The automation of the home through Internet of Things (IoT) devices presents security challenges for protecting the safety and privacy of its inhabitants. In spite of standard wireless communication security protocols, an attacker inside the wireless communication range of the smart home can extract identifier and statistical information, such as the MAC address and packet lengths, from the encrypted wireless traffic of IoT devices to make inferences about the private activities of the user. In this paper, to prevent this breach on privacy in the wireless LAN, we accomplish the following three items. First, we demonstrate that performing traffic shaping simultaneously on the upload and download node is necessary; second, we demonstrate that traffic shaping by random packet generation is impracticable due to the excessive bandwidth requirement; third, we propose traffic shaping by variable padding durations to reduce the bandwidth requirement for injecting dummy traffic during periods of user activity and inactivity to decrease the confidence of the local attacker from identifying genuine user activity traffic. From our performance evaluation, we decreased the data generated on several WiFi and ZigBee-enabled IoT devices by over 15% by our proposal of variable padding durations compared to the conventional method of fixed padding durations at low attacker confidence.

In this paper, we propose an adaptive compensation algorithm to compensate cell delay variation (CDV) occurring during ATM/TDMA transition in a satellite ATM network. The proposed CDV compensation algorithm uses two types of additional information: cell position information (Cp)--indicating the number of cells (N) arriving within a control unit time (Tc) and positions of cells at a given time--and the number of cells in bursts--to take into account the characteristics of localized bursts. To evaluate the performance of the proposed algorithm, we performed a computer simulation based on an OPNET environment, using the Markov modulated Poisson process (MMPP) traffic model and assessed its effectiveness from varied standpoints. The results of the performance testing indicate that the proposed algorithm, while requiring significantly less additional information than previous CDV compensation algorithms, is able to more efficiently compensate CDV in localized burst traffic than the previous ones.

Distributed Denial of Service (DDoS) attacks are a pressing problem on the Internet as demonstrated by recent attacks on major e-commerce servers and ISPs. Since the attack is highly distributed, an effective solution must be formulated with a distributed approach. Recently, some solutions, in which intermediate network nodes filter or shape congested traffic, have been proposed. These solutions may decrease the congested traffic, but they still cause "collateral victims problem," that is, legitimate packets may be discarded mistakenly. In this paper, we propose Active Countermeasure Platform to minimize traffic congestion and to address the collateral victim problem using the Active Networks paradigm, which incorporates programmability into intermediate network nodes. Our platform can prevent overloading of the target and consuming the network bandwidth of both the backbone and the protected site autonomously. In addition, it can improve the collateral victim problem based on user policy. This paper shows the concept of our platform, system design and evaluation of the effectiveness using a prototype.

In this paper, we show the effectiveness of software shaping through evaluation of our extensions to the internet transport protocols, TCP (Transmission Control Protocol) and UDP (User Datagram Protocol). These extensions are aimed at efficient realization of bulk data transfer and continuous media communication. The extensions are to be used with resource reservation, a possible and promising approach to resolve transport issues that the current TCP/IP networks cannot support. Although it seems straightforward to utilize dedicated bandwidth set up via resource reservation, filling up the reserved pipe is not so trivial. Performance analysis shows that, by applying the traffic shaping extensions, not only is the reserved pipe easily filled up, but the timely data delivery required by continuous media communication is also provided. Our experiments with a real system also show that overheads introduced by the new extensions are small enough to permit their practical use. The extensions are implemented in the UNIX system kernel.

This paper presents analysis of a congestion control scheme in which a multiplexer notifies upstream traffic sources when its buffer level crosses a preset threshold. Upon notification, the traffic streams are reshaped to a form less likely to cause overflow through rate or burstiness restrictions, or a combination of the two. For the analysis, the traffic is modeled by two Markov Modulated Rate Processes (MMRP's), one for above and one for below the threshold, and an iterative fluid approximation technique is used to determine the buffer occupancy distribution. Simulation results verify the accuracy of the approach, and the analysis is used to study the effect of varying the threshold and shaping function.

A new simple cell spacing architecture that guarantees the peak cell interval and realizes preferential contention resolution is proposed. Scheduling the cell emission on departure of the previous cell, not arrival, allows the source peak cell interval to be regenerated without clumping. Priority control is also realized in the proposed spacer. A connection is scheduled either at the head or tail of the contention chain depending on its priority. The proposed method is applied to realize the UPC function. The proposed cell spacer eliminates the clumping effects of CDV completely and achieves high bandwidth efficiency.

This letter proposes a VP-shaper for ATM networks that controls the VC-level cell clumping. The new shaper is compared with a conventional shaper and is found to significantly increase CAC (Call Admission Control) efficiency and achieve high VP utilization gain. Hardware implementation based on a shared buffer and chained lists is presented and its feasibility is shown.