Scheduled System Maintenance on May 29th, 2015:
IEEE Xplore will be upgraded between 11:00 AM and 10:00 PM EDT. During this time there may be intermittent impact on performance. We apologize for any inconvenience.
By Topic

Global Telecommunications Conference, 2007. GLOBECOM '07. IEEE

Date 26-30 Nov. 2007

Filter Results

Displaying Results 1 - 25 of 1017
  • [Copyright notice - GLOBECOM 2007]

    Publication Year: 2007 , Page(s): ii
    Save to Project icon | Request Permissions | PDF file iconPDF (87 KB)  
    Freely Available from IEEE
  • Welcome from the Techincal Chair - GLOBECOM 2007

    Publication Year: 2007 , Page(s): iii
    Save to Project icon | Request Permissions | PDF file iconPDF (214 KB)  
    Freely Available from IEEE
  • Welcome from the General Vice Chairs - GLOBECOM 2007

    Publication Year: 2007 , Page(s): iv
    Save to Project icon | Request Permissions | PDF file iconPDF (229 KB)  
    Freely Available from IEEE
  • Executive Committee and Patrons

    Publication Year: 2007 , Page(s): v
    Save to Project icon | Request Permissions | PDF file iconPDF (162 KB)  
    Freely Available from IEEE
  • Technical Symposia - GLOBECOM 2007

    Publication Year: 2007 , Page(s): vi - vii
    Save to Project icon | Request Permissions | PDF file iconPDF (232 KB)  
    Freely Available from IEEE
  • Technical Committee - GLOBECOM 2007

    Publication Year: 2007 , Page(s): viii - xvi
    Save to Project icon | Request Permissions | PDF file iconPDF (351 KB)  
    Freely Available from IEEE
  • Table of contents - GLOBECOM 2007

    Publication Year: 2007 , Page(s): xvii - lxvi
    Save to Project icon | Request Permissions | PDF file iconPDF (481 KB)  
    Freely Available from IEEE
  • A New Design of Bloom Filter for Packet Inspection Speedup

    Publication Year: 2007 , Page(s): 1 - 5
    Cited by:  Papers (1)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (147 KB) |  | HTML iconHTML  

    Bloom filter is a space-efficient randomized data structure for group membership query. It is widely used in networking applications which involve the packet header/content inspection. To provide fast membership query operation, this data structure resides in the main memory in most of its applications. Each membership query consists hashing for a set of memory addresses and memory accesses at these locations. In this paper, we propose a new design of Bloom filter in which every two memory addresses are squeezed into one I/O block of the main memory. With the burst-type data I/O capability in the contemporary DRAM design, the total number of memory I/O's involved in the membership query is reduced by half. Therefore, the average query delay can be reduced significantly. The cost of using this new design is a negligible increment of false positive rate as shown by both analysis and simulation. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Dynamic Binary Tree for Hierarchical Clustering of IP Traffic

    Publication Year: 2007 , Page(s): 6 - 10
    Cited by:  Papers (2)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (602 KB) |  | HTML iconHTML  

    This paper proposes a computational and memory-efficient technique for online unidimensional clustering of individual IP addresses in order to detect high-volume traffic clusters (hierarchical heavy hitters). Our technique is based on a Patricia tree and can cope with today's traffic volume. We test our algorithm by using a traffic trace composed of NetFlow records sent by a few tens of routers of the France telecom IP backbone network. We moreover show how our algorithm can be used for network anomaly detection. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Performing Packet Content Inspection by Longest Prefix Matching Technology

    Publication Year: 2007 , Page(s): 11 - 15
    Cited by:  Papers (1)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (259 KB) |  | HTML iconHTML  

    This article presents a novel mechanism to perform packet content inspection by longest prefix matching (LPM) technology. It is done by transforming the automaton-based state table lookup problem into the famous LPM table lookup problem. Two key features, symbol-wise prefix and magic state are observed on the state table to make it possible to utilize IP lookup techniques for string matching. The proposed mechanism is verified to be effective through Lulea algorithm. Also, the practicability is evaluated by employing realistic attack signatures and traffic traces. The experimental results indicate that a state table constructed from the Snort 2.4 patterns can be converted into a prefix table that requires only 2.5% of the memory utilized in the original state table. Compared with the state-of-the-art researches, the proposed scheme has more than 3 times of efficiency, achieving a better balance between required memory size and throughput rate. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • RECHOKe: A Scheme for Detection, Control and Punishment of Malicious Flows in IP Networks

    Publication Year: 2007 , Page(s): 16 - 21
    Cited by:  Papers (3)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (262 KB) |  | HTML iconHTML  

    In this paper, we are proposing a scheme called RECHOKe (REpeatedly CHOose and keep for malicious flows, REpeatedly CHOose and Kill for non-malicious flows) to be used for detecting, controlling and punishing of malicious flows in IP networks. It is an extension of xCHOKe, CHOKe and RED-PD schemes, combining both CHOKe hit and RED drop/mark histories, to detect, control and punish these flows more accurately while providing better protection to non-malicious flows. However, unlike xCHOKe and CHOKe, RECHOKe does not drop packets during CHOKe hits; thereby eliminating the complexity of dropping or marking randomly selected packets already queued and the unreliability of CHOKe hits. We analyze xCHOKe and RECHOKe in detail using ns-2 and show that RECHOKe performs better than RED, CHOKe and xCHOKe which are limited in what they can achieve as malicious flows get much more than their fair share and non-malicious flows get mistakenly penalized. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Extending the NetPDL Language to Support Traffic Classification

    Publication Year: 2007 , Page(s): 22 - 27
    Cited by:  Papers (1)  |  Patents (1)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (219 KB) |  | HTML iconHTML  

    Despite the importance of traffic classification in modern networks, the number of languages tailored to this task is extremely limited. These languages can be valuable, because they allow the update of an application (e.g. firewall) in terms of supported protocols by simply updating its protocol description database, instead of recompiling the application from scratch. This paper presents a set of extensions to the Network Protocol Description Language (NetPDL) allowing support of traffic classification from data-link to application-layer protocols. A set of preliminary experimental results obtained with these new extensions is presented as well. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • AIDA: Responsive and Available Auctions Over the Internet

    Publication Year: 2007 , Page(s): 28 - 32
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (196 KB) |  | HTML iconHTML  

    This paper discuss the design and implementation of an Architecture for Internet-based Distributed Auctions (AIDA). The AIDA system implements responsive and available auction services in a large scale distributed context, such as the Internet, by means of geographically distributed servers. AIDA can support fast auctions, whose duration could be as short as few tents of seconds. Moreover, AIDA does not suffer some drawbacks of the current online auctions, such as the "last minute bidding". Therefore, AIDA enables types of auction that are rarely implemented online; conversely, these are very common in traditional auctions. Further characteristics of AIDA are fault tolerance and scalability. The system can tolerate any predefined number of faults, both of servers and of network. The number of servers and the communication bandwidth increase linearly with respect to the number of clients. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Shout to Secure: Physical-Layer Wireless Security with Known Interference

    Publication Year: 2007 , Page(s): 33 - 38
    Cited by:  Papers (11)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (598 KB) |  | HTML iconHTML  

    This paper proposes a physical-layer security scheme for wireless networks, aiming to achieve communication secrecy by making the eavesdropper incapable of decoding the secret wireless message. The considered scenario features one user within the range of two access points, API and AP2. The APs are assumed to be connected through an alternative secure (e.g. wired) connection. The goal is to secure the wireless link between the user and API. While the user transmits to API, AP2 simultaneously transmits an interfering signal, which is a priori provided to API, such that API is likely the only node capable of decoding the user's entire transmission. Evaluation is done through simulation by measuring the upper bound of the information-theoretic secrecy and error performance. In the latter case it is shown that the eavesdropper experiences significantly higher error rates than the intended receiver, thus providing evidence of practical security. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Power-Modulated Challenge-Response Schemes for Verifying Location Claims

    Publication Year: 2007 , Page(s): 39 - 43
    Cited by:  Papers (8)  |  Patents (1)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (261 KB) |  | HTML iconHTML  

    Location information should be verifiable in order to support new computing and information services. In this paper, we adapt the classical challenge-response method for authentication to the task of verifying an entity's location. Our scheme utilizes a collection of transmitters, and adapts their power allocations to verify a user's claimed location. This strategy, which we call power-modulated challenge response, is able to be used with existing wireless sensor networks, and we present three variations. First, we propose a direct method, where some transmitters are selected to send "challenges" that the claimant node should be able to witness based on its claimed location, and for which the claimant node must correctly respond in order to prove its location. Second, we reverse the strategy by presenting an indirect method, where some transmitters send challenges that the claimant node should not be able to witness. Finally, we present a signal strength based method, where the node responds with its received signal strength and thereby provides improved location verification. To evaluate our schemes, we examine different adversarial models for the claimant, and characterize the performance of our power-modulated challenge response schemes under these adversarial models. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Distributed Keyless Secret Sharing Over Noiseless Channels

    Publication Year: 2007 , Page(s): 44 - 48
    Cited by:  Papers (3)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (137 KB) |  | HTML iconHTML  

    In traditional secret sharing, a central trusted authority must divide a secret into multiple parts, called shares, such that the secret can only be recovered when a certain number of shares are available for reconstruction [1], [2]. In this paper, we consider a secret sharing problem in which each share must be created separately by independent entities such that no collaboration or shared cryptographic keys are required; we call this the distributed keyless secret sharing problem. For this problem, general tradeoffs between compression and secrecy are characterized yielding the impossibility result that perfect secrecy is unachievable. In response to this impossibility, we define a practical measure of secrecy and design a low-cost solution based on this measure of secrecy. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Protecting Location Privacy with Dynamic Mac Address Exchanging in Wireless Networks

    Publication Year: 2007 , Page(s): 49 - 53
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (327 KB) |  | HTML iconHTML  

    Location information of users can now be collected from most wireless communication using advanced wireless location tracking techniques. Providing location information can be advantageous in some situations. However, there are instances, where it may be critical to protect the location of the individual. Several protection strategies, such as periodically updating interface identifiers, have been proposed so that an adversary cannot track mobiles in long-term movements. In this paper, we introduce a new strategy, DMAS (Dynamical Mac Assignment with Shuffle), in which the mobile client dynamically exchanges its assigned Mac addresses with others.We present a security analysis to show this scheme can greatly secure a client's location privacy. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Dense Parity Check Based Secrecy Sharing in Wireless Communications

    Publication Year: 2007 , Page(s): 54 - 58
    Cited by:  Papers (2)  |  Patents (1)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (133 KB) |  | HTML iconHTML  

    It is generally believed harmful to have transmission errors in the wireless communications. The high decoding complexity of dense parity check codes is unfavorable. This paper proposes to apply these two "negative" facts to enable the secrecy sharing with the information theoretical security. We claim that the secrecy sharing is always possible if the wiretap channel is not error-free, regardless of the main channel performance. Particularly, the proposed secrecy sharing protocol can provide provable and testable security using the existing wireless technologies. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Addressing the Weakness in a Lightweight RFID Tag-Reader Mutual Authentication Scheme

    Publication Year: 2007 , Page(s): 59 - 63
    Cited by:  Papers (4)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (165 KB) |  | HTML iconHTML  

    A lightweight radio frequency identification (RFID) tag-reader mutual authentication scheme was recently proposed as an improvement over the original authentication protocol specified under the EPC Class 1 Generation 2 UHF RFID Protocol Standard (otherwise known as the "EPC Gen2" standard in short). The improved scheme seeks to protect the access password of the RFID tag against exposure to adversaries. In this paper, we show the weakness in this scheme by launching an attack that effectively exposes the access password. Thereafter, we propose some possible fixes to the scheme to protect it against the attack. We also present some experiment results, which show that the fixed schemes provide greater resistance against exposure of the access password. Based on insights gained from this work, we find that designing a secure authentication scheme by relying only on the minimal features available on an RFID tag is an extremely challenging task. Furthermore, we also stress on the need to put a proposed scheme through stringent tests to ascertain its effectiveness and resistance against attacks. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Dynamic Multipath Onion Routing in Anonymous Peer-To-Peer Overlay Networks

    Publication Year: 2007 , Page(s): 64 - 69
    Cited by:  Papers (2)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (178 KB) |  | HTML iconHTML  

    Although recent years provided many protocols for anonymous routing in overlay networks, they commonly rely on the same communication paradigm: Onion Routing. In Onion Routing a static tunnel through an overlay network is build via layered encryption. All traffic exchanged by its end points is relayed through this tunnel. In contrast, this paper introduces dynamic multipath Onion Routing to extend the static Onion Routing paradigm. This approach allows each packet exchanged between two end points to travel along a different path. To provide anonymity the first half of this path is selected by the sender and the second half by the receiver of the packet. The results are manifold: First, dynamic multipath Onion Routing increases the resilience against threats, especially pattern and timing based analysis attacks. Second, the dynamic paths reduce the impact of misbehaving and overloaded relays. Finally, inspired by Internet routing, the forwarding nodes do not need to maintain any state about ongoing flows and so reduce the complexity of the router. In this paper, we describe the design of our dynamic Multipath Onion RoutEr (MORE) for peer-to-peer overlay networks, and evaluate its performance. Furthermore, we integrate address virtualization to abstract from Internet addresses and provide transparent support for IP applications. Thus, no application-level gateways, proxies or modifications of applications are required to sanitize protocols from network level information. Acting as an IP-datagram service, our scheme provides a substrate for anonymous communication to a wide range of applications using TCP and UDP. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Capability-Aware ID Assignment and Message Routing Based on Skip List in Large-Scale Heterogeneous P2P Networks

    Publication Year: 2007 , Page(s): 70 - 74
    Cited by:  Papers (1)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (393 KB) |  | HTML iconHTML  

    In this paper, we propose capability-aware ID assignment and message routing based on skip list in order to perform object placement and message routing in large-scale heterogeneous P2P networks. In the proposed ID assignment, two identifications are utilized; TypelD and HashlD. The TypeID is assigned to each node based on its forwarding capability, data-storage capability, mobility, and availability, and it is also utilized in order to specify the capabilities of a node where an object is stored. On the other hand, HashlD is utilized for providing load balancing among nodes with the same capabilities. Moreover, in the proposed routing, message routing is performed based on TypelD, and then additional routing is performed based on HashlD. With the proposed method, it is expected that objects are stored and searched based on the capabilities of each node. We evaluate the performance of the proposed method with simulation, and we investigate the effectiveness of the method. From numerical examples, we find that the proposed method is useful for storing View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Topology Design of Service Overlay Network with a Generalized Cost Model

    Publication Year: 2007 , Page(s): 75 - 80
    Cited by:  Papers (3)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (224 KB) |  | HTML iconHTML  

    Service Overlay Network (SON) was proposed to alleviate the difficulties encountered in providing end-to-end Quality of Service (QoS) guarantees. SON is able to provide QoS guarantees by purchasing bandwidth from individual network domains and building a logical end-to-end data delivery infrastructure on top of the existing Internet. We focus on SON topology design problems under a generalized cost model. Earlier research in this topic considered two distinct cost models - fixed (leased) cost model and variable (usage-based) cost model. However in most applications, the costs of both nodes and links have a fixed component as well as a variable component that often depends on usage. Our generalized cost model takes this fact into account and our topology design algorithm uses this cost model to And the optimal topology. Since the SON topology design problem is NP-complete, we provide approximation algorithm with guaranteed performance bound. We validate the effectiveness of our algorithm through extensive simulation. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Analysis of an Active Maintenance Algorithm for an O(1)-Hop Overlay

    Publication Year: 2007 , Page(s): 81 - 86
    Cited by:  Papers (1)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (286 KB) |  | HTML iconHTML  

    One-hop overlays offer significant latency reduction compared to multi-hop overlays, but at a cost of increased maintenance traffic and routing table size. Recently the EDRA maintenance algorithm has been proposed and shown analytically to give low maintenance traffic compared to other active maintenance one-hop overlays. We identify issues with EDRA which lead to incorrect event detection and propagation. We define EDRA* fixing these issues and show through simulation EDRA* is stable, and compare the performance of EDRA* with the opportunistic maintenance mechanism of EpiChord. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Exit Policy Violations in Multi-Hop Overlay Routes: Analysis and Mitigation

    Publication Year: 2007 , Page(s): 87 - 92
    Cited by:  Papers (1)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (154 KB) |  | HTML iconHTML  

    The traffic exchanged between two overlay nodes in different autonomous systems (AS) is always subjected to a series of inter-domain policies. However, overlay routing often manages to get around these policy restrictions by relaying traffic through multiple legitimate segments, in order to achieve its selfish goals (e.g., better latency paths between end- systems). We focus on the violation of a generalized exit policy, which specifies the exact next hop AS and the egress inter- domain link for a destination address prefix. We characterize the different types of these exit policy violations and investigate their extent in a Planetlab testbed. It is conceivable that the native ASes will eventually realize the negative impact of the exit violations and adopt stringent strategies to enforce the exit policies, thereby causing deterioration in overlay performance. In this context, based on our findings from a previous study[l], we develop a pricing-based strategy that an overlay service provider can use to obtain permits from a near-optimal set of native ASes, in an effort to regain its routing advantage within a fixed budget. Further, we illustrate the use of this approach on our case study overlay network. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A Hierarchical Peer-to-Peer SIP System for Heterogeneous Overlays Interworking

    Publication Year: 2007 , Page(s): 93 - 97
    Cited by:  Papers (9)  |  Patents (1)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (207 KB) |  | HTML iconHTML  

    P2P SIP is proposed to leverage Peer-to-Peer computing to control multimedia sessions in a decentralized manner. The deployment and maintenance cost of P2PSIP is reduced compared to conventional SIP. In this paper, we propose a hierarchical P2PSIP system to address the connectivity and overhead problems which haven't been solved in the P2PSIP literature. The hierarchical P2PSIP system is implemented under Linux, which demonstrates the feasibility of the proposed scheme. Finally, exhaustive simulations are performed to evaluate the performance of various P2PSIP schemes. Results indicate that the hierarchical approach not only solves the connectivity problem caused by heterogeneous overlays, but also performs more efficiently than the flat scheme when the percentage of nodes in the upper level overlay is less than 10%. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.