An authentication protocol without trusted third party

A secure authentication protocol which supports both the privacy of messages and the authenticity of communicating parties is proposed. The trusted third party (key information center) is not needed once the secure network system is set up. Mutual authentication and key distribution can be achieved with two messages merely between two parties involved     

Optimal information-dispersal for fault-tolerant communication over a burst-error channel

The (m,n) wireless information dispersal scheme (WIDS) is useful for fault-tolerant parallel wireless communications, where it can be used to tolerate up to n-m path (sub-channel) failures. This paper constructs a performance model of (m,n) WIDS used in wireless communications, and proposes an algorithm to find the optimal set of (m,n) with the highest reliability. This algorithm reduces the complexity of finding the candidate set of (m,n) from O(N/sup 2/) to O(N);N is the maximum number of available sub-channels.     

A comment on “A total ordering multicast protocol usingpropagation trees”

In this paper, we reevaluate the message cost of X. Jia's multicast mechanism (see ibid., vol. 6, no. 6, p. 617-27 (1995)). Our analysis shows that its message cost should be (D+k+1) instead of (D+2), where D is the depth of the subtree and k is the number of metagroups containing the destination multicast group     

A Distributed Fault-Tolerant Design for Multiple-Server VOD Systems

Fault tolerance is an important design criterion for reliable and robust video-on-demand systems. Conventional fault-tolerant designs use either a primary backup or an active replication method to provide system fault tolerance. However, these approaches suffer from low utilization of the backup or replication system. In this paper we propose two playback-recovery schemes for distributed video-on-demand systems called the forward playback-recovery scheme and the backward playback-recovery scheme. Unlike conventional fault-tolerant designs, our schemes use existing playback resources to recover faulty playbacks without allocating new resources, significantly reducing recovery overhead. To use the schemes effectively, we developed a distributed algorithm for determining the order and gap information between the playbacks on the distributed video-on-demand servers so that overhead for recovering from a server failure can be minimized. This algorithm achieves N – 1 fault-tolerant resiliency for N-server video-on-demand systems. In addition, three server-recovery policies are also presented to guide surviving servers in applying the proper scheme to recover faulty playbacks, thus reducing overall recovery costs. Simulation results show that the proposed recovery schemes are effective and useful in designing fault-tolerant multiple-server video-on-demand systems.     

Password authentication schemes with smart cards

In this paper, two password authentication schemes with smart cards are proposed. In the schemes, users can change their passwords freely, and the remote system does not need the directory of passwords or verification tables to authenticate users. Once the secure network environment is set up, authentication can be handled solely by the two parties involved. For a network without synchronized clocks, the proposed nonce-based authentication scheme is able to prevent malicious reply attacks.     

Playback Dispatch and Fault Recovery for a Clustered Video System with Multiple Servers

Recent technology advances have made multimedia on-demand services feasible. One of the challenges is to provide fault-tolerant capability at system level for a practical video-on-demand system. The main concern on providing fault recovery is to minimize the consumption of system resources on the surviving servers in the event of server failure. In order to reduce the overhead on recovery, we present three schemes for recovering faulty playbacks through channel merging and sharing techniques on the surviving servers. Furthermore, to evenly distribute the recovery load among the surviving servers, we propose a balanced dispatch policy that ensures load balancing in both the normal server conditions and the presence of a server failure.     

Balancing workload and recovery load on distributed fault-tolerantVOD systems

This letter presents a new code sequence for dispatching playback jobs among distributed video-on-demand servers. The dispatch accordingly has the property of evenly distributing workload among all servers and balancing recovery load on surviving servers if one of the servers fails. We give an O((n-1)!) algorithm for efficiently finding a dispatch sequence for n servers     

Optimal information-dispersal for increasing the reliability of adistributed service

This paper investigates the (m,n) information dispersal scheme (IDS) used to support fault-tolerant distributed servers in a distributed system. In an (m,n)-IDS, a file M is broken into n pieces such that any m pieces collected suffice for reconstructing M. The reliability of an (m,n)-IDS is primarily determined by 3 important factors: n=information dispersal degree (IDD), n/m=information expansion ratio (IER), P_s=success-probability of acquiring a correct piece. It is difficult to determine the optimal IDS with the highest reliability from very many choices. Our analysis shows: several novel features of (m,n)-IDS which can help reduce the complexity of finding the optimal IDS with the highest reliability; that an IDS with a higher IER might not have a higher reliability, even when P_s→1. Based on the theorems given herein, we have developed a method that reduces the complexity for computing the highest reliability from, O(ν) [ν=number of servers] to O(1) when the `upper bound of the IER'=1, or O(ν<sup>2</sup>) to O(1) when the `upper bound of the IER'>1     

On a pattern-oriented model for intrusion detection

Operational security problems, which are often the result of access authorization misuse, can lead to intrusion in secure computer systems. We motivate the need for pattern-oriented intrusion detection, and present a model that tracks both data and privilege flows within secure systems to detect context-dependent intrusions caused by operational security problems. The model allows the uniform representation of various types of intrusion patterns, such as those caused by unintended use of foreign programs and input data, imprudent choice of default privileges, and use of weak protection mechanisms. As with all pattern-oriented models, this model cannot be used to detect new, unanticipated intrusion patterns that could be detected by statistical models. For this reason, we expect that this model will complement, not replace, statistical models for intrusion detection