In this paper, we study a peer-to-peer media streaming system with the following characteristics: (1) its streaming capacity grows dynamically; (2) peers do not exhibit server-like behavior; (3) peers are heterogeneous in their bandwidth contribution; and (4) each streaming session may involve multiple supplying peers. Based on these characteristics, we investigate two problems: (1) how to assign media data to multiple supplying peers in one streaming session and (2) how to quickly amplify the system’s total streaming capacity. Our solution to the first problem is an optimal media data assignment algorithm OTS/sub p2p/, which results in minimum buffering delay in the consequent streaming session. Our solution to the second problem is a distributed differentiated admission control protocol DAC/sub p2p/. By differentiating between requesting peers with different outbound bandwidth, DAC/sub p2p/ achieves fast system capacity amplification; benefits all requesting peers in admission rate, waiting time, and buffering delay; and creates an incentive for peers to offer their truly available out-bound bandwidth.

TCP connection throughput is inversely proportional to the connection round trip time (RTT). To mitigate TCP bias to short RTT connections, a differentiated services traffic conditioner can ensure connections with long RTTs do not starve when connections with short RTTs get all extra resources after achieving the target rates. Current proposals for RTT-aware conditioners work well for a small number of connections when most TCP connections are in the congestion avoidance phase. If there is a large number of TCP connections, however, connections time-out and go to slow start. We show that current RTT-aware conditioners over-protect long RTT flows and starve short RTT flows in this case. We design and evaluate a conditioner based on RTT as well as the retransmission time-out (RTO). The proposed RTT-RTO aware traffic conditioner works well for realistic situations with a large number of connections. Simulation results in a variety of situations confirm that the conditioner mitigates RTT bias.

e design and evaluate an adaptive traffic conditioner to improve application performance over the differentiated services assured forwarding behavior. The conditioner is adaptive because the marking algorithm changes based upon the current number of flows traversing through an edge router. If there are a small number of flows, the conditioner maintains and uses state information to intelligently protect critical TCP packets. On the other hand, if there are many flows going through the edge router, the conditioner only uses flow characteristics as indicated in the TCP packet headers to mark without requiring per flow state. Simulation results indicate that this adaptive conditioner improves throughput of data extensive applications like large FTP transfers, and achieves low packet delays and response times for Telnet and WWW traffic

There has been much focus on building secure distributed systems. The CERIAS center has been established at Purdue along with 14 other such centers in USA. We note that many of the ideas, concepts, algorithms being proposed in security have many common threads with reliability. We need to apply the science and engineering of reliability research to the research in security and vice versa. We briefly give some examples to illustrate the ideas. To increase reliability in distributed systems, the use of quorums allows the transactions to read and write replicas even if some replicas have failed or are unavailable. So the systems manage the replicas so that a forum can be formed in the presence of failures. To make systems secure against unauthorized access, one can use the reverse strategy of making it difficult to form quorums. All accesses require permission from a group of authorities who could coordinate to deny a yes majority vote

During periods of congestion, TCP flows back off and adjust the sending rate. This behavior makes TCP a conservative protocol and helps to avoid congestion collapse. Flows, like UDP, do not respond to congestion and keep sending packets. This causes other TCP flows sharing the same link to back off. Unresponsive flows waste resources by taking their shares in the upstream and dropping packets later when the downstream is congested. We use the Differentiated Services (DiffServ) architecture to solve this problem.  With the help of core routers of DiffServ networks, we detect congestion due to unresponsive flows an using edge routers we control/shape these flows.  We describe how core routers detect congestion and inform edge routers about it.  We design an algorithm to regulate unresponsive flows dynamically.  Our rate control algorithm works well in a variety of situations.  The goal of this work is to ensure that TCP does not starve due to unresponsive flows as well as to stop bandwidth waste in upstream path when packets are dropped in the downstream because of unresponsive flows.

Abstract—Location update/paging strategies have been widely studied in the traditional single-tier cellular networks. We propose and evaluate a novel crossing-tier location update/paging scheme that can be used in a hierarchical macrocell/microcell cellular network. Location update is proceeded only in the macrocell tier, where a location area (LA) is made up by larger macrocells. A mobile user will stay in such a LA for longer time. Therefore, the cost on location update can be reduced due to the decreased frequency of location update. To reduce the paging delay, the paged mobile user will be searched in the macrocell tier only when the paging load is not high. Otherwise, it will be searched in the microcell tier, where a sequential searching method is applied. The operation for the scheme is simple, as the macrocell/microcell cellular network has the advantage because a mobile user can receive a signal from both a microcell and the overlaid macrocell. Analytical models have been built for cost and delay evaluation. Numerical results show that, at relatively low cost, the crossing-tier scheme also achieves low paging delay.

Privacy preservation in a peer-to-peer system tries to hide the association between the identity of a participant and the data that it is interested in. We propose a trust-based privacy preservation method for peer-to-peer data sharing. It adopts the trust relation between a peer and its collaborators (buddies). The buddy works as a proxy to send the request and acquire the data. This provides a shield under which the identity of the requester and the accessed data cannot be linked. A privacy measuring method is presented to evaluate the proposed mechanism. Dynamic trust assessment and the enhancement to supplier’s privacy are discussed.

In this paper, we describe a group key management protocol for hierarchical sensor networks where instead of using pre-deployed keys, each sensor node generates a partial key dynamically using a function. The function takes partial keys of its children as arguments. The design of the protocol is motivated by the fact that traditional cryptographic techniques are impractical in sensor networks because of associated high energy and computational overheads. The group key management protocol supports the establishment of two types of group keys; one for the nodes within a group (intra-cluster), and the other among a group of cluster head (inter-cluster). The protocol handles freshness of the group key dynamically, and eliminates the involvement of a trusted third party (TTP). We have experimentally analyzed the time and energy consumption in broadcasting partial keys and the group key under two sensor routing protocols (Tiny-AODV and Tiny-Diffusion) by varying the number of nodes and key sizes. The performance study provides the optimum number of partial keys needed for computing the group key to balance the key size for security requirements and the power consumption. The experimental study also concludes that the energy consumption of SPIN [9] increases rapidly as the number of group members increases in comparison to our protocol. Similarly the pre-deployed key approach requires more communication time in comparison with this protocol. We have implemented this protocol using MICA2 motes and repeated most of the experiments which are done in simulation and we found out that the obtained results are very close to the observations made using the simulator.

In this paper, some existing perceptual encryption algorithms of MPEG videos are reviewed and some problems, especially security defects of two recently proposed MPEG-video perceptual encryption schemes, are pointed out. Then, a simpler and more effective design is suggested, which selectively encrypts fixed-length codewords (FLC) in MPEG-video bitstreams under the control of three perceptibility factors. The proposed design is actually an encryption configuration that can work with any stream cipher or block cipher. Compared with the previously-proposed schemes, the new design provides more useful features, such as strict size-preservation, on-the-fly encryption and multiple perceptibility, which make it possible to support more applications with different requirements. In addition, four different measures are suggested to provide better security against known/chosen-plaintext attacks.

Existing wireless networks usually provide multiple data transmission rates. This paper presents a simulation study on the performance of multiple-rate mobile ad hoc networks (MANETs), based on an evolved ns-2 simulator. At the physical layer, realistic models such as Walfisch-Ikagami radio propagation model and lognormal fading are implemented. At the link layer, a link adaptation algorithm is implemented to select an appropriate data transmission rate based on the receiving signal-to-noise ratio.  At transport and application layers, different data traffics, including constant bit rate, TCP, voice over IP, and video, are generated.  We study the network performance such as throughput, delivery ratio, and end-to-end delay when position-based routing is used. We also study how node mobility and position error affect the performance. In addition, we investigate the impact of the link distance, namely the geographic distance for a hop, on the end-to-end network throughput.  This work is a comprehensive simulation study on the impact of various factors on the performance of MANETs. It also provides guidelines for future protocol and algorithm design.

This paper studies efficient and simple data broadcast in IEEE 802.15.4-based ad hoc networks (e.g., ZigBee). Since finding the minimum number of rebroadcast nodes in general ad hoc networks is NP-hard, current broadcast protocols either employ heuristic algorithms or assume extra knowledge such as position or two-hop neighbor table. However, the ZigBee network is characterized as low data rate and low cost. It cannot provide position or two-hop neighbor information, but it still requires an efficient broadcast algorithm that can reduce the number of rebroadcast nodes with limited computation complexity and storage space. To this end, this paper proposes self-pruning and forward node selection algorithms that exploit the hierarchical address space in ZigBee networks. Only one-hop neighbor information is needed; a partial list of two-hop neighbors is derived without exchanging messages between neighboring nodes. The ZigBee forward node selection algorithm finds the minimum rebroadcast nodes set with polynomial computation time and memory space. Using the proposed localized algorithms, it is proven that the entire network is covered.  Simulations are conducted to evaluate the performance improvement in terms of the number of rebroadcast nodes, number of duplicated receivings, coverage time, and communication overhead.

In ad hoc networks, malicious nodes can carry wormhole attacks to fabricate a false scenario on neighbor relations among mobile nodes. The attacks threaten the safety of ad hoc routing protocols and some security enhancements. We propose a classification of the attacks according to the format of the wormholes. It establishes a basis on which the detection capability of the approaches can be identified. The analysis shows that previous approaches focus on the prevention of wormholes between neighbors that trust each other. As a more generic approach, we present an end-to-end mechanism that can detect wormholes on a multi-hop route. Only trust between the source and the destination is assumed. The mechanism uses geographic information to detect anomalies in neighbor relations and node movements. To reduce the computation and storage overhead, we present a scheme, Cell-based Open Tunnel Avoidance(COTA), to manage the information. COTA achieves a constant space for every node on the path and the computation overhead increases linearly to the number of detection packets. We prove that the savings do not deteriorate the detection capability. The schemes to control communication overhead are studied.  We show by simulations and experiments on real devices that the proposed mechanism can be combined with existent routing protocols to defend against wormhole attacks.

Active network is an excellent paradigm to provide customized network services to the applications by allowing them to inject specific program to the intermediate routers. Active networks provide the flexibility for the application programs to modify the services that a router can provide to suit its specific needs. Therefore, it has the potential to provide application-level quality of service (QoS) at the transport and network layers. In this paper, we present an adaptable network architecture, called ADNET, which provides mechanisms to allow the application adapt to the resource constraints to achieve improved QoS. Our design aims to unify different QoS control mechanisms (e.g. integrated services, differentiated services, and active networks) together to provide a wide range of network services to all users to meet their specific needs. We propose a new fragmentation scheme with low overhead (!5%) to transfer large-size multimedia data. Using this fragmentation scheme, a new transport protocol, called ACtive Transport Protocol (ACTP) is integrated with the design. We use a new measure, called usefulness, to better reflect the QoS perceived by the end-users. In our experiments, we compare different schemes of video transmissions: non-active transport protocols such as UDP and TCP with IP fragmentation, ACTP framework with active networks,  and ACTP framework without active networks. The ACTP scheme with active networks outperforms the others in achieving application level QoS.

Privacy is needed in ad hoc networks. An ad hoc on-demand position-based private routing algorithm, called AO2P, is proposed for communication anonymity. Only the position of the destination is exposed in the network for route discovery. To discover routes with the limited routing information, a receiver contention scheme is designed for determining the next hop. Pseudo identifiers are used for data packet delivery after a route is established. Real identities (IDs) for the source nodes, the destination nodes, and the forwarding nodes in the end-to-end connections are kept private. Anonymity for a destination relies on the difficulty of matching a geographic position to a real node ID. This can be enforced by the use of secure position service systems. Node mobility enhances destination anonymity by making the match of a node ID with a position momentary. To further improve destination privacy, R-AO2P is proposed. In this protocol, the position of a reference point, instead of the position of the destination, is used for route discovery. Analytical models are developed for evaluating the delay in route discovery and the probability of route discovery failure. A simulator based on ns-2 is developed for evaluating network throughput. Analysis and simulation results show that, while AO2P preserves communication privacy in ad hoc networks, its routing performance is comparable with other position-based routing algorithms.