Results 1  10
of
84
DOSresistant authentication with client puzzles
 Lecture Notes in Computer Science
, 2000
"... Abstract. Denial of service by server resource exhaustion has become a major security threat in open communications networks. Publickey authentication does not completely protect against the attacks because the authentication protocols often leave ways for an unauthenticated client to consume a ser ..."
Abstract

Cited by 182 (4 self)
 Add to MetaCart
(Show Context)
Abstract. Denial of service by server resource exhaustion has become a major security threat in open communications networks. Publickey authentication does not completely protect against the attacks because the authentication protocols often leave ways for an unauthenticated client to consume a server’s memory space and computational resources by initiating a large number of protocol runs and inducing the server to perform expensive cryptographic computations. We show how stateless authentication protocols and the client puzzles of Juels and Brainard can be used to prevent such attacks. 1
A graphbased system for networkvulnerability analysis
 in Proceedings of the 1998 workshop on New security paradigms
, 1998
"... caphill @ sandia..qov This paper presents a graphbased approach to network vulnerability analysis. The method is flexible, allowing analysis of attacks from both outside and inside the network. It can analyze risks to a specific network asset, or examine the universe of possible consequences follow ..."
Abstract

Cited by 163 (0 self)
 Add to MetaCart
(Show Context)
caphill @ sandia..qov This paper presents a graphbased approach to network vulnerability analysis. The method is flexible, allowing analysis of attacks from both outside and inside the network. It can analyze risks to a specific network asset, or examine the universe of possible consequences following a successful attack. The graphbased tool can identify the set of attack paths that have a high probability of success (or a low &quot;effort &quot; cost) for the attacker. The system could be used to test the effectiveness of making configuration changes, implementing an intrusion detection system, etc. The analysis system requires as input a database of common attacks, broken into atomic steps, specific network configuration and topology information, and an attacker profile. The attack information is &quot;matched &quot; with the network configuration information and an attacker profile to create a superset attack graph. Nodes identify a stage of attack, for example the class of machines the attacker has accessed and the user privilege level he or she has compromised. The arcs in the attack graph represent attacks or stages of attacks. By assigning probabilities of success on the arcs or costs representing levelofeffort for the attacker, various graph algorithms such as shortestpath algorithms can identify the attack paths with the highest probability of success.
Approximation Techniques for Utilitarian Mechanism Design
, 2005
"... This paper deals with the design of efficiently computable incentive compatible, or truthful, mechanisms for combinatorial optimization problems with multiparameter agents. We focus on approximation algorithms for NPhard mechanism design problems. These algorithms need to satisfy certain monotonic ..."
Abstract

Cited by 93 (5 self)
 Add to MetaCart
This paper deals with the design of efficiently computable incentive compatible, or truthful, mechanisms for combinatorial optimization problems with multiparameter agents. We focus on approximation algorithms for NPhard mechanism design problems. These algorithms need to satisfy certain monotonicity properties to ensure truthfulness. Since most of the known approximation techniques do not fulfill these properties, we study alternative techniques. Our first contribution is a quite general method to transform a pseudopolynomial algorithm into a monotone FPTAS. This can be applied to various problems like, e.g., knapsack, constrained shortest path, or job scheduling with deadlines. For example, the monotone FPTAS for the knapsack problem gives a very efficient, truthful mechanism for singleminded multiunit auctions. The best previous result for such auctions was a 2approximation. In addition, we present a monotone PTAS for the generalized assignment problem with any bounded number of parameters per agent. The most efficient way to solve packing integer programs (PIPs) is LPbased randomized rounding, which also is in general not monotone. We show that primaldual greedy algorithms achieve almost the same approximation ratios for PIPs as randomized rounding. The advantage is that these algorithms are inherently monotone. This way, we can significantly improve the approximation ratios of truthful mechanisms for various fundamental mechanism design problems like singleminded combinatorial auctions (CAs), unsplittable flow routing and multicast routing. Our approximation algorithms can also be used for the winner determination in CAs with general bidders specifying their bids through an oracle.
Bicriteria network design problems
 In Proc. 22nd Int. Colloquium on Automata, Languages and Programming
, 1995
"... We study a general class of bicriteria network design problems. A generic problem in this class is as follows: Given an undirected graph and two minimization objectives (under different cost functions), with a budget specified on the first, find a ¡subgraph from a given subgraphclass that minimizes ..."
Abstract

Cited by 88 (13 self)
 Add to MetaCart
We study a general class of bicriteria network design problems. A generic problem in this class is as follows: Given an undirected graph and two minimization objectives (under different cost functions), with a budget specified on the first, find a ¡subgraph from a given subgraphclass that minimizes the second objective subject to the budget on the first. We consider three different criteria the total edge cost, the diameter and the maximum degree of the network. Here, we present the first polynomialtime approximation algorithms for a large class of bicriteria network design problems for the above mentioned criteria. The following general types of results are presented. First, we develop a framework for bicriteria problems and their approximations. Second, when the two criteria are the same we present a “black box ” parametric search technique. This black box takes in as input an (approximation) algorithm for the unicriterion situation and generates an approximation algorithm for the bicriteria case with only a constant factor loss in the performance guarantee. Third, when the two criteria are the diameter and the total edge costs we use a clusterbased approach to devise a approximation algorithms — the solutions output violate
MultiConstrained Optimal Path Selection
, 2001
"... Providing qualityofservice (QoS) guarantees in packet networks gives rise to several challenging issues. One of them is how to determine a feasible path that satisfies a set of constraints while maintaining high utilization of network resources. The latter objective implies the need to impose an a ..."
Abstract

Cited by 76 (1 self)
 Add to MetaCart
Providing qualityofservice (QoS) guarantees in packet networks gives rise to several challenging issues. One of them is how to determine a feasible path that satisfies a set of constraints while maintaining high utilization of network resources. The latter objective implies the need to impose an additional optimality requirement on the feasibility problem. This can be done through a primary cost function (e.g., administrative weight, hopcount) according to which the selected feasible path is optimal. In general, multiconstrained path selection, with or without optimization, is an NPcomplete problem that cannot be exactly solved in polynomial time. Heuristics and approximation algorithms with polynomialand pseudopolynomialtime complexities are often used to deal with this problem. However, existing solutions suffer either from excessive computational complexities that cannot be used for online network operation or from low performance. Moreover, they only deal with special cases of the problem (e.g., two constraints without optimization, one constraint with optimization, etc.). For the feasibility problem under multiple constraints, some researchers have recently proposed a nonlinear cost function whose minimization provides a continuous spectrum of solutions ranging from a generalized linear approximation (GLA) to an asymptotically exact solution. In this paper, we propose an efficient heuristic algorithm for the most general form of the problem. We first formalize the theoretical properties of the above nonlinear cost function. We then introduce our heuristic algorithm (H MCOP), which attempts to minimize both the nonlinear cost function (for the feasibility part) and the primary cost function (for the optimality part). We prove that H MCOP guarantees at least t...
A Simple Efficient Approximation Scheme for the Restricted Shortest Path Problem
 Operations Research Letters
, 1999
"... In this short paper we give a very simple fully polynomial approximation scheme for the restricted shortest path problem. The complexity of this fflapproximation scheme is O(jEjn(loglog n + 1=ffl)), which improves Hassin's original result [Has92] by a factor of n. Furthermore, this complex ..."
Abstract

Cited by 73 (2 self)
 Add to MetaCart
(Show Context)
In this short paper we give a very simple fully polynomial approximation scheme for the restricted shortest path problem. The complexity of this fflapproximation scheme is O(jEjn(loglog n + 1=ffl)), which improves Hassin's original result [Has92] by a factor of n. Furthermore, this complexity bound is valid for any graph, regardless of the cost values. This generalizes Hassin's results which apply only to acyclic graphs. Our algorithm is based on Hassin's original result [Has92] with two improvements. First we modify Hassin's result and achieve time complexity of O(jEjn(log log(UB=LB) + 1=ffl)), where UB and LB are upper and lower bounds for the problem. This modified version can be applied to general graphs with any cost values. Then we combine it with our second contribution, which shows how to find an upper and a lower bound such that UB=LB n, to obtain the claimed result. 1
Towards Network Denial Of Service Resistant Protocols
, 2000
"... Networked and distributed systems have introduced a new significant threat to the availability of data and services: network denial of service attacks. A well known example is the TCP SYN ooding. In general, any statefull handshake protocol is vulnerable to similar attacks. This paper examines the n ..."
Abstract

Cited by 43 (0 self)
 Add to MetaCart
Networked and distributed systems have introduced a new significant threat to the availability of data and services: network denial of service attacks. A well known example is the TCP SYN ooding. In general, any statefull handshake protocol is vulnerable to similar attacks. This paper examines the network denial of service in detail and surveys and compares different approaches towards preventing the attacks. As a conclusion, a number of protocol design principles are identified essential in designing network denial of service resistant protocols, and examples provided on applying the principles.
The Quickest Multicommodity Flow Problem
 INTEGER PROGRAMMING AND COMBINATORIAL OPTIMIZATION
, 2002
"... Traditionally, ows over time are solved in timeexpanded networks which contain one copy of the original network for each discrete time step. While this method makes available the whole algorithmic toolbox developed for static ows, its main and often fatal drawback is the enormous size of the tim ..."
Abstract

Cited by 35 (11 self)
 Add to MetaCart
(Show Context)
Traditionally, ows over time are solved in timeexpanded networks which contain one copy of the original network for each discrete time step. While this method makes available the whole algorithmic toolbox developed for static ows, its main and often fatal drawback is the enormous size of the timeexpanded network. In particular, this approach usually does not lead to efficient algorithms with running time polynomial in the input size since the size of the timeexpanded network is only pseudopolynomial. We present two
Efficient Computation of Delaysensitive Routes from One Source to All Destinations
, 2001
"... In this paper we describe an efficient algorithm for the constrained shortest path problem which is defined as follows. Given a directed graph with two weights on each link e, a cost l e and a delay t e , find the cheapest path from a source to all destinations such that the delay of each path is no ..."
Abstract

Cited by 34 (0 self)
 Add to MetaCart
In this paper we describe an efficient algorithm for the constrained shortest path problem which is defined as follows. Given a directed graph with two weights on each link e, a cost l e and a delay t e , find the cheapest path from a source to all destinations such that the delay of each path is no more than a given threshold. The constrained shortest path problem arises in QualityofServicesensitive routing in data networks and is of particular importance in realtime services. The problem formulation and the algorithmic framework presented are quite general; they apply to IP, ATM, and optical networks. Unlike previous algorithms, our algorithm generates paths from one source to all destinations. Our algorithm is strongly polynomial, and is asymptotically faster than earlier algorithms. We corroborate our analysis by a simulation study. I. INTRODUCTION The basic problem in QoSsensitive routing for emerging services such as VoIP (Voice over IP), video, interactive multimedia etc....
Assessing the Vulnerability of the Fiber Infrastructure to Disasters
"... Abstract—Communication networks are vulnerable to natural disasters, such as earthquakes or floods, as well as to physical attacks, such as an Electromagnetic Pulse (EMP) attack. Such realworld events happen in specific geographical locations and disrupt specific parts of the network. Therefore, the ..."
Abstract

Cited by 32 (9 self)
 Add to MetaCart
(Show Context)
Abstract—Communication networks are vulnerable to natural disasters, such as earthquakes or floods, as well as to physical attacks, such as an Electromagnetic Pulse (EMP) attack. Such realworld events happen in specific geographical locations and disrupt specific parts of the network. Therefore, the geographical layout of the network determines the impact of such events on the network’s connectivity. In this paper, we focus on assessing the vulnerability of (geographical) networks to such disasters. In particular, we aim to identify the most vulnerable parts of the network. That is, the locations of disasters that would have the maximum disruptive effect on the network in terms of capacity and connectivity. We consider graph models in which nodes and links are geographically located on a plane, and model the disaster event as a line segment or a circular cut. We develop algorithms that find a worstcase line segment cut and a worstcase circular cut. Then, we obtain numerical results for a specific backbone network, thereby demonstrating the applicability of our algorithms to realworld networks. Our novel approach provides a promising new direction for network design to avert geographical disasters or attacks. Index Terms—Network survivability, geographic networks, fiberoptic, Internet, Electromagnetic Pulse (EMP). I.