Efficient revocable ID‐based encryption with cloud revocation server

The capability to efficiently revoke compromised/misbehaving users is important in identity‐based encryption (IBE) applications, as it is not a matter of if but of when that one or more users are compromised. Existing solutions generally require a trusted third party to update the private keys of nonrevoked users periodically, which impact on scalability and result in high computation and communication overheads at the key generation center. Li et al proposed a revocable IBE scheme, which outsources most of the computation and communication overheads to a Key Update Cloud Service Provider (KU‐CSP). However, their scheme is lack of scalability since the KU‐CSP must maintain a secret value for each user. Tseng et al proposed another revocable IBE scheme with a cloud revocation authority, seeking to provide scalability and improve both performance and security level. In this paper, we present a new revocable IBE scheme with a cloud revocation server (CRS). The CRS holds only one secret time update key for all users, which provides the capability to scale our scheme. We demonstrate that our scheme is secure against adaptive‐ID and chosen ciphertext attacks under the k‐CAA assumption and outperforms both schemes mentioned above, in terms of having lower computation and communication overheads.     

An agent‐based workflow scheduling mechanism with deadline constraint on hybrid cloud environment

Summary

With the advances of cloud computing, business and scientific‐oriented jobs with certain workflows are increasingly migrated to and run on a variety of cloud environments. These jobs are often with the property of deadline constraint and have to be completed within limited time. Therefore, to schedule a job with workflow (short for workflow) with deadline constraint is increasingly becoming a crucial research issue. In this paper, we, based on previous work, propose an agent‐based workflow scheduling mechanism to schedule workflows that are with deadline constraint into federated cloud environment.

Design and Methods

We add a workflow agent into the original framework to schedule the deadline‐constraint workflow. The workflow agent can smoothly schedule workflows to the cloud system according to their required resource and automatically monitor their execution. In order to accurately predict the execution time of each task to meet deadline constraint on certain VM with given resource, we inherit the use of rough set theory to estimate execution time of task in our previous work.

Result and Discussion

A heuristic algorithm that is embedded into the workflow agent is also proposed because the problem had been shown to be NP‐complete. The mechanism also adopts dynamic job dispatching method to reduce the usage of VM and to improve the resource utilization. We also conducted experiments to evaluate the efficiency and effectiveness.

Conclusion

The experimental results show that the prediction time is very close to the real execution time and can efficiently schedule multiple scientific workflows to meet the deadline constraints simultaneously.     

Exploiting the control power of SDN during the transition from IP to SDN networks

The emerging software‐defined networking (SDN) paradigm introduces new opportunities to improve network performance due to the flexibility and programmability provided by a logically centralized element named controller. However, a rapid adoption of the full SDN architecture is difficult in the short term due to economic and technical reasons. This paper faces the SDN nodes replacement problem during the transition from traditional IP networks to fully deployed SDN networks. Six different replacement methods are proposed to select the most appropriate set of traditional IP nodes to be upgraded to SDN‐enabled switches at a particular transition stage. To show the effectiveness of the proposed methods, they have been applied on an optimization problem currently studied by the research community: the power consumption problem. An integer linear programming formulation is presented to solve it and a genetic algorithm is evaluated through simulations on realistic network topologies. Results highlight that energy‐efficiency in hybrid IP/SDN networks can be significantly improved by only replacing a reduced number of IP nodes.     

An authenticated re‐encryption scheme for secure file transfer in named data networks

With the fast progress of the Internet and communication technologies, the digital communication is increasingly based on the architecture of TCP/IP. Nevertheless, in TCP/IP's architecture, there are limitations such as data uncertainty and flow overloading. In response to this, a novel architecture has been proposed, which is known as the named data network (NDN). Named data network is an alternative network architecture based on the data each user accesses. Users gain accesses to the data by using an adjacent router (node) that verifies the correctness of the data. In NDN, the router has the capability to store and search for the data. Hence, this architecture largely improves the disadvantages in TCP/IP's architecture. Named data network is a new proposal and relatively under‐researched now. Thus far, an adequate secure file transfer protocol is still unavailable for NDN. In some cases, files are broken or the source fails to authenticate, which results in the need to discover the owner of the file. Furthermore, we believe that NDN should involve an authentication mechanism in the secure file transfer protocol. In view of the above, this paper presents an authenticated re‐encryption scheme for NDN, which offers sender authentication, data confidentiality, and support for potential receivers. Finally, we also propose a security model for sender authentication and prove that the proposed scheme is secure.     

HeS‐CoP: Heuristic switch‐controller placement scheme for distributed SDN controllers in data center networks

Software‐defined networking (SDN) has been widely researched and used to manage large‐scale networks such as data center networks (DCNs). An early stage of SDN controller experienced low responsiveness, low scalability, and low reliability. To solve these problems, distributed SDN controllers have been proposed. The concept of distributed SDN controllers distributes control messages among multiple SDN controllers. However, distributed SDN controllers must assign a master controller for each networking devices. Most previous studies, however, did not consider the characteristics of DCNs. Thus, they are not suitable to operate in DCNs. In this paper, we propose HeS‐CoP, a heuristic switch‐controller placement scheme for distributed SDN controllers in DCNs. With the control traffic load and CPU load, HeS‐CoP decides when our scheme should be performed in DCNs. To show the feasibility of HeS‐CoP, we designed and implemented an orchestrator that contains our proposed scheme and then evaluated our proposed scheme. As a result, our proposed scheme well distributes the control traffic load, decreases the average CPU load, and reduces the packet delay.     

Key-Recovery Attacks on <Emphasis FontCategory="SansSerif">ASASA</Emphasis>

The \(\mathsf {ASASA}\) construction is a new design scheme introduced at Asiacrypt 2014 by Biryukov, Bouillaguet and Khovratovich. Its versatility was illustrated by building two public-key encryption schemes, a secret-key scheme, as well as super S-box subcomponents of a white-box scheme. However, one of the two public-key cryptosystems was recently broken at Crypto 2015 by Gilbert, Plût and Treger. As our main contribution, we propose a new algebraic key-recovery attack able to break at once the secret-key scheme as well as the remaining public-key scheme, in time complexity \(2^{63}\) and \(2^{39}\), respectively (the security parameter is 128 bits in both cases). Furthermore, we present a second attack of independent interest on the same public-key scheme, which heuristically reduces the problem of breaking the scheme to an \(\mathsf {LPN}\) instance with tractable parameters. This allows key recovery in time complexity \(2^{56}\). Finally, as a side result, we outline a very efficient heuristic attack on the white-box scheme, which breaks instances claiming 64 bits of security under one minute on a laptop computer.     

Analysis of demand‐priority access using a priority queue with server vacations and message dependent switchover times

In this paper, we analyse the message waiting times in a local area network (LAN) that uses the demand‐priority access method. This is a priority‐based round‐robin arbitration method where the central controller (the repeater) polls its connected ports to determine which have transmission requests pending and the requests' priority classes. We model it as a 2‐priority M/G/1 queue with multiple server vacations and switchover time between service periods. The service discipline is nonpreemptive and the length of the switchover time is dependent upon the priority class of the preceding message served as well as that of the message to be served next. We provide an approximate analysis for the waiting times of both message classes and derive expressions for the Laplace–Stieltjes transforms (LST) of the stationary distributions and the mean waiting times. We conclude with numerical and simulation results to show the applicability and accuracy of the analytical model. This revised version was published online in June 2006 with corrections to the Cover Date.     

Development of the transmission line matrix method in acoustics applications to higher modes in the vocal tract and other complex ducts

Most traditional theories of speech production are currently based on plane waves. However, it is well known that, for acoustic waveguides, higher acoustical modes start to propagate and can become predominant above cut-on frequencies. This paper thus presents the transmission line matrix method, a numerical method initially designed for electromagnetic waves, and its adaptation to acoustic waveguides. The method, and in particular the representation of boundary conditions, is validated by comparison with known analytical theories. It is then used to show the dramatic effect of higher order modes upon the radiation characteristics of uniform ducts, as well as the importance of source location. Finally, first applications to bent and bifurcating rectangular ducts are presented, and the transfer function of a vowel [a] is shown to display frequency patterns typical of those measured on human subjects and that cannot be explained by one-dimensional propagation only. © 1998 John Wiley & Sons, Ltd.