Together with an explosive growth of the mobile applications and emerging of cloud computing concept, mobile cloud computing (MCC) has been introduced to be a potential technology for mobile services. MCC integrates the cloud computing into the mobile environment and overcomes obstacles related to the performance (e.g., battery life, storage, and bandwidth), environment (e.g., heterogeneity, scalability, and availability), and security (e.g., reliability and privacy) discussed in mobile computing. This paper gives a survey of MCC, which helps general readers have an overview of the MCC including the definition, architecture, and applications. The issues, existing solutions, and approaches are presented. In addition, the future research directions of MCC are discussed. Copyright © 2011 John Wiley & Sons, Ltd.

A survey of mobile cloud computing: architecture, applications, and approaches

http://homepage.cs.latrobe.edu.au/sloke/papers/1-s2.0-S0167739X12001318-main.pdf

Mobile cloud computing

The current Internet architecture was founded upon a host-centric communication model, which was appropriate for coping with the needs of the early Internet users. Internet usage has evolved however, with most users mainly interested in accessing (vast amounts of) information, irrespective of its physical location. This paradigm shift in the usage model of the Internet, along with the pressing needs for, among others, better security and mobility support, has led researchers into considering a radical change to the Internet architecture. In this direction, we have witnessed many research efforts investigating Information-Centric Networking (ICN) as a foundation upon which the Future Internet can be built. Our main aims in this survey are: (a) to identify the core functionalities of ICN architectures, (b) to describe the key ICN proposals in a tutorial manner, highlighting the similarities and differences among them with respect to those core functionalities, and (c) to identify the key weaknesses of ICN proposals and to outline the main unresolved research challenges in this area of networking research.

A Survey of Information-Centric Networking Research

Botnets are now the key platform for many Internet attacks, such as spam, distributed denial-of-service (DDoS), identity theft, and phishing. Most of the current botnet detection approaches work only on specific botnet command and control (C&C) protocols (e.g., IRC) and structures (e.g., centralized), and can become ineffective as botnets change their C&C techniques. In this paper, we present a general detection framework that is independent of botnet C&C protocol and structure, and requires no a priori knowledge of botnets (such as captured bot binaries and hence the botnet signatures, and C&C server names/addresses). We start from the definition and essential properties of botnets. We define a botnet as a coordinated group of malware instances that are controlled via C&C communication channels. The essential properties of a botnet are that the bots communicate with some C&C servers/peers, perform malicious activities, and do so in a similar or correlated way. Accordingly, our detection framework clusters similar communication traffic and similar malicious traffic, and performs cross cluster correlation to identify the hosts that share both similar communication patterns and similar malicious activity patterns. These hosts are thus bots in the monitored network. We have implemented our BotMiner prototype system and evaluated it using many real network traces. The results show that it can detect real-world botnets (IRC-based, HTTP-based, and P2P botnets including Nugache and Storm worm), and has a very low false positive rate.

/pdf/botminer-clustering-analysis-of-network-traffic-for-protocol-128yhq3sy0.pdf

BotMiner: clustering analysis of network traffic for protocol- and structure-independent botnet detection

We present SWAN, a system that boosts the utilization of inter-datacenter networks by centrally controlling when and how much traffic each service sends and frequently re-configuring the network's data plane to match current traffic demand. But done simplistically, these re-configurations can also cause severe, transient congestion because different switches may apply updates at different times. We develop a novel technique that leverages a small amount of scratch capacity on links to apply updates in a provably congestion-free manner, without making any assumptions about the order and timing of updates at individual switches. Further, to scale to large networks in the face of limited forwarding table capacity, SWAN greedily selects a small set of entries that can best satisfy current demand. It updates this set without disrupting traffic by leveraging a small amount of scratch capacity in forwarding tables. Experiments using a testbed prototype and data-driven simulations of two production networks show that SWAN carries 60% more traffic than the current practice.

/pdf/achieving-high-utilization-with-software-driven-wan-1eg0vtj3eu.pdf

Achieving high utilization with software-driven WAN

Security researchers and network operators increasingly rely on information gathered from honeypots and sensors deployed on darknets, or unused address space, for attack detection. While the attack traffic gleaned from such deployments has been thoroughly scrutinized, little attention has been paid to DNS queries targeting these addresses. In this paper, we introduce the concept of dark DNS, the DNS queries associated with darknet addresses, and characterize the data collected from a large operational network by our dark DNS sensor. We discuss the implications of sensor evasion via DNS reconnaissance and emphasize the importance of reverse DNS authority when deploying darknet sensors to prevent attackers from easily evading monitored darknets. Finally, we present honeydns, a tool that complements existing network sensors and low-interaction honeypots by providing simple DNS services.

/pdf/characterizing-dark-dns-behavior-1qa2t5ld6s.pdf

Characterizing Dark DNS Behavior

A method according to preferred embodiment can include receiving a request at a server from a private key module associated with a first user device; directing a request for a first portion of the private key from the server to a second user device; and in response to a successful user challenge creating a first portion of a digital signature and a second portion of a digital signature at the server. The method of the preferred embodiment can further include combining the first portion of the digital signature and the second portion of the digital signature; and delivering the digital signature to the first user device. The method of the preferred embodiment can function to secure the digital signature process by splitting or dividing the user's private key into two or more portions, each of which require independent authorization from the user in order to create the digital signature.

System and method for digital user authentication

Packers have long been a valuable tool in the toolbox of offensive users for evading the detection capabilities of signature-based antivirus engines. However, selecting the packer that results in the most effective evasion of antivirus engines may not be a trivial task due to diversity in the capabilities of both antivirus and packers. In this paper, we propose the creation of an online automated service, called PolyPack, that uses an array of packers and antivirus engines as a feedback mechanism to select the packer that will result in the optimal evasion of the antivirus engines. Towards understanding the utility and efficacy of such a service, we construct an implementation of PolyPack which employs 10 packers and 10 popular antivirus engines. We show that PolyPack provides 258% more effective evasion of antivirus engines than using an average packer and out-evades the best evaluated packer (Themida) for over 40% of the binary samples.

/pdf/polypack-an-automated-online-packing-service-for-optimal-4rhpc6tb1p.pdf

PolyPack: an automated online packing service for optimal antivirus evasion

A method for multi-factor authentication with a first client includes receiving a request associated with the first client, initiating an authentication transaction, generating a digital fingerprint based on a set of client properties collected in association with the first client, identifying a second client from data associated with the authentication transaction, analyzing a digital fingerprint based on a set of stored digital fingerprints; generating a concern metric based on the analysis; and notifying an entity that the login request may have originated from an unauthorized source.

System and method for applying digital fingerprints in multi-factor authentication

A method for distributed trust authentication of one or more users attempting to access one or more service providers operating on a network includes performing primary authentication of a user using a first authentication factor, generating a first partial digital signature for a first authentication response to the primary authentication, performing secondary authentication of the user using a second authentication factor, generating a second partial digital signature for the second authentication response to the secondary authentication, combining the first and second partial digital signatures to form a composite digital signature, and validating the composite digital signature.

Jon Oberheide

Papers

Characterizing Dark DNS Behavior

System and method for digital user authentication

PolyPack: an automated online packing service for optimal antivirus evasion

System and method for applying digital fingerprints in multi-factor authentication

Method for distributed trust authentication