Dong Xuan - Academia.edu (original) (raw)

Papers by Dong Xuan

algorithm to reduce the number of duplicate/overlapping queries and save overall energy consumpti... more algorithm to reduce the number of duplicate/overlapping queries and save overall energy consumption in the sensor network. Our performance evaluations show that by applying our query aggregation algorithm, the overall energy consumption can be significantly reduced and the sensor network lifetime can be prolonged correspondingly.

Page 1. Complete Optimal Deployment Patterns for Full-Coverage and k-Connectivity (k ≤ 6) Wireles... more Page 1. Complete Optimal Deployment Patterns for Full-Coverage and k-Connectivity (k ≤ 6) Wireless Sensor Networks Xiaole Bai† Dong Xuan† Ziqiu Yun‡ Ten H. Lai† Weijia Jia§ † Computer Science and Engineering ‡ Department of Mathematics ...

IEEE Transactions on Parallel and Distributed Systems, 2000

AbstractÐAn anycast packet is one that should be delivered to one member in a group of designated... more AbstractÐAn anycast packet is one that should be delivered to one member in a group of designated recipients. Using anycast services may considerably simplify some applications. Little work has been done on routing anycast packets. In this paper, we propose and analyze a routing ...

IEEE Transactions on Systems, Man, and Cybernetics, 2001

This paper presents the general approach, design, implementation, and evaluation of NetCamo, a sy... more This paper presents the general approach, design, implementation, and evaluation of NetCamo, a system to prevent traffic analysis in systems with real-time requirements. Integrated support for both security and real-time is becoming necessary for computer networks that support mission critical applications. This study focusses on how to integrate both the prevention of traffic analysis and guarantees for worst-case delays in an internetwork. We propose and analyze techniques that efficiently camouflage network traffic and correctly plan and schedule the transmission of payload traffic so that both security and real-time requirements are met. The performance evaluation shows that our NetCamo system is effective and efficient. By using the error between target camouflaged traffic and the observed (camouflaged) traffic as metric to measure the quality of the camouflaging, we show that NetCamo achieves very high levels of camouflaging without compromising real-time requirements.

Abstract-In this paper, we address issues related to preventing traffic analysis in computer netw... more Abstract-In this paper, we address issues related to preventing traffic analysis in computer networks used for real-time mission-critical applications. We consider an IP-based network where headers of packets, including source host address and destination host address, are readable by ...

We propose and analyze a methodology for providing absolute differentiated services for real-time... more We propose and analyze a methodology for providing absolute differentiated services for real-time applications in networks that use static-priority schedulers. We extend previous work on worst-case delay analysis and develop a method that can be used to derive delay bounds without specific information on flow population. With this new method, we are able to successfully employ a utilization-based admission control approach for flow admission. This approach does not require explicit delay computation at admission time and hence is scalable to large systems. We assume the underlying network to use static-priority schedulers. We design and analyze several priority assignment algorithms, and investigate their ability to achieve higher utilization bounds. Traditionally, schedulers in differentiated services networks assign priorities on a class-by-class basis, with the same priority for each class on each router. We show that relaxing this requirement, that is, allowing different routers to assign different priorities to classes, achieves significantly higher utilization bounds

Abstract—In this paper, we propose and analyze a methodology for providing absolute differentiate... more Abstract—In this paper, we propose and analyze a methodology for providing absolute differentiated services for real-time appli-cations. We develop a method that can be used to derive delay bounds without specific information on flow population. With this new method, we are able to ...

Law enforcement agencies need the ability to conduct electronic surveillance to combat crime, ter... more Law enforcement agencies need the ability to conduct electronic surveillance to combat crime, terrorism, or other malicious activities exploiting the Internet. However, the proliferation of anonymous communication systems on the Internet has posed significant challenges to providing such traceback capability. In this paper, we develop a new class of flow marking technique for invisible traceback based on Direct Sequence Spread Spectrum (DSSS), utilizing a Pseudo-Noise (PN) code. By interfering with a sender's traffic and marginally varying its rate, an investigator can embed a secret spread spectrum signal into the sender's traffic. The embedded signal is carried along with the traffic from the sender to the receiver, so the investigator can recognize the corresponding communication relationship, tracing the messages despite the use of anonymous networks. The secret PN code makes it difficult for others to detect the presence of such embedded signals, so the traceback, while available to investigators is, effectively invisible. We demonstrate a practical flow marking system which requires no training, and can achieve both high detection and low false positive rates. Using a combination of analytical modeling, simulations, and experiments on Tor (a popular Internet anonymous communication system), we demonstrate the effectiveness of the DSSS-based flow mark- *

IEEE Communications Magazine, 2000

In this paper, we study integrated routing algorithms for anycast messages in packet switching ne... more In this paper, we study integrated routing algorithms for anycast messages in packet switching networks. Integrated approach makes use of single path routing and multi-path routing. The former is simple and easy to implement and the later splits traffic into several different paths and may potentially reduce congestion, improving delay and throughput performance. However, a multi-path routing router requires additional storage in order to maintain muti-path information. In the case that the memory size of a router is limited, using multi-path routing may result in longer delay at the router due to the time taken to (re)establish entries in routing table. To take advantages of both the approaches and to overcome their shortcomings, we adaptively select a suh-set of routers in the network to carry out multi-path routing. The rest of routers do single path routing. We demonstrate that our integrated routing algorithms perform substantially better than the systems where either single path routing approach or multi-path approach is used alone.

Anycasting has recently become an important research topic, especially for replicated servers. Wi... more Anycasting has recently become an important research topic, especially for replicated servers. With anycasting, applications can request the "nearest" server for provision of desired (multimedia) service. In this paper, we study efficient Distributed Admission Control (DAC) for anycast flows. We focus on algorithms that perform destination selection and efficient path establishment. Taking advantage of anycasting, our distributed algorithms differ from each other in their dependence on system status information. Performance data obtained through mathematical analysis and simulations show that, in terms of admission probabilities, DAC systems that are based on local status information have performance levels close to those that utilize global and dynamic status information. This renders our DAC algorithms useful not only for the network layer, but also for the application layer admission control for anycast flows.

IEEE Transactions on Parallel and Distributed Systems, 2007

An important phase of sensor networks operation is deployment of sensors in the field of interest... more An important phase of sensor networks operation is deployment of sensors in the field of interest. Critical goals during sensor networks deployment include coverage, connectivity, load balancing etc. A class of work has recently appeared, where mobility in sensors is leveraged to meet deployment objectives. In this paper, we study deployment of sensor networks using mobile sensors. The distinguishing feature of our work is that the sensors in our model have limited mobilities. More specifically, the mobility in the sensors we consider is restricted to a flip, where the distance of the flip is bounded. We call such sensors as flip-based sensors. Given an initial deployment of flip-based sensors in a field, our problem is to determine a movement plan for the sensors in order to maximize the sensor network coverage, and minimize the number of flips. We propose a minimum-cost maximum-flow based solution to this problem. We prove that our solution optimizes both the coverage and the number of flips. We also study the sensitivity of coverage and the number of flips to flip distance under different initial deployment distributions of sensors. We observe that increased flip distance achieves better coverage, and reduces the number of flips required per unit increase in coverage. However, such improvements are constrained by initial deployment distributions of sensors, due to the limitations on sensor mobility.

IEEE Transactions on Parallel and Distributed Systems, 2004

Anycasting has recently become an important research topic, especially for replicated servers. Wi... more Anycasting has recently become an important research topic, especially for replicated servers. With anycasting, applications can request the "nearest" server for provision of desired (multimedia) service. In this paper, we study efficient Distributed Admission Control (DAC) for anycast flows. We focus on algorithms that perform destination selection and efficient path establishment. Taking advantage of anycasting, our distributed algorithms differ from each other in their dependence on system status information. Performance data obtained through mathematical analysis and simulations show that, in terms of admission probabilities, DAC systems that are based on local status information have performance levels close to those that utilize global and dynamic status information. This renders our DAC algorithms useful not only for the network layer, but also for the application layer admission control for anycast flows.

In this paper, we propose an approach to flow-unaware admission control, which is combination wit... more In this paper, we propose an approach to flow-unaware admission control, which is combination with an aggregate packet forwarding scheme, improves scalability of networks while guaranteeing end-to-end deadlines for realtime applications. We achieve this by using an off-line delay computation and verification step, which allows to reduce the overhead at admission control while keeping admission probability and resources utilization high. Our evaluation data show our system's admission probabilities are very close to those of significantly more expensive flow-aware approaches. At the same time, admission control overhead during flow establishment is very low. Our results therefore support the claim from the DS architecture literature that scalability can be achieved through flow aggregation without sacrificing resource utilization and with significant reduction in run time overhead. ¡ . Each edge router is supposed to aggregate the individual flows into a small number of such aggregate flows. In this fashion, the DS model makes the ¢ In the following, we will use the term flow to indicate a stream of data between a source and a destination, and the term connection to indicate the virtual circuit that needs to be established to carry the flow.

Recent active worm propagation events show that active worms can spread in an automated fashion a... more Recent active worm propagation events show that active worms can spread in an automated fashion and flood the Internet in a very short period of time. Due to the recent surge of Peer-to-Peer (P2P) systems with large numbers of users, P2P systems can be a potential vehicle for the active worms to achieve fast worm propagation in the Internet. In this paper, we address the issue of the impacts of active worm propagation on top of P2P systems. In particular: 1) we define a P2P system based active worm attack model and study two attack strategies (an off-line and on-line strategy) under the defined model; 2) we develop an analytical approach to analyze the propagation of active worm under the defined attack model and conduct an extensive study to the impacts of P2P system parameters, such as size, topology degree, and the structured/unstructured properties on active worm propagation. Based on numerical results, we observe that a P2P-based attack can significantly worsen attack effects (improve the attack performance) and we observe that the speed of worm propagation is very sensitive to P2P system parameters. We believe that our work can provide important guidelines in design and control of P2P systems as well as active worm defense.

Sensors may fail due to various reasons such as heat, malicious activity, environmental hazards, ... more Sensors may fail due to various reasons such as heat, malicious activity, environmental hazards, extended use, and lack of power. As more and more sensors fail, certain desired properties such as barrier coverage will diminish and eventually fall below a desired level. In such a case, the network will have to be repaired. It is therefore desirable to have mechanisms to monitor network properties. In this paper, we are interested in measuring the quality of barrier coverage. In the literature, researchers only consider whether or not a sensor network provides barrier coverage. This is equivalent to measuring its quality as either 0 or 1. We believe quality of barrier coverage is not binary and propose a metric for measuring it. If the measured quality is short of a desired value, we further identify all local regions that need to be repaired. The identified regions are minimum in the sense that if one of them is not repaired then the resulting network will still be short of quality. We also discuss how to actually repair a region.

In this paper, we study the issue of mobility based sensor networks deployment. The distinguishin... more In this paper, we study the issue of mobility based sensor networks deployment. The distinguishing feature of our work is that the sensors in our model have limited mobilities. More specifically, the mobility in the sensors we consider is restricted to a flip, where the distance of the flip is bounded. Given an initial deployment of sensors in a field, our problem is to determine a movement plan for the sensors in order to maximize the sensor network coverage, and minimize the number of flips. We propose a minimum-cost maximum-flow based solution to this problem. We prove that our solution optimizes both the coverage and the number of flips. We also study the sensitivity of coverage and the number of flips to flip distance under different initial deployment distributions of sensors. We observe that increased flip distance achieves better coverage, and reduces the number of flips required per unit increase in coverage. However, such improvements are constrained by initial deployment distributions of sensors, due to the limitations on sensor mobility

ABSTRACT It is well-known that placing disks in the triangular lattice pat- tern is optimal for a... more ABSTRACT It is well-known that placing disks in the triangular lattice pat- tern is optimal for achieving full coverage on a plane. With the emergence of wireless sensor networks, however, it is now no longer enough to consider coverage alone when deploy- ing a wireless sensor network; connectivity must also be con- sidered. While moderate loss in coverage can be tolerated by applications of wireless sensor networks, loss in connec- tivity can be fatal. Moreover, since sensors are subject to unanticipated failures after deployment, it is not enough to have a wireless sensor network just connected, it should be k-connected (for k> 1). In this paper, we propose an op- timal deployment pattern to achieve both full coverage and 2-connectivity, and prove its optimality for all values of rc/rs, where rc is the communication radius, and rs is the sensing radius. We also prove the optimality of a previously proposed deployment pattern for achieving both full coverage and 1- connectivity, when rc/rs < √ 3. Finally, we compare the effi- ciency of some popular regular deployment patterns such as the square grid and triangular lattice, in terms of the number of sensors needed to provide coverage and connectivity.

This paper studies countermeasures to traffic analysis attacks. A common strategy for such counte... more This paper studies countermeasures to traffic analysis attacks. A common strategy for such countermeasures is link padding. We consider systems where payload traffic is padded so that packets have either constant inter-arrival times or variable inter-arrival times. The adversary applies statistical recognition techniques to detect the payload traffic rates by using statistical measures like sample mean, sample variance, or sample entropy. We evaluate quantitatively the ability of the adversary to make a correct detection and derive closed-form formulas for the detection rate based on analytical models. Extensive experiments were carried out to validate the system performance predicted by the analytical method. Based on the systematic evaluations, we develop design guidelines for the proper configuration of a system in order to minimize the detection rate.

In this paper, we propose and analyze three routing algorithms for anycast packets: i) source-des... more In this paper, we propose and analyze three routing algorithms for anycast packets: i) source-destination based routing with weighted random selection (SD/WRS), ii) destination based routing with weighted random selection (D/WRS), and iii) the shortest shortest path first (SSPF) algorithms. The SSPF algorithm is a simple extension to the traditional SPF algorithm for routing unicast packets. The SD/WRS and D/WRS algorithms explicitly take into account characteristics of anycast message traffic and its recipient group. As a result, our simulation study shows that both the SD/WRS and D/WRS algorithms perform much better than SSPF in terms of average end-to-end packet delay. In particular, SD/WRS performs very close to a dynamic optimal algorithm in most cases. Our algorithms are simple, efficient, and compatible with the most of existing routing technologies. We also formally prove the loop free and correctness properties for our algorithms.

algorithm to reduce the number of duplicate/overlapping queries and save overall energy consumpti... more algorithm to reduce the number of duplicate/overlapping queries and save overall energy consumption in the sensor network. Our performance evaluations show that by applying our query aggregation algorithm, the overall energy consumption can be significantly reduced and the sensor network lifetime can be prolonged correspondingly.

Page 1. Complete Optimal Deployment Patterns for Full-Coverage and k-Connectivity (k ≤ 6) Wireles... more Page 1. Complete Optimal Deployment Patterns for Full-Coverage and k-Connectivity (k ≤ 6) Wireless Sensor Networks Xiaole Bai† Dong Xuan† Ziqiu Yun‡ Ten H. Lai† Weijia Jia§ † Computer Science and Engineering ‡ Department of Mathematics ...

IEEE Transactions on Parallel and Distributed Systems, 2000

AbstractÐAn anycast packet is one that should be delivered to one member in a group of designated... more AbstractÐAn anycast packet is one that should be delivered to one member in a group of designated recipients. Using anycast services may considerably simplify some applications. Little work has been done on routing anycast packets. In this paper, we propose and analyze a routing ...

IEEE Transactions on Systems, Man, and Cybernetics, 2001

This paper presents the general approach, design, implementation, and evaluation of NetCamo, a sy... more This paper presents the general approach, design, implementation, and evaluation of NetCamo, a system to prevent traffic analysis in systems with real-time requirements. Integrated support for both security and real-time is becoming necessary for computer networks that support mission critical applications. This study focusses on how to integrate both the prevention of traffic analysis and guarantees for worst-case delays in an internetwork. We propose and analyze techniques that efficiently camouflage network traffic and correctly plan and schedule the transmission of payload traffic so that both security and real-time requirements are met. The performance evaluation shows that our NetCamo system is effective and efficient. By using the error between target camouflaged traffic and the observed (camouflaged) traffic as metric to measure the quality of the camouflaging, we show that NetCamo achieves very high levels of camouflaging without compromising real-time requirements.

Abstract-In this paper, we address issues related to preventing traffic analysis in computer netw... more Abstract-In this paper, we address issues related to preventing traffic analysis in computer networks used for real-time mission-critical applications. We consider an IP-based network where headers of packets, including source host address and destination host address, are readable by ...

We propose and analyze a methodology for providing absolute differentiated services for real-time... more We propose and analyze a methodology for providing absolute differentiated services for real-time applications in networks that use static-priority schedulers. We extend previous work on worst-case delay analysis and develop a method that can be used to derive delay bounds without specific information on flow population. With this new method, we are able to successfully employ a utilization-based admission control approach for flow admission. This approach does not require explicit delay computation at admission time and hence is scalable to large systems. We assume the underlying network to use static-priority schedulers. We design and analyze several priority assignment algorithms, and investigate their ability to achieve higher utilization bounds. Traditionally, schedulers in differentiated services networks assign priorities on a class-by-class basis, with the same priority for each class on each router. We show that relaxing this requirement, that is, allowing different routers to assign different priorities to classes, achieves significantly higher utilization bounds

Abstract—In this paper, we propose and analyze a methodology for providing absolute differentiate... more Abstract—In this paper, we propose and analyze a methodology for providing absolute differentiated services for real-time appli-cations. We develop a method that can be used to derive delay bounds without specific information on flow population. With this new method, we are able to ...

Law enforcement agencies need the ability to conduct electronic surveillance to combat crime, ter... more Law enforcement agencies need the ability to conduct electronic surveillance to combat crime, terrorism, or other malicious activities exploiting the Internet. However, the proliferation of anonymous communication systems on the Internet has posed significant challenges to providing such traceback capability. In this paper, we develop a new class of flow marking technique for invisible traceback based on Direct Sequence Spread Spectrum (DSSS), utilizing a Pseudo-Noise (PN) code. By interfering with a sender's traffic and marginally varying its rate, an investigator can embed a secret spread spectrum signal into the sender's traffic. The embedded signal is carried along with the traffic from the sender to the receiver, so the investigator can recognize the corresponding communication relationship, tracing the messages despite the use of anonymous networks. The secret PN code makes it difficult for others to detect the presence of such embedded signals, so the traceback, while available to investigators is, effectively invisible. We demonstrate a practical flow marking system which requires no training, and can achieve both high detection and low false positive rates. Using a combination of analytical modeling, simulations, and experiments on Tor (a popular Internet anonymous communication system), we demonstrate the effectiveness of the DSSS-based flow mark- *

IEEE Communications Magazine, 2000

In this paper, we study integrated routing algorithms for anycast messages in packet switching ne... more In this paper, we study integrated routing algorithms for anycast messages in packet switching networks. Integrated approach makes use of single path routing and multi-path routing. The former is simple and easy to implement and the later splits traffic into several different paths and may potentially reduce congestion, improving delay and throughput performance. However, a multi-path routing router requires additional storage in order to maintain muti-path information. In the case that the memory size of a router is limited, using multi-path routing may result in longer delay at the router due to the time taken to (re)establish entries in routing table. To take advantages of both the approaches and to overcome their shortcomings, we adaptively select a suh-set of routers in the network to carry out multi-path routing. The rest of routers do single path routing. We demonstrate that our integrated routing algorithms perform substantially better than the systems where either single path routing approach or multi-path approach is used alone.

Anycasting has recently become an important research topic, especially for replicated servers. Wi... more Anycasting has recently become an important research topic, especially for replicated servers. With anycasting, applications can request the "nearest" server for provision of desired (multimedia) service. In this paper, we study efficient Distributed Admission Control (DAC) for anycast flows. We focus on algorithms that perform destination selection and efficient path establishment. Taking advantage of anycasting, our distributed algorithms differ from each other in their dependence on system status information. Performance data obtained through mathematical analysis and simulations show that, in terms of admission probabilities, DAC systems that are based on local status information have performance levels close to those that utilize global and dynamic status information. This renders our DAC algorithms useful not only for the network layer, but also for the application layer admission control for anycast flows.

IEEE Transactions on Parallel and Distributed Systems, 2007

An important phase of sensor networks operation is deployment of sensors in the field of interest... more An important phase of sensor networks operation is deployment of sensors in the field of interest. Critical goals during sensor networks deployment include coverage, connectivity, load balancing etc. A class of work has recently appeared, where mobility in sensors is leveraged to meet deployment objectives. In this paper, we study deployment of sensor networks using mobile sensors. The distinguishing feature of our work is that the sensors in our model have limited mobilities. More specifically, the mobility in the sensors we consider is restricted to a flip, where the distance of the flip is bounded. We call such sensors as flip-based sensors. Given an initial deployment of flip-based sensors in a field, our problem is to determine a movement plan for the sensors in order to maximize the sensor network coverage, and minimize the number of flips. We propose a minimum-cost maximum-flow based solution to this problem. We prove that our solution optimizes both the coverage and the number of flips. We also study the sensitivity of coverage and the number of flips to flip distance under different initial deployment distributions of sensors. We observe that increased flip distance achieves better coverage, and reduces the number of flips required per unit increase in coverage. However, such improvements are constrained by initial deployment distributions of sensors, due to the limitations on sensor mobility.

IEEE Transactions on Parallel and Distributed Systems, 2004

Anycasting has recently become an important research topic, especially for replicated servers. Wi... more Anycasting has recently become an important research topic, especially for replicated servers. With anycasting, applications can request the "nearest" server for provision of desired (multimedia) service. In this paper, we study efficient Distributed Admission Control (DAC) for anycast flows. We focus on algorithms that perform destination selection and efficient path establishment. Taking advantage of anycasting, our distributed algorithms differ from each other in their dependence on system status information. Performance data obtained through mathematical analysis and simulations show that, in terms of admission probabilities, DAC systems that are based on local status information have performance levels close to those that utilize global and dynamic status information. This renders our DAC algorithms useful not only for the network layer, but also for the application layer admission control for anycast flows.

In this paper, we propose an approach to flow-unaware admission control, which is combination wit... more In this paper, we propose an approach to flow-unaware admission control, which is combination with an aggregate packet forwarding scheme, improves scalability of networks while guaranteeing end-to-end deadlines for realtime applications. We achieve this by using an off-line delay computation and verification step, which allows to reduce the overhead at admission control while keeping admission probability and resources utilization high. Our evaluation data show our system's admission probabilities are very close to those of significantly more expensive flow-aware approaches. At the same time, admission control overhead during flow establishment is very low. Our results therefore support the claim from the DS architecture literature that scalability can be achieved through flow aggregation without sacrificing resource utilization and with significant reduction in run time overhead. ¡ . Each edge router is supposed to aggregate the individual flows into a small number of such aggregate flows. In this fashion, the DS model makes the ¢ In the following, we will use the term flow to indicate a stream of data between a source and a destination, and the term connection to indicate the virtual circuit that needs to be established to carry the flow.

Recent active worm propagation events show that active worms can spread in an automated fashion a... more Recent active worm propagation events show that active worms can spread in an automated fashion and flood the Internet in a very short period of time. Due to the recent surge of Peer-to-Peer (P2P) systems with large numbers of users, P2P systems can be a potential vehicle for the active worms to achieve fast worm propagation in the Internet. In this paper, we address the issue of the impacts of active worm propagation on top of P2P systems. In particular: 1) we define a P2P system based active worm attack model and study two attack strategies (an off-line and on-line strategy) under the defined model; 2) we develop an analytical approach to analyze the propagation of active worm under the defined attack model and conduct an extensive study to the impacts of P2P system parameters, such as size, topology degree, and the structured/unstructured properties on active worm propagation. Based on numerical results, we observe that a P2P-based attack can significantly worsen attack effects (improve the attack performance) and we observe that the speed of worm propagation is very sensitive to P2P system parameters. We believe that our work can provide important guidelines in design and control of P2P systems as well as active worm defense.

Sensors may fail due to various reasons such as heat, malicious activity, environmental hazards, ... more Sensors may fail due to various reasons such as heat, malicious activity, environmental hazards, extended use, and lack of power. As more and more sensors fail, certain desired properties such as barrier coverage will diminish and eventually fall below a desired level. In such a case, the network will have to be repaired. It is therefore desirable to have mechanisms to monitor network properties. In this paper, we are interested in measuring the quality of barrier coverage. In the literature, researchers only consider whether or not a sensor network provides barrier coverage. This is equivalent to measuring its quality as either 0 or 1. We believe quality of barrier coverage is not binary and propose a metric for measuring it. If the measured quality is short of a desired value, we further identify all local regions that need to be repaired. The identified regions are minimum in the sense that if one of them is not repaired then the resulting network will still be short of quality. We also discuss how to actually repair a region.

In this paper, we study the issue of mobility based sensor networks deployment. The distinguishin... more In this paper, we study the issue of mobility based sensor networks deployment. The distinguishing feature of our work is that the sensors in our model have limited mobilities. More specifically, the mobility in the sensors we consider is restricted to a flip, where the distance of the flip is bounded. Given an initial deployment of sensors in a field, our problem is to determine a movement plan for the sensors in order to maximize the sensor network coverage, and minimize the number of flips. We propose a minimum-cost maximum-flow based solution to this problem. We prove that our solution optimizes both the coverage and the number of flips. We also study the sensitivity of coverage and the number of flips to flip distance under different initial deployment distributions of sensors. We observe that increased flip distance achieves better coverage, and reduces the number of flips required per unit increase in coverage. However, such improvements are constrained by initial deployment distributions of sensors, due to the limitations on sensor mobility

ABSTRACT It is well-known that placing disks in the triangular lattice pat- tern is optimal for a... more ABSTRACT It is well-known that placing disks in the triangular lattice pat- tern is optimal for achieving full coverage on a plane. With the emergence of wireless sensor networks, however, it is now no longer enough to consider coverage alone when deploy- ing a wireless sensor network; connectivity must also be con- sidered. While moderate loss in coverage can be tolerated by applications of wireless sensor networks, loss in connec- tivity can be fatal. Moreover, since sensors are subject to unanticipated failures after deployment, it is not enough to have a wireless sensor network just connected, it should be k-connected (for k> 1). In this paper, we propose an op- timal deployment pattern to achieve both full coverage and 2-connectivity, and prove its optimality for all values of rc/rs, where rc is the communication radius, and rs is the sensing radius. We also prove the optimality of a previously proposed deployment pattern for achieving both full coverage and 1- connectivity, when rc/rs < √ 3. Finally, we compare the effi- ciency of some popular regular deployment patterns such as the square grid and triangular lattice, in terms of the number of sensors needed to provide coverage and connectivity.

This paper studies countermeasures to traffic analysis attacks. A common strategy for such counte... more This paper studies countermeasures to traffic analysis attacks. A common strategy for such countermeasures is link padding. We consider systems where payload traffic is padded so that packets have either constant inter-arrival times or variable inter-arrival times. The adversary applies statistical recognition techniques to detect the payload traffic rates by using statistical measures like sample mean, sample variance, or sample entropy. We evaluate quantitatively the ability of the adversary to make a correct detection and derive closed-form formulas for the detection rate based on analytical models. Extensive experiments were carried out to validate the system performance predicted by the analytical method. Based on the systematic evaluations, we develop design guidelines for the proper configuration of a system in order to minimize the detection rate.

In this paper, we propose and analyze three routing algorithms for anycast packets: i) source-des... more In this paper, we propose and analyze three routing algorithms for anycast packets: i) source-destination based routing with weighted random selection (SD/WRS), ii) destination based routing with weighted random selection (D/WRS), and iii) the shortest shortest path first (SSPF) algorithms. The SSPF algorithm is a simple extension to the traditional SPF algorithm for routing unicast packets. The SD/WRS and D/WRS algorithms explicitly take into account characteristics of anycast message traffic and its recipient group. As a result, our simulation study shows that both the SD/WRS and D/WRS algorithms perform much better than SSPF in terms of average end-to-end packet delay. In particular, SD/WRS performs very close to a dynamic optimal algorithm in most cases. Our algorithms are simple, efficient, and compatible with the most of existing routing technologies. We also formally prove the loop free and correctness properties for our algorithms.