Pub Date : 2011-04-10DOI: 10.1109/INFCOMW.2011.5928781
Weijiang Liu, W. Qu, G. Jian, Li Keqiu
Internet attacks such as distributed denial-of-service (DDoS) attacks and worm attacks are increasing in severity. Identifying realtime attack and mitigation of Internet traffic is an important and challenging problem for network administrators. A compromised host doing fast scanning for worm propagation can make a very high number of connections to distinct destinations within a short time. We call such a host a superpoint, which is the source that connect to a large number of distinct destinations. Detecting superpoints can be utilized for traffic engineering and anomaly detection. We propose a novel data streaming method for detecting superpoints and prove guarantees on their accuracy and memory requirements. The core of this method is a novel data structure called Vector Bloom Filter (VBF). A VBF is a variant of standard Bloom Filter (BF). The VBF consists of 6 hash functions, 4 hash functions of which projectively select some consecutive bits from original strings as function values. We obtain the information of superpoints using the overlapping of hash bit strings of the VBF. The theoretical analysis and experiment results show that our schemes can precisely and efficiently detect superpoints.
{"title":"A novel data streaming method detecting superpoints","authors":"Weijiang Liu, W. Qu, G. Jian, Li Keqiu","doi":"10.1109/INFCOMW.2011.5928781","DOIUrl":"https://doi.org/10.1109/INFCOMW.2011.5928781","url":null,"abstract":"Internet attacks such as distributed denial-of-service (DDoS) attacks and worm attacks are increasing in severity. Identifying realtime attack and mitigation of Internet traffic is an important and challenging problem for network administrators. A compromised host doing fast scanning for worm propagation can make a very high number of connections to distinct destinations within a short time. We call such a host a superpoint, which is the source that connect to a large number of distinct destinations. Detecting superpoints can be utilized for traffic engineering and anomaly detection. We propose a novel data streaming method for detecting superpoints and prove guarantees on their accuracy and memory requirements. The core of this method is a novel data structure called Vector Bloom Filter (VBF). A VBF is a variant of standard Bloom Filter (BF). The VBF consists of 6 hash functions, 4 hash functions of which projectively select some consecutive bits from original strings as function values. We obtain the information of superpoints using the overlapping of hash bit strings of the VBF. The theoretical analysis and experiment results show that our schemes can precisely and efficiently detect superpoints.","PeriodicalId":402219,"journal":{"name":"2011 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS)","volume":"35 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-04-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127123678","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2011-04-10DOI: 10.1109/INFCOMW.2011.5928809
Xiangming Li, Jihua Lu, Jie Yang, Jianping An
A new network architecture and routing method based on percolation for the Machine-to-Machine (M2M) stub network of Internet of things is proposed. The proposed network architecture is router-free, in which efficient routing can be operated with percolations based on the six degrees of separation or small world network. A file transmission will be divided into two phases: routing phase and data transmission phase. In the routing phase, probe packets will be transmitted and forwarded in the network thus path selections are performed based on small-world strategy. In the second phase, the file will be encoded and transmitted using the paths selected at the first phase. In such a way, an efficient routing and data transmission mechanism can be built, with which we can construct a low-cost, flexible, ubiquitous stub network.
{"title":"A novel routing and data transmission method for stub network of internet of things based on percolation","authors":"Xiangming Li, Jihua Lu, Jie Yang, Jianping An","doi":"10.1109/INFCOMW.2011.5928809","DOIUrl":"https://doi.org/10.1109/INFCOMW.2011.5928809","url":null,"abstract":"A new network architecture and routing method based on percolation for the Machine-to-Machine (M2M) stub network of Internet of things is proposed. The proposed network architecture is router-free, in which efficient routing can be operated with percolations based on the six degrees of separation or small world network. A file transmission will be divided into two phases: routing phase and data transmission phase. In the routing phase, probe packets will be transmitted and forwarded in the network thus path selections are performed based on small-world strategy. In the second phase, the file will be encoded and transmitted using the paths selected at the first phase. In such a way, an efficient routing and data transmission mechanism can be built, with which we can construct a low-cost, flexible, ubiquitous stub network.","PeriodicalId":402219,"journal":{"name":"2011 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS)","volume":"58 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-04-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125489007","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2011-04-10DOI: 10.1109/INFCOMW.2011.5928864
Jian-Qin Liu
In this paper, a class of dynamic networks that widely exist in nature, such as signaling networks in cells, is modeled as a controller, in which the quantitative relation among principal factors is explicitly given. A reduction method with respect to the controller is proposed to transform a dynamic network into a minimum controller with only two variables and two units: a feedforward unit and a feedback unit. Here the feedforward unit is formulated as a combination of exponential functions, and the feedback unit as a polynomial function. The features of the robust controller on the aspects of non-smoothness and computational complexity are discussed. As an example to demonstrate the feasibility of the controller designed by the method proposed in this paper, the heat shock response (HSR) network of E. coli is simulated for its robustness to testify the effectiveness of the controller. The simulation result of the transmission process of the HSR network suggests that the designed controller is an efficient CAD (computer-aided design) tool for developing molecular communication systems using cells in vivo.
{"title":"A robust controller of dynamic networks and its verification by the simulation of the heat shock response network with reliable signal transmission","authors":"Jian-Qin Liu","doi":"10.1109/INFCOMW.2011.5928864","DOIUrl":"https://doi.org/10.1109/INFCOMW.2011.5928864","url":null,"abstract":"In this paper, a class of dynamic networks that widely exist in nature, such as signaling networks in cells, is modeled as a controller, in which the quantitative relation among principal factors is explicitly given. A reduction method with respect to the controller is proposed to transform a dynamic network into a minimum controller with only two variables and two units: a feedforward unit and a feedback unit. Here the feedforward unit is formulated as a combination of exponential functions, and the feedback unit as a polynomial function. The features of the robust controller on the aspects of non-smoothness and computational complexity are discussed. As an example to demonstrate the feasibility of the controller designed by the method proposed in this paper, the heat shock response (HSR) network of E. coli is simulated for its robustness to testify the effectiveness of the controller. The simulation result of the transmission process of the HSR network suggests that the designed controller is an efficient CAD (computer-aided design) tool for developing molecular communication systems using cells in vivo.","PeriodicalId":402219,"journal":{"name":"2011 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS)","volume":"117 9","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-04-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114059758","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2011-04-10DOI: 10.1109/INFCOMW.2011.5928895
Yang Liu, Shi Bai, Weiyi Zhang, Jun Zhang
Cloud computing opens a new area of supplement, consumption, and delivery framework for IT services. Customers could be able to order Virtual Applications through the cloud. To reduce the latency time, the cloud service providers implement some strategies (e.g., cloudfront service [1]) to speed up the applications delivery. However, these strategies do not consider the profit of application providers. In this paper we address the problem which is to maximize the profit of application providers based on the Original-Front server network model. We studied two different scenarios and proposed two efficient heuristic algorithms. Our simulation results show that our heuristic algorithms can increase the profit of application providers significantly.
{"title":"Low-cost application image distribution on worldwide cloud front server","authors":"Yang Liu, Shi Bai, Weiyi Zhang, Jun Zhang","doi":"10.1109/INFCOMW.2011.5928895","DOIUrl":"https://doi.org/10.1109/INFCOMW.2011.5928895","url":null,"abstract":"Cloud computing opens a new area of supplement, consumption, and delivery framework for IT services. Customers could be able to order Virtual Applications through the cloud. To reduce the latency time, the cloud service providers implement some strategies (e.g., cloudfront service [1]) to speed up the applications delivery. However, these strategies do not consider the profit of application providers. In this paper we address the problem which is to maximize the profit of application providers based on the Original-Front server network model. We studied two different scenarios and proposed two efficient heuristic algorithms. Our simulation results show that our heuristic algorithms can increase the profit of application providers significantly.","PeriodicalId":402219,"journal":{"name":"2011 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS)","volume":"137 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-04-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121980270","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2011-04-10DOI: 10.1109/INFCOMW.2011.5928930
Jaeyoung Choi, Jong Han Park, Pei-chun Cheng, D. Kim, Lixia Zhang
The Internet topological connectivity becomes denser over time. However the de facto routing protocol of the global Internet, BGP, lets each BGP router select and propagate only a single best path to each destination network. This leads to a common concern that the rich connectivity is not fully utilized and the lack of alternative paths can reduce a network's robustness to failures as well as flexibility in traffic engineering, and can lead to slow adaptation to topological changes. Yet there have been few quantitative measurement studies on path diversity in today's operational Internet. In this paper we use iBGP routing data collected from a Tier1 ISP, ISPA, over a 2-year time period to quantify BGP next-hop diversity for all destinations. Our results show that ISPA reaches the majority of prefixes through multiple next-hop routers. We use several case studies of prefixes with different diversity degrees to identify two major factors that impact the number of observed next-hops: the ISP's path preference and the number of peering routers between large ISPs. This observation provides operational input to the current efforts on augmenting BGP to increase path diversity.
{"title":"Understanding BGP next-hop diversity","authors":"Jaeyoung Choi, Jong Han Park, Pei-chun Cheng, D. Kim, Lixia Zhang","doi":"10.1109/INFCOMW.2011.5928930","DOIUrl":"https://doi.org/10.1109/INFCOMW.2011.5928930","url":null,"abstract":"The Internet topological connectivity becomes denser over time. However the de facto routing protocol of the global Internet, BGP, lets each BGP router select and propagate only a single best path to each destination network. This leads to a common concern that the rich connectivity is not fully utilized and the lack of alternative paths can reduce a network's robustness to failures as well as flexibility in traffic engineering, and can lead to slow adaptation to topological changes. Yet there have been few quantitative measurement studies on path diversity in today's operational Internet. In this paper we use iBGP routing data collected from a Tier1 ISP, ISPA, over a 2-year time period to quantify BGP next-hop diversity for all destinations. Our results show that ISPA reaches the majority of prefixes through multiple next-hop routers. We use several case studies of prefixes with different diversity degrees to identify two major factors that impact the number of observed next-hops: the ISP's path preference and the number of peering routers between large ISPs. This observation provides operational input to the current efforts on augmenting BGP to increase path diversity.","PeriodicalId":402219,"journal":{"name":"2011 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS)","volume":"18 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-04-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128392300","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2011-04-10DOI: 10.1109/INFCOMW.2011.5928818
Shuhua Jiang, Li Chao, Hsi-Lu Chao
One of the most challenging issues in cognitive radio networks is efficient channel sensing and channel accessing. In this paper, an analytical queueing model is used to derive the probability of successful transmission, channel sensing time, and transmission quota, for each data channel. Each CR node records the derived statistics in a channel preference matrix. A CR pair selects a data channel for sensing and accessing based on the successful transmission probability. According to the derivations, we design a media access control protocol, which utilizes the powerful computation capability of cloud servers to estimate the behavior of PUs, for infrastructure-based cognitive radio networks. We validate the analytical model with simulation results. Besides, the proposed MAC protocol is compared with other approaches via simulation. The simulation results showed that our protocol performs well in both utilization of channel idle time and the average tries of channel search.
{"title":"A decentralized MAC protocol for cognitive radio networks","authors":"Shuhua Jiang, Li Chao, Hsi-Lu Chao","doi":"10.1109/INFCOMW.2011.5928818","DOIUrl":"https://doi.org/10.1109/INFCOMW.2011.5928818","url":null,"abstract":"One of the most challenging issues in cognitive radio networks is efficient channel sensing and channel accessing. In this paper, an analytical queueing model is used to derive the probability of successful transmission, channel sensing time, and transmission quota, for each data channel. Each CR node records the derived statistics in a channel preference matrix. A CR pair selects a data channel for sensing and accessing based on the successful transmission probability. According to the derivations, we design a media access control protocol, which utilizes the powerful computation capability of cloud servers to estimate the behavior of PUs, for infrastructure-based cognitive radio networks. We validate the analytical model with simulation results. Besides, the proposed MAC protocol is compared with other approaches via simulation. The simulation results showed that our protocol performs well in both utilization of channel idle time and the average tries of channel search.","PeriodicalId":402219,"journal":{"name":"2011 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS)","volume":"596 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-04-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123145668","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2011-04-10DOI: 10.1109/INFCOMW.2011.5928834
L. Chiaraviglio, I. Matta
We propose a distributed approach in which an Internet Service Provider (ISP) and a Content Provider (CP) cooperate to minimize total power consumption. Our solution is distributed between the ISP and the CP to limit shared information, such as network topology and servers' load. In particular, we adopt a dual decomposition technique. We investigate the performance of the proposed solution on realistic case-studies.We compare our algorithms with a centralized model, whose aim is to minimize total power consumption. We consider different power models for devices. Results show that the distributed algorithm is close to the optimal solution, with a power efficiency loss less than 17%.
{"title":"An energy-aware distributed approach for content and network management","authors":"L. Chiaraviglio, I. Matta","doi":"10.1109/INFCOMW.2011.5928834","DOIUrl":"https://doi.org/10.1109/INFCOMW.2011.5928834","url":null,"abstract":"We propose a distributed approach in which an Internet Service Provider (ISP) and a Content Provider (CP) cooperate to minimize total power consumption. Our solution is distributed between the ISP and the CP to limit shared information, such as network topology and servers' load. In particular, we adopt a dual decomposition technique. We investigate the performance of the proposed solution on realistic case-studies.We compare our algorithms with a centralized model, whose aim is to minimize total power consumption. We consider different power models for devices. Results show that the distributed algorithm is close to the optimal solution, with a power efficiency loss less than 17%.","PeriodicalId":402219,"journal":{"name":"2011 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS)","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-04-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114081999","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2011-04-10DOI: 10.1109/INFCOMW.2011.5928892
Yuezhi Zhou, Yaoxue Zhang, Hao Liu, N. Xiong
This paper presents the design, implementation, and evaluation of AVMM, a symmetric partition-based bare-metal client virtualization approach that tries to achieve maximum near-native performance for end-users while supporting new out-of-OS mechanism for value-added services for network system administration. To achieve these goals, AVMM divides the underlying network client platform into two asymmetric partitions: user and service partitions. The user partition runs a commodity OS, which is assigned to most portions of the CPU and memory resources and a set of peripheral devices to retain the end-user experience. The service partition runs a specialized OS, which consumes only the essential resources for its tasks. By letting user OS possess the most part of resources and access some peripheral devices directly, the AVMM overhead is reduced greatly, improving the whole network system performance. We have implemented a preliminary network prototype that can supportWindows and Linux. Our experimental evaluation results show that AVMM has achieved its designed goals and provides a feasible and efficient approach for client virtualization.
{"title":"AVMM: Virtualize network client with a bare-metal and asymmetric partitioning approach","authors":"Yuezhi Zhou, Yaoxue Zhang, Hao Liu, N. Xiong","doi":"10.1109/INFCOMW.2011.5928892","DOIUrl":"https://doi.org/10.1109/INFCOMW.2011.5928892","url":null,"abstract":"This paper presents the design, implementation, and evaluation of AVMM, a symmetric partition-based bare-metal client virtualization approach that tries to achieve maximum near-native performance for end-users while supporting new out-of-OS mechanism for value-added services for network system administration. To achieve these goals, AVMM divides the underlying network client platform into two asymmetric partitions: user and service partitions. The user partition runs a commodity OS, which is assigned to most portions of the CPU and memory resources and a set of peripheral devices to retain the end-user experience. The service partition runs a specialized OS, which consumes only the essential resources for its tasks. By letting user OS possess the most part of resources and access some peripheral devices directly, the AVMM overhead is reduced greatly, improving the whole network system performance. We have implemented a preliminary network prototype that can supportWindows and Linux. Our experimental evaluation results show that AVMM has achieved its designed goals and provides a feasible and efficient approach for client virtualization.","PeriodicalId":402219,"journal":{"name":"2011 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS)","volume":"31 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-04-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125625492","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2011-04-10DOI: 10.1109/INFCOMW.2011.5928793
Jingyu Ding, Yan Wang, Jiajin Le, Yaohui Jin
Joint scheduling of both computation and communication resources for workflow based distributed computing application over optical networks has been studied recently. Most algorithms proposed in previous work are mainly based on static scheduling strategies with assumption that detail resource information and accurate performance prediction is available. In this paper, we propose to employ shared virtualized optical network (VON) for the task scheduling problem. Both customers and carriers can benefit from such architecture with better flexibility and scalability. Based on a new Scheduled Result Graph (SRG) concept, we propose a computation and communication delay aware rescheduling (C2DAR) scheme to deal with the dynamics from shared VON resources. We evaluate the performance of dynamic scheduling scheme over shared VON in comparison to the static scheduling over dedicated VON and entire optical network respectively. Simulation results also show that C2DAR scheme outperforms traditional computation delay aware rescheduling (CDAR) scheme under shared VON scenario.
{"title":"Dynamic scheduling for workflow applications over virtualized optical networks","authors":"Jingyu Ding, Yan Wang, Jiajin Le, Yaohui Jin","doi":"10.1109/INFCOMW.2011.5928793","DOIUrl":"https://doi.org/10.1109/INFCOMW.2011.5928793","url":null,"abstract":"Joint scheduling of both computation and communication resources for workflow based distributed computing application over optical networks has been studied recently. Most algorithms proposed in previous work are mainly based on static scheduling strategies with assumption that detail resource information and accurate performance prediction is available. In this paper, we propose to employ shared virtualized optical network (VON) for the task scheduling problem. Both customers and carriers can benefit from such architecture with better flexibility and scalability. Based on a new Scheduled Result Graph (SRG) concept, we propose a computation and communication delay aware rescheduling (C2DAR) scheme to deal with the dynamics from shared VON resources. We evaluate the performance of dynamic scheduling scheme over shared VON in comparison to the static scheduling over dedicated VON and entire optical network respectively. Simulation results also show that C2DAR scheme outperforms traditional computation delay aware rescheduling (CDAR) scheme under shared VON scenario.","PeriodicalId":402219,"journal":{"name":"2011 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-04-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125654769","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2011-04-10DOI: 10.1109/INFCOMW.2011.5928948
Wan Tang, Jin Ni, Min Chen, Ximin Yang
This paper investigates the use of second-generation radio frequency identification (2G-RFID) technology to enable better quality of service in future networks. With encoded rules as mobile codes stored in radio frequency identification (RFID) tags, the system extendibility and practicability can be effectively improved. However, due to the openness of the mobile codes, the realization of conveying intelligence brings a critical issue, i.e., how to prevent mobile codes from being misused or abused to avoid malicious attacks, which cause the disruption of back-end systems. We address this issue by the use of role-based access control (RBAC) through introducing context-aware computing. Then, we propose a two-level security enhancement mechanism (2L-SEM), i.e., joint contextual-authentication-based and role-analysis-based secure middleware design. According to the given contextual restrictions in terms of time and location, the proposed mechanism filtrates illegal and invalid mobile codes contained in the RFID tags. Finally, a typical case study is given to illustrate the deployment of the proposed 2L-SEM within a 2G-RFID system. The experimental results show the effectiveness of guaranteeing the safe execution of mobile codes in the 2G-RFID system.
{"title":"Contextual role-based security enhancement mechanism for 2G-RFID systems","authors":"Wan Tang, Jin Ni, Min Chen, Ximin Yang","doi":"10.1109/INFCOMW.2011.5928948","DOIUrl":"https://doi.org/10.1109/INFCOMW.2011.5928948","url":null,"abstract":"This paper investigates the use of second-generation radio frequency identification (2G-RFID) technology to enable better quality of service in future networks. With encoded rules as mobile codes stored in radio frequency identification (RFID) tags, the system extendibility and practicability can be effectively improved. However, due to the openness of the mobile codes, the realization of conveying intelligence brings a critical issue, i.e., how to prevent mobile codes from being misused or abused to avoid malicious attacks, which cause the disruption of back-end systems. We address this issue by the use of role-based access control (RBAC) through introducing context-aware computing. Then, we propose a two-level security enhancement mechanism (2L-SEM), i.e., joint contextual-authentication-based and role-analysis-based secure middleware design. According to the given contextual restrictions in terms of time and location, the proposed mechanism filtrates illegal and invalid mobile codes contained in the RFID tags. Finally, a typical case study is given to illustrate the deployment of the proposed 2L-SEM within a 2G-RFID system. The experimental results show the effectiveness of guaranteeing the safe execution of mobile codes in the 2G-RFID system.","PeriodicalId":402219,"journal":{"name":"2011 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS)","volume":"57 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-04-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122275375","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: