 |
International Conferences: INFOCOM 2015 Kowloon, Hong Kong, China |
The 2015 IEEE Conference on Computer Communications (INFOCOM) was held on April 26–May 1, 2015 in Kowloon, Hong Kong, China. Over 300 papers were presented at the conference on a variety of computer networking topics. The work cited here specifically relates to the Science of Security.
He, Xiaofan; Dai, Huaiyu; Ning, Peng, “Improving Learning and Adaptation in Security Games by Exploiting Information Asymmetry,” in Computer Communications (INFOCOM), 2015 IEEE Conference on, vol., no., pp. 1787–1795, April 26 2015–May 1 2015. doi:10.1109/INFOCOM.2015.7218560
Abstract: With the advancement of modern technologies, the security battle between a legitimate system (LS) and an adversary is becoming increasingly sophisticated, involving complex interactions in unknown dynamic environments. Stochastic game (SG), together with multi-agent reinforcement learning (MARL), offers a systematic framework for the study of information warfare in current and emerging cyber-physical systems. In practical security games, each player usually has only incomplete information about the opponent, which induces information asymmetry. This work exploits information asymmetry from a new angle, considering how to exploit local information unknown to the opponent to the player's advantage. Two new MARL algorithms, termed minimax-PDS and WoLF-PDS, are proposed, which enable the LS to learn and adapt faster in dynamic environments by exploiting its private local information. The proposed algorithms are provably convergent and rational, respectively. Also, numerical results are presented to show their effectiveness through two concrete anti-jamming examples.
Keywords: Computers; Conferences; Games; Heuristic algorithms; Jamming; Security; Sensors (ID#: 15-6719)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7218560&isnumber=7218353
Hu, Pengfei; Li, Hongxing; Fu, Hao; Cansever, Derya; Mohapatra, Prasant, “Dynamic Defense Strategy Against Advanced Persistent Threat with Insiders,” in Computer Communications (INFOCOM), 2015 IEEE Conference on, vol., no., pp. 747–755, April 26 2015–May 1 2015. doi:10.1109/INFOCOM.2015.7218444
Abstract: The landscape of cyber security has been reformed dramatically by the recently emerging Advanced Persistent Threat (APT). It is uniquely featured by the stealthy, continuous, sophisticated and well-funded attack process for long-term malicious gain, which render the current defense mechanisms inapplicable. A novel design of defense strategy, continuously combating APT in a long time-span with imperfect/incomplete information on attacker's actions, is urgently needed. The challenge is even more escalated when APT is coupled with the insider threat (a major threat in cyber-security), where insiders could trade valuable information to APT attacker for monetary gains. The interplay among the defender, APT attacker and insiders should be judiciously studied to shed insights on a more secure defense system. In this paper, we consider the joint threats from APT attacker and the insiders, and characterize the fore-mentioned interplay as a two-layer game model, i.e., a defense/attack game between defender and APT attacker and an information-trading game among insiders. Through rigorous analysis, we identify the best response strategies for each player and prove the existence of Nash Equilibrium for both games. Extensive numerical study further verifies our analytic results and examines the impact of different system configurations on the achievable security level.
Keywords: Computer security; Computers; Cost function; Games; Joints; Nash equilibrium (ID#: 15-6720)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7218444&isnumber=7218353
Hao, Zijiang; Tang, Yutao; Zhang, Yifan; Novak, Ed; Carter, Nancy; Li, Qun, “SMOC: A Secure Mobile Cloud Computing Platform,” in Computer Communications (INFOCOM), 2015 IEEE Conference on, vol., no., pp. 2668–2676, April 26 2015–May 1 2015. doi:10.1109/INFOCOM.2015.7218658
Abstract: Mobile devices are now ubiquitous in the modern world. In this paper, we propose a novel and practical mobile-cloud platform for smart mobile devices. Our platform allows users to run the entire mobile device operating system and arbitrary applications on a cloud-based virtual machine. It has two design fundamentals. First, applications can freely migrate between the user's mobile device and a backend cloud server. We design a file system extension to enable this feature, so users can freely choose to run their applications either in the cloud (for high security guarantees), or on their local mobile device (for better user experience). Second, in order to protect user data on the smart mobile device, we leverage hardware virtualization technology, which isolates the data from the local mobile device operating system. We have implemented a prototype of our platform using off-the-shelf hardware, and performed an extensive evaluation of it. We show that our platform is efficient, practical, and secure.
Keywords: Hardware; Keyboards; Mobile communication; Mobile handsets; Security; Virtual machine monitors; Virtualization
(ID#: 15-6721)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7218658&isnumber=7218353
Chen, Fei; Xiang, Tao; Yang, Yuanyuan; Wang, Cong; Zhang, Shengyu, “Secure Cloud Storage Hits Distributed String Equality Checking: More Efficient, Conceptually Simpler, and Provably Secure,” in Computer Communications (INFOCOM), 2015 IEEE Conference on, vol., no., pp. 2389–2397, April 26 2015–May 1 2015. doi:10.1109/INFOCOM.2015.7218627
Abstract: Cloud storage has gained a remarkable success in recent years with an increasing number of consumers and enterprises outsourcing their data to the cloud. To assure the availability and integrity of the outsourced data, several protocols have been proposed to audit cloud storage. Despite the formally guaranteed security, the constructions employed heavy cryptographic operations as well as advanced concepts (e.g., bilinear maps over elliptic curves and digital signatures), and thus are inefficient to admit wide applicability in practice. In this paper, we design a novel secure cloud storage protocol, which is conceptually and technically simpler and significantly more efficient than previous constructions. Inspired by a classic string equality checking protocol in distributed computing, our protocol uses only basic integer arithmetic (without advanced techniques and concepts). As simple as the protocol is, it supports both randomized and deterministic auditing to fit different applications. We further extend the proposed protocol to support data dynamics, i.e., adding, deleting and modifying data, using a novel technique. As a further contribution, we find a systematic way to design secure cloud storage protocols based on verifiable computation protocols. Theoretical and experimental analyses validate the efficacy of our protocol.
Keywords: Cloud computing; Computational modeling; Computers; Conferences; Protocols; Secure storage; Security
(ID#: 15-6722)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7218627&isnumber=7218353
Sun, Wenhai; Liu, Xuefeng; Lou, Wenjing; Hou, Y.Thomas; Li, Hui, “Catch You if You Lie to Me: Efficient Verifiable Conjunctive Keyword Search over Large Dynamic Encrypted Cloud Data,” in Computer Communications (INFOCOM), 2015 IEEE Conference on, vol., no., pp. 2110–2118, April 26 2015-May 1 2015. doi:10.1109/INFOCOM.2015.7218596
Abstract: Encrypted data search allows cloud to offer fundamental information retrieval service to its users in a privacy-preserving way. In most existing schemes, search result is returned by a semi-trusted server and usually considered authentic. However, in practice, the server may malfunction or even be malicious itself. Therefore, users need a result verification mechanism to detect the potential misbehavior in this computation outsourcing model and rebuild their confidence in the whole search process. On the other hand, cloud typically hosts large outsourced data of users in its storage. The verification cost should be efficient enough for practical use, i.e., it only depends on the corresponding search operation, regardless of the file collection size. In this paper, we are among the first to investigate the efficient search result verification problem and propose an encrypted data search scheme that enables users to conduct secure conjunctive keyword search, update the outsourced file collection and verify the authenticity of the search result efficiently. The proposed verification mechanism is efficient and flexible, which can be either delegated to a public trusted authority (TA) or be executed privately by data users. We formally prove the universally composable (UC) security of our scheme. Experimental result shows its practical efficiency even with a large dataset.
Keywords: Conferences; Cryptography; Indexes; Keyword search; Polynomials; Servers (ID#: 15-6723)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7218596&isnumber=7218353
Chen, Zhili; Huang, Liusheng; Chen, Lin, “ITSEC: An Information-Theoretically Secure Framework for Truthful Spectrum Auctions,” in Computer Communications (INFOCOM), 2015 IEEE Conference on, vol., no., pp. 2065–2073, April 26 2015–May 1 2015. doi:10.1109/INFOCOM.2015.7218591
Abstract: Truthful auctions make bidders reveal their true valuations for goods to maximize their utilities. Currently, almost all spectrum auction designs are required to be truthful. However, disclosure of one's true value causes numerous security vulnerabilities. Secure spectrum auctions are thus called for to address such information leakage. Previous secure auctions either did not achieve enough security, or were very slow due to heavy computation and communication overhead. In this paper, inspired by the idea of secret sharing, we design an information-theoretically secure framework (ITSEC) for truthful spectrum auctions. As a distinguished feature, ITSEC not only achieves information-theoretic security for spectrum auction protocols in the sense of cryptography, but also greatly reduces both computation and communication overhead by ensuring security without using any encryption/description algorithm. To our knowledge, ITSEC is the first information-theoretically secure framework for truthful spectrum auctions in the presence of semi-honest adversaries. We also design and implement circuits for both single-sided and double spectrum auctions under the ITSEC framework. Extensive experimental results demonstrate that ITSEC achieves comparable performance in terms of computation with respect to spectrum auction mechanisms without any security measure, and incurs only limited communication overhead.
Keywords: Conferences; Cryptography; Logic gates; Privacy; Protocols; Random variables (ID#: 15-6724)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7218591&isnumber=7218353
Ma, Jiefei; Le, Franck; Russo, Alessandra; Lobo, Jorge, “Detecting Distributed Signature-Based Intrusion: The Case of Multi-Path Routing Attacks,” in Computer Communications (INFOCOM), 2015 IEEE Conference on, vol., no., pp. 558–566, April 26 2015–May 1 2015. doi:10.1109/INFOCOM.2015.7218423
Abstract: Signature-based network intrusion detection systems (S-IDS) have become an important security tool in the protection of an organisation's infrastructure against external intruders. By analysing network traffic, S-IDS' detect network intrusions. An organisation may deploy one or multiple S-IDS', each working independently with the assumption that it can monitor all packets of a given flow to detect intrusion signatures. However, emerging technologies (e.g., Multi-Path TCP) violate this assumption, as traffic can be concurrently sent across different paths (e.g., WiFi, Cellular) to boost network performance. Attackers may exploit this capability and split malicious payloads across multiple paths to evade traditional signature-based network intrusion detection systems. Although multiple monitors may be deployed, none of them has the full coverage of the network traffic to detect the intrusion signature. In this paper, we formalise this distributed signature-based intrusion detection problem as an asynchronous online exact string matching problem, and propose an algorithm for it. To demonstrate its effectiveness we conducted comprehensive experiments. Our results show that the behaviour of our algorithm depends only on the packet arrival rate: delay in detecting the signature grows linearly with respect to the packet arrival rate and with small communication overhead.
Keywords: Automata; Computers; Conferences; Intrusion detection; Monitoring; Payloads; Synchronization (ID#: 15-6725)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7218423&isnumber=7218353
Xu, Qiang; Liao, Yong; Miskovic, Stanislav; Mao, Z. Morley; Baldi, Mario; Nucci, Antonio; Andrews, Thomas, “Automatic Generation of Mobile App Signatures from Traffic Observations,” in Computer Communications (INFOCOM), 2015 IEEE Conference on, vol., no., pp. 1481–1489, April 26 2015–May 1 2015. doi:10.1109/INFOCOM.2015.7218526
Abstract: There are network management, traffic engineering, and security practices adopted in today's networking that rely on the knowledge about what applications' traffic is passing through the networks. These practices might fail with mobile apps whose identity remains hidden in generic HTTP traffic. The main reason is that unlike traditional applications, most mobile apps do not use specific protocols or IP ports with distinctive features. Many enterprises and service providers are in a great need of regaining control over their networks that increasingly carry mobile traffic. In this paper we propose FLOWR, a system that automatically identifies mobile apps by continually learning the apps' distinguishing features via traffic analysis. FLOWR focuses solely on key-value pairs in HTTP headers and intelligently identifies the pairs suitable for app signatures. Our system employs a custom supervised learning approach that leverages a very limited knowledge of app-signature seeds and autonomously grows its capacity for app identification. The approach is motivated by a simple but effective hypothesis that unknown app-identifying features should co-occur with the known signatures. Our experimental results show a significant growth in flow identification coverage provided by FLOWR. Specifically, we show that FLOWR can achieve identification of 86–95% of flows related to their generating apps.
Keywords: Computers; Conferences; FLOWR; IP networks; Mobile communication; Mobile computing; Protocols; Web services
(ID#: 15-6726)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7218526&isnumber=7218353
Zhang, Chao; Niknami, Mehrdad; Chen, Kevin Zhijie; Song, Chengyu; Chen, Zhaofeng; Song, Dawn, “JITScope: Protecting Web Users from Control-Flow Hijacking Attacks,” in Computer Communications (INFOCOM), 2015 IEEE Conference on, vol., no., pp. 567–575, April 26 2015–May 1 2015. doi:10.1109/INFOCOM.2015.7218424
Abstract: Web browsers are one of the most important enduser applications to browse, retrieve, and present Internet resources. Malicious or compromised resources may endanger Web users by hijacking web browsers to execute arbitrary malicious code in the victims' systems. Unfortunately, the widely-adopted Just-In-Time compilation (JIT) optimization technique, which compiles source code to native code at runtime, significantly increases this risk. By exploiting JIT compiled code, attackers can bypass all currently deployed defenses. In this paper, we systematically investigate threats against JIT compiled code, and the challenges of protecting JIT compiled code. We propose a general defense solution, JITScope, to enforce Control-Flow Integrity (CFI) on both statically compiled and JIT compiled code. Our solution furthermore enforces the W⊕X policy on JIT compiled code, preventing the JIT compiled code from being overwritten by attackers. We show that our prototype implementation of JITScope on the popular Firefox web browser introduces a reasonably low performance overhead, while defeating existing real-world control flow hijacking attacks.
Keywords: Browsers; Engines; Instruments; JIT compiled code; JIT optimization technique; JITScope; Layout; Runtime; Safety; Security (ID#: 15-6727)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7218424&isnumber=7218353
Lu, Zhuo; Sagduyu, Yalin E.; Li, Jason H., “Queuing the Trust: Secure Backpressure Algorithm Against Insider Threats
in Wireless Networks,” in Computer Communications (INFOCOM), 2015 IEEE Conference on, vol., no., pp. 253–261,
April 26 2015–May 1 2015. doi:10.1109/INFOCOM.2015.7218389
Abstract: The backpressure algorithm is known to provide throughput optimality in routing and scheduling decisions for multi-hop networks with dynamic traffic. The essential assumption in the backpressure algorithm is that all nodes are benign and obey the algorithm rules governing the information exchange and underlying optimization needs. Nonetheless, such an assumption does not always hold in realistic scenarios, especially in the presence of security attacks with intent to disrupt network operations. In this paper, we propose a novel mechanism, called virtual trust queuing, to protect backpressure algorithm based routing and scheduling protocols from various insider threats. Our objective is not to design yet another trust-based routing to heuristically bargain security and performance, but to develop a generic solution with strong guarantees of attack resilience and throughput performance in the backpressure algorithm. To this end, we quantify a node's algorithm-compliance behavior over time and construct a virtual trust queue that maintains deviations from expected algorithm outcomes. We show that by jointly stabilizing the virtual trust queue and the real packet queue, the backpressure algorithm not only achieves resilience, but also sustains the throughput performance under an extensive set of security attacks.
Keywords: Algorithm design and analysis; Heuristic algorithms; Optimization; Queueing analysis; Routing; Scheduling; Throughput (ID#: 15-6728)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7218389&isnumber=7218353
Cui, Helei; Yuan, Xingliang; Wang, Cong, “Harnessing Encrypted Data in Cloud for Secure and Efficient Image Sharing
from Mobile Devices,” in Computer Communications (INFOCOM), 2015 IEEE Conference on, vol., no., pp. 2659–2667,
April 26 2015–May 1 2015. doi:10.1109/INFOCOM.2015.7218657
Abstract: In storage outsourcing, highly correlated datasets can occur commonly, where the rich information buried in correlated data can be useful for many cloud data generation/dissemination services. In light of this, we propose to enable a secure and efficient cloud-assisted image sharing architecture for mobile devices, by leveraging outsourced encrypted image datasets with privacy assurance. Different from traditional image sharing, the proposed design aims to save the transmission cost from mobile clients, by directly utilizing outsourced correlated images to reproduce the image of interest inside the cloud for immediate dissemination. While the benefits are obvious, how to leverage the encrypted image datasets makes the problem particular challenging. To tackle the problem, we first propose a secure and efficient index design that allows the mobile client to securely find from the encrypted image datasets the candidate selection pertaining to the image of interest for sharing. We then design two specialized encryption mechanisms that support the secure image reproduction inside the cloud directly from the encrypted candidate selection. We formally analyze the security strength of the design. Our experiments show that up to 90% of the transmission cost at the mobile client can be saved, while achieving all service requirements and security guarantees.
Keywords: Encryption; Feature extraction; Indexes; Mobile communication; Servers (ID#: 15-6729)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7218657&isnumber=7218353
Zhang, Kuan; Liang, Xiaohui; Lu, Rongxing; Yang, Kan; Shen, Xuemin Sherman, “Exploiting Mobile Social Behaviors for Sybil Detection,” in Computer Communications (INFOCOM), 2015 IEEE Conference on, vol., no., pp. 271–279, April 26 2015–May 1 2015. doi:10.1109/INFOCOM.2015.7218391
Abstract: In this paper, we propose a Social-based Mobile Sybil Detection (SMSD) scheme to detect Sybil attackers from their abnormal contacts and pseudonym changing behaviors. Specifically, we first define four levels of Sybil attackers in mobile environments according to their attacking capabilities. We then exploit mobile users' contacts and their pseudonym changing behaviors to distinguish Sybil attackers from normal users. To alleviate the storage and computation burden of mobile users, the cloud server is introduced to store mobile user's contact information and to perform the Sybil detection. Furthermore, we utilize a ring structure associated with mobile user's contact signatures to resist the contact forgery by mobile users and cloud servers. In addition, investigating mobile user's contact distribution and social proximity, we propose a semi-supervised learning with Hidden Markov Model to detect the colluded mobile users. Security analysis demonstrates that the SMSD can resist the Sybil attackers from the defined four levels, and the extensive trace-driven simulation shows that the SMSD can detect these Sybil attackers with high accuracy.
Keywords: Aggregates; Computers; Hidden Markov models; Mobile communication; Mobile computing; Resists; Servers
(ID#: 15-6730)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7218391&isnumber=7218353
Wang, Bing; Song, Wei; Lou, Wenjing; Hou, Y.Thomas, “Inverted Index Based Multi-Keyword Public-Key Searchable Encryption with Strong Privacy Guarantee,” in Computer Communications (INFOCOM), 2015 IEEE Conference on, vol., no.,
pp. 2092–2100, April 26 2015–May 1 2015. doi:10.1109/INFOCOM.2015.7218594
Abstract: With the growing awareness of data privacy, more and more cloud users choose to encrypt their sensitive data before outsourcing them to the cloud. Search over encrypted data is therefore a critical function facilitating efficient cloud data access given the high data volume that each user has to handle nowadays. Inverted index is one of the most efficient searchable index structures and has been widely adopted in plaintext search. However, securing an inverted index and its associated search schemes is not a trivial task. A major challenge exposed from the existing efforts is the difficulty to protect user's query privacy. The challenge roots on two facts: 1) the existing solutions use a deterministic trapdoor generation function for queries; and 2) once a keyword is searched, the encrypted inverted list for this keyword is revealed to the cloud server. We denote this second property in the existing solutions as one-time-only search limitation. Additionally, conjunctive multi-keyword search, which is the most common form of query nowadays, is not supported in those works. In this paper, we propose a public-key searchable encryption scheme based on the inverted index. Our scheme preserves the high search efficiency inherited from the inverted index while lifting the one-time-only search limitation of the previous solutions. Our scheme features a probabilistic trapdoor generation algorithm and protects the search pattern. In addition, our scheme supports conjunctive multi-keyword search. Compared with the existing public key based schemes that heavily rely on expensive pairing operations, our scheme is more efficient by using only multiplications and exponentiations. To meet stronger security requirements, we strengthen our scheme with an efficient oblivious transfer protocol that hides the access pattern from the cloud. The simulation results demonstrate that our scheme is suitable for practical usage with moderate overhead.
Keywords: Encryption; Indexes; Polynomials; Privacy; Public key; Servers (ID#: 15-6731)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7218594&isnumber=7218353
Salinas, Sergio; Luo, Changqing; Chen, Xuhui; Li, Pan, “Efficient Secure Outsourcing of Large-Scale Linear Systems of Equations,” in Computer Communications (INFOCOM), 2015 IEEE Conference on, vol., no., pp. 1035–1043, April 26 2015–May 1 2015. doi:10.1109/INFOCOM.2015.7218476
Abstract: Solving large-scale linear systems of equations (LSEs) is one of the most common and fundamental problems in big data. But such problems are often too expensive to solve for resource-limited users. Cloud computing has been proposed as a timely, efficient, and cost-effective way of solving such computing tasks. Nevertheless, one critical concern in cloud computing is data privacy. To be more prominent, in many cases, clients's LSEs contain private data that should remain hidden from the cloud for ethical, legal, or security reasons. Many previous works on secure outsourcing of LSEs have high computational complexity. More importantly, they share a common serious problem, i.e., a huge number of external memory I/O operations. This problem has been largely neglected in the past, but in fact is of particular importance and may eventually render those outsourcing schemes impractical. In this paper, we develop an efficient and practical secure outsourcing algorithm for solving large-scale LSEs, which has both low computational complexity and low memory I/O complexity and can protect clients' privacy well. We implement our algorithm on a real-world cloud server and a laptop. We find that the proposed algorithm offers significant time savings for the client (up to 65%) compared to previous algorithms.
Keywords: Computational complexity; Computers; Outsourcing; Privacy; Random access memory; Symmetric matrices
(ID#: 15-6732)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7218476&isnumber=7218353
Yang, Lei; Peng, Pai; Dang, Fan; Wang, Cheng; Li, Xiang-Yang; Liu, Yunhao, “Anti-Counterfeiting via Federated RFID Tags' Fingerprints and Geometric Relationships,” in Computer Communications (INFOCOM), 2015 IEEE Conference on, vol., no., pp.1966–1974, April 26 2015–May 1 2015. doi:10.1109/INFOCOM.2015.7218580
Abstract: RFID has been widely adopted as an effective method for anti-counterfeiting. Legacy systems based on security protocol are either too heavy to be affordable by passive tags or suffering from various protocol-layer attacks, e.g. reverse engineering, cloning, side-channel. In this work, we present a novel anti-counterfeiting system, TagPrint, using COTS RFID tags and readers. Achieving a low-cost and offline genuineness validation utilizing passive tags has been a daunting task. Our system achieves these three goals by leveraging a few of federated tags' fingerprints and geometric relationships. In TagPrint, we exploit a new kind of fingerprint, called phase fingerprint, extracted from the phase value of the backscattered signal, provided by the COTS RFID readers. To further solve the separation challenge, we devise a geometric solution to validate the genuineness. We have implemented a prototype of TagPrint using COTS RFID devices. The system has been tested extensively over 6,000 tags. The results show that our new fingerprint exhibits a good fitness of uniform distribution and the system achieves a surprising Equal Error Rate of 0.1% for anti-counterfeiting.
Keywords: Antennas; Counterfeiting; Cryptography; Fingerprint recognition; Phase measurement; Radiofrequency identification; Anti-counterfeiting; Phase fingerprint; RFID; Tag-Print (ID#: 15-6733)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7218580&isnumber=7218353
Niu, Jianwei; Gu, Fei; Zhou, Ruogu; Xing, Guoliang; Xiang, Wei, “VINCE: Exploiting Visible Light Sensing for Smartphone-Based NFC Systems,” in Computer Communications (INFOCOM), 2015 IEEE Conference on, vol., no., pp. 2722–2730, April 26 2015–May 1 2015. doi:10.1109/INFOCOM.2015.7218664
Abstract: This paper presents VINCE — a novel visible light sensing design for smartphone-based Near Field Communication (NFC) systems. VINCE encodes information as different brightness levels of smartphone screens, while receivers capture the light signal via light sensors. In contrast to RF technologies, the direction and distance of such a Visible Light Communication (VLC) link can be easily controlled, preserving communication privacy and security. As a result, VINCE can be used in a wide range of NFC applications such as contactless payments and device pairing. We experimentally profile the impact of screen brightness levels and refresh rates of smartphones, and then use the results to guide the design of light intensity encoding scheme of VINCE. We adopt several signal processing techniques and empirically derive a model to deal with the significant variation of received light intensity caused by noises and low screen refresh rates. To improve the communication reliability, VINCE adopts a feedback-based retransmission scheme, and dynamically adjusts the number of encoding brightness levels based on the current light channel condition. We also derive an analytical model that characterizes the relation among the distance, SNR (Signal to Noise Ratio), and BER (Bit Error Rate) of VINCE. Our design and theoretical model are validated via extensive evaluations using a hardware implementation of VINCE on Android smartphones and the Arduino platform.
Keywords: Brightness; Decoding; Encoding; Receivers; Sensors; Signal to noise ratio; (ID#: 15-6734)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7218664&isnumber=7218353
Zhang, Shuo; He, Fei; Gu, Ming, “VeRV: A Temporal and Data-Concerned Verification Framework for the Vehicle Bus Systems,” in Computer Communications (INFOCOM), 2015 IEEE Conference on, vol., no., pp. 1167–1175, April 26 2015–May 1 2015. doi:10.1109/INFOCOM.2015.7218491
Abstract: As a part of the international standard IEC 61375, the multifunction vehicle bus (MVB) has been used in most of the modern train control systems. It is highly desirable to check the temporal properties of the data transmitted on the bus. However, we are not aware of any published work on this problem. We proposed VeRV, the first temporal and data-concerned verification framework for the vehicle bus systems. A domain-specific language, called VeSpec, is proposed to specify the packet formats and the desired properties. The language is expressive, modular and easy to use. Given a VeSpec script, the VeRV allows automatic generation of runtime analyzer. We have applied our technique to a real tube train system and succeeded in diagnosing a real failure in this system. The industry application illustrates the effectiveness and efficiency of our technique.
Keywords: Automata; History; Java; Monitoring; Temperature measurement; Temperature sensors; Vehicles; Vehicle bus systems; domain-specific language; online monitoring; runtime verification (ID#: 15-6735)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7218491&isnumber=7218353
Niu, Ben; Li, Qinghua; Zhu, Xiaoyan; Cao, Guohong; Li, Hui, “Enhancing Privacy Through Caching in Location-Based Services,” in Computer Communications (INFOCOM), 2015 IEEE Conference on, vol., no., pp. 1017–1025, April 26 2015–May 1 2015. doi:10.1109/INFOCOM.2015.7218474
Abstract: Privacy protection is critical for Location-Based Services (LBSs). In most previous solutions, users query service data from the untrusted LBS server when needed, and discard the data immediately after use. However, the data can be cached and reused to answer future queries. This prevents some queries from being sent to the LBS server and thus improves privacy. Although a few previous works recognize the usefulness of caching for better privacy, they use caching in a pretty straightforward way, and do not show the quantitative relation between caching and privacy. In this paper, we propose a caching-based solution to protect location privacy in LBSs, and rigorously explore how much caching can be used to improve privacy. Specifically, we propose an entropy-based privacy metric which for the first time incorporates the effect of caching on privacy. Then we design two novel caching-aware dummy selection algorithms which enhance location privacy through maximizing both the privacy of the current query and the dummies' contribution to cache. Evaluations show that our algorithms provide much better privacy than previous caching-oblivious and caching-aware solutions.
Keywords: Algorithm design and analysis; Computers; Entropy; Measurement; Mobile communication; Privacy; Servers
(ID#: 15-6736)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7218474&isnumber=7218353
Roos, Stefanie; Strufe, Thorsten, “On the Impossibility of Efficient Self-Stabilization in Virtual Overlays with Churn,” in Computer Communications (INFOCOM), 2015 IEEE Conference on, vol., no., pp. 298–306, April 26 2015–May 1 2015. doi:10.1109/INFOCOM.2015.7218394
Abstract: Virtual overlays generate topologies for greedy routing, like rings or hypercubes, on connectivity restricted networks. They have been proposed to achieve efficient content discovery in the Darknet mode of Freenet, for instance, which provides a private and secure communication platform for dissidents and whistle-blowers. Virtual overlays create tunnels between nodes with neighboring addresses in the topology. The routing performance hence is directly related to the length of the tunnels, which have to be set up and maintained at the cost of communication overhead in the absence of an underlying routing protocol. In this paper, we show the impossibility to efficiently maintain sufficiently short tunnels. Specifically, we prove that in a dynamic network either the maintenance or the routing eventually exceeds polylog cost in the number of participants. Our simulations additionally show that the length of the tunnels increases fast if standard maintenance protocols are applied. Thus, we show that virtual overlays can only offer efficient routing at the price of high maintenance costs.
Keywords: Maintenance engineering; Network topology; Random processes; Random variables; Routing; Topology; Zinc
(ID#: 15-6737)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7218394&isnumber=7218353
Note:
Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.