IEEE 2017-2018 Networking Projects in DotNet
Abstract:Mobile ad hoc network (MANET) is a collection of wireless mobile nodes that dynamically form a temporary network without the reliance of any infrastructure or central administration. Energy consumption is considered as one of the major limitations in MANET, as the mobile nodes do not possess permanent power supply and have to rely on batteries, thus reducing network lifetime as batteries get exhausted very quickly as nodes move and change their positions rapidly across MANET. This paper highlights the energy consumption in MANET by applying the fitness function technique to optimize the energy consumption in ad hoc on demand multipath distance vector (AOMDV) routing protocol. The proposed protocol is called AOMDV with the fitness function (FF-AOMDV). The fitness function is used to find the optimal path from source node to destination node to reduce the energy consumption in multipath routing. The performance of the proposed FF-AOMDV protocol has been evaluated by using network simulator version 2, where the performance was compared with AOMDV and ad hoc on demand multipath routing with life maximization (AOMR-LM) protocols, the two most popular protocols proposed in this area. The comparison was evaluated based on energy consumption, throughput, packet delivery ratio, end-to-end delay, network lifetime and routing overhead ratio performance metrics, varying the node speed, packet size, and simulation time. The results clearly demonstrate that the proposed FF-AOMDV outperformed AOMDV and AOMR-LM under majority of the network performance metrics and parameters.
Abstract:Secure search techniques over encrypted cloud data allow an authorized user to query data files of interest by submitting encrypted query keywords to the cloud server in a privacy-preserving manner. However, in practice, the returned query results may be incorrect or incomplete in the dishonest cloud environment. For example, the cloud server may intentionally omit some qualified results to save computational resources and communication overhead. Thus, a well-functioning secure query system should provide a query results verification mechanism that allows the data user to verify results. In this paper, we design a secure, easily integrated, and fine-grained query results verification mechanism, by which, given an encrypted query results set, the query user not only can verify the correctness of each data file in the set but also can further check how many or which qualified data files are not returned if the set is incomplete before decryption. The verification scheme is loose-coupling to concrete secure search techniques and can be very easily integrated into any secure query scheme. We achieve the goal by constructing secure verification object for encrypted cloud data. Furthermore, a short signature technique with extremely small storage cost is proposed to guarantee the authenticity of verification object and a verification object request technique is presented to allow the query user to securely obtain the desired verification object. Performance evaluation shows that the proposed schemes are practical and efficient.
Abstract:Mobile sensor networks are a great source of data. By collecting data with mobile sensor nodes from individuals in a user community, e.g. using their smartphones, we can learn global information such as traffic congestion patterns in the city, location of key community facilities, and locations of gathering places. Can we publish and run queries on mobile sensor network databases without disclosing information about individual nodes? Differential privacy is a strong notion of privacy which guarantees that very little will be learned about individual records in the database, no matter what the attackers already know or wish to learn. Still, there is no practical system applying differential privacy algorithms for clustering points on real databases. This paper describes the construction of small coresets for computing k-means clustering of a set of points while preserving differential privacy. As a result, we give the first k-means clustering algorithm that is both differentially private, and has an approximation error that depends sub-linearly on the data’s dimension d. Previous results introduced errors that are exponential in d. We implemented this algorithm and used it to create differentially private location data from GPS tracks. Specifically our algorithm allows clustering GPS databases generated from mobile nodes, while letting the user control the introduced noise due to privacy. We provide experimental results for the system and algorithms, and compare them to existing techniques. To the best of our knowledge, this is the first practical system that enables differentially private clustering on real data.
Abstract:Wireless sensor networks (WSNs) will be integrated into the future Internet as one of the components of the Internet of Things, and will become globally addressable by any entity connected to the Internet. Despite the great potential of this integration, it also brings new threats, such as the exposure of sensor nodes to attacks originating from the Internet. In this context, lightweight authentication and key agreement protocols must be in place to enable end-to-end secure communication. Recently, Amin et al. proposed a three-factor mutual authentication protocol for WSNs. However, we identified several flaws in their protocol. We found that their protocol suffers from smart card loss attack where the user identity and password can be guessed using offline brute force techniques. Moreover, the protocol suffers from known session-specific temporary information attack, which leads to the disclosure of session keys in other sessions. Furthermore, the protocol is vulnerable to tracking attack and fails to fulfill user untraceability. To address these deficiencies, we present a lightweight and secure user authentication protocol based on the Rabin cryptosystem, which has the characteristic of computational asymmetry. We conduct a formal verification of our proposed protocol using ProVerif in order to demonstrate that our scheme fulfills the required security properties. We also present a comprehensive heuristic security analysis to show that our protocol is secure against all the possible attacks and provides the desired security features. The results we obtained show that our new protocol is a secure and lightweight solution for authentication and key agreement for Internet-integrated WSNs.
Abstract:The user requirements in the future wireless networks are heterogeneous. The resource allocation and user association are crucial factors to meet user requirements and save energy. In this paper, the optimization of resource allocation and user association problem in both low data and high data requirement scenario is studied. In the low data requirement scenario, a network energy consumption minimization problem which considering the signal-to-interference-plus-noise ratio coverage constraints and jointly determines the optimal density of micro base stations (mBSs) and the optimal association bias is formulated. The closed-form solution of the optimal mBSs density and association bias is derived, O(λu-(α/2)) u respectively. Optimal association bias grows like O(λ ) as a function of user density λu (α is path loss factor) and the optimal density of mBSs is a linearly monotone increasing function of the user density. In the high data requirement scenario, a rate coverage maximization problem by adjusting the bandwidth allocation and user association are investigated. The relationship between bandwidth allocation and user association bias is obtained and a dynamic gradient iterative algorithm is used to solve the maximization problem. Simulation results verify the relevant derivations and demonstrate the user density and requirement have an important influence on the optimal resource allocation and optimal association bias.
Abstract:In this paper, we propose privacy-preserving fine-grained data retrieval schemes for mobile social networks (MSNs). The schemes enable users to retrieve data from other users who are interested in some topics related to a subject of interest. We define a subject to be a broad term that can cover many fine-grained topics, e.g., History can be a subject and World War I can be a topic. We consider centralized and decentralized network models. Our centralized scheme allows users to securely outsource data to a server such that the server matches the users who are interested in same topic(s) and have defined social attributes with privacy preservation. Searchable encryption scheme and a proposed cryptography construct are used to enable the server to match the topics and attributes without knowing any private information. By using the social attributes, users can prescribe the other users who can be connected to. We also propose a decentralized scheme that can be used when there is no connection to the server, i.e, shortage of Internet connectivity. The scheme leverages friends-of-friends relationship and transferable trust concept, where each user trusts his friends and the friends of friends. If a friend is not interested in the requested subject, he/she can link him/her to his/her friends without knowing the requested subject to preserve privacy. Our schemes use Bloom filters to store the topics of interest to reduce the storage and communication overhead. This is important because the number of fine-grained topics can be large. Different techniques to store the topics in the filter are proposed and investigated. Performance metrics are proposed and evaluated using real implementations. Our analysis and implementation results demonstrate that our schemes can preserve the privacy of the MSN users with high performance.
Abstract:In this paper, we introduce a new cryptographic primitive, called autonomous path proxy re-encryption (APPRE), which is motivated by several application scenarios where the delegator would like to control the whole delegation path in a multi-hop delegation process. Compared with the traditional proxy re-encryption, AP-PRE provides much better fine-grained access control to delegation path. Briefly speaking, in an APPRE scheme, the delegator designates a path of his preferred delegatees. The path consists of several delegatees with the privilege from high to low. If the delegatee in the path cannot complete the decryption, the decryption right is automatically delegated to the next one in the path. In this way, the delegator can ensure that the delegation has always been done among those delegatees the delegator trusts. Moreover, an AP-PRE scheme has to obey the following path rules. The delegation, for ciphertexts of a delegator i, can only be carried out on the autonomous path Pai designated by the delegator i, in the sense that (1) re-encrypted ciphertexts along the autonomous path Pai cannot branch off Pai with meaningful decryption, and (2) original ciphertexts generated under pkj for j ̸= i (i.e., for a path Paj different from Pai) cannot be inserted into (i.e., cannot be transformed along) the autonomous path Pai with meaningful decryption. We give the formal definition, as well as the formal security model, for this cryptographic primitive. Under this concept, we construct an IND-CPA secure AP-PRE scheme under the decisional bilinear Diffie-Hellman (DBDH) assumption in the random oracle model. Our scheme is with the useful properties of proxy re-encryption, i.e., unidirectionality and multi-hop.
Abstract:MANET (Mobile Ad-hoc NETworks) is useful in many practical scenarios since it provides multi-hop communication without wired infrastructure. However, there is a problem that the communication performance of a flow may be easily degraded by even a single local congestion on the whole path. A solution for the problem is to use a detour path that avoids the local congestion. However, to this end, the detour paths should not use the nodes in the congested area, which is in fact relatively large due to the nature of radio waves. In the current state of the art, we do not have such alternative-path computation algorithms. In this paper, we propose an algorithm and a routing scheme to compute and utilize detour paths adaptively according to the network traffic conditions. Through evaluation, we show that the proposed scheme improve the communication performance by using the detour paths in practical network scenarios.
Abstract:Behavior-based analysis of dynamically executed binaries has become a widely used technique for the identification of suspected malware. Most solutions rely on function call patterns to determine whether a sample is exhibiting malicious behavior. These system and API calls are usually regarded individually and do not consider contextual information or process inter-dependencies. In addition, the patterns are often fixed in nature and do not adapt to changing circumstances on the system environment level. To address these shortcomings, this paper proposes a sentiment extraction and scoring system capable of learning the maliciousness inherent to n-grams of kernel events captured by a real-time monitoring agent. The approach is based on calculating the log likelihood ratio (LLR) of all identified n-grams, effectively determining neighboring sequences as well as assessing whether certain event combinations incline towards the benign or malicious. The extraction component automatically compiles a WordNet-like sentiment dictionary of events, which is subsequently used to score unknown traces of either individual processes, or a session in its entirety. The system was evaluated using a large set of real-world event traces collected on live corporate workstations as well as raw API call traces created in a dedicated malware analysis environment. While applicable to both scenarios, the introduced solution performed best for our abstracted kernel events, generating both new insight into malware- system interaction and assisting with the scoring of hitherto unknown application behavior.
Abstract:Online data sharing for increased productivity and efficiency is one of the primary requirements today for any organization. The advent of cloud computing has pushed the limits of sharing across geographical boundaries, and has enabled a multitude of users to contribute and collaborate on shared data. However, protecting online data is critical to the success of the cloud, which leads to the requirement of efficient and secure cryptographic schemes for the same. Data owners would ideally want to store their data/files online in an encrypted manner, and delegate decryption rights for some of these to users, while retaining the power to revoke access at any point of time. An efficient solution in this regard would be one that allows users to decrypt multiple classes of data using a single key of constant size that can be efficiently broadcast to multiple users. Chu et al. proposed a key aggregate cryptosystem (KAC) in 2014 to address this problem, albeit without formal proofs of security. In this paper, we propose CPA and CCA secure KAC constructions that are efficiently implementable using elliptic curves and are suitable for implementation on cloud based data sharing environments. We lay special focus on how the standalone KAC scheme can be efficiently combined with broadcast encryption to cater to m data users and m' data owners while reducing the reducing the secure channel requirement from O(mm') in the standalone case to O(m + m').
Abstract:This paper considers secure energy-efficient routing in the presence of multiple passive eavesdroppers. Previous work in this area has considered secure routing assuming probabilistic or exact knowledge of the location and channel-state-information (CSI) of each eavesdropper. In wireless networks, however, the locations and CSIs of passive eavesdroppers are not known, making it challenging to guarantee secrecy for any routing algorithm. We develop an efficient (in terms of energy consumption and computational complexity) routing algorithm that does not rely on any information about the locations and CSIs of the eavesdroppers. Our algorithm guarantees secrecy even in disadvantaged wireless environments, where multiple eavesdroppers try to eavesdrop each message, are equipped with directional antennas, or can get arbitrarily close to the transmitter. The key is to employ additive random jamming to exploit inherent non-idealities of the eavesdropper's receiver, which makes the eavesdroppers incapable of recording the messages. We have simulated our proposed algorithm and compared it with the existing secrecy routing algorithms in both single-hop and multi-hop networks. Our results indicate that when the uncertainty in the locations of eavesdroppers is high and/or in disadvantaged wireless environments, our algorithm outperforms existing algorithms in terms of energy consumption and secrecy.
Abstract:One of the fundamental tasks for spatial index trees constructed in wireless sensor networks is to determine the sensors, which can participate in the region query accurately and quickly. Most of the existing works focus on constructing the spatial index trees for single attribute sensors having the same sensing capability. The key principle underlying the design of these works is the exploitation of parent-child node relation in the network structure, such as the routing tree in which message broadcasting for the parent node selection will consume more energy. However, due to the existence of multi-attribute sensors having different sensing capabilities in skewness distribution, it is more practical to obtain an energy-efficient spatial index tree to query the multi-attribute sensors in a realistic skewness distribution. Specifically, in this paper, we propose a novel energy-efficient heuristic density-based clustering model to build such a multi-attribute spatial index tree. In addition, multiregion attribute aggregation queries are carried out in our proposed index tree, which mainly focus on the recombination of query regions and query attributes. Finally, through an extensive performance evaluation study, we show that the proposed algorithms outperform the existing state-of-the-art approaches significantly in terms of energy consumption, query time, and network lifetime.
Abstract:The shortest path problems (SPPs) with learning effects (SPLEs) have many potential and interesting applications. However, at the same time they are very complex and have not been studied much in the literature. In this paper, we show that learning effects make SPLEs completely different from SPPs. An adapted A* (AA*) is proposed for the SPLE problem under study. Though global optimality implies local optimality in SPPs, it is not the case for SPLEs. As all subpaths of potential shortest solution paths need to be stored during the search process, a search graph is adopted by AA* rather than a search tree used by A*. Admissibility of AA* is proven. Monotonicity and consistency of the heuristic functions of AA* are redefined and the corresponding properties are analyzed. Consistency/monotonicity relationships between the heuristic functions of AA* and those of A* are explored. Their impacts on efficiency of searching procedures are theoretically analyzed and experimentally evaluated.
Abstract:Attribute-based encryption (ABE) has opened up a popular research topic in cryptography over the past few years. It can be used in various circumstances, as it provides a flexible way to conduct fine-grained data access control. Despite its great advantages in data access control, current ABE based access control system cannot satisfy the requirement well when the system judges the access behavior according to attribute comparison, such as “greater than x” or “less than x”, which are called comparable attributes in this paper. In this paper, based on a set of well-designed sub-attributes representing each comparable attribute, we construct a comparable attribute-based encryption scheme (CABE for short) to address the aforementioned problem. The novelty lies in that we provide a more efficient construction based on the generation and management of the sub-attributes with the notion of 0-encoding and 1-encoding. Extensive analysis shows that: Compared with the existing schemes, our scheme drastically decreases the storage, communication and computation overheads, and thus is more efficient in dealing with the applications with comparable attributes.