates accuracy and reliability of geoinformation and provides its own geolocation architecture and a corresponding prototype, including an evaluation.
Keywords: Accuracy; Forensics; Geology; IP networks; Internet; Reliability; Security; Attribution; IT forensics; geolocation; georeputation; preincident preparation (ID#: 16-10327)


W. Zhang and Q. Yin, “Blind Carrier Frequency Offset Estimation for MIMO-OFDM with Constant Modulus Constellations via Rank Reduction Criterion,” in IEEE Transactions on Vehicular Technology, vol. PP, no. 99, pp. 1-1, 2015. doi:10.1109/TVT.2015.2481727
Abstract: In this paper, we propose a new blind carrier frequency offset (CFO) estimator for multi-input multi-output orthogonal frequency-division multiplexing (MIMO-OFDM) systems with constant modulus constellation. The proposed estimator exploits a rank reduction criterion and works in the general MIMO scenarios where no space-time block coding is assumed. As compared to several existing competitors, the proposed estimator does not suffer from performance error floor as signal-to-noise (SNR) increases, and thus it can behave better under the moderate and high SNR region. The Cramer- Rao bound of CFO estimation for MIMO-OFDM with constant modulus constellation is derived and the numeral results are provided to corroborate the proposed studies.
Keywords: Cost function; Estimation; Frequency division multiplexing; OFDM; Receiving antennas; Signal to noise ratio; Transmitting antennas; Carrier frequency offset (CFO); constant modulus constellations; multi-input multi-output (MIMO); orthogonal frequency division multiplexing (OFDM) (ID#: 16-10328)


T. Chanyour, R. Saadane, and M. Belkasmi, “Secure Sparse Network Coding for Reliable Routing in Large Scale DTMN,” RFID And Adaptive Wireless Sensor Networks (RAWSN), 2015 Third International Workshop on, Agadir, 2015, pp. 57-62. doi:10.1109/RAWSN.2015.7173280
Abstract: Security issue occupies an important part in all communication system and especially for new generation networks. Among these networks, we find Delay Tolerant Mobile Networks (DTMNs) which are a class of useful but challenging networks. Combining Network Coding (NC) and clustering for routing in such networks gives more efficiency and copes with routing reliability problem among large scale networks. Our work’s concern is to build a secure network coding scheme in the presence of eavesdroppers in large-scale DTMNs. Therefore, we used a cluster based routing protocol dedicated to DTMN specificities. In addition, we used Sparse Random Linear Network Coding (SRLNC) to feat low computational capabilities requirement in such networks. Furthermore, we addressed the packets retransmission decision problem for SRLNC with a fair trade-off throughput/overhead. The results are very encouraging and the proposed routing scheme has the advantage to be reliable as well as secure for large scale DTMN.
Keywords: delay tolerant networks; mobile communication; network coding; routing protocols; telecommunication network reliability; cluster based routing protocol; delay tolerant mobile networks; large scale DTMN; reliable routing; routing reliability problem; secure network coding scheme; secure sparse network coding; sparse random linear network coding; Decoding; Delays; Encoding; Logic gates; Network coding; Reliability; Routing; DTMN; clustering; large scale DTMN; routing; secure network coding; sparse random linear network coding (ID#: 16-10329)


Xuan Guang, Jiyong Lu, and Fang-Wei Fu, “Variable-Security-Level Secure Network Coding,” Information Theory Workshop – Fall (ITW), 2015 IEEE, Jeju, 2015, pp. 34-38. doi:10.1109/ITWF.2015.7360729
Abstract: In network coding theory, when wiretapping attacks occur, secure network coding is introduced to prevent information from being leaked to adversaries. In practical network communications, secure constraints vary with time. How to effectively deal with information transmission and information security simultaneously under different security-levels is introduced in this paper as variable-security-level secure network coding problem. In order to solve this problem efficiently, we propose the concept of local-kernel-preserving variable-security-level secure linear network codes, which have the same local encoding kernel at each internal node. We further present an approach to construct such a family of SLNCs and give an algorithm for efficient implementation. This approach saves the storage space at both source node and internal nodes, and resources and time on networks. Subsequently, an example is given to illustrate our constructive algorithm. Finally, the performance of the proposed algorithm is analyzed, including the field size, computational and storage complexities.
Keywords: cryptography; network coding; information security; information transmission; internal node; internal nodes; linear network codes; local kernel preserving variable security; network coding theory; secure constraints; source node; storage space; variable security level secure network coding; wiretapping attacks; Complexity theory; Conferences; Encoding; Information rates; Kernel; Network coding (ID#: 16-10330)


Xinran Li, Fang-Wei Fu, Xiufeng Zhao, and Guangxia Wang, “Two Improved Homomorphic MAC Schemes in Network Coding,” Fuzzy Systems and Knowledge Discovery (FSKD), 2015 12th International Conference on, Zhangjiajie, 2015, pp. 2214-2219. doi:10.1109/FSKD.2015.7382296
Abstract: Network coding provides the advantage of maximizing the usage of network resources, but the natural properties of network coding also make the pollution attack more threatening. Much work on resisting pollution attacks is through homomorphic MACs. But majority have same security parameter 1/q. In this paper, we present two ways to construct homomorphic MAC which improve the performance of previous schemes. The security parameters of our MACs are 1/ql1 and 1/ql2, respectively. Besides the higher security, our MAC schemes have lower computational complexity.
Keywords: access protocols; computational complexity; network coding; computational complexity; homomorphic MAC schemes; network resources; Computational complexity; Electronics packaging; Encoding; Games; Network coding; Pollution; Security; Homomorphic MACs; attack game; pollution attacks (ID#: 16-10331)


V. Forutan and R. F. H. Fischer, “Security-Enhanced Network Coding Through Public-Key Cryptography,” Communications and Network Security (CNS), 2015 IEEE Conference on, Florence, 2015, pp. 717-718. doi:10.1109/CNS.2015.7346901
Abstract: Information-theoretic security through linear network coding (LNC) is achievable only when a limited number of network links with linearly-independent global coding vectors are attacked, while security is not guaranteed otherwise. We incorporate LNC-based security and asymmetric-key cryptography to provide data protection in more realistic cases where the wiretapper attacks an arbitrary number of links. Therefore, LNC-based security protects network irrespective of the computing power of the adversary when the number of attacked links falls below a certain amount r, whereas computational security enters into the scene to protect data against computationally-bounded attackers capable of tapping any number of links.
Keywords: network coding; public key cryptography; telecommunication security; LNC-based security; asymmetric-key cryptography; computational security; information-theoretic security; linear network coding; linearly-independent global coding vector; public-key cryptography; security-enhanced network coding; wiretapper attack; Data protection; Encoding; Encryption; Network coding; Public key (ID#: 16-10332)


S. Pfennig, E. Franz, J. Richter, C. Scheunert, and E. A. Jorswieck, “Confidential Network Coding: Physical Layer vs. Network Layer,” Ubiquitous Wireless Broadband (ICUWB), 2015 IEEE International Conference on, Montreal, QC, 2015, pp. 1-5. doi:10.1109/ICUWB.2015.7324428
Abstract: In all kind of information exchange, security is essential. One protection goal that has to be enforced is confidentiality. In state-of-the-art protocols, messages are encrypted before they are transmitted to ensure their confidentiality. However, incorporating novel technologies like network coding allows for more efficient solutions. Within this article, we compare different solutions for confidential communication by means of network coding at physical layer and at network layer. We discuss security, efficiency, and computational complexity of these approaches. The results allow to draw conclusions about the choice of a suited communication scheme depending on the system model and the relevant parameters.
Keywords: computer network security; network coding; computational complexity; confidential communication; confidential network coding; network layer; physical layer; Computational modeling; Cryptography; Lattices; Network coding; Physical layer; Relays (ID#: 16-10333)


J. Rodriguez Parra, T. Chan, I. Land, and Siu-Wai Ho, “Authentication for Two-Way Relay Channel with Physical-Layer Network Coding,” Information Theory Workshop - Fall (ITW), 2015 IEEE, Jeju, 2015, pp. 49-53. doi:10.1109/ITWF.2015.7360732
Abstract: Physical Layer Network coding (PLNC) can significantly improve network performance, but some security issues arise due to the limited information available to the forwarders. This paper analyses authentication in networks with PLNC and show theoretical and practical security limits. In particular, we obtain a lower bound for the probability of an attacker being able to insert a false message such that the message is believed to come from a legitimate source. We prove that an information-theoretic bound similar to the one for point-to-point communication systems can be achieved in networks employing PLNC. Necessary and sufficient conditions to achieve the bound are identified. Finally, a simple but important modification of a previous scheme is proposed to achieve the obtained bound.
Keywords: network coding; probability; relay networks (telecommunication); telecommunication security; PLNC; legitimate source; physical layer network coding; point-to-point communication systems; probability; two way relay channel authentication; Authentication; Encoding; Network coding; Receivers; Relays; Uplink; Information security; Network Coding; Relay Networks (ID#: 16-10334)


Ta-Yuan Liu, Shih-Chun Lin, and Y. W. P. Hong, “Multicasting with Untrusted Relays: A Noncoherent Secure Network Coding Approach,” Information Forensics and Security (WIFS), 2015 IEEE International Workshop on, Rome, 2015, pp. 1-6. doi:10.1109/WIFS.2015.7368574
Abstract: We consider the problem of multicasting information from a source to a destination over a multihop network of intermediate relays. However, some of the relays are untrustworthy and may be subject to eavesdropping. The source wishes to enlist their help while keeping the message secret against the eavesdropper. By employing random linear network coding at the relays, the problem is modeled as a noncoherent wiretap channel and is examined in terms of its secrecy capacity. The input distribution is optimized using an efficient projection-based gradient decent algorithm. The untrusted relay recruitment problem is also examined based on the derived secrecy capacity. An interesting scenario is analyzed where each potentially insecure relay may be randomly eavesdropped with a certain probability. Our asymptotic analysis reveals that, with enough untrusted relays, there exists a threshold on the eavesdropping probability below which all untrusted relays should be recruited.
Keywords: linear codes; multicast communication; network coding; probability; random codes; relay networks (telecommunication); telecommunication security; asymptotic analysis; eavesdropper; eavesdropping probability; intermediate relays; multicasting information; multihop network; noncoherent wiretap channel; projection-based gradient decent algorithm; random linear network coding; secrecy capacity; untrusted relay recruitment problem; untrusted relays; Encoding; Multicast communication; Network coding; Recruitment; Relays; Spread spectrum communication; Yttrium (ID#: 16-10335)


Chia-Nan Kao et al., “A Retargetable Multiple String Matching Code Generation for Embedded Network Intrusion Detection Platforms,” Communication Software and Networks (ICCSN), 2015 IEEE International Conference on, Chengdu, 2015, pp. 93-99. doi:10.1109/ICCSN.2015.7296134
Abstract: The common means of defense for network security systems is to block the intrusions by matching the signatures. Intrusion-signature matching is the critical operation. However, small and medium-sized enterprise (SME) or Small Office Home Office (SOHO) network security systems may not have sufficient resources to maintain good matching performance with full-set rules. Code generation is a technique used to convert data structures or instruction to other forms to obtain greater benefits within execution environments. This study analyzes intrusion detection system (IDS) signatures and discovers character occurrence to be significantly uneven. Based on this property, this study designs a method to generate a string matching source code according to the state table of AC algorithm for embedded network intrusion detection platforms. The generated source code requires less memory and relies not only on table lookup, but also on the ability of processor. This method can upgrade the performance by compiling optimization and contribute to the application of network processors and DSP-like based platforms. From evaluation, this method requires use of only 20% memory and can achieve 86% performance in clean traffic compared to the original Aho-Corasick algorithm (AC).
Keywords: computer network security; digital signatures; program compilers; string matching; AC algorithm; DSP-like based platforms; character occurrence discovery; data structures; embedded network intrusion detection platforms; intrusion detection system signatures; intrusion-signature matching; network security systems; optimization compilation; processor ability; retargetable multiple string matching code generation; table lookup; Arrays; Intrusion detection; Memory management; Optimization; Switches; Table lookup; Thyristors; Code Generation; Intrusion Detection System; String Matching (ID#: 16-10336)


M. B. Nirmala and A. S. Manjunath, “Mobile Agent Based Secure Code Update in Wireless Sensor Networks,” Information Networking (ICOIN), 2015 International Conference on, Cambodia, 2015, pp. 75-80. doi:10.1109/ICOIN.2015.7057860
Abstract: Most of the sensor nodes are battery powered and energy utilization is one of the important criteria. At the same time Securing code update is very much essential for military, health care and environmental applications. But to send the code updates in a distributed, multihop sensor networks, most of the energy will be consumed in forwarding the packets to next hop sensor nodes. In order to avoid this and save energy consumption at sensor nodes, a small number of mobile agents are used to distribute the code. Mobile agents traverse along the desired path to disseminate the code. Sensor nodes have to authenticate the mobile agent and at the same time they have to check the integrity of the packets. Mobile agents are more vulnerable for adversaries, hence measures are taken to detect the attacks and rectify them. Secure code update using mobile agents provides confidentiality and immediate authentication. This protocol is implemented on Tiny OS platform, tested using Tossim simulator and evaluated the Performance.
Keywords: mobile agents; telecommunication computing; telecommunication security; wireless sensor networks; Tiny OS platform; Tossim simulator; mobile agent based secure code update; multihop sensor networks; wireless sensor networks; Authentication; Base stations; Cryptography; Energy consumption; Mobile agents; Protocols; Wireless sensor networks; Code update; Mobile Agent; Security; TinyOS; Wireless Sensor Networks (ID#: 16-10337)


S. Rahman Sabuj, M. Hamamura, and S. Kuwamura, “Detection of Intelligent Malicious User in Cognitive Radio Network by Using Friend or Foe (FoF) Detection Technique,” Telecommunication Networks and Applications Conference (ITNAC), 2015 International, Sydney, NSW, 2015, pp. 155-160. doi:10.1109/ATNAC.2015.7366805
Abstract: In a cognitive radio network, dynamic spectrum must be shared with an unlicensed user because of the limited bandwidth of the wireless spectrum. As a regulation of cognitive radio networks, a secondary user is allowed to utilize the unoccupied spectrum when it is not being used by the primary user. However, an intelligent malicious user can attack a cognitive radio network and block the permitted channel for the secondary user. The invasion of an intelligent malicious user is a serious problem in the deployment of such networks. In this paper, we introduce a novel scheme based on friend or foe (FoF) detection with physical-layer network coding to detect a secondary user and an intelligent malicious user. The entire cognitive radio network is protected while the secondary user and intelligent malicious user are accurately detected. The effectiveness of the proposed approach is analyzed theoretically and by MATLAB simulation. It is shown that with the FoF detection technique and the proposed algorithm, the base station can detect the secondary user and intelligent malicious user with high accuracy. Computer simulations show that the probability of detection is almost 100% and that the probability of the false alarm is almost 0% for a low Eb/N0. Consequently, the proposed technique can be applied to a cognitive radio network to protect the entire network and ensure appropriate channel utilization by the secondary user.
Keywords: cognitive radio; network coding; telecommunication security; FoF detection; Matlab simulation; cognitive radio network; detection probability; false alarm probability; friend or foe detection; intelligent malicious user detection; physical layer network coding; secondary user; Base stations; Binary phase shift keying; Cognitive radio; Electronic mail; Network coding; Cognitive radio network; Cross-correlation; Friend or foe detection; Physical-layer network coding (ID#: 16-10338)


A. Esfahani, G. Mantas, V. Monteiro, K. Ramantasy, E. Datsikay, and J. Rodriguez, “Analysis of a Homomorphic MAC-Based Scheme Against Tag Pollution in RLNC-Enabled Wireless Networks,” Computer Aided Modelling and Design of Communication Links and Networks (CAMAD), 2015 IEEE 20th International Workshop on, Guildford, 2015, pp. 156-160. doi:10.1109/CAMAD.2015.7390500
Abstract: Network Coding-enabled wireless networks are vulnerable to data pollution attacks where adversary nodes inject into the network polluted (i.e. corrupted) packets that prevent the destination nodes from decoding correctly. Even a small proportion of pollution can quickly propagate into other packets via re-coding, occurred at the intermediate nodes, and lead to resource waste. Therefore, during the past few years, several solutions have been proposed to provide resistance against data pollution attacks. One of the most well-known solutions is Homomorphic Message Authentication Code (HMAC). However, HMAC is susceptible to a new type of pollution attacks, called tag pollution attacks, in which a malicious node randomly modifies MAC tags appended at the end of the transmitted packets. To address this issue, we have recently proposed an HMAC-based scheme making use of two types of MAC tags to provide resistance against both data pollution attacks and tag pollution attacks. In this paper, we steer our focus on improving the resistance of our proposed scheme against tag pollution attacks by decreasing the number of MACs. Finally, we analyze the impact of the total number of MACs on the bandwidth overhead of the proposed scheme.
Keywords: decoding; linear codes; message authentication; network coding; radio networks; random codes; telecommunication security; RLNC-enabled wireless network; data pollution attack; decoding; homomorphic MAC-based scheme; homomorphic message authentication code; network coding-enabled wireless network; random linear network coding; tag pollution attack; Bandwidth; Computational modeling; Computers; Conferences; Pollution; Resistance; Wireless networks; Network coding; data pollution attack; homomorphic message authentication code; tag pollution attack (ID#: 16-10339)


K. Matsumoto, O. Takyu, T. Fujii, T. Ohtsuki, F. Sasamori, and S. Handa, “Evaluation of Information Leak by Robustness Evaluation of Countermeasure to Disguised CSI in PLNC Considering Physical Layer Security,” Radio and Wireless Symposium (RWS), 2015 IEEE, San Diego, CA, 2015, pp. 123-125. doi:10.1109/RWS.2015.7129751
Abstract: In Physical Layer Network Coding (PLNC), the two information sources access to the relay station, simultaneously and thus the transmitted signals are combined, together. Since the relay station hardly decodes each information single, the security for avoiding the information leak to the relay station is maintained. Therefore, the PLNC is attracting much attention in terms of physical layer security (PLS). However, the information source needs the transmit power control based on the channel state information (CSI). If the relay station is untrusted, it camouflages the real CSI for stealing the information. This paper considers the camouflaging of CSI is modeled as the liner programming problem in the subject to the statistic of CSI following the model of propagation. We clarify the maximal capacity of tapping by the relay station.
Keywords: network coding; power control; radiowave propagation; relay networks (telecommunication); telecommunication control; telecommunication security; CSI camouflaging; PLNC; PLS; channel state information; information leak evaluation; information source; physical layer network coding; physical layer security; propagation model; relay station; robustness evaluation; tapping maximal capacity; transmit power control; transmitted signals; Interference; Physical layer; Probability density function; Quantization (signal); Relays; Security; Transfer functions; Physical Layer Network Coding (PLNC); Physical Layer Security (PLS) (ID#: 16-10340)


M. Alajeely, A. Ahmad, and R. Doss, “Malicious Node Traceback in Opportunistic Networks Using Merkle Trees,” 2015 IEEE International Conference on Data Science and Data Intensive Systems, Sydney, NSW, 2015, pp. 147-152. doi:10.1109/DSDIS.2015.86
Abstract: Security is a major challenge in Opportunistic Networks because of its characteristics, such as open medium, dynamic topology, no centralized management and absent clear lines of defense. A packet dropping attack is one of the major security threats in OppNets since neither source nodes nor destination nodes have the knowledge of where or when the packet will be dropped. In this paper, we present a malicious nodes detection mechanism against a special type of packet dropping attack where the malicious node drops one or more packets and then injects new fake packets instead. Our novel detection and traceback mechanism is very powerful and has very high accuracy. Each node can detect and then traceback the malicious nodes based on a solid and powerful idea that is, Merkle tree hashing technique. In our defense techniques we have two stages. The first stage is to detect the attack, and the second stage is to find the malicious nodes. We have compared our approach with the acknowledgement based mechanisms and the networks coding based mechanism which are well known approaches in the literature. Simulation results show this robust mechanism achieves a very high accuracy and detection rate.
Keywords: computer network security; cryptography; Merkle tree hashing technique; acknowledgement based mechanisms; destination nodes; malicious node traceback; malicious nodes detection mechanism; networks coding based mechanism; opportunistic networks; packet dropping attack; source nodes; Australia; Electronic mail; Information technology; Network coding; Routing; Security; Wireless communication; Denial-of-Service; Malicious Node Detection; OppNets; Opportunistic Networks; Packet Dropping Attacks; Security (ID#: 16-10341)


M. M. Mojahedian, A. Gohari, and M. R. Aref, “Perfectly Secure Index Coding,” Information Theory (ISIT), 2015 IEEE International Symposium on, Hong Kong, 2015, pp. 1432-1436. doi:10.1109/ISIT.2015.7282692
Abstract: In this paper, we investigate the index coding problem in the presence of an eavesdropper. Messages are to be sent from one transmitter to a number of legitimate receivers who have side information about the messages, and share a set of secret keys with the transmitter. We assume perfect secrecy, meaning that the eavesdropper should not be able to retrieve any information about the message set. This problem is a generalization of the Shannon’s cipher system. We study the minimum key lengths for zero-error and perfectly secure index coding problems.
Keywords: encoding; private key cryptography; radio receivers; radio transmitters; Shannon cipher system; legitimate receivers; perfectly secure index coding; radio transmitter; secret keys; side information; Channel coding; Indexes; Network coding; Receivers; Transmitters; Index coding; Shannon cipher system; common and private keys; perfect secrecy; zero-error communication (ID#: 16-10342)


K. Jayasinghe, P. Jayasinghe, N. Rajatheva, and M. Latva-aho, “Physical Layer Security for Relay Assisted MIMO D2D Communication,” Communication Workshop (ICCW), 2015 IEEE International Conference on, London, 2015, pp. 651-656. doi:10.1109/ICCW.2015.7247255
Abstract: This paper presents a secure beamforming design to prevent eavesdropping on multiple-input multiple-output (MIMO) device-to-device (D2D) communication. The devices communicate via a trusted relay which performs physical layer network coding (PNC), and multiple eavesdroppers are trying to intercept the device information. The beamforming design is based on minimizing mean square error of the D2D communication while employing signal-to-interference-plus-noise ratio (SINR) threshold constraints to prevent possible eavesdropping. The channel state information of the device-to-eavesdropper and relay-to-eavesdropper channels is imperfect at the devices and relay. The channel estimation errors are assumed with Gaussian Markov uncertainty model. Consequently, robust optimization problems are formulated considering the multiple access and broadcasting stages of the D2D communication. These problems are non-convex, and two algorithms are proposed to solve them. In the numerical analysis, we discuss the convergence of the proposed algorithms, impact of the number of eavesdroppers on the performance, and the SINR distributions at eavesdroppers.
Keywords: Gaussian processes; MIMO communication; Markov processes; array signal processing; broadcast communication; concave programming; convergence of numerical methods; mean square error methods; network coding; relay networks (telecommunication); telecommunication security; wireless channels; Gaussian Markov uncertainty model; SINR; broadcasting stage; channel state information; device information interception; device-to-eavesdropper channels; eavesdropping prevention; mean square error minimization; multiple access stage; multiple-input multiple-output device-to-device communication; nonconvex problem; numerical analysis; physical layer network coding; physical layer security; relay assisted MIMO D2D communication; relay-to-eavesdropper channels; robust optimization problems; secure beamforming design; signal-to-interference-plus-noise ratio threshold constraints; Algorithm design and analysis; Array signal processing; Interference; Optimization; Physical layer; Relays; Signal to noise ratio (ID#: 16-10343)


S. J. Ahmad and P. R. Krishna, “Security on MANETs Using Block Coding,” Advances in Computing, Communications and Informatics (ICACCI), 2015 International Conference on, Kochi, 2015, pp. 2054-2060. doi:10.1109/ICACCI.2015.7275919
Abstract: Security is a challenging task in Mobile Adhoc Networks (MANETs) due to its dynamic network topology. Since MANETs do not have any centralized coordination, the distribution of keys between two nodes becomes an issue. In this paper, we provide security on MANETs without using key distribution schemes between the nodes. Our approach uses linear block coding to generate the security code vector at source node that facilitates efficient matching of code words for identifying the malicious nodes in the network. When a source node is ready for data transmission, a security code vector is appended to the packet header. Then, the complete message block, consisting of both data bits and security block, is forwarded to the next node. The data is transmitted to the next node only if code vector bits of current node and source node matches. For this purpose, a separate block called security block is reserved in the packet header. Our approach based on linear block coding also saves the energy, because of less computational analysis when compared with the existing approaches. We validate our approach through simulations.
Keywords: block codes; linear codes; mobile ad hoc networks; telecommunication network topology; telecommunication security; MANET; data transmission; key distribution schemes; linear block coding; message block; mobile ad hoc networks; network topology; packet header; security block; security code vector; Ad hoc networks; Block codes; Mobile computing; Routing protocols; Security; Transmitters; Authentication; MANET; Security code vector; dynamic topology; malicious node (ID#: 16-10344)


D. Ravilla and C. S. R. Putta, “Implementation of HMAC-SHA256 Algorithm for Hybrid Routing Protocols in MANETs,” Electronic Design, Computer Networks & Automated Verification (EDCAV), 2015 International Conference on, Shillong, 2015, pp. 154-159. doi:10.1109/EDCAV.2015.7060558
Abstract: The purpose of a hash function is to produce a “fingerprint” of a message or data for authentication. The strength of the Hash code against brute-force attacks depends on the length of the hash code produced by the algorithm. Constructing the Message Authentication Codes (MAC) from Cryptographic hash functions (SHA-256) gives faster execution in software than symmetric block ciphers like Data Encryption Standard (DES) and also the library code for cryptographic hash functions are widely available. Here we implemented the HMAC-SHA 256 Algorithm for the message authentication and Data Integrity. This algorithm is introduced in hybrid routing protocol for Mobile network environment and the performance of the protocol is analyzed by calculating throughput, packet delivery ration and end-to-end delays of the network The simulation is carried out using Network Simulator 2 (NS2). We observed that there is an improvement in throughput and packet delivery ratio at the cost of more processing time.
Keywords: cryptography; data integrity; message authentication; mobile ad hoc networks; routing protocols; telecommunication security; DES; HMAC-SHA256 algorithm; MAC; MANET; brute-force attacks; cryptographic hash functions; data encryption standard; data integrity; hash code length; hybrid routing protocols; message authentication codes; mobile ad hoc networks; mobile network environment; network end-to-end delays; network simulator 2; packet delivery ration; throughput calculation; Ad hoc networks; Authentication; Cryptography; Delays; Message authentication; Protocols; Cryptographic Hash function; Data Encryption Standard (DES); Data Integrity; Message Authentication Code (MAC); Network Simulator; Packet Delivery ratio (ID#: 16-10345)


R. Grewal and K. S. Saini, “A Defense Mechanism Against Clone Wars in Hierarchical Based Wireless Sensor Networks,” Next Generation Computing Technologies (NGCT), 2015 1st International Conference on, Dehradun, 2015, pp. 166-170. doi:10.1109/NGCT.2015.7375105
Abstract: Wireless sensor networks are susceptible to clone attack due to open deployment of sensor nodes in hostile environment and lack of physical shielding. Node clone is an attempt where an adversary physically compromises a node, extract all the credentials such as keys, identity and stored codes, make hardware replicas with the captured information and introduce them at specified positions in the network. If no detection mechanism is employed then the network is vulnerable to many insidious attacks such as signal jamming, insert false information, cluster reformation and network monitoring that challenge the sensor applications. In this work we propose a mechanism based on the use of node ID and location information to detect replicated nodes by the base station in hierarchical based networks. The scheme is based on the centralized approach. The security analysis of the protocol is also presented that detects the attack in different cases.
Keywords: protocols; telecommunication security; wireless sensor networks; base station; clone attack; clone wars; cluster reformation; defense mechanism; detect replicated nodes; detection mechanism; hardware replicas; hostile environment; insert false information; insidious attacks; network monitoring; physical shielding; protocol; sensor nodes; signal jamming; wireless sensor networks; Base stations; Cloning; Cryptography; Protocols; Routing; Wireless sensor networks; WSNs; hierarchical; node clone; replication (ID#: 16-10346)


Z. H. Awan and A. Sezgin, “Fundamental Limits of Caching in D2D Networks with Secure Delivery,” Communication Workshop (ICCW), 2015 IEEE International Conference on, London, 2015, pp. 464-469. doi:10.1109/ICCW.2015.7247223
Abstract: We study the problem of secure transmission over a caching D2D network. In this model, end users can prefetch a part of popular contents in their local cache. Users make arbitrary requests from the library of available files and interact with each other to deliver requested contents from the local cache to jointly satisfy their demands. The transmission between the users is wiretapped by an external eavesdropper from whom the communication needs to be kept secret. For this model, by exploiting the flexibility offered by the local cache storage, we establish a coding scheme that not only conforms to the demands of all users but also delivers the contents securely. In comparison to the insecure caching schemes, the coding scheme that we develop in this work illustrates that for large number of files and users, the loss incurred due to the imposed secrecy constraints is insignificant. We illustrate our result with the help of some examples.
Keywords: cache storage; computer networks; encoding; telecommunication security; arbitrary request; cache storage; caching D2D network; coding scheme; delivery security; device-to-device network; eavesdropper; wiretapping; Cache memory; Communication system security; Conferences; Encoding; Security; Servers; Upper bound (ID#: 16-10347)


A. Yedilkhan, A. Saule, K. Aliya, Z. Saule, and K. Ainur, “Using The EZ-Cryptosystem for Data Transmission in Virtual Private Networks (VPN),” 2015 Twelve International Conference on Electronics Computer and Computation (ICECCO), Almaty, Kazakhstan, 2015, pp. 1-6. doi:10.1109/ICECCO.2015.7416910
Abstract: The aim of the article is to research the process of information security in transmission between virtual subnets which are realized on data encryption algorithms of EZ-cryptosystem and secret key that protects the information from interception. In fact, the data to be intersegmental transfer coded output from one network, and decoded at the other input network, wherein the data encryption algorithm allows secure distribution between their endpoints. All data manipulations are transparent to the user working on the network.
Keywords: Ciphers; Encryption; Finite element analysis; Local area networks; Servers; Virtual private networks; EZ-cryptosystem; VPN; decryption; encryption (ID#: 16-10348)


Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.