Edward Chow

• Professor Emeritus at University of Colorado at Colorado Springs

Blockchain relies on the underlying peer-to-peer (P2P) networking to broadcast and get up-to-date on the blocks and transactions. Because of the blockchain operations’ reliance on the information provided by P2P networking, it is imperative to have high P2P connectivity for the quality of the blockchain system operations and performances. High P2P...

The distributed cryptocurrency networking is critical because the information delivered through it drives the mining consensus protocol and the rest of the operations. However, the cryptocurrency peer-to-peer (P2P) network remains vulnerable, and the existing security approaches are either ineffective or inefficient because of the permissionless re...

In a channel shared by several nodes, the scheduling algorithm is a key factor to avoiding collisions in the random access-based approach. Commonly, scheduling algorithms can be used to enhance network performance to meet certain requirements. Therefore, in this paper we propose a Delay-Aware Media Access Control (DAMAC) protocol for monitoring tim...

The introduction of WebAssembly in 2017 opened a new door for performing computation in the browser at 0.9 the speed of C/C++ code (Haas et al. ACM SIGPLAN Notices 52(6), 185–200, 2017). As browsers are the most ubiquitous software, it is now possible to build universal applications that run on every machine that has a web browser installed on it....

Underwater Acoustic Sensor Networks (UASNs) play a critical role in the remote monitoring of a wide range of time-sensitive underwater applications, such as in the oil/gas pipeline to avoid oil spills. In this type of application, the transmission of collected information to the onshore infrastructure within a period of time is critical. Despite th...

In this work, we aim to address the challenge of expanding Blockchain Technologies (BT) by implementing a somewhat homomorphic encryption scheme that not only enables computation on encrypted data but also yields a key update protocol with which one can selectively reveal consolidated data from a blockchain application. Our constructions are meant...

We propose general-purpose methods for data representation and data concealment via multivector decompositions and a small subset of functions in the three dimensional Clifford geometric algebra. We demonstrate mechanisms that can be explored for purposes from plain data manipulation to homomorphic data processing with multivectors. The wide variet...

Global navigation satellite system (GNSS) signals are vulnerable to radio frequency interference (RFI) and spoofing. RFI detection has become trivial with many detection algorithms available and built into GNSS receivers; this is not the case with spoofing. GNSS spoofing can involve generating false GNSS signals with one or more altered components...

Since communications in the Underwater Wireless Sensor Networks (UWSNs) have limited resources and capabilities, designing an efficient and reliable Media Access Control (MAC) protocol for UWSNs faces many challenges. UWSNs have limited bandwidth, power, memory, long propagation delay, high Bit Error Rate (BER), and unreliable communication. Curren...

While mobile applications are increasing in use and complexity, the computational constraints on mobile devices remain as the bottleneck for serving computation-intensive mobile applications. Mobile edge computing (MEC) provides a computing paradigm to serve the computational demands of such mobile applications by offloading the mobile devices' com...

Data encoding is widely used for a variety of reasons. Encoding schemes in general serve to convert one form of data to another in order to enhance the efficiency of data storage, transmission, computation and privacy, to name just a few. When it comes to privacy, data may be encoded to hide its meaning from direct access or encrypted to attain a c...

Communication in the underwater wireless sensor networks (UWSNs) faces many challenges due to the acoustic wave characteristics. Acoustic wave has very limited bandwidth, long propagation delay, high bit error rate (BER), and unreliable communication compared to the radio wave. Therefore, media access control (MAC) protocols proposed in terrestrial...

Global Positioning System (GPS) data is vulnerable to radio frequency interference (RFI), spoofing, and cyber‐attacks. We can defend against these types of attacks by having alternate sources of positioning, navigation, and timing information. However, delays in detection can result in cascading, negative consequences to users. This is especially t...

The U.S Government has been the target for cyberattacks from all over the world. Just recently, former President Obama accused the Russian government of the leaking emails to Wikileaks and declared that the U.S. might be forced to respond. While Russia denied involvement, it is clear that the U.S. has to take some defensive measures to protect its...

The U.S Government has been the target for cyber-attacks from all over the world. Just recently, former President Obama accused the Russian government of the leaking emails to Wikileaks and declared that the U.S. might be forced to respond. While Russia denied involvement, it is clear that the U.S. has to take some defensive measures to protect its...

In recent years, traditional cybersecurity safeguards have proven ineffective against insider threats. Famous cases of sensitive information leaks caused by insiders, including the WikiLeaks release of diplomatic cables and the Edward Snowden incident, have greatly harmed the U.S. government's relationship with other governments and with its own ci...

Concerns about the American drinking water infrastructure prompted the U.S. Department of Homeland Security to revisit the Risk Analysis and Management for Critical Asset Protection (RAMCAP) methodology. The Drinking Water Resilience Project undertaken by the U.S. Department of Homeland Security sought to evaluate RAMCAP for prioritizing risk to wa...

The virtualization of cloud network requires flexible and effective techniques to accommodate the rapid changes in the network configurations and updates. OpenFlow protocol has attracted attentions for cloud networks since it facilitates managing and sharing the network resources, and it can be utilized to create an overlay abstraction on top of th...

The search for a uniform risk analysis approach for critical infrastructures has prompted a reexamination of the Risk Analysis and Management for Critical Asset Protection (RAMCAP) methodology to see if it can accommodate emerging threats from climate change, aging infrastructure and cyber attacks. This chapter examines the challenges involved in t...

Cloud computing is a relatively new paradigm that provides increased flexibility and resiliency in information technology service delivery. The inherent elasticity and cost savings in public cloud computing have attracted many in the private and ever-cautious public sectors. Presuming the construct of a hybrid cloud offering composed of a combined...

A 2010 study by the National Research Council determined that the U.S. Department of Homeland Security (DHS) lacks adequate risk measures to guide strategic investment decisions for protecting the critical infrastructure. Current threat-driven approaches are hampered by a dearth of historical data that could support robust statistical analysis. Thi...

This paper describes an asset vulnerability model decision support tool (AVM-DST) that is designed to guide strategic investments in critical infrastructure protection. AVM-DST is predicated on previous research on an alternative risk methodology for assessing the current infrastructure protection status, evaluating future protective improvement me...

In this paper we propose N-Cloud scheme which improves performance, availability, and confidentiality in cloud storage. N-Cloud provides availability by dividing/splitting a file into many chunks, and replicating in a non-overlapping manner these chunks into many cloud storages, based on security and reliability consideration. In this scheme, the c...

In this paper the use of a Hybrid Wireless Mesh Network (HWMN) technologies for the smart grid of Advanced Metering Infrastructure (AMI), which enables the collecting of meter data in real-time, was proposed and analyzed. A Google Maps mashup was developed to read the real GIS data from a local utility company and display the locations of the meter...

The paper presents two systems called PATS and SAP that when integrated realize Sensor Web Enablement (SWE) of spatially distributed mobile sensors. The Personal Alert and Tracking System (PATS) consists of a networked collection of custom-designed low-power wireless nodes, arranged in ad-hoc network topologies, to provide tracking for wild land fi...

Today's advanced network management systems can automate many aspects of the tactical networking operations within a military domain. However, automation of joint and coalition tactical networking across multiple domains remains challenging. Due to potentially conflicting goals and priorities, human agreement is often required before implementation...

We will describe a dynamic federated autonomic networking system for the testing of netcentric systems across organizations. Using a suite of policy-based management software tools, our system can provide netcentric missions with self-configuring, self-debugging, self-healing, and self-protecting capabilities across end-to-end coalition networks. T...

In this paper we propose a new asymmetric IPsec scheme to enhance the security of data at the remote end, while simultaneously improving the overall performance. The idea is to apply IPsec encryption/decryption in a segmented manner on the iSCSI traffic, such that the user data remains encrypted after leaving the sender, and is decrypted only when...

This paper presents a HMAC based Temper Evident Encryption (HTEE) technique for providing confidentiality and integrity of numeric data in a database environment through an encryption scheme based on the keyed Hash Message Authentication Code (HMAC) function. The encryption scheme implemented in this project extends and improves an existing HMAC ba...

The increasing network attacks reveal one of the fundamental security problems of today's Internet. Many Internet services, such as DNS and routing protocols, were not originally designed with security as one of the basic requirements. It is difficult to modify the existing protocols or network architecture without significant work. At the same tim...

Real-Time Services (RTS) will rely on distributed capabilities to enable end-to-end management of IP based voice and video services across multiple domains. Policy Based Enterprise Management (PBEM) will be a key RTS enabler by coordinating and automating management processes among domains. This will facilitate effective distributed management of R...

The Department of Defense (DoD) global information grid (GIG) is a globally networked information infrastructure comprised of heterogeneous information transport networks, computing/data centers, enterprise services and applications, as well as end-user systems and devices. The net-centric operations (NetOps) mission areas span the operation and de...

Multipath connection, which utilizes the multiple paths between network hosts in parallel, has been used to improve the network performance, security and reliability. Path selection is a critical decision in a multipath connection network. Different selection results in significantly different result. In this paper, we present several heuristic alg...

There is a growing demand for provisioning of different levels of quality of service (QoS) on scalable Web servers to meet changing resource availability and to satisfy different client requirements. In this paper, we investigate the problem of providing proportional QoS differentiation with respect to response time on Web servers. We first present...

In this paper, we introduce a new fine-grain distributed information protection mechanism which can self-protect, self-discover, self-organize, and self-manage. In our approach, we decompose data into smaller pieces and provide individualized protection. We also provide a policy control mechanism to allow "smart" access control and context based re...

Slowdown, defined as the ratio of a request's queueing delay to its service time, is accepted as an important quality of service metric of Internet servers. In this paper, we investigate the problem of providing proportional slowdown differentiation (PSD) services to various applications and clients on cluster-based Internet servers. We extend a cl...

ó In this paper, we explore the issues involved with the design and rapid deployment of large scale secure information sharing (SIS) systems for coordination involved with multiple agencies. Procedures and tools were developed for setting up quickly the public key infrastructure (PKI) and privilege man- agement infrastructure (PMI) for the multi-ag...

Slowdown, defined as the ratio of a request’s queueing delay to its service time, is accepted as an important quality of service metric of Internet servers. In this paper, we investigate the problem of providing proportional slowdown differentiation (PSD) services to various applications and clients on cluster-based Internet servers. We extend a cl...

In this paper, we present the design and implementation of the enhanced secure dynamic DNS update with indirect route (the IR DNS update). The existing DNS update may experience serious performance problem when the normal Internet route is unstable or unavailable due to DDoS attacks. By setting up indirect route via a set of proxy servers from the...

A secure MANET system, called SMANET, was developed that accepts only those packets whose MAC addresses are in the Linux iptable firewall rules. Detailed iptable set up and the performance of the firewall are presented. SMANET is integrated with a simple intrusion alert system based on TCP DUMP utility.

There is a growing demand for provisioning of different levels of quality of service (QoS) on scalable Web servers to meet changing resource availability and satisfy different client requirements. The proportional differentiation model is getting momentum because of its fairness and differentiation predictability. It states that QoS of different tr...

In this paper, we present the design and implementation of a secure groupware for first responders, called SGFR, that is capable of secure group chat, remote file download and remote display control. It integrated Jabber instant messaging system and Keystone group rekeying system. Users are authenticated through the use of digital certificates. Gro...

In this paper, we present the design and implementation of the secure collective defense (SCOLD) system against distributed denial of service (DDoS) attacks. The key idea of SCOLD is to follow the intrusion tolerance paradigm and provide alternate routes via a set of proxy servers and alternate gateways when the normal route is unavailable or unsta...

This paper discusses the challenges and security issues inherent in building complex cross-organizational hierarchy and inter-organizational federation, the Secured Advanced Federated Environment (SAFE) is laying the foundation for a collaborative virtual infrastructure for the NASA community. A key element of SAFE is the Micro Security Domain (MSD...

The biggest users of GRID technologies came from the science and technology communities. These consist of government, industry and academia (national and international). The NASA GRID is moving into a higher technology readiness level (TRL) today; and as a joint effort among these leaders within government, academia, and industry, the NASA GRID pla...

In this paper we discuss the problems encountered in the development of a Linux LVS-based content switch and present their solutions. A pre-allocate server scheme is proposed to improve the TCP delayed binding bottleneck, and performance of its implementation is presented. The content switch rule syntax is extended to allow the extraction of specif...

In this paper, we present an algorithm for available bandwidth measurement of a path between two hosts as well as some preliminary simulation results. The measurement algorithm is based on active probing with two techniques we have developed: variable speed probing and zoom-in/zoomout. Compared with previous work, the algorithm has the advantage of...

The goal of this paper is to predict the traffic that future space missions will place on NASA's Deep Space Network (DSN) ground communications facility. There are strict requirements on the links that connect deep space stations with NASA's Jet Propulsion Laboratory (JPL), and increasing the capacity of these links requires significant lead time....

In this paper we showhow it might be possible to adapt asynchronous transfer mode technology to satellite links. Asynchronous transfer mode is a high-speed protocol designed with optic fiber as the intended transmission media. Several problems arise when satellite channels are used. We propose to move the error recovery and detection from one layer...

The goal of this report is to suggest a future architecture of the Ground Communications Facility and access network to the Deep Space Network. The proposal is to replace the current leased satellite links and private Nascom cicruits with a public high speed, multimedia network running commercial protocols. This will have the advantage of being mor...

Asynchronous Transfer Mode (ATM) has been designed with low loss, low delay optic fiber as the transmission medium. However there are many applications which will require mobile and satellite communications. Many problems arise due to the high and bursty error rate of atmospheric channels. Furthermore some of the applications may be critical and to...

Content switch can be configured as load balancer, firewall, spam mail filter, and virus detection and removal system, by specifying a set of rules. In this paper we present our content switch rule design for a Linux-based content switch, and show how they are translated and downloaded into the switch for packet processing. One common problem in sp...

We believe that the next evolutionary step in supporting wide-area application and services delivery to customers is a network framework that provides for collocation of applications and services at distinct sites in the network, an interconnection between these sites that is performance optimized for these applications, and value-added services fo...

To evaluate the web system performance, a simulation-based design system, called NetLobars was built with Java 1.2 based GUI for specifying network topology, web system configuration, and client request patterns. It simulates the shortest path dynamic routing among web servers and clients. Using the discrete event simulation, the system provides de...

This paper presents the study, design and implementation of a firewall, in particular a major component of a firewall: the dynamic packet filter. A packet filter may be static or dynamic. A dynamic packet filter checks, on the fly, the outgoing IP packets from a computer and then allows incoming packets to get through the packet filter if the packe...

In this paper we present the design and implementation of a user traffic modeling and simulation tool for wireless network design. It has a graphical user interface for displaying the cell layout, user traversing patterns, the current power and cell site assignments. For each simulation step, it generates an output file of the current location of t...

This paper addresses the problem of allocating resources to set up multimedia multipoint connections, while efficiently using network resources, in a network that includes signal converters to resolve the heterogeneity of customer/network equipments and information mixers for conference services. Specifically, given a connection request and a physi...

Four distributed link restoration algorithms are analysed in detail using a set of important performance metrics and functional characteristics. The functional characteristics are used to explain how these algorithms function and provide insight into their performance. The analysis and simulation results indicate that the two prong link restoration...

This article addresses the problems of specifying complex multimedia multiparty connections and allocating resources to set up multimedia multipoint connections while efficiently using network resources in a network that includes signal converters to resolve the heterogeneity of customer/network equipment and information mixers for conference servi...

Six distributed network restoration algorithms are analyzed using a set of important performance metrics and functional characteristics. The functional characteristics are used to explain how these algorithms function and provide insight into their performance. The analysis and simulation results indicate that the two prong network restoration algo...

Driven by fiber/switching technologies and user service demands, the public telecommunications network has been evolving towards the universal Broadband ISDN (BISDN). The Asynchronous Transfer Mode (ATM) is an attractive communication transport technique for carrying future broadband services with a broad spectrum of different traffic characteristi...

Commercial telecommunications networks have tight real-time requirements for restoration after a failure. The problem of finding the available restoration paths and reassigning the interrupted traffic within such tight real-time requirements places difficult demands on the restoration protocol employed. This paper reviews several distributed networ...

The authors present a fast distributed network restoration algorithm for restoring disrupted traffic in a digital cross-connect system (DCS) based fiber network due to fiber span cut. The proposed algorithm is based on a two-prong approach where both disrupted ends simultaneously send out restore messages as opposed to the conventional approaches w...

In this paper we present the load balancing results of a web server clusters where the server load reporting of Apache web servers are improved by accurately computing the remaining document size to be transmitted and dynamically estimating document retrieving and transmission speed. The performance of the web server cluster is significantly improv...

Summary In this paper, we present a mathematical model that describes the problem of parallel download from multiple mirror sites. Based on the model, we present algorithms for selecting the best subset of mirror sites for parallel download. The versions of brutal force algorithms and genetic algorithms are implemented. Performance of these algorit...

In this paper we present the design of a Linux-based content switch, discuss ways for improving the TCP delay binding and the lessons learnt from the implementation of the content switch. A content switch routes packets based on their headers in the upper layer protocols and the payload content. We discuss the processing overhead and the content sw...

In this paper we present the design of a Linux-based content switch, propose a pre-allocate server scheme improving the TCP delay binding, discuss the lessons learnt from the implementation of the content switch, and suggest system components/modules for high speed content switch processing. A content switch routes packets based on their headers in...

Many futurists would agree that, had it not been for compact modalities, the refinement of the Ethernet might never have occurred. Given the current status of probabilistic models, biologists particularly desire the evaluation of expert sys-tems, which embodies the key principles of elec-trical engineering. Though it is often an un-proven aim, it g...

In 1999, a NASA-wide team initially set out to create a collaborative environment to enable NASA's scientists and engineers to share information and tools across NASA locations and with world-wide partners. This paper describes the team's development process and solutions in resolving conflicting security issues of building a complex intrdinter-ent...