Xiaohan Zhao,Xiaoxiao Song,Xiao Wang,Yang Chen,Beixing Deng,Xing Li

DOI: https://doi.org/10.1109/CSA.2008.64

2008-01-01

Abstract:In recent years, network coordinate systems which map nodes into a geometrical space can effectively support overlay applications relying on topology-awareness. However, these systems base on an ideal assumption that the nodes in them are honest to cooperate with each other. Although there have been some studies about attacks on network coordinate systems, the effect of attacks on PIC---one of the representative systems---has not been studied. Moreover, since PIC itself has proposed a security policy, how well it can protect PIC from attacks is another significant problem to be researched. We apply four typical attacks on PIC with security and without security. Our extensive experiments show that PIC is vulnerable by attacks and when the percentage of malicious nodes is more than 40%, PIC with security performs barely better than without security.

Meng-zhou Gao,Dong-qin Feng

DOI: https://doi.org/10.1631/fitee.1700334

IF: 2.526

2018-01-01

Frontiers of Information Technology & Electronic Engineering

Abstract:Security issues in networked control systems (NCSs) have received increasing attention in recent years. However, security protection often requires extra energy consumption, computational overhead, and time delays, which could adversely affect the real-time and energy-limited system. In this paper, random cryptographic protection is implemented. It is less expensive with respect to computational overhead, time, and energy consumption, compared with persistent cryptographic protection. Under the consideration of weak attackers who have little system knowledge, ungenerous attacking capability and the desire for stealthiness and random zero-measurement attacks are introduced as the malicious modification of measurements into zero signals. NCS is modeled as a stochastic system with two correlated Bernoulli distributed stochastic variables for implementation of random cryptographic protection and occurrence of random zero-measurement attacks; the stochastic stability can be analyzed using a linear matrix inequality (LMI) approach. The proposed stochastic stability analysis can help determine the proper probability of running random cryptographic protection against random zero-measurement attacks with a certain probability. Finally, a simulation example is presented based on a vertical take-off and landing (VTOL) system. The results show the effectiveness, robustness, and application of the proposed method, and are helpful in choosing the proper protection mechanism taking into account the time delay and in determining the system sampling period to increase the resistance against such attacks.

Yanfei Fan,Yixin Jiang,Haojin Zhu,Jiming Chen,Xuemin (Sherman) Shen

DOI: https://doi.org/10.1109/twc.2011.122010.100087

IF: 10.4

2010-01-01

IEEE Transactions on Wireless Communications

Abstract:Privacy threat is one of the critical issues in multi-hop wireless networks, where attacks such as traffic analysis and flow tracing can be easily launched by a malicious adversary due to the open wireless medium. Network coding has the potential to thwart these attacks since the coding/mixing operation is encouraged at intermediate nodes. However, the simple deployment of network coding cannot achieve the goal once enough packets are collected by the adversaries. On the other hand, the coding/mixing nature precludes the feasibility of employing the existing privacy-preserving techniques, such as Onion Routing. In this paper, we propose a novel network coding based privacy-preserving scheme against traffic analysis in multi-hop wireless networks. With homomorphic encryption on Global Encoding Vectors (GEVs), the proposed scheme offers two significant privacy-preserving features, packet flow untraceability and message content confidentiality, for efficiently thwarting the traffic analysis attacks. Moreover, the proposed scheme keeps the random coding feature, and each sink can recover the source packets by inverting the GEVs with a very high probability. Theoretical analysis and simulative evaluation demonstrate the validity and efficiency of the proposed scheme.

Mengzhou Gao,Dongqin Feng

DOI: https://doi.org/10.1016/j.jfranklin.2018.08.033

IF: 4.246

2019-01-01

Journal of the Franklin Institute

Abstract:This paper investigates the problem of secure control for networked control systems (NCSs) under randomly occurring zero-value attacks (ROZVAs). Specifically, ROZVAs only offset the true signal without injecting obfuscated information or noises, and possess the minimum energy of the added malicious information. To protect system stability against ROZVA, randomly occurring integrity check protection (ROICP) is introduced which prevents malicious data injection with less energy cost than persistently occurring protection. Besides the random phenomena of ROZVA and ROICP, which are characterized by two mutually independent random variables obeying the Bernoulli distribution, the randomly occurring time delays caused by ROICP are also considered in system modelling. According to the built stochastic linear system model, security analysis of the NCS with ROICP subject to ROZVA is carried out and sufficient condition for stochastic stability is derived via a linear matrix inequality (LMI) approach. Based on the proposed condition, a compensation feedback controller is designed to facilitate system stability. Finally, simulation results show the effectiveness of the proposed method.

Yibo Zhu,Yang Chen,Zengbin Zhang,Xiaoming Fu,Dan Li,Beixing Deng,Xing Li

DOI: https://doi.org/10.1145/1921233.1921242

2010-01-01

Abstract:ABSTRACTNetwork Coordinate (NC) systems are efficient in scalable Internet latency estimation. While most of the focus has been put on how to distort Triangle Inequality Violation (TIV) in metric spaces to relieve the inaccuracy caused by it, TIV is a persistently and widely existing phenomenon on the Internet and thus should be embraced by future NC systems rather than being eliminated. Besides high accuracy, such an NC system can also provide the benefit of reducing the data transmission time by use of proper relay routes. With that in mind, we design an NC system with a hierarchical architecture, which is motivated by the natural idea of partitioning the three TIV links into different autonomous NC systems, in order to make as many as TIVs inherently embeddable in metric space. We implement and deploy our work, named Toread, on real Internet. Evaluation results show that Toread's metric space can well characterize more than 60% TIVs, thus Toread is highly accurate (0.54 in Toread versus 1.06 in Pyxida at 90th percentile Relative Error) and effective in searching detour paths (succeeds in 58.2% cases).

Chengbo Dong,Guodong Wang,Yang Chen,Beixing Deng,Xing Li

DOI: https://doi.org/10.1109/iwqos.2010.5542718

2010-01-01

Abstract:Routing policies and the complexity of network give rise to violations of the Triangle Inequality with respect to delay (Round-Trip Time) in the Internet. Most of the network coordinate (NC) systems, for example Vivaldi, suffer from inaccurate distance estimation due to such Triangle Inequality Violations (TIVs). In this abstract, we propose a methodology to overcome TIVs by introducing medium in Euclidean distance based NC model.

Yang Chen,Shining Wu,Jun Li,Xiaoming Fu

DOI: https://doi.org/10.1109/tsc.2015.2437383

IF: 11.019

2015-01-01

IEEE Transactions on Services Computing

Abstract:While network coordinate (NC) systems provide scalable Internet distance estimation service and are useful for various Internet applications, decentralized, matrix factorization-based NC (MFNC) systems have received particular attention recently. They can serve large-scale distributed applications (as opposed to centralized NC systems) and do not need to assume triangle inequality (as opposed to Euclidean-based NC systems). However, because of their decentralized nature, MFNC systems are vulnerable to various malicious attacks. In this paper, we provide the first study on attacks toward MFNC systems, and propose a decentralized trust and reputation approach, called NCShield, to counter such attacks. Different from previous approaches, our approach is able to distinguish between legitimate distance variations and malicious distance alterations. Using four representative data sets from the Internet, we show that NCShield can defend against attacks with high accuracy. For example, when selecting node pairs with a shorter distance than a predefined threshold in an online game scenario, even if 30% nodes are malicious, NCShield can reduce the false positive rate from 45.5% to 3.7%.

Yang Chen,Xiao Wang,Xiaoxiao Song,Eng Keong Lua,Cong Shi,Xiaohan Zhao,Beixing Deng,Xing Li

DOI: https://doi.org/10.1007/978-3-642-01399-7_25

2009-01-01

Abstract:Network coordinate (NC) system allows efficient Internet distance prediction with scalable measurements. Most of the NC systems are based on embedding hosts into a low dimensional Euclidean space. Unfortunately, the accuracy of predicted distances is largely hurt by the persistent occurrence of Triangle Inequality Violation (TIV) in measured Internet distances. IDES is a dot product based NC system which can tolerate the constraints of TIVs. However, it cannot guarantee the predicted distance non-negative and its prediction accuracy is close to the Euclidean distance based NC systems. In this paper, we propose Phoenix, an accurate, practical and decentralized NC system. It adopts a weighted model adjustment to achieve better prediction accuracy while it ensures the predicted distances to be positive and usable. Our extensive Internet trace based simulation shows that Phoenix can achieve higher prediction accuracy than other representative NC systems. Furthermore, Phoenix has fast convergence and robustness over measurement anomalies.

Rachana A. Gupta,Mo-Yuen Chow

DOI: https://doi.org/10.1109/IECON.2008.4758425

2008-01-01

Abstract:Network-control-systems (NCS) have been gaining popularity due to their high potential in widespread applications and becoming realizable due to the rapid advancements in embedded systems, wireless communication technologies. This paper addresses the issue of NCS information security as well its time-sensitive performance and their trade-off. A PI controller implemented on a network to control the speed of the DC motor is used to illustrate the performance assessment for secure networked control systems. Network security algorithms DES, 3DES, and AES are integrated with the application to secure the sensor as well as control data flow on the network. Standard 2(k) factorial experiment design is used to study and estimate the effect of each security algorithm. A I-D gain scheduler is then designed to compensate for the adverse effect due to security. Thorough experimental results, system factors including network security and system gain affecting the performance are evaluated, analyzed, and categorized.

Chengze Du,Jibin Shi

2024-12-11

Abstract:Network tomography plays a crucial role in network monitoring and management, where network topology serves as the fundamental basis for various tomography tasks including traffic matrix estimation and link performance inference. The topology information, however, can be inferred through end-to-end measurements using various inference algorithms, posing significant security risks to network infrastructure. While existing protection methods attempt to secure topology information by manipulating end-to-end delay measurements, they often require complex computation and sophisticated modification strategies, making real-time protection challenging. Moreover, these delay-based modifications typically render the measurements unusable for network monitoring, even by trusted users, as the manipulated delays distort the actual network performance characteristics. This paper presents a novel privacy-preserving framework that addresses these limitations. Our approach provides efficient topology protection while maintaining the utility of measurements for authorized network monitoring. Through extensive evaluation on both simulated and real-world networks topology, we demonstrate that our framework achieves superior privacy protection compared to existing methods while enabling trusted users to effectively monitor network performance. Our solution offers a practical approach for organizations to protect sensitive topology information without sacrificing their network monitoring capabilities.

Cryptography and Security

Zhiguo Wan,Kai Xing,Yunhao Liu

DOI: https://doi.org/10.1109/infcom.2012.6195820

2012-01-01

Abstract:Traffic analysis presents a serious threat to wireless network privacy due to the open nature of wireless medium. Traditional solutions are mainly based on the mix mechanism proposed by David Chaum, but the main drawback is its low network performance due to mixing and cryptographic operations. We propose a novel privacy preserving scheme based on network coding called Priv-Code to counter against traffic analysis attacks for wireless communications. Priv-Code is able to provide strong privacy protection for wireless networks as the mix system because of its intrinsic mixing feature, and moreover, it can achieve better network performance owing to the advantage of network coding. We first construct a hypergraph-based network coding model for wireless networks, under which we formalize an optimization problem whose objective function is to make each node have identical transmission rate. Then we provide a decentralized algorithm for this optimization problem. After that we develop an information theoretic metric for privacy measurement using entropy, and based on this metric we demonstrate that Priv-Code achieves stronger privacy protection than the mix system while achieving better network performance.

Wei Yang

2003-01-01

Abstract:With the widening of network,more serious problems have appeared,such as virus,IDS.All of these impact the network security.According to P2DR model,this paper shows a plan of security system,binding the functions of firewall and IDS.All the distributed applications are built on COPS.

Lei He,Quan Ren,Bolin Ma,Weili Zhang,Jiangxing Wu

DOI: https://doi.org/10.23919/jcc.2021.00.011

2022-01-01

China Communications

Abstract:With the rapid development of information technology, the cyberspace security problem is increasingly serious. Kinds of dynamic defense technology have emerged such as moving target defense and mimic defense. This paper aims to describe the architecture and analyze the performance of Cyberspace Mimic DNS based on generalized stochastic Petri net. We propose a general method of anti-attacking analysis. For general attack and special attack model, the available probability, escaped probability and non-special awareness probability are adopted to quantitatively analyze the system performance. And we expand the GSPN model to adjust to engineering practice by specifying randomness of different output vectors. The result shows that the proposed method is effective, and Mimic system has high anti-attacking performance. To deal with the special attack, we can integrate the traditional defense mechanism in engineering practice. Besides, we analyze the performance of mimic DNSframework based on multi-ruling proxy and input-output desperation, the results represent we can use multi ruling or high-speed cache servers to achieve the consistent cost of delay, throughput compared with single authorized DNS, it can effectively solve 10% to 20% performance loss caused by general ruling proxy.

Yi-Min GUO,Su-Fang ZHOU,Jia-Wei DOU,Shun-Dong LI,Dao-Shun WANG

DOI: https://doi.org/10.11897/SP.J.1016.2017.01664

2017-01-01

Abstract:Secure multiparty computation (SMC) is presently a research focus in the international cryptographic community and a key technology of privacy preserving and information security in cyberspace.This paper investigates an important SMC problem, specific privacy-preserving rational interval computation (PIC).PIC attempts to securely determine whether one private rational number belongs to a private rational interval.This problem is of theoretical cryptographic importance, has practical importance in constructing other SMC protocols, and has many PIC-related applications, such as the inclusion problems between point and ring, point and infinite region, point and segment, and so on, even is able to reduce the cost in real commodity transaction.Based on Paillier's homomorphic encryption and the ideas in the millionaire's methods, firstly, we study the PIC problem from the viewpoint of geometry, where we consider that the private inputs as the slopes of lines that pass through the origin of the coordinates.Thus, the PIC problem can be reduced to the relationship between those lines.Then, we use the formula for computing the area of a triangle formed by three points to construct an efficient rational PIC protocol.Secondly, we regard the comparison as arithmetic inequalities and call an integral millionaire's approach based on symmetric cryptography, propose another efficient rational PIC protocol.Thirdly, we prove the privacy-preserving properties of these two protocols by using simulation paradigm and analyze their theoretical and practical efficiency.Analysis shows that these protocols are efficient.Finally, we demonstrate applications of these two PIC protocols.

Kai Wang,Chuang Lin,Fangqin Liu

DOI: https://doi.org/10.1109/ICIS.2009.162

2009-01-01

Abstract:IP multimedia subsystem (IMS) is considered as the main solution to the next generation multimedia communication.By examining potential security threats to IMS, we initiate a set of security policies for choice and consider their quality of protection (QoP) based on the strength of the security mechanism. In order to provide secure service to users, it is insufficient to just take the security benefits into consideration. An adequate analysis of the impact of security policies in IMS on the performance quantitatively is necessary and significant. We present a novel study of IMS performance using queuing Petri nets (QPN) to predict the system performance metrics, i.e., the signaling delay, server utilization, which then be used to evaluate the impacts of different security mechanism on system performance quantitatively. With the multi-view security partition introduced, multi-level security service can be provided to diverse users and applications for a best tradeoff between security requirements and system performance.

Rachana A Gupta,Avesh Kumar Agarwal,Mo-Yuen Chow,Wenye Wang

DOI: https://doi.org/10.1109/MILCOM.2007.4455044

2007-01-01

Abstract:Distributed network-control-systems (D-NCS) are a network structure and components that are capable of integrating sensors, actuators, communication, and control algorithms to suit real-time applications. They have been gaining popularity due to their high potential in widespread applications and becoming realizable due to the rapid advancements in embedded systems, wireless communication and data transfer technologies. This paper addresses the issue of D-NCS information security as well its time-sensitive performance with respect to network security schemes. We use a wireless network based, robot navigation path tracking system called Intelligent Space (iSpace) as a D-NCS test bed in this paper. The paper classifies the delay data from every NCS module (sensors, actuators and controllers). We define performance parameters for this NCS test bed. Various system factors including network delay, system gain, affecting these performance parameters are recognized. Network security algorithms DES and 3DES are integrated with the application to secure the sensitive information flow. Standard statistical approach such as 2k factorial experiment design, analysis of variance, hypothesis testing is used to study and estimate the effect of each factor on the system performance especially security features. Thorough experimental results, tables of detailed characterization and effect estimate analysis is presented followed by the discussion on the performance comparison of NCS with and without wireless security.

Vignesh Sivaraman,Biplab Sikdar

DOI: https://doi.org/10.1109/tnet.2021.3097536

2021-12-01

IEEE/ACM Transactions on Networking

Abstract:While in-network caching is an essential feature of Information Centric Networks (ICN) for improved content dissemination and reducing the bandwidth consumption at the core of the network, it is prone to many privacy threats. For example, an adversary can passively breach the privacy of a consumer by simply analyzing the different retrieval times for the same content. This paper aims to address this problem of timing analysis attacks by developing privacy-enhancing caching strategies. The proposed caching strategies use two privacy metrics, namely mutual information from information theory and differential privacy, and formulates a privacy enhancing distributed optimization problem with the objective of optimizing the network cost incurred. We efficiently solve the optimization problem by considering it as a <span class="mjpage"><svg xmlns:xlink="http://www.w3.org/1999/xlink" width="1.395ex" height="1.676ex" style="vertical-align: -0.338ex;" viewBox="0 -576.1 600.5 721.6" role="img" focusable="false" xmlns="http://www.w3.org/2000/svg"><g stroke="currentColor" fill="currentColor" stroke-width="0" transform="matrix(1 0 0 -1 0 0)"> <use xlink:href="#MJMATHI-6E" x="0" y="0"></use></g></svg></span> -player, non-cooperative game. We show that Nash equilibrium exists for this game and compute it using an iterative best response algorithm. We compare and validate the performance of our approach on realistic network topologies by comparing it with the existing approaches in literature and the global optimal solutions.<svg xmlns="http://www.w3.org/2000/svg" style="display: none;"><defs id="MathJax_SVG_glyphs"><path stroke-width="1" id="MJMATHI-6E" d="M21 287Q22 293 24 303T36 341T56 388T89 425T135 442Q171 442 195 424T225 390T231 369Q231 367 232 367L243 378Q304 442 382 442Q436 442 469 415T503 336T465 179T427 52Q427 26 444 26Q450 26 453 27Q482 32 505 65T540 145Q542 153 560 153Q580 153 580 145Q580 144 576 130Q568 101 554 73T508 17T439 -10Q392 -10 371 17T350 73Q350 92 386 193T423 345Q423 404 379 404H374Q288 404 229 303L222 291L189 157Q156 26 151 16Q138 -11 108 -11Q95 -11 87 -5T76 7T74 17Q74 30 112 180T152 343Q153 348 153 366Q153 405 129 405Q91 405 66 305Q60 285 60 284Q58 278 41 278H27Q21 284 21 287Z"></path></defs></svg>

Beipeng Mu,Xinming Chen,Zhen Chen

DOI: https://doi.org/10.1109/cmc.2011.130

2011-01-01

Abstract:Network Security Appliances are deployed at the vantage point of the Internet to detect security events and prevent attacks. However, these appliances are not so effective when it comes to distributed attacks such as DDoS. This paper presents a design and implementation of collaborative network security management system (CNSMS), which organize the NetSecu nodes into a hybrid P2P and hierarchy architecture to share the security knowledge. NetSecu nodes are organized into a hierarchy architecture so they could realize different management or security functions. In each level, nodes formed a P2P networks for higher efficiency. To guarantee identity trustworthy and information exchange secure, PKI infrastructure is deployed in CNSMS. Finally experiments are conducted to test the computing and communication cost.

Yudong Zhao,Ke Xu,Rashid Mijumbi,Meng Shen

DOI: https://doi.org/10.1007/978-3-319-22047-5_15

2015-01-01

Abstract:In recent years, the world has been shocked by the increasing number of network attacks that take advantage of router vulnerabilities to perform data interceptions. Such attacks are generally based on low cost, unidirectional, concealed mechanisms, and are very difficult to recognize let alone restrain. This is especially so, because the most affected parties - the users and Internet Service Providers (ISPs) - have very little control, if any, on router vulnerabilities. In this paper, we design, implement and evaluate a policy-based security system aimed at stopping such attacks from both the routing and switching network functions, by detecting any violations in the set policies. We prove the system's security completeness to data interception attacks. Based on simulations, we show that 100% of normal packets can pass through the policy-based system, and about 99.92% of intercepting ones would be caught. In addition, the performance of the proposed system is acceptable with regard to current TCP/IP networks.

Rachana A Gupta,Mo-Yuen Chow,Avesh Kumar Agarwal,Wenye Wang

DOI: https://doi.org/10.1109/IECON.2007.4460391

2007-01-01

Abstract:Abstract- Distributed network-control-systems (D-NCS) are a multidisciplinary effort whose,aim is to produce a network structure and,components,that are capable of integrating sensors, actuators, communication, and control algorithms in a manner,to suit real-time applications. They have been gaining popularity due ,to their ,high ,potential in widespread applications and becoming more,realizable due to the rapid advancements,in wireless communication,and data transfer technologies. This paper ,addresses the issue of D-NCS information security as well its real-time performance with respect to network security protocols and encryption schemes. We use a wireless network based, robot navigation path tracking system called Intelligent Space (iSpace) as a D-NCS test bed in this paper. The paper classifies the data from every NCS module (sensors, actuators and controllers) according to bandwidth requirement, time and information sensitivity. We define performance parameters for this NCS test bed. Various system factors affecting these performance,parameters are recognized. Network security algorithms DES and 3DES are integrated with ,the ,application to secure ,the ,sensitive information,flow. These wireless security features are considered as an added factor to the NCS. Standard statistical approach (2, factorial experiment design) is used to study and estimate the effect of each factor on the system performance especially security additions. Thorough experimental results, tables of detailed characterization and,effect estimate analysis is presented followed by the discussion on the performance comparison of NCS with and without wireless security. Index terms – Distributed networked-control-system, iSpace,