Using SPDY to improve Web 2.0 over satellite links

During the last decade, the Web has grown in terms of complexity, while the evolution of the HTTP (Hypertext Transfer Protocol) has not experienced the same trend. Even if HTTP 1.1 adds improvements like persistent connections and request pipelining, they are not decisive, especially in modern mixed wireless/wired networks, often including satellites. The latter play a key role for accessing the Internet everywhere, and they are one of the preferred methods to provide connectivity in rural areas or for disaster relief operations. However, they suffer of high‐latency and packet losses, which degrade the browsing experience. Consequently, the investigation of protocols mitigating the limitations of HTTP, also in challenging scenarios, is crucial both for the industry and the academia. In this perspective, SPDY, which is a protocol optimized for the access to Web 2.0 contents over fixed and mobile devices, could be suitable also for satellite links. Therefore, this paper evaluates its performance when used both in real and emulated satellite scenarios. Results indicate the effectiveness of SPDY if compared with HTTP, but at the price of a more fragile behavior when in the presence of errors. Besides, SPDY can also reduce the transport overhead experienced by middleboxes typically deployed by service providers using satellite links. Copyright © 2016 John Wiley & Sons, Ltd.     

DART: Fast and Efficient Distributed Stream Processing Framework for Internet of Things

With the advent of the Internet‐of‐Things paradigm, the amount of data production has grown exponentially and the user demand for responsive consumption of data has increased significantly. Herein, we present DART, a fast and lightweight stream processing framework for the IoT environment. Because the DART framework targets a geospatially distributed environment of heterogeneous devices, the framework provides (1) an end‐user tool for device registration and application authoring, (2) automatic worker node monitoring and task allocations, and (3) runtime management of user applications with fault tolerance. To maximize performance, the DART framework adopts an actor model in which applications are segmented into microtasks and assigned to an actor following a single responsibility. To prove the feasibility of the proposed framework, we implemented the DART system. We also conducted experiments to show that the system can significantly reduce computing burdens and alleviate network load by utilizing the idle resources of intermediate edge devices.     

An improved password‐based authentication scheme for session initiation protocol using smart cards without verification table

Authentication schemes have been widely deployed access control and mobility management in various communication networks. Especially, the schemes that are based on multifactor authentication such as on password and smart card come to be more practical. One of the standard authentication schemes that have been widely used for secure communication over the Internet is session initiation protocol (SIP). The original authentication scheme proposed for SIP was vulnerable to some crucial security weaknesses. To overcome the security problems, various improved authentication schemes have been developed, especially based on elliptic curve cryptography (ECC). Very recently, Zhang et al . proposed an improved authentication scheme for SIP based on ECC using smart cards to overcome the security flaws of the related protocols. Zhang et al . claimed that their protocol is secure against all known security attacks. However, this paper indicates that Zhang et al . protocol is still insecure against impersonation attack. We show that an active attacker can easily masquerade as a legal server to fool users. As a remedy, we also improve Zhang et al . protocol by imposing a little extra computation cost. Copyright © 2014 John Wiley & Sons, Ltd.     

An incremental intrusion detection system using a new semi‐supervised stream classification method

In recent years, the utilization of machine learning and data mining techniques for intrusion detection has received great attention by both security research communities and intrusion detection system (IDS) developers. In intrusion detection, the most important constraints are the imbalanced class distribution, the scarcity of the labeled data, and the massive amounts of network flows. Moreover, because of the dynamic nature of the network flows, applying static learned models degrades the detection performance significantly over time. In this article, we propose a new semi‐supervised stream classification method for intrusion detection, which is capable of incremental updating using limited labeled data. The proposed method, called the incremental semi‐supervised flow network‐based IDS (ISF‐NIDS), relies on an incremental mixed‐data clustering, a new supervised cluster adjustment method, and an instance‐based learning. The ISF‐NIDS operates in real time and learns new intrusions quickly using limited storage and processing power. The experimental results on the KDD99, Moore, and Sperotto benchmark datasets indicate the superiority of the proposed method compared with the existing state‐of‐the‐art incremental IDSs.     

A secure mutual authentication scheme with non‐repudiation for vehicular ad hoc networks

Vehicular ad hoc networks (VANETs) have been a research focus in recent years. VANETs are not only used to enhance the road safety and reduce the traffic accidents earlier but also conducted more researches in network value‐added service. As a result, the security requirements of vehicle communication are given more attention. In order to prevent the security threat of VANETs, the security requirements, such as the message integrity, availability, and confidentiality are needed to be guaranteed further. Therefore, a secured and efficient verification scheme for VANETs is proposed to satisfy these requirements and reduce the computational cost by combining the asymmetric and symmetric cryptology, certificate, digital signature, and session key update mechanism. In addition, our proposed scheme can resist malicious attacks or prevent illegal users' access via security and performance analysis. In summary, the proposed scheme is proved to achieve the requirements of resist known attacks, non‐repudiation, authentication, availability, integrity, and confidentiality. Copyright © 2015 John Wiley & Sons, Ltd.     

A topology and application‐aware relay path allocation scheme in multipath transport system based on application‐level relay

The ever‐increasing transmission requirements of quality of service (QoS)‐sensitive applications, especially real‐time multimedia applications, can hardly be met by the single path routing protocols. Multipath transmission mechanism is a feasible approach to provide QoS for various applications. On the basis of the general framework of multipath transport system based on application‐level relay, we present a relay path allocation scheme, whose goal is to select suitable relay paths, while balancing the overlay traffic among the different domains and relayers. With the application‐layer traffic optimization service under the standardization within the Internet Engineering Task Force (IETF), the controller has the topology‐aware ability to allocate relay paths with excellent routing performance. To further develop the universality of our method, the controller perceives transmission performance of relay overlay network through relayers' performance detection processes and, thus, has the application‐aware ability to allocate relay paths with excellent transmission performance for different applications by consulting application‐specific transmission metrics. Simulation results demonstrate that the proposed relay path allocation algorithm performs well in allocating superior relay paths and can balance the distribution of overlay traffic across domains in different network situations.     

Efficient allocation of LTE downlink spectral resource to improve fairness and throughput

For the current generation of cellular communication systems, long‐term evolution (LTE) has been the major protocol to support high‐speed data transmission. It is critical to allocate downlink spectral resource in LTE, namely, resource blocks (RBs), but the issue is not well addressed in the standard. Therefore, the paper develops an efficient RB allocation algorithm with 4 mechanisms to improve both fairness and throughput in LTE. For fairness concern, our RB allocation algorithm uses a resource‐reservation mechanism to prevent cell‐edge user equipments from starvation, and a credit‐driven mechanism to keep track of the amount of resource given to each user equipment. For throughput concern, it adopts both weight‐assignment and RB‐matching mechanisms to allocate each RB to a packet according to its flow type and length. Through simulations, we demonstrate that the proposed RB allocation algorithm can significantly increase both throughput and fairness while reducing packet dropping and delays of real‐time flows, as compared with previous methods.