Efficient schemes for securing network coding against wiretapping

Existing solutions for secure network coding either bring significant bandwidth overhead or incur a high computa- tional complexity. For exploiting low-overhead mechanism for secure network coding against wiretapping, three efficient schemes are proposed for the applications with different security requirements. The basic idea behind this paper is first to encrypt a small part of source vectors and then subject the remaining original source vectors and the encrypted vectors to a special linear transformation. Also, a lightweight version of this scheme is then presented for resource-constrained networks. Moreover, an extensive scheme with enhanced security is also considered. All proposals are shown to have properties of lower security complexity and smaller bandwidth usage compared with the existing solutions. Also, the proposals can be easy to achieve flexible levels of security for various applications.     

Collaborative Network Security in Multi-Tenant Data Center for Cloud Computing简

A data center is an infrastructure that supports Internet service. Cloud comput the face of the Internet service infrastructure, enabling even small organizations to quickly ng is rapidly changing build Web and mobile applications for millions of users by taking advantage of the scale and flexibility of shared physical infrastructures provided by cloud computing. In this scenario, multiple tenants save their data and applications in shared data centers, blurring the network boundaries between each tenant in the cloud. In addition, different tenants have different security requirements, while different security policies are necessary for different tenants. Network virtualization is used to meet a diverse set of tenant-specific requirements with the underlying physical network enabling multi-tenant datacenters to automatically address a large and diverse set of tenants requirements. In this paper, we propose the system implementation of vCNSMS, a collaborative network security prototype system used n a multi-tenant data center. We demonstrate vCNSMS with a centralized collaborative scheme and deep packet nspection with an open source UTM system. A security level based protection policy is proposed for simplifying the security rule management for vCNSMS. Different security levels have different packet inspection schemes and are enforced with different security plugins. A smart packet verdict scheme is also integrated into vCNSMS for ntelligence flow processing to protect from possible network attacks inside a data center network     

An Efficient Key Management Protocol for Wireless Sensor Networks

Key management is a fundamental security service in wireless sensor networks. The communication security problems for these networks are exacerbated by the limited power and energy of the sensor devices. In this paper, we describe the design and implementation of an efficient key management scheme based on low energy adaptive clustering hierarchy（LEACH） for wireless sensor networks. The design of the protocol is motivated by the observation that many sensor nodes in the network play different roles. The paper presents different keys are set to the sensors for meeting different transmitting messages and variable security requirements. Simulation results show that our key management protocol based-on LEACH can achieve better performance. The energy consumption overhead introduced is remarkably low compared with the original Kerberos schemes.     

A lightweight secure network coding scheme against wiretapping

Existing works for securing network coding against wiretapping either incur high coding complexity or bring large bandwidth overhead. For exploiting the lightweight security mechanism for resource-constrained networks, an efficient secure coding scheme is proposed in conjunction with the inherent mix- ing characteristic of network coding. The key idea is to minimize the randomizing operations to the entire plaintext data. The pro- posed scheme is shown to have properties of lightweight security complexity and lower communication overhead compared with the existing traditional solutions, and can be easy in implementation and combination with classical cryptography techniques.     

EP-based Optimization of Strategic Safety Stocks in Reverse Logistics Systems

A new heuristic strategic safety stock optimization is proposed based on evolutionary programming(EP) algorithm for reverse logistics supply chain systems. The supply chain is described with a network and the modeling complexity of external as well as internal product returns and reuses of supply chains is considered with. It is assumed that customer demands for final products are uncertain. Products are randomly returned from external customers to stock points. The optimization model is established and three different cases with different structures are used to show the strength of the algorithm.     

Comparison of SETAM with security use case and security misuse case: A software security testing study

A software security testing behavior model,SETAM,was proposed in our previous work as the integrated model for describing software security testing requirements behavior,which is not only compatible with security functions and latent typical misuse behaviors,but also with the interaction of them.In this paper,we analyze the differences between SETAM with security use case and security misuse case in different types of security test requirements.To illustrate the effectiveness of SETAM,we compare them in a practical case study by the number of test cases and the number of faults detected by them.The results show that SETAM could decrease about 34.87% use cases on average,and the number of faults detected by SETAM increased by 71.67% in average,which means that our model can detect more faults with fewer test cases for software security testing.     

A protocol for fair electronic purchase based on concurrent signatures

E-commerce protocols for the electronic purchase of goods are difficult to design and implement due to their complexity and high security demands. Fairness of such protocols in literature highly depends on an additional TTP（trusted third party）. However, it is difficult to find such a TTP in some situations. In addition, fairness for customers has been neither fully considered nor well satisfied in existing electronic purchasing protocols. In this paper, a new protocol FEP （fair electronic purchase） without a special TTP but an online bank is presented based on a concurrent digital signature scheme. The FEP protocol guarantees fair electronic purchase of goods via electronic payment between consumers, merchants and their online banks. The protocol is practical and the analysis based on the game logics shows that it achieves the properties of viability, fairness, and timeliness.     

QoS-Aware Virtual Machine Scheduling for Video Streaming Services in Multi-Cloud

Video streaming services are trending to be deployed on cloud. Cloud computing offers better stability and lower price than traditional IT facilities. Huge storage capacity is essential for video streaming service. More and more cloud providers appear so there are increasing cloud platforms to choose. A better choice is to use more than one data center, which is called multi-cloud. In this paper a closed-loop approach is proposed for optimizing Quality of Service (QoS) and cost. Modules of monitoring and controlling data centers are required as well as the application feedback such as video streaming services. An algorithm is proposed to help choose cloud providers and data centers in a multi-cloud environment as a video service manager. Performance with different video service workloads are evaluated. Compared with using only one cloud provider, dynamically deploying services in multi-cloud is better in aspects of both cost and QoS. If cloud service costs are different among data centers, the algorithm will help make choices to lower the cost and keep a high QoS.     

Two-Level Cross-Talked Admission Control Mechanism for QoS Guarantee in 802.11e EDCA

This paper describes a two-level cross-talked admission control mechanism that guarantees quality of service （QoS） requirements for multimedia applications over wireless local area networks （WLANs）. An enhanced distributed channel access analytical model is used to compute the maximum number of admitted users according to the QoS requirements and the packet arrival characters. Then, some channel resources are reserved for handoff calls based on the maximum number of admitted users and the call-level traffic model. The channel utilization ratio is also measured to reflect the current system traffic load. The maximum number of admitted users and the channel utilization ratio are used for admission control for applications with QoS requirements in the call level and for rate control of best effort applications in the packet level using the p-nonacknowledgement scheme. Thus, the QoS requirements are statistically guaranteed while the system is efficiently utilized. Simulations validate the effectiveness of this mechanism to guarantee the QoS and bandwidth utilization.     

A Peer-to-Peer resource sharing scheme using trusted computing technology

Facing the increasing security issues in P2P networks, a scheme for resource sharing using trusted computing technologies is proposed in this paper. We advance a RS-UCON model with decision continuity and attribute mutability to control the usage process and an architecture to illustrate how TC technologies support policy enforcement with bidirectional attestation. The properties required for attestation should include not only integrity measurement value of platform and related application, but also reputation of users and access history, in order to avoid the limitation of the existing approaches. To make a permission, it is required to evaluate both the authorization and conditions of the subject and the object in resource usage to ensure trustable resources to be transferred to trusted users and platform.