Packet reordering in high-speed networks and its impact on high-speed TCP variants

Several recent Internet measurement studies show that the higher the packet sending rate, the higher the packet-reordering probability. This implies that recently proposed high-speed TCP variants are more likely to experience packet reordering than regular TCP in high-speed networks, since they are designed to achieve much higher throughput than regular TCP in these networks. In this paper, we first study the characteristics of packet reordering in high speed networks. Second, we verify the impact of packet reordering on high speed TCP variants and evaluate the effectiveness of the existing reordering-tolerant TCP enhancements using simulations. Our simulation results demonstrate that high-speed TCP variants perform poorly in the presence of packet reordering, and existing reordering-tolerant algorithms can significantly improve the performance of high-speed TCP variants.     

An optical burst reordering model for time-based and random selection assembly strategies

Contention resolution schemes in optical burst switched networks (OBS) as well as contention avoidance schemes delay burst delivery and change the burst arrival sequence. The burst arrival sequence usually changes the packet arrival sequence and degrades the upper layer protocols performance, e.g., the throughput of the transmission control protocol (TCP).In this paper, we present and analyze a detailed burst reordering model for two widely applied burst assembly strategies: time-based and random selection. We apply the IETF reordering metrics and calculate explicitly three reordering metrics: the reordering ratio, the reordering extent metric and the TCP relevant metric. These metrics allow estimating the degree of reordering in a certain network scenario. They estimate the buffer space at the destination to resolve reordering and quantify the number of duplicate acknowledgements relevant for investigations on the transmission control protocol.We show that our model reflects the burst/packet reordering pattern of simulated OBS networks very well. Applying our model in a network emulation scenario, enables investigations on real protocol implementations in network emulation environments. It therefore serves as a substitute for extensive TCP over OBS network simulations with a focus on burst reordering.     

A general and efficient countermeasure to relation attacks in mix-based e-voting

A mix network is an anonymous communication channel usually employed in e-voting applications. A relation attack is a serious threat to privacy of any mix network and can attack various mix networks in many ways. At present, there is no efficient countermeasure to relation attacks in general. In this paper, a novel countermeasure against relation attacks is proposed. It can prevent any relation attack in mix-based e-voting schemes. It adopts a new encryption algorithm specially designed to be robust against relation attacks. The new countermeasure does not need any costly operation and is more efficient than the existing countermeasures. The new countermeasure is applied to voting and shown to work effectively. It is illustrated to protect the existing mix-based e-voting schemes from any relation attack.     

Bandwidth aggregation in heterogeneous wireless networks: A survey of current approaches and issues

Future wireless networks are envisaged to consist of a variety of integrated and jointly managed radio access technologies (RATs). This is motivated by the complementary features of the individual RATs. When in the overlapping coverage of the integrated RATs, a multimode terminal can use them simultaneously, thus aggregating bandwidth to enhance performance of high-bandwidth applications. However, there are challenges that must be addressed to achieve efficient bandwidth aggregation. Packet reordering is the most dominant challenge. Packet reordering can lead to excessive delays that can affect real-time applications; it can also affect throughput of TCP applications adversely. To circumvent the reordering problem and other challenges associated with simultaneous use of the terminal's multiple interfaces, bandwidth aggregation solutions are developed. This paper reviews existing bandwidth aggregation solutions in heterogeneous wireless networks. Challenges and several open research issues in the design of bandwidth aggregation approaches are also outlined. To the best of our knowledge, this is the first comprehensive review of existing bandwidth aggregation techniques in heterogeneous wireless networks. This paper, therefore, provides important lessons and information from current bandwidth aggregation solutions, which can be used to guide the development of more efficient bandwidth aggregation approaches.     

Low-latency Mix Using Split and Merge Operations

One of the methods to maintain the anonymity of communicating nodes in a network is the mix technique. Mix networks have been subject to various traffic analysis attacks that aim at compromising the identities of these communication nodes. Our focus in this paper is to propose mix network schemes that are more robust against these attacks. To this end, we propose using traffic re-distribution techniques. Traffic re-distribution involves changing the number and size of messages in the network by splitting and merging the messages at network nodes and using variable size messages to confuse the attacker. The security and anonymity of the proposed techniques are evaluated against traffic analysis attacks. Performance analysis is provided to determine the effectiveness of the proposed techniques.     

移动对等环境下基于网络编码的隐私保护方案

随着移动对等应用的快速发展,用户对自身隐私的需求变得越来越迫切.然而,由于在移动对等环境去中心化、拓扑变化性强的特点使得现有方案存在较多安全隐患.鉴于此,提出基于网络编码的节点隐私保护方案.主要工作包括：设计能够抵御万能敌手攻击的网络编码方案;将网络编码应用于移动对等资源共享,包括资源搜索、资源请求、应答及文件下载,实现了用户身份、用户位置及路由信息的隐私保护.方案的优势在于利用网络编码和多代理机制改善了网络的负载均衡、提高了信息传输成功率并增强了节点的隐私性.理论分析和仿真实验结果均表明,方案在网络中恶意节点比例低于50%的情况下,不仅可以保障信息的高效传输,同时可以隐藏用户的身份及其他隐私信息.     

Resisting structural re-identification in anonymized social networks

We identify privacy risks associated with releasing network datasets and provide an algorithm that mitigates those risks. A network dataset is a graph representing entities connected by edges representing relations such as friendship, communication or shared activity. Maintaining privacy when publishing a network dataset is uniquely challenging because an individual’s network context can be used to identify them even if other identifying information is removed. In this paper, we introduce a parameterized model of structural knowledge available to the adversary and quantify the success of attacks on individuals in anonymized networks. We show that the risks of these attacks vary based on network structure and size and provide theoretical results that explain the anonymity risk in random networks. We then propose a novel approach to anonymizing network data that models aggregate network structure and allows analysis to be performed by sampling from the model. The approach guarantees anonymity for entities in the network while allowing accurate estimates of a variety of network measures with relatively little bias.     

Traffic analysis attacks on Skype VoIP calls

Skype is one of the most popular voice-over-IP (VoIP) service providers. One of the main reasons for the popularity of Skype VoIP services is its unique set of features to protect privacy of VoIP calls such as strong encryption, proprietary protocols, unknown codecs, dynamic path selection, and the constant packet rate. In this paper, we propose a class of passive traffic analysis attacks to compromise privacy of Skype VoIP calls. The proposed attacks are based on application-level features extracted from VoIP call traces. The proposed attacks are evaluated by extensive experiments over different types of networks including commercialized anonymity networks and our campus network. The experiment results show that the proposed traffic analysis attacks can greatly compromise the privacy of Skype calls. Possible countermeasure to mitigate the proposed traffic analysis attacks are analyzed in this paper.     

On the anonymity of two-factor authentication schemes for wireless sensor networks: Attacks,principle and solutions

Anonymity is among the important properties of two-factor authentication schemes for wireless sensor networks (WSNs) to preserve user privacy. Though impressive efforts have been devoted to designing schemes with user anonymity by only using lightweight symmetric-key primitives such as hash functions and block ciphers, to the best of our knowledge none has succeeded so far. In this work, we take an initial step to shed light on the rationale underlying this prominent issue. Firstly, we scrutinize two previously-thought sound schemes, namely Fan et al.’s scheme and Xue et al.’s scheme, and demonstrate the major challenges in designing a scheme with user anonymity.Secondly, using these two foremost schemes as case studies and on the basis of the work of Halevi–Krawczyk (1999) [44] and Impagliazzo–Rudich (1989) [43], we put forward a general principle: Public-key techniques are intrinsically indispensable to construct a two-factor authentication scheme that can support user anonymity. Furthermore, we discuss the practical solutions to realize user anonymity. Remarkably, our principle can be applied to two-factor schemes for universal environments besides WSNs, such as the Internet, global mobility networks and mobile clouds. We believe that our work contributes to a better understanding of the inherent complexity in achieving user privacy, and will establish a groundwork for developing more secure and efficient privacy-preserving two-factor authentication schemes.     

基于假名的智能交通条件隐私保护认证协议

在智能交通、无人驾驶等场景中,车辆节点与路边设施进行数据交换以实现车路协同,有助于提高交通安全、缓解交通拥堵.但该场景下的数据交换面临很多安全问题,隐私泄露是其中的主要安全风险之一.现有智能交通隐私保护方案多涉及复杂度较高的运算或需配置高成本的防篡改设备,效率较低,不能满足无人驾驶等智能交通应用的实时要求.为此,文章提...     

Real-time video streaming over multipath in multi-hop wireless networks

Given the limited wireless link throughput, high loss rate, and varying end-to-end delay, supporting video applications in multi-hop wireless networks becomes a challenging task. Path diversity exploits multiple routes for each session simultaneously, which achieves higher aggregated bandwidth and potentially decreases delay and packet loss. Unfortunately, for TCP-based video streaming, naive load splitting often results in inaccurate estimation of round trip time (RTT) and packet reordering. As a result, it can suffer from significant instability or even throughput reduction, which is also validated by our analysis and simulation in multi-hop wireless networks. To make real-time TCP-based streaming viable over multi-hop wireless networks, we propose a novel cross-layer design with a smart traffic split scheme, namely, multiple path retransmission (MPR). MPR differentiates the original data packets and the retransmitted packets and works with a novel QoS-aware multi-path routing protocol, QAOMDV, to distribute them separately. MPR does not suffer from the RTT underestimation and extra packet reordering, which ensures stable throughput improvement over single-path routing. Through extensive simulations, we further demonstrate that, as compared with state-of-the-art multi-path protocols, our MPR with QAOMDV noticeably enhances the TCP streaming throughput and reduces bandwidth fluctuation, with no obvious impact to fairness.     

Anonymizing continuous queries with delay-tolerant mix-zones over road networks

This paper presents a delay-tolerant mix-zone framework for protecting the location privacy of mobile users against continuous query correlation attacks. First, we describe and analyze the continuous query correlation attacks (CQ-attacks) that perform query correlation based inference to break the anonymity of road network-aware mix-zones. We formally study the privacy strengths of the mix-zone anonymization under the CQ-attack model and argue that spatial cloaking or temporal cloaking over road network mix-zones is ineffective and susceptible to attacks that carry out inference by combining query correlation with timing correlation (CQ-timing attack) and transition correlation (CQ-transition attack) information. Next, we introduce three types of delay-tolerant road network mix-zones (i.e., temporal, spatial and spatio-temporal) that are free from CQ-timing and CQ-transition attacks and in contrast to conventional mix-zones, perform a combination of both location mixing and identity mixing of spatially and temporally perturbed user locations to achieve stronger anonymity under the CQ-attack model. We show that by combining temporal and spatial delay-tolerant mix-zones, we can obtain the strongest anonymity for continuous queries while making acceptable tradeoff between anonymous query processing cost and temporal delay incurred in anonymous query processing. We evaluate the proposed techniques through extensive experiments conducted on realistic traces produced by GTMobiSim on different scales of geographic maps. Our experiments show that the proposed techniques offer high level of anonymity and attack resilience to continuous queries.     

Extending equation-based congestion control to high-speed and long-distance networks

TCP-friendly rate control (TFRC), an equation-based congestion control protocol, has been a promising alternative to TCP for multimedia streaming applications. However, TFRC using the TCP response function, has the same poor performance as TCP in high-speed and long-distance networks. In this paper, we propose high-speed equation-based rate control (HERC), as an extension of TFRC by replacing the TCP response function with a high-speed response function. HERC could be used for applications, such as high-definition video streaming, and remote collaboration involving high-resolution visualization, which prefer a high-speed and relatively smooth sending rate. The impact of a general high-speed response function on the throughput and smoothness of HERC is studied analytically and verified by using simulation. Our result indicates that by using the response function of a high-speed TCP variant and tuning HERC parameters accordingly, HERC can compete fairly with high-speed TCP flows in the same network, while maintaining the desired smoothness of TFRC.     

Analysis of privacy in mobile telephony systems

We present a thorough experimental and formal analysis of users’ privacy in mobile telephony systems. In particular, we experimentally analyse the use of pseudonyms and point out weak deployed policies leading to some critical scenarios which make it possible to violate a user’s privacy. We also expose some protocol’s vulnerabilities resulting in breaches of the anonymity and/or user unlinkability. We show these breaches translate in actual attacks which are feasible to implement on real networks and discuss our prototype implementation. In order to countermeasure these attacks, we propose realistic solutions. Finally, we provide the theoretical framework for the automatic verification of the unlinkability and anonymity of the fixed 2G/3G procedures and automatically verify them using the ProVerif tool.     

Security analysis of a key based color image watermarking vs. a non-key based technique in telemedicine applications

Recently, digital watermarking has become an important technique to preserve patients’ privacy in telemedicine applications. Since, medical information are highly sensitive, security of watermarked medical images becomes a critical issue in telemedicine applications. In this paper, two targeted attacks have been proposed against a key based color image watermarking scheme and also a non-key based one, in order to evaluate their security in telemedicine applications. The target schemes are SVD-based and QR-based color image watermarking algorithms, which their embedding procedures are quit the same. The proposed attacks exploit the prior knowledge of the watermarking algorithms to make changes in the exact embedding spaces. Thus, these changes would cause disruption in extraction procedure. Our experimental results show that the key based watermarking scheme is more secure than the non-key based one. This is because the proposed targeted attack needs to distort the key based watermarked images more than non-key based ones to remove the embedded watermarks. Our proposed targeted attacks also have more efficient performance in removing watermarks than other general attacks such as JPEG compression, Gaussian noise and etc. Finally, these attacks have been proposed to show the vulnerabilities of watermarking schemes in order to help the designers to implement more secure schemes.     

面向多网关的无线传感器网络多因素认证协议

无线传感器网络作为物联网的重要组成部分,广泛应用于环境监测、医疗健康、智能家居等领域.身份认证为用户安全地访问传感器节点中的实时数据提供了基本安全保障,是保障无线传感器网络安全的第一道防线;前向安全性属于系统安全的最后一道防线,能够极大程度地降低系统被攻破后的损失,因此一直被学术及工业界视为重要的安全属性.设计面向多网关的可实现前向安全性的无线传感器网络多因素身份认证协议是近年来安全协议领域的研究热点.由于多网关无线传感器网络身份认证协议往往应用于高安全需求场景,一方面需要面临强大的攻击者,另一方面传感器节点的计算和存储资源却十分有限,这给如何设计一个安全的多网关无线传感器网络身份认证协议带来了挑战.近年来,大量的多网关身份认证协议被提出,但大部分都随后被指出存在各种安全问题.2018年,Ali等人提出了一个适用于农业监测的多因素认证协议,该协议通过一个可信的中心(基站)来实现用户与外部的传感器节点的认证;Srinivas等人提出了一个通用的面向多网关的多因素身份认证协议,该协议不需要一个可信的中心,而是通过在网关之间存储共享秘密参数来完成用户与外部传感器节点的认证.这两个协议是多网关无线传感器网络身份认证协议的典型代表,分别代表了两类实现不同网关间认证的方式:1)基于可信基站,2)基于共享秘密参数.分析指出这两个协议对离线字典猜测攻击、内部攻击是脆弱的,且无法实现匿名性和前向安全性.鉴于此,本文提出一个安全增强的可实现前向安全性的面向多网关的无线传感器网络多因素认证协议.该协议采用Srinivas等协议的认证方式,即通过网关之间的共享秘密参数完成用户与外部传感器节点的认证,包含两种典型的认证场景.对新协议进行了BAN逻辑分析及启发式分析,分析结果表明该协议实现了双向认证,且能够安全地协商会话密钥以及抵抗各类已知的攻击.与相关协议的对比结果显示,新协议在提高安全性的同时,保持了较高的效率,适于资源受限的无线传感器网络环境.     

Hybrid and forward error correction transmission techniques for unreliable transport of 3D geometry

The continual improvement in computer performance together with the prevalence of high-speed network connections having high throughput and moderate latencies enables the deployment of multimedia applications, such as collaborative virtual environments, over wide area networks (WANs). These applications can serve as simulated environments in scenarios such as emergency response training to catastrophic disasters, military training, and entertainment. Many of these systems use 3D graphics for display and may be required to distribute geometric models on demand between participants. Progressive meshes provide an attractive mechanism for such distribution. Previous uses of progressive meshes have sent data using reliable protocols (TCP). However, such protocols have disadvantages in on-demand settings, in that they: (1) use flow control, which limits performance in WANs; (2) add additional bandwidth when there is loss; (3) treat all loss as an indication of congestion; and (4) require feature-rich multicast support, which is not always available. In this paper, we modify progressive mesh models to allow reconstruction even in the event of packet loss. We use these modifications in two transmission schemes, a hybrid transmission that uses TCP and UDP to send packets and a forward error correction transmission scheme that uses redundancy to decode the information sent. We assess the performance of these transmission schemes when deployed on network testbeds that simulate wide area and wireless characteristics.Published online: 9 February 2005 Correspondence to : Bobby Bodenheimer     

An energy-efficient source-anonymity protocol in surveillance systems

Source-location privacy is a critical security property in event-surveillance systems. However, due to the characteristics of surveillance systems, e.g., resource constraints, diverse privacy requirements and large-scale network, the existing anonymity mechanisms cannot effectively deal with the problem of source-location privacy protection. There is an imbalance on network load and transmission latency for most of the existing anonymity schemes, which causes “funnel effect” and conflicts with anonymity. This paper proposes the dynamic optimal mix-ring-based source-location anonymity protocol, DORing. In this scheme, we first set the dynamic optimal mix-ring to collect and mix the network traffic, which can satisfy the diverse QoS requirements for all the packets. Secondly, we propose the sector-based anonymity assess to control the process of mixing in order to filter out the dummy packets and deliver the authentic packets to sink. Finally, the location of mix-ring is adjusted to balance network energy consumption, prolong the lifetime of the network and resist global attack. The simulation results demonstrate that DORing is very efficient in balancing energy consumption and transmission latency and can significantly prolong survival period of the network and ensure security as well as latency to satisfy the packets’ requirements.     

Chord-PKI: A distributed trust infrastructure based on P2P networks

Many P2P applications require security services such as privacy, anonymity, authentication, and non-repudiation. Such services could be provided through a hierarchical Public Key Infrastructure. However, P2P networks are usually Internet-scale distributed systems comprised of nodes with an undetermined trust level, thus making hierarchical solutions unrealistic. In this paper, we propose Chord-PKI, a distributed PKI architecture which is build upon the Chord overlay network, in order to provide security services for P2P applications. Our solution distributes the functionality of a PKI across the peers by using threshold cryptography and proactive updating. We analyze the security of the proposed infrastructure and through simulations we evaluate its performance for various scenarios of untrusted node distributions.     

一种分层传感器网络安全协议的分析与改进

随着无线传感器网络的广泛应用,其安全性也受到日益严重的挑战.在某些需要保护隐私信息的场合中,通信协议的匿名性设计已成为完整安全解决方案中不可或缺的部分.分层分簇的网络结构因其扩展性及可最大化能源使用效率成为大规模无线传感器网络的首选模型.文中对一种分层传感器网络中的安全协议进行路由匿名性改进,利用基站与传感器共享的会话密钥构造轻型可验证合法性的匿名路由分组,且匿名机制允许进行数据融合与汇聚.以数据分组与端节点不可关联性为目标定义协议的理想过程,然后参照理想过程,使用UC(Universal Composition)框架中的混合模型分析与证明协议的匿名安全性.