Extending the Quality of Secure Service Model to Multi-Hop Networks

Round 1

Reviewer 1 Report

1. The references in this paper have been published long time ago. The authors should update the related works that have published recenlty three years. 2. The main contribution of this paper should be summarized/highlighted more clearly. 3. The authors should compare performance of the proposed method with the existing ones to show more clearly the advantages of the proposed method. 4. Why the authors only considered single source-destination channel? 5. Can the proposed method be used to optimize the system performance, in presence of multi-path, multi-channel, multiple source-destination pairs? 6. Please delete the white page (the last page)? 7. There are some typos in this paper which need to be corrected.

Author Response

We want to extend a sincere thanks to you for reviewing our manuscript and providing thoughtful feedback. With that, we will address your comments in order:

1. We have attempted to find relevant research published within the last three years, and we have included all that logically fit into the discussion.
2. Based on your feedback, we have gone through and thoroughly edited the introduction section to clearly state what the contributions of this paper are. We also attempted to improve the readability of the introduction.
3. We recognize that we do not provide clear comparison to existing metrics or show clear advantages, but we propose that it is because there are no known methods of quantifying security metrics. As such, we attempt to detail our research as clearly and as thoroughly as possible. We have also attempted to map out future research, to make it clear that there is still significant research and development needed.
4. Based on your feedback, we have added some detail comparing the QoSS model and MIMO architectures. Specifically, there are some similarities between the proposed QoSS model and MIMO architectures, however the primary purpose is considerably different. Within the QoSS model, the intent is to fragment data and spread it across multiple communication channels to increase the security of the transmissions, whereas MIMO exploits multi-path propagation within the physical media of RF spectrum to enhance the performance of a single data signal.  Additionally, MIMO and OFDM encoding define physical and data link layer characteristics.  The QoSS model resides at a higher layer of the networking stack (somewhere between the session layer and the transport layer) and utilizes any possible physical medium for connectivity to fragment and spread the data across the multiple connections. The QoSS model, theoretically, may use TCP, UDP, RS-485, or any other physical or data link layer connections for it’s channels.
5. We have not explored the possibility of optimizing the QoSS model for MIMO systems. As stated previously, the QoSS model resides at a higher layer of the networking stack, and so one of the channels within a multi-channel network could feasibly be a wireless connection exploiting performance benefits of multi-path propagation in combination of the security benefits of fragmenting data across a QoSS modeled network.
6. The inclusion of a blank page at the end of the document appears to have been caused by an error within the LaTex template control codes. We have corrected this mistake.
7. We have thoroughly reviewed the manuscript in an attempt to find any typographical errors. We have made numerous grammatical edits, and have edited several sections to make them more readable. We sincerely hope that these edits addressed your concerns.

Reviewer 2 Report

The paper mostly review QoS metrics focusing on cybersecurity, and it has substantial overlap with a paper that the same authors published previously.

I have two technical comments:

1) The parameter n in the demominator of the two central formulas is undefined as far as I can tell - What is it?

2) The formula for cascade reliability of independent components actually does not apply to the problem at hand. Indeed, if some component has compromised the data at node x, the operation of nodes that are downstream may also have been compromised. This is similar in principle to that fact that the overall packet loss rate of a cascade of routers is not the product of the loss rates at successive tandem routers, although in the case of security the dependencies may be even more subtle than the computation of loss rates.

Author Response

We want to extend a sincere thanks to you for reviewing our manuscript and providing thoughtful feedback. With that, we will address your comments in order:

1. We have edited the section where we discuss Equations 1 and 2 and have provided a more thorough description of those equations. We have also included a description of the variable n, the number of channels between the transmitter and the receiver, and how it relates to the QoSS metrics.
2. Your feedback regarding cascaded reliability caused us to take a step back and consider the ramifications. If we understand correctly, we think you are questioning the fact that once compromised, further compromises or intrusions are irrelevant. Or, in your example of routers: once a packet is lost, that packet cannot be lost again in a downstream router. We agree with this up to a point; however, we would argue that if that were the case, we would therefore be creating a bound on the reliability. It is probably a lower bound, such that simultaneous compromises would register twice, but only really be applicable once. That is also assuming that there is only one listener on the wire, and not multiple independent listeners. This level of detail is certainly worthy of more analysis, but for the baseline model, we feel it may be beyond the scope of this manuscript.

Reviewer 3 Report

Authors have used 'network' and 'networks' intermittently. Please use any one of these uniformly. 

One of the Equations in the related work section should also be numbered.

Is eqn. 2 self derived or adopted from existing literature. If adopted, little background is required. If self-derived, detailed analytics is required.

 

Authors have considered multi-hops. But up to how many hops is the signal quality maintained, must also be discussed. 

section 3.3 is not clear and doesn't attract readability. Must be supported by analytics.

section 4.5 must support some evaluation graphs, if eligible.

 

Author Response

We want to extend a sincere thanks to you for reviewing our manuscript and providing thoughtful feedback. With that, we will address your comments in order:

1. We have reviewed the text and have incorporated “network” instead of “networks” where it is grammatically appropriate. In a few cases where we are speaking generally, the use of “networks” refers to the collection of many individual transmitter/receiver pairs. In other instances, we edited the text to be more precise.
2. In an effort to be concise, we did not number all the equations. However, based on your feedback, we have numbered the first two equations in Section 2 to ensure clarity. We have also provided a more thorough description of Equations 1 and 2.
3. Again, based on your feedback, we realized that our description of Equation 2 was lacking. We have provided more detail. We have also included a description of the variable n, the number of channels between the transmitter and the receiver, and how it fits with the QoSS metrics.
4. The architecture that we propose is similar to most current communication architectures in that the message packets are reformed and retransmitted at each hop. Therefore, signal degradation is only a concern on a per-hop basis. We have added this clarification to the description of the multi-hop architecture.
5. Based on your feedback, we have gone through and thoroughly edited Section 3.3 to clarify the use of data fragmentation and duplication, and how those impact the averaging of metrics (weighted or otherwise) when facing parallel channels. Upon review, we realized that we had several ideas clumped together, causing the section to be difficult to understand.
6. Based on your feedback, we have gone through and thoroughly edited Section 4.5 to clearly state the effect of assumptions on the model and their implications. We also highlighted how this model will lead to understanding temporal / dynamic performance, as well as pointing to the need for a simulation environment (it is under development!). This was another section where we were attempting to convey too many ideas and using too many words, thus causing the section to be very difficult to read and understand.

Round 2

Reviewer 1 Report

The Reviewer have no further comment. This paper can be accepted for the publication.

Author Response

The authors thank Reviewer 1 for taking the time to read and consider this version of the paper. Thank you very much!

Reviewer 2 Report

Unfortunately, the authors do not realise that they need to carry out a serious literature survey before claiming that they are making a novel technical contribution to a topic that has been studied for some fifteen years, with many publications in the literature. This is a serious issue that the authors do not seem to have considered as they launched on writing a paper. To get them started in their literature review, I will provide them with three pointers:

A self-aware approach to denial of service defence

E Gelenbe, G Loukas, Computer Networks 51 (5), 1299-1314, 2007.

Self-Aware Networks that Optimize Security, QoS and Energy

E Gelenbe, J Domanska, P Frohlich, M Nowak, S Nowak Proceedings of the IEEE 108 (7), 1150-1167, 2020.   Time Dependent Diffusion Model for Security Driven Software Defined Networks   T. Czachórski, E. Gelenbe, G. S. Kuaban, D. Marek, Proceedings of the Second International Workshop on Stochastic Modeling and Applied Research of Technology (SMARTY 2020), CEUR-WS, Petrozavodsk, Russia, pp. 16-20, 2020.

Author Response

The authors thank Reviewer 2 for taking the time to read and consider this version of the paper.  The only comment from Reviewer 2 was that a “serious literature survey” was not carried out.  We disagree with that assertion, and respectfully suggest that the primary contribution of this paper is not in the direction of the suggested references.

For this research, we have performed – and continue to regularly perform – a literature review of any work that is reasonably related to this focus area. An exhaustive search is admittedly a very subjective thing, largely driven by the search terms and key words that the research is based upon. While it is true that we did not find or include these three specific articles, it is because these three specific articles are somewhat tangential and out of scope from the theoretical model that we are attempting to develop. Recall that the contribution of our current effort is an extension of the QoSS model to a multi-hop system. It is primarily focused on metrics to measure the security features of a multi-channel approach to sending fragmented data, rather than the availability aspects of multi-channel systems.  We do not question the validity or quality of the suggested articles in their respective areas, but do not consider them specifically applicable in this context. We will address each article individually:

In “A self-aware approach to denial of service defense”, the authors describe an intelligent form of Software Defined Networking (SDN) to defend against DDoS attacks. DDoS attacks represent one of several viable classes of malicious attacks on communication systems. Our theoretical QoSS model attempts to quantify the probability that any data injection (spoofing) attack or suppression (DDoS) attack occurs at one or more of several possible links or channels, and address that from a security perspective, more so than from the availability perspective. Therefore, in this instance, the referenced article is one proposed solution to an attack that is being abstracted into the larger QoSS model. As such, this article, while related, is tangential and distracting to the larger conceptual model.

In “Self-Aware Networks that Optimize Security, QoS and Energy”, the focus is on harnessing AI to create a smart SDN that optimizes energy consumption and quality of service constraints. While laudable, this article attempts to solve specific problems within communication networks that are separate from the security concerns we are addressing. From our perspective, the self-aware SDN is a technique that may be useful in deciding, within the multi-channel / multi-hop architecture, which path or paths to use. This approach could certainly be integrated with the QoSS model in a co-optimization approach.  Simulating the SDN within the bounds of a multi-channel / multi-hop architecture would provide interesting discussion about network selection and optimization. However, in this context, the work is  tangential and distracting from the development of the QoSS model extension to multi-hop.

In “Time Dependent Diffusion Model for Security Driven Software Defined Networks”, the concept of time-dependent transients and their effect on system performance within SDNs is discussed. While the authors’ model is closer to the level of abstraction in the QoSS model, the focus is on the routing within an SDN, with a consideration given to time-dependent behaviors. We acknowledge that this paper may be useful to detail node-to-node interactions when we attempt to address the QoSS model with time-varying network and adversarial characteristics, a subject of a future publication. In our current model, we are presenting a static snap-shot in time, therefore the concept of time-dependent data flows is outside the scope of our current research.

We are grateful to the reviewer for highlighting works that may be useful in the next phases of development of this work, and will consider them and other related work in conjunction with that effort.