Data breach and data destruction attack have become the critical security threats for the ICT (Information and Communication Technology) infrastructure. Both the Internet service providers and users are suffering from the cyber threats especially those to confidential data and private information. The requirements of human social activities make people move carrying confidential data and data breach always happens during the transportation. The Internet connectivity and cryptographic technology have made the usage of confidential data much secure. However, even with the high deployment rate of the Internet infrastructure, the concerns for lack of the Internet connectivity make people carry data with their mobile devices. In this paper, we describe the main patterns of data breach occur on mobile devices and propose a secure in-depth file system concealed by GPS-based mounting authentication to mitigate data breach on mobile devices. In the proposed in-depth file system, data can be stored based on the level of credential with corresponding authentication policy and the mounting operation will be only successful on designated locations. We implemented a prototype system using Veracrypt and Perl language and confirmed that the in-depth file system worked exactly as we expected by evaluations on two locations. The contribution of this paper includes the clarification that GPS-based mounting authentication for a file system can reduce the risk of data breach for mobile devices and a realization of prototype system.

There have been several recent reports that botnet communication between bot-infected computers and Command and Control servers (C&C servers) using the Domain Name System (DNS) protocol has been used by many cyber attackers. In particular, botnet communication based on the DNS TXT record type has been observed in several kinds of botnet attack. Unfortunately, the DNS TXT record type has many forms of legitimate usage, such as hostname description. In this paper, in order to detect and block out botnet communication based on the DNS TXT record type, we first differentiate between legitimate and suspicious usages of the DNS TXT record type and then analyze real DNS TXT query data obtained from our campus network. We divide DNS queries sent out from an organization into three types — via-resolver, and indirect and direct outbound queries — and analyze the DNS TXT query data separately. We use a 99-day dataset for via-resolver DNS TXT queries and an 87-day dataset for indirect and direct outbound DNS TXT queries. The results of our analysis show that about 30%, 8% and 19% of DNS TXT queries in via-resolver, indirect and direct outbound queries, respectively, could be identified as suspicious DNS traffic. Based on our analysis, we also consider a comprehensive botnet detection system and have designed a prototype system.

In this paper, we calculate autocorrelation of new generalized cyclotomic sequences of period pn for any n > 0, where p is an odd prime number.

We investigate binary sequence pairs with two-level correlation in terms of their corresponding cyclic difference pairs (CDPs). We define multipliers of a cyclic difference pair and present an existence theorem for multipliers, which could be applied to check the existence/nonexistence of certain hypothetical cyclic difference pairs. Then, we focus on the ideal case where all the out-of-phase correlation coefficients are zero. It is known that such an ideal binary sequence pair exists for length υ = 4u for every u ≥ 1. Using the techniques developed here on the theory of multipliers of a CDP and some exhaustive search, we are able to determine that, for lengths υ ≤ 30, (1) there does not exist "any other" ideal/ binary sequence pair and (2) every example in this range is equivalent to the one of length υ = 4u above. We conjecture that if there is a binary sequence pair with an ideal two-level correlation then its in-phase correlation must be 4. This implies so called the circulant Hadamard matrix conjecture.

In this letter, we propose "Torus Ring", which is a modified version of 2-level hierarchical ring. The Torus Ring has the same complexity as the hierarchical rings, since the only difference is the way it connects the local rings. It has an advantage over the hierarchical ring when the destination of a packet is the adjacent local ring, especially to the backward direction. Although we assume that the destination of a network packet is uniformly distributed across the processing nodes, the average number of hops in Torus Ring is equal to that of the hierarchical ring. However, the performance gain of the Torus Ring is expected to increase, due to the spatial locality of the application programs in the real parallel programming environment. In the simulation results, latencies of the interconnection network are reduced by up to 19%, with moderate ring utilization ratios.

In heterogeneous networks, network selection is an important task for reconfigurable mobile devices (MDs). In the reconfigurable MD architecture that has been standardized by the European Telecommunications Standards Institute (ETSI), the network selection functionality is handled by a software component called Mobility Policy Manager (MPM). In this paper, we present an implementation of the MPM whereby a reconfigurable MD conforming to the ETSI standard can select the most appropriate radio access network (RAN) to use. We implemented a reconfigurable MD test-bed compliant with the ETSI standard, and show that the network selection driven by the MPM enhances the throughput of the receiving MD by about 26% compared to the arbitrary network selection provided by a conventional reconfigurable MD without the functionality of MPM, verifying the functionality of the MPM.

The widespread usage of computers and communication networks affects people's social activities effectively in terms of intercommunication and the communication generally begins with domain name resolutions which are mainly provided by DNS (Domain Name System). Meanwhile, continuous cyber threats to DNS such as cache poisoning also affects computer networks critically. DNSSEC (DNS Security Extensions) is designed to provide secure name resolution between authoritative zone servers and DNS full resolvers. However high workload of DNSSEC validation on DNS full resolvers and complex key management on authoritative zone servers hinder its wide deployment. Moreover, querying clients use the name resolution results validated on DNS full resolvers, therefore they only get errors when DNSSEC validation fails or times out. In addition, name resolution failure can occur on querying clients due to technical and operational issues of DNSSEC. In this paper, we propose a client based DNSSEC validation system with adaptive alert mechanism considering minimal querying client timeout. The proposed system notifies the user of alert messages with answers even when the DNSSEC validation on the client fails or timeout so that the user can determine how to handle the received answers. We also implemented a prototype system and evaluated the features on a local experimental network as well as in the Internet. The contribution of this article is that the proposed system not only can mitigate the workload of DNS full resolvers but also can cover querying clients with secure name resolution, and by solving the existing operation issues in DNSSEC, it also can promote DNSSEC deployment.

Security facilities such as firewall system and IDS/IPS (Intrusion Detection System/Intrusion Prevention System) have become fundamental solutions against cyber threats. With the rapid change of cyber attack tactics, detail investigations like DPI (Deep Packet Inspection) and SPI (Stateful Packet Inspection) for incoming traffic become necessary while they also cause the decrease of network throughput. In this paper, we propose an SDN (Software Defined Network) - based proactive firewall system in collaboration with domain name resolution to solve the problem. The system consists of two firewall units (lightweight and normal) and a proper one will be assigned for checking the client of incoming traffic by the collaboration of SDN controller and internal authoritative DNS server. The internal authoritative DNS server obtains the client IP address using EDNS (Extension Mechanisms for DNS) Client Subnet Option from the external DNS full resolver during the name resolution stage and notifies the client IP address to the SDN controller. By checking the client IP address on the whitelist and blacklist, the SDN controller assigns a proper firewall unit for investigating the incoming traffic from the client. Consequently, the incoming traffic from a trusted client will be directed to the lightweight firewall unit while from others to the normal firewall unit. As a result, the incoming traffic can be distributed properly to the firewall units and the congestion can be mitigated. We implemented a prototype system and evaluated its performance in a local experimental network. Based on the results, we confirmed that the prototype system presented expected features and acceptable performance when there was no flooding attack. We also confirmed that the prototype system showed better performance than conventional firewall system under ICMP flooding attack.