Browsing by Author "Wenye Wang, Committee Member"

Filter results by typing the first few letters
Now showing 1 - 11 of 11
  • No Thumbnail Available
    Congestion Control and Quality-of-Service (QoS) on Jumpstart Optical Burst Switched Environment
    (2006-07-16) Yang, Li; Wenye Wang, Committee Member; Khaled Harfoush, Committee Member; Rudra Dutta, Committee Member; George N Rouskas, Committee Chair
    This thesis studies the congestion control and Quality-of-Service (QoS) problems in Optical Burst Switched (OBS) networks. It consists of three parts. In the first part, we consider path switching as a congestion control mechanism at the edge of the network. We study a suite of path-switching strategies, each of which gives a different method to estimate the path congestion online. We also develop a framework for combining several path switching strategies into hybrid strategies whose results are based on the decisions of multiple individual methods. We demonstrate the effectiveness and benefits of adaptive path selection via simulation. In the second part of the thesis, we develop a general framework for absolute service guarantees for an OBS network in terms of the end-to-end burst loss. We first present a parameterized model for wavelength sharing. Then, we develop a heuristic for optimizing the policy parameters to support per-link absolute QoS guarantees. Finally, we present a methodology for acquiring the per-link parameters from the end-to-end QoS requirements so as to provide network-wide guarantees. We present numerical results to validate our approach. In the third part, we present a per-link wavelength provisioning scheme based on Constrained Markov Decision Processes (CMDP) theory to provide service differentiation. Service differentiation is evaluated with two objectives on OBS networks: to maximize the constrained throughput; and to minimize the loss of the best effort traffic subject to the constraints on the priority traffics. The randomized threshold policies we obtain are simple to implement and operate, and make effective use of statistical multiplexing.
  • No Thumbnail Available
    Development of Monte Carlo Code for Coincidence Prompt Gamma-ray Neutron Activation analysis
    (2005-11-07) Han, Xiaogang; Avneet Sood, Committee Member; Robin P. Gardner, Chair, Committee Chair; Wenye Wang, Committee Member; Man-Sung Yim, Committee Member
    Prompt Gamma-Ray Neutron Activation Analysis (PGNAA) offers a non-destructive, relatively rapid on-line method for determination of elemental composition of bulk and other samples. However, PGNAA has an inherently large background. These backgrounds are primarily due to the presence of the neutron excitation source. It also includes neutron activation of the detector and the prompt gamma rays from the structure materials of PGNAA devices. These large backgrounds limit the sensitivity and accuracy of PGNAA. Since Most of the prompt gamma rays from the same element are emitted in coincidence, a possible approach for further improvement is to change the traditional PGNAA detection technique and introduce the gamma-gamma coincidence technique. It is well known that the coincidence technique can eliminate most of the interference backgrounds and improve the signal-to-noise ratio. A new Monte Carlo code CEARCPG is being developed at CEAR to predict coincidence counting in coincidence PGNAA. Compared to the other existing Monte Carlo code, a new algorithm of sampling the prompt gamma rays, which are produced from neutron capture reaction and neutron inelastic scattering reaction, is developed in this work. All the prompt gamma rays are taken into account by using this new algorithm. Before this work, the commonly used method is to interpolate the prompt gamma rays from the pre-calculated gamma-ray table. It works fine for the single spectrum. However it limits the capability to simulate the coincidence spectrum. This new algorithm is to sample the prompt gamma rays from the nucleus scheme. It makes possible to simulate the coincidence spectrum by using Monte Carlo method. The primary nuclear data library used to sample the prompt gamma rays comes from ENSDF library. Three cases are simulated and the simulated results are checked with the experiments. The first case is the prototype for ETI PGNAA application. This case is designed to check the capability of CEARCPG for single spectrum simulation. The second case and the third case are designed for coincidence simulation. CEARCPG is also applied to optimize the design of coincidence PGNAA device. A new coincidence PGNAA application is proposed in this work. The probability of extending this code is also discussed. The funding of this work is provided by the Center for Engineering Application of Radioisotopes (CEAR) at North Carolina State University (NCSU) and Nuclear Engineering Education Research.
  • No Thumbnail Available
    Economic Models for Tiered Network Services
    (2010-04-12) Lv, Qian; Wenye Wang, Committee Member; Rudra Dutta, Committee Member; Khaled Harfoush, Committee Member; George N Rouskas, Committee Chair
    Tiered network services have been prevalent in current networking industry. The term tiered service means that the network operator only provides a small set of tiers (levels) - which offer progressively higher levels of service - to the customers each of whom will be mapped to one of the given tiers. In this thesis we focus on the economic issues for tiered network service. We first formulate the problem of selecting service tiers from three perspectives: one that considers the users interests only, one that considers only the service provider’s interests, and one that considers both simultaneously. We consider the solution to this problem under two cases: 1) the discrete case, i.e., each user demand is known to the service provider; 2) the stochastic case, i.e., the service provider only knows the probability distribution of the user demands. For both cases, we present accurate and efficient algorithms based on dynamic programming. After finding the set of (near-) optimal service tiers, we then employ game-theoretic techniques to find an optimal price for each service tier that strikes a balance between the conflicting objectives of users and service provider. This work provides a theoretical framework for reasoning about and pricing Internet tiered services, as well as a practical toolset for network providers to develop customized menus of service offerings. We further consider some advanced economic topics in tiered network service. We notice that some network services may tend to be elastic, i.e., the users may value a given service differently and show different willingness to pay for the service. In this thesis, we assume that users are partitioned into some distinct classes. We develop an optimal algorithm to select jointly the set of service tiers and their prices so as to maximize the provider profits. Our research shows that introducing multiple tiers can be an effective market segmentation strategy that may lead to an increase in profits. Another advanced topic in tiered network service is service bundling, which means the network providers combine several services together and sell them as a single package at a lower price than that if the services are sold separately. Based on tools from microeconomics and utility theory, we developed an efficient method to find tiered structures for bundles of network services with the objective of maximizing provider profits under user constraints.
  • No Thumbnail Available
    Improving Robustness of Webs of Trust
    (2006-02-06) Jiang, Qinglin; Wenye Wang, Committee Member; Douglas S. Reeves, Committee Chair; Peng Ning, Committee Co-Chair; Greg T. Byrd, Committee Member
    The correct recognition of a user's public key is very important for many security functions, such as confidentiality, integrity and non-repudiation. If we mistakenly recogniz ean illegitimate public key as legitimate, then these security functions may be compromised. In distributed webs of trust systems, each user's public-key information is provided by other users. Because users can be unreliable (untrustworthy, malicious, compromised users or who make mistakes), the correctness of the public-key information they provided remains a question. For this reason, a method to verify the correctness of the user-provided public-key information is very much needed. Previous works have suggested the use of redundancy to compute the trustworthiness on user-provided public key information. However, the problem of how to improve the trustworthiness has never been considered. In this paper, we will focus on the problem of how to improve the trustworthiness of user-provided public-key information. Firstly, we observe that the trustworthiness computed on a public key may be inaccurate if users claim multiple false identities and/or (either legitimately or illegitimately) possess multiple public keys. We explain it and show that the result of trust computation can be made more accurate if we also consider identities. Secondly, we analyze conflicting certificates and show that it can be used to detect malicious users and improve the trustworthiness on public keys. Thirdly, we show that the current webs of trust system's robustness can be significantly improved by the two kinds of certificate recommendation methods we have proposed. The applications of both recommendation methods will result in richly-connected and very robust webs of trust systems. In the last, we present a very efficient and robust mechanism to apply the webs of trust system in wireless ad-hoc networks.Our mechanism enables users to exchange certificate path information so they can easily find certificate paths and authenticate each other. Our presented mechanism is very efficient and requires less communication overheads. Our mechanism is also very robust because it considers the case of network partitions and can construct and find multiple certificate paths between users. For all the works presented in this paper, we illustrate their concepts and show the results on practical web of trust PGP keyrings.
  • No Thumbnail Available
    Performance analysis of power management in WLAN and UMTS
    (2006-08-15) Lei, Hongyan; Arne A. Nilsson, Committee Chair; Alexandra Duel-Hallen, Committee Member; Wenye Wang, Committee Member; Mihail Devetsikiotis, Committee Member
    Wireless networks have enjoyed the exponential development, and wireless communication has become an essential part of modern life. Many new wireless applications demand higher speed and consume more energy. However, wireless devices are always powered by batteries, which have limited life time and constrain the use of wireless devices and the growth of wireless networks. Energy efficiency becomes an important issue in wireless networks. We study the energy efficiency in the IEEE 802.11 based WLAN (Wireless Local Area Network) and the third generation cellular system UMTS (Universal Mobile Telecommunication System), in which the basic mechanism is to put a mobile device into a low power consumption state when it is idle and wake it up periodically to transmit/receive traffic. In WLANs, the study is focused on the MAC (Media Access Control) sublayer. Two queueing models for the power management mechanisms in an infrastructure network are proposed: the M/G/1 queue with bulk service and the D/G/1 queue. Based on the analytical and simulation results, suggestions are given about how to optimally configure the power management parameters. We also propose the enhanced power management schemes for both infrastructure and independent networks, which outperform the original schemes based on our analysis and simulation. In UMTS, the impacts of Discontinuous Reception (DRX) mechanism and inactivity timer are studied. The simulation of the performance of power saving mechanism is carried out by inputting several typical traffic models specified by 3GPP (third generation partnership project). From the results that different traffic models demand different optimal parameters, we propose to adaptively configure the DRX cycle and inactivity timer parameters based on real-time measurements.
  • No Thumbnail Available
    Performance Characterization of IP Network-based Control Methodologies for DC Motor Applications.
    (2005-09-06) Richards, Tyler V; Wenye Wang, Committee Member; James Brickley, Committee Member; Mo-Yuen Chow, Committee Chair
    Using a communication network, such as an IP network, in the control loop is increasingly becoming the norm. This process of network-based control (NBC) has potential profound impact in areas such as: teleoperation, healthcare, military applications, and manufacturing. However, limitations arise as the communication network introduces delay that often degrades or destabilizes the control system. Four methods have been investigated that alleviate the IP network delays to provide stable real-time control. A performance measure is defined for a case study on a DC motor with a networked proportional-integral (PI) speed controller with various network delays and noise levels. Matlab simulation results show that NBC combined with these techniques can successfully maintain system stability, allowing control of real-time applications.
  • No Thumbnail Available
    Polymorphic and Metamorphic Malware Detection
    (2009-05-16) Zhang, Qinghua; S. Purushothaman Iyer, Committee Member; Peng Ning, Committee Member; Wenye Wang, Committee Member; Douglas S. Reeves, Committee Chair
    Software attacks are a serious problem. Conventional anti-malware software expects malicious software, malware, to contain fixed and known code. Malware writers have devised methods of concealing or constantly changing their attacks to evade anti-malware software. Two important recent techniques are polymorphism, which makes uses of code encryption, and metamorphism, which uses a variety of code obfuscation techniques. This dissertation presents three new techniques for detection of these malware. The first technique is to recognize polymorphic malware that are encrypted and that self-decrypt before launching the attacks in network traffic. We propose a new approach that combines static analysis and instruction emulation techniques to more accurately identify the starting location and instructions of the decryption routine, which is characteristic of such malware, even if self-modifying code is used. This method has been implemented and tested on current polymorphic exploits, including ones generated by state-of-the-art polymorphic engines. All exploits have been detected (i.e., a 100% detection rate), including those for which the decryption routine is dynamically coded or self-modifying. The method has also been tested on benign network traffic and Windows executables. The false positive rates are approximately .0002% and .01% for these two categories, respectively. Running time is approximately linear in the size of the network payload being analyzed and is between 1 and 2 MB/s. The second technique is a means of recognizing metamorphic malware which has a transformed program image with equivalent or updated functionalities. We propose a new approach that uses fully automated static analysis of executables to summarize and compare program semantics, based primarily on the pattern of library or system functions which are called. This method has been prototyped and evaluated using randomized benchmark programs, instances of known malware program variants, and utility software available in multiple releases. The results demonstrate three important capabilities of the proposed method: (a) it does well at identifying metamorphic variants of common malware. (b) it distinguishes easily between programs that are not related and, (c) it can identify and detect program variations, or code reuse. Such variations can be due to the insertion of malware (such as viruses) into the executable of a host program. The third technique improves the applicability of a semantic metamorphic malware detector which is the second technique of this dissertation. We propose an automated approach to generate common malware behavior patterns for detection of metamorphic malware or new malware instances. This method combines static analysis and data-mining techniques. This method has been prototyped and evaluated on real world malicious bot software and benign Windows programs. Through the experimental comparison with the metamorphic malware detector, this method results in an about 80% reduction in semantic pattern population to detect known and new malware instances. It is more robust to a junk behavior pollution attack than the malware detector is. A set of experiments was performed to test the quality of the common behavior patterns which were generated with different parameter configurations. Two optimized common behavior patterns were obtained. The corresponding detection rates and true false positive rates are 94%, 8.3%, and 78%, 0.32% respectively. According to a recent paper [1], for indirect comparison and simple reference, the values of the two detection rates which are 94% and 78% more than double the detection rate of signature-based methods on unknown malware programs, which is 33.75%.
  • No Thumbnail Available
    Power Supply, Protection, and Harmonic Analysis for an Electric Vehicle Charging System in a Large Parking Deck
    (2010-02-17) Hutchinson, Shane Robert; Mesut Baran, Committee Chair; Srdjan Lukic, Committee Member; Wenye Wang, Committee Member
    This thesis presents a power delivery architecture for an Electric Vehicle (EV) and Plug-in Hybrid Electric Vehicle (PHEV) charging system to be implemented in a parking deck for consumer use. The main design issues for this topic are covered, including the characterization of the PHEV and EV load using simulations, the layout of the power supply circuit, the sizing of cables and transformers, and electrical protection. The National Electrical code is used to size the equipment, following the guidelines of the IEEE Recommended Practice for Electric Power Systems in Commercial Buildings. The transformer is sized by a statistical analysis with the Monte Carlo method of the expected power by looking at the arrival times and initial states of charge of the vehicle batteries connected to the system. Included in this design is a current harmonic analysis of the HEV Toyota Prius with a Hymotion plug-in aftermarket kit and the Progress Energy Ford Escape PHEV. The NC State ATEC charger is also analyzed in software to get a comparison of the charger topologies. The harmonic current analysis and its effects on the transformer rating are discussed. The harmonic phase cancellation phenomenon is studied for the charging system, where current harmonics for multiple chargers connected to the same system are phase shifted from one another, resulting in a lesser value for the total distortion than the strict arithmetic sum of the harmonic current magnitudes. Final results are obtained by using the Monte Carlo method to apply a derating factor for the transformer in accordance with the IEEE C57.110 Standard.
  • No Thumbnail Available
    Securing Communication in Dynamic Network Environments
    (2007-06-11) Wang, Pan; Peng Ning, Committee Co-Chair; Douglas S. Reeves, Committee Chair; Wenye Wang, Committee Member; Gregory T. Byrd, Committee Member
    In dynamic network environments, users may come from different domains, and the number of users and the network topology may change unpredictably over time. How to protect the users' ommunication in such dynamic environments, therefore, is extremely challenging. This dissertation has investigated multiple research problems related to securing users' communication in dynamic network environments, focusing on two kinds of dynamic networks, i.e., mobile ad hoc networks and overlay networks. It first introduces a secure address auto-configuration scheme for mobile ad hoc networks, since a precondition of network communication is that each user is configured with a unique network identifier (address). This proposed auto-configuration scheme binds each address with a public key, allows a user to self-authenticate itself, and thus greatly thwarts the address spoofing attacks, in the absence of centralized authentication services. Next, this thesis presents two storage-efficient stateless group key distribution schemes to protect the group communication of a dynamic set of users. These two key distribution schemes utilize one-way key chains with a logical tree. They allow an authorized user to get updated group keys even if the user goes off-line for a while, and significantly reduce the storage requirement at each user if compared with previous stateless key distribution schemes. Third, this thesis investigates the solution using cryptographic methods to enforce network access control in mobile ad hoc networks, whose dynamic natures make it difficult to directly apply traditional access control techniques such as firewalls. A functioning prototype demonstrates the proposed access control system is practical and effective. Finally, this dissertation introduces a k-anonymity communication protocol for overlay networks to protect the privacy of users' communication. Unlike the existing anonymous communication protocols that either cannot provide provable anonymity or suffer from transmission collision, the proposed protocol is transmission collision free and provides provable k-anonymity for both the sender and the recipient. The analysis shows the proposed anonymous communication protocol is secure even under a strong adversary model, in which the adversary controls a fraction of nodes, is able to eavesdrop all network traffic and maliciously modify/replay the transmitted messages. A proof-of-concept implementation demonstrates the proposed protocol is practical.
  • No Thumbnail Available
    Super-Diffusive Behavior in Human Mobility and Finding Relevant Models in Mobile Opportunistic Networks.
    (2010-11-29) Kim, Sungwon; Do Eun, Committee Chair; Arne Nilsson, Committee Member; Wenye Wang, Committee Member; Alun Lloyd, Committee Member
  • No Thumbnail Available
    Trustworthy and Resilient Time Synchronization in Wireless Sensor Networks
    (2006-08-10) Sun, Kun; Cliff Wang, Committee Co-Chair; Douglas S. Reeves, Committee Member; Mladen A. Vouk, Committee Member; Wenye Wang, Committee Member; Peng Ning, Committee Chair
    Wireless sensor networks have received a lot of attention recently due to its wide applications. Accurate and synchronized time is crucial in many sensor network applications due to the need for consistent distributed sensing and coordination. A number of time synchronization schemes have been proposed recently to address the resource constraints in sensor networks. However, all these techniques cannot survive malicious attacks in hostile environments. This dissertation includes three secure time synchronization techniques, secure single-hop pair-wise time differences, fault-tolerant cluster-wise time synchronization, and secure and resilient global time synchronization, to achieve time synchronization in different scopes of sensor networks. First, we develop a secure single-hop pair-wise time synchronization technique that provides time difference between two neighbor nodes using hardware-assisted, authenticated medium access control (MAC) layer timestamping. This technique can effectively defeats external attacks that attempt to mislead single-hop pairwise time synchronization. Moreover, it can handle high data rate such as those produced by MICAz motes. Second, we propose a fault-tolerant cluster-wise time synchronization scheme to provide a common clock among a cluster of nodes, where the nodes in the cluster can communicate through broadcast. This scheme guarantees an upper bound of time difference between normal nodes in a cluster, provided that the malicious nodes are no more than one third of the cluster. Unlike the traditional fault-tolerant time synchronization approaches, the proposed technique does not introduce collisions between synchronization messages, nor does it require costly digital signatures. Third, we develop two secure and resilient global time synchronization schemes: level-based time synchronization and diffusion-based time synchronization. The basic idea of both schemes is to provide redundant ways for one node to synchronize its clock with another far-away node, so that it can tolerate partially missing or false synchronization information provided by compromised nodes. Both schemes achieve global time synchronization based on a model where all the sensor nodes synchronize their clocks to some common source, which is assumed to be well synchronized to an external clock. The level-based scheme builds a level hierarchy in the sensor network, and then synchronizes the whole network level by level. The diffusion-based scheme allows each node to diffuse its clock to its neighbor nodes after it has been synchronized. Both schemes are secure against external attacks and resilient against compromised nodes. We adapt a novel use of the uTESLA broadcast authentication protocol for local authenticated broadcast, reducing the message overhead as well as the message collisions. We implement a secure and resilient global time synchronization protocol, TinySeRSync, on MICAz motes running TinyOS and perform a thorough evaluation through field experiments in a network of 60 MICAz motes. The evaluation results indicate that TinySeRSync is a practical system for secure and resilient global time synchronization in wireless sensor networks.