Efficient revocable ID‐based encryption with cloud revocation server

The capability to efficiently revoke compromised/misbehaving users is important in identity‐based encryption (IBE) applications, as it is not a matter of if but of when that one or more users are compromised. Existing solutions generally require a trusted third party to update the private keys of nonrevoked users periodically, which impact on scalability and result in high computation and communication overheads at the key generation center. Li et al proposed a revocable IBE scheme, which outsources most of the computation and communication overheads to a Key Update Cloud Service Provider (KU‐CSP). However, their scheme is lack of scalability since the KU‐CSP must maintain a secret value for each user. Tseng et al proposed another revocable IBE scheme with a cloud revocation authority, seeking to provide scalability and improve both performance and security level. In this paper, we present a new revocable IBE scheme with a cloud revocation server (CRS). The CRS holds only one secret time update key for all users, which provides the capability to scale our scheme. We demonstrate that our scheme is secure against adaptive‐ID and chosen ciphertext attacks under the k‐CAA assumption and outperforms both schemes mentioned above, in terms of having lower computation and communication overheads.     

An agent‐based workflow scheduling mechanism with deadline constraint on hybrid cloud environment

Summary

With the advances of cloud computing, business and scientific‐oriented jobs with certain workflows are increasingly migrated to and run on a variety of cloud environments. These jobs are often with the property of deadline constraint and have to be completed within limited time. Therefore, to schedule a job with workflow (short for workflow) with deadline constraint is increasingly becoming a crucial research issue. In this paper, we, based on previous work, propose an agent‐based workflow scheduling mechanism to schedule workflows that are with deadline constraint into federated cloud environment.

Design and Methods

We add a workflow agent into the original framework to schedule the deadline‐constraint workflow. The workflow agent can smoothly schedule workflows to the cloud system according to their required resource and automatically monitor their execution. In order to accurately predict the execution time of each task to meet deadline constraint on certain VM with given resource, we inherit the use of rough set theory to estimate execution time of task in our previous work.

Result and Discussion

A heuristic algorithm that is embedded into the workflow agent is also proposed because the problem had been shown to be NP‐complete. The mechanism also adopts dynamic job dispatching method to reduce the usage of VM and to improve the resource utilization. We also conducted experiments to evaluate the efficiency and effectiveness.

Conclusion

The experimental results show that the prediction time is very close to the real execution time and can efficiently schedule multiple scientific workflows to meet the deadline constraints simultaneously.     

Exploiting the control power of SDN during the transition from IP to SDN networks

The emerging software‐defined networking (SDN) paradigm introduces new opportunities to improve network performance due to the flexibility and programmability provided by a logically centralized element named controller. However, a rapid adoption of the full SDN architecture is difficult in the short term due to economic and technical reasons. This paper faces the SDN nodes replacement problem during the transition from traditional IP networks to fully deployed SDN networks. Six different replacement methods are proposed to select the most appropriate set of traditional IP nodes to be upgraded to SDN‐enabled switches at a particular transition stage. To show the effectiveness of the proposed methods, they have been applied on an optimization problem currently studied by the research community: the power consumption problem. An integer linear programming formulation is presented to solve it and a genetic algorithm is evaluated through simulations on realistic network topologies. Results highlight that energy‐efficiency in hybrid IP/SDN networks can be significantly improved by only replacing a reduced number of IP nodes.     

An authenticated re‐encryption scheme for secure file transfer in named data networks

With the fast progress of the Internet and communication technologies, the digital communication is increasingly based on the architecture of TCP/IP. Nevertheless, in TCP/IP's architecture, there are limitations such as data uncertainty and flow overloading. In response to this, a novel architecture has been proposed, which is known as the named data network (NDN). Named data network is an alternative network architecture based on the data each user accesses. Users gain accesses to the data by using an adjacent router (node) that verifies the correctness of the data. In NDN, the router has the capability to store and search for the data. Hence, this architecture largely improves the disadvantages in TCP/IP's architecture. Named data network is a new proposal and relatively under‐researched now. Thus far, an adequate secure file transfer protocol is still unavailable for NDN. In some cases, files are broken or the source fails to authenticate, which results in the need to discover the owner of the file. Furthermore, we believe that NDN should involve an authentication mechanism in the secure file transfer protocol. In view of the above, this paper presents an authenticated re‐encryption scheme for NDN, which offers sender authentication, data confidentiality, and support for potential receivers. Finally, we also propose a security model for sender authentication and prove that the proposed scheme is secure.     

HeS‐CoP: Heuristic switch‐controller placement scheme for distributed SDN controllers in data center networks

Software‐defined networking (SDN) has been widely researched and used to manage large‐scale networks such as data center networks (DCNs). An early stage of SDN controller experienced low responsiveness, low scalability, and low reliability. To solve these problems, distributed SDN controllers have been proposed. The concept of distributed SDN controllers distributes control messages among multiple SDN controllers. However, distributed SDN controllers must assign a master controller for each networking devices. Most previous studies, however, did not consider the characteristics of DCNs. Thus, they are not suitable to operate in DCNs. In this paper, we propose HeS‐CoP, a heuristic switch‐controller placement scheme for distributed SDN controllers in DCNs. With the control traffic load and CPU load, HeS‐CoP decides when our scheme should be performed in DCNs. To show the feasibility of HeS‐CoP, we designed and implemented an orchestrator that contains our proposed scheme and then evaluated our proposed scheme. As a result, our proposed scheme well distributes the control traffic load, decreases the average CPU load, and reduces the packet delay.     

Upper bounds for blocking probabilities in large multi‐rate loss networks

In this paper, we consider large loss networks with fixed routing and multirate traffic. We use singlelink formulae and standard results on multidimensional Gaussian distributions to obtain upper bounds for blocking probabilities of new calls under light up to critical loading conditions. This is the loading regime of interest for many practical applications such as admission control in ATM networks. The main advantage of our approach is that the complexity does not scale with the size of the system, making it numerically attractive. Comparison with simulation results show that we get good upper bounds. We conclude by discussing the correlation between links in a network.     

Analysis of demand‐priority access using a priority queue with server vacations and message dependent switchover times

In this paper, we analyse the message waiting times in a local area network (LAN) that uses the demand‐priority access method. This is a priority‐based round‐robin arbitration method where the central controller (the repeater) polls its connected ports to determine which have transmission requests pending and the requests' priority classes. We model it as a 2‐priority M/G/1 queue with multiple server vacations and switchover time between service periods. The service discipline is nonpreemptive and the length of the switchover time is dependent upon the priority class of the preceding message served as well as that of the message to be served next. We provide an approximate analysis for the waiting times of both message classes and derive expressions for the Laplace–Stieltjes transforms (LST) of the stationary distributions and the mean waiting times. We conclude with numerical and simulation results to show the applicability and accuracy of the analytical model. This revised version was published online in June 2006 with corrections to the Cover Date.