Due to rapid growth of RFID system applications, the security and privacy problems become more and more important to guarantee the validity of RFID systems. Without introducing proper privacy protection mechanisms, widespread deployment of RFID could raise privacy concerns to both companies and individuals. As a fundamental issue for the design and analysis of secure RFID systems, some formal RFID privacy frameworks were proposed in recent years to give the principles for evaluating the security and privacy in RFID system. However, readers can be confused with so many proposed frameworks. In this paper, we make a comparative and survey study on the proposed RFID privacy frameworks. We mainly divide the existing models into three categories, the four-oracle framework, eight-oracle framework and Universal Composability framework. We give a brief review on the existing models and describe their abilities to model the adversarial behavior in RFID systems. We then analyze relations among those existing RFID privacy models and make some comparisons among their properties.

Link and node trustworthiness are important metrics in wireless ad hoc networks. Many existing wireless ad hoc network routing algorithms assume the availability of precise trustworthiness information. This, however, is an unrealistic assumption given the dynamics of wireless ad hoc networks. Therefore, a realistic method is needed to evaluate trustworthiness by mitigating uncertainty in the estimation process. In this paper, we propose a novel trustworthiness estimation model that accounts for uncertainty as well as two uncertainty mitigation schemes. We then illustrate the effectiveness of our schemes using a utility-oriented routing algorithm as a sample application. An extensive simulation study shows that these two uncertainty mitigation schemes significantly increase path stability and the long-term total benefit of the wireless ad hoc network.

Various incidents expose the vulnerability and fragility of the Internet inter-domain routing, and highlight the need for further efforts in developing new approaches to evaluating the trustworthiness of routing information. Based on collections of BGP routing information, we disclose a variety of anomalies and malicious attacks and demonstrate their potential impacts on the Internet security. This paper proposes a systematic approach to detecting the anomalies in inter-domain routing, combining effectively spatial-temporal multiple-view method, knowledge-based method, and cooperative verification method, and illustrates how it helps in alleviating the routing threats by taking advantage of various measures. The main contribution of our approach lies on critical techniques including the construction of routing information sets, the design of detection engines, the anomaly verification and the encouragement mechanism for collaboration among ASs. Our approach has been well verified by our Internet Service Provider (ISP) partners and has been shown to be effective in detecting anomalies and attacks in inter-domain routing.

A formalization of authentication trust is proposed for federated identity management systems. Identity federation facilitates user interaction with Web services that control access, but it is more difficult for a service provider to evaluate the assurance of a user's identity if the creation and propagation of user authentication assertions involve different authentication authorities and mediators. On the basis of this formal representation, an aggregated trust value is calculated for evaluating the trustworthiness of a user's identity from the user's authentication assertions propagated through multiple entities while preventing misbehavior or threats to manipulate the trust value.

Soft error has become an increasingly significant concern in modern micro-processor design, it is reported that the instruction-level temporal redundancy in out-of-order cores suffers an performance degradation up to 45%. In this work, we propose a fault tolerant architecture with fast error correcting codes (such as the two-dimensional code) based on double execution. Experimental results show that our scheme can gain back IPC loss between 9.1% and 10.2%, with an average around 9.2% compared with the conventional double execution architecture.

Network structure has a great impact both on hazard spread and network immunization. The vulnerability of the network node is associated with each other, assortative or disassortative. Firstly, an algorithm for vulnerability relevance clustering is proposed to show that the vulnerability community phenomenon is obviously existent in complex networks. On this basis, next, a new indicator called network “hyper-betweenness” is given for evaluating the vulnerability of network node. Network hyper-betweenness can reflect the importance of network node in hazard spread better. Finally, the dynamic stochastic process of hazard spread is simulated based on Monte-Carlo sampling method and a two-player, non-cooperative, constant-sum game model is designed to obtain an equilibrated network immunization strategy.

Soft errors caused by energetic particle strikes in on-chip cache memories have become a critical challenge for microprocessor design. Architectural vulnerability factor (AVF), which is defined as the probability that a transient fault in the structure would result in a visible error in the final output of a program, has been widely employed for accurate soft error rate estimation. Recent studies have found that designing soft error protection techniques with the awareness of AVF is greatly helpful to achieve a tradeoff between performance and reliability for several structures (i.e., issue queue, reorder buffer). Considering large on-chip L2 cache, redundancy-based protection techniques (such as ECC) have been widely employed for L2 cache data integrity with high costs. Protecting caches without accurate knowledge of the vulnerability characteristics may lead to the over-protection, thus incurring high overheads. Therefore, designing AVF-aware protection techniques would be attractive for designers to achieve a cost-efficient protection for caches, especially at early design stage. In this paper, we propose an improved AVF estimation framework for conducing comprehensive characterization of dynamic behavior and predictability of L2 cache vulnerability. We propose to employ Bayesian Additive Regression Trees (BART) method to accurately model the variation of L2 cache AVF and to quantitatively explain the important effects of several key performance metrics on L2 cache AVF. Then we employ bump hunting technique to extract some simple selecting rules based on several key performance metrics for a simplified and fast estimation of L2 cache AVF. Using the simplified L2 cache AVF estimator, we develop an AVF-aware ECC technique as an example to demonstrate the cost-efficient advantages of the AVF prediction based dynamic fault tolerant techniques. Experimental results show that compared with traditional full ECC technique, AVF-aware ECC technique reduces the L2 cache access latency by 16.5% and saves power consumption by 11.4% for SPEC2K benchmarks averagely.

Since wireless sensor networks (WSNs) are resources-constrained, it is very essential to gather data efficiently from the WSNs so that their life can be prolonged. Data aggregation can conserve a significant amount of energy by minimizing transmission cost in terms of the number of data packets. Many applications require privacy and integrity protection of the sampled data while they travel from the source sensor nodes to a data collecting device, say a query server. However, the existing schemes suffer from high communication cost, high computation cost and data propagation delay. To resolve the problems, in this paper, we propose a new and efficient integrity protecting sensitive data aggregation scheme for WSNs. Our scheme makes use of the additive property of complex numbers to achieve sensitive data aggregation with protecting data integrity. With simulation results, we show that our scheme is much more efficient in terms of both communication and computation overheads, integrity checking and data propagation delay than the existing schemes for protecting integrity and privacy preserving data aggregation in WSNs.

An electronic ticket is a contract, in digital format, between the user and the service provider, and reduces both economic costs and time in many services such as air travel industries or public transport. However, the security of the electronic ticket has to be strongly guaranteed, as well as the privacy of their users. We present an electronic ticketing system that considers these security requirements and includes the exculpability as a security requirement for these systems, i.e. users and the service provider can not falsely accuse each other of misbehavior. The system ensures that either both parties receive their desired data from other or neither does (fair exchange). Another interesting property is reusability. Thanks to reusability the tickets can be used a predefined number of times with the same security as single tickets. Furthermore, this scheme takes special care of the computational requirements on the users side by using light-weight cryptography. We show that the scheme is usable in practice by means of its implementation using mobile phones with Near Field Communication (NFC) capabilities.

Multipath routing has been extended to Border Gateway Protocol (BGP), the current de facto inter-domain routing protocol, to address the reliability and performance issues of the current Internet. However, inter-domain multipath routing introduces a significant challenge for scalability due to the large scale of the inter-domain routing system. At the same time it also introduces new challenges in terms of security and security related overhead. In this paper, we propose a regional multipath approach, Regional Multipath Inter-domain Routing (RMI), where multiple paths are only allowed to be propagated within a well-defined range. With multipath routing in a region, we enable inter-domain routing with rich path diversity and improved security, and no longer have to sacrifice scalability. We show how to propagate multiple paths based on the region by theoretical analysis and by extensive simulations. Our simulations show that the number of messages generated using this approach and the convergence delay are much less than those of BGP and BGP with full multipath advertisement.

The use of IP addresses as host IDs and locators in the present day Internet protocols imposes constraints on designing efficient solutions for mobility, multihoming, renumbering, and security. To eliminate the constraints, different approaches of introducing ID/locator split into future network architectures have been discussed recently. HIMALIS is such an architecture, which uses distinct sets of values for identifiers and locators and allows the network layer to change locators without requiring the upper layers to change identifiers. One of the major challenges of HIMALIS is the design and implementation of a distributed ID-to-locator mapping database system to efficiently store, update and provide the up-to-date mapping data to the network elements. For this purpose, this paper discusses the application of the Domain Trusted Entity (DTE) infrastructure to the HIMALIS architecture. It provides a unified manner to get locators from high level identifiers (names) with enhanced security, privacy, and trust, while maintaining all capabilities and full compatibility with the previous DNR, HNR, and IDR infrastructures found in HIMALIS.

Recently, numerous service discovery protocols have been introduced in the open literature. Unfortunately, many of them did not consider security issues, and for those that did, many security and privacy problems still remain. One important issue is to protect the privacy of a service provider while enabling an end-user to search an alternative service using multiple keywords. To deal with this issue, the existing protocols assumed that a directory server should be trusted or owned by each service provider. However, an adversary may compromise the directory server due to its openness property. In this paper, we suggest an efficient verification of service subscribers to resolve this issue and analyze its performance and security. Using this method, we propose an efficient and secure service discovery protocol protecting the privacy of a service provider while providing multiple keywords search to an end-user. Also, we provide performance and security analysis of our protocol.

In Wireless Sensor Networks (WSNs), authentication is a crucial security requirement to avoid attacks against secure communication, and to mitigate against DoS attacks exploiting the limited resources of sensor nodes. Resource constraints of sensor nodes are hurdles in applying strong public key cryptographic based mechanisms in WSNs. To address the problem of authentication in WSNs, we propose an efficient and secure framework for authenticated broadcast/multicast by sensor nodes as well as for outside user authentication, which utilizes identity based cryptography and online/offline signature (OOS) schemes. The primary goals of this framework are to enable all sensor nodes in the network, firstly, to broadcast and/or multicast an authenticated message quickly; secondly, to verify the broadcast/multicast message sender and the message contents; and finally, to verify the legitimacy of an outside user. This paper reports the implementation and experimental evaluation of the previously proposed authenticated broadcast/multicast by sensor nodes scheme using online/offline signature on TinyOS and MICA2 sensor nodes.

The continuous advances in sensing and positioning technologies have resulted in a dramatic increase in popularity of Location-Based Services (LBS). Nevertheless, the LBS can lead to user privacy breach due to sharing location information with potentially malicious services. A high degree of location privacy preservation for LBS is extremely required. In this paper, a clustering K-anonymity scheme for location privacy preservation (namely CK) is proposed. The CK scheme does not rely on a trusted third party to anonymize the location information of users. In CK scheme, the whole area that all the users reside is divided into clusters recursively in order to get cloaked area. The exact location information of the user is replaced by the cloaked spatial temporal boundary (STB) including K users. The user can adjust the resolution of location information with spatial or temporal constraints to meet his personalized privacy requirement. The experimental results show that CK can provide stringent privacy guarantees, strong robustness and high QoS (Quality of Service).

For personalized search, a user must provide her personal information. However, this sometimes includes the user's sensitive information about individuals such as health condition and private lifestyle. It is not sufficient just to protect the communication channel between user and service provider. Unfortunately, the collected personal data can potentially be misused for the service providers' commercial advantage (e.g. for advertising methods to target potential consumers). Our aim here is to protect user privacy by filtering out the sensitive information exposed from a user's query input at the system level. We propose a framework by introducing the concept of query generalizer. Query generalizer is a middleware that takes a query for personalized search, modifies the query to hide user's sensitive personal information adaptively depending on the user's privacy policy, and then forwards the modified query to the service provider. Our experimental results show that the best-performing query generalization method is capable of achieving a low traffic overhead within a reasonable range of user privacy. The increased traffic overhead varied from 1.0 to 3.3 times compared to the original query.

Recently, social network services are rapidly growing and this trend is expected to continue in the future. Social network data can be published for various purposes such as statistical analysis and population studies. When social network data are published, however, the privacy of some people may be disclosed. The most straightforward manner to preserve privacy in social network data is to remove the identifiers of persons from the social network data. However, an adversary can infer the identity of a person in the social network by using his/her background knowledge, which consists of content information such as the age, sex, or address of the person and structural information such as the number of persons having a relationship with the person. In this paper, we propose a privacy protection method for social network data. The proposed method anonymizes social network data to prevent privacy attacks that use both content and structural information, while minimizing the information loss or distortion of the anonymized social network data. Through extensive experiments, we verify the effectiveness and applicability of the proposed method.

Since the number of server providing the facilities for users is usually more than one, remote user authentication schemes used for multi-server architectures, rather than single server circumstance, is considered. As far as security is concerned, privacy is the most important requirements, though some other properties are also desirable in practice. Recently, a number of dynamic ID-based user authentication schemes have been proposed. However, most of those schemes have more or less weaknesses and/or security flaws. In the worst case, user privacy cannot be achieved since malicious servers or users can mount some attacks, i.e., server spoofing attack and impersonation attack, to identify the unique identifier of users and masquerade of one entity as some other. In this paper, we analyze two latest research works and demonstrate that they cannot achieve true anonymity and have some other weaknesses. We further propose the improvements to avoid those security problems. Besides user privacy, the key features of our scheme are including no verification table, freely chosen password, mutual authentication, low computation and communication cost, single registration, session key agreement, and being secure against the related attacks.

With the evolution of the P2P research field, new problems, such as those related with information security, have arisen. It is important to provide security mechanisms to P2P systems, since it has already become one of the key issues when evaluating them. However, even though many P2P systems have been adapted to provide a security baseline to their underlying applications, more advanced capabilities are becoming necessary. Specifically, privacy preservation and anonymity are deemed essential to make the information society sustainable. Unfortunately, sometimes, it may be difficult to attain anonymity unless it is included into the system's initial design. The JXTA open protocols specification is a good example of this kind of scenario. This work studies how to provide anonymity to JXTA's architecture in a feasible manner and proposes an extension which allows deployed services to process two-way messaging without disclosing the endpoints' identities to third parties.

This letter analyzes a resource chain trust model for P2P reputation-based systems. Many researchers have given a lot of efforts to reputation-based system area and some of them have made good theoretical models. Problems are to spread malicious contents whereas the remark that such models only concentrate on the relationship between the node and its direct neighbors is still controversial. To solve the problems, we introduced the RCM (Resource Chain Model) and the Enhanced RCM. In this letter, we analyze the models and then show usage of our models can help us to find the best and safest location efficiently and decrease the number of malicious transaction.

Multihop ad-hoc networks have a dynamic topology. Retrieving a route towards a remote peer requires the execution of a recipient lookup, which can publicly reveal sensitive information about him. Within this context, we propose an efficient, practical and scalable solution to guarantee the anonymity of recipients' nodes in ad-hoc networks.

In this paper, we propose efficient sequential AES CCM architecture for the IEEE 802.16e. In the proposed architecture, only one AES encryption core is used and the operation of the CTR and the CBC-MAC is processed concurrently within one round. With this design approach, we can design sequential AES CCM architecture having 570 Mbps@102.4 MHz throughput and 1,397 slices at a Spartan3 3s5000 device.

This paper presents the design and performance evaluation of a delay attack-resilient clock synchronization scheme (abbreviated to DARCS) for wireless sensor networks. In order to provide both synchronization accuracy and robustness, we propose a novel three-way handshake-based protocol, which completely excludes non-deterministic factors such as random backoff durations and unexpected hardware interrupts in a software manner and, in this way, the node can accurately estimate the relative clock offset and the end-to-end delay between a pair of nodes. Consequently, DARCS makes it possible to correct time synchronization errors as well as to detect delay attacks precisely. The simulation results show that DARCS achieves a higher synchronization accuracy and is more resilient to delay attacks than the other popular time synchronization schemes.

This paper proposes a combinatorial auction-based marketplace mechanism for cloud computing services, which allows users to reserve arbitrary combination of services at requested timeslots, prices and quality of service. The proposed mechanism helps enterprise users build workflow applications in a cloud computing environment, specifically on the platform-as-a-service, where the users need to compose multiple types of services at different timeslots. The proposed marketplace mechanism consists of a forward market for an advance reservation and a spot market for immediate allocation of services. Each market employs mixed integer programming to enforce a Pareto optimum allocation with maximized social economic welfare, as well as double-sided auction design to encourage both users and providers to compete for buying and selling the services. The evaluation results show that (1) the proposed forward/combinatorial mechanism outperforms other non-combinatorial and/or non-reservation (spot) mechanisms in both user-centric rationality and global efficiency, and (2) running both a forward market and a spot market improves utilization without disturbing advance reservations depending on the provider's policy.

Feature location is to identify source code that implements a given feature. It is essential for software maintenance and evolution. A large amount of research, including static analysis, dynamic analysis and the hybrid approaches, has been done on the feature location problems. The existing approaches either need plenty of scenarios or rely on domain experts heavily. This paper proposes a new approach to locate functional feature in source code by combining the change impact analysis and information retrieval. In this approach, the source code is instrumented and executed using a single scenario to obtain the execution trace. The execution trace is extended according to the control flow to cover all the potentially relevant classes. The classes are ranked by trace-based impact analysis and information retrieval. The ranking analysis takes advantages of the semantics and structural characteristics of source code. The identified results are of higher precision than the individual approaches. Finally, two open source cases have been studied and the efficiency of the proposed approach is verified.

Many Petri nets-based methods have been developed and applied to analyze cryptographic protocols. Most of them offer the analysis of one attack trace only. Only a few of them provide the analysis of multiple attack traces, but they are rather inefficient. Similarly, the limitation of the analysis of one attack trace occurs in most model checking methods for cryptographic protocols. Recently, we proposed a simple but practical Petri nets-based model checking methodology for the analysis of cryptographic protocols, which offers an efficient analysis of all attack traces. In our previous analysis, we assume that the underlying cryptographic algorithms are black boxes, and attackers cannot learn anything from cipher text if they do not have a correct key. In this paper, we relax this assumption by considering some algebraic properties of the underlying encryption algorithm. Then, we apply our new method to TMN authenticated key exchange protocol as a case study. Surprisingly, we obtain a very efficient analysis when the numbers of attack traces and states are large, and we discover two new attacks which exploit the algebraic properties of the encryption.

This paper proposes a method for detecting determiner errors, which are highly frequent in learner English. To augment conventional methods, the proposed method exploits a strong tendency displayed by learners in determiner usage, i.e., mistakenly omitting determiners most of the time. Its basic idea is simple and applicable to almost any conventional method. This paper also proposes combining the method with countability prediction, which results in further improvement. Experiments show that the proposed method achieves an F-measure of 0.684 and significantly outperforms conventional methods.

In multimedia communication, due to the limited computational capability of the personal information machine, a coder with low computational complexity is needed to integrate services from several media sources. This paper presents two efficient candidate schemes to simplify the most computationally demanding operation, the excitation codebook search procedure. For fast adaptive codebook search, we propose an algorithm that uses residual signals to predict the candidate gain-vectors of the adaptive codebook. For the fixed codebook, we propose a fast search algorithm using an energy function to predict the candidate pulses, and we redesign the codebook structure to twin multi-track positions architecture. Overall simulation results indicate that the average perceptual evaluation of speech quality (PESQ) score is degraded slightly, by 0.049, and our proposed methods can reduce total computational complexity by about 67% relative to the original G.723.1 encoder computation load, and with perceptually negligible degradation. Objective and subjective evaluations verify that the more efficient candidate schemes we propose can provide speech quality comparable to that using the original coder approach.

Recently, a novel approach to color image compression based on colorization has been presented. The conventional method for colorization-based image coding tends to lose the local oscillation of chrominance components that the original images had. A large number of color assignments is required to restore these oscillations. On the other hand, previous studies suggest that an oscillation of a chrominance component correlates with the oscillation of a corresponding luminance component. In this paper, we propose a new colorization-based image coding method that utilizes the local correlation between texture components of luminance and chrominance. These texture components are obtained by a total variation regularized energy minimization method. The local correlation relationships are approximated by linear functions, and their coefficients are extracted by an optimization method. This key idea enables us to represent the oscillations of chrominance components by using only a few pieces of information. Experimental results showed that our method can restore the local oscillation and code images more efficiently than the conventional method, JPEG, or JPEG2000 at a high compression rate.

This paper presents a folded surface detection and tracking method for augmented maps. First, we model a folded surface as two connected planes. Therefore, in order to detect a folded surface, the plane detection method is iteratively applied to the 2D correspondences between an input image and a reference plane. In order to compute the exact folding line from the detected planes for visualization purpose, the intersection line of the planes is computed from their positional relationship. After the detection is done, each plane is individually tracked by the frame-by-frame descriptor update method. We overlay virtual geographic data on each detected plane. As scenario of use, some interactions on the folded surface are introduced. Experimental results show the accuracy and performance of folded surface detection for evaluating the effectiveness of our approach.

A kernel based asymmetric learning method is developed for software defect prediction. This method improves the performance of the predictor on class imbalanced data, since it is based on kernel principal component analysis. An experiment validates its effectiveness.

In the past few years, discriminant analysis and manifold learning have been widely used in feature extraction. Recently, the sparse representation technique has advanced the development of pattern recognition. In this paper, we combine both discriminant analysis and manifold learning with sparse representation technique and propose a novel feature extraction approach named sparsity preserving embedding with manifold learning and discriminant analysis. It seeks an embedded space, where not only the sparse reconstructive relations among original samples are preserved, but also the manifold and discriminant information of both original sample set and the corresponding reconstructed sample set is maintained. Experimental results on the public AR and FERET face databases show that our approach outperforms relevant methods in recognition performance.

We propose a novel query-dependent feature aggregation (QDFA) method for medical image retrieval. The QDFA method can learn an optimal feature aggregation function for a multi-example query, which takes into account multiple features and multiple examples with different importance. The experiments demonstrate that the QDFA method outperforms three other feature aggregation methods.

This paper presents a restoration method using several degraded observed images obtained through a technique known as microscanning. It is shown that microscanning provides sufficient spatial information for image restoration with minimal information about the original image and without knowing the interference function that causes degradation.

This paper discusses the task of human action detection. It requires not only classifying what type the action of interest is, but also finding actions' spatial-temporal locations in a video. The novelty of this paper lies on two significant aspects. One is to introduce a new graph based representation for the search space in a video. The other is to propose a novel sub-volume search method by Minimum Cycle detection. The proposed method has a low computation complexity while maintaining a high action detection accuracy. It is evaluated on two challenging datasets which are captured in cluttered backgrounds. The proposed approach outperforms other state-of-the-art methods in most situations in terms of both Precision-Recall values and running speeds.