An analysis of user behavior in a private BitTorrent community

This paper aims to develop an understanding on how users of private BitTorrent communities participate in downloading and uploading by using the download records of CHDBits, one of the largest private BitTorrent communities in China. First, we investigate the arrivals of CHDBits users, which correspond to the initiations of new download tasks. The investigation demonstrates that user arrival rate varies with time in a day, and this variation dovetails well into users’ daily schedule. Moreover, we observe that it is with more than half possibility that the two consecutive arrivals of a CHDBits user take place in the same day, and that an individual user issues new download tasks with a probability of 0.23, on which we base to estimate that all CHDBits users are expected to launch at least one new download task in 42 days. Second, we present an analysis on the post‐download behavior of users. We observe that the average per task seeding time of 99% of users is no less than 8 h, showing CHDBits users’ great willingness to contribute. We also find that almost all the seeding processes have been interrupted and resumed multiple times. Finally, we study the bandwidth distribution of users and evaluate users’ bandwidth utilization in the downloading process. Our study shows that the bandwidths of most CHDBits users are uniformly distributed in the range from 256 kB/s to 16 MB/s, and users with a higher bandwidth tend to experience a lower bandwidth utilization. Copyright © 2012 John Wiley & Sons, Ltd.     

Secure quantum private query with real-time security check

As a class of one-sided two-party computation, unconditionally secure symmetrically private information retrieval (SPIR) is impossible. So the study of quantum symmetrically private information retrieval (QSPIR), i.e., quantum private query (QPQ) with an interesting degree of security is desirable. Known QPQ protocols [Phys. Rev. Lett. 100 (23) (2008) 230502; Phys. Rev. A 84 (2) (2011) 022313; Phys. Rev. A 83 (2011) 022301; Opt. Exp. 20 (16) (2012) 17411–17420] are claimed to be cheat-sensitive, especially not real-time. It is natural to ask whether we can design a QPQ protocol with real-time security check. In this paper, we introduce an untrusted third party and propose a framework of one-sided two-party quantum computation protocols with real-time security check. For clarity and without loss of generality, we demonstrate a concrete QPQ example under this framework by improving Gao et al's protocol [Opt. Exp. 20 (16) (2012) 17411–17420]. We discuss the security of the protocol and show that it really has real-time security check. The proposed framework paves the way for the design of one-sided two-party quantum computation protocols.     

基于暗网的早期检测技术在专用网络中的应用

为了早期检测网络蠕虫,设计实现了一个基于暗网的可视化蠕虫早期检测系统,并在某专用网络中进行了对比实验。结果显示,该系统在专用网络中比传统入侵检测系统能更早发现蠕虫等网络攻击,且时间提前量十分可观,说明基于暗网的早期检测技术在专用网络中有良好的应用前景。     

基于分簇的有效无线传感器网络密钥管理方案

针对现有无线传感器网络密钥管理中计算量过大、存储空间过多和网络安全问题,在分簇结构无线传感器网络基础上,提出一种新的密钥管理方案,它通过将已存储的密钥部分地转化为即使被攻击者截获也无影响的特殊信息,来获取更加良好的安全性,同时又不降低网络的连通性。通过仿真与其他算法进行性能对比,结果显示这种方案具有更好的性能。     

用VPN与DMZ技术改造校园网络的研究

为了解决既能在异地访问内网资源,又能充分保证内网资源的高度安全,将VPN与DMZ技术应用于校园网络的升级改造。提出了针对DMZ专区的三类IP地址映射算法与合法外网用户通过VPN访问内网资源需要的虚拟IP地址转换函数,并在此基础上提出了VPN与DMZ技术在校园网上集成应用的解决方案。通过在校园网中合理构建DMZ专区与VPN网络,巧妙设置DMZ与VPN的访问规则,在充分保证校内资源安全的前提下,成功解决了异地用户共享内网资源的难题。     

Enhancing Security in Mobile IPv6

In the Mobile IPv6 (MIPv6) protocol, a mobile node (MN) is a mobile device with a permanent home address (HoA) on its home link. The MN will acquire a care‐of address (CoA) when it roams into a foreign link. It then sends a binding update (BU) message to the home agent (HA) and the correspondent node (CN) to inform them of its current CoA so that future data packets destined for its HoA will be forwarded to the CoA. The BU message, however, is vulnerable to different types of security attacks, such as the man‐in‐the‐middle attack, the session hijacking attack, and the denial‐of‐service attack. The current security protocols in MIPv6 are not able to effectively protect the BU message against these attacks. The private‐key‐based BU (PKBU) protocol is proposed in this research to overcome the shortcomings of some existing MIPv6 protocols. PKBU incorporates a method to assert the address ownership of the MN, thus allowing the CN to validate that the MN is not a malicious node. The results obtained show that it addresses the security requirements while being able to check the address ownership of the MN. PKBU also incorporates a method to verify the reachability of the MN.     

Virtual Topology Design and Reconfiguration of Virtual Private Networks (VPNs) over All-Optical WDM Networks

This paper studies the virtual topology design and reconfiguration problem of virtual private networks (VPNs) over all-optical WDM networks. To support VPN service, a set of lightpaths must be established over the underlying WDM network to meet the VPN traffic demands and this set of lightpaths must also be dynamically reconfigurable in response to changing VPN traffic. To achieve good network performance and meet the service requirements of optical virtual private networks (oVPNs), we formulate the problem as an integer programming problem with multi-objectives and present a general formulation of the problem. In the formulation, we take into account the average propagation delay over a lightpath, the maximum link load, and the reconfiguration cost with objectives to minimize the three metrics simultaneously. The formulated problem is NP-hard and is therefore not practical to have exact solutions. For this reason, we use heuristics to obtain approximate optimal solutions and propose a balanced alternate routing algorithm (BARA) based on a genetic algorithm. To make the problem computationally tractable, we approximately divide BARA into two independent stages: route computing and path routing. At the route computing stage, a set of alternate routes is computed for each pair of source and destination nodes in the physical topology. At the path routing stage, an optimal route is decided from a set of alternative routes for each of the lightpaths between a pair of source and destination nodes. A decision is subject to the constraints and objectives in the formulation. To improve the computational efficiency, we use a genetic algorithm in BARA. Through simulation experiments, we show the effectiveness of BARA and the evolution process of the best solution in a population of solutions produced by the genetic algorithm. We also investigate the impact of the number of alternative routes between each pair of source and destination nodes on the optimized solutions.     

A Framework for Differentiated Survivable Optical Virtual Private Networks

Wavelength division multiplexed (WDM) networks are matured to provide, scalable data centric infrastructure, capable of delivering flexible, value added, high speed and high bandwidth services directly from the optical domain. Optical virtual private networks (OVPNs) make use of the concept of highly reconfigurable nature of lightpaths offered by WDM, to create secure tunnels of high bandwidth across the intelligent WDM optical transport network. An OVPN is a private connection between two or more edge devices (access nodes), that allows a group of clients to fully exploit the flexibility of the switched intelligent optical network. However, OVPNs will not be a viable alternative unless they can guarantee a predictable bandwidth, availability, response time, and fault-tolerance to users. In this paper, we study the problem of dynamically establishing lightpaths for OVPNs over intelligent optical transport networks to provide varying classes of service based on the type of primary and backup lightpaths and the number of backup lightpaths, when each OVPN is specified by the desired logical connectivity and Class of Service. The type of primary and backup lightpaths determines the QoS parameters such as response time and bandwidth. Whereas, the number of backup lightpaths determines the level of fault-tolerance and availability of OVPN. Based on the service classes, any OVPN in the network falls into one of the six classes viz. single dedicated primary and single dedicated backup (SDPSDB), single dedicated primary and multiple dedicated backups (SDPMDB), single dedicated primary and single shared backup (SDPSSB), single shared primary and single shared backup (SSPSSB), single shared primary and multiple shared backups (SSPMSB), and best-effort (BE). In BE, we consider two variations—(1) OVPN as dedicated logical ring topology (DLRT) and (2) OVPN as shared logical ring topology (SLRT). We conduct extensive simulation experiments to compare and evaluate the effectiveness of different classes of OVPNs for varying network configurations–varying number of fibers, wavelengths on physical links, and number of nodes in OVPN.     

数据大客户专线业务接入方案浅析

通过对目前联通数据大客户专线接入方式的分析,总结出应用华为MSTP设备组建和发展数据大客户专线的优越性、可行性和较好的性价比,并详细阐述了如何应用华为MSTP设备实现联通数据大客户专线接入。     

The Analysis of Queues with Time-Varying Rates for Telecommunication Models

Time dependent behavior has an impact on the performance of telecommunication models. Examples include: staffing a call center, pricing the inventory of private line services for profit maximization, and measuring the time lag between the peak arrivals and peak load for a system. These problems and more motivate the development of a queueing theory with time varying rates. Queueing theory as discussed in this paper is organized and presented from a communications perspective. Canonical queueing models with time-varying rates are given and the necessary mathematical tools are developed to analyze them. Finally, we illustrate the use of these models through various communication applications.