ieee final year projects 2011-2012 :: elysium technologies pvt ltd::networksecurity

Elysium Technologies Private Limited ISO 9001:2008 A leading Research and Development Division Madurai | Chennai | Trichy | Coimbatore | Kollam| Singapore Website: elysiumtechnologies.com, elysiumtechnologies.info Email: [email protected]

IEEE Final Year Project List 2011-2012

Madurai

Elysium Technologies Private Limited

230, Church Road, Annanagar,

Madurai , Tamilnadu – 625 020.

Contact : 91452 4390702, 4392702, 4394702.

eMail: [email protected]

Trichy


3rd

Floor,SI Towers,

15 ,Melapudur , Trichy,

Tamilnadu – 620 001.

Contact : 91431 - 4002234.


Kollam


Surya Complex,Vendor junction,

kollam,Kerala – 691 010.

Contact : 91474 2723622.


A b s t r a c t NETWORK SECURITY 2011 - 2012

01 A Distributed Key Management Framework with Cooperative Message Authentication in VANETs

In this paper, we propose a distributed key management framework based on group signature to provision privacy in

vehicular ad hoc networks (VANETs). Distributed key management is expected to facilitate the revocation of malicious

vehicles, maintenance of the system, and heterogeneous security policies, compared with the centralized key management

assumed by the existing group signature schemes. In our framework, each road side unit (RSU) acts as the key distributor

for the group, where a new issue incurred is that the semi-trust RSUs may be compromised. Thus, we develop security

protocols for the scheme which are able to detect compromised RSUs and their colluding malicious vehicles. Moreover, we

address the issue of large computation overhead due to the group signature implementation. A practical cooperative

message authentication protocol is thus proposed to alleviate the verification burden, where each vehicle just needs to

verify a small amount of messages. Details of possible attacks and the corresponding solutions are discussed. We further

develop a medium access control (MAC) layer analytical model and carry out NS2 simulations to examine the key

distribution delay and missed detection ratio of malicious messages, with the proposed key management framework being

implemented over 802.11 based VANETs.

02 A Policy Enforcing Mechanism for Trusted Ad Hoc Networks

To ensure fair and secure communication in Mobile Ad hoc Networks (MANETs), the applications running in these networks

must be regulated by proper communication policies. However, enforcing policies in MANETs is challenging because they

lack the infrastructure and trusted entities encountered in traditional distributed systems. This paper presents the design

and implementation of a policy enforcing mechanism based on Satem, a kernel-level trusted execution monitor built on top

of the Trusted Platform Module. Under this mechanism, each application or protocol has an associated policy. Two

instances of an application running on different nodes may engage in communication only if these nodes enforce the same

set of policies for both the application and the underlying protocols used by the application. In this way, nodes can form

trusted application-centric networks. Before allowing a node to join such a network, Satem verifies its trustworthiness of

enforcing the required set of policies. Furthermore, Satem protects the policies and the software enforcing these policies

from being tampered with. If any of them is compromised, Satem disconnects the node from the network. We demonstrate

the correctness of our solution through security analysis, and its low overhead through performance evaluation of two

MANET applications.

03 A Prediction-Based Overload Control Algorithm for SIP Servers

Overload is a challenging problem for a SIP server because the built-in overload control mechanism based on generating

rejection messages could not prevent the server from collapsing due to congestion. In this scenario, the paper presents an

overload mechanism combining a local and a remote solution. The local part of the overload control mechanism is based

on the appropriate queueing structure and buffer management of the SIP proxy. The remote overload control mechanism is

based on feedback reports provided by the SIP proxy to the upstream neighbors. These reports permit the traffic regulation

necessary to avoid the critical condition of overload. The main paper contributions are the design of key components of a

1



Madurai




Contact : 91452 4390702, 4392702, 4394702.


Trichy


3rd

Floor,SI Towers,



Contact : 91431 - 4002234.


Kollam




Contact : 91474 2723622.


remote control mechanism, the proposal of a new approach for dynamic load estimation, and the use of a prediction

technique in the remote control loop.

04 A Stochastic Model for Quantitative Security Analyses of Networked Systems

Traditional security analyses are often geared toward cryptographic primitives or protocols. Although such analyses are

necessary, they cannot address a defender’s need for insight into which aspects of a networked system having a

significant impact on its security, and how to tune its configurations or parameters so as to improve security. This question

is known to be notoriously difficult to answer, and the state of the art is that we know little about it. Toward ultimately

addressing this question, this paper presents a stochastic model for quantifying security of networked systems. The

resulting model captures two aspects of a networked system: 1) the strength of deployed security mechanisms such as

intrusion detection systems and 2) the underlying vulnerability graph, which reflects how attacks may proceed. The

resulting model brings the following insights: 1) How should a defender “tune” system configurations (e.g., network

topology) so as to improve security? 2) How should a defender “tune” system parameters (e.g., by upgrading which

security mechanisms) so as to improve security? 3) Under what conditions is the steady-state number of compromised

entities of interest below a given threshold with a high probability? Simulation studies are conducted to confirm the

analytic results, and to show the tightness of the bounds of certain important metric that cannot be resolved analytically.

05 A Unified Framework for the Analysis of Availability, Reliability and Security, With Applications to Quantum Networks

Major goals of system security comprise confidentiality, integrity, availability, authenticity, and reliability. All of these have

seen comprehensive treatment, yielding a vast collection of solutions. Information-theoretic security regarding

confidentiality has seen considerable progress recently with the development of commercial quantum cryptographic

devices. Solutions for perfectly secure authentication have been around much longer. Achieving perfect security, high

availability and reliability, calls for combinations of various approaches. In this study, we propose a simple and uniform

framework for the assessment of security, availability, and reliability that arbitrary compositions of security measures can

provide. Our methodology facilitates system modeling in a decision-theoretic manner, which makes the models easily

understandable even for specialists from fields other than security. At the same time, the models allow for strong

assertions and for simple characterizations of the achievable security and safety in a system. We demonstrate the

applicability of our results using quantum networks as an example.

06 Achieving Bounded Matching Delay and Maximized Throughput in Information Dissemination Management

The demand for high performance information dissemination is increasing in many applications, such as ecommerce and

security alerting systems. These applications usually require that the desired information be matched between numerous

sources and sinks based on established subscriptions in a timely manner while a maximized system throughput be

achieved to find more matched results. Existing work primarily focuses on only one of the two requirements, either

timeliness or throughput. This can lead to an unnecessarily underutilized system or poor guarantees on matching delays. In

this paper, we propose an integrated solution that controls both the matching delay and CPU utilization in information

dissemination systems to achieve bounded matching delay for high-priority information and maximized system throughput

in an example information dissemination system. In addition, we design an admission control scheme to meet the

timeliness requirements for selected lowpriority information. Our solution is based on optimal control theory for guaranteed

2



Madurai




Contact : 91452 4390702, 4392702, 4394702.


Trichy


3rd

Floor,SI Towers,



Contact : 91431 - 4002234.


Kollam




Contact : 91474 2723622.


control accuracy and system stability. Empirical results on a hardware testbed demonstrate that our controllers can meet

the timeliness requirements while achieving maximized system throughput.

07 An Intrusion-Detection Model Based on Fuzzy Class-Association-Rule Mining Using Genetic Network Programming

As the Internet services spread all over the world,many kinds and a large number of security threats are increasing.

Therefore, intrusion detection systems, which can effectively detect intrusion accesses, have attracted attention. This paper

describes a novel fuzzy class-associationrule mining method based on genetic network programming (GNP) for detecting

network intrusions. GNP is an evolutionary optimization technique, which uses directed graph structures instead of strings

in genetic algorithm or trees in genetic programming, which leads to enhancing the representation ability with compact

programs derived from the reusability of nodes in a graph structure. By combining fuzzy set theory with GNP, the proposed

method can deal with the mixed database that contains both discrete and continuous attributes and also extract many

important classassociation rules that contribute to enhancing detection ability. Therefore, the proposed method can be

flexibly applied to both misuse and anomaly detection in network-intrusion-detection problems. Experimental results with

KDD99Cup and DARPA98 databases from MIT Lincoln Laboratory show that the proposed method provides competitively

high detection rates compared with other machine-learning techniques and GNP with crisp data mining.

08 Dirichlet-Based Trust Management for Effective Collaborative Intrusion Detection Networks

The accuracy of detecting intrusions within a Collaborative Intrusion Detection Network (CIDN) depends on the efficiency of

collaboration between peer Intrusion Detection Systems (IDSes) as well as the security itself of the CIDN. In this paper, we

propose Dirichlet-based trust management to measure the level of trust among IDSes according to their mutual experience.

An acquaintance management algorithm is also proposed to allow each IDS to manage its acquaintances according to their

trustworthiness. Our approach achieves strong scalability properties and is robust against common insider threats,

resulting in an effective CIDN. We evaluate our approach based on a simulated CIDN, demonstrating its improved

robustness, efficiency and scalability for collaborative intrusion detection in comparison with other existing models.

09 Efficient Control of False Negative and False Positive Errors with Separate Adaptive Thresholds

Component level performance thresholds are widely used as a basic means for performance management. As the

complexity of managed applications increases, manual threshold maintenance becomes a difficult task. Complexity arises

from having a large number of application components and their operational metrics, dynamically changing workloads, and

compound relationships between application components. To alleviate this problem, we advocate that component level

thresholds should be computed, managed and optimized automatically and autonomously. To this end, we have designed

and implemented a performance threshold management application that automatically and dynamically computes two

separate component level thresholds: one for controlling Type I errors and another for controlling Type II errors. Our

solution additionally facilitates metric selection thus minimizing management overheads. We present the theoretical

foundation for this autonomic threshold management application, describe a specific algorithm and its implementation, and

evaluate it using real-life scenarios and production data sets. As our present study shows, with proper parameter tuning,

our on-line dynamic solution is capable of nearly optimal performance thresholds calculation.

3



Madurai




Contact : 91452 4390702, 4392702, 4394702.


Trichy


3rd

Floor,SI Towers,



Contact : 91431 - 4002234.


Kollam




Contact : 91474 2723622.


10 Efficient Network Modification to Improve QoS Stability at Failures

When a link or node fails, flows are detoured around the failed portion, so the hop count of flows and the link load could

change dramatically as a result of the failure. As real-time traffic such as video or voice increases on the Internet, ISPs are

required to provide stable quality as well as connectivity at failures. For ISPs, how to effectively improve the stability of

these qualities at failures with the minimum investment cost is an important issue, and they need to effectively select a

limited number of locations to add link facilities. In this paper, efficient design algorithms to select the locations for adding

link facilities are proposed and their effectiveness is evaluated using the actual backbone networks of 36 commercial ISPs

11 ELMO: Energy Aware Local Monitoring in Sensor Networks

Over the past decade, local monitoring has been shown to be a powerful technique for improving security in multihop

wireless sensor networks (WSNs). Indeed, local monitoring-based security algorithms are becoming the most popular tool

for providing security in WSNs. However, local monitoring as it is currently practiced is costly in terms of energy

consumption, a major drawback for energy-constrained systems such as WSNs. In WSN environments, the scarce power

resources are typically addressed through sleep-wake scheduling of the nodes. However, sleep-wake scheduling

techniques in WSNs are vulnerable even to simple attacks. In this paper, a new technique is proposed that promises to

allow operation of WSNs in a manner that is both energy-efficient and secure. The proposed technique combines local

monitoring with a novel, more secure form of sleep-wake scheduling. The latter is a new methodology dubbed Elmo

(Energy Aware Local MOnitoring in Sensor Networks), which enables sleep-wake management in a secure manner even in

the face of adversarial nodes that choose not to awaken nodes responsible for monitoring their traffic. An analytical proof

is given showing that security coverage is not weakened under ELMO. Moreover, ns-2 simulation results show that the

performance of local monitoring is practically unchanged, while energy savings of 20 to 100 times are achieved, depending

on the scenario..

12 FDAC: Toward Fine-Grained Distributed Data Access Control in Wireless Sensor Networks

Distributed sensor data storage and retrieval have gained increasing popularity in recent years for supporting various

applications. While distributed architecture enjoys a more robust and fault-tolerant wireless sensor network (WSN), such

architecture also poses a number of security challenges especially when applied in mission-critical applications such as

battlefield and ehealthcare. First, as sensor data are stored and maintained by individual sensors and unattended sensors

are easily subject to strong attacks such as physical compromise, it is significantly harder to ensure data security. Second,

in many mission-critical applications, fine-grained data access control is a must as illegal access to the sensitive data may

cause disastrous results and/or be prohibited by the law. Last but not least, sensor nodes usually are resource-constrained,

which limits the direct adoption of expensive cryptographic primitives. To address the above challenges, we propose, in

this paper, a distributed data access control scheme that is able to enforce fine-grained access control over sensor data

and is resilient against strong attacks such as sensor compromise and user colluding. The proposed scheme exploits a

novel cryptographic primitive called attribute-based encryption (ABE), tailors, and adapts it for WSNs with respect to both

performance and security requirements. The feasibility of the scheme is demonstrated by experiments on real sensor

platforms. To our best knowledge, this paper is the first to realize distributed fine-grained data access control for WSNs.

13 Improving Application Placement for Cluster-Based Web Applications

4



Madurai




Contact : 91452 4390702, 4392702, 4394702.


Trichy


3rd

Floor,SI Towers,



Contact : 91431 - 4002234.


Kollam




Contact : 91474 2723622.


Dynamic application placement for clustered web applications heavily influences system performance and quality of user

experience. Existing approaches claim that they strive to maximize the throughput, keep resource utilization balanced

across servers, and minimize the start/stop cost of application instances. However, they fail to minimize the worst case of

server utilization; the load balancing performance is not optimal. What’s more, some applications need to communicate

with each other, which we called dependent applications; the network cost of them also should be taken into consideration.

In this paper, we investigate how to minimize the resource utilization of servers in the worst case, aiming at improving load

balancing among clustered servers. Our contribution is twofold. First we propose and define a new optimization objectives:

limiting the worst case of each individual server’s utilization, formulated by a min-max problem. A novel framework based

on binary search is proposed to detect an optimal load balancing solution. Second, we define system cost as the weighted

combination of both placement change and inter-application communication cost. By maximizing the number of instances

of dependent applications that reside in the same set of servers, the basic load-shifting and placement-change procedures

are enhanced to minimize whole system cost. Extensive experiments have been conducted and effectively demonstrate

that: 1) the proposed framework achieves a good allocation for clustered web applications. In other words, requests are

evenly allocated among servers, and throughput is still maximized; 2) the total system cost maintains at a low level; 3) our

algorithm has the capacity of approximating an optimal solution within polynomial time and is promising for practical

implementation in real deployments.

14 Locating Equivalent Servants over P2P Networks

While peer-to-peer networks are mainly used to locate unique resources across the Internet, new interesting deployment

scenarios are emerging. Particularly, some applications (e.g., VoIP) are proposing the creation of overlays for the

localization of services based on equivalent servants (e.g., voice relays). This paper explores the possible overlay

architectures that can be adopted to provide such services, showing how an unstructured solution based on a scale-free

overlay topology is an effective option to deploy in this context. Consequently, we propose EQUATOR (EQUivalent servAnt

locaTOR), an unstructured overlay implementing the above mentioned operating principles, based on an overlay

construction algorithm that well approximates an ideal scale-free construction model. We present both analytical and

simulation results which support our overlay topology selection and validate the proposed architecture.

15 Low-Overhead End-to-End Performance Measurement for Next Generation Networks

Internet performance measurement is commonly perceived as a high-cost control-plane activity and until now it has tended

to be implemented on top of the network’s forwarding operation. Consequently, measurement mechanisms have often had

to trade relevance and accuracy over non-intrusiveness and cost effectiveness. In this paper, we present the software

implementation of an in-line measurement mechanism that uses native structures of the Internet Protocol version 6 (IPv6)

stack to piggyback measurement information on data-carrying traffic as this is routed between two points in the network.

We carefully examine the overhead associated with both the measurement process and the measurement data, and we

demonstrate that direct twopoint measurement has minimal impact on throughput and on system processing load. The

results of this paper show that adequately engineered measurement mechanisms that exploit selective processing do not

compromise the network’s forwarding efficiency, and can be deployed in an always-on manner to reveal the true

performance of network traffic over small timescales

16 Monitoring the Impact of P2P Users on a Broadband Operator’s Network over Time

5



Madurai




Contact : 91452 4390702, 4392702, 4394702.


Trichy


3rd

Floor,SI Towers,



Contact : 91431 - 4002234.


Kollam




Contact : 91474 2723622.


Since their emergence peer-to-peer (P2P) applications have been generating a considerable fraction of the overall

transferred bandwidth in broadband networks. Residential broadband service has been moving from one geared towards

technology enthusiasts and early adopters to a commodity for a large fraction of households. Thus, the question whether

P2P is still the dominant application in terms of bandwidth usage becomes highly relevant for broadband operators. In this

work we present an adaption to a previously published method for classifying broadband users into a P2P- and a non-P2P

group based on the amount of communication partners (“peers") they have in a dedicated timeframe. Based on this

classification, we derive their impact on network characteristics like the number of active users and their aggregate

bandwidth. Privacy is assured by anonymization of the data and by not taking into account the packet payloads. We apply

our method to real operational data collected 2007 and 2010, respectively, from a major German DSL provider’s access link

which transported all traffic each user generates and receives. In 2010 the fraction of P2P users clearly decreased

compared to previous years. Nevertheless we find that P2P users are still large contributors to the total amount of traffic

seen especially in upstream direction. However in 2010 the impact from P2P on the bandwidth peaks in the busy hours has

clearly decreased while other applications have a growing impact, leading to an increased bandwidth usage per subscriber

in the peak hours. Further analysis also reveals that the P2P users’ traffic still does not exhibit strong locality. We compare

our findings to those available in the literature and propose areas for future work on network monitoring, P2P applications,

and network design.

17 On the Impact of Security Protocols on the Performance of SNMP

Since the early 1990s, there have been several attempts to secure the Simple Network Management Protocol (SNMP). The

third version of the protocol, published as full standard in 2002, introduced the User-based Security Model (USM), which

comes with its own user and key-management infrastructure. Since then, network operators have reported that deploying

another user and key management infrastructure to secure SNMP is expensive and a reason to not deploy SNMPv3. This

paper describes how existing security protocols operating above the transport layer and below application protocols can

be used to secure SNMP. These protocols can take advantage of already deployed key management infrastructures that are

used for other network management interfaces and hence their use can reduce the operational costs associated with

securing SNMP. Our main contribution is a detailed performance analysis of a prototype implementation, comparing the

performance of SNMPv3 over SSH, TLS, and DTLS with other versions of SNMP. We also discuss the differences between

the various options to secure SNMP and provide guidelines for choosing solutions to implement or deploy.

18 Practical and Secure Multidimensional Query Framework in Tiered Sensor Networks

The two-tier architecture consisting of a small number of resource-abundant storage nodes in the upper tier and a large

number of sensors in the lower tier could be promising for large-scale sensor networks in terms of resource efficiency,

network capacity, network management complexity, etc. In this architecture, each sensor having multiple sensing

capabilities periodically forwards the multidimensional sensed data to the storage node, which responds to the queries,

such as range query, top- query, and skyline query. Unfortunately, node compromises pose the great challenge of securing

the data collection; the sensed data could be leaked to or could be manipulated by the compromised nodes. Furthermore,

chunks of the sensed data could be dropped maliciously, resulting in an incomplete query result, which is the most difficult

security breach. Here, we propose a simple yet effective hash tree-based framework, under which data confidentiality,

query result authenticity, and query result completeness can be guaranteed simultaneously. In addition, the subtree

sampling technique, which could be of independent interest to the other applications, is proposed to efficiently identify the

compromised nodes. Last, analytical and extensive simulation studies are conducted to evaluate the performance and

security of our methods. Prototype implementation on TelosB mote demonstrates the practicality of our proposed methods.

6



Madurai




Contact : 91452 4390702, 4392702, 4394702.


Trichy


3rd

Floor,SI Towers,



Contact : 91431 - 4002234.


Kollam




Contact : 91474 2723622.


19 Privacy Preserving Collaborative Enforcement of Firewall Policies in Virtual Private Networks

The widely deployed Virtual Private Network (VPN) technology allows roaming users to build an encrypted tunnel to a VPN

server, which, henceforth, allows roaming users to access some resources as if that computer were residing on their home

organization’s network. Although VPN technology is very useful, it imposes security threats on the remote network because

its firewall does not know what traffic is flowing inside the VPN tunnel. To address this issue, we propose VGuard, a

framework that allows a policy owner and a request owner to collaboratively determine whether the request satisfies the

policy without the policy owner knowing the request and the request owner knowing the policy. We first present an efficient

protocol, called Xhash, for oblivious comparison, which allows two parties, where each party has a number, to compare

whether they have the same number, without disclosing their numbers to each other. Then, we present the VGuard

framework that uses Xhash as the basic building block. The basic idea of VGuard is to first convert a firewall policy to

nonoverlapping numerical rules and then use Xhash to check whether a request matches a rule. Comparing with the Cross-

Domain Cooperative Firewall (CDCF) framework, which represents the state-of-theart, VGuard is not only more secure but

also orders of magnitude more efficient. On real-life firewall policies, for processing packets, our experimental results show

that VGuard is three to four orders of magnitude faster than CDCF.

20 Robust Correlation of Encrypted Attack Traffic through Stepping Stones by Flow Watermarking

Network-based intruders seldom attack their victims directly from their own computer. Often, they stage their attacks

through intermediate “stepping stones” in order to conceal their identity and origin. To identify the source of the attack

behind the stepping stone(s), it is necessary to correlate the incoming and outgoing flows or connections of a stepping

stone. To resist attempts at correlation, the attacker may encrypt or otherwise manipulate the connection traffic. Timing-

based correlation approaches have been shown to be quite effective in correlating encrypted connections. However, timing-

based correlation approaches are subject to timing perturbations that may be deliberately introduced by the attacker at

stepping stones. In this paper, we propose a novel watermarkbased- correlation scheme that is designed specifically to be

robust against timing perturbations. Unlike most previous timing-based correlation approaches, our watermark-based

approach is “active” in that it embeds a unique watermark into the encrypted flows by slightly adjusting the timing of

selected packets. The unique watermark that is embedded in the encrypted flow gives us a number of advantages over

passive timing-based correlation in resisting timing perturbations by the attacker. In contrast to the existing passive

correlation approaches, our active watermark-based correlation does not make any limiting assumptions about the

distribution or random process of the original interpacket timing of the packet flow. In theory, our watermark-based

correlation can achieve arbitrarily close to 100 percent correlation true positive rate (TPR), and arbitrarily close to 0 percent

false positive rate (FPR) at the same time for sufficiently long flows, despite arbitrarily large (but bounded) timing

perturbations of any distribution by the attacker. Our paper is the first that identifies 1) accurate quantitative tradeoffs

between the achievable correlation effectiveness and the defining characteristics of the timing perturbation; and 2) a

provable upper bound on the number of packets needed to achieve a desired correlation effectiveness, given the amount of

timing perturbation. Experimental results show that our active watermark-based correlation performs better and requires

fewer packets than existing, passive timing-based correlation methods in the presence of random timing perturbations.

21 Runtime Defense against Code Injection Attacks Using Replicated Execution

The number and complexity of attacks on computer systems are increasing. This growth necessitates proper defense

mechanisms. Intrusion detection systems play an important role in detecting and disrupting attacks before they can

compromise software. Multivariant execution is an intrusion detection mechanism that executes several slightly different

versions, called variants, of the same program in lockstep. The variants are built to have identical behavior under normal

7



Madurai




Contact : 91452 4390702, 4392702, 4394702.


Trichy


3rd

Floor,SI Towers,



Contact : 91431 - 4002234.


Kollam




Contact : 91474 2723622.


execution conditions. However, when the variants are under attack, there are detectable differences in their execution

behavior. At runtime, a monitor compares the behavior of the variants at certain synchronization points and raises an alarm

when a discrepancy is detected. We present a monitoring mechanism that does not need any kernel privileges to supervise

the variants. Many sources of inconsistencies, including asynchronous signals and scheduling of multithreaded or

multiprocess applications, can cause divergence in behavior of variants. These divergences cause false alarms. We provide

solutions to remove these false alarms. Our experiments show that the multivariant execution technique is effective in

detecting and preventing code injection attacks. The empirical results demonstrate that dual-variant execution has on

average 17 percent performance overhead when deployed on multicore processors.

22 SAT: A Security Architecture Achieving Anonymity and Traceability in Wireless Mesh Networks

Anonymity has received increasing attention in the literature due to the users’ awareness of their privacy nowadays.

Anonymity provides protection for users to enjoy network services without being traced. While anonymity-related issues

have been extensively studied in payment-based systems such as e-cash and peer-to-peer (P2P) systems, little effort has

been devoted to wireless mesh networks (WMNs). On the other hand, the network authority requires conditional anonymity

such that misbehaving entities in the network remain traceable. In this paper, we propose a security architecture to ensure

unconditional anonymity for honest users and traceability of misbehaving users for network authorities in WMNs. The

proposed architecture strives to resolve the conflicts between the anonymity and traceability objectives, in addition to

guaranteeing fundamental security requirements including authentication, confidentiality, data integrity, and

nonrepudiation. Thorough analysis on security and efficiency is incorporated, demonstrating the feasibility and

effectiveness of the proposed architecture.

23 Scheduling Grid Tasks in Face of Uncertain Communication Demands

Grid scheduling is essential to Quality of Service provisioning as well as to efficient management of grid resources. Grid

scheduling usually considers the state of the grid resources as well application demands. However, such demands are

generally unknown for highly demanding applications, since these often generate data which will be transferred during their

execution. Without appropriate assessment of these demands, scheduling decisions can lead to poor performance. Thus, it

is of paramount importance to consider uncertainties in the formulation of a grid scheduling problem. This paper

introduces the IPDT-FUZZY scheduler, a scheduler which considers the demands of grid applications with such

uncertainties. The scheduler uses fuzzy optimization, and both computational and communication demands are expressed

as fuzzy numbers. Its performance was evaluated, and it was shown to be attractive when communication requirements are

uncertain. Its efficacy is compared, via simulation, to that of a deterministic counterpart scheduler and the results reinforce

its adequacy for dealing with the lack of accuracy in the estimation of communication demands.

24 Securing Topology Maintenance Protocols for Sensor Networks

We analyze the security vulnerabilities of PEAS, ASCENT, and CCP, three well-known topology maintenance protocols

(TMPs) for sensor networks. These protocols aim to increase the lifetime of the sensor network by only maintaining a

8



Madurai




Contact : 91452 4390702, 4392702, 4394702.


Trichy


3rd

Floor,SI Towers,



Contact : 91431 - 4002234.


Kollam




Contact : 91474 2723622.


subset of nodes in an active or awake state. The design of these protocols assumes that the sensor nodes will be deployed

in a trusted, nonadversarial environment, and does not take into account the impact of attacks launched by malicious

insider or outsider nodes. We propose a metaprotocol (Meta-TMP) to represent the class of topology maintenance

protocols. The Meta-TMP provides us with a better understanding of the characteristics and of how a specific TMP works,

and it can be used to study the vulnerabilities of a specific TMP. We describe various types of malicious behavior and

actions that can be carried out by an adversary to attack a wireless sensor network by exploiting the TMP being used in the

network. We describe three attacks against these protocols that may be used to reduce the lifetime of the sensor network,

or to degrade the functionality of the sensor application by reducing the network connectivity and the sensing coverage

that can be achieved. Further, we describe countermeasures that can be taken to increase the robustness of the protocols

and make them resilient to such attacks.

25 SLO Auditing Task Analysis, Decomposition, and Specification

Service Level Objectives (SLOs) – the core of a Service Level Agreement (SLA) – reflect major Quality-of-Service (QoS)

requirements of customers on a service for a given price. SLOs need to be updated, if those requirements change. This

leads to an update of the SLO auditing implementation. However, in many existing implementations, efforts are required to

adapt to SLO changes, and even more efforts are needed for dynamic adaptations. Thus, a new SLO auditing design is

essential to be able to reduce such efforts to the bare minimum. This is especially essential, if the service landscape and

relevant QoS parameters are changing frequently. Thus, to meet this core functional requirement of an automated auditing,

a generic auditing framework, applicable to any SLO, is presented in this paper, where the analysis of a general audit task,

the identification of its sequence of subtasks (functional decomposition), and the development of a respective audit

specification for each subtask has been performed. A use case and examples are presented to describe and apply the

concept in detail. An SLO auditing application, which was prototyped, is not restricted to a certain set of QoS parameters,

but it is dynamically reconfigurable and extensible according to changing demands. The work shows that it has become

quite easy to instantiate an auditing application for new SLOs. Additionally, third parties would be able to offer SLO

auditing services to a service provider separately.

26 Spectral Models for Bitrate Measurement from Packet Sampled Traffic

In network measurement systems, packet sampling techniques are usually adopted to reduce the overall amount of data to

collect and process. Being based on a subset of packets, they introduce estimation errors that have to be properly

counteracted by using a fine tuning of the sampling strategy and sophisticated inversion methods. This problem has been

deeply investigated in the literature with particular attention to the statistical properties of packet sampling and to the

recovery of the original network measurements. Herein, we propose a novel approach to predict the energy of the sampling

error in the real time estimation of traffic bitrate, based on spectral analysis in the frequency domain. We start by

demonstrating that the error introduced by packet sampling can be modeled as an aliasing effect in the frequency domain.

Then, we derive closed-form expressions for the Signal-to-Noise Ratio (SNR) to predict the distortion of traffic bitrate

estimates over time. The accuracy of the proposed SNR metric is validated by means of real packet traces. Furthermore, a

comparison with respect to an analogous SNR expression derived using classic stochastic tools is proposed, showing that

the frequency domain approach grants for a higher accuracy when traffic rate measurements are carried out at fine time

granularity..

9

ieee final year projects 2011-2012 :: elysium technologies pvt ltd::networksecurity

Education

remote control mechanism

policy enforcing mechanism

anoverload mechanism

key distributorfor

centralized key

remote control loop

based vanets

sameset of policies