Group communication has become an important component in wireless networks. In this paper, we focus on the environments in which multiple groups coexist in the system, and both intra and inter group multicast traffic must be protected by secret keys. We propose a mechanism that integrates polynomials with flat tables to achieve personal key share distribution and efficient key refreshment during group changes. The proposed mechanism distributes keys via true broadcast. The contributions of the research include: (1) By switching from asymmetric algorithms to symmetric encryption methods, the proposed mechanism avoids heavy computation, and improves the processing efficiency of multicast traffic and the power usage at the wireless nodes. The group managers do not have to generate public-private key pairs when the group member changes. (2) It becomes more difficult for an attacker to impersonate another node since personal key shares are adopted. The additional storage overhead at the wireless nodes and the increased broadcast traffic during key refreshment are justified. In addition, we describe techniques to improve the robustness of the proposed mechanism under the complicated scenarios such as collusive attacks and batch group member changes.

Mobile clients retrieve and update databases at servers. They use transactions in order to ensure the consistency of shared data in the presence of concurrent accesses. Transaction processing at mobile clients faces new challenges to accommodate the limitations of mobile environments, such as frequent disconnections and low bandwidth. Caching of frequently accessed data in a mobile computer can be an effective approach to continue transactions in the presence of disconnections or other reasons for losing messages. It can help to reduce contentions on the narrow bandwidths of wireless channels. Concurrency control schemes using caching ensure consistency among data items from the server and from the client caches. We present a scheme that can increase the autonomy of mobile clients for validating transactions, using caching and pull-based data delivery. In the scheme, mobile clients can decide to commit read-only transactions locally,  without interaction with the server and can detect transaction aborts earlier. The clients receive from the server dependency information, from which they build partial serialization graphs. De-  pendency information is based on the notion of i-order dependency introduced in the paper. We study the performance of the proposed protocol by means of simulation experiments.

An error resilient architecture for video transmission over mobile wireless networks is presented. Radio link layer, transport layer, and application layer are combined to deal with high error rate in wireless environments. The algorithms for both sender and receiver are given. An adaptive algorithm is presented to automatically adjust parity data length in error control. The performance of the proposed algorithm is analyzed through experimental studies.

We propose a new model for on-demand media streaming centered around the peer-to-peer (P2P) paradigm. The proposed P2P model can support a large number of clientswith a low overall system cost. The P2P model allows for peers to share some of their resources with the system and in return, they get some incentives or rewards. We describe how to realize (or deploy) the proposed model. In addition, we present a new dispersion algorithm (for disseminating the media files into the system) and a searching algorithm (for locating peers with the required objects).We demonstrate the potential of the P2P model as an infrastructure for a large-scale on-demand media streaming service through an extensive simulation study on large, Internet-like, topologies. Starting with a limited streaming capacity (hence, low cost), the simulation shows that the capacity is rapidly increased and many clients can be served even if they come according to different arrival patterns such as constant rate arrivals, flash crowd arrivals, and Poisson arrivals.

This paper compares the security properties of Ad Hoc On-demand Distance Vector (AODV) and Destination Sequence Distance Vector (DSDV) protocols, especially the difference caused by on-demand and proactive route queries. The on-demand route query enables the malicious host to conduct real time attacks on AODV. The communication overhead of attacks on DSDV is independent of the attack methods and the width of attack targets. A single false route propagates slower in AODV than in DSDV. The detection of false destination sequence in AODV heavily depends on the mobility of hosts. False distance vector and false destination sequence attacks are studied by simulation. The delivery ratio, communication overhead, and the propagation of false routes are measured by varying the traffic load and the maximum speed of host movement. The anomalous patterns of sequence numbers detected by destination hosts can be applied to detect the false destination sequence attacks.

Developing

A good direction towards building secure systems that operate efficiently in large-scale environments (like the World Wide Web) is the deployment of Role Based Access Control Methods (RBAC). RBAC architectures do not deal with each user separately, but with discrete roles that users can acquire in the system. The goal of this paper is to present a classification algorithm that during its training phase, classifies roles of the users in clusters. The behavior of each user that enters the system holding a specific role is traced via audit trails and any misbehavior is detected and reported (classification phase). This algorithm will be incorporated in the Role Server architecture, currently under development, enhancing its ability to dynamically adjust the amount of trust of each user and update the corresponding role assignments.

In this paper, we study a peer-to-peer media streaming system with the following characteristics: (1) its streaming capacity grows dynamically; (2) peers do not exhibit server-like behavior; (3) peers are heterogeneous in their bandwidth contribution; and (4) each streaming session may involve multiple supplying peers. Based on these characteristics, we investigate two problems: (1) how to assign media data to multiple supplying peers in one streaming session and (2) how to quickly amplify the system’s total streaming capacity. Our solution to the first problem is an optimal media data assignment algorithm OTS/sub p2p/, which results in minimum buffering delay in the consequent streaming session. Our solution to the second problem is a distributed differentiated admission control protocol DAC/sub p2p/. By differentiating between requesting peers with different outbound bandwidth, DAC/sub p2p/ achieves fast system capacity amplification; benefits all requesting peers in admission rate, waiting time, and buffering delay; and creates an incentive for peers to offer their truly available out-bound bandwidth.

TCP connection throughput is inversely proportional to the connection round trip time (RTT). To mitigate TCP bias to short RTT connections, a differentiated services traffic conditioner can ensure connections with long RTTs do not starve when connections with short RTTs get all extra resources after achieving the target rates. Current proposals for RTT-aware conditioners work well for a small number of connections when most TCP connections are in the congestion avoidance phase. If there is a large number of TCP connections, however, connections time-out and go to slow start. We show that current RTT-aware conditioners over-protect long RTT flows and starve short RTT flows in this case. We design and evaluate a conditioner based on RTT as well as the retransmission time-out (RTO). The proposed RTT-RTO aware traffic conditioner works well for realistic situations with a large number of connections. Simulation results in a variety of situations confirm that the conditioner mitigates RTT bias.

e design and evaluate an adaptive traffic conditioner to improve application performance over the differentiated services assured forwarding behavior. The conditioner is adaptive because the marking algorithm changes based upon the current number of flows traversing through an edge router. If there are a small number of flows, the conditioner maintains and uses state information to intelligently protect critical TCP packets. On the other hand, if there are many flows going through the edge router, the conditioner only uses flow characteristics as indicated in the TCP packet headers to mark without requiring per flow state. Simulation results indicate that this adaptive conditioner improves throughput of data extensive applications like large FTP transfers, and achieves low packet delays and response times for Telnet and WWW traffic

There has been much focus on building secure distributed systems. The CERIAS center has been established at Purdue along with 14 other such centers in USA. We note that many of the ideas, concepts, algorithms being proposed in security have many common threads with reliability. We need to apply the science and engineering of reliability research to the research in security and vice versa. We briefly give some examples to illustrate the ideas. To increase reliability in distributed systems, the use of quorums allows the transactions to read and write replicas even if some replicas have failed or are unavailable. So the systems manage the replicas so that a forum can be formed in the presence of failures. To make systems secure against unauthorized access, one can use the reverse strategy of making it difficult to form quorums. All accesses require permission from a group of authorities who could coordinate to deny a yes majority vote

During periods of congestion, TCP flows back off and adjust the sending rate. This behavior makes TCP a conservative protocol and helps to avoid congestion collapse. Flows, like UDP, do not respond to congestion and keep sending packets. This causes other TCP flows sharing the same link to back off. Unresponsive flows waste resources by taking their shares in the upstream and dropping packets later when the downstream is congested. We use the Differentiated Services (DiffServ) architecture to solve this problem.  With the help of core routers of DiffServ networks, we detect congestion due to unresponsive flows an using edge routers we control/shape these flows.  We describe how core routers detect congestion and inform edge routers about it.  We design an algorithm to regulate unresponsive flows dynamically.  Our rate control algorithm works well in a variety of situations.  The goal of this work is to ensure that TCP does not starve due to unresponsive flows as well as to stop bandwidth waste in upstream path when packets are dropped in the downstream because of unresponsive flows.

Abstract—Location update/paging strategies have been widely studied in the traditional single-tier cellular networks. We propose and evaluate a novel crossing-tier location update/paging scheme that can be used in a hierarchical macrocell/microcell cellular network. Location update is proceeded only in the macrocell tier, where a location area (LA) is made up by larger macrocells. A mobile user will stay in such a LA for longer time. Therefore, the cost on location update can be reduced due to the decreased frequency of location update. To reduce the paging delay, the paged mobile user will be searched in the macrocell tier only when the paging load is not high. Otherwise, it will be searched in the microcell tier, where a sequential searching method is applied. The operation for the scheme is simple, as the macrocell/microcell cellular network has the advantage because a mobile user can receive a signal from both a microcell and the overlaid macrocell. Analytical models have been built for cost and delay evaluation. Numerical results show that, at relatively low cost, the crossing-tier scheme also achieves low paging delay.

Privacy preservation in a peer-to-peer system tries to hide the association between the identity of a participant and the data that it is interested in. We propose a trust-based privacy preservation method for peer-to-peer data sharing. It adopts the trust relation between a peer and its collaborators (buddies). The buddy works as a proxy to send the request and acquire the data. This provides a shield under which the identity of the requester and the accessed data cannot be linked. A privacy measuring method is presented to evaluate the proposed mechanism. Dynamic trust assessment and the enhancement to supplier’s privacy are discussed.