Hard Problems: Scalability and Composability 2015 |
This bibliographical collection on scalability and compositionality is part of a series on the five identified hard problems in Science of Security. The works cited here were published or presented in 2015. All are early access articles.
Genge, B.; Haller, P.; Kiss, I., "Cyber-Security-Aware Network Design of Industrial Control Systems," in Systems Journal, IEEE, vol. PP, no. 99, pp. 1-12, August 2015, doi: 10.1109/JSYST.2015.2462715
Abstract: The pervasive adoption of traditional information and communication technologies hardware and software in industrial control systems (ICS) has given birth to a unique technological ecosystem encapsulating a variety of objects ranging from sensors and actuators to video surveillance cameras and generic PCs. Despite their invaluable advantages, these advanced ICS create new design challenges, which expose them to significant cyber threats. To address these challenges, an innovative ICS network design technique is proposed in this paper to harmonize the traditional ICS design requirements pertaining to strong architectural determinism and real-time data transfer with security recommendations outlined in the ISA-62443.03.02 standard. The proposed technique accommodates security requirements by partitioning the network into security zones and by provisioning critical communication channels, known as security conduits, between two or more security zones. The ICS network design is formulated as an integer linear programming (ILP) problem that minimizes the cost of the installation. Real-time data transfer limitations and security requirements are included as constraints imposing the selection of specific traffic paths, the selection of routing nodes, and the provisioning of security zones and conduits. The security requirements of cyber assets denoted by traffic and communication endpoints are determined by a cyber attack impact assessment technique proposed in this paper. The sensitivity of the proposed techniques to different parameters is evaluated in a first scenario involving the IEEE 14-bus model and in a second scenario involving a large network topology based on generated data. Experimental results demonstrate the efficiency and scalability of the ILP model.
Keywords: Bandwidth; Cascading style sheets; Hardware; Process control; Real-time systems; Security; Sensors; ISA-62443;Industrial control systems (ICS); network design; security conduit; security zone (ID#: 15-8628)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7210183&isnumber=4357939
Hong, J.B.; Kim, D.S., "Assessing the Effectiveness of Moving Target Defenses using Security Models," in Dependable and Secure Computing, IEEE Transactions on, vol. PP, no. 99, pp. 1-1, 11 June 2015. doi: 10.1109/TDSC.2015.2443790
Abstract: Cyber crime is a developing concern, where criminals are targeting valuable assets and critical infrastructures within networked systems, causing a severe socio-economic impact on enterprises and individuals. Adopting Moving Target Defense (MTD) helps thwart cyber attacks by continuously changing the attack surface. There are numerous MTD techniques proposed in various domains (e.g., virtualized network, wireless sensor network), but there is still a lack of methods to assess and compare the effectiveness of them. Security models, such as an Attack Graph (AG), provide a formal method of analyzing the security, but incorporating MTD techniques in those security models has not been studied. In this paper, we incorporate MTD techniques into a security model, namely a Hierarchical Attack Representation Model (HARM), to assess the effectiveness of them. In addition, we use importance measures (IMs) for deploying MTD techniques to enhance the scalability. Finally, we compare the scalability of AG and HARM when deploying MTD techniques, as well as changes in performance and security in our experiments.
Keywords: Analytical models; Computational modeling; Internet; Linux; Redundancy; Scalability; Security; Attack Graph; Attack Tree; Importance Measures; Moving Target Defense; Security Analysis (ID#: 15-8629)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7122306&isnumber=4358699
Pak, W.; Choi, Y., "High Performance and High Scalable Packet Classification Algorithm for Network Security Systems," in Dependable and Secure Computing, IEEE Transactions on, vol. PP, no. 99, pp. 1-1, June 2015. doi: 10.1109/TDSC.2015.2443773
Abstract: Packet classification is a core function in network and security systems; hence, hardware-based solutions, such as packet classification accelerator chips or T-CAM (Ternary Content Addressable Memory), have been widely adopted for high-performance systems. With the rapid improvement of general hardware architectures and growing popularity of multi-core multi-threaded processors, software-based packet classification algorithms are attracting considerable attention, owing to their high flexibility in satisfying various industrial requirements for security and network systems. For high classification speed, these algorithms internally use large tables, whose size increases exponentially with the ruleset size; consequently, they cannot be used with a large rulesets. To overcome this problem, we propose a new software-based packet classification algorithm that simultaneously supports high scalability and fast classification performance by merging partition decision trees in a search table. While most partitioning-based packet classification algorithms show good scalability at the cost of low classification speed, our algorithm shows very high classification speed, irrespective of the number of rules, with small tables and short table building time. Our test results confirm that the proposed algorithm enables network and security systems to support heavy traffic in the most effective manner.
Keywords: Buildings; Classification algorithms; Decision trees; Heuristic algorithms; Partitioning algorithms; Scalability; Security; Packet classification; cache-aware table structure; integrated inter- and intra-table search; partitioning (ID#: 15-8628)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7120939&isnumber=4358699
Nick, M.; Alizadeh-Mousavi, O.; Cherkaoui, R.; Paolone, M., "Security Constrained Unit Commitment With Dynamic Thermal Line Rating," in Power Systems, IEEE Transactions on, vol. PP, no. 99, pp. 1-12, July 2015. doi: 10.1109/TPWRS.2015.2445826
Abstract: The integration of the dynamic line rating (DLR) of overhead transmission lines (OTLs) in power systems security constrained unit commitment (SCUC) potentially enhances the overall system security as well as its technical/economic performances. This paper proposes a scalable and computationally efficient approach aimed at integrating the DLR in SCUC problem. The paper analyzes the case of the SCUC with AC load flow constraints. The AC-optimal power flow (AC-OPF) is linearized and incorporated into the problem. The proposed multi-period formulation takes into account a realistic model to represent the different terms appearing in the Heat-Balance Equation (HBE) of the OTL conductors. In order to include the HBE in the OPF, a relaxation is proposed for the heat gain associated to resistive losses while the inclusion of linear approximations are investigated for both convection and radiation heat losses. A decomposition process relying on the Benders decomposition is used in order to breakdown the problem and incorporate a set of contingencies representing both generators and line outages. The effects of different linearization, as well as time step discretization of HBE, are investigated. The scalability of the proposed method is verified using IEEE 118-bus test system.
Keywords: Conductors; Heating; Mathematical model; Reactive power; Security; Wind speed; AC optimal power flow; Benders decomposition; Heat Balance Equation (HBE); convex formulation (ID#: 15-8629)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7160786&isnumber=4374138
Unal, E.; Savas, E., "On Acceleration and Scalability of Number Theoretic Private Information Retrieval," in Parallel and Distributed Systems, IEEE Transactions on, vol. PP, no. 99, pp. 1-1, July 2015. doi: 10.1109/TPDS.2015.2456021
Abstract: We present scalable and parallel versions of Lipmaa’s computationally-private information retrieval (CPIR) scheme [20], which provides log-squared communication complexity. In the proposed schemes, instead of binary decision diagrams utilized in the original CPIR, we employ an octal tree based approach, in which non-sink nodes have eight child nodes. Using octal trees offers two advantages: i) a serial implementation of the proposed scheme in software is faster than the original scheme and ii) its bandwidth usage becomes less than the original scheme when the number of items in the data set is moderately high (e.g., 4,096 for 80-bit security level using Damg°ard-Jurik cryptosystem). In addition, we present a highly-optimized parallel algorithm for shared-memory multi-core/processor architectures, which minimizes the number of synchronization points between the cores. We show that the parallel implementation is about 50 times faster than the serial implementation for a data set with 4,096 items on an eight-core machine. Finally, we propose a hybrid algorithm that scales the CPIR scheme to larger data sets with small overhead in bandwidth complexity. We demonstrate that the hybrid scheme based on octal trees can lead to more than two orders of magnitude faster parallel implementations than serial implementations based on binary trees. Comparison with the original as well as the other schemes in the literature reveals that our scheme is the best in terms of bandwidth requirement.
Keywords: Bandwidth; Complexity theory; Databases; Encryption; Protocols; Servers; Number Theoretic Private Information Retrieval; Parallel Algorithms; Privacy; Security (ID#: 15-8630)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7155582&isnumber=4359390
Rabieh, K.; Mahmoud, M.; akkaya, K.; Tonyali, S., "Scalable Certificate Revocation Schemes for Smart Grid AMI Networks Using Bloom Filters," in Dependable and Secure Computing, IEEE Transactions on, vol. PP, no. 99, pp. 1-1, August 2015. doi: 10.1109/TDSC.2015.2467385
Abstract: Given the scalability of the Advanced Metering Infrastructure (AMI) networks, maintenance and access of certificate revocation lists (CRLs) pose new challenges. It is inefficient to create one large CRL for all the smart meters (SMs) or create a customized CRL for each SM since too many CRLs will be required. In order to tackle the scalability of the AMI network, we divide the network into clusters of SMs, but there is a tradeoff between the overhead at the certificate authority (CA) and the overhead at the clusters. We use Bloom filters to reduce the size of the CRLs in order to alleviate this tradeoff by increasing the clusters’ size with acceptable overhead. However, since Bloom filters suffer from false positives, there is a need to handle this problem so that SMs will not discard important messages due to falsely identifying the certificate of a sender as invalid. To this end, we propose two certificate revocation schemes that can identify and nullify the false positives. While the first scheme requires contacting the gateway to resolve them, the second scheme requires the CA additionally distribute the list of certificates that trigger false positives. Using mathematical models, we have demonstrated that the probability of contacting the gateway in the first scheme and the overhead of the second scheme can be very low by properly designing the Bloom filters. In order to assess the scalability and validate the mathematical formulas, we have implemented the proposed schemes using Visual C. The results indicate that our schemes are much more scalable than the conventional CRL and the mathematical and simulation results are almost identical. Moreover, we simulated the distribution of the CRLs in a wireless mesh-based AMI network using ns-3 network simulator and assessed its distribution overhead.
Keywords: Companies; Logic gates; Public key; Relays; Scalability; Smart grids; AMI; Certificate revocation; Public key infrastructure; public key cryptography; smart grid security (ID#: 15-8631)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7192615&isnumber=4358699
Hu, K.; Chandrikakutty, H.; Goodman, Z.; Tessier, R.; Wolf, T., "Dynamic Hardware Monitors for Network Processor Protection," in Computers, IEEE Transactions on, vol. PP, no. 99, pp. 1-1, May 2015. doi: 10.1109/TC.2015.2435750
Abstract: The importance of the Internet for society is increasing. To ensure a functional Internet, its routers need to operate correctly. However, the need for router flexibility has led to the use of softwareprogrammable network processors in routers, which exposes these systems to data plane attacks. Recently, hardware monitors have been introduced into network processors to verify the expected behavior of processor cores at run time. If instruction-level execution deviates from the expected sequence, an attack is identified, triggering processor core recovery efforts. In this manuscript, we describe a scalable network processor monitoring system that supports the reallocation of hardware monitors to processor cores in response to workload changes. The scalability of our monitoring architecture is demonstrated using theoretical models, simulation, and router system-level experiments implemented on an FPGA-based hardware platform. For a system with four processor cores and six monitors, the monitors result in a 6% logic and 38% memory bit overhead versus the processor’s core logic and instruction storage. No slowdown of system throughput due to monitoring is reported.
Keywords: Hardware; Internet; Monitoring; Multicore processing; Process control; Runtime; FPGA; data plane attack; hardware monitor; multicore processor; network infrastructure; network security (ID#: 15-8632)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7110561&isnumber=4358213
Zhang, Y.; Li, D.; Sun, Z.; Zhao, F.; Su, J.; Lu, X., "CSR: Classified Source Routing in DHT-Based Networks," in Cloud Computing, IEEE Transactions on, vol. PP, no. 99, pp. 1-1, June 2015. doi: 10.1109/TCC.2015.2440242
Abstract: In recent years cloud computing provides a new way to address the constraints of limited energy, capabilities, and resources. Distributed hash table (DHT) based networks have become increasingly important for efficient communication in large-scale cloud systems. Previous studies mainly focus on improving the performance such as latency, scalability and robustness, but seldom consider the security demands on the routing paths, for example, bypassing untrusted intermediate nodes. Inspired by Internet source routing, in which the source nodes specify the routing paths taken by their packets, this paper presents CSR, a tag-based, Classified Source Routing scheme in DHT-based cloud networks to satisfy the security demands on the routing paths. Different from Internet source routing which requires some map of the overall network, CSR operates in a distributed manner where nodes with certain security level are tagged with a label and routing messages requiring that level of security are forwarded only to the qualified next-hops. We show how this can be achieved efficiently, by simple extensions of the traditional routing structures, and safely, so that the routing is uniformly convergent. The effectiveness of our proposals is demonstrated through theoretical analysis and extensive simulations.
Keywords: Cloud computing; Robustness; Routing; Security; Servers; Topology; CSR (classified source routing); DLG-de Bruijn (DdB); distributed hash table (DHT); path diversity; tag (ID#: 15-8633)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7116526&isnumber=6562694
Ding, J.; Bouabdallah, A.; Tarokh, V., "Key Pre-Distributions From Graph-Based Block Designs," in Sensors Journal, IEEE, vol. PP, no. 99, pp. 1-1, June 2015. doi: 10.1109/JSEN.2015.2501429
Abstract: With the development of wireless communication technologies which considerably contributed to the development of wireless sensor networks (WSN), we have witnessed an ever increasing WSN based applications which induced a host of research activities in both academia and industry. Since most of the target WSN applications are very sensitive, security issue is one of the major challenges in the deployment of WSN. One of the important building blocks in securing WSN is key management. Traditional key management solutions developed for other networks are not suitable for WSN since WSN networks are resource (e.g. memory, computation, energy) limited. Key pre-distribution algorithms have recently evolved as efficient alternatives of key management in these networks. Secure communication is achieved between a pair of nodes either by the existence of a key allowing for direct communication or by a chain of keys forming a key-path between the pair. In this paper, we consider prior knowledge of network characteristics and application constraints in terms of communication needs between sensor nodes, and we propose methods to design key pre-distribution schemes, in order to provide better security and connectivity while requiring less resources. Our methods are based on casting the prior information as a graph. Motivated by this idea, we also propose a class of quasi-symmetric designs referred here to as g-designs. Our proposed key pre-distribution schemes significantly improve upon the existing constructions based on the unital designs. We give some examples, and point out open problems for future research.
Keywords: Knowledge engineering; Military computing; Probabilistic logic; Scalability; Security; Sensors; Wireless sensor networks; Balanced incomplete block design; graph; key pre-distribution; quasi-symmetric design; sensor networks (ID#: 15-8634)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7331238&isnumber=4427201
Guan, S.; De Grande, R.; Boukerche, A., "A Multi-layered Scheme for Distributed Simulations on the Cloud Environment," in Cloud Computing, IEEE Transactions on, vol. PP, no. 99, pp. 1-1, July 2015. doi: 10.1109/TCC.2015.2453945
Abstract: In order to improve simulation performance and to integrate simulation resources among geographically distributed locations, the concept of distributed simulation is proposed. Several types of distributed simulation standards, such as DIS and HLA, are established to formalize simulations and achieve reusability and interoperability of simulation components. To implement these distributed simulation standards and to manage the underlying system of distributed simulation applications, we employ Grid Computing and Cloud Computing technologies. These tackle the details of operation, configuration, and maintenance of simulation platforms in which simulation applications are deployed. However, for modelers who may not be familiar with the management of distributed systems, it is challenging to make a simulation-run-ready environment among different types of computing resources and network environments. In this article, a new multi-layered cloud-based scheme is proposed for enabling modeling and simulation based on different distributed simulation standards. This scheme is designed to ease the management of underlying resources and to achieve rapid elasticity that can provide unlimited computing capability to end users; it considers energy consumption, security, multi-user availability, scalability, and deployment issues. A mechanism for handling diverse network environments is described; by adopting it, idle public resources can be easily configured as additional computing capabilities for the local resource pool. A fast deployment model is built to relieve the migration and installation process of this platform. An energy-saving strategy is utilized to reduce the consumption of computing resources. Security components are implemented to protect sensitive information and block malicious attacks in the cloud. In the experiments, the proposed scheme is compared with its corresponding grid computing platform; the cloud computing platform achieves similar performance, but incorporates many advantages that the Cloud can provide.
Keywords: Analytical models; Cloud computing; Computational modeling; Energy consumption; Load modeling; Security; Standards; Availability; Cloud Computing; DIS; Distributed Simulations; Elasticity; Energy Consumption; HLA; Usability (ID#: 15-8635)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7152867&isnumber=6562694
Su, S.; Teng, Y.; Cheng, X.; Xiao, K.; Li, G.; Chen, J., "Privacy-Preserving Top-k Spatial Keyword Queries in Untrusted Cloud Environments," in Services Computing, IEEE Transactions on, vol. PP, no. 99, pp. 1-1, September 2015. doi: 10.1109/TSC.2015.2481900
Abstract: With the rapid development of location-based services in mobile Internet, spatial keyword queries have been widely employed in various real-life applications in recent years. To realize the great flexibility and cost savings, more and more data owners are motivated to outsource their spatio-textual data services to the cloud. However, directly outsourcing such services to the untrusted cloud may arise serious privacy concerns. In this paper, we study the privacy-preserving top-k spatial keyword query problem in untrusted cloud environments. Existing studies primarily focus on the design of privacy-preserving schemes for either spatial or keyword queries, and they cannot be applied to solve the privacy-preserving spatial keyword query problem. To address this problem, we present a novel privacy-preserving top-k spatial keyword query scheme. In particular, we build an encrypted tree index to facilitate privacy-preserving top-k spatial keyword queries, where spatial and textual data are encrypted in a unified way. To search with the encrypted tree index, we propose two effective techniques for the similarity computations between queries and tree nodes under encryption. To improve query performance on large-scale spatio-textual data, we further propose a keyword-based secure pruning method. Thorough analysis shows the validity and security of our scheme. Extensive experimental results on real datasets demonstrate our scheme achieves high efficiency and good scalability.
Keywords: Encryption; Indexes; Noise; Privacy; Servers; Spatial databases; Cloud computing; Data outsourcing; Location-based Services; Privacy; Spatial keyword query (ID#: 15-8636)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7275181&isnumber=4629387
Chandrasekhar, S.; Singhal, M., "Efficient and Scalable Query Authentication for Cloud-based Storage Systems with Multiple Data Sources," in Services Computing, IEEE Transactions on, vol. PP, no. 99, pp. 1-1, November 2015. doi: 10.1109/TSC.2015.2500568
Abstract: Storage services are among the primary cloud computing offerings, providing advantages of scale, cost and availability to its customers. However, studies and past experiences show that large-scale storage service can be unreliable, and vulnerable to various internal and external threats that cause loss and/or corruption of customer data. In this work, we present a query authentication scheme for cloud-based storage system where the data is populated by multiple sources and retrieved by the clients. The system allows clients to verify the authenticity and integrity of the retrieved data in a scalable and efficient way, without requiring implicit trust on the storage service provider. The proposed mechanism is based on our recently proposed multi-trapdoor hash functions, using its properties to achieve near constant communication and computation overhead for authenticating query responses, regardless of the data size, or the number of sources. We develop a discrete log-based instantiation of the scheme and evaluate its security and performance. Our security analysis shows that forging the individual or aggregate authentication tags is infeasible under the discrete log assumption. Our performance evaluation demonstrates that the proposed scheme achieves superior efficiency and scalability compared to existing query authentication schemes offering support for multiple sources.
Keywords: Aggregates; Authentication; Cloud computing; Databases; Organizations; Scalability; Cloud-based storage systems; aggregate authentication tags; discrete log; multi-trapdoor hash functions; query authentication (ID#: 15-8637)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7328758&isnumber=4629387
Yan, Q.; Yu, R.; Gong, Q.; Li, J., "Software-Defined Networking (SDN) and Distributed Denial of Service (DDoS) Attacks in Cloud Computing Environments: A Survey, Some Research Issues, and Challenges," in Communications Surveys & Tutorials, IEEE, vol. PP, no. 99, pp. 1-1, November 2015. doi: 10.1109/COMST.2015.2487361
Abstract: Distributed Denial of Service (DDoS) attacks in cloud computing environments are growing due to the essential characteristics of cloud computing. With recent advances in software-defined networking (SDN), SDN-based cloud brings us new chances to defeat DDoS attacks in cloud computing environments. Nevertheless, there is a contradictory relationship between SDN and DDoS attacks. On one hand, the capabilities of SDN, including software-based traffic analysis, centralized control, global view of the network, dynamic updating of forwarding rules, make it easier to detect and react to DDoS attacks. On the other hand, the security of SDN itself remains to be addressed, and potential DDoS vulnerabilities exist across SDN platforms. In this paper, we discuss the new trends and characteristics of DDoS attacks in cloud computing, and provide a comprehensive survey of defense mechanisms against DDoS attacks using SDN. In addition, we review the studies about launching DDoS attacks on SDN, as well as the methods against DDoS attacks in SDN. To the best of our knowledge, the contradictory relationship between SDN and DDoS attacks has not been well addressed in previous works. This work can help to understand how to make full use of SDN’s advantages to defeat DDoS attacks in cloud computing environments and how to prevent SDN itself from becoming a victim of DDoS attacks, which are important for the smooth evolution of SDN-based cloud without the distraction of DDoS attacks.
Keywords: Cloud computing; Computer architecture; Computer crime; Control systems; Scalability; Virtualization; Cloud Computing; Distributed Denial of Service Attacks (DDoS); Software Defined Networking (SDN) (ID#: 15-8638)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7289347&isnumber=5451756
Nitti, M.; Pilloni, V.; Colistra, G.; Atzori, L., "The Virtual Object as a Major Element of the Internet of Things: a Survey," in Communications Surveys & Tutorials, IEEE, vol. PP, no. 99, pp. 1-1, November 2015. doi: 10.1109/COMST.2015.2498304
Abstract: The Internet of Things (IoT) paradigm has been evolving towards the creation of a cyber-physical world where everything can be found, activated, probed, interconnected, and updated, so that any possible interaction, both virtual and/or physical, can take place. Crucial concept of this paradigm is that of the virtual object, which is the digital counterpart of any real (human or lifeless, static or mobile, solid or intangible) entity in the IoT. It has now become a major component of the current IoT platforms, supporting the discovery and mash up of services, fostering the creation of complex applications, improving the objects energy management efficiency, as well as addressing heterogeneity and scalability issues. This paper aims at providing the reader with a survey of the virtual object in the IoT world. Virtualness is addressed from several perspectives: historical evolution of its definitions; current functionalities assigned to the virtual object and how they tackle the main IoT challenges; major IoT platforms which implement these functionalities. Finally, we illustrate the lessons learned after having acquired a comprehensive view of the topic.
Keywords: Context; Internet of things; Security; Semantics; Sensors; Tutorials; Virtualization; Internet of Things; IoT architectural solutions; virtual objects (ID#: 15-8639)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7320954&isnumber=5451756
Zeng, W.; Zhang, Y.; Chow, Mo-Yuen, "Resilient Distributed Energy Management Subject to Unexpected Misbehaving Generation Units," in Industrial Informatics, IEEE Transactions on, vol. PP, no. 99, pp. 1-1, October 2015. doi: 10.1109/TII.2015.2496228
Abstract: Distributed energy management algorithms are being developed for the smart grid to efficiently and economically allocate electric power among connected distributed generation units and loads. The use of such algorithms provides flexibility, robustness, and scalability, while it also increases the vulnerability of smart grid to unexpected faults and adversaries. The potential consequences of compromising the power system can be devastating to public safety and economy. Thus, it is important to maintain the acceptable performance of distributed energy management algorithms in a smart grid environment under malicious cyberattacks. In this paper, a neighborhood-watch based distributed energy management algorithm is proposed to guarantee the accurate control computation in solving the economic dispatch problem in the presence of compromised generation units. The proposed method achieves the system resilience by performing a reliable distributed control without a central coordinator and allowing all the well-behaving generation units to reach the optimal operating point asymptotically. The effectiveness of the proposed method is demonstrated through case studies under several different adversary scenarios.
Keywords: Algorithm design and analysis; Energy management; Integrated circuits; Resilience; Security; Smart grids; Economic dispatch; neighborhood-watch; resilient distributed energy management (ID#: 15-8640)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7312956&isnumber=4389054
Goryczka, S.; Xiong, L., "A Comprehensive Comparison of Multiparty Secure Additions with Differential Privacy," in Dependable and Secure Computing, IEEE Transactions on, vol. PP, no. 99, pp. 1-1, October 2015. doi: 10.1109/TDSC.2015.2484326
Abstract: This paper considers the problem of secure data aggregation (mainly summation) in a distributed setting, while ensuring differential privacy of the result. We study secure multiparty addition protocols using well known security schemes: Shamir’s secret sharing, perturbation-based, and various encryptions. We supplement our study with our new enhanced encryption scheme EFT, which is efficient and fault tolerant. Differential privacy of the final result is achieved by either distributed Laplace or Geometric mechanism (respectively DLPA or DGPA), while approximated differential privacy is achieved by diluted mechanisms. Distributed random noise is generated collectively by all participants, which draw random variables from one of several distributions: Gamma, Gauss, Geometric, or their diluted versions. We introduce a new distributed privacy mechanism with noise drawn from the Laplace distribution, which achieves smaller redundant noise with efficiency. We compare complexity and security characteristics of the protocols with different differential privacy mechanisms and security schemes. More importantly, we implemented all protocols and present an experimental comparison on their performance and scalability in a real distributed environment. Based on the evaluations, we identify our security scheme and Laplace DLPA as the most efficient for secure distributed data aggregation with differential privacy.
Keywords: Cryptography; Data privacy; Distributed databases; Noise; Privacy; Protocols; Distributed differential privacy; decentralized noise generation; redundant noise; secure multiparty computations (ID#: 15-8641)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7286780&isnumber=4358699
Cao, X.; Zhang, C.; Fu, H.; Guo, X.; Tian, Q., "Saliency-Aware Nonparametric Foreground Annotation Based on Weakly Labeled Data," in Neural Networks and Learning Systems, IEEE Transactions on, vol. PP, no. 99, pp. 1-13, October 2015. doi: 10.1109/TNNLS.2015.2488637
Abstract: In this paper, we focus on annotating the foreground of an image. More precisely, we predict both image-level labels (category labels) and object-level labels (locations) for objects within a target image in a unified framework. Traditional learning-based image annotation approaches are cumbersome, because they need to establish complex mathematical models and be frequently updated as the scale of training data varies considerably. Thus, we advocate the nonparametric method, which has shown potential in numerous applications and turned out to be attractive thanks to its advantages, i.e., lightweight training load and scalability. In particular, we exploit the salient object windows to describe images, which is beneficial to image retrieval and, thus, the subsequent image-level annotation and localization tasks. Our method, namely, saliency-aware nonparametric foreground annotation, is practical to alleviate the full label requirement of training data, and effectively addresses the problem of foreground annotation. The proposed method only relies on retrieval results from the image database, while pretrained object detectors are no longer necessary. Experimental results on the challenging PASCAL VOC 2007 and PASCAL VOC 2008 demonstrate the advance of our method.
Keywords: Computational efficiency; Data models; Detectors; Image retrieval; Training; Training data; Foreground annotation; nonparametric; saliency aware; weakly labeled (ID#: 15-8642)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7307208&isnumber=6104215
Todoran Koitz, I.; Glinz, M., "A Fuzzy Galois Lattices Approach to Requirements Elicitation for Cloud Services," in Services Computing, IEEE Transactions on, vol. PP, no. 99, pp. 1-1, August 2015. doi: 10.1109/TSC.2015.2466538
Abstract: The cloud paradigm has become increasingly attractive throughout the recent years due to its both technical and economic foreseen impact. Therefore, researchers’ and practitioners’ attention has been drawn to enhancing the technological characteristics of cloud services, such as performance, scalability or security. However, the topic of identifying and understanding cloud consumers’ real needs has largely been ignored. Existing requirements elicitation methods are not appropriate for the cloud computing domain, where consumers are highly heterogeneous and geographically distributed, have frequent change requests and expect services to be delivered at a fast pace. In this paper, we introduce a new approach to requirements elicitation for cloud services, which utilizes consumers’ advanced search queries for services to infer requirements that can lead to new cloud solutions. For this, starting from the queries, we build fuzzy Galois lattices that can be used by public cloud providers to analyze market needs and trends, as well as optimum solutions for satisfying the largest populations possible with a minimum set of features implemented. This new approach complements the existing requirements elicitation techniques in that it is a dedicated cloud method which operates with data that already exists, without entailing the active participation of consumers and requirements specialists.
Keywords: Algorithm design and analysis; Analytical models; Cloud computing; Computational modeling; Data models; Lattices; Unified modeling language; Galois lattice; cloud services; data analysis; requirements elicitation (ID#: 15-8643)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7185443&isnumber=4629387
Premarathne, U.; Khalil, I.; Tari, Z.; Zomaya, A., "Cloud-based Utility Service Framework forTrust Negotiations using Federated Identity Management," in Cloud Computing, IEEE Transactions on, vol. PP, no. 99, pp. 1-1, February 2015. doi: 10.1109/TCC.2015.2404816
Abstract: Utility based cloud services can efficiently provide various supportive services to different service providers. Trust negotiations with federated identity management are vital for preserving privacy in open systems such as distributed collaborative systems. However, due to the large amounts of server based communications involved in trust negotiations scalability issues prove to be less cumbersome when offloaded on to the cloud as a utility service. In this view, we propose trust based federated identity management as a cloud based utility service. The main component of this model is the trust establishment between the cloud service provider and the identity providers. We propose novel trust metrics based on the potential vulnerability to be attacked, the available security enforcements and a novel cost metric based on policy dependencies to rank the cooperativeness of identity providers. Practical use of these trust metrics is demonstrated by analyses using simulated data sets, attack history data: published by MIT Lincoln laboratory, real-life attacks and vulnerabilities extracted from Common Vulnerabilities and Exposures (CVE) repository and fuzzy rule based evaluations. The results of the evaluations imply the significance of the proposed trust model to support cloud based utility services to ensure reliable trust negotiations using federated identity management.
Keywords: Authorization; Cloud computing; Collaboration; Computational modeling; Interoperability; Measurement; Reliability; Cloud; Distributed Collaborative Services; Federated Identity Management; Trust; Utility Computing (ID#: 15-8644)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7045552&isnumber=6562694
Sood, K.; Yu, S.; Xiang, Y., "Software Defined Wireless Networking Opportunities and Challenges for Internet of Things: A Review," in Internet of Things Journal, IEEE, vol. PP, no. 99, pp. 1-1, September 2015. doi: 10.1109/JIOT.2015.2480421
Abstract: With the emergence of Internet of Things (IoT), there is now growing interest to simplify wireless network controls. This is a very challenging task, comprising information acquisition, information analysis, decision making and action implementation on large scale IoT networks. Resulting in research to explore the integration of Software Defined Networking (SDN) and IoT for a simpler, easier, and strain less network control. SDN is a promising novel paradigm shift which has the capability to enable a simplified and robust programmable wireless network serving an array of physical objects and applications. This review article starts with the emergence of SDN and then highlights recent significant developments in the wireless and optical domains with the aim of integrating SDN and IoT. Challenges in SDN and IoT integration are also discussed from both security and scalability perspectives.
Keywords: Control systems; Handover; Internet of things; Protocols; Software; Wireless communication; Internet of Things; SDN; SDN Use Case; Software Defined Wireless Networks (SDWN) (ID#: 15-8645)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7279061&isnumber=6702522
Byun, H.; So, J., "Node Scheduling Control Inspired by Epidemic Theory for Data Dissemination in Wireless Sensor-Actuator Networks with Delay Constraints," in Wireless Communications, IEEE Transactions on, vol. PP, no.99, pp. 1-1, November 2015. doi: 10.1109/TWC.2015.2496596
Abstract: Wireless sensor-actuator networks (WSANs) enhance the existing wireless sensor networks (WSNs) by equipping sensor nodes with actuators. The actuators work with the sensor nodes to perform application-specific operations. The WSAN systems have several applications such as disaster relief, intelligent building management, military surveillance, health monitoring, and infrastructure security. These applications require capability of fast data dissemination in order to act responsively to events. However, due to strict resource constraints of the nodes, WSANs pose significant challenges in network protocol design to support applications with delay requirements. Biologically inspired modeling techniques have received considerable attention for achieving robust- ness, scalability, and adaptability, while retaining individual simplicity. Specifically, data dissemination, packet routing, and broadcasting protocols for wireless networks have been modeled by epidemic theory. However, existing bio-inspired algorithms are mostly based on predefined heuristics and fixed parameters, and thus it is difficult for them to achieve desired level of performance under dynamic environments. In order to solve this problem, we propose an epidemic-inspired algorithm for data dissemination in WSANs which automatically controls node states to meet the delay requirements while minimizing energy consumption. Through mathematical analysis, behavior of the algorithm in terms of converge time and steady state can be predicted. Also, the analysis shows that the system achieves stability, and derives parameter conditions for achieving the stability. Finally, extensive simulation results indicate that the proposed scheme outperforms existing protocols in achieving delay requirements and conserving energy.
Keywords: Actuators; Adaptation models; Delays; Protocols; Wireless networks; Wireless sensor networks; Wireless sensor-actuator networks; delay constraints; epidemics; node scheduling (ID#: 15-8646)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7314970&isnumber=4656680
Note:
Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.