IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS, VOL. 30, NO.

4, APRIL 2019 789

An Overflow Problem in Network Coding

for Secure Cloud Storage
Yu-Jia Chen , Member, IEEE and Li-Chun Wang , Fellow, IEEE

Abstract—In this paper, we present the overflow problem of a network coding storage system (NCSS) when the encoding parameters
and the storage parameters are mismatched. The overflow problem of the NCSS occurs because the network-coded encryption
yields extended coded data, resulting in high storage and processing overhead. To avoid the overflow problem, we propose an
overflow-avoidance NCSS scheme that takes account of security and storage requirements in both encoding and storage procedures.
We provide the analytical results of the maximum allowable stored encoded data under the perfect secrecy criterion. The design
guidelines to achieve high coding efficiency with the lowest storage cost are also presented.

Index Terms—Cloud storage, network coding, data security

1 INTRODUCTION

N ETWORK coding is attractive for its capability of achiev-

ing the unconditional security. In principle, network
coding simply mixes data from different network nodes
based on the well-designed linear combination rules. As
long as partial network-coded data are protected, an eaves-
dropper cannot decode the entire plaintext even with infi-
nite computing power and time [1]. Another advantage of
network coding is that no bandwidth expansion occurs
compared to the cryptographic approaches.
In recent years, network coding is introduced to enhance
the security of cloud storage in which customers outsource
their data to multiple clouds [2]. Though offering many
advantages, cloud storage inevitably poses security threats
on the outsourced data. In [3], the problem of checking the
integrity of network coded data in a secure cloud storage
system was investigated. In [4], it was shown that network
coding can be used to prevent eavesdropping in distributed
cloud storage. However, from the aspect of implementa-
tion, the performance issues of network coding for secure
cloud storage remains open. This motivates us to explore
how to practically and cost-effectively store coded data in
multiple clouds.
Fig. 1 illustrates a secure cloud storage scenario consid-
ered in this paper. A network coding storage system con-
sists of the following three procedures: splitting, encoding,
and distributing. In this figure, an original file is split into
smaller chunks of symbols. These symbols are encoded by
Vandermonde matrix [5] and then stored to different cloud
databases. With network coding protection, a legitimate
 The authors are with the National Chiao Tung University, Hsinchu, Taiwan
300, R.O.C. E-mail: allan920693@g2.nctu.edu.tw, lichun@cc.nctu.edu.tw.
Manuscript received 16 July 2017; revised 5 Sept. 2018; accepted 13 Sept.
2018. Date of publication 17 Sept. 2018; date of current version 13 Mar. 2019.
(Corresponding author: Li-Chun Wang.)
Recommended for acceptance by M. Smith.
For information on obtaining reprints of this article, please send e-mail to:
reprints@ieee.org, and reference the Digital Object Identifier below.
Digital Object Identifier no. 10.1109/TPDS.2018.2870890
1045-9219 ß 2018 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.
See ht_tp://www.ieee.org/publications_standards/publications/rights/index.html for more information.
user can recover the entire original file, but an eavesdrop-
per in only one cloud database cannot decode the original
symbols [4].
When encoding parameters (such as the size of encoding
matrix) are not jointly designed with the storage parameters
(such as the storage size per node), a secure network coding
storage system may encounter the following issue. The
stored coded data size in the cloud database can be longer
than the original data size. This issue occurs when network
coded data are represented in the format of digits and is
called the overflow problem in this paper. It is notable that
the above works [2], [3], [4] on secure cloud storage will
face the overflow problem.
Table 1 is an illustrative example of the overflow problem
in the case of binary digits. A is the network encoding
matrix in Galois field GF(23 ) constructed with the primitive
polynomial P ðxÞ ¼ x3 þ x þ 1, bi ’s are the original data, and
ci ’s are the network-coded data, where i ¼ 1; 2; 3. Assume
that c1 ð0Þ and c3 ð101Þ are stored in the first database and
c2 ð11Þ is stored in the second database. In this example, the
bit length of ci is larger than that of bi . We consider that the
number of bits required to represent a single codeword (i.e.,
code length) is fixed for all the coded data stored in the
same database. In this case, the code length used in a cloud
database is the maximum bit length of the stored network-
coded data. Hence, it requires three bits code length to store
c1 and c3 and two bits code length to store c2 in the respec-
tive cloud databases. In principle, network coding should
not incur more bandwidth, i.e., encoded bit length should
be equal to the plaintext bit length. In this example, the bit
length of b is three, while the bit length of c is extended to
six. We call it the overflow problem in this paper.
In overflow problem, bandwidth expansion and redun-
dant computation occur if the data representation formats
of the original data and the coded data are mismatched.
This is mainly because the existing encoding process (e.g.,
splitting the original data) does not consider i) how to place
the coded data among multiple clouds and ii) the risk of
790 IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS,
Fig. 1. An illustrative example of network coding based secure cloud
storage systems.
being decoded by the eavesdropper. Clearly, the extended
coded data would waste storage space and degrade coding
efficiency.
To solve this overflow problem, we develop a systematic
design method to calculate the appropriate parameters of a
network-coded cloud storage system, such as the size of
encoding matrix. The key idea of the NCSS scheme is to
take dynamic-length alphabet representation of network
coded data. The original data are regrouped before the
encoding process. A complete encoding procedures and
data distribution scheme are jointly designed for secure
cloud storage. Our contributions are described as follows.
Formulate the overflow problem of a network-coded
cloud storage system. To our best knowledge, the
overflow problem for a network coding storage sys-
tem has not been investigated in the literature yet.
 Propose an overflow-avoidance network coding based
secure storage (NCSS) scheme.
 Analyze the minimum storage cost subject to differ-
ent security levels and derive the upper bound of the
amount of encoded data that can be stored in cloud
databases to achieve perfect secrecy.
 Provide the design guidelines for the appropriate
size of the encoding matrix so that the network cod-
ing process can be accelerated.
The rest of this paper is organized as follows. In Section 2,
we give a literature survey on the related works of network
coding storage systems. In Section 3, the overflow problem
of a network-coded cloud storage system is formulated. In
Section 4, we analyze the overflow problem. We present the
overflow-avoidance NCSS scheme in Section 5. In Sections 6
and 7, we analyze the security and storage performances
of the proposed scheme, respectively. Section 8 shows
the experimental results. Finally, we give our concluding
remarks in Section 9.
2 RELATED WORK
Network coding is a generalized store-and-forward net-
work routing principle. Messages from different source
VOL. 30, NO. 4, APRIL 2019
TABLE 1
An Illustrative Example of the Overflow
Problem in the Case of Binary Digits
A b c
2 3
1 1 1
41 2 35 ð1; 1; 0ÞT ð0; 3; 5ÞT =ð0; 11; 101ÞT
1 4 5
nodes are combined and regenerated at the intermediate
nodes according to algebraic encoding. In addition to
throughput enhancement [6], [7], [8], [9] and data robust-
ness [10], the other advantages of network coding are reli-
ability and security.
2.1 Network Coding for Data Recovery
Network coding can make data recovery process more
efficiently, especially in the distributed storage systems. In
contrast to erasure coding [11], the repaired data fragments
in network coding are mixed in the intermediate nodes.
Hence, network coding can recover data with smaller amount
of information communicated during a repair process. As
proved by [12], the data recovery problem of distributed stor-
age systems can be translated to the routing problem of multi-
casting networks. A new class of storage codes based on
network coding namely Regenerating Code was proposed in
[12]. For coding complexity reduction, the authors of [13] pro-
posed a low-complexity regenerating code using a new form
of coding matrix with a small field size.
As in the distributed storage systems, recent studies [14],
[15], [16] demonstrated the feasibility of storing coded data
to multiple clouds even with multiple node failures. The
authors of [14] applied network coding to optimize the reli-
ability performance of frequently accessed data in cloud
storage systems. To simplify the repair procedures, network
coding with network structure based on the general erasure
codes was shown to reduce the repair traffic significantly
[15]. A new type of regenerating code that can reconstruct
coded data from multiple failures in batches rather than
separately was proposed in [16].
2.2 Network Coding for Data Security
Network coding can prevent data from being eavesdropped
in a wiretap network where a wiretapper can access any
one of subsets of wiretap channels [17]. The goal of a secure
network coding scheme for a wiretap network is to ensure
a wiretapper obtains no information about the original
message, while all the legitimate receivers can decode the
message. A network coding system was built so that a wire-
tapper cannot obtain any information [18]. The construction
of a secure linear network code for a wiretap network was
presented in [19].
For network-coded distributed storage systems, the
secrecy capacity was used to quantify the secure storage
capacity [20], [21], [22], [23]. The secrecy capacity is defined
as the maximum amount of data that can be securely stored
under the perfect secrecy condition. Perfect secrecy means
that the eavesdropper cannot obtain any information of
source data. In other words, perfect secrecy requires that
CHEN AND WANG: AN OVERFLOW PROBLEM IN NETWORK CODING FOR SECURE CLOUD STORAGE
the entropy of the plaintext is equal to the conditional entropy
of the plaintext given the eavesdropped data. A network
coding scheme for approaching the storage upper bound
under the perfect secrecy was proposed in [20]. Different
secure regenerating codes to achieve perfect secrecy against
eavesdropping were reported in [21], [22], [23].
For secure storage over multiple clouds, the authors of
[4] proposed a security protection scheme to prevent eaves-
droppers from decoding any symbol. In [24], a link eaves-
dropping problem was investigated in a network-coded
cloud storage system in which transmission links between
the local datacenter and its remote backup site are eaves-
dropped. In the considered link eavesdropping problem,
the security level is defined as the probability that coded
data cannot be decoded correctly. In addition to eavesdrop-
ping attacks, some recent works [25], [26] investigated how
to detect when the coded data are modified.
2.3 Performance Issue of Network Coding
Two major challenges for designing a practical network
coding system include i) the computational cost of encoding
and decoding and ii) the storage cost of coded data. The
destination node can decode the received packet if and only
if the coefficient matrix of the packet is full rank. To
decrease the probability of receiving linearly dependent
packets, the coding parameters including the field size and
the encoding matrix size are assumed to be large. However,
larger value of coding parameters will lead to higher
computational cost [27]. In addition, to decode a received
codeword, the destination node requires the coding vector
which results in additional packet overhead. Especially, the
computation and storage costs would be severe for a huge
number of input packets [28].
To overcome the above issues, it is proposed to separate
a large file into a number of small chunks to which the net-
work coding is applied [29]. This design is also used in the
network coding storage system in which the information
bits are divided into groups (chunks) before encoding.
However, it is still an open issue to jointly optimize the
design of chunked network codes and chunk transmission
scheme [30].
2.4 Objective of This Paper
In this paper, we focus on the performance issue of network
coding when applying network coding in multiple untru-
sted clouds. The objective of this work is to develop a sys-
tematic design methodology of a network-coded cloud
storage system. Similar methodology for the joint coding
and placement problem can be found in [31], [32], [33], [34].
The authors of [31] considered the relations among the
clouds during the encoding process and proposed an
encoding-aware data placement scheme to achieve through-
put gains of encoding operations. An adaptive network cod-
ing storage scheme was proposed in [32]. The encoding
strategy is adjusted according to the transmission condi-
tions (e.g., packet loss rate). However, the storage cost of the
coded data is not considered. In [33], the authors proposed
to encode chunks using binary addition and bitwise cyclic
shift in order to reduce encoding complexity. It is shown
that the optimal tradeoff between storage capacity and
791
repair bandwidth can be achieved. The most relevant one to
our work is [34]. It investigated how to store data reliably in
multiple clouds and provided the optimal amount of data
to be stored in the clouds. The storage cost is shown to be
highly affected by the potential number of colluding cloud
databases. However, the number of colluding cloud data-
bases in [34] is assumed to be known, which is impractical
in many applications. Compared with these previous
works, our proposed methodology has the following unique
features.
 We investigate the overflow problem in chunked
network coding. Through analyses, we show that the
number of bits to represent a symbol is an important
factor related to the overflow problem.
 Different from the previous work [33] considering
binary operation, we extend the performance charac-
terization of chunked network codes using a general
finite field.
 The encoding process and the data placement are
jointly designed in the proposed network coding
framework in consideration of the storage cost as well
as security requirements. Extending [34], we consider
a probabilistic security model of a network-coded
cloud storage system. Our results provide a compre-
hensive understanding for finding the best combina-
tion of coding and storage parameters.
3 SYSTEM MODEL AND PROBLEM SETUP
Now we discuss the coding scheme and define the overflow
problem.
3.1 System Model for NCSS
Consider the original base-d data vector b ¼ ðb1 ; . . . ; bn ÞT ,
where elements bi are independent discrete uniformly dis-
tributed integers over f0; . . . ; d  1g. To securely store b to
multiple cloud databases, network coding scheme that enc-
odes symbols by linear transformation is considered in this
paper [4].
Let an n  n Vandermonde matrix A be the encoding

matrix, where Ai;j ¼ ðai1 j Þ and ai are distinct nonzero ele-
ments over a finite field Fq for q ¼ 2k > n. Then a cloud
user encodes data c ¼ ðc1 ; . . . ; cn ÞT ¼ Ab and splits the
encoded data into p segments. It is assumed that the cloud
user can arbitrarily store any piece of the encoded data to
any cloud database. Let ~ci ði ¼ 1; . . . ; pÞ be the encoded data
vector stored in the ith cloud database. A legitimate user
can collect ~ci from the cloud databases and obtain the origi-
nal data by performing A1 c.
We consider the security threat from an eavesdropper
having infinite computing power and the knowledge of
encoding matrix, but access less than half of the cloud data-
bases [4]. The objective of the eavesdropper is to guess the
original data. The considered cloud storage system can sup-
port different security levels in different databases [35].
Define Pei as the probability that the ith cloud database is
compromised. Also, the cloud user specifies a security
requirement Pu , which represents the maximum probability
that an eavesdropper can guess the original data. Next, we
will show the overflow problem when distributing encoded
symbols to multiple cloud databases.
792 IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS, VOL. 30, NO. 4, APRIL 2019

TABLE 2
Example of the Definitions for Overflow Problem

A b c ~
c1 ¼ ðc1 ; c3 Þ ~
c2 ¼ ðc2 Þ strictly non-overflow 3-bounded non-overflow
2 3
1 1 1
Case1 41 2 35 ð1; 0; 0ÞT ð1; 1; 1ÞT ð1; 1Þ ð1Þ Yes Yes
1 4 5
2 3
1 1 1
Case2 41 2 35 ð1; 1; 0ÞT ð0; 11; 101ÞT ð0; 101Þ ð11Þ No Yes
1 4 5

3.2 Overflow Problem Theorem 1. Let si be the number of digits in the base-d plaintext
Although network coding scheme can prevent eavesdrop- bi and 2k be the Galois field size of encoding matrix A. Then,
pers from obtaining the information of the original data [1], the NCSS system is strictly non-overflow if si ¼ s ¼ logk d.
2
the length of encoded data in digital format may become k
larger than the length of the original data. This phenomenon Proof. First, we assume that si < log 2 d. Then, we have
is called overflow in this paper and is formally defined as k
follows. ¼ k log d 2 ¼ log d 2k : (1)
log 2 d
Definition 1 (Strictly Non-overflow). Let ld ðaÞ be the num-
Because the coding process deals with integers, we have
ber of digits that represents a in base d. A piece of encoded
si  log d ð2k  1Þ. Since ci is distributed over f0; . . . ;
data c ¼ ðc1 ; . . . ; cn ÞT is strictly non-overflow if and only if
2k  1g, the maximum number of digits used to represent
ld ðci Þ  ld ðbi Þ for each i. Note that the length of the encoded
an encoded element is ld ðci Þmax ¼ log d ð2k  1Þ. Further-
data is equal to that of the plaintext for a strictly non-overflow
more, the number of digits in bi can be represented as
encoding process.
ld ðbi Þ. Thus, we have
Definition 2 (a-bounded Non-overflow). Let j~ci j denote
the number of elements in ~ci . A piece of encoded data c ¼ si ¼ ld ðbi Þ  log d ð2k  1Þ ¼ ld ðci Þmax : (2)
ðc1 ; . . . ; cn ÞT is a-bounded Non-overflow if and only if
As a result, the length of encoded data can be larger than
the length of the original data, and the overflow problem
X
j~ci j
ld ðcj Þ  j~ci jald ðbi Þ; occurs.
j¼1 Second, we assume that si > logk d. We take exponentia-
2 k
tion with base d on both sides and we have dsi > dlog d 2 ¼ 2k
for 1  i  p.
TABLE 3
Assume the encoded data are stored in cloud databases Notations in this Paper
randomly. The increasing cost of storage or computation
resources can be measured by the extension degree a ¼ lld ðc iÞ
. Notations Descriptions
d ðbi Þ
Table 2 shows an example for the two different overflow b Original data array
cases with d ¼ 2 and p ¼ 2. The extension degree is bounded d Base of bi
by 3 in case 2, compared to the strictly non-overflow case 1. ld ðaÞ Number of digits that represents a in base d
Note that all the coding operations in the example are per- A Encoding matrix
k Use Galois field size 2k for A
formed in Galois field GF(23 ), constructed with the primitive n Matrix size of A
polynomial P ðxÞ ¼ x3 þ x þ 1. Table 3 summarizes the nota- p Total number of cloud databases
tions used in this paper. c Encoded data vector
~
ci Encoded data vector
4 OVERFLOW-AVOIDANCE NCSS SYSTEM that stored in the ith cloud database
j~
ci j Number of elements in ~ ci
4.1 Overflow Analysis si Number of digits in bi
Now we analyze the conditions that cause the overflow b0 Regrouped data array
problem of a network-coded cloud storage system. Then we r Size of b0
Pei Probability of the ith
show how the overflow problem can be avoided by select-
cloud database being compromised
ing the proper data length in encoding process. We investi- Pg Probability that an eavesdropper
gate the conditions of distributing coded data for achieving can guess the original data
various security levels. Based on the above analysis, we Pu Security requirement: Maximum probability
describe the system design methods of the NCSS scheme. that an eavesdropper can guess the original data
The encoding parameters in NCSS is related to the over- l Amount of encoded data stored at
flow problem. To avoid the overflow problem, the encoding a local machine for every encoding operation
m Length of the original message
parameters can be designed according to the following a Number of encoding operations
Theorems.
CHEN AND WANG: AN OVERFLOW PROBLEM IN NETWORK CODING FOR SECURE CLOUD STORAGE 793

from (1). Since bi ¼ dsi contradicts the fact that the maxi-
mum value of bi is 2k  1, si ¼ s ¼ logk d. u
t
2

Theorem 2. The NCSS system is a-bounded non-overflow if

si  a1 log d ð2k  1Þ for every i.
Proof. Since si ¼ ld ðbi Þ and ld ðci Þmax ¼ log d ð2k  1Þ, we have

X
j~ci j
ld ðcj Þ  j~ci jlog d ð2k  1Þ
j¼1
1 (3)
¼ a  j~ci jlog d ð2k  1Þ
a
 aj~ci jsi
¼ aj~ci jld ðbi Þ:

u
t
Theorems 1 and 2 provide the criteria of selecting the
length of the plaintext. Next, we discuss the relation between
the security requirement and the amount of encoded stored
data.
Theorem 3. The NCSS system satisfies the security require-
ment Pu if
Fig. 2. System flow of the overflow-avoidance NCSS scheme.
X
j~ci j X
n
Pu
ld ð~
ci ðjÞÞ  ld ðct Þ þ log d ;
j¼1 t¼1
Pei The field size must be larger than the maximal value of the
data array element d  1. Otherwise, some data elements can-
for 1  i  p. not be represented in the field. After that, a proper length of
data elements si can be decided according to Theorems 1 and
Proof. Without loss of generality, we consider an eavesdrop-
2. This is called dynamic length alphabet representation. We
per that can access only one of the two cloud databases.
then regroup b to b0 ¼ ðb1 . . . bs1 ; bs1 þ1 . . . bs1 þs2 ; . . . ; bs^r1 þ1 . . . bs^r Þ
D P
Thus, the probability that an eavesdropper can guess the
original data (denoted by Pg ) is the product of the intru- based on the value of si , where s^r ¼ ri¼1 si . Next, we gener-
sion probability of the cloud database and the probability ate an n  n encoding matrix A with the following condition:
of guessing the remaining encoded digits. It follows that Condition 2.
P P 
n j~ci j n < 2k (6)
 l ðc Þ l ð~
c ðjÞÞ
t¼1 d t j¼1 d i
Pg ¼ Pei d
(4) and
 Pei dlog d Pu log d Pei
¼ Pu : n  r: (7)

4.2 Proposed Scheme
Now we present our proposed overflow-avoidance NCSS
scheme with the required security level Pu . Our proposed
scheme is executed in three steps. First, a dynamic-length
alphabet representation of network-coded data is adopted
based on Theorems 1 and 2. Second, the original data are
preprocessed and regrouped. Third, the regrouped data are
encoded and distributed to the distributedly located cloud
databases.
Fig. 2 shows the system flow of the proposed overflow-
avoidance NCSS scheme. Assume that a cloud user wants
to store a single-digit data array b ¼ ðb1 ; . . . ; bm ÞT with base
d to the p cloud databases. We first choose a power k for the
field characteristics according to the following condition:
Condition 1.
2k  d:
u
t Since matrix A is constructed from n distinct elements
over the Galois field, we have n < 2k . In addition, the
matrix multiplication cannot be operated if the size of
encoding matrix is larger than the size of regrouped
data array. We then encode b0 with A and obtain the
encoded data array c ¼ ðc1 ; . . . ; cn ÞT . Finally, c can be
regrouped to ~c by Theorem 3, which specifies the maxi-
mum amount of encoded data that can be stored in a
cloud database according to user’s security requirement.
Finally, the elements of ~c are distributed to the corre-
sponding p cloud databases.
Table 4 shows an example of the proposed overflow-
avoidance NCSS scheme in the strictly non-overflow case.
Assume that the original data are b ¼ ð0; 0; 1; 0; 1; 1; 1; 0; 1Þ
and the encoded data are stored to two cloud databases with
1
Pe1 ¼ 0:5, Pe2 ¼ 0:25, and Pu ¼ 64 . According to Theorem 1,
we have s ¼ 3. Hence, the original data are regrouped to
ð001; 011; 101Þ in the dynamic length alphabet representation
process. The resulting coded data is ð111; 011; 001Þ. Next,
(5) from Theorem 3, we can calculate the maximal numbers of
794 IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS, VOL. 30, NO. 4, APRIL 2019

TABLE 4
Example of Adopting Overflow-avoidance NCSS Scheme in Storing Encoded Data to Two Cloud Databases

b d k s b0 r n A c ~
c
2 3
1 1 1
ð0; 0; 1; 0; 1; 1; 1; 0; 1Þ 2 3 3 ð001; 011; 101Þ 3 3 41 2 35 ð111; 011; 001Þ ð1110; 11001Þ
1 4 5

digits that can be stored in the first and the second cloud
database are four and five, respectively. As a result, the
coded data stored in the first and the second cloud database
are 1110 and 11001, respectively.
5 SECURITY ANALYSIS
In this section, we analyze the proposed overflow-
avoidance NCSS scheme in terms of security level and stor-
age cost. First, we discuss the issue of enhancing security
level from a system design aspect. Then, we derive the
upper bound on data size that can be stored in the cloud
with unconditional security.
To begin with, from (4) we know that the lower bound of
the security requirement Pu is
P Pj~ci j
n
 l ðc Þ ld ð~
ci ðjÞÞ
t¼1 d t j¼1
Pei d
Since ld ðct Þ is proportional to the size of Galois field, a larger
encoding matrix size n and a large value of power k of the
field characteristics can result in higher security levels.
However, enlarging encoding parameters causes higher
coding complexity. Next, we show that the security level
can be enhanced to unconditional security level by storing
a certain amount of encoded data in the local machine.
In the considered NCSS with eavesdropper, unconditional
security is equivalent to perfect secrecy, which means that
the eavesdropper can get no information from the original
message [36].
Definition 3 (Perfect Secrecy Criterion [37]). Denote S as
the random variable associated with the secret data fragments
and E as the random variable associated with the encoded frag-
ments observed by the eavesdropper. The perfect secrecy requires
from the ith to the jth position of vector e. The set of rows
from the ith to the jth position of matrix D is represented
as Di:j . In addition, bi are independent random variables
uniformly distributed over Fq with entropy Hðbi Þ ¼ HðbÞ.
For simplicity, without loss of generality, assume that
t contiguous components of the encoded data cpþ1:pþt are
stored to the clouds. Then we can obtain
HðbðwÞ Þ
(9)
¼ HðbðwÞ jcpþ1:pþt Þ  HðbðwÞ jcÞ
¼ IðbðwÞ ; cÞ  IðbðwÞ ; cpþ1:pþt Þ
¼ HðcÞ  Hðcpþ1:pþt Þ  HðcjbðwÞ Þ þ Hðcpþ1:pþt jbðwÞ Þ
 HðcÞ  Hðcpþ1:pþt Þ:
 (10)
 Pu : (8) In the above equations, (9) holds because of the perfect
secrecy criterion and due to the fact that the secret infor-
mation can be reconstructed if the entire codewords are
given. In (10), we have Hðcpþ1:pþt jbðwÞ Þ  HðcjbðwÞ Þ  0
since
HðcjbðwÞ Þ  Hðcpþ1:pþt jbðwÞ Þ ¼ Hðcpþtþ1:n jbðwÞ ; cpþ1:pþt Þ:
Since bi are i.i.d random variables, it follows that
 
HðbðwÞ Þ ¼ H bqð1Þ ; bqð2Þ ; . . . ; bqðwÞ ¼ wHðbÞ; (11)
where qðjÞ is the jth element of a random integer
sequence ranged from 1 to n. Because the encoded data
vector c contains the entire information of b at most, we
can obtain
HðcÞ  nHðbÞ: (12)

HðSjEÞ ¼ HðSÞ;
Moreover, an n  n Vandermonde matrix A is non-
where H(X) represents the entropy of a random variable X. singular [5]. Thus, the eavesdropper can apply Gaussian
elimination to obtain the reduced row echelon form of
In the worst case, an eavesdropper can access the the submatrix S, whose elements are ½Si;j  ¼ ½Ai;j  for
encoded data of all the cloud databases. The following theo- p þ 1  i; j  p þ t. The Eavesdropper Reduced Matrix M
rem can be applied to specify the maximal amount of can be obtained as
encoded data fragments that can be stored in the cloud, 2 3
while keeping the rest of data in a local machine to ensure mp1 . . . j j . . . mpn
perfect secrecy. 6 .. .. . .. 7
Mpþ1:pþt ¼ 4 . . j It j .. . 5; (13)
pþt1 . . . j j pþt1
. . . mn
Theorem 4. Assume that w-digit secret information is encoded m1
with (n  w)-digit data b. For both strictly non-overflow and
a-bounded
P non-overflow schemes, a cloud user can store at where the other element of M are the same as A. Hence,
most nj¼1 ld ðcj Þ  w digits of encoded data to the cloud under the eavesdropper have t equations to solve n unknown
the perfect secrecy criterion. elements. It implies that
Proof. Let eðhÞ represent a subset containing any h compo- Hðcpþ1:pþt Þ ¼ tHðbÞ: (14)
nents of vector e. We denote ei:j as the subvector formed
CHEN AND WANG: AN OVERFLOW PROBLEM IN NETWORK CODING FOR SECURE CLOUD STORAGE
Fig. 3. An illustrative example of a user keeping a certain amount of
encoded data at the local site in order to enhance security protection.
Substituting (11), (14) and (12) into (10), we obtain
tHðbÞ  nHðbÞ  wHðbÞ:
The above equation shows that we can store at most the
n  w components of encoded data to the clouds under
perfect secrecy criterion. For the strictly non-overflow
scheme, we have only one digit in each P component of
encoded data. Thus, we can store at most nj¼1 ld ðcj Þ  w
digits of encoded data to the clouds, while keeping the
remaining w digits in the local machines. However, we
may have multiple digits in each component of encoded
~
data for a-bounded non-overflow scheme. Let eðhÞ repre-
sent a subset containing any w fragmentary components
of vector e. With at least n unknown digits, knowing cðwÞ~
cannot help solve b. As a result, it follows that
 
I cðwÞ
~
; b ¼ 0: (16)
Note that we still have t equations to solve n unknown
elements. That is,
Hðb ðwÞ
jcpþ1:pþt ; c ðwÞ
~
Þ ¼ Hðb ðwÞ
jcpþ1:pþt Þ:
Finally, we obtain
   
I cpþ1:pþt ; cðwÞ
~
; bðwÞ ¼ I cpþ1:pþt ; bðwÞ :
Consequently, we can select w digits of encoded data
from different w components, i.e., select one digit for
each component. These w-digit encoded data can be
stored
Pn in the local machines, while the remaining
j¼1 l d ðc j Þ  w digits are stored to the clouds. u
t
6 STORAGE ANALYSIS
We here analyze the amount of stored encoded data with
the security requirement in terms of the probability that
an eavesdropper can obtain the original data. This is
because only a certain amount of encoded data fragments
are stored in the local machines to enhance the security
level, as shown in the previous section. As the required
security level increases, the amount of encoded data
stored at the local site increases.
Let a cloud user keep the length-l encoded data in each
encoding operation and store the remaining encoded data
to p cloud databases as shown in Fig. 3. We assume all the
795
Fig. 4. Optimal parameter setting for encoding matrix size versus mes-
sage length under different Galois field sizes 2k .
(15) cloud databases have the same probability of being compro-
mised (i.e., Pei ¼ Pe ) and the security requirement is Pu ,
which specifies the maximum probability that an eaves-
dropper can guess the original message. In addition to the
encoded data, the encoding matrix is stored at the local site.
Let m and a be the length of the original message and the
number of encoding operations, respectively. In addition to
the encoded data, the user needs to keep the encoding
matrix for decoding. In case of strictly non-overflow storage,
the storage cost at the local site is the function of encoding
matrix size n and the amount of stored encoded data l. As a
result, the storage space used to store the encoded data and
the encoding matrix at the local site is
fðn; lÞ ¼ n2 s þ al: (19)
Subject to the security requirement Pu , the storage cost mini-
mization problem can be expressed as
min fðn; lÞ (20a)
p al
(17) s.t. ð1  Pe Þ d 4 Pu (20b)
2 4n 42 k
(20c)
l 4n (20d)
(18) ans¼m (20e)
n; l 2 Zþ ; (20f)
where s is defined in Theorem 1. An eavesdropper can
guess the original message only if he/she can intrude all the
cloud databases and guess the encoded data in the local
machine. It is observed that the optimization problem is
nonconvex even if we relax the noncovex constraints
n; l 2 Zþ . The complete algorithm for solving this optimiza-
tion problem is given in Appendix.
Fig. 4 shows the optimal parameter setting for encoding
matrix size n versus the original message length m for d ¼ 2,
Pe ¼ 0:5, p ¼ 3, and Pu ¼ 106 . As the message length
increases, the size of the encoding matrix increases. A smaller
encoding matrix size is preferred if Galois field size is large.
Due to the integer constraints in the optimization problem,
the encoding matrix size increases in a step-like function.
Fig. 5 shows the storage cost fðn; lÞ versus message
length m for d ¼ 2, Pe ¼ 0:5, and p ¼ 3. Intuitively, we need
more storage for lower Pu . However, the storage cost with
796 IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS,
Fig. 5. Storage cost versus message length for different Galois field
sizes 2k and security requirement Pu .
various Pu are the same when m exceeds a certain threshold.
This is because the considered system is in the case of lower
bound cost (i.e., l ¼ 1). Noteworthily, a larger k can yield a
smaller lower bound when m > 1000. In general, k 2 ½8; 16
[38]. For m < 1000, it is suggested that k ¼ 8; otherwise,
k ¼ 16.
The amount of stored encoded data l is another impor-
tant design parameter for the proposed NCSS. In practice,
the NCSS system with large l requires a large memory to
store all the coding coefficients. Fig. 6 shows the required l
under different Pu . To achieve a higher security require-
ment, the user needs to store more encoded data in the local
site. In addition, l can be reduced up to 80 percent if a large
file is encoded. It is observed that the file size plays a bigger
role in determining l compared to the Galois field size.
Noth that we consider a secure network coding system
with no redundancy as in [1], i.e., n input symbols are
encoded to n coded symbols, and we need all the n coded
symbols to recover the data. As shown in [12], network
coding can achieve optimal storage-bandwidth tradeoff in
erasure coded-distributed storage systems. The proposed
scheme can be applied to those with redundancy, such as
erasure codes [31] and regenerating codes [33]. In these
cases, n input symbols are encoded to n þ z coded symbols,
where the amount of redundancy z depends on the required
Fig. 6. The amount of stored encoded data l versus security requirement
Pu for different message lengths m.
VOL. 30, NO. 4, APRIL 2019
TABLE 5
Parameter Setting
Parameter Value
Original file size 2 MB
Base of bi (d) 2
Galois field size (k) 8 to 16
Number of cloud databases (p) 2 or 3
Probability of the cloud databases 0.5
being compromised (Pe )
Security requirement (Pu ) 106
reliability level. This can be achieved by using a ðn þ zÞ  n
coding matrix A in the proposed network coding scheme.
7 EXPERIMENTAL RESULTS
Since the encoding process is performed at local machines,
processing delay may be the performance bottlenecks.
Thus, it is of importance to investigate the impacts of the
system design parameters of a secure network coding
scheme on its delay performance. To implement the user
application and cloud storage, we develop the coding layer
and storage layer of NCSS. Each original file is associated
with the metadata which includes the coding information
(e.g., encoding coefficients). The goal of our experiments is
to explore the encoding performance of the proposed NCSS
in terms of the file encoding time and the storage cost. Our
experiments are conducted on a commodity computer with
an Intel Core i5 processor running at 2.4 GHz, 8 GB of
RAM, and a 5,400 RPM Hitachi 500 GB Serial ATA drive
with an 8 MB buffer. Table 5 shows the parameters setting
for experiments. Note that, in our setting, different cloud
databases are geographically separated. Hence, the pre-
sented results are equivalent to those with p clouds, each
having numerous databases.
We begin by estimating the cost of basic field operation.
Fig. 7 shows the multiplication processing time of the net-
work coding storage system with different sizes of Galois
field. Although the complexity for the network coding is
Oðn2 Þ modular multiplication, we find that the field size
only affects the processing time slightly, which supports
our design methodology of selecting k. Specifically, it
Fig. 7. Processing time versus the multiplication times for different
Galois fields 2k .
CHEN AND WANG: AN OVERFLOW PROBLEM IN NETWORK CODING FOR SECURE CLOUD STORAGE 797

Fig. 9. Comparison of processing time between the strictly non-overflow

Fig. 8. Comparison of processing time between the strictly non-overflow and the a-bounded non-overflow schemes versus power of Galois field
and the a-bounded non-overflow schemes versus matrix size n with p ¼ 2. characteristic k with p ¼ 2.

indicates that the security level can be enhanced signifi- optimal encoding and storage parameters was provided to
cantly by selecting an appropriate value of k at a small solve the overflow problem and minimize the storage cost.
computational cost. Furthermore, we derived an analytical upper bound on the
To evaluate the computational efficiency of the proposed maximal allowable stored data in the cloud nodes under per-
NCSS scheme, we conduct an encoding test using the pro- fect secrecy criterion. We demonstrated that encoding effi-
posed network coding scheme. Fig. 8 shows the processing ciency in terms of processing time can be improved by
time between the strictly non-overflow and the a-bounded jointly designing the encoding and the storage system
non-overflow schemes for 2 MB file with p ¼ 2, where parameters. More importantly, we suggested the design
a ¼ 5. The processing time is longer for a smaller n or k guidelines for NCSS to optimize the performance tradeoff
since the numbers of encoding times increase. As a result, among security requirement, storage cost per node, and
the system spends more time in I/O operations and fetching encoding processing time. This work can be extended to
data between the kernel and user [10]. Compared to the incorporate user budgets and file recovery, which is an inter-
strictly non-overflow scheme, the a-bounded non-overflow esting topic to study further in the future.
scheme requires more computation cost. The a-bounded
non-overflow scheme costs more than 11 times and 22 times APPENDIX
of the processing time than that of the strictly non-overflow
scheme when k ¼ 16 and 8, respectively. Finally, the best Here we first show that the original storage cost minimiza-
performance is achieved when n > 100 for both non- tion (20) is not convex even when the integer constraint is
overflow schemes. Because increasing n results in a larger relaxed. Then we give the algorithm for solving the optimi-
cost than increasing k, we suggest adjusting k to meet the zation problem by minimizing over separated variables.
security requirements under the condition n ¼ 100. Theorem 5. The objective function of the original storage cost
Fig. 9 compares the processing time of the strictly non- minimization (20) is not convex.
overflow and the a-bounded non-overflow schemes versus
the power of Galois field characteristic k. In the figure, the Proof. We consider the case of strictly non-overflow
strictly non-overflow scheme is preferable to the a-bounded scheme. Substituting si ¼ s ¼ logk d into (20), the original
2
non-overflow scheme. Noteworthily, k negligibly affects the storage cost minimization is equivalent to
processing time of the strictly non-overflow scheme, but do
impact the processing time of the a-bounded non-overflow k mlog 2 d 1
min fðn; lÞ ¼ n2 þ n l (21a)
scheme. log 2 d k
We note that it is shown in [33] that k ¼ 8 is preferred k Pu
s.t.  log d n 4l 4n (21b)
from the viewpoint of low computational cost in the case of mlog 2 d ð1  Pc Þp
m ¼ 4 KB with no eavesdropper. This is consistent to our
observation from Figs. 4 and 8. On the other hand, if storage 2 4 n 4 2k (21c)
cost is the primary concern, k ¼ 16 is recommended based
n; l 2 Zþ : (21d)
on our results.

Then we prove Theorem 5 by showing that the

8 CONCLUSIONS Hessian matrix of the objective function is not positive
In this paper, we investigated the overflow problem in a net- semidefinite. The Hessian matrix of fðn; lÞ is
work coding cloud storage system. The overflow problem 
causes more storage spaces and increases encoding time. We 2a þ 2bln3 bn2
HðfÞ ¼ ; (22)
developed the overflow-avoidance network coding based bn2 0
secure storage scheme. A systematic approach for the
798 IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS, VOL. 30, NO. 4, APRIL 2019

where a ¼ logk d > 0 and b ¼ mlog

k
2d
> 0. Then, we solve [8] D. Zeng, S. Guo, Y. Xiang, and H. Jin, “On the throughput of two-
2 way relay networks using network coding,” IEEE Trans. Parallel
the characteristic equation Distrib. Syst., vol. 25, no. 1, pp. 191–199, Jan. 2014.
[9] Y. Wu and S.-Y. Kung, “Distributed utility maximization for net-
detðHðfÞ  IÞ ¼ 2  ð2a þ 2bln3 Þ  b2 n4 ¼ 0: work coding based multicasting: A shortest path approach,” IEEE
J. Sel. Areas Commun., vol. 24, no. 8, pp. 1475–1488, Aug. 2006.
We can obtain [10] C. Fragouli and J. L. Boudec, “Network coding: An instant
primer,” ACM SIGCOMM Comput., vol. 36, no. 1, pp. 63–68,
qffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffi Aug. 2006.
[11] Y. Hu, H. Chen, P. Lee, and Y. Tang, “NCCloud: Applying
2a þ 2bln3 ð2a þ 2bln3 Þ2 + 4b2 n4
¼ : (23) network coding for the storage repair in a cloud-of-clouds,” in
2 Proc. 10th USENIX Conf. File Storage Technol., 2012, pp. 21–21.
[12] A. Dimakis, P. Godfrey, Y. Wu, M. Wainwright, and K. Ramchan-
dran, “Network coding for distributed storage systems,” IEEE
Since the eigenvalues of HðfÞ is not all positive, HðfÞ is
Trans. Inf. Theory, vol. 56, no. 9, pp. 4539–4551, Sep. 2010.
not positive semidefinite. Thus f is not convex. t
u [13] S.-J. Lin and W.-H. Chung, “Novel repair-by-transfer codes and
systematic exact-MBR codes with lower complexities and smaller
Now we can solve the equivalent optimization problem field sizes,” IEEE Trans. Parallel Distrib. Syst., vol. 25, no. 12,
(21) by minimizing over separated variables. Define pp. 3232–3241, Dec. 2014.
[14] Y. Lu, J. Hao, X.-J. Liu, and S.-T. Xia, “Network coding for data-
f ðn; lÞ , minn2B;l2A f and l , arg minl2A fðn; lÞ, where A ¼ retrieving in cloud storage systems,” in Proc. Int. Symp. Netw.
fxjx 2 Zþ ; mlog
nk Pu
log d ð1PcÞ
p 4 x < ng and B ¼ fxjx 2 Z ;
þ
Coding, 2015, pp. 51–55.
2d
2 4 x < 2k g. We first minimize over n [15] H. Zhang, H. Li, and S.-Y. Li, “Repair tree: Fast repair for single
failure in erasure-coded distributed storage systems,” IEEE Trans.
Parallel Distrib. Syst., vol. 28, no. 6, pp. 1728–1739, Jun. 2017.
f ðn; lÞ ¼ minfxjx ¼ min fðn; lÞg: [16] J. Li and B. Li, “Beehive: Erasure codes for fixing multiple failures
n2B l2A
in distributed storage systems,” IEEE Trans. Parallel Distrib. Syst.,
vol. 28, no. 5, pp. 1257–1270, May 2017.
Since minl2A fðn; lÞ is a linear function with one variable in [17] L. Ozarow and A. Wyner, “Wire-tap channel II,” in Proc.
EUROCRYPT 84 Workshop Advances Cryptology, 1985, pp. 33–50.
Z1þþ for fixed n and the coefficient is positive, we obtain [18] N. Cai and R. Yeung, “Secure network coding,” in Proc. IEEE Int.
Symp. Inf. Theory, 2002, Art. no. 323.
nk Pu [19] N. Cai and R. W. Yeung, “Secure network coding on a wiretap
l ¼ minfAg ¼ log d : network,” IEEE Trans. Inf. Theory, vol. 57, no. 1, pp. 424–435,
mlog 2 d ð1  Pc Þp Jan. 2011.
[20] A. S. Rawat, N. Silberstein, O. O. Koyluoglu, and S. Vishwanath,
As a result, we can solve the optimization problem itera- “Secure distributed storage systems: Local repair with minimum
bandwidth regeneration,” in Proc. Int. Symp. Commun. Control
tively as: Signal Process., 2014, pp. 5–8.
[21] R. Tandon, S. Amuru, T. C. Clancy, and R. M. Buehrer,
 Step 0: Initiate C ¼ ; and B ¼ fxjx 2 Zþ ; 2 4 x < 2k g. “Toward optimal secure distributed storage systems with exact
nk Pu repair,” IEEE Trans. Inf. Theory, vol. 62, no. 6, pp. 3477–3492,
 Step 1: Select n 2 B and set l ¼ dmlog log d ð1PcÞ
p e.
2d Jun. 2016.
 Step 2: Calculate c ¼ fðn; lÞ.
 Step 3: Set C ¼ C [ fcg and B ¼ B  fng. [22] A. Agarwal and A. Mazumdar, “Security in locally repairable
storage,” IEEE Trans. Inf. Theory, vol. 62, no. 11, pp. 6204–6217,
 Step 4: Iterate 1 to 4 until B ¼ ;. Nov. 2016.
 Step 5: Obtain f ðn; lÞ ¼ minfCg. [23] K. Huang, U. Parampalli, and M. Xian, “On secrecy capacity of
minimum storage regenerating codes,” IEEE Trans. Inf. Theory,
ACKNOWLEDGMENTS vol. 63, no. 3, pp. 1510–1524, Mar. 2017.
[24] Y.-J. Chen, L.-C. Wang, and C.-H. Liao, “Eavesdropping preven-
This paper is supported by Ministry of Science and Tech- tion for network coding encrypted cloud storage systems,” IEEE
nology, Taiwan, under the contract NSC 102-2221-E-009-0 Trans. Parallel Distrib. Syst., vol. 27, no. 8, pp. 2261–2273, Aug.
2016.
12-MY3. [25] H. C. Chen and P. P. Lee, “Enabling data integrity protection in
regenerating-coding-based cloud storage: Theory and implemen-
REFERENCES tation,” IEEE Trans. Parallel Distrib. Syst., vol. 25, no. 2, pp. 407–
416, Feb. 2014.
[1] P. F. Oliveira, L. Lima, T. T. V. Vinhoza, J. Barros, and M. Medard, [26] F. Chen, T. Xiang, Y. Yang, and S. S. Chow, “Secure cloud storage
“Trusted storage over untrusted networks,” in Proc. IEEE Global meets with secure network coding,” IEEE Trans. Comput., vol. 65,
Commun. Conf., 2010, pp. 1–5. no. 6, pp. 1936–1948, Jun. 2016.
[2] H. C. H. Chen, Y. Hu, P. P. C. Lee, and Y. Tang, “NCCloud: [27] P. Chau, T. D. Bui, Y. Lee, and J. Shin, “Efficient data upload-
A network-coding-based storage system in a cloud-of-clouds,” ing based on network coding in LTE-Advanced heterogeneous
IEEE Trans. Comput., vol. 63, no. 1, pp. 31–44, Jan. 2014. networks,” in Proc. IEEE Int. Conf. Advanced Commun. Technol.,
[3] F. Chen, T. Xiang, Y. Yang, and S. S. M. Chow, “Secure cloud 2017, pp. 252–257.
storage meets with secure network coding,” IEEE Trans. Comput., [28] S. Wunderlich, J. A. Cabrera, F. H. P. Fitzek, and M. Reisslein,
vol. 65, no. 6, pp. 1936–1948, Jun. 2016. “Network coding in heterogeneous multicore IoT nodes with
[4] P. F. Oliveira, L. Lima, T. T. Vinhoza, J. Barros, and M. Medard, DAG scheduling of parallel matrix block operations,” IEEE Inter-
“Coding for trusted storage in untrusted networks,” IEEE Trans. net Things J., vol. 4, no. 4, pp. 917–933, Aug. 2017.
Inf. Forensics Secur., vol. 7, no. 6, pp. 1890–1899, Dec. 2012. [29] S. Yang and R. W. Yeung, “Batched sparse codes,” IEEE Trans. Inf.
[5] A. Klinger, “The Vandermonde matrix,” Amer. Math. Monthly, vol. Theory, vol. 60, no. 9, pp. 5322–5346, Sep. 2014.
74, no. 5, pp. 571–574, 1967. [30] B. Tang and S. Yang, “An LDPC approach for chunked network
[6] P. Li, S. Guo, S. Yu, and A. V. Vasilakos, “Reliable multicast codes,” IEEE/ACM Trans. Netw., vol. 26, no. 1, pp. 605–617,
with pipelined network coding using opportunistic feeding and Feb. 2018.
routing,” IEEE Trans. Parallel Distrib. Syst., vol. 25, no. 12, [31] R. Li, Y. Hu, and P. P. Lee, “Enabling efficient and reliable transi-
pp. 3264–3273, Dec. 2014. tion from replication to erasure coding for clustered file systems,”
[7] W. Qiao, J. Li, and J. Ren, “An efficient error-detection and error- IEEE Trans. Parallel Distrib. Syst., vol. 28, no. 9, pp. 2500–2513,
correction scheme for network coding,” in Proc. IEEE Global Sep. 2017.
Telecommun. Conf., 2011, pp. 1–5.
CHEN AND WANG: AN OVERFLOW PROBLEM IN NETWORK CODING FOR SECURE CLOUD STORAGE
[32] J. Li, Y. Liu, Z. Zhang, J. Ren, and N. Zhao, “Towards green
IoT networking: Performance optimization of network coding
based communication and reliable storage,” IEEE Access, vol. 5,
pp. 8780–8791, 2017.
[33] H. Hou, K. W. Shum, M. Chen, and H. Li, “BASIC codes: Low-
complexity regenerating codes for distributed storage systems,”
IEEE Trans. Inf. Theory, vol. 62, no. 6, pp. 3053–3069, Jun. 2016.
[34] P. Hu, C. W. Sung, S.-W. Ho, and T. H. Chan, “Optimal coding
and allocation for perfect secrecy in multiple clouds,” IEEE Trans.
Inf. Forensics Secur., vol. 11, no. 2, pp. 388–399, Feb. 2016.
[35] M. Barua, X. Liang, R. Lu, and X. Shen, “ESPAC: Enabling security
and patient-centric access control for eHealth in cloud comp-
uting,” Int. J. Secur. Netw., vol. 6, no. 2, pp. 67–76, 2011.
[36] D. Chen, N. Zhang, R. Lu, X. Fang, K. Zhang, Z. Qin, and X. Shen,
“An LDPC code based physical layer message authentication
scheme with prefect security,” IEEE J. Sel. Areas Commun., vol. 36,
no. 4, pp. 748–761, 2018.
[37] J. L. Massey, “An introduction to contemporary cryptology,” Proc.
IEEE, vol. 76, no. 5, pp. 533–549, May 1988.
[38] G. Angelopoulos, M. Medard, and A. P. Chandrakasan, “Energy-
aware hardware implementation of network coding,” in Proc. Int.
Conf. Res. Netw., 2011, pp. 137–144.
Yu-Jia Chen received the BS degree and PhD
degree in electrical engineering from National
Chiao Tung University, Taiwan, in 2010 and 2015,
respectively. He is currently a postdoctoral fellow in
National Chiao Tung University. His research inter-
ests include network coding for secure storage
in cloud datacenters, software defined networks
(SDN), and 5G cellular network. He has published
22 conference papers and 6 journal papers. He is
holding three US patent and three ROC patent. He
is a member of the IEEE.
799
Li-Chun Wang (M’96-SM’06-F’11) received the
BS degree from National Chiao Tung University,
Taiwan, R.O.C., in 1986, the MS degree from
National Taiwan University, in 1988, and the MsSci
and PhD degrees from the Georgia Institute of
Technology, Atlanta, in 1995, and 1996, respec-
tively, all in electrical engineering. From 1990
to 1992, he was with the Telecommunications Lab-
oratories of Chunghwa Telecom Co. In 1995, he
was affiliated with Bell Northern Research of
Northern Telecom, Inc., Richardson, TX. From
1996 to 2000, he was with AT&T Laboratories, where he was a senior tech-
nical staff member in the Wireless Communications Research Depart-
ment. Since August 2000, he has joined the Department of Electrical and
Computer Engineering of National Chiao Tung University in Taiwan and is
the current chairman of the same department. His current research inter-
ests are in the areas of radio resource management and cross-layer
optimization techniques for wireless systems, heterogeneous wireless net-
work design, and cloud computing for mobile applications. He won the Dis-
tinguished Research Award of National Science Council, Taiwan in 2012,
and was elected to the IEEE fellow grade in 2011 for his contributions to
cellular architectures and radio resource management in wireless net-
works. He was a co-recipient(with Gordon L. Stuber and Chin-Tau Lea)
of the 1997 IEEE Jack Neubauer Best Paper Award for his paper
“Architecture Design, Frequency Planning, and Performance Analysis for
a Microcell/Macrocell Overlaying System,” IEEE Transactions on Vehicu-
lar Technology, vol. 46, no. 4, pp. 836-848, 1997. He has published more
than 200 journal and international conference papers. He served as an
associate editor for the IEEE Trans. on Wireless Communications from
2001 to 2005, the guest editor of Special Issue on ”Mobile Computing and
Networking” for the IEEE Journal on Selected Areas in Communications in
2005, ”Radio Resource Management and Protocol Engineering in Future
Broadband Networks” for the IEEE Wireless Communications Magazine
in 2006, and ”Networking Challenges in Cloud Computing Systems
and Applications,” for the IEEE Journal on Selected Areas in Communi-
cations in 2013, respectively. He is holding 10 US patents. He is a fellow of
the IEEE.
" For more information on this or any other computing topic,
please visit our Digital Library at www.computer.org/publications/dlib.