東華大學圖書館 |

Language: English

Help

回圖書館首頁

手機版館藏查詢

Back

Switch To: Labeled | MARC Mode | ISBD

Resilient security in pervasive Inte...

Yang, Hao.

Linked to FindBook

Google Book

Amazon

博客來

Resilient security in pervasive Internet: Data authentication and service availability.

Record Type:	Language materials, printed : Monograph/item
Title/Author:	Resilient security in pervasive Internet: Data authentication and service availability./
Author:	Yang, Hao.
Description:	181 p.
Notes:	Adviser: Songwu Lu.
Contained By:	Dissertation Abstracts International68-02B.
Subject:	Computer Science. -
Online resource:	http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=3251578

Resilient security in pervasive Internet: Data authentication and service availability.
Yang, Hao.

Resilient security in pervasive Internet: Data authentication and service availability. - 181 p.

Adviser: Songwu Lu.

Thesis (Ph.D.)--University of California, Los Angeles, 2006.

Today computer networks are indispensable in our daily life. The Internet has become the global data communication infrastructure and provided convenient information and service access to anyone with a networked computer. The future pervasive Internet will play an even more important role by converging different networking technologies. While the wired Internet continues to serve as the backbone, the wireless access networks will provide the users ubiquitous coverage and "anytime, anywhere" access. The emerging sensor networks will also become new citizens in the pervasive Internet and enable many applications with intelligent human-to-environment interaction.Subjects--Topical Terms:

626642
Computer Science.

Resilient security in pervasive Internet: Data authentication and service availability.
LDR:05640nam 2200337 a 45 001 967197
005 20110915
008 110915s2006 eng d
035 $a (UnM)AAI3251578
035 $a AAI3251578
040 $a UnM $c UnM
100 1 $a Yang, Hao. $3 1066716
245 1 0 $a Resilient security in pervasive Internet: Data authentication and service availability.
300 $a 181 p.
500 $a Adviser: Songwu Lu.
500 $a Source: Dissertation Abstracts International, Volume: 68-02, Section: B, page: .
502 $a Thesis (Ph.D.)--University of California, Los Angeles, 2006.
520 $a Today computer networks are indispensable in our daily life. The Internet has become the global data communication infrastructure and provided convenient information and service access to anyone with a networked computer. The future pervasive Internet will play an even more important role by converging different networking technologies. While the wired Internet continues to serve as the backbone, the wireless access networks will provide the users ubiquitous coverage and "anytime, anywhere" access. The emerging sensor networks will also become new citizens in the pervasive Internet and enable many applications with intelligent human-to-environment interaction.
520 $a Security is one critical requirement for the pervasive Internet as a dependable network infrastructure. In order to protect the network from malicious attacks, the entire protocol stack must be carefully examined and secured. However, it is non-trivial to design and deploy secure protocols in a large-scale distributed network due to the following three challenges. First, individual nodes in the network are prone to security compromise, and the adversary may exploit such compromised nodes to launch insider attacks. Second, in many cases, we cannot have the luxury of a clean-slate security design. Instead, the solutions are largely constrained by the existing operational systems. Third, a large-scale system is typically operated by many different administrative domains, each of which manages the system in a different and often imperfect manner.
520 $a In this dissertation, we address the above challenges through a novel resilient security design approach as follows. First, instead of aiming at "perfect security" under a restricted attack model, we seek to design resilient security solutions that can offer gracefully degraded protection when the attacker's power increases. Second, we assess the security designs based on not only their cryptographic strength but also their practical and operational performance. We demonstrate the concept of resilient security in both wired and wireless networks through the provision of two critical security services, namely data authentication and service availability. To this end, we have proposed a set of novel secure protocols and techniques to protect the Internet Domain Name System (DNS) and the emerging wireless ad-hoc and sensor networks.
520 $a We first study data authentication in sensor networks, and propose a location-based security design to detect and drop forged data as early as possible. This is achieved by binding symmetric keys to geographic cells and pre-distributing these keys to nodes based on their deployed locations. By constraining each key's usage and each node's available keys, our design can achieve highly resilient filtering power as more sensor nodes are compromised.
520 $a To ensure highly available packet delivery service in mobile ad-hoc networks, we design a self-organized security solution that protect routing and data forwarding operations through localized collaboration and information cross-validation. In our design, local neighboring nodes collaboratively monitor each other by overhearing the wireless channel, and sustain each other via a distributed ticket service. This way, a malicious node can be quickly detected and evicted from the network.
520 $a We then consider the Internet DNS system and study its resiliency under the emerging DoS attacks. The DNS hierarchical structure is extremely vulnerable to DoS attacks, because the failure of a single node makes all its descendants unaccessible. To achieve DoS-resilient name resolution service, we propose an overlay-based design that can ensures high degree of service accessibility for each surviving node. This is achieved by the combination of three novel techniques of hierarchical overlays, randomized overlays, and overlay recovery.
520 $a Finally, we assess the practical performance of DNS Security Extensions (DNSSEC) that have been designed to achieve data authentication in the DNS. We critically examine its three major components, namely public key management, data signing, and signature verification, and identify operational challenges for each of them. We further design and implement a set of operational tools for DNSSEC that can better address these identified challenges.
520 $a We learned several valuable lessons during this dissertation research. Specifically, we demonstrate three principles for resilient security design, namely limiting the key usage, leveraging the network scale, and eliminating single point of failure. Continued research along these directions will, as we believe, render truly secure and dependable network infrastructure in the near future.
590 $a School code: 0031.
650 4 $a Computer Science. $3 626642
690 $a 0984
710 2 0 $a University of California, Los Angeles. $3 626622
773 0 $t Dissertation Abstracts International $g 68-02B.
790 $a 0031
790 1 0 $a Lu, Songwu, $e advisor
791 $a Ph.D.
792 $a 2006
856 4 0 $u http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=3251578