International Journal of Networking and Computing Current issue

Preface: Special issue on the Eleventh International Symposium on Networking and Computing

The Eleventh International Symposium on Networking and Computing (CANDAR 2023) was held from November 28th to December 1st, 2023. The organizers of CANDAR 2023 invited authors to submit extended versions of the papers presented at the symposium. Out of these submissions, eight papers have been accepted and are included in this issue as extended versions. This issue owes its success to the dedicated efforts and expertise of numerous individuals who generously contributed their time and knowledge in handling the submitted papers. We extend our heartfelt gratitude to the guest editors for their exceptional work in conducting the review process. Special thanks go to: Professor Shoichi Hirasawa, Professor Junya Nakamura, Professor Toru Nakanishi, Professor Yasuyuki Nogami, Professor Tomoyuki Ohta, Professor Hiroyuki Sato, Professor Takashi Yokota. Their valuable contributions ensured the quality and rigor of the review process, making this issue possible. We would also like to express our sincere appreciation to the anonymous reviewers who diligently reviewed the papers and provided insightful comments and suggestions to enhance the quality of the submissions. Their thorough and thoughtful evaluation played a vital role in shaping the content of this special issue. We are truly grateful for their invaluable contributions, as this issue would not have been possible without their dedicated efforts. In conclusion, we are immensely grateful for the collective efforts of all individuals involved in making this special issue a reality. From the organizers, guest editors, and anonymous reviewers, each person has contributed significantly. Their dedication and support have enabled us to present this collection of extended papers, showcasing advancements in networking and computing. We hope this issue inspires further innovation in the field and serves as a valuable resource for researchers and practitioners.

A Light-weight Random Number Generation for Tamper-resistant AES Circuit

Various countermeasures have been proposed to reduce the characteristics that leak cryptographic keys from side-channel information such as power consumption and electromagnetic radiation. However, in the case of cryptographic processing with dedicated circuits, introducing high-quality random number generators lead to an increase in area cost of circuit implementation. Focusing on the parallel S-box implementation of AES, this paper proposes a novel circuit design that achieves improved tamper resistance while mitigating the increase in circuit area by reusing the existent S-boxes temporally and spatially.

A Multi-Head Federated Continual Learning Approach for Improved Flexibility and Robustness in Edge Environments

In the rapidly evolving field of machine learning, the adoption of traditional approaches often encounters limitations, such as increased computational costs and the challenge of catastrophic forgetting, particularly when models undergo retraining with new datasets. This issue is especially pronounced in environments that require the ability to swiftly adapt to changing data landscapes. Continual learning emerges as a pivotal solution to these challenges, empowering models to assimilate new information while preserving the knowledge acquired from previous learning phases. Despite its benefits, the continual learning process's inherent need to retain prior knowledge introduces a potential risk for information leakage. Addressing these challenges, we propose a Federated Continual Learning (FCL) framework with a multi-head neural network model. This approach blends the privacy-preserving capabilities of Federated Learning (FL) with the adaptability of continual learning, ensuring both data privacy and continuous learning in edge computing environments. Moreover, this framework enhances our approach to adversarial training, as the constant influx of diverse and complex training data allows the model to improve its understanding and adaptability, thereby strengthening its defenses against adversarial threats. Our system features a architecture with dedicated fully-connected layers for each task, ensuring that unique features pertinent to each task are accurately captured and preserved over the model's lifetime. Data undergoes processing through these task-specific layers before a final label is determined, based on the highest prediction value. This method exploits the model's full range of knowledge, significantly boosting prediction accuracy. We have conducted thorough evaluations of our FCL framework on two benchmark datasets, MNIST and CIFAR-10, with the results clearly validating the effectiveness of our approach.

Advanced Implementation of DNN Translator using ResNet9 for Edge Devices

Resource limitations remain challenging in designing and implementing Deep Neural Networks (DNNs) on edge devices. The high complexity of DNN architectures and the development of these models using hardware languages require high-level verification to ensure they run on specific edge devices such as FPGA (Field Programmable Gate Array). To address these issues, the DNN translator was developed and performed well in the basic models such as MLP (Multi-layer Perceptron) and LeNet5. The DNN translator generates the DNN models and their parameters for performing the High-Level Synthesis or HLS technology in C++. In this study, we applied ResNet as a DNN model with more complex architecture from the CNNs (Convolutional Neural Networks) family. As a result, the generated C++ files for the ResNet9 and its weights successfully underwent synthesis and implementation on FPGA (Arty A7-100) using Vitis HLS.

Method for Detecting DoH Communications from Non-Encrypted Information at a Middlebox

DNS over HTTPS (DoH) enhances user privacy by encrypting DNS communications over HTTPS instead of plaintext. When all DNS messages are sent in plaintext, DNS queries can be examined and domain filtering applied if the queried domain name is identified as a phishing site or other such undesirable site. However, if DNS messages are encrypted over HTTPS, it can create many problems for network administrators. This paper proposes a method for detecting DoH communications from only non-encrypted information on a middlebox between user and resolvers by exploiting the fact that users always send a DNS query before they access a new domain. The middlebox can also identify the destination of the detected DoH traffic so that network administrators can recommend users to send DNS messages to a local DoH resolver with domain filtering instead of sending them to an open DoH resolver. In experiments to detect DoH communications during real communication from a web browser we achieved detection accuracy rates reaching 100% under certain parameters when the number of access IP addresses exceeded 350. To confirm the accuracy and generalizability of our experiments, the proposed method was also applied to captured HTTPS traffic data involving different web browsers and different DoH resolvers with an almost identical level of detection accuracy.

ELiPS-based Ciphertext-Policy Attribute-Based Encryption

Ciphertext-Policy Attribute-Based Encryption (CP-ABE) as an advanced cryptographic method keeps data safe in places like cloud storage and the Internet of Things using pairing-based cryptography. However, it relies on an outdated pairing-based cryptography (PBC) library, making it vulnerable to various attacks. Moreover, it does not meet today’s demand for top-level security. Besides, the Efficient Library for Pairing Systems (ELiPS) offers efficient operations related to pairing-based cryptography, delivering high performance while upholding a substantial security standard. To deal with the shortcomings of CP-ABE, we adopt and implement the ELiPS as an efficient library for pairing systems into the CP-ABE framework, namely ELiPSbased CP-ABE. However, CP-ABE requires symmetric pairing, while ELiPS offers asymmetric pairing. To bridge this gap, our approach involves generating a generator g to transform asymmetric to symmetric pairing using Shirase’s method, enabling compatibility between ELiPS and CP-ABE. Subsequently, we make several modifications to the CP-ABE framework and choose the appropriate ELiPS functions for integration. Finally, we validate our proposal through experiments involving data access authorization scenarios. Comparing with PBC-based CPABE, our ELiPS-based solution demonstrates reduced computational costs across most functions, except decryption. Additionally, our ELiPS-based CP-ABE performs comparably to the competitive MCL library, showcasing its efficiency and effectiveness in modern cryptographic applications.

eSilo: Making Silo Secure with SGX

In the cloud computing environment, it is not easy to prove that an adversary with administrator privileges does not attack database systems. To address this issue, EnclaveDB is proposed, which applies an enclave to the database. Its logging mechanism runs sequentially and does not introduce a parallel scheme to exploit modern storage devices with parallel I/O. In this paper, we propose eSilo, which is the Silo transaction processing system with an enclave. The eSilo ensures the confidentiality of sensitive records and procedures by storing, processing, encrypting, and exporting logs inside the enclave provided by Intel SGX. Since standard C/C++ libraries are not supported by SGX, we implemented the eSilo system by replacing the alternative library included in the SGX SDK provided by Intel. We implemented the core of eSilo, extending the CCBench Silo system by adding a logging module. In the experiment with YCSB-A workload, eSilo peaked at 2.30 M tps throughput with sixty worker threads and four logger threads. Our eSilo demonstrated 9.35% performance improvement over the vanilla Silo, thanks to the superior performance of the SGX dedicated library.

A Blockchain-based Approach with zk-SNARKs for Secure Email Applications

Email serves as the primary mode of communication in today’s interconnected digital world, encompassing business, education, and interpersonal relationships. However, email’s reliance on shared media makes it susceptible to interception and misuse of confidential data. Pretty Good Privacy (PGP) protects the privacy of email contents to address this problem. While PGP offers encryption, its key sharing has weaknesses. Blockchain technology is characterized by its immutability feature. Once information is stored in the blockchain, altering it becomes extremely difficult. This characteristic serves as a valuable defense against weaknesses in the PGP key sharing system. Furthermore, the implementation of smart contracts eliminates the need for a Man-in-the-Middle when sharing keys, thereby improving the security of key sharing and fostering trust among individuals. Blockchain and smart contracts improve security, but privacy remains a concern. To further bolster privacy protection, in this paper we propose the integration of Zero-Knowledge Succinct Non-Interactive Argument of Knowledge (zk-SNARKs) and blockchain into PGP key sharing mechanism. zk-SNARKs enable efficient verification of encrypted data without revealing sensitive information, thus preventing exposure of user privacy. Additionally, we employ Elliptic Curve Cryptography (ECC) in order to guarantee the confidentiality of the PGP key. Through this holistic integration, the security of the PGP key is enhanced, ensuring both confidentiality and integrity while safeguarding user privacy. Furthermore, gas consumption and transaction costs were evaluated with and without zk-SNARKs. The results demonstrate that the proposed mechanism minimizes gas consumption and transaction costs.

An asynchronous P system with branch and bound for the minimum Steiner tree

Membrane computing, also known as a P system, is a computational model inspired by the activity of living cells. P systems work in a polynomial number of steps, and several have been proposed for solving computationally hard problems. However, most of the proposed algorithms use an exponential number of membranes, and reduction in the number of membranes must be considered in order to make a P system a more realistic model. In the present paper, we propose an asynchronous P system using branch and bound to solve the minimum Steiner tree problem. The proposed P system solves for the minimum Steiner tree with n vertices and m edges in O(n^2) parallel steps or O(2^mn^2) sequential steps. We evaluate the number of membranes used in the proposed P system through experimental simulations. Our experimental results show the validity and efficiency of the proposed P system.