Pub Date : 2016-06-20DOI: 10.1109/IWQoS.2016.7590402
Youwen Zhu, Zhikuan Wang, Cheng Qian, Jian Wang
In this paper, we propose a new efficient solution for securely outsourcing linear regression to a public cloud with robust answer verification. Additionally, we show our construction can be utilized to efficiently and securely outsource other large-scale matrix operations, such as determinant computation.
{"title":"On efficiently harnessing cloud to securely solve linear regression and other matrix operations","authors":"Youwen Zhu, Zhikuan Wang, Cheng Qian, Jian Wang","doi":"10.1109/IWQoS.2016.7590402","DOIUrl":"https://doi.org/10.1109/IWQoS.2016.7590402","url":null,"abstract":"In this paper, we propose a new efficient solution for securely outsourcing linear regression to a public cloud with robust answer verification. Additionally, we show our construction can be utilized to efficiently and securely outsource other large-scale matrix operations, such as determinant computation.","PeriodicalId":304978,"journal":{"name":"2016 IEEE/ACM 24th International Symposium on Quality of Service (IWQoS)","volume":"29 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126149484","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-06-20DOI: 10.1109/IWQoS.2016.7590451
Meng Shen, Mingwei Wei, Liehuang Zhu, Mingzhong Wang, Fuliang Li
With the prosperity of network applications, traffic classification serves as a crucial role in network management and malicious attack detection. The widely used encryption transmission protocols, such as the Secure Socket Layer/Transport Layer Security (SSL/TLS) protocols, leads to the failure of traditional payload-based classification methods. Existing methods for encrypted traffic classification suffer from low accuracy. In this paper, we propose a certificate-aware encrypted traffic classification method based on the Second-Order Markov Chain. We start by exploring reasons why existing methods not perform well, and make a novel observation that certificate packet length in SSL/TLS sessions contributes to application discrimination. To increase the diversity of application fingerprints, we develop a new model by incorporating the certificate packet length clustering into the Second-Order homogeneous Markov chains. Extensive evaluation results show that the proposed method lead to a 30% improvement on average compared with the state-of-the-art method, in terms of classification accuracy.
{"title":"Certificate-aware encrypted traffic classification using Second-Order Markov Chain","authors":"Meng Shen, Mingwei Wei, Liehuang Zhu, Mingzhong Wang, Fuliang Li","doi":"10.1109/IWQoS.2016.7590451","DOIUrl":"https://doi.org/10.1109/IWQoS.2016.7590451","url":null,"abstract":"With the prosperity of network applications, traffic classification serves as a crucial role in network management and malicious attack detection. The widely used encryption transmission protocols, such as the Secure Socket Layer/Transport Layer Security (SSL/TLS) protocols, leads to the failure of traditional payload-based classification methods. Existing methods for encrypted traffic classification suffer from low accuracy. In this paper, we propose a certificate-aware encrypted traffic classification method based on the Second-Order Markov Chain. We start by exploring reasons why existing methods not perform well, and make a novel observation that certificate packet length in SSL/TLS sessions contributes to application discrimination. To increase the diversity of application fingerprints, we develop a new model by incorporating the certificate packet length clustering into the Second-Order homogeneous Markov chains. Extensive evaluation results show that the proposed method lead to a 30% improvement on average compared with the state-of-the-art method, in terms of classification accuracy.","PeriodicalId":304978,"journal":{"name":"2016 IEEE/ACM 24th International Symposium on Quality of Service (IWQoS)","volume":"105 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124830607","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-06-20DOI: 10.1109/IWQoS.2016.7590415
S. Khan, M. Fränzle
Traffic safety applications exploit vehicle-to-vehicle communication is an emerging and promising area within the intelligent transportation system (ITS) environment. This objective would be achieved essentially by the employ of efficient safety applications which should be able to wirelessly broadcast warning messages between neighboring vehicles in order to inform drivers about a dangerous situation; such as accidents in a timely manner. To ensure their efficiency, safety applications require reliable periodic data dissemination with low latency. IEEE 1609.4 defines a MAC layer implementation for multichannel operations in a vehicular ad hoc network (VANET). In this light we proposes a novel multi channel mode protocol for emergency systems to improve the channel utilization of the control channel (CCH) and uniformly distribute the channel load on service channels (SCHs). In the proposed protocol, network change their modes from general to emergency mode to increase the probability for a message to arrive in time. The scheme reduces the rate of transmission collisions which create latency and improves the reliability of message delivery in time. Furthermore, extensive analysis and simulations are presented.
{"title":"Multi-channel mode for emergency system in urban connected vehicles","authors":"S. Khan, M. Fränzle","doi":"10.1109/IWQoS.2016.7590415","DOIUrl":"https://doi.org/10.1109/IWQoS.2016.7590415","url":null,"abstract":"Traffic safety applications exploit vehicle-to-vehicle communication is an emerging and promising area within the intelligent transportation system (ITS) environment. This objective would be achieved essentially by the employ of efficient safety applications which should be able to wirelessly broadcast warning messages between neighboring vehicles in order to inform drivers about a dangerous situation; such as accidents in a timely manner. To ensure their efficiency, safety applications require reliable periodic data dissemination with low latency. IEEE 1609.4 defines a MAC layer implementation for multichannel operations in a vehicular ad hoc network (VANET). In this light we proposes a novel multi channel mode protocol for emergency systems to improve the channel utilization of the control channel (CCH) and uniformly distribute the channel load on service channels (SCHs). In the proposed protocol, network change their modes from general to emergency mode to increase the probability for a message to arrive in time. The scheme reduces the rate of transmission collisions which create latency and improves the reliability of message delivery in time. Furthermore, extensive analysis and simulations are presented.","PeriodicalId":304978,"journal":{"name":"2016 IEEE/ACM 24th International Symposium on Quality of Service (IWQoS)","volume":"11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128459720","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-06-20DOI: 10.1109/IWQoS.2016.7590387
Zhirong Shen, P. Lee, J. Shu
Large-scale storage systems often face node failures that lead to data loss. Cooperative regeneration has been extensively studied to minimize the repair traffic of simultaneously reconstructing the lost data of multiple failed nodes. However, existing cooperative regeneration schemes assume that nodes are homogeneous. They do not consider how to minimize the general regenerating cost when taking into account node heterogeneity. This paper presents the first systematic study on enhancing conventional cooperation regeneration (CCR) schemes in a heterogeneous environment. We formulate cooperative regeneration as a cost-based routing optimization model, and propose a new cost-based heterogeneity-aware cooperative regeneration (HCR) framework. The main novelty of HCR is to decompose CCR schemes into two stages (i.e., expansion and aggregation) that can be opportunistically carried out by different nodes depending on their costs. To efficiently select the nodes for expansion execution without exhaustive enumeration, we design two greedy algorithms based on the hill-climbing technique. We also formulate the routing problem in the aggregation stage as a Steiner Tree Problem. Finally, we conduct extensive trace-driven simulations and show that HCR can reduce up to 75.4% transmission time of CCR. Also, we demonstrate that HCR remains robust even when the heterogeneity information is not accurately measured.
{"title":"Efficient routing for cooperative data regeneration in heterogeneous storage networks","authors":"Zhirong Shen, P. Lee, J. Shu","doi":"10.1109/IWQoS.2016.7590387","DOIUrl":"https://doi.org/10.1109/IWQoS.2016.7590387","url":null,"abstract":"Large-scale storage systems often face node failures that lead to data loss. Cooperative regeneration has been extensively studied to minimize the repair traffic of simultaneously reconstructing the lost data of multiple failed nodes. However, existing cooperative regeneration schemes assume that nodes are homogeneous. They do not consider how to minimize the general regenerating cost when taking into account node heterogeneity. This paper presents the first systematic study on enhancing conventional cooperation regeneration (CCR) schemes in a heterogeneous environment. We formulate cooperative regeneration as a cost-based routing optimization model, and propose a new cost-based heterogeneity-aware cooperative regeneration (HCR) framework. The main novelty of HCR is to decompose CCR schemes into two stages (i.e., expansion and aggregation) that can be opportunistically carried out by different nodes depending on their costs. To efficiently select the nodes for expansion execution without exhaustive enumeration, we design two greedy algorithms based on the hill-climbing technique. We also formulate the routing problem in the aggregation stage as a Steiner Tree Problem. Finally, we conduct extensive trace-driven simulations and show that HCR can reduce up to 75.4% transmission time of CCR. Also, we demonstrate that HCR remains robust even when the heterogeneity information is not accurately measured.","PeriodicalId":304978,"journal":{"name":"2016 IEEE/ACM 24th International Symposium on Quality of Service (IWQoS)","volume":"56 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127195854","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-06-20DOI: 10.1109/IWQoS.2016.7590389
Takuya Yoshihiro, Taiki Nishimae
Although Wireless Mesh Networks (WMNs) over CSMA and TDMA MAC have been extensively studied, CSMA still suffers from heavy interference due to hidden terminals, while TDMA has a practical difficulty in accurate time synchronization. Slotted CSMA, in which we assume that CSMA runs within relatively large time-divided slots, could be one of the solutions since it works on loosely synchronized time slots and simultaneously avoids major collision under a properly designed feasible schedule. However, if we apply a schedule generally used in TDMA, there are several inconveniences: First, we need heavy overhead of centralized computation or negotiation among nodes in distributed scheduling. Second, end-to-end packet delivery delay grows large since TDMA requires a large number of slots to achieve collision-free scheduling. In this paper, we propose a new scheduling algorithm for slotted CSMA called CATBS (CSMA-Aware Time-Boundable Scheduling) that requires a smaller number of slots for feasible scheduling, and runs within a bounded time. Incorporating the scheduling, we design a routing protocol that enables flexible paths recomputation with small communication overhead. We consequently achieve a new fully distributed and robust network architecture of WMNs that provides practically high throughput and low delivery delay, which can be implemented on the off-the-shelf IEEE802.11 interfaces.
尽管基于CSMA和TDMA MAC的无线网状网络(WMNs)已经得到了广泛的研究,但CSMA由于隐藏终端而受到严重干扰,而TDMA在精确时间同步方面存在实际困难。槽式CSMA可以作为一种解决方案,因为它可以在松散同步的时隙上工作,同时在合理设计的可行调度下避免重大碰撞。槽式CSMA假设CSMA运行在相对较大的时隙内。然而,如果我们采用TDMA中常用的调度,会有以下几个不便之处:首先,在分布式调度中,我们需要大量的集中计算或节点之间的协商开销。其次,由于TDMA需要大量的插槽来实现无冲突调度,端到端分组传输延迟变大。本文提出了一种新的有槽CSMA调度算法CATBS (CSMA- aware time - boundable scheduling),该算法需要较少的槽数进行可行的调度,并在有限的时间内运行。结合调度,我们设计了一种路由协议,可以在较小的通信开销下实现灵活的路径重计算。因此,我们实现了一种新的完全分布式和健壮的wmn网络架构,它提供了实际的高吞吐量和低传输延迟,可以在现成的IEEE802.11接口上实现。
{"title":"Practical fast scheduling and routing over slotted CSMA for wireless mesh networks","authors":"Takuya Yoshihiro, Taiki Nishimae","doi":"10.1109/IWQoS.2016.7590389","DOIUrl":"https://doi.org/10.1109/IWQoS.2016.7590389","url":null,"abstract":"Although Wireless Mesh Networks (WMNs) over CSMA and TDMA MAC have been extensively studied, CSMA still suffers from heavy interference due to hidden terminals, while TDMA has a practical difficulty in accurate time synchronization. Slotted CSMA, in which we assume that CSMA runs within relatively large time-divided slots, could be one of the solutions since it works on loosely synchronized time slots and simultaneously avoids major collision under a properly designed feasible schedule. However, if we apply a schedule generally used in TDMA, there are several inconveniences: First, we need heavy overhead of centralized computation or negotiation among nodes in distributed scheduling. Second, end-to-end packet delivery delay grows large since TDMA requires a large number of slots to achieve collision-free scheduling. In this paper, we propose a new scheduling algorithm for slotted CSMA called CATBS (CSMA-Aware Time-Boundable Scheduling) that requires a smaller number of slots for feasible scheduling, and runs within a bounded time. Incorporating the scheduling, we design a routing protocol that enables flexible paths recomputation with small communication overhead. We consequently achieve a new fully distributed and robust network architecture of WMNs that provides practically high throughput and low delivery delay, which can be implemented on the off-the-shelf IEEE802.11 interfaces.","PeriodicalId":304978,"journal":{"name":"2016 IEEE/ACM 24th International Symposium on Quality of Service (IWQoS)","volume":"36 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125598728","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-06-20DOI: 10.1109/IWQoS.2016.7590436
Dongliang Xie, Xin Wang, Lanchao Liu, Linhui Ma
With the rapid shift from end-to-end communications to content-based data sharing, there are increasing interests in exploiting mobile social Delay-Tolerant Networks (social DTNs) to deliver data, where the forwarding decision is usually made by comparing the social metrics of encountered nodes. Existing studies mostly derive long-term statistical social metrics without considering the temporal impact from node mobility. We exploit the time-varying contact graphs to analyze the dynamics of social DTNs based on two groups of datasets. Based on the analysis, we derive the time-varying characteristics of node contacts, durative and periodicity, and apply them to more accurately predict the corresponding time-varying social metrics (TSMs). We further propose a two-stage opportunistic forwarding strategy to select relays based on TSMs. Our simulation results verify the importance of the two properties we observe and the effectiveness of our algorithm in tracking time-varying social metrics. We also show the potential of our algorithm in finding general time varying metrics to improve the data dissemination performance of other opportunistic forwarding schemes.
{"title":"Exploiting time-varying graphs for data forwarding in mobile social Delay-Tolerant Networks","authors":"Dongliang Xie, Xin Wang, Lanchao Liu, Linhui Ma","doi":"10.1109/IWQoS.2016.7590436","DOIUrl":"https://doi.org/10.1109/IWQoS.2016.7590436","url":null,"abstract":"With the rapid shift from end-to-end communications to content-based data sharing, there are increasing interests in exploiting mobile social Delay-Tolerant Networks (social DTNs) to deliver data, where the forwarding decision is usually made by comparing the social metrics of encountered nodes. Existing studies mostly derive long-term statistical social metrics without considering the temporal impact from node mobility. We exploit the time-varying contact graphs to analyze the dynamics of social DTNs based on two groups of datasets. Based on the analysis, we derive the time-varying characteristics of node contacts, durative and periodicity, and apply them to more accurately predict the corresponding time-varying social metrics (TSMs). We further propose a two-stage opportunistic forwarding strategy to select relays based on TSMs. Our simulation results verify the importance of the two properties we observe and the effectiveness of our algorithm in tracking time-varying social metrics. We also show the potential of our algorithm in finding general time varying metrics to improve the data dissemination performance of other opportunistic forwarding schemes.","PeriodicalId":304978,"journal":{"name":"2016 IEEE/ACM 24th International Symposium on Quality of Service (IWQoS)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122761824","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-06-20DOI: 10.1109/IWQoS.2016.7590394
Vince Lehman, Ashlesh Gawande, Beichuan Zhang, Lixia Zhang, R. Aldecoa, D. Krioukov, Lan Wang
Routing in NDN networks must scale in terms of forwarding table size and routing protocol overhead. Hyperbolic routing (HR) presents a potential solution to address the routing scalability problem, because it does not use traditional forwarding tables or exchange routing updates upon changes in network topologies. Although HR has the drawbacks of producing sub-optimal routes or local minima for some destinations, these issues can be mitigated by NDN's intelligent data forwarding plane. However, HR's viability still depends on both the quality of the routes HR provides and the overhead incurred at the forwarding plane due to HR's sub-optimal behavior. We designed a new forwarding strategy called Adaptive Smoothed RTT-based Forwarding (ASF) to mitigate HR's sub-optimal path selection. This paper describes our experimental investigation into the packet delivery delay and overhead under HR as compared with Named-Data Link State Routing (NLSR), which calculates shortest paths. We run emulation experiments using various topologies with different failure scenarios, probing intervals, and maximum number of next hops for a name prefix. Our results show that HR's delay stretch has a median close to 1 and a 95th-percentile around or below 2, which does not grow with the network size. HR's message overhead in dynamic topologies is nearly independent of the network size, while NLSR's overhead grows polynomially at least. These results suggest that HR offers a more scalable routing solution with little impact on the optimality of routing paths.
{"title":"An experimental investigation of hyperbolic routing with a smart forwarding plane in NDN","authors":"Vince Lehman, Ashlesh Gawande, Beichuan Zhang, Lixia Zhang, R. Aldecoa, D. Krioukov, Lan Wang","doi":"10.1109/IWQoS.2016.7590394","DOIUrl":"https://doi.org/10.1109/IWQoS.2016.7590394","url":null,"abstract":"Routing in NDN networks must scale in terms of forwarding table size and routing protocol overhead. Hyperbolic routing (HR) presents a potential solution to address the routing scalability problem, because it does not use traditional forwarding tables or exchange routing updates upon changes in network topologies. Although HR has the drawbacks of producing sub-optimal routes or local minima for some destinations, these issues can be mitigated by NDN's intelligent data forwarding plane. However, HR's viability still depends on both the quality of the routes HR provides and the overhead incurred at the forwarding plane due to HR's sub-optimal behavior. We designed a new forwarding strategy called Adaptive Smoothed RTT-based Forwarding (ASF) to mitigate HR's sub-optimal path selection. This paper describes our experimental investigation into the packet delivery delay and overhead under HR as compared with Named-Data Link State Routing (NLSR), which calculates shortest paths. We run emulation experiments using various topologies with different failure scenarios, probing intervals, and maximum number of next hops for a name prefix. Our results show that HR's delay stretch has a median close to 1 and a 95th-percentile around or below 2, which does not grow with the network size. HR's message overhead in dynamic topologies is nearly independent of the network size, while NLSR's overhead grows polynomially at least. These results suggest that HR offers a more scalable routing solution with little impact on the optimality of routing paths.","PeriodicalId":304978,"journal":{"name":"2016 IEEE/ACM 24th International Symposium on Quality of Service (IWQoS)","volume":"6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134123571","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-06-20DOI: 10.1109/IWQoS.2016.7590403
Guiyang Luo, Shucong Jia, Zishan Liu, Konglin Zhu, Lin Zhang
In this paper, we propose a hierarchical architecture based on software defined networking (SDN) to manage the physical resources in vehicular ad-hoc networks (VANETs), namely sdnMAC. First of all, a novel roadside unit (denoted by ROFS) is designed, which is an OpenFlow switch equipped with a wireless interface. Then, a hierarchical architecture is proposed for sdnMAC, consisting of two tiers, one is the management of the ROFSs by the Controller, the other is management of vehicles by ROFSs. Due to the cooperative share of slots information, sdnMAC can provide pre-warning of collisions and agility to topology change and varying densities of vehicles.
{"title":"sdnMAC: A software defined networking based MAC protocol in VANETs","authors":"Guiyang Luo, Shucong Jia, Zishan Liu, Konglin Zhu, Lin Zhang","doi":"10.1109/IWQoS.2016.7590403","DOIUrl":"https://doi.org/10.1109/IWQoS.2016.7590403","url":null,"abstract":"In this paper, we propose a hierarchical architecture based on software defined networking (SDN) to manage the physical resources in vehicular ad-hoc networks (VANETs), namely sdnMAC. First of all, a novel roadside unit (denoted by ROFS) is designed, which is an OpenFlow switch equipped with a wireless interface. Then, a hierarchical architecture is proposed for sdnMAC, consisting of two tiers, one is the management of the ROFSs by the Controller, the other is management of vehicles by ROFSs. Due to the cooperative share of slots information, sdnMAC can provide pre-warning of collisions and agility to topology change and varying densities of vehicles.","PeriodicalId":304978,"journal":{"name":"2016 IEEE/ACM 24th International Symposium on Quality of Service (IWQoS)","volume":"27 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129939869","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-06-20DOI: 10.1109/IWQoS.2016.7590443
Youwen Zhu, Zhikuan Wang, Jian Wang
It is a challenging problem to securely resist the collusion of cloud server and query users while implementing nearest neighbor query over encrypted data in cloud. Recently, CloudBI-II is put forward to support nearest neighbor query on encrypted cloud data, and declared to be secure while cloud server colludes with some untrusted query users. In this paper, we propose an efficient attack method which indicates CloudBI-II will reveal the difference vectors under the collusion attack. Further, we show that the difference vector disclosure will result in serious privacy breach, and thus attain an efficient attack method to break CloudBI-II. Namely, CloudBI-II cannot achieve their declared security. Through theoretical analysis and experiment evaluation, we confirm our proposed attack approach can fast recover the original data from the encrypted data set in CloudBI-II. Finally, we provide an enhanced scheme which can efficiently resist the collusion attack.
{"title":"Collusion-resisting secure nearest neighbor query over encrypted data in cloud, revisited","authors":"Youwen Zhu, Zhikuan Wang, Jian Wang","doi":"10.1109/IWQoS.2016.7590443","DOIUrl":"https://doi.org/10.1109/IWQoS.2016.7590443","url":null,"abstract":"It is a challenging problem to securely resist the collusion of cloud server and query users while implementing nearest neighbor query over encrypted data in cloud. Recently, CloudBI-II is put forward to support nearest neighbor query on encrypted cloud data, and declared to be secure while cloud server colludes with some untrusted query users. In this paper, we propose an efficient attack method which indicates CloudBI-II will reveal the difference vectors under the collusion attack. Further, we show that the difference vector disclosure will result in serious privacy breach, and thus attain an efficient attack method to break CloudBI-II. Namely, CloudBI-II cannot achieve their declared security. Through theoretical analysis and experiment evaluation, we confirm our proposed attack approach can fast recover the original data from the encrypted data set in CloudBI-II. Finally, we provide an enhanced scheme which can efficiently resist the collusion attack.","PeriodicalId":304978,"journal":{"name":"2016 IEEE/ACM 24th International Symposium on Quality of Service (IWQoS)","volume":"77 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126008166","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-06-20DOI: 10.1109/IWQoS.2016.7590397
Xin Yao, Yaping Lin, Qin Liu, Yanchao Zhang
Data deduplication is commonly adopted in cloud storage services to improve storage utilization and reduce transmission bandwidth. It, however, conflicts with the requirement for data confidentiality offered by data encryption. Hierarchical authorized deduplication alleviates the tension between data deduplication and confidentiality and allows a cloud user to perform privilege-based duplicate checks before uploading the data. Existing hierarchical authorized deduplication systems permit the cloud server to profile cloud users according to their privileges. In this paper, we propose a secure hierarchical deduplication system to support privilege-based duplicate checks and also prevent privilege-based user profiling by the cloud server. Our system also supports dynamic privilege changes. Detailed theoretical analysis and experimental studies confirm the security and high efficiency of our system.
{"title":"A secure hierarchical deduplication system in cloud storage","authors":"Xin Yao, Yaping Lin, Qin Liu, Yanchao Zhang","doi":"10.1109/IWQoS.2016.7590397","DOIUrl":"https://doi.org/10.1109/IWQoS.2016.7590397","url":null,"abstract":"Data deduplication is commonly adopted in cloud storage services to improve storage utilization and reduce transmission bandwidth. It, however, conflicts with the requirement for data confidentiality offered by data encryption. Hierarchical authorized deduplication alleviates the tension between data deduplication and confidentiality and allows a cloud user to perform privilege-based duplicate checks before uploading the data. Existing hierarchical authorized deduplication systems permit the cloud server to profile cloud users according to their privileges. In this paper, we propose a secure hierarchical deduplication system to support privilege-based duplicate checks and also prevent privilege-based user profiling by the cloud server. Our system also supports dynamic privilege changes. Detailed theoretical analysis and experimental studies confirm the security and high efficiency of our system.","PeriodicalId":304978,"journal":{"name":"2016 IEEE/ACM 24th International Symposium on Quality of Service (IWQoS)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130530795","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: