IEEE Final Year Projects 2011-2012 :: Elysium Technologies Pvt Ltd::Networksecurity

Elysium Technologies Private Limited
ISO 9001:2008 A leading Research and Development Division
Madurai | Chennai | Trichy | Coimbatore | Kollam| Singapore
Website: elysiumtechnologies.com, elysiumtechnologies.info
Email: info@elysiumtechnologies.com

IEEE Final Year Project List 2011-2012

Abstract NETWORK SECURITY 2011 - 2012

01 A Distributed Key Management Framework with Cooperative Message Authentication in VANETs

In this paper, we propose a distributed key management framework based on group signature to provision privacy in
vehicular ad hoc networks (VANETs). Distributed key management is expected to facilitate the revocation of malicious
vehicles, maintenance of the system, and heterogeneous security policies, compared with the centralized key management
assumed by the existing group signature schemes. In our framework, each road side unit (RSU) acts as the key distributor
for the group, where a new issue incurred is that the semi-trust RSUs may be compromised. Thus, we develop security
protocols for the scheme which are able to detect compromised RSUs and their colluding malicious vehicles. Moreover, we
address the issue of large computation overhead due to the group signature implementation. A practical cooperative
message authentication protocol is thus proposed to alleviate the verification burden, where each vehicle just needs to
verify a small amount of messages. Details of possible attacks and the corresponding solutions are discussed. We further
develop a medium access control (MAC) layer analytical model and carry out NS2 simulations to examine the key
distribution delay and missed detection ratio of malicious messages, with the proposed key management framework being
implemented over 802.11 based VANETs.

02 A Policy Enforcing Mechanism for Trusted Ad Hoc Networks

To ensure fair and secure communication in Mobile Ad hoc Networks (MANETs), the applications running in these networks
must be regulated by proper communication policies. However, enforcing policies in MANETs is challenging because they
lack the infrastructure and trusted entities encountered in traditional distributed systems. This paper presents the design
and implementation of a policy enforcing mechanism based on Satem, a kernel-level trusted execution monitor built on top
of the Trusted Platform Module. Under this mechanism, each application or protocol has an associated policy. Two
instances of an application running on different nodes may engage in communication only if these nodes enforce the same
set of policies for both the application and the underlying protocols used by the application. In this way, nodes can form
trusted application-centric networks. Before allowing a node to join such a network, Satem verifies its trustworthiness of
enforcing the required set of policies. Furthermore, Satem protects the policies and the software enforcing these policies
from being tampered with. If any of them is compromised, Satem disconnects the node from the network. We demonstrate
the correctness of our solution through security analysis, and its low overhead through performance evaluation of two
MANET applications.

03 A Prediction-Based Overload Control Algorithm for SIP Servers

Overload is a challenging problem for a SIP server because the built-in overload control mechanism based on generating
rejection messages could not prevent the server from collapsing due to congestion. In this scenario, the paper presents an
overload mechanism combining a local and a remote solution. The local part of the overload control mechanism is based
on the appropriate queueing structure and buffer management of the SIP proxy. The remote overload control mechanism is
based on feedback reports provided by the SIP proxy to the upstream neighbors. These reports permit the traffic regulation
necessary to avoid the critical condition of overload. The main paper contributions are the design of key components of a

Madurai Trichy Kollam
Elysium Technologies Private Limited Elysium Technologies Private Limited Elysium Technologies Private Limited
230, Church Road, Annanagar, 3rd Floor,SI Towers, Surya Complex,Vendor junction,
Madurai , Tamilnadu – 625 020. 15 ,Melapudur , Trichy, kollam,Kerala – 691 010.
Contact : 91452 4390702, 4392702, 4394702. Tamilnadu – 620 001. Contact : 91474 2723622.
eMail: info@elysiumtechnologies.com Contact : 91431 - 4002234. eMail: elysium.kollam@gmail.com
eMail: elysium.trichy@gmail.com

1



remote control mechanism, the proposal of a new approach for dynamic load estimation, and the use of a prediction
technique in the remote control loop.

04 A Stochastic Model for Quantitative Security Analyses of Networked Systems

Traditional security analyses are often geared toward cryptographic primitives or protocols. Although such analyses are
necessary, they cannot address a defender’s need for insight into which aspects of a networked system having a
significant impact on its security, and how to tune its configurations or parameters so as to improve security. This question
is known to be notoriously difficult to answer, and the state of the art is that we know little about it. Toward ultimately
addressing this question, this paper presents a stochastic model for quantifying security of networked systems. The
resulting model captures two aspects of a networked system: 1) the strength of deployed security mechanisms such as
intrusion detection systems and 2) the underlying vulnerability graph, which reflects how attacks may proceed. The
resulting model brings the following insights: 1) How should a defender “tune” system configurations (e.g., network
topology) so as to improve security? 2) How should a defender “tune” system parameters (e.g., by upgrading which
security mechanisms) so as to improve security? 3) Under what conditions is the steady-state number of compromised
entities of interest below a given threshold with a high probability? Simulation studies are conducted to confirm the
analytic results, and to show the tightness of the bounds of certain important metric that cannot be resolved analytically.

05 A Unified Framework for the Analysis of Availability, Reliability and Security, With Applications to Quantum Networks

Major goals of system security comprise confidentiality, integrity, availability, authenticity, and reliability. All of these have
seen comprehensive treatment, yielding a vast collection of solutions. Information-theoretic security regarding
confidentiality has seen considerable progress recently with the development of commercial quantum cryptographic
devices. Solutions for perfectly secure authentication have been around much longer. Achieving perfect security, high
availability and reliability, calls for combinations of various approaches. In this study, we propose a simple and uniform
framework for the assessment of security, availability, and reliability that arbitrary compositions of security measures can
provide. Our methodology facilitates system modeling in a decision-theoretic manner, which makes the models easily
understandable even for specialists from fields other than security. At the same time, the models allow for strong
assertions and for simple characterizations of the achievable security and safety in a system. We demonstrate the
applicability of our results using quantum networks as an example.

06 Achieving Bounded Matching Delay and Maximized Throughput in Information Dissemination Management

The demand for high performance information dissemination is increasing in many applications, such as ecommerce and
security alerting systems. These applications usually require that the desired information be matched between numerous
sources and sinks based on established subscriptions in a timely manner while a maximized system throughput be
achieved to find more matched results. Existing work primarily focuses on only one of the two requirements, either
timeliness or throughput. This can lead to an unnecessarily underutilized system or poor guarantees on matching delays. In
this paper, we propose an integrated solution that controls both the matching delay and CPU utilization in information
dissemination systems to achieve bounded matching delay for high-priority information and maximized system throughput
in an example information dissemination system. In addition, we design an admission control scheme to meet the
timeliness requirements for selected lowpriority information. Our solution is based on optimal control theory for guaranteed


2



control accuracy and system stability. Empirical results on a hardware testbed demonstrate that our controllers can meet
the timeliness requirements while achieving maximized system throughput.

07 An Intrusion-Detection Model Based on Fuzzy Class-Association-Rule Mining Using Genetic Network Programming

As the Internet services spread all over the world,many kinds and a large number of security threats are increasing.
Therefore, intrusion detection systems, which can effectively detect intrusion accesses, have attracted attention. This paper
describes a novel fuzzy class-associationrule mining method based on genetic network programming (GNP) for detecting
network intrusions. GNP is an evolutionary optimization technique, which uses directed graph structures instead of strings
in genetic algorithm or trees in genetic programming, which leads to enhancing the representation ability with compact
programs derived from the reusability of nodes in a graph structure. By combining fuzzy set theory with GNP, the proposed
method can deal with the mixed database that contains both discrete and continuous attributes and also extract many
important classassociation rules that contribute to enhancing detection ability. Therefore, the proposed method can be
flexibly applied to both misuse and anomaly detection in network-intrusion-detection problems. Experimental results with
KDD99Cup and DARPA98 databases from MIT Lincoln Laboratory show that the proposed method provides competitively
high detection rates compared with other machine-learning techniques and GNP with crisp data mining.

08 Dirichlet-Based Trust Management for Effective Collaborative Intrusion Detection Networks

The accuracy of detecting intrusions within a Collaborative Intrusion Detection Network (CIDN) depends on the efficiency of
collaboration between peer Intrusion Detection Systems (IDSes) as well as the security itself of the CIDN. In this paper, we
propose Dirichlet-based trust management to measure the level of trust among IDSes according to their mutual experience.
An acquaintance management algorithm is also proposed to allow each IDS to manage its acquaintances according to their
trustworthiness. Our approach achieves strong scalability properties and is robust against common insider threats,
resulting in an effective CIDN. We evaluate our approach based on a simulated CIDN, demonstrating its improved
robustness, efficiency and scalability for collaborative intrusion detection in comparison with other existing models.

09 Efficient Control of False Negative and False Positive Errors with Separate Adaptive Thresholds

Component level performance thresholds are widely used as a basic means for performance management. As the
complexity of managed applications increases, manual threshold maintenance becomes a difficult task. Complexity arises
from having a large number of application components and their operational metrics, dynamically changing workloads, and
compound relationships between application components. To alleviate this problem, we advocate that component level
thresholds should be computed, managed and optimized automatically and autonomously. To this end, we have designed
and implemented a performance threshold management application that automatically and dynamically computes two
separate component level thresholds: one for controlling Type I errors and another for controlling Type II errors. Our
solution additionally facilitates metric selection thus minimizing management overheads. We present the theoretical
foundation for this autonomic threshold management application, describe a specific algorithm and its implementation, and
evaluate it using real-life scenarios and production data sets. As our present study shows, with proper parameter tuning,
our on-line dynamic solution is capable of nearly optimal performance thresholds calculation.


3



10 Efficient Network Modification to Improve QoS Stability at Failures

When a link or node fails, flows are detoured around the failed portion, so the hop count of flows and the link load could
change dramatically as a result of the failure. As real-time traffic such as video or voice increases on the Internet, ISPs are
required to provide stable quality as well as connectivity at failures. For ISPs, how to effectively improve the stability of
these qualities at failures with the minimum investment cost is an important issue, and they need to effectively select a
limited number of locations to add link facilities. In this paper, efficient design algorithms to select the locations for adding
link facilities are proposed and their effectiveness is evaluated using the actual backbone networks of 36 commercial ISPs

11 ELMO: Energy Aware Local Monitoring in Sensor Networks

Over the past decade, local monitoring has been shown to be a powerful technique for improving security in multihop
wireless sensor networks (WSNs). Indeed, local monitoring-based security algorithms are becoming the most popular tool
for providing security in WSNs. However, local monitoring as it is currently practiced is costly in terms of energy
consumption, a major drawback for energy-constrained systems such as WSNs. In WSN environments, the scarce power
resources are typically addressed through sleep-wake scheduling of the nodes. However, sleep-wake scheduling
techniques in WSNs are vulnerable even to simple attacks. In this paper, a new technique is proposed that promises to
allow operation of WSNs in a manner that is both energy-efficient and secure. The proposed technique combines local
monitoring with a novel, more secure form of sleep-wake scheduling. The latter is a new methodology dubbed Elmo
(Energy Aware Local MOnitoring in Sensor Networks), which enables sleep-wake management in a secure manner even in
the face of adversarial nodes that choose not to awaken nodes responsible for monitoring their traffic. An analytical proof
is given showing that security coverage is not weakened under ELMO. Moreover, ns-2 simulation results show that the
performance of local monitoring is practically unchanged, while energy savings of 20 to 100 times are achieved, depending
on the scenario..

12 FDAC: Toward Fine-Grained Distributed Data Access Control in Wireless Sensor Networks

Distributed sensor data storage and retrieval have gained increasing popularity in recent years for supporting various
applications. While distributed architecture enjoys a more robust and fault-tolerant wireless sensor network (WSN), such
architecture also poses a number of security challenges especially when applied in mission-critical applications such as
battlefield and ehealthcare. First, as sensor data are stored and maintained by individual sensors and unattended sensors
are easily subject to strong attacks such as physical compromise, it is significantly harder to ensure data security. Second,
in many mission-critical applications, fine-grained data access control is a must as illegal access to the sensitive data may
cause disastrous results and/or be prohibited by the law. Last but not least, sensor nodes usually are resource-constrained,
which limits the direct adoption of expensive cryptographic primitives. To address the above challenges, we propose, in
this paper, a distributed data access control scheme that is able to enforce fine-grained access control over sensor data
and is resilient against strong attacks such as sensor compromise and user colluding. The proposed scheme exploits a
novel cryptographic primitive called attribute-based encryption (ABE), tailors, and adapts it for WSNs with respect to both
performance and security requirements. The feasibility of the scheme is demonstrated by experiments on real sensor
platforms. To our best knowledge, this paper is the first to realize distributed fine-grained data access control for WSNs.

13 Improving Application Placement for Cluster-Based Web Applications


4



Dynamic application placement for clustered web applications heavily influences system performance and quality of user
experience. Existing approaches claim that they strive to maximize the throughput, keep resource utilization balanced
across servers, and minimize the start/stop cost of application instances. However, they fail to minimize the worst case of
server utilization; the load balancing performance is not optimal. What’s more, some applications need to communicate
with each other, which we called dependent applications; the network cost of them also should be taken into consideration.
In this paper, we investigate how to minimize the resource utilization of servers in the worst case, aiming at improving load
balancing among clustered servers. Our contribution is twofold. First we propose and define a new optimization objectives:
limiting the worst case of each individual server’s utilization, formulated by a min-max problem. A novel framework based
on binary search is proposed to detect an optimal load balancing solution. Second, we define system cost as the weighted
combination of both placement change and inter-application communication cost. By maximizing the number of instances
of dependent applications that reside in the same set of servers, the basic load-shifting and placement-change procedures
are enhanced to minimize whole system cost. Extensive experiments have been conducted and effectively demonstrate
that: 1) the proposed framework achieves a good allocation for clustered web applications. In other words, requests are
evenly allocated among servers, and throughput is still maximized; 2) the total system cost maintains at a low level; 3) our
algorithm has the capacity of approximating an optimal solution within polynomial time and is promising for practical
implementation in real deployments.

14 Locating Equivalent Servants over P2P Networks

While peer-to-peer networks are mainly used to locate unique resources across the Internet, new interesting deployment
scenarios are emerging. Particularly, some applications (e.g., VoIP) are proposing the creation of overlays for the
localization of services based on equivalent servants (e.g., voice relays). This paper explores the possible overlay
architectures that can be adopted to provide such services, showing how an unstructured solution based on a scale-free
overlay topology is an effective option to deploy in this context. Consequently, we propose EQUATOR (EQUivalent servAnt
locaTOR), an unstructured overlay implementing the above mentioned operating principles, based on an overlay
construction algorithm that well approximates an ideal scale-free construction model. We present both analytical and
simulation results which support our overlay topology selection and validate the proposed architecture.

15 Low-Overhead End-to-End Performance Measurement for Next Generation Networks

Internet performance measurement is commonly perceived as a high-cost control-plane activity and until now it has tended
to be implemented on top of the network’s forwarding operation. Consequently, measurement mechanisms have often had
to trade relevance and accuracy over non-intrusiveness and cost effectiveness. In this paper, we present the software
implementation of an in-line measurement mechanism that uses native structures of the Internet Protocol version 6 (IPv6)
stack to piggyback measurement information on data-carrying traffic as this is routed between two points in the network.
We carefully examine the overhead associated with both the measurement process and the measurement data, and we
demonstrate that direct twopoint measurement has minimal impact on throughput and on system processing load. The
results of this paper show that adequately engineered measurement mechanisms that exploit selective processing do not
compromise the network’s forwarding efficiency, and can be deployed in an always-on manner to reveal the true
performance of network traffic over small timescales

16 Monitoring the Impact of P2P Users on a Broadband Operator’s Network over Time


5



Since their emergence peer-to-peer (P2P) applications have been generating a considerable fraction of the overall
transferred bandwidth in broadband networks. Residential broadband service has been moving from one geared towards
technology enthusiasts and early adopters to a commodity for a large fraction of households. Thus, the question whether
P2P is still the dominant application in terms of bandwidth usage becomes highly relevant for broadband operators. In this
work we present an adaption to a previously published method for classifying broadband users into a P2P- and a non-P2P
group based on the amount of communication partners (“peers") they have in a dedicated timeframe. Based on this
classification, we derive their impact on network characteristics like the number of active users and their aggregate
bandwidth. Privacy is assured by anonymization of the data and by not taking into account the packet payloads. We apply
our method to real operational data collected 2007 and 2010, respectively, from a major German DSL provider’s access link
which transported all traffic each user generates and receives. In 2010 the fraction of P2P users clearly decreased
compared to previous years. Nevertheless we find that P2P users are still large contributors to the total amount of traffic
seen especially in upstream direction. However in 2010 the impact from P2P on the bandwidth peaks in the busy hours has
clearly decreased while other applications have a growing impact, leading to an increased bandwidth usage per subscriber
in the peak hours. Further analysis also reveals that the P2P users’ traffic still does not exhibit strong locality. We compare
our findings to those available in the literature and propose areas for future work on network monitoring, P2P applications,
and network design.

17 On the Impact of Security Protocols on the Performance of SNMP

Since the early 1990s, there have been several attempts to secure the Simple Network Management Protocol (SNMP). The
third version of the protocol, published as full standard in 2002, introduced the User-based Security Model (USM), which
comes with its own user and key-management infrastructure. Since then, network operators have reported that deploying
another user and key management infrastructure to secure SNMP is expensive and a reason to not deploy SNMPv3. This
paper describes how existing security protocols operating above the transport layer and below application protocols can
be used to secure SNMP. These protocols can take advantage of already deployed key management infrastructures that are
used for other network management interfaces and hence their use can reduce the operational costs associated with
securing SNMP. Our main contribution is a detailed performance analysis of a prototype implementation, comparing the
performance of SNMPv3 over SSH, TLS, and DTLS with other versions of SNMP. We also discuss the differences between
the various options to secure SNMP and provide guidelines for choosing solutions to implement or deploy.

18 Practical and Secure Multidimensional Query Framework in Tiered Sensor Networks

The two-tier architecture consisting of a small number of resource-abundant storage nodes in the upper tier and a large
number of sensors in the lower tier could be promising for large-scale sensor networks in terms of resource efficiency,
network capacity, network management complexity, etc. In this architecture, each sensor having multiple sensing
capabilities periodically forwards the multidimensional sensed data to the storage node, which responds to the queries,
such as range query, top- query, and skyline query. Unfortunately, node compromises pose the great challenge of securing
the data collection; the sensed data could be leaked to or could be manipulated by the compromised nodes. Furthermore,
chunks of the sensed data could be dropped maliciously, resulting in an incomplete query result, which is the most difficult
security breach. Here, we propose a simple yet effective hash tree-based framework, under which data confidentiality,
query result authenticity, and query result completeness can be guaranteed simultaneously. In addition, the subtree
sampling technique, which could be of independent interest to the other applications, is proposed to efficiently identify the
compromised nodes. Last, analytical and extensive simulation studies are conducted to evaluate the performance and
security of our methods. Prototype implementation on TelosB mote demonstrates the practicality of our proposed methods.


6



19 Privacy Preserving Collaborative Enforcement of Firewall Policies in Virtual Private Networks

The widely deployed Virtual Private Network (VPN) technology allows roaming users to build an encrypted tunnel to a VPN
server, which, henceforth, allows roaming users to access some resources as if that computer were residing on their home
organization’s network. Although VPN technology is very useful, it imposes security threats on the remote network because
its firewall does not know what traffic is flowing inside the VPN tunnel. To address this issue, we propose VGuard, a
framework that allows a policy owner and a request owner to collaboratively determine whether the request satisfies the
policy without the policy owner knowing the request and the request owner knowing the policy. We first present an efficient
protocol, called Xhash, for oblivious comparison, which allows two parties, where each party has a number, to compare
whether they have the same number, without disclosing their numbers to each other. Then, we present the VGuard
framework that uses Xhash as the basic building block. The basic idea of VGuard is to first convert a firewall policy to
nonoverlapping numerical rules and then use Xhash to check whether a request matches a rule. Comparing with the Cross-
Domain Cooperative Firewall (CDCF) framework, which represents the state-of-theart, VGuard is not only more secure but
also orders of magnitude more efficient. On real-life firewall policies, for processing packets, our experimental results show
that VGuard is three to four orders of magnitude faster than CDCF.

20 Robust Correlation of Encrypted Attack Traffic through Stepping Stones by Flow Watermarking

Network-based intruders seldom attack their victims directly from their own computer. Often, they stage their attacks
through intermediate “stepping stones” in order to conceal their identity and origin. To identify the source of the attack
behind the stepping stone(s), it is necessary to correlate the incoming and outgoing flows or connections of a stepping
stone. To resist attempts at correlation, the attacker may encrypt or otherwise manipulate the connection traffic. Timing-
based correlation approaches have been shown to be quite effective in correlating encrypted connections. However, timing-
based correlation approaches are subject to timing perturbations that may be deliberately introduced by the attacker at
stepping stones. In this paper, we propose a novel watermarkbased- correlation scheme that is designed specifically to be
robust against timing perturbations. Unlike most previous timing-based correlation approaches, our watermark-based
approach is “active” in that it embeds a unique watermark into the encrypted flows by slightly adjusting the timing of
selected packets. The unique watermark that is embedded in the encrypted flow gives us a number of advantages over
passive timing-based correlation in resisting timing perturbations by the attacker. In contrast to the existing passive
correlation approaches, our active watermark-based correlation does not make any limiting assumptions about the
distribution or random process of the original interpacket timing of the packet flow. In theory, our watermark-based
correlation can achieve arbitrarily close to 100 percent correlation true positive rate (TPR), and arbitrarily close to 0 percent
false positive rate (FPR) at the same time for sufficiently long flows, despite arbitrarily large (but bounded) timing
perturbations of any distribution by the attacker. Our paper is the first that identifies 1) accurate quantitative tradeoffs
between the achievable correlation effectiveness and the defining characteristics of the timing perturbation; and 2) a
provable upper bound on the number of packets needed to achieve a desired correlation effectiveness, given the amount of
timing perturbation. Experimental results show that our active watermark-based correlation performs better and requires
fewer packets than existing, passive timing-based correlation methods in the presence of random timing perturbations.

21 Runtime Defense against Code Injection Attacks Using Replicated Execution

The number and complexity of attacks on computer systems are increasing. This growth necessitates proper defense
mechanisms. Intrusion detection systems play an important role in detecting and disrupting attacks before they can
compromise software. Multivariant execution is an intrusion detection mechanism that executes several slightly different
versions, called variants, of the same program in lockstep. The variants are built to have identical behavior under normal


7



execution conditions. However, when the variants are under attack, there are detectable differences in their execution
behavior. At runtime, a monitor compares the behavior of the variants at certain synchronization points and raises an alarm
when a discrepancy is detected. We present a monitoring mechanism that does not need any kernel privileges to supervise
the variants. Many sources of inconsistencies, including asynchronous signals and scheduling of multithreaded or
multiprocess applications, can cause divergence in behavior of variants. These divergences cause false alarms. We provide
solutions to remove these false alarms. Our experiments show that the multivariant execution technique is effective in
detecting and preventing code injection attacks. The empirical results demonstrate that dual-variant execution has on
average 17 percent performance overhead when deployed on multicore processors.

22 SAT: A Security Architecture Achieving Anonymity and Traceability in Wireless Mesh Networks

Anonymity has received increasing attention in the literature due to the users’ awareness of their privacy nowadays.
Anonymity provides protection for users to enjoy network services without being traced. While anonymity-related issues
have been extensively studied in payment-based systems such as e-cash and peer-to-peer (P2P) systems, little effort has
been devoted to wireless mesh networks (WMNs). On the other hand, the network authority requires conditional anonymity
such that misbehaving entities in the network remain traceable. In this paper, we propose a security architecture to ensure
unconditional anonymity for honest users and traceability of misbehaving users for network authorities in WMNs. The
proposed architecture strives to resolve the conflicts between the anonymity and traceability objectives, in addition to
guaranteeing fundamental security requirements including authentication, confidentiality, data integrity, and
nonrepudiation. Thorough analysis on security and efficiency is incorporated, demonstrating the feasibility and
effectiveness of the proposed architecture.

23 Scheduling Grid Tasks in Face of Uncertain Communication Demands

Grid scheduling is essential to Quality of Service provisioning as well as to efficient management of grid resources. Grid
scheduling usually considers the state of the grid resources as well application demands. However, such demands are
generally unknown for highly demanding applications, since these often generate data which will be transferred during their
execution. Without appropriate assessment of these demands, scheduling decisions can lead to poor performance. Thus, it
is of paramount importance to consider uncertainties in the formulation of a grid scheduling problem. This paper
introduces the IPDT-FUZZY scheduler, a scheduler which considers the demands of grid applications with such
uncertainties. The scheduler uses fuzzy optimization, and both computational and communication demands are expressed
as fuzzy numbers. Its performance was evaluated, and it was shown to be attractive when communication requirements are
uncertain. Its efficacy is compared, via simulation, to that of a deterministic counterpart scheduler and the results reinforce
its adequacy for dealing with the lack of accuracy in the estimation of communication demands.

24 Securing Topology Maintenance Protocols for Sensor Networks

We analyze the security vulnerabilities of PEAS, ASCENT, and CCP, three well-known topology maintenance protocols
(TMPs) for sensor networks. These protocols aim to increase the lifetime of the sensor network by only maintaining a


8



subset of nodes in an active or awake state. The design of these protocols assumes that the sensor nodes will be deployed
in a trusted, nonadversarial environment, and does not take into account the impact of attacks launched by malicious
insider or outsider nodes. We propose a metaprotocol (Meta-TMP) to represent the class of topology maintenance
protocols. The Meta-TMP provides us with a better understanding of the characteristics and of how a specific TMP works,
and it can be used to study the vulnerabilities of a specific TMP. We describe various types of malicious behavior and
actions that can be carried out by an adversary to attack a wireless sensor network by exploiting the TMP being used in the
network. We describe three attacks against these protocols that may be used to reduce the lifetime of the sensor network,
or to degrade the functionality of the sensor application by reducing the network connectivity and the sensing coverage
that can be achieved. Further, we describe countermeasures that can be taken to increase the robustness of the protocols
and make them resilient to such attacks.

25 SLO Auditing Task Analysis, Decomposition, and Specification

Service Level Objectives (SLOs) – the core of a Service Level Agreement (SLA) – reflect major Quality-of-Service (QoS)
requirements of customers on a service for a given price. SLOs need to be updated, if those requirements change. This
leads to an update of the SLO auditing implementation. However, in many existing implementations, efforts are required to
adapt to SLO changes, and even more efforts are needed for dynamic adaptations. Thus, a new SLO auditing design is
essential to be able to reduce such efforts to the bare minimum. This is especially essential, if the service landscape and
relevant QoS parameters are changing frequently. Thus, to meet this core functional requirement of an automated auditing,
a generic auditing framework, applicable to any SLO, is presented in this paper, where the analysis of a general audit task,
the identification of its sequence of subtasks (functional decomposition), and the development of a respective audit
specification for each subtask has been performed. A use case and examples are presented to describe and apply the
concept in detail. An SLO auditing application, which was prototyped, is not restricted to a certain set of QoS parameters,
but it is dynamically reconfigurable and extensible according to changing demands. The work shows that it has become
quite easy to instantiate an auditing application for new SLOs. Additionally, third parties would be able to offer SLO
auditing services to a service provider separately.

26 Spectral Models for Bitrate Measurement from Packet Sampled Traffic

In network measurement systems, packet sampling techniques are usually adopted to reduce the overall amount of data to
collect and process. Being based on a subset of packets, they introduce estimation errors that have to be properly
counteracted by using a fine tuning of the sampling strategy and sophisticated inversion methods. This problem has been
deeply investigated in the literature with particular attention to the statistical properties of packet sampling and to the
recovery of the original network measurements. Herein, we propose a novel approach to predict the energy of the sampling
error in the real time estimation of traffic bitrate, based on spectral analysis in the frequency domain. We start by
demonstrating that the error introduced by packet sampling can be modeled as an aliasing effect in the frequency domain.
Then, we derive closed-form expressions for the Signal-to-Noise Ratio (SNR) to predict the distortion of traffic bitrate
estimates over time. The accuracy of the proposed SNR metric is validated by means of real packet traces. Furthermore, a
comparison with respect to an analogous SNR expression derived using classic stochastic tools is proposed, showing that
the frequency domain approach grants for a higher accuracy when traffic rate measurements are carried out at fine time
granularity..


9

IEEE Final Year Projects 2011-2012 :: Elysium Technologies Pvt Ltd::Networksecurity

Recommended

Recommended

More Related Content

What's hot

What's hot (19)

Viewers also liked

Viewers also liked (6)

Similar to IEEE Final Year Projects 2011-2012 :: Elysium Technologies Pvt Ltd::Networksecurity

Similar to IEEE Final Year Projects 2011-2012 :: Elysium Technologies Pvt Ltd::Networksecurity (20)

More from sunda2011

More from sunda2011 (6)

Recently uploaded

Recently uploaded (20)

IEEE Final Year Projects 2011-2012 :: Elysium Technologies Pvt Ltd::Networksecurity